The URL can be used to link to this page

Home My WebLink AboutContract 63933Docusign Envelope ID: 707A5987-11 FE-4A63-910E-3AB7C39C32F5 CSC No. 63933 Agreement for Access to Electronic Medical Record System between Tarrant County Hospital District d/b/a JPS Health Network and the City of Fort Worth THIS AGREEMENT for Access to Electronic Medical Record System ("Agreement") is entered into between Tarrant County Hospital District d/b/a JPS Health Network ("District"), a unit of local government and more specifically a county hospital district created and operating under Chapter 281 of the Texas Health and Safety Code, and the City of Fort Worth, a unit of local government ("Outside Entity"). The District and Outside Entity may be referred to individually as a "Party" to this Agreement and they may be referred to collectively as the "Parties" to this Agreement. WHEREAS, District utilizes certain systems which allow users to remotely access patient electronic health records (the "System") among the District, other health care providers affiliated with District, physicians and physician practices with medical staff privileges at the District hospitals or another health care provider and other providers of health care items and services in and around Tarrant County, Texas; WHEREAS, the System will allow Authorized Users (defined below) of Outside Entity to view and retrieve the electronic health records ("EHR") of their patients for the purpose of treatment, payment, and certain health care operations to the extent permitted without authorization by the Administrative Simplification subtitle of the Health Insurance Portability and Accountability Act of 1996, and the rules and regulations promulgated thereunder, as may be amended from time to time (collectively, "HIPAA"), and further subject to the Recovery and Reinvestment Act of 2009 ("ARRA"), including its provisions commonly known as the Health Information Technology for Economic and Clinical Act ("HITECH Act") and rules and regulations promulgated thereunder, as may be amended from time to time; WHEREAS, District believes that the use of EHR technology by Outside Entity would substantially improve the quality of health care provided in and around Tarrant County, Texas and would therefore like to allow access to the System by Outside Entity, subject to the restrictions and other requirements set forth in this Agreement; WHEREAS, Outside Entity provides professional or other medical services to District patients, but does not have a contract with District for access to EHR; WHEREAS, Outside Entity has agreed to use the System to improve the quality and efficiency of the medical services Outside Entity provides to District patients; and NOW, THEREFORE, in consideration of the premises, the mutual agreements and covenants herein contained, and other good and valuable consideration, the receipt and sufficiency of which is hereby acknowledged, the parties hereto do hereby agree as follows: 1. Term. This Agreement is effective on the date of last signature, and shall continue thereafter from year to year unless earlier terminated by either Party in accordance with the Agreement. EpicCare Link Access Agreement Page 1 of 9 Docusign Envelope ID: 707A5987-11 FE-4A63-910E-3AB7C39C32F5 2. System Access. A. Subject to the terms and conditions of this Agreement, District hereby grants Outside Entity non -transferable and non-exclusive access to the System to Outside Entity's medical, administrative and clinical staff who are otherwise permitted under state and federal law to access the protected health information ("PHI") of District patients (collectively "Authorized Users"), to electronically access and use the System solely for storing, processing and displaying medical records and other information, images and content related to the provision of healthcare to District patients who are patients of such Medical Providers (the "System License"). Outside Entity understands and warrants that such access and use shall be limited to that achieved through unique access codes provided to each individual Authorized User by District, and that each Authorized User shall be prohibited from using another Authorized User's access code to access and/or use the System. Outside Entity further acknowledges and understands and acknowledges that District may terminate individual Authorized Users' access and/or the entire System License at any time for any reason without penalty, regardless of any effect such termination may have on Outside Entity's operations. B. Outside Entity acknowledges and agrees that any hardware, software, network access or other components necessary for Outside Entity to access and use the System must be obtained separately by Outside Entity. District shall not be responsible for the procurement, installation or maintenance of any necessary components, and District makes no representations or warranties regarding the components whatsoever. Any fees for the components shall be borne by Outside Entity and paid directly to the suppliers of the components. 3. Use or Disclosure of Protected Health Information. A. Outside Entity shall not use or disclose PHI received from District in any manner that would constitute a violation of federal or state law including, but not limited to, Texas Health and Safety Code Ch. 181, HIPAA and HITECH. Outside Entity shall ensure that its directors, officers, employees, contractors, and agents use or disclose PHI received from, or created or received on behalf of District only in accordance with the provisions of this Agreement and federal and state law. Outside Entity shall not disclose PHI in any manner other than as permitted by this Agreement. Outside Entity further agrees that all information accessed through the System will be maintained in the strictest confidentiality and in the same manner as Outside Entity safeguards the confidentiality of other patient care records, or as required by state and federal law. B. Outside Entity agrees to implement and utilize the System and shall provide District with access to a patient's EHR that are created, maintained, transmitted, or received using the System when such patient is also a patient of District solely for the purposes of treatment, payment, or health care operations to the extent permitted without patient authorization by HIPAA. Outside Entity shall use the System in accordance with any network security policies issued by District from time to time. C. District and Outside Entity shall comply in all material respects with the standards for privacy of individually identifiable health information of the Administrative Simplification subtitle of HIPAA. District and Outside Entity recognize their status as "covered entities" EpicCare Link Access Agreement Page 2 of 9 Docusign Envelope ID: 707A5987-11 FE-4A63-910E-3AB7C39C32F5 under HIPAA and agree to carry out their responsibilities under this Agreement in accordance with such status. 4. Process for Requesting System Access. A. Outside Entity shall provide District with the name and direct contact information for its Privacy Officer, and shall notify District of any change in such contact person. Outside Entity shall also designate a liaison to coordinate user access (which person can also be the Privacy Officer). The liaison is responsible for managing the modification and termination for accounts that the Outside Entity is provided. Before access to the System, each Authorized User shall select "I ACCEPT" to the terms of the online confidentiality statement (the "Confidentiality Statement") in the form provided herein as Exhibit A, attached hereto and incorporated herein by reference, as that form may be amended from time to time. Outside Entity shall ensure that each Authorized User approved for access under this Agreement adheres to the requirements of this Agreement and the Confidentiality Statement. Each Authorized Individual shall also complete, in a form and in a manner to be determined by District, training regarding the requirements of HIPAA as they pertain to System access. B. For purposes of this Agreement, access to the System as Authorized Users shall be permitted only for such categories of employees of Outside Entity who have a reasonable need to access PHI of District patients for purposes of carrying out their duties to such patients. If any Authorized User is separated from employment or is no longer an agent of Outside Entity for any reason (including but not limited to termination or voluntary separation), or placed under administrative suspension or extended personal leave that would preclude access to any electronic systems (a "separation"), Outside Entity agrees to notify District of the separation AS SOON AS POSSIBLE but in no even later than twenty-four (24) hours after such separation occurs. Such initial notification shall be made to the District via email at ipscarelink(d,ipshealth.ora. Outside Entity shall also provide the written notice of such separation within three (3) business days of the separation as follows: Tarrant County Hospital District Attn: Chief Compliance Officer 1500 S. Main St. Fort Worth, TX 76104 With a copy to: Tarrant County Hospital District Attn: Chief Information Security Officer 1500 S. Main St. Fort Worth, TX 76104 C. Outside Entity further agrees, ON EACH ANNIVERSARY DATE OF THIS AGREEMENT, to validate that each of the Authorized Users continue to require access to the System and continue to be employees or agents of Outside Entity. 5. Safeguards Against Unauthorized Use or Disclosure of Information. Outside Entity agrees that it will implement appropriate administrative, technical, and physical safeguards to mitigate risks of unauthorized access, use or disclosure of electronic PHI as required under the EpicCare Link Access Agreement Page 3 of 9 Docusign Envelope ID: 707A5987-11 FE-4A63-910E-3AB7C39C32F5 HIPAA Security Rule. Outside Entity agrees to comply with all federal and state laws and regulations regarding privacy, security, and electronic exchange of health information, as currently enacted or amended in the future. 6. Data Ownership. Outside Entity acknowledges and agrees that District owns all rights, interests and title in and to its data and that such rights, interests and title shall remain vested in District at all times. Outside Entity shall not compile and/or distribute analyses to third parties utilizing any data received from, or created or received on behalf of District without express written permission from the District Compliance Officer (or designee). 7. Reporting of Unauthorized Use or Disclosure of PHI. A. Unauthorized Use or Disclosure. Outside Entity shall, within three (3) calendar days of becoming aware of an unauthorized use or disclosure of PHI by Outside Entity, its officers, directors, employees, contractors, agents or by a third party to which Outside Entity disclosed PHI, report any such disclosure to District in writing. Such notice shall be made to the following: Tarrant County Hospital District Attn: Chief Compliance Officer 1500 S. Main St. Fort Worth, TX 76104 B. Potential Data Security Breach. If at any time Outside Entity has reason to believe that PHI transmitted pursuant to this Agreement may have been accessed or disclosed without proper authorization and contrary to the terms of this Agreement, Outside Entity shall immediately give District notice and take actions to eliminate the cause of the breach and mitigate the damage caused. To the extent District deems warranted, in its sole discretion, District will provide notice or require Outside Entity to provide notice to individuals whose PHI may have been improperly accessed or disclosed. C. Compliance. District has the right, at Outside Entity's sole cost and expense, at any time, to monitor, audit, and review activities and methods in implementing this Agreement in order to assure compliance therewith, within the limits of Outside Entity's technical capabilities. 8. Third Party Access. Outside Entity shall obtain the written approval of District prior to allowing any agent or subcontractor access to PHI that is created or received on behalf of the District. In the event that District consents to such third -party access on a case -by -case basis, Outside Entity shall ensure that the agent or subcontractor agrees to be bound by the same restrictions, terms and conditions that apply to Outside Entity through this Agreement. Outside Entity shall require that any agent or subcontractor notify in writing Outside Entity of any instances in which PHI is used or disclosed in an unauthorized manner. Outside Entity shall cure the breach of confidentiality and end the violation or shall terminate the agency agreement or subcontract. 9. Availability of Books and Records. Outside Entity shall make its internal practices, books and records relating to the use and disclosure of PHI received from District, or created or received on behalf of District, available to the Secretary of the U.S. Department of Health and Human Services for purposes of determining District's and Outside Entity's EpicCare Link Access Agreement Page 4 of 9 Docusign Envelope ID: 707A5987-11 FE-4A63-910E-3AB7C39C32F5 compliance with the HIPAA standards. Outside Entity promptly shall provide to District a copy of any documentation that Outside Entity provides to the Secretary. 10. Audits; Investigations; Sanctions. District reserves the right to monitor, review and investigate (i.e. audit) reported and identified failures to comply with this Agreement and impose nonmonetary appropriate sanctions. Outside Entity shall cooperate fully with District's audit activities. Sanctions may include, but are not limited to, the termination of this Agreement, termination of Outside Entity's access, or termination of individual Authorized User's access. District reserves the right to report unprofessional conduct to appropriate licensing or other regulatory authorities. Outside Entity shall fully cooperate with District in order to adequately investigate complaints received involving the Outside Entity's employees or agents. Outside Entity shall have a sanctions policy, produce it upon request, and discipline their employees or agents for all breaches involving District PHI in accordance with the HIPAA Privacy Rule. Outside Entity understands that lack of strict adherence to this section, as determined by District in its sole discretion, allows District to immediately void this Agreement and all associated access privileges. 11. Immediate Termination. District may terminate Outside Entity's participation in this Agreement immediately without liability for such termination, in the event District determines, in its sole discretion, that Outside Entity, or Outside Entity's directors, officers, employees, contractors or agents have violated a material provision of this Agreement. 12. Indemnification. To the extent permitted by the Texas Constitution, laws, and rules, and without waiving any immunities or defenses available to Outside Entity as a governmental entity, Outside Entity agrees to indemnify and hold harmless District, its governing board, officers, employees and agents, from and against any and all claims, costs, losses, damages, liabilities, expenses, demands, and judgments, including litigation expenses and attorney's fees, which may arise from Outside Entity's performance under this Agreement or negligent acts or omissions of its subcontractors, agents, or employees, including, but not limited to, any penalties, claims or damages arising from or pertaining to a breach of this Agreement, or the violation of any state or federal law applicable to the use, disclosure or protection of PHI subject to this Agreement. Such indemnification shall include, but shall not be limited to: (a) the full cost of providing required notice of the security breach to individuals affected by the unauthorized acquisition and/or misuse of the District's PHI, including the costs to retain an outside consulting firm, vendor or outside attorneys to undertake the effort; (b) the full cost of providing required notice to government agencies, credit bureaus, and/or other required entities; (c) the cost of providing individuals affected by the unauthorized acquisition and/or misuse of the District's PHI with credit protection services designed to prevent fraud associated with identity theft crimes for a specific period not to exceed twelve (12) months, to the extent the misuse or disclosure of the affected individual's personal data could lead to a compromise of the data subject's credit or credit standing; (d) reasonable call center support for such affected individuals for a specific period not to exceed sixty (60) days; reasonable fees associated with computer forensics work required for security incident investigations, and (f) appealable fines or penalties assessed by governments or regulators for Outside Entity's failure to comply with its defined privacy and/or security obligations and directly attributable to Outside Entity's unauthorized disclosure or misuse. 13. Insurance. During the term of this Agreement, Outside Entity, at its sole cost and expense shall provide professional liability insurance which includes insurance for negligent EpicCare Link Access Agreement Page 5 of 9 Docusign Envelope ID: 707A5987-11 FE-4A63-910E-3AB7C39C32F5 and intentional breaches of patient privacy and security regulations in a type and amount sufficient to cover its obligations hereunder, but in any event no less than a minimum amount of $5,000,000 per occurrence and $10,000,000 in the aggregate. The above notwithstanding, Outside Entity is a unit of government and may elect to self -insure to satisfy the obligations of this provision pursuant to Chapter 2259 of the Texas Government Code, entitled "Self -Insurance by Governmental Units," and therefore is not required to purchase insurance. 14. No Offshore PHI. Without the prior written approval of District, Outside Entity shall neither (i) create, receive, maintain, or transmit District's PHI outside the geographic boundaries of the United States, nor (ii) provide, transmit, or allow access to District's PHI to any person or entity located outside the geographic boundaries of the United States, including employees, agents or other representatives of that person or entity. 15. Relief. Outside Entity agrees that the breach or threatened breach of this Agreement may cause irreparable harm to District and/or individuals, that District may not have an adequate remedy at law, and that District shall therefore be entitled to injunctive or other equitable relief to enforce this Agreement without a further evidentiary showing and shall not be required to post bond in excess of $1 (USD). 16. Entire Agreement. This Agreement constitutes the entire agreement between the parties regarding access to the System, and supersedes all prior oral or written agreements, commitments, or understandings concerning the matters provided for herein. 17. Amendment. No supplement, modification, or amendment of any term, provision, or condition of this Agreement shall be binding or enforceable on either party hereto unless in writing signed by both parties. 18. Governing Law. This Agreement shall be governed by the laws of the State of Texas without regard to its conflict of laws provisions and the venue of any litigation arising from this Agreement shall be in the District Courts of Tarrant County, Texas or the United States District Courts of the Northern District of Texas located in Fort Worth, Texas. The venue of any dispute resolution activity shall be in Fort Worth, Tarrant County, Texas. 19. Waiver. The failure to comply with or to enforce any term, provision, or condition of this Agreement, whether by conduct or otherwise, shall not constitute or be deemed a waiver of any other provision hereof, nor shall such failure to comply with or to enforce any term, provision, or condition hereof constitute or be deemed a continuing waiver. No waiver shall be binding unless executed in writing by the party making the waiver. 20. Termination for Convenience. Either party may terminate this Agreement upon thirty (30) days written notice to the other Party. 21. Parties Affected. Nothing in this Agreement, whether express or implied, is intended to confer upon any individual or entity, other than the parties hereto (and their respective heirs, representatives, successors, and permitted assigns), any rights or remedies hereunder or otherwise. Nothing in this Agreement is intended to relieve or discharge any liability of any party hereto or any third party. No provision in this Agreement shall give any individual or entity any right of subrogation against any party hereto. EpicCare Link Access Agreement Page 6 of 9 Docusign Envelope ID: 707A5987-11 FE-4A63-910E-3AB7C39C32F5 22. Severability. Should any part, term, or provision of this Agreement be declared to be invalid, void, or unenforceable, all remaining parts, terms, and provisions hereof shall remain in full force and effect, and shall in no way be invalidated, impaired, or affected thereby. Each invalid provision shall be revised only to the extent necessary to bring it within the requirements of such law or regulation. 23. Assignment. No party to this Agreement may assign this Agreement without the prior written consent of the other party. 24. Relationship of the Parties. None of the provisions of this Agreement are intended to create, and none shall be deemed or construed to create, any relationship between the parties, other than that of independent contractors. This Agreement shall not create the relationship of employer -employee, agency, partnership, or joint venture. Neither party shall have the right or power in any manner to unilaterally obligate the other to any third parry, whether or not related to the purpose of this Agreement. 25. Texas Public Information Act. The Parties acknowledge that each is a governmental body under Chapter 552 of the Texas Government Code and that certain information that is collected, assembled, or maintained in connection with the transaction of official business by a governmental body is considered public information potentially subject to disclosure pursuant to a valid Texas Public Information Act ("TPIA") request. Each Party's confidential information including trade secrets, certain financial information, and proprietary information may be subject to an exception to disclosure under Chapter 552 of the Texas Government Code, Subchapter C. If a TPIA request is made on either Party (the "Requested Party") to disclose the other Party's information that may be subject to an exception from disclosure, the Requested Party will (i) promptly notify the other Party of such request for disclosure, and (ii) decline to release such information and file a written request with the Texas Attorney General's office seeking a determination as to whether such information may be withheld. IN WITNESS WHEREOF, District and Outside Entity have caused this Agreement to be duly executed on the day and year first above written. City of Fort Worth By: Z�J , 9,,�� William Johnson Name: Title: Assistant City Manager Date: 09/10/2025 EpicCare Link Access Agreement 061225.docx Tarrant County Hospital District d/b/a JPS Health Network gnetl by: By:emu (kaitn So n Name: Kimberly Hodgkinson Title: EVP/CFO Date: 08/25/25 1 9:43 AM CDT EpicCare Link Access Agreement Page 7 of 9 Docusign Envelope ID: 707A5987-11 FE-4A63-910E-3AB7C39C32F5 CITY OF FORT WORTH INTERNAL ROUTING PROCESS: Approval Recommended: James Davis (Sep 10, 2025 08:34:48 CDT) By: Name: Title: Jim Davis Fire Chief Approved as to Form and Legality By: Name: Taylor C. Paris Title: Assistant City Attorney Contract Authorization: M&C: Contract Compliance Manager: By signing I acknowledge that I am the person responsible for the monitoring and administration of this contract, including ensuring all performance and reporting requirements. By: Name Title: Ekeivla en Brenda Ray (Sep 10, 2025 67:46:50 CDT) BrendaRay Fire Purchasing Manager City Secretary: By: Name: Jannette S. Goodall Title: City Secretary EpicCare Link Access Agreement Page 8 of 9 Docusign Envelope ID: 707A5987-11 FE-4A63-910E-3AB7C39C32F5 Exhibit A The protection of health and other confidential information is a right protected by law and enforced by fines, criminal penalties as well as employer policy. Safeguarding confidential information is a fundamental obligation for all persons accessing confidential information. Your clicking on "I AGREE" at the end of this statement will commit you to that obligation, and WILL be used as proof that you understand and agree to the stated basic duties and facts regarding privacy. Read it carefully. What you agree to in signing this statement: 1. I agree to maintain the privacy and security of all District confidential information that I am entitled to access. 2. I agree to: a) access confidential information to the minimum extent necessary for my assigned duties; and b) disclose such information only to persons authorized to receive it. 3. I understand and agree to the following: a. District tracks all user IDs used to access electronic records. Those IDs enable discovery of inappropriate access to EITHER employee records or patient records. b. Inappropriate access and/or unauthorized release of confidential or protected information will result in disciplinary action, up to and including termination of employment, and will result in a report to authorities charged with professional licensing, enforcement of privacy laws and prosecution of criminal acts. I further understand and agree that inappropriate access and/or unauthorized release of confidential or protected information may result in temporary and/or permanent termination of my access to District electronic records. c. That I will be assigned a User ID & a one-time use activation code. I agree to immediately select and enter a new password known only to me. I understand I may change my password at any time, and will do so based on District established policy and/or when prompted. I understand that I am to be the only individual using and in possession of my confidential password. I am aware that the User ID and password are equivalent to my signature. Also, I am aware that I am responsible for any use of the system utilizing my User ID and password. This includes data entered, viewed, printed or otherwise manipulated. If I have reason to believe that my password has been compromised I will immediately report this information to District and I will also immediately change my password. I understand that User IDs cannot be shared. Inappropriate use of my ID (whether by me or anyone else) is my responsibility and exposes me to severe consequences. 4. Confidential Health Information includes but is not limited to: Any individually identifiable information in possession or derived from a provider of health care regarding a patient's medical history, mental, or physical condition or treatment, as well as the patients and/or their family members records, test results, conversations, research records and financial information. (Note: this information is defined in the Privacy Rule as "protected health information.") Examples include, but are not limited to: Physical medical and psychiatric records including paper, photo, video, diagnostic and therapeutic reports, laboratory and pathology samples; Patient insurance and billing records; Centralized and/or department based computerized patient data and alphanumeric radio pager messages; 5. Confidential Employee & Business Information that is not available in the public domain includes but is not limited to: - Employee home telephone number and address; - Spouse or other relative names; - Social Security number or income tax withholding records; - Information related to evaluation of performance; - Other such information obtained from District's records, which if disclosed, would constitute an unwarranted invasion of privacy; or disclosure of protected or confidential information that would cause harm to District. EpicCare Link Access Agreement Page 9 of 9 d docusign. Certificate Of Completion Envelope Id: 707A5987-11 FE-4A63-910E-3AB7C39C32F5 Status: Delivered Subject: iContracts - Signature Request on Document(s). Contract 1335249 Source Envelope: Document Pages: 9 Signatures: 1 Envelope Originator: Certificate Pages: 2 Initials: 0 Frank Deeds AutoNav: Enabled 1350 S. Main Street Envelopeld Stamping: Enabled Suite 1350 Time Zone: (UTC-06:00) Central Time (US & Canada) Fort Worth, TX 76104 FDeeds@jpshealth.org IP Address: 52.207.176.51 Record Tracking Status: Original Holder: Frank Deeds Location: DocuSign Aug 25, 2025 1 09:20 FDeeds@jpshealth.org Signer Events Signature Timestamp Brenda Sent: Sep 9, 2025 1 17:06 Brenda. Ray@fortworthtexas.gov Viewed: Sep 10, 2025 1 07:21 Security Level: Email, Account Authentication (Optional) Electronic Record and Signature Disclosure: Not Offered via Docusign Kimberly Hodgkinson KHodgkinso@jpshealth.org EVP/CFO JPS Health Network Security Level: Email, Account Authentication (Optional) Electronic Record and Signature Disclosure: Not Offered via Docusign In Person Signer Events Editor Delivery Events Agent Delivery Events Intermediary Delivery Events Certified Delivery Events Carbon Copy Events Daniel Ebbett daniel.ebbett@fortworthtexas.gov Security Level: Email, Account Authentication (Optional) Electronic Record and Signature Disclosure: Not Offered via Docusign Taylor Paris Taylor. Paris@fortworthtexas.gov Security Level: Email, Account Authentication (Optional) Electronic Record and Signature Disclosure: Not Offered via Docusign Signed by: E K,btyV (�o�a iwsbvu 9EA393FB6F554EB... Signature Adoption: Pre -selected Style Using IP Address: 206.201.92.45 Signature Status Status Status Status Status COPIED COPIED Sent: Aug 25, 2025 1 09:32 Viewed: Aug 25, 2025 1 09:43 Signed: Aug 25, 2025 1 09:43 Timestamp Timestamp Timestamp Timestamp Timestamp Timestamp Sent: Aug 25, 2025 1 10:32 Viewed: Aug 26, 2025 1 12:57 Sent: Sep 9, 2025 1 17:06 Witness Events Signature Timestamp Notary Events Signature Timestamp Envelope Summary Events Status Timestamps Envelope Sent Hashed/Encrypted Aug 25, 2025 1 09:32 Certified Delivered Security Checked Aug 25, 2025 1 09:43 Signing Complete Security Checked Aug 25, 2025 1 09:43 Payment Events Status Timestamps