The URL can be used to link to this page

Home My WebLink AboutResolution No. 2011-018CITY OF THE COLONY, TEXAS RESOLUTION NO. 2011-~, A RESOLUTION OF THE CITY COUNCIL OF THE CITY OF THE COLONY, TEXAS ACCEPTING THE ASSISTANCE TO FIREFIGHTERS GRANT FROM THE FEDERAL EMERGENCY MANAGEMENT AGENCY, AUTHORIZING THE ADDITIONAL FUNDS FOR THE PURCHASE OF ELECTRONIC PATIENT CARE REPORTING SOFTWARE WITH SIX MOBILE COMPUTERS AND AUTHORZING THE CITY MANAGER TO SIGN A SUBSCRIPTION AGREEMENT WITH ESO SOLUTIONS; THAT A COPY OF THE AGREEMENT IS ATTACHED AS EXHIBIT A; DECLARING AN EFFECTIVE DATE. NOW, THEREFORE, BE IT RESOLVED BY THE CITY COUNCIL OF THE CITY OF THE COLONY, TEXAS: Section 1. The Assistance to Firefighters Grant from the Federal Emergency Management Agency (FEMA) in the amount of $32,400.00 is hereby accepted. Section 2. City staff is authorized to purchase the Electronic Patient Care Reporting software and six (6) mobile computers with the city matching funds and purchase funds in the amount of $26,652.00. Section 3. That the City Manager is authorized to enter into a subscription agreement with ESO Solutions, Inc. related to the Electronic Patient Care Reporting software. Section 4. That a true and correct copy of said subscription agreement is attached hereto and incorporated herein as Exhibit A. Section 5. That this resolution is effective from and after its passage. PASSED AND APPROVED this 1St day of March, 2011. ATTEST: hristie Wilson, TRMC City Secretary Joe McCourry, Mayor City of The Colony, Texas r' k APPROVED AS TO FORM: Jeff Moore, City Attorney SUBSCRIPTION AGREEMENT This Subscription Agreement (the "Agreement") is made as of the date of last execution below (the "Effective Date") and entered into by and between ESO Solutions, Inc., a Texas corporation with its principal place of business at 3005 South Lamar Blvd., Suite D 109-372, Austin, Texas 78704 (hereinafter referred to as "ESO"), and The Colony Fire Department, with its principal place of business at 4900 Blair Oaks The Colony, Texas 75056 (hereinafter referred to as "Customer"), with reference to the following: WHEREAS, ESO is in the business of providing electronic patient care reporting services to businesses and municipalities which provide emergency patient care, and Customer desires to obtain the services from ESO, all upon the terms and conditions set forth herein. NOW THEREFORE, Customer and ESO hereby mutually agree as follows: 1. Services. ESO shall provide to Customer, during the Term, the "Services" selected by Customer on Exhibit A attached hereto. 2. Term. The Term of the Agreement shall commence on the Effective Date and shall terminate one year after the Effective Date. The Agreement shall automatically renew for successive renewal terms of one year each, unless one party gives the other party written notice that the Agreement will not renew, at least thirty (30) days prior to the end of the then-current Term. 3. Subscription Fees, Invoices and Payment Terms. a. Subscription Fees. Customer shall pay to ESO the Subscription Fees for the Services as indicated on Exhibit A, and for ePCR, Customer shall pay an estimate of the annual Subscription Fees in accordance with subparagraph b. below. Customer will be invoiced for the yearly Subscription Fees on an annual basis, in advance, and all invoices shall be payable within thirty (30) days. b. Estimated Subscription Fees for ePCR. Customer shall pay to ESO the annual Estimated Subscription Fees for the ePCR Suite as indicated in Exhibit A. At least once every year ESO may evaluate Customers average annual call volume and increase or decrease the Customer's next invoice based on changes in Customer call volume. c. Payment of Invoices. Customer shall pay invoices received from ESO within thirty (30) days after the receipt of the invoice (the "Due Date"). d. Disputed Invoices. If Customer in good faith disputes any portion of any ESO invoice, Customer shall submit to ESO, by the Due Date, full payment of the undisputed portion of the invoice and written documentation identifying and substantiating the disputed amount. If Customer does not report a dispute within thirty (30) days following the Due Date of the applicable invoice, Customer shall have waived its right to dispute that invoice. Any disputed amounts determined to be payable to ESO shall be due within ten (10) days of the resolution of the dispute. 4. Termination. a. Termination by Customer for Cause. If ESO fails to perform a material obligation under this Agreement and does not remedy such failure within thirty (30) days following written notice from Customer ("ESO Default"), Customer may terminate this Agreement without any further liability except for the payment of all accrued but unpaid Subscription Fees. If ESO is unable to provide Service(s) for ninety (90) consecutive days due to a Force Majeure event as defined in Section 12a, Force Majeure, Customer may terminate the affected Service(s) without liability to ESO. b. Termination by ESO for Customer Default. ESO may terminate this Agreement with no further liability if (i) Customer fails to make payment as required under this Agreement and such failure remains uncorrected for five (5) days following written notice from ESO, or (ii) Customer fails to perform any other material obligation under this Agreement and does not remedy such failure within fifteen (15) days following written notice from ESO (hereinafter collectively referred to as "Customer Default"). In the event of a Customer Default, ESO shall have the right to (i) terminate this Agreement; (ii) suspend all Service(s) being provided to Customer, (iii) terminate the right to use the Software on the web or mobile devices (iv) apply interest to the amount past due, at the rate of one and one-half percent (1'/z%) (or the maximum legal rate, if less) of the unpaid amount per month; (v) offset any amounts that are owed to Customer by ESO against the past due amount then owed to ESO, and/or (vi) take any action in connection with any other right or remedy ESO may have under this Agreement, at law or in equity. If this Agreement is terminated due to a Customer Default, Customer shall remain liable for all Subscription Fees and other charges due to ESO. In addition, Customer agrees to pay ESO's reasonable expenses (including attorney and collection agency fees) incurred in enforcing ESO's rights in the event of a Customer Default. 5. Delivery of Data upon Expiration or Termination of Agreement. Within thirty (30) days after the expiration of this Agreement or the termination of this Agreement pursuant to Section 4a above, ESO will deliver to Customer its data, in machine readable format, on tape or on CD, at Customer's option. Customer shall reimburse ESO for the cost of the tape(s) on which Customer's data is delivered to Customer. If Customer wants the data to be delivered in a medium other than tape or CD, ESO shall do its best to accommodate Customer, provided Customer shall provide the medium on which the data is to be provided and shall pay for any additional cost incurred by ESO in accommodating this request. 6. System Maintenance. In the event ESO determines that it is necessary to interrupt the Services or that there is a potential for Services to be interrupted for the performance of system maintenance, ESO will use good-faith efforts to notify Customer prior to the performance of such maintenance and will schedule such maintenance during non-peak hours (midnight to 6 a.m. local time). In no event shall interruption for system maintenance constitute a failure of performance by ESO. 7. Access to Internet. Customer is solely responsible for obtaining and providing for its own broadband connections and/or connections to the Internet, and ESO makes no representations regarding the advisability of any provider or particular network to Customer. Customer's network and Internet access must meet the minimum requirements set forth in Paragraph 8 below. 8. Mobile Software Use and Support. If Customer elects to use ESO's proprietary ESO Pro Software (the "Software") on mobile devices, the provisions of this Section 8 shall apply. a. Use of Software. Subject to the terms, conditions and restrictions in this Agreement and in exchange for the per unit Mobile Software Interface Fees, ESO hereby grants to Customer non-exclusive, world-wide, non-transferable rights, for the term of this Agreement, to use and copy (for installation and backup purposes only) the Software to the units for which the Mobile Software Interface has been purchased. b. Ownership and Restrictions. This Agreement does not convey any rights of ownership in or title to the Software or any copies thereof. All right, title and interest in the Software and any copies or derivative works thereof will remain the property of ESO. Customer will not: (a) disassemble, reverse engineer or 2 modify the Software; (b) allow any third party to use the Software; (c) use the Software as a component in any product or service provided by Customer to a third party; (d) transfer, sell, assign, or otherwise convey the Software; (e) remove any proprietary notices placed on or contained within the Software; or (f) copy the Software except for backup purposes. Customer will keep the Software free and clear of all claims, liens, and encumbrances. c. Mobile Software Interface Fee. The Mobile Software Interface Fee is non-refundable. The Software shall be considered accepted upon delivery to Customer. d. Support and Updates. During the term of this Agreement, ESO shall provide to Customer the support services and will meet the service levels as set forth on Exhibit B attached hereto. ESO will also provide to Customer Updates, in accordance with Exhibit B. e. Other Services. Upon request by Customer, ESO may provide services related to the Software other than the standard support described above, at ESO's then-current labor rates. This may include on-site consultation, customization, and initial technical assistance and training for the purpose of installing the Software and training selected personnel on the use and support of the Software. ESO will undertake reasonable efforts to accommodate any written request by Customer for such professional services. f. Title. ESO hereby represents and warrants to Customer that ESO is the owner of the Software or otherwise has the right to grant to Customer the rights set forth in this Agreement. In the event any breach or threatened breach of the foregoing representation and warranty, Customer's sole remedy shall be to require ESO to either: i) procure, at ESO's expense, the right to use the Software, ii) replace the Software or any part thereof that is in breach and replace it with Software of comparable functionality that does not cause any breach. g. Indemnification by Customer. Customer will defend and indemnify ESO from any and all claims brought against ESO by third parties and will hold ESO harmless from all corresponding losses incurred by ESO arising n„t of nr related to (i) Cn-,tomer's micij.cP of the Software, (ii) anv services provided by Customer to third parties, or (iii) Customer's negligence or inaction in connection with the services it provides to third parties. 9. Limitation of Liability. NOTWITHSTANDING ANY OTHER PROVISION HEREOF, NEITHER PARTY SHALL BE LIABLE TO THE OTHER PARTY OR ANY THIRD PARTY FOR ANY INDIRECT, CONSEQUENTIAL, INCIDENTAL, RELIANCE, SPECIAL, EXEMPLARY OR PUNITIVE DAMAGES (INCLUDING BUT NOT LIMITED TO DAMAGES FOR LOST PROFITS, LOST REVENUES OR COST OF PURCHASING REPLACEMENT SERVICES) ARISING OUT OF OR RELATING TO THIS AGREEMENT. ADDITIONALLY, ESO SHALL NOT BE LIABLE TO CUSTOMER FOR ANY ACTUAL DAMAGES IN EXCESS OF THE AGGREGATE AMOUNT THAT ESO HAS PRIOR TO SUCH TIME COLLECTED FROM CUSTOMER WITH RESPECT TO SERVICES DELIVERED HEREUNDER. FURTHERMORE, IN NO EVENT SHALL EITHER PARTY BE LIABLE TO THE OTHER, EITHER IN CONTRACT OR IN TORT, FOR PROTECTION FROM UNAUTHORIZED ACCESS OF CUSTOMER DATA OR FROM UNAUTHORIZED ACCESS TO OR ALTERATION, THEFT OR DESTRUCTION OF CUSTOMER DATA FILES, PROGRAMS, PROCEDURE OR INFORMATION NOT CONTROLLED BY ESO, THROUGH ACCIDENT OR FRAUDULENT MEANS OR DEVICES. 10. Acknowledgements and Disclaimer of Warranties. Customer acknowledges that ESO cannot guarantee that there will never be any outages in ESO's network and that no credits shall be given in the event Customer's access to ESO's network is interrupted. UNLESS OTHERWISE SPECIFIED HEREIN, ESO MAKES NO WARRANTY TO CUSTOMER OR ANY OTHER PERSON OR ENTITY, WHETHER EXPRESS, IMPLIED OR STATUTORY, AS TO THE DESCRIPTION, QUALITY, MERCHANTABILITY, COMPLETENESS OR FITNESS FOR ANY PURPOSE, OF ANY SERVICE OR SOFTWARE PROVIDED HEREUNDER OR DESCRIBED HEREIN, OR AS TO ANY OTHER MATTER (INCLUDING WITHOUT LIMITATION 3 THAT THERE WILL BE NO IMPAIRMENT OF DATA), ALL OF WHICH WARRANTIES BY ESO ARE HEREBY EXCLUDED AND DISCLAIMED. 11. Confidential Information. "Confidential Information" shall mean all information disclosed in writing by one party to the other party that is clearly marked "CONFIDENTIAL" or "PROPRIETARY" by the disclosing party at the time of disclosure. Confidential Information does not include any information that (i) was already known by the receiving party free of any obligation to keep it confidential at the time of its disclosure; (ii) becomes publicly known through no wrongful act of the receiving party; (iii) is rightfully received from a third person without knowledge of any confidential obligation; (iv) is independently acquired or developed without violating any of the obligations under this Agreement; or (v) is approved for release by written authorization of the disclosing party. A recipient of Confidential Information shall not disclose the information to any person or entity except for the recipients and/or its employees, contractors and consultants who have a need to know such Confidential Information. The recipient may disclose Confidential Information pursuant to a judicial or governmental request, requirement or order; provided that the recipient shall take all reasonable steps to give prior notice to the disclosing party. Confidential Information shall not be disclosed to any third party without the prior written consent of the owner of the Confidential Information. The recipient shall use Confidential Information only for purposes of this Agreement and shall protect Confidential Information from disclosure using the same degree of care used to protect its own Confidential Information, but in no event less than a reasonable degree of care. Confidential Information shall remain the property of the disclosing party and shall be returned to the disclosing party or destroyed upon request of the disclosing party. Because monetary damages may be insufficient in the event of a breach or threatened breach of the foregoing provisions, the affected party may be entitled to seek an injunction or restraining order in addition to such other rights or remedies as may be available under this Agreement, at law or in equity, including but not limited to monetary damages. 12. Miscellaneous. a. Force Majeure. Neither party shall be liable to the other, nor deemed in default under this Agreement if and to the extent that such party's performance of this Agreement is delayed or prevented by reason of Force Majeure, which is defined for this Agreement to mean an event that is beyond the reasonable control of the party affected and occurs without such party's fault or negligence. b. Entire Agreement and Governing Law. This Agreement and any Business Associate Agreement (as that term is used in the Health Insurance Portability and Accountability Act and related regulations) that is executed by the parties constitute the entire agreement between ESO and Customer pertaining to the subject matter hereof and supersedes all prior and contemporaneous agreements and understandings in connection herewith. Unless otherwise specified herein, this Agreement may be modified or supplemented only by an instrument in writing executed by each party. This Agreement shall be governed by the laws of the State of Texas without regard to its principles of choice of law. c. Arbitration. Any controversy or claim arising out of or relating to this Agreement, or a breach of this Agreement, shall be finally settled by arbitration in Austin, Texas, and shall be resolved under the laws of the State of Texas. The arbitration shall be conducted before a single arbitrator, who may be a private arbitrator, in accordance with the commercial rules and practices of the American Arbitration Association then in effect. Any award, order or judgment pursuant to such arbitration shall be deemed final and binding and may be enforced in any court of competent jurisdiction. The arbitrator may, as part of the arbitration award, permit the substantially prevailing party to recover all or part of its attorney's fees and other out-of- pocket costs incurred in connection with such arbitration. All arbitration proceedings shall be conducted on a confidential basis. 4 d. No Press Releases without Consent. Neither party may use the other party's name or trademarks, or issue any publicity or make any public statements concerning the other party or the existence or content of this Agreement, without the other party's prior written consent. Notwithstanding, Customer agrees that ESO may use Customer's name and logo in ESO sales presentations, without Customer's prior written consent, during the Term of this Agreement, but only for the purposes of identifying the Customer as a customer of ESO. Likewise, Customer may use ESO's name and logo to identify ESO as a vendor or provided for Customer. Assignment. Customer may only assign this Agreement if it has received the prior written consent to such assignment from ESO, which consent shall not be unreasonably withheld. f. Compliance with Laws. Both parties shall comply with and give all notices required by all applicable federal, state and local laws, ordinances, rules, regulations and lawful orders of any public authority bearing on the performance of this Agreement. g. Notices. All notices and other communications hereunder shall be in writing and shall be deemed to have been duly given as of the date of delivery or confirmed facsimile or email transmission. Notices must be delivered or sent to the parties' respective addresses set forth above. h. Taxes. Unless otherwise required by law, Customer will be responsible for and will remit (or will reimburse ESO for) all taxes of any kind, including sales, use, duty, customs, withholding, property, value- added, and other similar federal, state or local taxes (other than taxes based on ESO's net income) imposed in connection with the provision of Services or the use of the Software provided to Customer under this Agreement. IN WITNESS WHEREOF, the parties have executed this Agreement as of the date last written below. ESO SOLUTIONS,INC. Name: Chris Dillie Title: President/CEO Date: L-1 I Customer: Bx: Name` l (~;t_E_,`l,i; ( 1 Title: ( lh~ Date: Telephone: 866.766.9471 x 1022 Email: chris.dillie@esosolutions.com Telephone: Email: EXHIBIT A SOFTWARE ANNUAL FEE SCHEDULE Customer hereby selected the following ESO Services, at the fees indicated: Quote Total: $37,512.00 QUOTE DETAILS Item or Service Qty Unit Price Total Price 1 ESO Pro Suite 3 $4,995.00 $14,985.00 2 ESO Pro Mobile 6 $695.00 $4,170.00 3 ESO Quick Speak (Annual) 6 $297.00 $1,782.00 4 Cardiac Monitor Interface 1 $3,995.00 $3,995.00 5 CAD Interface 1 $5,995.00 $5,995.00 6 Billing Extract 1 $3,995.00 $0.00 7 Onsite Training 3 $2,195.00 $6,585.00 Quote Total $37,512.00 PAYMENT TERMS AND PAYMENT MILESTONES The ePCR subscription year will begin upon execution of the Subscription Agreement or upon the commencement of active work on software implementation, whichever date comes later. Customer will be invoiced for full payment of goods and services upon execution of Subscription Agreement. 6 EXHIBIT B SUPPORT SERVICES AND SERVICE LEVELS This Exhibit describes the software support services ("Support Services") that ESO will provide and the service levels that ESO will meet. 1. Definitions. Unless defined otherwise herein, capitalized terms used in this Exhibit shall have the same meaning as set forth in the Agreement. (a) "Customer Service Representative" shall be the person at ESO designated by ESO to receive notices of Errors encountered by Customer that Customer's Administrator has been unable to resolve. (b) "Error" means any failure of the Software to conform in any material respect with its published specifications. (c) "Error Correction" means a bug fix, patch, or other modification or addition that brings the Software into material conformity with its published performance specifications. (d) "Priority A Error" means an Error that renders the Software inoperative or causes a complete failure of the Software. (e) "Priority B Error" means an Error that substantially degrades the performance of the Software or materially restricts Customer's use of the Software. (f) "Priority C Error" means an Error that causes only a minor impact on Customer's use of the Software. (g) "Update" means any new commercially available or deployable version of the Software, which may include Error Corrections, enhancements or other modifications, issued by ESO from time to time to its Customers. (h) "Normal Business Hours" means 8:00 am to 5:00 pm Monday through Friday, Central Time Zone. 2. Customer Obligations. Customer will provide at least one administrative employee (the "Administrator" or "Administrators") who will handle all requests for first-level support from Customer's employees with respect to the Software. Such support is intended to be the "front line" for support and information about the Software to Customer's employees. ESO will provide training, documentation, and materials to the Administrators to enable the Administrators to provide technical support to Customer's employees. The Administrators will refer any Errors to ESO's Customer Service Representative that the Administrators cannot resolve, pursuant to Section 3 below; and the Administrators will assist ESO in gathering information to enable ESO to identify problems with respect to reported Errors. 3. Support Services. (a) Scope. As further described herein, the Support Services consist of. (i) Error Corrections that the Administrator is unable to resolve, and (ii) periodic delivery of Error Corrections and Updates. The Support Services will be available to Customer during normal business hours, to the extent practicable. Priority A Errors encountered outside normal business hours may be communicated to the Customer Service Representative via telephone or email. Priority B and C Errors encountered outside normal business hours shall be communicated via email. (b) Procedure. (i) Report of Error. In reporting any Error, the Customer's Administrator will describe to ESO's Customer Service Representative the Error in reasonable detail and the circumstances under which the Error occurred or is occurring; the Administrator will initially classify the Error as a Priority A, B or C Error. ESO reserves the right to reclassify the Priority of the Error. (ii) Efforts Required. ESO shall exercise commercially reasonable efforts to correct any Error reported by the Administrator in accordance with the priority level assigned to such Error by the Administrator. Errors shall be communicated to ESO's Customer Service Representative after hours as indicated below, depending on the priority level of the Error. In the event of an Error, ESO will within the time periods set forth below, depending upon the priority level of the Error, commence verification of the Error; and, upon verification, will commence Error Correction. ESO will work diligently to verify the Error and, once an Error has been verified, and until an Error Correction has been provided to the Administrator, shall use 7 commercially reasonable, diligent efforts to provide a workaround for the Error as soon as reasonably practicable. ESO will provide the Administrator with periodic reports on the status of the Error Correction on the frequency as indicated below. Priority of Communicating Error to Time in Which ESO Frequency of Periodic Error ESO outside Normal Will Commence Status Reports Business Hours Verification Priority A Telephone or email Within 8 hours of Every 4 hours until notification resolved Priority B Email Within I business day Every 6 hours until of notification resolved Priority C Email Within two calendar Every week until resolved weeks of notification 4. ESO Server Administration. (a) ESO is responsible for maintenance of Server hardware. Server administration includes: (i) Monitoring and Response (ii) Service Availability Monitoring (iii) Backups (iv) Maintenance A. Microsoft Patch Management B. Security patches to supported applications and related components C. Event Log Monitoring D. Log File Maintenance E. Drive Space Monitoring (v) Security (vi) Virus Definition & Prevention (vii) Firewall EXHIBIT C BUSINESS ASSOCIATES AGREEMENT This Agreement (this "Agreement") is made and entered into as of the contract execution date by and between ESO Solutions Inc., ("Business Associate") a State of Texas corporation, and ("Covered Entity"). WHEREAS, Business Associate acknowledges that Covered Entity has in its possession data that contains individual identifiable health information as defined by Health Insurance Portability and Accountability Act of 1996, Pub. L. No. 104-191 ("HIPAA") and the regulations promulgated thereunder; and WHEREAS, Business Associate and Covered Entity are parties to an agreement (the "Service Agreement"), pursuant to which the fulfillment of the Parties' obligations thereunder necessitates the exchange of, or access to, data including individual identifiable health information, NOW, THEREFORE, in consideration of the mutual promises and covenants hereinafter contained, the Parties agree as follows: ARTICLE I DEFINITIONS Terms used, but not otherwise defined, in this Agreement shall have the meanings set forth below. 1.1 "HHS Transaction Standard Regulation" means the Code of Federal Regulations ("CFR") at Title 45, Sections 160 and 162. 1.2 "Individual" means the subject of PHI or, if deceased, his or her personal representative. 1.3. "Parties" shall mean the Covered Entity and Business Associate. (Covered Entity and Business Associate, individually, may be referred to as a "Party.") 1.4 "Privacy Rule" shall mean the Standards for Privacy of Individually Identifiable Health Information at 45 CFR Part 160 and Part 164, Subparts A and E. 1.5 "PHI" shall have the same meaning as the term "protected health information in 45 CFR § 160.103, limited to the information created or received by Business Associate from or on behalf of the Covered Entity. 1.6 "Required By Law" shall have the same meaning as "required by law" in 45 CFR § 164.501. 1.7 "Secretary" shall mean the Secretary of the Department of Health and Human Services or his designee. ARTICLE 2 CONFIDENTIALITY 2.1 Obligations and Activities of Business Associate. Business Associate agrees as follows: (a) not to use or further disclose PHI other than as permitted or required by this Agreement or as Required By Law; (b) to establish, maintain, and use appropriate safeguards to prevent use or disclosure of the PHI other than as permitted herein; (c) to report to Covered Entity any use, access or disclosure of the PHI not provided for by this Agreement, or any misuse of the PHI, including but not limited to systems compromises of which 9 it becomes aware, and to mitigate, to the extent practicable, any harmful effect that is known to Business Associate as a result thereof, (d) to enforce and maintain appropriate policies, procedures, and access control mechanisms to ensure that any agent, including a subcontractor, to whom it provides PHI received from, or created or received by Business Associate on behalf of Covered Entity agrees to the same restrictions and conditions that apply through this Agreement to Business Associate with respect to such information. The access and privileges granted to any such agent shall be the minimum necessary to perform the assigned functions; (e) to provide access, at the request of Covered Entity, and in the time and manner reasonable designated by Covered Entity, to PHI in a Designated Record Set (as defined in the Privacy Rule), to Covered Entity or, as directed by Covered Entity, to an Individual in order to meet the requirements under 45 CFR § 164.524; (f) to make any amendment(s) to PHI in a Designated Record Set that the Covered Entity directs or agrees to pursuant to 45 CFR § 164.526 at the request of Covered Entity or an Individual, and in the time and manner reasonably requested by Covered Entity; (g) to make internal practices, books, and records relating to the use and disclosure of PHI received from, or created or received by Business Associate on behalf of, Covered Entity available to the Covered Entity, or at the request of the Covered Entity to the Secretary, in a time and manner reasonably requested by Covered Entity or designated by the Secretary, for purposes of the Secretary determining Covered Entity's compliance with the Privacy Rule; (h) to document such disclosures of PHI, and information related to such disclosures, as would be required for Covered Entity to respond to a request by an Individual for an accounting of disclosures of PHI in accordance with 45 CFR § 164.528; (i) to provide to Covered Entity or an Individual, in a time and manner reasonably requested by Covered Entity, information collected in accordance with Section 2.1(i) above to permit Covered Entity to respond to a request by an Individual for an accounting of disclosures of PHI in accordance with 45 CFR §164.528; (j) to promptly notify Covered Entity of all actual or suspected instances of deliberate unauthorized attempts (both successful and unsuccessful) to access PHI; (k) to maintain and enforce policies, procedures and processes to protect physical access to hardware, software and/or media containing PHI (e.g., hardcopy, tapes, removable media, etc. ) against unauthorized physical access during use, storage, transportation, disposition and /or destruction; (1) to ensure that access controls in place to protect PHI and processing resources from unauthorized access are controlled by two-factor identification and authentication: a user ID and a Token, Password or Biometrics. 2.2 Disclosures Required By Law. In the event that Business Associate is required by law to disclose PHI, Business Associate will immediately provide Covered Entity with written notice and provide Covered Entity an opportunity to oppose any request for such PHI or to take whatever action Covered Entity deems appropriate. 2.3 Specific Use and Disclosure Provisions. (a) Except as otherwise limited in this Agreement, Business Associate may use PHI only to carry out the legal responsibilities of the Business Associate under the Service Agreement. (b) Except as otherwise limited in this Agreement, Business Associate may only disclose PHI (i) as Required By Law, or (ii) in the fulfillment of its obligations under the Service Agreement and provided that Business Associate has first obtained (A) the consent of Covered Entity for such disclosure, (B) reasonable assurances from the person to whom the information is disclosed that the PHI will remain confidential and used or further disclosed only as Required By Law or for the purpose for which it was disclosed to the person, and (C) reasonable assurances from the person to 10 whom the information is disclosed that such person will notify the Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached. 2.4 Obligations of Covered Entity. (a) Covered Entity shall notify Business Associate of any limitations in its notice of privacy practices of Covered Entity in accordance with 45 CFR §164.520, to the extent that such limitation may affect Business Associate's use or disclosure of PHI. (b) Covered Entity shall notify Business Associate of any changes in, or revocation of, permission by an Individual to use or disclose PHI, to the extent that such changes may affect Business Associate's use or disclosures of PHI. (c) Covered Entity shall notify Business Associate of any restriction to the use or disclosure of PHI that Covered Entity has agreed to in accordance with 45 CFR §164.522, to the extent that such restriction may affect Business Associate's use or disclosure of PHI. (d) For any PHI received by Covered Entity from Business Associate on behalf of a third party or another covered entity, Covered Entity agrees to be bound to the obligations and activities of Business Associate enumerated in Section 2.1 as if, and to the same extent, Covered Entity was the named Business Associate hereunder. 2.5 Permissible Requests by Covered Entity. Covered Entity shall not request Business Associate to use or disclose PHI in any manner that would not be permissible under the Privacy Rule if done by the Covered Entity. 2.6 Policy and Procedure Review. Upon request, Business Associate shall make available to Covered Entity any and all documentation relevant to the safeguarding of PHI including but not limited to current policies and procedures, operational manuals and/or instructions, and/or employment and/or third party agreements. ARTICLE 3 SECURITY 3.1 Government Healthcare Program Representations. Business Associate hereby represents and warrants to Covered Entity, its shareholders, members, directors, officers, agents, or employees that Business Associate has not been excluded or has not been served a notice of exclusion or has not been served with a notice of proposed exclusion, or has not committed any acts which are cause for exclusion from participation in, or had any sanctions, or civil or criminal penalties imposed under, any federal or state healthcare program, including, but not limited to, Medicare or Medicaid, and has not been convicted, under federal or state law (including without limitation a plea of nolo contendere or participation in a first offender deterred adjudication or other arrangement whereby a judgment of conviction has been withheld), of a criminal offense related to (a) the neglect or abuse of a patient, (b) the delivery of an item or service, including the performance of management or administrative services related to the delivery of an item or service, under a federal or state healthcare program, (c) fraud, theft, embezzlement, breach of fiduciary responsibility, or other financial misconduct in connection with the delivery of a healthcare item or service or with respect to any act or omission in any program operated by or financed in whole or in party by any federal, state or local government agency, (d) the unlawful, manufacture, distribution, prescription, or dispensing of a controlled substance, or (e) interference with or obstruction of any investigation into any criminal offense described in (a) through (d) above. Business Associate 11 further agrees to notify Covered Entity immediately after Business Associate becomes aware that the foregoing representation and warranty may be inaccurate or may be incorrect. 3.2 Security Procedures. Each Party shall employ security procedures that comply with HIPAA and all other applicable state and federal laws and regulations (collectively, the "Law") and that are commercially reasonable, to ensure that transactions, notices, and other information that are electronically created, communicated, processed, stored, retained or retrieved are authentic, accurate, reliable, complete and confidential. Moreover, each Party shall, and shall require any agent or subcontractor involved in the electronic exchange of data to: (a) require its agents and subcontractors to provide security for all data that is electronically exchanged between Covered Entity and Business Associate; (b) provide, utilize, and maintain equipment, software, services and testing necessary to assure the secure and reliable transmission and receipt of data containing PHI; (c) maintain and enforce security management policies and procedures and utilize mechanisms and processes to prevent, detect, record, analyze, contain and resolve unauthorized access attempts to PHI or processing resources; (d) maintain and enforce polices and guidelines for workstation use that delineate appropriate use of workstations to maximize the security of data containing PHI; (e) maintain and enforce policies, procedures and a formal program for periodically reviewing its processing infrastructure for potential security vulnerabilities; (f) implement and maintain, and require its agents and subcontractors to implement and maintain, appropriate and effective administrative, technical and physical safeguards to protect the security, integrity and confidentiality of data electronically exchanged between Business Associate and Covered Entity, including access to data as provided herein. Each Party and its agents and subcontractors shall keep all security measures current and shall document its security measures implemented in written policies, procedures or guidelines, which it will provide to the other Party upon the other Party's request. ARTICLE 4 EXCHANGE OF STANDARD TRANSMISSIONS 4.1 Obligations of the Parties. Each of the Parties agrees that for the PHI, (a) it will not change any definition, data condition or use of a data element or segment as proscribed in the HHS Transaction Standard Regulation. (b) it will not add any data elements or segments to the maximum denied data set as proscribed in the HHS Transaction Standard Regulation. (c) it will not use any code or data elements that are either marked "not used" in the HHS Standard's implementation specifications or are not in the HHS Transaction Standard's implementation specifications. (d) it will not change the meaning or intent of any of the HHS Transaction Standard's implementation specifications. 12 4.2 Incorporation of Modifications to HHS Transaction Standards. Each of the Parties agrees and understands that from time-to-time, HHS may modify and set compliance dates for the HHS Transaction Standards. Each of the Parties agrees to incorporate by reference into this Agreement any such modifications or changes. 4.3 Business Associate Obligations. (a) Business Associate shall not submit duplicate transmissions unless so requested by Covered Entity. (b) Business Associate shall only perform those transactions that are authorized by Covered Entity. Furthermore, Business Associate assumes all liability for any damage, whether direct or indirect, to the electronic data or to Covered Entity's systems caused by Business Associate's unauthorized use of such transactions. (c) Business Associate shall hold Covered Entity harmless from any claim, loss or damage of any kind, whether direct or indirect, whether to person or property, arising out of or related to (1) Business Associate's use or unauthorized disclosure of the electronic data; or (2) Business Associate's submission of data, including but not limited to the submission of incorrect, misleading, incomplete or fraudulent data. (d) Business Associate agrees to maintain adequate back-up files to recreate transmissions in the event that such recreations become necessary. Back-up tapes shall be subject to this Agreement to the same extent as original data. (e) Business Associate agrees to trace lost or indecipherable transmissions and make reasonable efforts to locate and translate the same. Business Associate shall bear all costs associated with the recreation of incomplete, lost or indecipherable transmissions if such loss is the result of an act or omission of Business Associate. (f) Business Associate shall maintain, for seven (7) years, true copies of any source documents from which it produces electronic data. (g) Except encounter data furnished by Business Associate to Covered Entity, Business Associate shall not (other than to correct errors) modify any data to which it is granted access under this Agreement or derive new data from such existing data. Any modification of data is to be recorded, and a record of such modification is to be retained by Business Associate for a period of seven (7) years. (h) Business Associate shall not disclose security access codes to any third party in any manner without the express written consent of Covered Entity. Business Associate furthermore acknowledges that Covered Entity may change such codes at any time without notice. Business Associate shall assume responsibility for any damages arising from its disclosure of the security access codes or its failure to prevent any third party use of the system without the express written consent of Covered Entity. (i) Business Associate shall maintain general liability coverage, including coverage for general commercial liability, for a limit of not less than one million dollars, as well as other coverage as Covered Entity may require, to compensate any parties damaged by Business Associate's negligence. Business Associate shall provide evidence of such coverage in the form of a certificate of insurance and agrees to notify Covered Entity and/or HOI immediately of any reduction or cancellation of such coverage. 13 (j) Business Associate agrees to conduct testing with Covered Entity to ensure delivery of files that are HIPAA-AS Compliant and to accommodate Covered Entity's specific business requirements. 4.4 Confidential and Proprietary Information (a) Proprietary Information Business Associate acknowledges that it will have access to certain proprietary information used in Covered Entity's business. Covered Entity's proprietary information derives its commercial value from the fact that it is not available to competitors or any third parties, and the disclosure of this information would or could impair Covered Entity's competitive position or otherwise prejudice its ongoing business. Business Associate agrees to treat as confidential, and shall not use for its own commercial purpose or any other purpose, Covered Entity's proprietary information. Business Associate shall safeguard Covered Entity's proprietary information against disclosure except as may be expressly permitted herein. Such proprietary information includes, but is not limited to, confidential information concerning the business operations or practices of Covered Entity, including specific technology processes or capabilities. ARTICLE 5 MISCELLANEOUS 5.1 Indemnification. Each Party agrees to indemnify the other for any damages, costs, expenses or liabilities, including legal fees and costs, arising from or related to a breach of such Party's obligations hereunder. 5.2 Term and Termination. (a) Term. The Term of this Agreement shall be effective as of the date first written above, and shall terminate when all of the PHI provided by Covered Entity to Business Associate, or created or received by Business Associate on behalf of Covered Entity, is destroyed or returned to Covered Entity, or, if it is infeasible to return or destroy PHI, protections are extended to such information, in accordance with the termination provisions in this Section. (b) Termination for Cause. Upon a material breach by Business Associate of it obligation hereunder, Covered Entity may (i) terminate this Agreement and the Service Agreement; and (ii) report the violation to the Secretary. (c) Effect of Termination. (i) Except as provided in paragraph 5.2(c)(ii), upon termination of this Agreement, for any reason, Business Associate shall return or destroy all PHI received from Covered Entity, or created or received by Business Associate on behalf of Covered Entity. This provision shall apply to PHI that is in the possession of subcontractors or agents of Business Associate. Business Associate shall retain no copies of the PHI. (ii) In the event that Business Associate determines that returning the PHI is infeasible, Business Associate shall provide to Covered Entity notification of the conditions that make return or destruction infeasible. Upon Covered Entity's agreement that return or destruction of PHI is infeasible, Business Associate shall extend the protections of this Agreement to such PHI and limit further uses and 14 disclosures of such PHI to those purposes that make the return or destruction infeasible, for so long as Business Associate maintains such PHI. 5.3 Disputes. Any controversy or claim arising out of or relating to the Agreement will be finally settled by compulsory arbitration in accordance with the Commercial Arbitration Rules of the American Arbitration Association ("AAA"), except for injunctive relief as described below. 5.4 Injunctive Relief. Notwithstanding any rights or remedies provided for in Section 5.3, Covered Entity retains all rights to seek injunctive relief to prevent the unauthorized use of disclosure of PHI by Business Associate or any agent, contractor or third party that received PHI from Business Associate. 5.5 Re ug latory References. A reference in this Agreement to a section in the Privacy Rule means the section as in effect or as amended. 5.6 Amendment. The Parties agree to take such action as is necessary to amend this Agreement from time to time to the extent necessary for Covered Entity to comply with the requirements of HIPAA and its regulations. All amendments to this agreement shall be in writing and signed by both parties. 5.7 Survival. The respective rights and obligations of Business Associate and Covered Entity under Sections 4.4, 5.1 and 5.2(c) of this Agreement shall survive the termination of this Agreement. 5.8 Limitation of Damages. Other than liabilities under Section 5. 1, neither party shall be liable to the other for any special, incidental, exemplary, punitive or consequential damages arising from or as a result of any delay, omission, or error in the electronic transmission or receipt of any information pursuant to this Agreement, even if the other Party has been advised of the possibility of such damages. 5.9 InteE_pretation. Any ambiguity in this Agreement shall be resolved to permit Covered Entity to comply with the Privacy Rule 15