HomeMy WebLinkAbout12/09/2014 08 Claim Review and Audit Service Contract with ELAP Services, LLCBUSINESS OF THE CITY COUNCIL
YAKIMA, WASHINGTON
AGENDA STATEMENT
Item No. 8.
For Meeting of: December 09, 2014
IIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIII
ITEM TITLE:
SUBMITTED BY:
SUMMARY EXPLANATION:
Resolution authorizing a contract with ELAP Services LLC
(ELAP) to review health care claims by hospitals and medical
facilities. Based on ELAP's eight year track record we
anticipate saving $1.4 million by reviewing and auditing
hospital and medical facility claims
Tony O'Rourke, City Manager
Lori Durand, Human Resources
The City of Yakima self-funded healthy plan will work with ELAP Services LLC to control
employee health care costs. ELAP shall assist the City in reviewing and auditing hospital and
medical facility claims to ensure they correlate to the providers' cost of services.
ELAP will work with the City's stop loss carrier to ensure coordination between the medical plan
document and stop loss policy, providing a special focus on catastrophic claims management.
ELAP will support the City's fiduciary duty to prudently manage plan assets, make appropriate
coverage determinations and manage appeals in a manner compliant with the Employment
Retirement Income Security Act (ERISA).
ELAP will assume legal and financial obligations on behalf of City employees in support of this
process, and will establish direct, transparent contracts on behalf of the City with health care
providers on a regional and national level. ELAP adheres to the principles of transparent pricing,
objectivity and fair reimbursement practices.
This service is projected to save the City $1.4 million dollars annually and cost approximately
$168,000 dollars.
Resolution: X Ordinance:
Other (Specify):
Contract: Contract Term: 1 Year
Start Date: 1/1/2015 End Date: 12/31/15
Item Budgeted: Yes Amount:
Funding Source/Fiscal
Impact:
Strategic Priority:
Insurance Required? No
Mail to:
Phone:
APPROVED FOR
SUBMITTAL:
RECOMMENDATION:
Employee Welfare Benefit Fund
City Manager
Staff respectfully requests City Council approve the Resolution.
ATTACHMENTS:
Description
Resolution
Contract
Associate Agreement
Upload Date
12/5/2014
12/5/2014
12/5/2014
Type
Resollutlion
Contract
Contract
A RESOLUTION
RESOLUTION NO. R -2014 -
authorizing the City Manager to enter into a contract with ELAP Services
LLC to provide employee medical cost Claim Review and Audit Service
for the City's self-funded medical services.
WHEREAS, the City of Yakima self-funded medical services employer group requires
the services of a professional claim review and audit service to control employee health care
costs in accord with applicable Federal, State and Local regulations; and
WHEREAS, ELAP Services LLC has the professional expertise, experience and support
to assist the City's medical service administration to plan, design and cooperatively establish
appropriate limits for payment of the City's medical claims that correlate to the providers' actual
cost of services; and
WHEREAS, ELAP is willing and able to work with the City's stop loss carrier to ensure
cohesion between the plan document and stop loss policy, with a special focus on catastrophic
claims management; ELAP will professionally support the City's fiduciary duty to prudently
manage plan assets, make appropriate coverage determinations and manage potential medical
provider appeals in a manner compliant with the Employment Retirement Income Security Act
(ERISA); and
WHEREAS, ELAP agrees to assume certain defense obligations on behalf of the City's
covered personnel in support of this process and will establish direct, transparent contracts on
behalf of the City with health care providers on a regional and national level, adhering to the
principles of transparent pricing, objectivity and fair reimbursement practices; and
WHEREAS, the Agreement between the City and ELAP, attached hereto and
incorporated herein by this reference, defines the responsibilities of the parties to provide fair
medical cost reimbursement practices for the City's self-funded employer group; and
WHEREAS, the City Council has determined that the Agreement between the City and
ELAP is in the best interest of the City and will provide the oversight necessary to protect and
sustain the City self-funded employer group; now therefore;
BE IT RESOLVED BY THE CITY COUNCIL OF THE CITY OF YAKIMA:
The City Manager is hereby authorized and directed to execute the attached and
incorporated Agreement between the City and ELAP Services LLC to provide necessary
analysis, oversight and control of the City's employee health care costs, to provide a cost
containment plan design and establish limits for payment of medical claims that correlate to the
healthcare provider's cost of services, with a special focus on catastrophic claim management,
thereby preserving and sustaining the City's self-funded employer group..
ADOPTED BY THE CITY COUNCIL this 9th day of December, 2014.
ATTEST: Micah Cawley, Mayor
Sonya Claar-Tee, City Clerk
ELAP-AUDITPROGRAMONLY(NON-ERISA)
Pagelof9
CLAIMRE VIEWANDAUDITS ERVICEAGREEMENT
This Claim Review and Audit Service Agreement, made as of December 5, 2014 ("the
Effective Date"), by and between the City of Yakima, a Washington Municipal Corporation, having its
principal office at 129 N. Second Street, Yakima, Washington 98901 (the "Employer") and ELAP Services,
LLC, having its principal office at Ludwigs Corner Professional Center, 961 Pottstown Pike, Chester
Springs, Pennsylvania 19425 ("ELAP");
WhentheEmployerisactingasthePlanSponsorunderthisAgreement,itwillbereferredtoasthe" PlanSpon
soCandwhenitisactingastheAdministratorofthePlanunderthisAgreement,itwillbereferredtoasthe" P1anAdmini
strator."AsPlanSponsor,theCompanyisactinginitscapacityasthesettlorofthePlan;and,asthe
PlanAdministrator,itisactinginitsfiduciarycapacity;
WITNESSETH:
Whereas, thePlanSponsorhas established anemployeebenefit planforthepurpose
ofprovidingcertainhealthbenefitstoeligibleparticipants(the"Plan");
Whereas,thePlanAdministratordesirestohaveELAPperformcertainclaimreviewandauditservicesinc
onj unctionwithitsclaimproce ssingdutie sonbehalfofthePlan;
Whereas,ELAPdesirestoprovidesuchservicesto thePlanAdministrator;and
Whereas,thepartie sdesireto setforththetermsandconditionsuponwhichELAPwillprovide suchservice
s.
Now,therefore,inconsiderationofthemutualcovenantsandagreementshereinaftercontained, andother
goodandvaluableconsideration,thereceiptandsufficiencyofwhichareherebyacknowledged, andintendingtobele
gallyboundhereby,thepartie sheretoagreeasfollows:
1. DefinedTerms.CapitalizedtermsshallhavethemeaningssetforthinthisAgreement.Asusedhe
rein,thefollowingtermsshallbedefinedasfollows:
(a)"DefenseExpenses"shallmean(i)thecostofconsultationsand/orreviewsbyexperts,if
suchexpertsaredesignatedbyELAP;(ii) attorneys ' fee sincurred byELAPinconnection
withaDisputedAudit; (iii)attorneys'feesincurredbythePlanSponsor,thePlanAdministratorand/orthePlan
inconnectionwithaDisputedAudit,ifsuchattorneysaredesignatedbyELAP;(iv)otherfees,costsandexpensesresul
tingfromtheinvestigation,adjudication,anddefense(includinganyappeal)ofaDisputedAuditincurredbyELAPor
,withpriorwrittenconsentofELAP,bythePlanSponsor,thePlanAdministratorand/orthePlan;and(v)attorneys'fee
sandcostsincurredbyaPlanparticipantifacourtofcompetentjurisdictionfinallydeterminesthatsuchfeesandcostsa
retobepaidbythePlanSponsor,thePlanAdministratorand/orthePlaninconnectionwithaDisputedAudit."Defense
Expenses"shallnotinclude sanctions; fines; penalties;taxes;multiple, exemplaryor punitiveDefense Expenses;
or theamountofany BenefitClaimunlessELAPelectstopayaBenefitClaim
aspartofasettlementina.ccordancewithSection2.5ofthisAgreement."DefenseExpenses"forpaymentinsettlemen
tofaBenefitClaimshallbelimitedto the amountofthe BenefitClaimto the extentthatthe
paymentinsettlementexceedsthe lesser of
(i) theamountoftheoriginalbenefitdeterminationbyELAP,or(ii)theamountofthe"payablecharges"."Payablech
arges"forpurposesofthisSectionl(a)arethebilledchargesthatarepayablebythePlanrninusanyPPOorothermanag
ed-carediscount(s)thatarecontractuallyavailabletothePlan;
(b)"DisputedAudit"shallmeanaclaimforbenefitsunderaPlanforwhichELAPhasdeter
minedtheAllowableClaimLimits,andwhichdeterminationisthesubjectof(i)anappealbythePlanparticipant;(ii)a
nappealbytheproviderofservice; (iii)formalcollectioneffortsbytheproviderofserviceoritsdesignatedagent or(iv
)legal actionforpaymentofdeniedchargeswhich werefoundtobeinexcessofAllowableClaimLimits;
ELAP-AUDITPROGRAMONLY(NON-ERISA)
Page2of9
(c)"LimitofLiability"shallmeananamountequaltoOneMillionDollars($1,000,000)per
DisputedAudit;
(d)"BenefitClaim"shallmeanaclaimforbenefitsfiledbyoronbehalfofaparticipantinaPla
n.`BenefitClaim"shallmeanonlyPost-serviceClaims;
(e) "ClaimsAdministrator"shallmeantheentitythatiscurrentlyorwaspreviouslyengage
dbythePlanAdministratorto providecertainclaimsprocessingandotherministerialservicestothePlan
atthetimeof therequestforapprovalof servicesortherendering of services that comprisesaBenefitClaim;
(f)"PlanDocuments"shallmeanthedocumentsestablishingandgoverning,andsettingfo
rththebenefitsof,thePlan,includingtheplandocumentandthe SummaryPlanDescriptionor,intheeventofaBenefit
ClaimarisingpriortotheeffectivedateofthePlanDocuments,thePlanDocumentsineffectatthatprior time;and
(g) "Post-
serviceClaim" shallmeanaclaimforabenefitunderthePlanaftertheserviceshavebeenrendered.
(h) "AllowableClaimLimits"shall
meanthechargesforservicesandsupplies,listedandincludedasCoveredMedicalFxpensesunderthePlan,whichareM
edicallyNecessaryforthecareandtreatmentoflllnessorinj ury,butonlytotheextentthatsuchfeesarewithintheAllowabl
eClaimLimits ExamplesofthedeterminationthatachargeiswithintheAllowableClaimLimitinclude,butarenotlimite
dto,thefollowingguidelines:
• Hospital.TheAllowableClaimLimitforchargesbyaHospitalfacilityandforchargesbyfacilitieswhichare
ownedandoperatedbyaHospitalmaybebaseduponl 12%oftheHo spital' smo strecentdepartmentalco str
atio,reportedtotheCentersforMedicareandMedicaidServices("CMS")andpublishedintheAmericanHo
spitalDirectoryasthe"MedicareCostReport"(the"CMSCostRatio"),ormaybebasedupontheMedicarea
llowedamountfortheservice sinthegeographicregionplusana dditiona l20%.
• Pharmaceuticals. TheAllowable ClaimLimit forpharmacy charges bya providerwhichdoes
notreportcost ratios toCMSmaybedeterminedbyapplying theAverageWholesalePrice
(AWP)asdefinedbyREDBOOKattherateof112%ofAWP.
• MedicalandSurgicalSupplies,Implants,Devices.TheAllowableClaimLimitforchargesformedicalands
urgicalsupplie smadebyaprovidermaybebaseduponinvoicepricetothe
provider,plus 12%.Thedocumentationusedastheresourceforthisdeterminationwillinclude,butnotbeli
mitedto ,invoice s, receipts, costlistsorotherdocumentationasdeemedappropriatebyELAP.
• PhysicianMedicalandSurgicalCare,Laboratory,X-
ray,andTherapy.TheAllowableClaimLimitforthese service smayb edeterminedbaseduponthefeesforc
omparab le service sinthegeographicregionatthe9OthpercentileofthePhysicianFeeReference("PFR" ),
whichisthehighestpercentilereflectedinthePFR.
• AmbulatoryHealthCareCenters.The Allowable Claim Limitfor ambulatory
healthcarecenters,includingAmbulatory SurgeryCenters,whichareindependentfacilitiesmaybebasedu
pontheMedicareallowedamountforthe servicesinthegeographicregion,and/ortheMedicareOutpatient
Pro spectivePaymentSy stem(OPP S),plusanadditional20%.
• GeneralMedicaland/orSurgicalServices.TheAllowableClaim
Limitforservice snototherwiselistedabovemaybecalculatedbaseduponindustry-
standardresourcesincluding,butnotlimitedto, CMS CostRatios,Medicareallowedfees(bygeographicre
gion),publishedandpubliclyavailablefeeandcostlistsandcomparisons,anyresourceslistedinthecategor
iesabove,orany
ELAP-AUDITPROGRAMONLY(NON-ERISA)
Page3of9
combinationofsuchresourcesthatresultsinthedeterminationofanappropriateandreasonablecostbasis.T
heAllowab le ClaimLimitfortheseservice swillbetheco stbasiscalculatedusingoneormoreoftheindustry-
standardresources,plus 12%.
• Unbundling.TheAllowableClaimLimitwillnotincludechargesforanyitemsbilledseparatelythatarecust
omarilyincludedinaglobalbillingprocedurecodeinaccordancewithAmericanMedicalAssociation'sCP
T®(CurrentProceduralTerminology)and/ortheHealthcareCommonProcedureCodingSystem(HCPC
S)codesusedbyCMS.
• Errors.TheAllowableClaimLimitswillnotincludeanyidentifiablebillingmistakesincluding,butnotlimi
tedto,upcoding,duplicatecharges, andcharge sforservicesnotperformed.
• MedicalRecordReview.IntheeventthatELAP,baseduponamedicalrecordreviewandaudit,determinest
hatadifferenttreatmentordifferentquantityofadrugorsupplywasprovidedwhichis not supportedin
thebilling,thenELAPmaydeterminetheAllowableClaimLimit
accordingtothemedicalrecordreviewandauditresults.
• Not Able toldentifyorUnderstand.TheAllowableClaim Limitswillnotincludeanycharges
forwhichELAPcannotidentifyorunderstandtheitem(s)beingb illed.
• DirectlyContractedProviders.TheAllowableClaimLimitsforprovidersofservicewhoaredirectlycontra
ctedwithELAPwillbethenegotiatedrateasagreedunderthedirectprovideragreement.
IntheeventthatthePlanAdministratordeterminesthatinsufficientinformationisavailableto
identifytheAllowableClaimLimitforaspecificserviceorsupplyusingthelistedguidelinesabove,thePlanAdmini
stratorreservestheright,initssolediscretion,todetermineanyAllowableClaimLimitamountforcertainconditions
,servicesand suppliesusing acceptedindustry-
standarddocumentation,appliedwithoutdiscriminationtoanyPlanparticipant.
Notwithstandinganyconflictingcontractsoragreements,thePlanmayconsidertheAllowableClaimLimitsasthe
maximumamountofCoveredMedicalFxpensethatmaybeconsideredforreimbursementunderthePlan,andmay
applythisdeterminationinlieuofanyPPOnetworkproviderhospitals'perdiem,DRGratesorPPOdiscountedrates
astheamountconsideredforreimbursementunderthePlan.Additionally,intheeventthatadeterminationofanAllo
wableClaimLimitexceedstheactualchargebilledfortheserviceorsupply,thePlanwillconsiderthelesseroftheactu
albilledchargeortheAllowableClaimLimitdetermination
(i) "ELAPDirectAgreement"shallmeanthecompleteagreementbetweenaDirectlyContractedPr
oviderandELAPonb ehalfofthePlanSponsorwhichcontainsthetermsandconditionsunderwhichthePlanoraPlanp
articipantmayaccessdiscountedfeesand/ornegotiatedorscheduledreimbursementratesasAllowableClaimLimit
sforBenefitClaims.
(j) "DirectlyContractedProvider"shallmeanamedicalproviderwhichhasenteredintoanELAPDir
ectAgreement.ADirectlyContractedProvidermayalsoincludeamedicalproviderwhichhasestablishedaseparatea
ndexclusiveagreementdirectlywiththePlan/EmployerthroughwhichELAPmayperformcertainservices.
2. ResponsibilitiesofELAP.
2.1. SelectionofClaims.BenefitClaimsthataresubmittedtoELAPinaccordancewithsecti
on3.1 ofthisAgreementshallbeevaluatedbyELAP.ELAPshalluseitsbestjudgmentindecidingwhichBenefitClai
msareeligiblecandidatesforaclaimreviewandauditandwillselect,initssolediscretions,eligiblecandidatesfroma
mongtheBenefitClaimssubmittedforconsideration.BenefitClaimsnotselectedforreviewandauditwillbereturne
dtotheClaimsAdministratorforadjudicationwithinfive(5)businessdaysofreceiptbyELAP.
ELAP-AUDITPROGRAMONLY(NON-ERISA)
Page4of9
2.2. MaintenanceofRecords.Recordswhichwillbe maintained byELAPfor
eachBenefit Claimselectedfor auditinaccordancewithSection2. 1 ofthisAgreementmayinclude, butare
notlimitedto,theinvoice sfromtheprovidersofservice(includingdetaileditemizedbills),medicalrecordssuchasph
y sicianandnurse' snote s,medicatio nandsupplyc harge sheets, otherrelatedmedicalrecords,andrecordsofanyverba
lorwrittencommunicationbetweenthePlan,theClaimsAdministrator,theprovidersofservice,theutilizationrevie
wprogramadministratorsandcasemanagers(ifany),andthepatientand/orPlanparticipant.Norecordswillbe
maintainedbyELAPforany
BenefitClaimsubmittedtoitwhichisnotselectedasacandidateforaclaimreviewandaudit.
2.3. LimitationofResponsibility,LiabilityandAuthorityofELAP.Itisunderstoodanda
greedthatELAPshallhavenoresponsibility, liabilityorauthorityunderthePlanotherthan
withrespecttoitsdutiesunderthePlan'sclaimreviewandauditprogramandDisputedAudits.
2.4 DeterminationsofDisputedAudits.ELAPshallhavetheresponsibilityandfulldiscr
etionaryauthoritytoreviewanddecideanyandallDisputedAudits.Indoingso,itmay,initssolediscretion,usetheser
vicesofsuchthird partyconsultantsas it deems necessaryandshallpayany
fee sassociatedtherewith.ELAP shallmake suchdecisions,andprovidenoticethereoftotheparticipants,withintheti
meframessetforthinthePlan. SuchnoticesshallmeettherequirementssetforthinthePlan. Simultaneouslywithprovi
dingnoticetotheparticipant,ELAPshalladvisetheClaimsAdministratorandthePlanAdministratorofitsdeterminat
ionandprovidetoeachofthemacopyofthenotice.
Incarryingoutitsre sponsibilitie sunderthis Section2.4,ELAPshallbeactingasafiduciaryoftheP
lanandshalladheretoapplicablestandardsofconduct.
2.5 SettlementAuthority.ELAPshallhavetheauthority,initssolediscretion,tonegotiate
thesettlementofanyDisputedAudit.Indoingso,itmayusetheservicesofsuchthirdpartyconsultantsasitdeemsnece
ssaryandshallpayanyfee sassociatedtherewith.ELAPshallmakesuchdecisions, andprovidewrittennoticethereoft
othePlanSponsor,PlanAdministratorandClaimsAdministrator.
Inc arryingoutitsre spo nsib ilitie sunderthis Section2.5,ELAPshallbeactingasafiduciaryoftheP
lanandshalladheretoapplicablestandardsofconduct.
2.6 PlanSponsorand/orPlanAdministratorDisagreement.WithrespecttoDetermina
tionsofDisputedAuditsunderSection2.4above,intheeventthePlanAdministratordoesnotagreewithELAP'sdeter
minationregardingaDisputedAuditandelectstooverride suchdetermination,thenallobligationsofELAPunderthi
sAgreementwithrespecttosuchDisputedAuditmayterminate.Morespecifically,ELAPshallhavenoobligationtoi
ndemnifyorholdthePlan,thePlanSponsorand/orthePlanAdministratorharmlesswithrespectto suchDisputedAud
it.
WithrespecttoSettlementAuthorityunderSection2.5above,intheeventthatthePlanSponsoran
d/orthePlanAdministratordonotagreewiththetermsofanysuchsettlementandelectsnottocomply,thenthePlanSpo
nsorshallb eresponsibleforDefenseExpense swithre specttotheDisputedAuditthatareinexcessofthe settlementam
ountpropo sedbyELAP, inc ludingthecostoflitigationandanyj udgment.Further,thePlanSponsorandPlanAdmini
stratorshallbefullyresponsiblewithrespecttotheoutcomeofanylitigationrelatedtothe DisputedAudit.
3. ResponsibilitiesofthePlanSponsor,PlanAdministratorandClaimsAdministrator.TheP
lanSponsorandthePlanAdministratorshallperform,andshallcausethe ClaimsAdministratortoperform,thefollowi
ngduties:
3.1 Submission ofBenefit Claims for Review. Benefit Claimsshall be selected
bythePlan Administrator,initssolediscretion,
aseligiblecandidatesforclaimreviewandaudit. SuchclaimsmustbesubmittedtoELAPpriortopaymentbeingmad
etotheproviderofservice,andwithinthree(3)businessdaysofreceiptofa"cleanclaim".A"cleanclaim"isaclaimforb
enefitsthatcontainsalloftheinformationnecessaryforELAPtofulfillitsreviewandauditobligationsunderthisAgre
ement.The
ELAP-AUDITPROGRAMONLY(NON-ERISA)
Page5of9
ClaimsAdministratorwillprovideELAP,ataminimum,withtheformUB,includingadetaileditemizedstatement,a
nd/orformHCFAforanyclaimreferredforaudit.
3.2. PlanDocumentandSummaryPlanDescription.PriortotheexecutionofthisAgree
ment,thePlanAdministratorshallfurnishtoELAPacopyofthePlanDocumentandSummaryPlanDescription,toget
herwithanyamendmentsthereto.AnyamendmentswhicharethereafteradoptedshallbefurnishedtoELAPnolatert
hantheeffectivedateofsuchamendment.ThePlanSponsoragreesthatitshallensurethatthePlanDocument,Summa
ryPlanDescriptionandallamendmentsthereto(a)areadoptedinaccordancewithanyapplicablelawsandcomplywit
htherequirementsofanyregulationsadoptedthereunder;and(b)theaforementioneddocumentsmustnameELAPas
adesignatedde cisionmake rwithmaximumdiscretionaryautho ritywithre specttoDisputedAudits. The amendment
settingforththeprovisionsof(b) shallbeinaformacceptab letoELAP.
ThePlan Administrator and/or theClaimsAdministrator shall havefull
re sponsib ilityforensuringthatallPlanDocumentsandamendmentstheretoarefurnishedtoparticipantsinsuchaway
andwithinsuchatimeframesoastomakethetermsofthePlanenforceable.If,intheopinionofELAP,thetermsofthePl
anarefoundtobelegallydeficientand/orunenforceabledue
tofailureofthePlanAdministrato rand/o rtheClaimsAdministrato rtofurnishsuc hdo cuments,thenEL AP shallhavet
heautho rityto dire ctthepaymentofany relatedB enefitClaim,andEL AP shallhavenofurtherliabilityinconnectionth
erewith,includingtheliability setfo rthinS e ctio n5 oftheAgre ement.
3.3. ComplianceandTimeLimits.ThePlanAdministratorand/orClaimsAdministrators
hallprovidesuchnoticestoPlanparticipantsasmaybe requiredforcomplianceduringthecourseoftheclaim
reviewandaudit,andwill atalltimes remainfully responsibleforcompliancewiththetermsofthePlan.
3.4. AdjudicationandPaymentofBenefitClaims.ThePlanAdministratorandtheClaim
sAdministratorshallco mplywithallrequirementsofthePlanintheproce ssingofB enefitClaims, including,butnotli
mitedto,thedeterminationofanynon-coveredexpenses,applicationofanydeductibleorothercost-
sharingfeaturesofthePlan.Further,thePlanAdministratorandtheClaimsAdministratorshalladjudicate Benefit
Claimsandappealsofdeniedclaimsinaccordance withthetermsofthePlanDocumentsandapplicablelaw.
ThePlanSponsoragreestoprovideadequatefundingforpaymentofaBenefitClaimdeterminatio
nunderthePlan' s claimreviewandaudit programnot laterthan
thirty (3 0)day sfromthe dateofnotic eofsuc hdete rmination IntheeventofabreachofthisprovisionbythePlanSpons
o r,theP lanAdministrato rand/o rtheClaimsAdministrator,thenEL AP shallhavetheright, inits sole disc retion,to dire
ctthepaymentofanyrelatedBenefitClaim,toterminateitsobligationshereunderwithrespecttoaDisputedAuditor
the Plan' sclaimreviewand auditprogram, ortoterminate this
Agreementinitsentirety. Thepartie sexpres slyagreethatELAPisnotresponsibleforprovidinganyfundsfmpayment
ofanyBenefitClaims(unlessELAPelectstopayaBenefitClaimaspartofasettlementinaccordancewithSection2.5o
fthisAgreement).ThePlanSponsoragreestoprovideadequatefundingforpaymentofaBenefitClaimunderanELA
PDirectAgreementaccordingtothetermsandtimelimitsspecifiedinsuchagreement;
3.5. SubmissionofDisputedAudits.ThePlanand/orClaimsAdministratorshallproviden
oticeofanyDisputedAuditwithinthree(3)businessdaysofreceiptofsuchnotices. Suchnotic e sinc lude (i)anappe alb
ythePlanparticipant;(ii)anappealbytheproviderofservice; (iii)formalcollectioneffortsbytheproviderofserviceor
itsdesignatedagentand(iv)legalactionforpaymentofdeniedchargeswhichwerefoundtobeinexcessofAllowable
ClaimLimits Suchnoticesmustbedate-
stampedtoevidencethedatereceivedbythePlanand/ortheClaimsAdministrator.TheClaimsAdministratorandthe
PlanAdministrato rshallco mplywiththe require me ntsofthi s Section3.5, eveniftheparticipantorproviderofservice
hasforwardedacopyof theappeal toELAP.Failuretonotify
ELAPofsuchappealsornoticeswithinthree(3)businessdaymaycauseallobligationsofELAPunderthisAgreement
withre spectto suchDisputedAudittoterminate.More spec ifically ,ELAPwillhaveno obligationto indemnifyo rhol
dthePlan,thePlanSponsorand/orthePlanAdministratorharmle sswithrespectto suchDisputedAudit.
ELAP-AUDITPROGRAMONLY(NON-ERISA)
Page6of9
3.6 AdministrativeSafeguards.ThePlanAdministratorandtheClaimsAdministratorsh
allprovide ELAP, onitsrequest,withadescriptionoftheadministrative safeguards
whichareinplacetoensureconsistentapplicationofPlanprovisionsinaccordancewiththerequirementsoftheterms
ofthePlanDocuments.
3.7 ProvisionsApplicabletoELAPDirectAgreements.ForBenefitClaimsunderanEL
APDirectAgreement,thePlanSponsorandPlanAdministratoragree,andshallcausetheClaimsAdministratortoagr
ee,tofullyco mplywiththetermsandconditionsoftheELAPDirectAgreements. ELAPshallprovideacompletecopy
ofELAPDirectAgreementscontainingthetermsandconditionsofsuchagreementsthatareavailabletothePlantothe
ClaimsAdministrator.ThePlanAdministratoragreesthattheClaimsAdministratorshallberesponsibleforprovidin
gcopiesofsuchagreementsto thePlanAdministratorand/or PlanSponsor,asappropriate. ELAPsha11 providea
completelistofsuchELAPDirectAgreementmedicalproviders,updatedforadditionsandterminations,periodicall
yand onrequestfromthe PlanAdministrator
and/orClaimsAdministrator.ELAPshalldetermineAllowableClaimLimitsforeligibleBenefitClaimsfromdirectl
ycontractedprovidersinaccordancewiththetermsandconditionssetforthintheELAPDirectAgreementassoona.sre
asonab lypo ssib lefollowingreceipt, andshallpromptlyreportitsdeterminationinthefo rmandmannerasagreedbet
weenthePlanAdministrator,theClaimsAdministratorandELAP.
4. CompensationofELAP.ELAPshallreceive,ascompensationforservicesprovidedunderthis
Agreement:
4.1 ForBenefitClaimsundertheClaimReviewandAuditProgramwhicharenotforDirect
lyContractedProviders,anamount
equalto 12%ofthe"payablecharges"subj ectedtotheaudit."Payablecharges"arethetotalbilledchargesminusany
PPOorothermanaged-carediscount(s)thatarecontractuallyavailabletothePlan.
4.2 PlanSponsoracknowledgesthatELAPmayhireathirdpartyexpertonbehalfofthePlant
oauditBenefitClaiminvoicestoidentifyexpensesthatarenotwithin
Allowable ClaimLimits.ELAPagreestopayforfee sandco stsforservice srenderedbysuchexperts.PlanSponsoragr
eestopayELAPforitsfeesunderthisSection4atthesametimethatitmakespaymentfortheclaim,or,ifnobenefitsaref
oundtobepayablefortheclaima.ccordingtothetermsofthePlan,atthetimeoffinaladjudicationoftheclaim,forwhich
ELAPhasperformeditsservice sunderAgreement. PlanSponsorfurtheracknowledge sthattheThirdPartyAdminist
ratormayshare(earn)aportionofELAP'scompensationtooffsetclaim-handling,legalcompliance,andtime-
sensitiveexpenses. P1anSponsoracknowledge sthatitretainssolere sponsibilityfordeterminingthereasonablene ss
ofthecompensationtoELAP.Totheextentnecessary,PlansponsoracknowledgesthatELAP'stotalcompensationsa
tisfiesrequirementsofapplicablelawregardingserviceproviders,andhasdeterminedthatthe servicesprovidedareh
elpfulandappropriatetothePlan.
4.3 CompensationofELAPforServicesunderanELAPDirectAgreement.ForBenefit
ClaimswhichareforDirectlyContractedProvidersunderanELAPDirectAgreement,anamountequalto6%ofthe
fullbilledchargesforaBenefitClaimsubjectedtothecontractedrate.
IfthecombinedamountofthecontractedrateandthecompensationduetotheELAPisgreaterthantheorigin
albilledcharges,thecompensationforELAPwilldefaultto(15%)ofSavingstothePlan.Forpurpose sof
thisSection4 .3, " Savings" shallmeantheamountofbilledcharge swhicharein excess
oftheDirectlyContractedProviderreimbursementratesundertheELAPDirectAgreement.PlanSponsoragreestop
ayELAPforitsfeesunderthisSection4.3atthesametimethatitmakespaymentfortheBenefitClaim,or,ifnobenefitsa
refoundtob epayableforsuchclaim,atthetimeoffinaladj udicationofsuchclaim,forwhichELAPhasperformedits se
rvicesunder thisAgreement.
ELAP-AUDITPROGRAMONLY(NON-ERISA)
Page7of9
5. LiabilityoftheParties.
5.1. Amountottiability.ELAPshallberesponsibleforallDefenseExpensesrelatedtoaDi
sputed Audit;provided,however, thatELAP's totalliabilityunder
thisprovisionislimitedtotheLimitofLiability.Thepartiesagreethatresponsibilityforanyclaims, demands,
awards, judgments, actions, proceedingsandDefenseExpensesinexcessofthe
LimitofLiability shallbethatofthePlanSponsor,thePlanAdministratorand/orthePlan.
5.2 Insurance.
ELAPhaspurchasedinsurancetocoverliabilitythatarisesunderthisAgreement.Alayer oftheinsuranceis
providedunderan insurancepolicyissued
byELAPlnsuranceCompany,LLC, anaffiliateoftheELAP. ELAPisthefirstnamedinsuredunderthepolicy, andthe
Employeriscoveredasanamedinsuredclient.Employeracknowledgesandspecificallyelectsthatapercentageofthe
fee sthatEmployerremitsasCompensationofEL AP (see Section4)willbepaidaspremiumtoELAPInsurance Comp
any,LLC.Assuch,acopyofthepolicyand/oracertificateofinsuranceareavailableuponwrittenrequesttoELAP.
At all times during performance of the Services, ELAP shall secure and maintain in effect
insurance to protect the Employer and ELAP from and against all covered events, as described in the
insurance policies described below, resulting from the performance of this Agreement. ELAP shall provide
and maintain in force insurance in limits no less than that stated below, as applicable. The City reserves the
right to require higher limits should it deem it necessary in the best interest of the publicand in connection
with the annual renewal.
Cyber Liability Insurance.Before this Agreement is fully executed by the parties, ELAP
shall provide the City with a certificate of insurance as evidence of Cyber Liability Insurance with coverage
of at least Two Million Dollars ($2,000,000.00) per occurrence and an annual aggregate limit of at least
Two Million Dollars ($2,000,000.00). The certificate shall clearly state who the provider is, the amount of
coverage, the policy number, and when the policy and provisions provided are in effect. The insurance
shall be with an insurance company rated A -VII or higher in Best's Guide. If the policy is on a claims
made basis, the retroactive date of the insurance policy shall be on or before the inception date of the
Agreement, or shall provide full prior acts. The insurance coverage shall remain in effect during the term
of this Agreement and for a minimum of three (3) years following the termination of this Agreement.
Professional Liability Insurance. Before this Agreement is fully executed by the parties,
ELAP shall provide the City with a certificate of insurance as evidence of Professional Errors and
Omissions Liability Insurance with coverage of at least Five Million Dollars ($5,000,000.00) per
occurrence and an annual aggregate limit of at least Five Million Dollars ($5,000,000.00). The certificate
shall clearly state who the provider is, the amount of coverage, the policy number, and when the policy and
provisions provided are in effect. The insurance shall be with an insurance company rated A -VII or higher
in Best's Guide. If the policy is on a claims made basis, the retroactive date of the insurance policy shall be
on or before the inception date of the Agreement, or shall provide full prior acts. The insurance coverage
shall remain in effect during the term of this Agreement and for a minimum of three (3) years following the
termination of this Agreement.
ELAPInsuranceCompany,LLCisincorporatedintheStateofDelaware,andisregulatedbytheD
elawarelnsuranceDepartment. ThefactthatEL AP haspurc hase dthisinsurancedoesnotinanywayrelieveELAPofit
sresponsibilityforDefenseExpense sasspecifiedinthisAgreement.ELAP shallalsomaintain, atalltimesduringthep
eriodofthisAgreementandatitsownexpense,professional liabilityinsurance coverageto
coverDefenseExpense sine xces softhelimitsunderthe
policyissuedbyELAPlnsuranceCompany,LL C,uptotheLimitofLiabilityasdefinedinthisAgreement.
5.3 Exclusions.ELAPshallnotbeliableforanyDefenseExpensesincurredbythePlan
Sponsor,PlanAdministratorand/ortheClaimsAdministratorin connectionwith
anyDisputedAudit,ifandtotheextentthatsuchDefenseExpensesare(a)the resultofnegligenceor
willfulmisconductbythePlanSponsor,thePlanAdministratorortheClaimsAdministratorinperformingitsdutie su
nderthisAgreement(b) the resultoflanguage inthePlanDocumentand/or
SummaryPlanDescriptionwhichisnotincompliancewithapplicablelaworwhichotherwiseisunenforccable;or(c)
theresultofthePlanSponsor'sfailuretoprovidetimelyfundingnecessarytopayaclaimforbenefits.
ELAP-AUDITPROGRAMONLY(NON-ERISA)
Page8of9
5.4 Notification.ThePlanSponsor,PlanAdministratorand/ortheClaimsAdministrators
hallnotifyELAP, inwriting,ofthecommencementofanylitigationrelatingtoaDisputedAudit,ortheoccurrenceofan
yeventwhichmightgiverisetoliabilityunderthissection,withinthree(3)businessdaysfollowingsuchcommenceme
ntoroccurrence.IntheeventthePlanSponsor,PlanAdministratorand/ortheClaims
Administratorfailstoprovidesuchwrittennoticewithinthree(3)businessdaysfollowingsuchcommencementoroccu
rrence,thenELAPshallhavenoresponsibilityinconnectionwithsuchlitigationorevent. Anoccurrence, asusedinthis
section, shallrefertoaserviceofcomplaint,writofsummo ns,orletterofrepresentationfro manattorneyforaPlanpartic
ipantormedicalprovider.
6. Confidentiality.Allinformation,whetherwrittenororal,furnishedbythePlanSponsor,PlanAd
ministratorand/ortheClaimsAdministrator,oritsagentsoremployees,toELAPshallbeheldinconfidencebyELAP,
unlessit isrequired todisclosesuch informationbystatute, regulationor
courtorder.ELAP shall, atalltime s,complywithregulationsundertheHealthInsurancePortabilityandAccountabili
tyActof1996,asamended("HIPAA").ThePlanSponsorandthePlanAdministratorexpresslyagreethatthetermsoft
heELAPDirectAgreements,including,butnotlimitedto,thereimbursementratesandmethodology,repre sentconfi
dentialandproprietaryinformationwhichmaynotbedisclosedexceptasrequiredforplanmanagementandadminist
ration, or unless disclosure is requiredbystatute, regulationor
courtorder.Whendisclosureisrequiredforplanmanagementandadministration,o r unlessit isrequired bystatute,
regulationor
courtorder,thePlanSponsorandPlanAdministratorshallcausetherecipients,includingbutnotlimitedto, agents,
consultantsand vendors, to keep thetermsofthis agreement in strictest
confidence.ThePlanSponsorandthePlanAdministratorfurtheragreethatthetermsoftheELAPDirectAgreements
hallnototherwisebedisclo sedwithouttheexpresswrittenconsentofELAP Services,LLCunle ssrequiredby statute, r
egulationorcourtorder.
7. Exclusivity.TherightsgrantedtotheEmployerpursuanttothisAgreementshallbedeemedtobeit
sexclusiverightswithrespecttothe subjectmatterofthisAgreement.
8. TermandTermination.TheinitialtermofthisAgreementshallbeone(1)year,beginningon
January 1, 2015 , through January 1, 2016 . Thisagreementshallrenewitselfautomaticallyforadditionalone-
yearperiodsoftime
untilterminatedbyeitherpartyinaccordancewiththeprovisionsofthisSection8.ThisAgreementshallterminateasf
ollows:
8.1. ByEitherPartywithNotice.EitherpartytothisAgreementmayterminateitbygivings
ixty(60)dayspriorwrittennoticethereoftotheotherparty.
8.2. By ELAP UponFailuretoPay Fees.ELAPmayresign,by written statement of
such resignation, without any other prior notice
atanytime,andthisAgreementshallimmediatelyterminate,iftheEmployerdoesnotpaythefeessetforthinSection4
withinten(10)daysoftheduedate.
8.3. RightsandDutiesUponTermination.AsofthedateofterminationofthisAgreement,
allrightsandobligationsofthepartiesshallterminate,exceptthat(a)ELAPshallcontinuetoperformitsobligationsun
derthisAgreementwithrespecttoanyDisputedAuditofaBenefitClaimprovidedthatthePlanDocumentscontinuet
onameELAPasade signateddecisionmakerwithmaximumdiscretionaryauthoritywithre spectto suchDisputedAu
dits;and(b)thePlanSponsorshallpayallfee swhicharedueandowingunderthisAgreementasofthedateofterminatio
n.
9. BindingEffect;Assignment.ThisAgreementshallbebindinguponthepartiesheretoandtheirsu
cce ssorsandassigns;provided,however,thatneitherpartymayas signitsrightsorobligationshereunderwithoutthep
riorwrittenconsentoftheother.
10. Severability.AnyprovisionofthisAgreementwhichisadjudicatedtobeinvalidorunenforceabl
e shallbeineffectivetotheextentofsuchinvalidityorunenforceabilityonly, andshallbedeemedreformedsoastocont
inuetoapplytothemaximumextent.Anysuchadjudicationshallnotinvalidateorrenderunenforceableanyoftherem
ainingprovisionsherein.
11. Notices.Allnoticeshereundershallbeinwritinganddeliveredby handothy
overnightdelivery.Noticeshallbedeemedtobegivenuponreceipt.Noticesshallbedirectedtothepartie sattheirre spe
ctiveaddressessetforthabove,oratsuchotheraddressesasthepartiesmayfromtimetotimedesignateinwriting.
ELAP-AUDITPROGRAMONLY(NON-ERISA)
Page9of9
12. EntireAgreement;Modification.ThisAgreementrepresentstheentireagreementbetweenthe
partiesrelatingto the subject matter hereof.No provisionofthis Agreement
maybemodified, exceptinwriting, signedbytheparties.
13. Controlling Law and Venue. ThisAgreement shallbe governedbythelaws ofthe state of
Washington,withoutregardtoitsconflictsoflawsprovisions. The venue for any action necessary to enforce or
otherwise adjudicate this Agreement shall lie in a court of competent jurisdiction in Yakima County,
Washington, specifically for claims with an amount in controversy of $74,999.99or less in the state court and
$75,000.00 or greater in the federal court.
Inwitnesswhereof, the partieshereto have causedthis Agreementtobeexecutedasofthedate firstabovewritten.
ATTEST:
ATTEST:
THEEMPLOYER
By:
ItsDulyAuthorized
ELAPServices,LLC
By:
ItsDulyAuthorized
HIPAA BUSINESS ASSOCIATE AGREEMENT
This HIPAA Business Associate Agreement (this "Agreement") dated December 5, 2014
is by and between City of Yakima having its principal office located at 129 N. Second Street,
Yakima, WA 98901 ("Covered Entity") and ELAP Services, LLC, located at 961 Pottstown
Pike, Chester Springs, Pennsylvania 19425 ("Business Associate") related to the work to be
performed as described below (Covered Entity and Business Associate, each a "Party" and
collectively, the "Parties").
BACKGROUND
Covered Entity has engaged Business Associate for the purpose of assisting Covered
Entity, pursuant to the contract between the Parties made as of December 5, 2014 entitled
["Claim Review And Audit Service Agreement"] (hereinafter, the "BA Services
Contract"), in providing certain functions and activities for and on behalf of Covered
Entity (the "BA Services").
II. Covered Entity wishes to disclose information to Business Associate pursuant to the
terms of this Agreement, some of which may constitute Protected Health Information
("PHI"), including electronic protected health information ("e -PHI") (PHI and e -PHI are,
collectively, referred to hereinafter as "Covered Entity's PHI") in order for Business
Associate to perform the BA Services.
III. Covered Entity and Business Associate intend to protect the privacy and provide for the
security of PHI disclosed to Business Associate in connection with the BA Services
Contract and pursuant to this Agreement in compliance with the Health Insurance
Portability and Accountability Act of 1996, Public Law 104-191, as amended (the
"HIPAA Statute"), and its related "Privacy Rule" (45 CFR Parts 160 and 164, Subpart E)
and "Security Rule" (45 CFR Part 160 and 164, Subpart C) promulgated by the Secretary
of Health and Human Services ("HHS") (collectively, the HIPAA Statute, the Privacy
Rule and the Security Rule and are referred to, hereinafter, as "HIPAA"), all as amended
by the Health Information Technology for Economic and Clinical Health Act enacted on
February 17, 2009 (the "HITECH Statute"), and any regulations promulgated thereunder
(collectively, the "HITECH Rules," and together with the HITECH Statute, referred to
hereinafter as "HITECH"), the Genetic Information Nondiscrimination Act of 2008, as
may be amended (hereinafter, "GINA"), as well as any other applicable laws concerning
the privacy and security of health information. Together, HIPAA and HITECH are at
times referred to hereinafter as "HIPAA and HITECH."
IV. Under HIPAA, Covered Entity must document the required satisfactory assurances
through a written agreement with Business Associate that meets the applicable
requirements of HIPAA, as well as incorporate into such agreement those requirements
under HITECH that relate to privacy or security and are applicable to Business Associate,
and the Parties now wish to enter into the Agreement in order to comply with such
LV1 1182409v2 07/01/10
LV1 1468200v1 09/16/11
Update for Final Rule 2013
HIPAA Business Associate Agreement
Page 2 of 14
requirements and to set forth more specifically each Party's respective obligations in
connection therewith.
In consideration of the mutual promises below and the exchange of information provided for
herein, the Parties agree as follows:
TERMS
A. Incorporation of Background. The "Background" paragraphs set forth above are
incorporated herein and made a part of the terms of this Agreement as if set forth herein
in full.
B. Effective Date. Except as specifically stated otherwise in this Agreement, the Effective
Date shall be the date that first appears above in the introductory paragraph to this
Agreement.
C. Definitions. Any capitalized terms not otherwise specifically defined in this Agreement
shall have the meanings ascribed to them in HIPAA and HITECH.
D. Obligations of Covered Entity. Covered Entity shall be responsible for using appropriate
safeguards to maintain and ensure the confidentiality, privacy and security of Covered
Entity's PHI transmitted to Business Associate pursuant to this Agreement, in accordance
with the standards and requirements of HIPAA and HITECH, until such PHI is received
by Business Associate.
E. Obligations of Business Associate.
1) Permitted Uses and Disclosures. Business Associate may use and/or disclose any
and all of Covered Entity's PHI received by Business Associate from Covered
Entity, or created or obtained by Business Associate on behalf of Covered Entity
as follows:
a) Purpose: Business Associate may use Covered Entity's PHI to provide or
perform the BA Services, as set forth in the BA Services Contract.
b) Type of Information: Business Associate may use any and all information
made available by Covered Entity and necessary for Business Associate to
provide the BA Services to Covered Entity.
c) Scope of Use: Business Associate may use and further disclose Covered
Entity's PHI to the extent permitted by and in accordance with this
Agreement, HIPAA and HITECH, or as otherwise required by law.
d) Minimum Necessary. After the effective date of the HHS guidance
document on what constitutes "minimum necessary" (the "Minimum
Necessary Guidance"), Business Associate shall use/disclosure/request
LV1 1468200v1 09/16/11
Update for Final Rule 2013
HIPAA Business Associate Agreement
Page 3 of 14
only the minimum necessary amount of Covered Entity's PHI as set forth
in such Minimum Necessary Guidance. Until such effective date of the
Minimum Necessary Guidance, Business Associate shall comply with
Covered Entity's policy regarding what constitutes the "minimum
necessary" to accomplish the intended purpose of Business Associate's
use or disclosure of Covered Entity's PHI.
e) Use for Management and Administration: Business Associate may use
Covered Entity's PHI for the proper management and administration of
Business Associate, if such disclosure is necessary (1) for the proper
management and administration of Business Associate or (2) to carry out
the legal responsibilities of Business Associate.
f) Disclosure for Management and Administration: Business Associate may
disclose Covered Entity' s PHI for the proper management and
administration of Business Associate if:
g)
(1) the disclosure is required by law, or
(2) Business Associate discloses Covered Entity's PHI to a third party as
permitted under the BA Services Agreement, and Business Associate
obtains from the third party a written agreement with Business Associate
that meets the applicable requirements of HIPAA, as well as incorporate
into such agreement those requirements under HITECH that relate to
privacy or security and are applicable to Business Associate.
In no event, however, shall Business Associate disclose Covered Entity's
PHI for the foregoing purposes to any such third party not within the
borders and jurisdiction of the United States of America without the prior
written consent of Covered Entity, which may be withheld in Covered
Entity's sole and unfettered discretion.
Uses or Disclosures Requiring Prior Authorization: Business Associate
agrees and understands that, except as expressly provided in this
Agreement, or permitted under HIPAA, HITECH, and state law, it shall
not use or disclose Covered Entity's PHI to any other person or entity
without first having received a HIPAA-compliant authorization. Business
Associate shall retain a copy of each authorization obtained, and the
information provided in response to the authorization, for six (6) years.
h) Nondisclosure: Business Associate shall not use or further disclose
Covered Entity's PHI other than as permitted or required by this
Agreement, or as otherwise required or permitted by law.
LV1 1468200v1 09/16/11
Update for Final Rule 2013
HIPAA Business Associate Agreement
Page 4 of 14
2) Security Safeguards
a) General. Business Associate shall, as of the Effective Date of this
Agreement, implement and use appropriate administrative, physical and
technical safeguards to provide for the security of Covered Entity's PHI,
including:
• Implementing policies and procedures to prevent, detect and contain,
and correct security violations;
• Limiting physical access to electronic information systems that
maintain PHI and the facility or facilities in which they are housed,
while ensuring that properly authorized access is allowed; and
• Implementing technical policies and procedures for electronic
information systems that maintain PHI to allow access only to those
persons or software programs that have been granted access rights as
specified in 45 CFR 164.308(a)(4).
b) Compliance Deadline for HITECH. In addition to the foregoing, Business
Associate shall meet all of the administrative, technical and physical
safeguard Standards as set forth in § 164.308, § 164.310, § 164.312 of the
Security Rule and as follows:
(i) Administrative Safeguards. Business Associate shall implement
and maintain a written security program that includes
administrative, technical and physical safeguards appropriate to the
size and complexity of Business Associate's operations and the
nature and scope of its activities.
(ii) Implementation Specifications. Business Associate shall
implement all of the "Required' and "Addressable" (as such terms
are defined in the Security Rule) Implementation Specifications in
the Security Rule, unless Business Associate and Covered Entity
agree otherwise, and Business Associate documents: (i) the
rationale why a particular Addressable Implementation
Specification is not "reasonable and appropriate," and (ii) Business
Associate implements an alternative measure agreed to in writing
by Covered Entity.
(iii) Documentation. Business Associate shall maintain the policies
and procedures implemented to comply with the Security Rule in
written (which may be electronic) form; and to the extent that an
action, activity or assessment that relates to this Agreement is
required under the Security Rule to be documented, Business
LV1 1468200v1 09/16/11
Update for Final Rule 2013
HIPAA Business Associate Agreement
Page 5 of 14
Associate shall maintain a written (which may be electronic)
record of the action, activity or assessment. Any such
documentation created shall be retained by Business Associate and
made available to Covered Entity upon request for a period of six
(6) years from the date of its creation, or the date when it last was
in effect, whichever is later.
(iv) Annual HHS Guidance. Business Associate shall, by no later than
any applicable deadlines, implement and comply with any
requirements set forth in the annual guidance issued by HHS
pursuant to § 13401(c) of HITECH concerning the most effective
Technical Safeguards for use in carrying out compliance with the
Security Rule.
3) Accounting of Disclosures through an EHR.
a) Accounting by Business Associate. If Covered Entity receives a request
from an individual for an Accounting of disclosures made through an
EHR, Covered Entity may furnish Business Associate's contact
information (e.g., mailing address, telephone number, and e-mail address)
to such individual in order for such individual to obtain an Accounting of
Business Associate's disclosures directly from Business Associate.
Business Associate shall provide an Accounting directly to the individual
in accordance with HIPAA and §13405(c) of HITECH (including an
Accounting for treatment disclosures for the prior 3 years) upon such
individual's making the Accounting request directly to Business Associate
4) Access Rights to PHI Maintained in an EHR.
a) Electronic Copies. If Covered Entity's PHI is maintained in or used in
connection with an EHR, Business Associate shall also make available
copies of such information in an electronic format upon an individual's
request for access to the same under HIPAA, and, if the individual
requests, to transmit such electronic copy of the individual's PHI directly
to an entity or person designated by the individual, provided that any such
request by the individual is clear, conspicuous and specific.
b) Copy Fees. Business Associate's compliance with such "access rights"
requirements under HITECH shall be at Business Associate's cost.
Notwithstanding the immediately preceding sentence, Business Associate
may, with Covered Entity's written consent, which shall not be
unreasonably withheld, charge a "copy/labor fee" to the individual as
otherwise permitted under HIPAA and HITECH and State law.
LV1 1468200v1 09/16/11
Update for Final Rule 2013
HIPAA Business Associate Agreement
Page 6 of 14
5) Requested Restrictions. Business Associate acknowledges that Covered Entity is
required under § 13405(a) of HITECH to comply with an individual's requested
restriction regarding his or her PHI (unless the disclosure is otherwise required by
law) if:
a) The disclosure is to a health plan for purposes of carrying out payment or
health care operations (but not treatment), and
b) Covered Entity's PHI pertains solely to a health care item or service for
which the health care provider has been paid out-of-pocket in full by the
individual.
Business Associate shall comply with any such requested restriction that applies
to Business Associate's further use or disclosure of Covered Entity's PHI and of
which Business Associate is made aware in writing by Covered Entity.
6) Availability of Information to Covered Entity. Business Associate shall make
available to Covered Entity such information as Covered Entity may require to
fulfill Covered Entity's obligations to provide access to, provide a copy of, and
account for disclosures with respect to Covered Entity's PHI pursuant to HIPAA
and HITECH, including, but not limited to, 45 CFR § 164.524 and § 164.528.
Nothing in this provision shall be construed to preclude or limit Business
Associate's obligations under the law, specifically with respect to the provision of
access to individuals of their PHI and the provision of an accounting of
disclosures to individuals of their PHI.
7) Amendment of PHI. Business Associate shall make Covered Entity's PHI
available to Covered Entity as Covered Entity may require to fulfill Covered
Entity's obligations to amend Covered Entity's PHI pursuant to HIPAA and
HITECH, including, but not limited to, 45 CFR § 164.526, and Business Associate
shall, as directed by Covered Entity, incorporate any amendments to Covered
Entity's PHI into copies of such PHI maintained by Business Associate. Nothing
in this provision shall be construed to preclude or limit Business Associate's
obligations under the law, specifically with respect to the amendment of Covered
Entity's PHI by Business Associate.
8) Business Associate's Agents. Business Associate shall ensure that any agents,
including subcontractors, to whom it provides Covered Entity's PHI, agree in
writing to the same restrictions and conditions that apply to Business Associate
with respect to Covered Entity's PHI. Business Associate shall not disclose any
of Covered Entity's PHI to any agent or subcontractor that is not within the
borders and jurisdiction of the United States of America without the prior written
consent of Covered Entity, which may be withheld in Covered Entity's sole and
unfettered discretion.
LV1 1468200v1 09/16/11
Update for Final Rule 2013
HIPAA Business Associate Agreement
Page 7 of 14
9) Internal Practices. Business Associate shall make its internal practices, books and
records relating to the use and disclosure of Covered Entity's PHI available to the
HHS for purposes of determining Covered Entity's compliance with HIPAA and
HITECH.
10) Security Breach Notification.
a) Compliance. Business Associate shall comply with the standards and
requirements that relate to notifications required in the event of a breach of
information in accordance with the Breach Notification Laws (as defined
hereinbelow). For purposes of this Agreement, the term "Breach
Notification Laws" shall include, collectively, those provisions concerning
breach notification obligations set forth in HITECH and its related
regulations, including the Final Rule for Breach Notification for
Unsecured Protected Health Information (45 CFR Parts 160 and 164).
b) Securing PHI. Business Associate shall secure any and all of Covered
Entity's PHI that it accesses, maintains, retains, modifies, records, stores,
destroys, or otherwise holds, uses, or discloses for or on behalf of Covered
Entity by implementing such technologies and methodologies (e.g.,
encryption) that are specifically set forth in the Breach Notification Laws
and recognized by the Secretary of HHS in its guidance document on such
topic released annually pursuant to HITECH, and which render Covered
Entity's PHI unusable, unreadable and indecipherable. If Business
Associate and Covered Entity otherwise agree that it is not reasonable or
possible for Business Associate to implement such technologies and
methodologies to secure certain of Covered Entity's PHI, then Business
Associate shall implement reasonable alternative methods, as agreed to in
writing by Covered Entity in its sole and unfettered discretion, to
safeguard the information, and in such instance shall comply in full with
the Breach Notification Laws in the event of a Breach (as such term is
defined under the Breach Notification Laws) of any unsecured PHI.
c) Business Associate 's Obligations In The Event of a Breach.
(i)
LV1 1468200v1 09/16/11
Update for Final Rule 2013
Duty to Discover and Report Breaches to Covered Entity.
Business Associate shall promptly notify Covered Entity of any
Breach of Covered Entity's PHI, irrespective of the medium in
which the Breach occurred (e.g., electronic, paper or oral), that
Business Associate discovers, or should reasonably have
discovered, including through any employee, agent or contractor of
Business Associate. Business Associate shall take all reasonable
steps (e.g., audits; anonymous internal reporting, etc.) to allow it to
discover Breaches involving Covered Entity's PHI.
HIPAA Business Associate Agreement
Page 8 of 14
(ii) Reporting Contact. Business Associate shall notify Covered
Entity's Privacy Officer and/or Security Officer, or their designee,
either in person or by telephone at a number to be provided by
Covered Entity of any discovered Breach.
(iii) Information To Be Provided. Business Associate shall provide
Covered Entity with the following information in connection with
the Breach:
• a brief description of what happened;
• the date of the Breach and the date of discovery of the
Breach, if known;
• what type of unsecured PHI was involved in the Breach
(e.g., name; SSN, etc.);
• identification of each individual whose unsecured PHI has
been, or reasonably believed by Business Associate to have
been, breached;
• what Business Associate is doing to investigate, mitigate
and protect against further Breaches of a similar or
dissimilar nature;
• contact information at Business Associate (specific for the
Breach), including toll-free number, e-mail address, Web
site, or postal address where individuals may contact
Business Associate directly for further information about
the Breach; and
• any additional information that Covered Entity may require
for purposes of furnishing required notices under the
Breach Notification Laws.
In the event that some or all of the foregoing information is not
readily available when the Breach is discovered, Business
Associate shall still promptly notify Covered Entity of the Breach
and may provide the additional information required under this
paragraph (iii) as soon as possible thereafter, but without
unreasonable delay and in no case longer than thirty (30) days after
the Breach is discovered.
d) Agreement to Cooperate and Assist. Business Associate shall cooperate
with Covered Entity and provide such assistance as Covered Entity may
need in order to comply with the Breach Notification Laws. With respect
to any Breach of Covered Entity's PHI that results from an act or omission
of Business Associate, including any of Business Associate's employees,
owners, directors, agents, independent contractors or affiliates, Business
Associate shall provide administrative support and other resources as may
be requested by Covered Entity in order to furnish written notices to
LV1 1468200v1 09/16/11
Update for Final Rule 2013
HIPAA Business Associate Agreement
Page 9 of 14
individuals affected by the Breach and otherwise comply with the Breach
Notification Laws. Covered Entity agrees to consult with Business
Associate in the preparation of the written notices to individuals affected
by the Breach. In the event that Business Associate does not provide such
requested assistance and resources in a timely manner, as determined by
Covered Entity in its sole and unfettered discretion, then Business
Associate shall reimburse Covered Entity for all costs and expenses (e.g.,
postage, supplies, administrative staff time, etc.) incurred by Covered
Entity in its efforts to comply with the notification requirements under the
Breach Notification Laws.
11) Prohibition on "Sale" of PHI.
a) Effective Date of Compliance. Business Associate shall comply with
§ 13405(d) of HITECH, this subparagraph 11) (a), and the additional
restrictions HHS promulgates by regulation concerning prohibitions under
HIPAA and HITECH on "sale" of PHI.
b) General Prohibition. Business Associate shall not directly or indirectly
receive remuneration in exchange for any of Covered Entity's PHI unless
Business Associate obtained from the individual a valid authorization that
includes, in accordance with HITECH, a specification that Covered
Entity's PHI can be further exchanged for remuneration by Business
Associate, except that Business Associate may accept such remuneration
in exchange for Covered Entity's PHI for the following limited purposes:
(i) Public Health Activities;
(ii) Research, but only if the price charged reflects the costs of
preparation and transmittal of the data for such purpose;
(iii) Treatment (subject to future HHS regulation restricting
inappropriate exchanges under this exception);
(iv) Health Care Operations related to the sale, transfer, merger or
consolidation of all or part of Business Associate with another
Business Associate, but only with the prior written consent of
Covered Entity, which shall not be unreasonably withheld;
(v) Performance of services or functions by Business Associate for or
on behalf of Covered Entity (e.g., pursuant to the BA Services
Agreement);
(vi) Providing an individual with Access to a copy of his or her PHI; or
(vii) As may be determined by HHS in future regulations to be similarly
necessary and appropriate.
12) Health Care Operations That Are Not "Marketing". Business Associate may use
or disclose Covered Entity's PHI to make a communication about a product or
service and that encourages recipients of the communication to purchase or use
LV1 1468200v1 09/16/11
Update for Final Rule 2013
HIPAA Business Associate Agreement
Page 10 of 14
the product or service only if the communication is made by Business Associate
on behalf of Covered Entity and is consistent with the terms of the BA Services
Agreement and is otherwise pursuant to and in accordance with this Agreement,
HIPAA and HITECH.
F) State Law. Business Associate shall comply with any provision or requirement
concerning privacy or security of information under applicable State law that is more
stringent than a similar provision or requirement under HITECH and this Agreement.
G) Red Flags Rule. With respect to Business Associate's access to, use or handling of
information in connection with Covered Entity's "Covered Accounts" (as defined under
the Federal Trade Commission's Red Flags Rule (the "Red Flags Rule") and identified by
Covered Entity), Business Associate shall, as of the Effective Date of this Agreement:
1) Implement reasonable administrative, physical and technical policies and
procedures to detect, prevent and mitigate the risk of identity theft at Business
Associate;
2) Cooperate with and take such steps as are reasonably necessary to assist Covered
Entity with compliance with its Identity Theft Prevention Program; and
3) Promptly report to Covered Entity any specific Red Flags, as identified in
Covered Entity's Red Flag policies, which Business Associate detects, and, as
appropriate, respond to, or reasonably assist Covered Entity in responding to, such
Red Flags in accordance with Covered Entity's policies and procedures.
H) Audits, Inspection and Enforcement. Covered Entity may, upon reasonable notice,
inspect the facilities, systems, books and records of Business Associate to monitor
compliance with this Agreement. Business Associate shall promptly remedy any
violation of any term of this Agreement and notify Covered Entity of the outcome.
I) Termination
1) Noncompliance. If either Party notifies (the "Notifying Party") the other
Party regarding an activity or practice that constitutes a material breach or
violation of such other Party's obligation under this Agreement, HIPAA and
HITECH (the "Breaching Party"), and such Breaching Party does not take
reasonable steps to or otherwise does not successfully cure the breach or end the
violation, as applicable, within a reasonable timeframe as agreed to by the Parties,
the Notifying Party is permitted to either:
(a) If feasible, terminate this Agreement and the BA Services Contract; or
(b) If termination is not feasible, report the problem to HHS.
LV1 1468200v1 09/16/11
Update for Final Rule 2013
HIPAA Business Associate Agreement
Page 11 of 14
2) Judicial or Administrative Proceedings. Either Party may terminate this
Agreement and the BA Services Contract, effective immediately, if
(a the other Party is named as a defendant in a criminal proceeding for a
violation of HIPAA and HITECH, or
(b) a finding or stipulation that the other Party has violated any standard or
requirement of HIPAA and HITECH or other security or privacy laws is
made in any administrative or civil proceeding in which the Party has been
joined.
3) Effect of Termination. Upon termination of the BA Services Contract for any
reason, Business Associate shall return to Covered Entity and destroy all of
Covered Entity's PHI that Business Associate still maintains in any form, and
shall retain no copies of such PHI, or if return or destruction is not feasible,
Business Associate agrees, at Covered Entity's reasonable expense, to continue to
extend the protections of this Agreement to such information, and limit further
use of such PHI to those purposes that make the return or destruction of such PHI
infeasible.
J) Indemnification. Covered Entity and Business Associate will indemnify, hold harmless
and defend the other Party to this Agreement from and against any and all claims, losses,
liabilities, costs and other expenses, including court costs and reasonable attorneys fees
and disbursements, incurred as a result of, or arising directly or indirectly out of or in
connection with:
1) any misrepresentation, breach of warranty or non -fulfillment of any undertaking
on the part of the Party under this Agreement; and
2) any claims, demands, awards, judgments, actions and proceedings made by any
person or organization arising out of or in any way connected with the Party's
performance under this Agreement.
Regarding cyber liability claims and errors and omissions claims, Business Associate
agrees to protect, defend, indemnify, and hold harmless the Covered Entity, its elected
officials, officers, employees and agents from any and all claims, demands, losses, liens,
liabilities, penalties, fines, lawsuits, and other proceedings and all judgments, awards,
costs and expenses (including reasonable attorneys' fees and disbursements) to the
extent caused by any negligent act and/or omission of ELAP, its officers, employees,
agents, and/or subcontractors, arising out of the performance of this Agreement.
Nothing contained in this Section or this Agreement shall be construed to create a
liability or a right of indemnification in any third party
K) Disclaimer. Covered Entity makes no warranty or representation that compliance by
Business Associate with this Agreement, HIPAA and HITECH will be adequate or
LV1 1468200v1 09/16/11
Update for Final Rule 2013
HIPAA Business Associate Agreement
Page 12 of 14
satisfactory for Business Associate's own purposes or that any information in Business
Associate's possession or control, or transmitted or received by Business Associate, is or
will be secure from unauthorized use or disclosure. Business Associate is solely
responsible for all decisions made by Business Associate regarding the safeguarding of
PHI.
L) Amendment. The Parties acknowledge that state and federal laws relating to electronic
data security and privacy are rapidly evolving and that amendment of this Agreement
may be required to provide for procedures to ensure compliance with such developments.
The Parties specifically agree to take such action as is necessary to implement the
standards and requirements of HIPAA and HITECH and other applicable laws relating to
the security or confidentiality of PHI. The Parties understand and agree that Covered
Entity must receive satisfactory written assurance from Business Associate that Business
Associate will adequately safeguard all PHI that it receives or creates pursuant to the
delivery of BA Services and this Agreement. Upon either Party's request, both Parties
agree to promptly enter into negotiations concerning the terms of an amendment to this
Agreement embodying written assurances consistent with the standards and requirements
of HIPAA and HITECH or other applicable laws. Either Party may terminate the BA
Services upon 30 days written notice in the event
1) the other Party does not promptly enter into negotiations to amend this Agreement
when requested by a Party pursuant to this Section or
2) the other Party does not enter into an amendment to this Agreement providing
assurances regarding the safeguarding of PHI sufficient to satisfy the standards
and requirements of HIPAA and HITECH.
M) No Third Party Beneficiaries. Nothing express or implied in this Agreement is intended
to confer, nor shall anything herein confer, upon any person other than Covered Entity,
the Covered Entity Affiliates and Business Associate and their respective heirs,
representatives, successors and assigns, any rights, remedies, obligations or liabilities
whatsoever, whether as creditor beneficiary, donor beneficiary or otherwise.
N) Interpretation. This Agreement shall be interpreted as broadly as necessary to implement
and comply with HIPAA and HITECH and applicable state laws.
0) Independent Contractor. Nothing contained herein shall be deemed or construed by the
Parties hereto or by any third party as creating the relationship of employer and
employee, principal and agent, partners, joint venturers or any similar relationship,
between the Parties hereto. Covered Entity and Business Associate acknowledge and
agree that Business Associate is an independent contractor, and not an agent of Covered
Entity, and Business Associate shall be solely liable for the payment of all income,
unemployment, workers compensation, Social Security insurance or similar taxes or
assessments on the fees or other remuneration paid or to be paid to Business Associate by
Covered Entity.
LV1 1468200v1 09/16/11
Update for Final Rule 2013
HIPAA Business Associate Agreement
Page 13 of 14
P) Miscellaneous.
1) Entire Agreement. This Agreement supersedes all previous agreements between
Covered Entity and Business Associate and contains the entire understanding and
agreement between the Parties with respect to the subject matter hereof.
2) Headings. The headings in this Agreement are for convenience of reference only
and shall not be used to interpret or construe its provisions.
3) Governing Law and Venue. This Agreement shall be construed in accordance
with and governed by the laws of Washington without regard to conflicts of laws
principles. Venue for any action necessary to enforce the terms and conditions of
this Agreement shall lie in a court of competent jurisdiction in Yakima County,
Washington, specifically for claims with an amount in controversy of $74,999.99
or less in the state court and $75,000.00 or greater in the federal court.
4) Binding Effect. This Agreement shall be binding upon, and inure to the benefit of,
each Party hereto and their respective successors and assigns.
5) Mutual Negotiation. Each and every provision of this Agreement has been
mutually negotiated, prepared and drafted and, in connection with the
construction of any provisions hereof, no consideration shall be given to the issue
of which Party actually prepared, drafted, requested or negotiated any provision
of this Agreement, or its deletion.
6) Notices. All notices, demands and other communications to be made hereunder
("Notice") shall be given in writing and shall be deemed to have been duly given
if personally delivered or sent by confirmed facsimile transmission, recognized
overnight courier service which provides a receipt against delivery, or certified or
registered mail, postage prepaid, return receipt requested, to the other Party at the
address set forth in the first paragraph of this Agreement. Notice shall be deemed
effective, if personally delivered, when delivered; if sent by confirmed facsimile
transmission, when sent; if sent via overnight delivery, on the first business day
after being sent, and if mailed, at midnight on the third business day after deposit
in the U.S. mail.
7) Modification. This Agreement may be amended, superseded, terminated or
extended, and the terms hereof may be waived, only by a written instrument
signed by all of the Parties or, in the case of a waiver, signed by the Party waiving
compliance.
8) Preservation of Rights. No delay on the part of any Party in exercising any right,
power or privilege hereunder shall operate as a waiver thereof, nor shall any
waiver on the part of any Party of any such right, power or privilege, nor any
single or partial exercise of any right, power or privilege, preclude any further
exercise thereof or the exercise of any other such right, power or privilege. The
LV1 1468200v1 09/16/11
Update for Final Rule 2013
HIPAA Business Associate Agreement
Page 14 of 14
rights and remedies herein provided are cumulative and are not exclusive of any
rights or remedies that any Party may otherwise have at law, in equity or
otherwise.
9) Provisions Severable. The provisions of this Agreement are independent of and
severable from each other. No provisions will be affected or rendered invalid or
unenforceable by virtue of the fact that for any reason any one or more of any of
the provisions hereof may be invalid or unenforceable in whole or in part.
10) Counterparts. This Agreement may be executed by the Parties hereto in separate
counterparts, each of which when so executed and delivered shall be an original,
but all such counterparts shall together constitute one and the same instrument.
Each counterpart may consist of a number of copies hereof each signed by less
than all, but together signed by all of the Parties hereto.
11) Interpretation. The Parties agree that any ambiguity in this Agreement shall be
resolved in favor of a meaning that complies and is consistent with HIPAA and
HITECH.
IN WITNESS WHEREOF, the Parties hereto have duly executed this Agreement on the day and
year below written:
City of Yakima ELAP Services, LLC
By: By:
Print Name: Print Name: Stephen P. Kelly
Date: Date:
EIN: EIN:27-1535521
LV1 1468200v1 09/16/11
Update for Final Rule 2013