Item C08
BOARD OF COUNTY COMMISSIONERS
AGENDA ITEM SUMMARY
Meeting Date: 04/21-22/04
Division:
Community Services
Bulk Item: Yes -.L
No
Department: Social Services TransJ'ortation
, ,
_. '.-
Social Services Director: , 4')..,. i -t-') OA--~
Louis LaTorre
AGENDA ITEM WORDING: Approval of an agreement between Monroe County and WEB MD Envoy
ITEM BACKGROUND: This agreement wiD allow Monroe County Transportation personnel to check
on Medicaid status as well as Medicaid numbers. As we do the billing for Medicaid eligible Medicaid
Transportation trips. We have been using this software for the past 6 years to obtain this information and
in the past a contract was not required.
PREVIOUS RELEVANT BOCC ACTION: N/A
CONTRACT/AGREEMENT CHANGES: N/A
STAFF RECOMMENDATIONS: Approval
TOTAL COST:
$0.00
BUDGETED: Yes N/A
No
COST TO COUNTY:
$0.00
SOURCE OF FUNDS:
REVENUE PRODUCING: Yes -.lL. No
AMOUNTPERMONTH_ Year
DIVISION DIRECTOR APPROVAL:
APPROVED BY: County Atty _
DOCUMENTATION:
Included X
To Follow
Not Required
AGENDA ITEM # C 8'
DISPOSITION:
Revised 1/03
MONROE COUNTY BOARD OF COUNTY COMMISSIONERS
CONTRACT SUMMARY
Contract with:
WEB MD Envoy
Contract #_
Effective Date:
Expiration Date:
April 21, 2004
No Expiration Date
Contract Purpose/Description:
This agreement. will allow Monroe County Transportation personnel to check on Medicaid
status as well as Medicaid numbers. As we do the billing for Medicaid eligible Medicaid
Transportation trips. We have been using this software for the past 6 years to obtain this
information and in the ast a contract was not re uired.
4425
(Ext.)
Trans ortationll
(Department/Stop #)
Contract Manager:' .Jerry Eskew
/"- (Name)
I
for BOCC meetin on
4/21-22/04
A enda Deadline: 04/04/04
CONTRACT COSTS
Total Dollar Value of Contract: $ 0
Budgeted? YesD No 0 Account Codes:
Grant: $
County Match: $
Current Year Portion: $
- - - -
-----
- - - -
-----
- - - -
-----
- - - -
-----
Estimated Ongoing Costs: $Q/yr
(Not included in dollar value above)
ADDITIONAL COSTS
For:
(eg. maintenance, utilities, ianitorial, salaries, etc.)
CONTRACT REVIEW
Changes
Needed A
YesD Nol2r ~
Date Out
-
-'
-
-
-
-
---
-
-
-
---
-
-
-
1Vl..L.:MO> WebMd Envoy Corporation
Well One Century Place
'E 26 Century Blvd. Suite 601
. nvoy Nashville, TN 37214
RETURN SERVICE REQUESTED
61250-1
ADDRESSEE:
MONROE COUNTY TRANSPRT
WING 3 P5B 510 COLLEGE RD
KEY WEST, FL 33040
RETURN TO:
1..11.1...1..1,1",11,1"11,1..11,,,1,1.,11,..1,1,,11,...11,,1
ENVOY CORPORATION D/B/A WebMD ENVOY
P,O, BOX 149090
NASHVILLE, TN 37214-9090
Dear Valued WebMD Envoy Customer,
This letter requires your immediate attention and response.
As you are aware, we are quickly approaching April 14th, 2004, at which time all covered entities are mandated by
law to have a Business Associate Agreement (BAA) executed with their business associates.
You are receiving this mailing because our records indicate that you do not yet have a BAA on file with WebMD
Envoy. Please read the following carefully, even if you believe you are covered by an existing BAA or are no
longer an active WebMD Envoy customer.
If you have never sent WebMD Envoy a BAA, please complete and return the enclosed BAA now.
If your organization has previously sent WebMD Envoy a BAA, then you are receiving this communication because:
a) We simply did not receive your signed BAA,
b) your organization has multiple facilities, locations, sites and/or accounts that are contracted individually with
WebMD Envoy, and we have not yet received a BAA from your particular site or account, or
c) your organization is an affiliate or subsidiary of a parent company that may already have a BAA with WebMD
Envoy, but we are unaware of your relationship to your parent company.
Whichever scenario applies to your organization, please do the following:
· Read and sign the enclosed BAA.
CLEARLY PRINT all contact information including your tax ID number in the upper left-hand corner
of the BAA.
· If applicable, please attach a list of your affiliated companies including their names, addresses and
tax ID numbers, and/or the name, address and tax ID number of your parent company, and return
in the envelope provided.
If you have received multiple BAA's from WebMD Envoy please return each one, as they have individual
identification numbers and represent a distinct record in our system.
If you are no longer an active customer, please indicate that on the enclosed BAA and return it unsigned so we
can remove you from our database.
Your careful and prompt response to this letter is your most effective means of meeting this HIPAA requirement.
IT IS CRUCIAL THAT YOU RETURN THE BAA WITH ALL OF THE INFORMATION REQUESTED
ABOVE, as it is our only means of tracking your reply to this mailing.
Thank you in advance for your cooperation complying with this HIPAA requirement.
Sincerely,
WebMD Envoy
615.885,3700 Phone . www.webmdenvoy.com . 615,231.4965 Fax
I lOW 111m 1m. II 1111 Iml II 1111 16 111111 IUI III I. IW III
30427 *16LOIJ41 M000261
-
-.
_ "Cllstomer" or "Covered, Entity":
BUSINESS ASSOCIATE AGREEMENT
-
Name:
-
-
-
-
-
-
Address:
Zip:_
State:
City:
-
-
---
-
Phone:
Federal Tax 10#:
-
-
Attention:
RECITALS
WHEREAS, Business Associate now and in the future may have
relationships with Customer in which Business Associate creates or
receives Protected Health Information (as defined below) for use in
providing services or products to Customer.
WHEREAS, Business Associate and Customer (each a "Party" and
collectively the .Parties") desire to meet their obligations, to the extent
applicable, under the Standards for Privacy of Individually Identifiable
Health Information (the "Privacy Regulation") and the Health Insurance
Reform: Security Standards (the .Security Regulation") published by the
U.S. Department of Health and Human Services rHHS") at 45 C.F.R.
parts 160 and 164 under the Health Insurance Portability and
Accountability Act of 1996 ("HIPAA"), and as may be applicable to the
services rendered by Business Associate to the Customer, under the
Gramm-Leach-Bliley Act ("GLB") and implementing regulations.
WHEREAS, the Parties desire to set forth the terms and conditions
pursuant to which Protected Health Information that is provided by, or
created or received by, the Business Associate on behalf of the Customer
("Protected Health Information"), will be handled between themselves and
third parties.
NOW THEREFORE, in consideration of the foregoing and for other good
and valuable consideration, the receipt and sufficiency of which are hereby
acknowledged, the Parties hereby agree as follows:
TERMS AND CONDITIONS
1. PERMITTED USES AND DISCLOSURES OF PROTECTED
HEALTH INFORMATION
1.1 Services. (a) Business Associate provides servIces (which may
include transaction services as well as servicing hardware or software
products) ("Services") that involve the use and/or disclosure of Protected
Health Information. These Services are provided to Customer under
various agreements ("Service Agreements") that specify the Services to be
provided by Business Associate, Except as otherwise specified herein, the
Business Associate may make any and all uses and disclosures of
Protected Health Information created or received from or on behalf of
Customer necessary to perform its obligations under the Service
Agreements.
(b) Business Associate may perform Data Aggregation for the
Health Care Operations of Customer.
1.2. Public Health Activities. Business Associate may use, analyze, and
disclose the Protected Health Information in its possession for the public
health activities and purposes set forth at 45 C.FR 9 164.512(b)
1.3, Business Activities of the Business Associate, Unless otherwise
limited herein, the Business Associate may: (a) consistent with 45 C.F,R. 9
164.504(e)(4), use and disclose the Protected Health Information in its
Follow Up 8/18/03
I 11111 11I1 Imll III 11m .111 1m 1111111111111 IIIllllm 111m 111111l1li11111111
"Business Associate";
Each of the subsidiaries of WebMD Corporation, a Delaware corporation,
listed on Exhibit A hereto as amended from time to time as provided herein,
who has a relationship with Customer in which such entity creates or receives
Protected Health Information (as defined below) for use In providing
services or products to Customer.
Address: ENVOY Corporation d/b/a WebMD ENVOY
Post Office Box 149090
Nashville, TN 37214-9090
Attention: Legal Department
possession for its proper management and administration and to fulfill any
present or future legal responsibilities of the Business Associate: and
(b) de-identify any and all Protected Health Information In accordance
with 45 C.F.R. S 164.514(b), Customer acknowledges and agrees that de-
identified information is not Protected Health Information and that
Business Associate may use such de-identified information for any lawful
purpose.
2. RESPONSIBILITIES OF THE PARTIES WITH RESPECT TO
PROTECTED HEALTH INFORMATION
2.1. Responsibilities of the Business Associate, Business Associate
agrees to: (a) use and/or disclose the Protected Health Information only as
permitted or required by this Agreement or as otherwise required by law;
(b) report to the Customer any use and/or disclosure of the
Protected Health Information of which Business Associate becomes aware
that is not permitted or required by this Agreement;
(c) report to Customer any Security Incident of which it becomes
aware with respect to Electronic Protected Health Information provided by,
or created or received by, Business Associate on behalf of Customer
("Electronic Protected Health Information"):
(d) mitigate, to the extent practicable, any harmful effect that is
known to Business Associate of a use or disclosure of Protected Health
Information by Business Associate not provided for by this Agreement;
(e) use appropriate safeguards to prevent use or disclosure of
Protected Health Information other than as permitted or required by this
Agreement;
(f) (i) implement administrative, physical, and technical safeguards
that reasonably and appropriately protect the confidentiality, integrity, and
availability of the Electronic Protected Health Information that it creates,
receives, maintains, or transmits on behalf of Customer: and (ii) make its
policies and procedures, and documentation required by the Security
Regulation relating to such safeguards, available to the Secretary of HHS
for purposes of determining Customer's compliance with the Security
Regulation;
(g) require all of its subcontractors and agents that receive, use or
have access to Protected Health Information, to agree to adhere to the
same restrictions and conditions on the use and/or disclosure of Protected
Health Information that apply to the Business Associate;
(h) ensure that all of its subcontractors and agents to whom it
provides Electronic Protected Health Information agree to implement
reasonable and appropriate safeguards to protect such Electronic
Protected Health Information;
(i) make available its internal practices, books and records relating
to the use and/or disclosure of Protected Health Information to the
30427 '16l01J41 M000261
Secretary of HHS for purposes of determining the Customer's compliance
with the, Privacy Regulation:
-
-
-
U) within thirty (30) days of receiving a written request from
Customer, make available information necessary for Customer to make an
accounting of disclosures of an indiVidual's Protected Health Information;
-
-
---
-
-
(k) within fifteen (15) days of receiving a written request from
Customer, make available Protected Health Information necessary for
Customer to respond to individuals' requests for access to Protected
Health Information about them, to the extent that the Protected Health
Information in Business Associate's possession constitutes a Designated
Record Set; and
-
---
-
-
-
(I) Within thirty (30) days of receiving a written request from
Customer, incorporate any amendments or corrections to the Protected
Health Information In accordance with the Privacy Regulation, to the extent
that the Protected Health Information in Business Associate's possession
constitutes a Designated Record Set.
2.2, Responsibilities of the Customer. (a) With regard to the use andlor
disclosure of Protected Health Information by the Business Associate, the
Customer agrees: (i) to obtain any consent, authOrization or permission that
may be required by the Privacy Regulation or any other applicable federal,
state or local laws andlor regulations prior to furnishing Business
Associate the Protected Health Information pertaining to an individual; and
(ii) that it will not furnish Business Associate Protected Health Information
that is subject to any arrangements permitted or required of the Covered
Entity, including but not limited to, arrangements agreed to by Customer
under 45 C.F.R. ~ 164.522 that may impact in any manner the use andlor
disclosure of Protected Health Information by the Business Associate
under this Agreement and the Service Agreement(s).
(b) Customer represents and warrants that its notice of privacy
practices permits Customer to use and disdose Protected Health
Information in the manner that Business Associate is authorized to use
and disclose Protected Health Information under this Agreement
3. TERM AND TERMINATION
3.1, Term, Each term and condition of this Agreement shall become
effective on the Effective Date, unless such term or condition relates to
Electronic Protected Health Information only, in which event such term or
condition shall become effective on the later of (a) the compliance date
applicable to the Customer under the Security Regulation or (b) the date on
which the Parties have executed the Agreement This Agreement shall
continue in effect unless terminated as provided in this Section 3, provided,
that certain provisions and requirements of this Agreement shall survive the
expiration or termination of this Agreement in accordance with Section 4.4
herein.
3.2. Termination by the Customer. As provided for under 45 CF.R. ~
164.504(e)(2)(iii), the Covered Entity may immediately terminate this
Agreement with respect to a Business Associate and any related Service
Agreement(s) if the Covered Entity makes the determination that such
Business Associate has breached a material term of this Agreement.
Alternatively, Covered Entity may choose to provide such Business
Associate written notice of the breach in sufficient detail to enable
Business Associate to understand the specific nature of the breach and
afford Business Associate an opportunity to cure the breach; provided,
however, that if such Business Associate fails to cure the breach within a
reasonable time specified by Covered Entity, Covered Entity may
terminate this Agreement with respect to such Business Associate and
any related Service Agreement(s) to the extent that the Service
Agreement(s) requires such Business Associate to create or receive
Protected Health Information.
3.3. Termination by Business Associate. Any Business Associate may
immediately terminate this Agreement with respect to such Business
Associate and any related Service Agreement(s) if such Business
Associate makes the determination that Covered Entity has breached a
material term of this Agreement. Alternatively, such Business Associate
may choose to provide Covered Entity written notice of the breach in
Follow Up 8/18/03
1I11I111111111111I PIIIII_11i1 Pi 111111111111 Ii 11111 11111 1m 11_11111111111111
sufficient detail to enable Covered Entity to understand the specific nature
of the breach and afford Covered Entity an opportunity to cure the breach.
provided, however, that if Covered Entity fails to cure the breach within ~
reasonable time specified by Business Associate, Business Associate
may terminate this Agreement as it relates to such Business Associate
and any related Service Agreement(s) to the extent that the Service
Agreement(s) requires such Business Associate to create or receive
Protected Health Information.
3.4. Automatic Termination. This Agreement will automatically
terminate with respect to any Business Associate without any further
action of the Parties upon the termination or expiration of all Service
Agreement(s) between Customer and such Business Associate
3.5. Effect of Termination. Upon the termination of this Agreement with
respect to anyone or more Business Associates, such Business
Associate(s) agrees to retum or destroy all Protected Health Information,
including such information in possession of such BuslOess Associate's
subcontractors, if it is feasible to do so. If return or destruction of said
Protected Health Information is not feasible, such Business Associate(s)
will extend any and all protections, limitations and restrictions contained in
this Agreement to the Business Associate's use and/or disclosure of any
Protected Health Information retained after the termination of this
Agreement, and limit any further uses andlor disclosures to the purposes
that make the return or destruction of the Protected Health Information
infeasible.
4. MISCELLANEOUS
4.1. Entire Aareement This Agreement, and all attachments,
schedules and exhibits hereto, constitutes the entire agreement and
understanding between the Parties with respect to the subject matter
hereof and supersedes any prior or contemporaneous written or oral
memoranda, negotiations, arrangements, contracts or understandings of
any nature or kind between the Parties with respect to the subject matter
hereof.
4.2. Chanae of Law, Customer shall notify Business Associate within
ninety (90) days of any amendment to any provision of HIPAA, or its
implementing regulations set forth at 45 C.FR parts 160 through 164,
which materially alters either Party's or the Parties' obligations under this
Agreement. The Parties agree to negotiate in good faith mutually
acceptable and appropriate amendment(s) to this Agreement to give effect
to such revised obligations; provided, however, that if the Parties are
unable to agree on mutually acceptable amendment(s) within ninety (90)
days of the relevant change of law, either Party may terminate this
Agreement consistent with sections 3.5 and 4.4.
4.3. Construction of Terms. The terms of this Agreement shall be
construed in light of any interpretation and/or guidance on HIPAA, the
Privacy Regulation and/or the Security Regulation issued by HHS from
time to time.
4.4. Survival. Sections 3.5, 43, 4.8, 4.11, 5, 6 and this Section 4.4,
and any other provisions of this Agreement that by their terms are
intended to survive, shall survive the termination of this Agreement.
4.5, Amendment: Waiver. This Agreement may not be modified, nor
shall any provision hereof be waived or amended, except in a writing duly
signed by authorized representatives of the Parties. A waiver with respect
to one event shall not be construed as continuing, or as a bar to or waiver
of any right or remedy as to subsequent events.
4.6. Notices. Any notices to be given hereunder to a Party shall be
made via U.S. Mail or express courier to such Party's address given
above, and/or via facsimile to the facsimile telephone numbers listed
above. Each Party may change its address and that of its representative
for notice by the giving of notice thereof in the manner herein above
provided.
4.7, Counterparts; Facsimiles. This Agreement may be executed in any
number of counterparts, each of which shall be deemed an original.
Facsimile copies hereof shall be deemed to be originals.
30427 . 16LOIJ41 M000261
-
-'
=
-
-
=
-
4.8. Disputes. If any controversy, dispute or claim arises between the
Parties with respect to thIS Agreement, the Parties shall make good faith
efforts to resolve such matters informally.
4.9 Effective Date. The Effective Date of this Agreement shall be the
later of April 14, 2003, or the date on which the Parties have executed the
Agreement.
-
4.10 BindinQ AClreement: New Parties: AClencv.
-
=
-
(a) This Agreement shall be binding upon the Parties and
their successors and permitted assigns. Anyone or more additional
subsidiaries of WebMD Corporation with a relationship with Customer in
which such entity creates or receives Protected Health Information for use
in providing services or products to Customer (each a "New Party") may
join this Agreement as a Party and a Business Associate by executing and
delivering a counterpart of this Agreement. In addition, WebMD
Corporation from time to time lists on its corporate website its subsidiaries
which are business associates for purposes of HIPAA compliance ("HIPAA
BA Subs") Each HIPAA BA Sub that creates or receives Protected Health
Information for use in providing services or products to Customer shall be
deemed to be a New Party without further action by any Party hereto.
Whenever a New Party joins this Agreement, Exhibit A will be deemed
amended (and shall be revised at the request of any Party or WebMD
Corporation as agent for the Business Associates) to list such New Party
as a Business Associate hereunder.
-
-
(b) The Parties acknowledge that WebMD Corporation is
executing and delivering this Agreement solely in its capacity as agent for
the Business Associates, By signing below, WebMD Corporation
represents that it has been authorized to execute this Agreement on behalf
of each Business Associate, including any New Party who joins this
Agreement under Section 4.1 O(a).
4.11 No Third Party Beneficiaries. Nothing in this Agreement shall
confer upon any person other than the Parties and their respective
successors or assigns, any rights, remedies, obligations, or liabilities
whatsoever.
4.12 Contradictory Terms This Agreement hereby amends, modifies,
supplements and is made part of the Service Agreement(s), provided that
any proVision of the Service Agreement(sl. including all exhibits or other
attachments thereto and all documents incorporated therein by reference,
that is directly contradictory to one or more terms of this Agreement
("Contradictory Term") shall be superseded by the terms of this Agreement
as of the date such terms become effective pursuant to Section 3.1, to the
extent and only to the extent of the contradiction and only to the extent that
it is reasonably impossible to comply with both the Contradictory Term and
the terms of this Agreement.
4.13 Affiliates. This Agreement shall be binding upon the parties and
their current and future Affiliates, successors and permitted assigns
"Affiliate" shall mean any entity owned or controlled by, under common
ownership or control with, or which owns or controls. either party to thiS
Agreement or any of its subsidiaries.
S. LIMITATION OF LIABILITY
NEITHER PARTY SHALL BE LIABLE TO THE OTHER PARTY FOR ANY
INCIDENTAL, CONSEQUENTIAL, SPECIAL, OR PUNITIVE DAMAGES
OF ANY KIND OR NATURE, WHETHER SUCH LIABILITY IS
ASSERTED ON THE BASIS OF CONTRACT, TORT (INCLUDING
NEGLIGENCE OR STRICT LIABILITY), OR OTHERWISE, EVEN IF THE
OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
LOSS OR DAMAGES.
6. DEFINITIONS
Regulatory citations in this Agreement are to the United States Code of
Federal Regulations Title 45 parts 160 through 164, as interpreted and
amended from time to time by HHS, for so long as such regulations are in
effect. Unless otherwise specified in this Agreement, all capitalized terms
not otherwise defined shall have the meaning established for purposes of
Title 45 parts 160 through 164 of the United States Code of Federal
Regulations, as amended from time to time.
IN WITNESS WHEREOF, each of the undersigned has caused this Business Associate Agreement to be duly executed effective as of the
Effective Date.
WEBMD CORPORATION
BY/~~
Print Name: Lowell Stokes
Print Title: Assistant General Counsel
Date: February 18, 2004
Follow Up 8/18/03
IIIIIIIIIIIIIIII~ II IGI 11111 III 111I 1111111 III IIID nllllllllll~ IIIIIIIIII
CUSTOMER
By:
Print Name:
Print Title:
Date:
. ., ..\lNE ,HUTTON
,. 'f'\i\CV:'H~'TVORNEY
.'I"-~ -10
<.1::..\.1;:__.___
IIIII~ II~ I~IIIIIII~IIIIIIIIIIIIIII~
1-5VGGB
30427 '16LOIJ41 M000261
-
, Adaotive Health System~ of Arizona, Inc.
-
-
-
-
-
Advanced Business Fulfillment. Inc.
-
-
Benchmark Systems, Inc. of Louisiana
-
-
Carelnsite Corp.
-
-
-
-
Envoy Corp
-
-
Envoy ExpressBiIl, Inc.
-
-
Healthcare Interchange, Inc.
Illinois Medical Information Network, Inc.
[MS-Net of Arkansas, Inc.
IMS-Net of Central Florida, Inc.
IMS-Net of Colorado, Inc.
IMS-Net of Illinois, Inc.
Kinetra LLC
MedE America Corp
MedE America Corporation of Ohio
Medifax EDI
Medical Manager Health Systems, Inc.
Medical Manager PCN, lnc
Medical Manager Research & Development
Medical Manager Sales & Mktg
Minnesota Medical Communication Network, LLC
National Electronic Information Corporation
Peachtree Associates, lnc
Personal Best!, Inc.
Preferred System Solutions, Inc
T ouchPoint Software Corporation
United Software Architects, Inc.
WebMD Clinical Services, LLC
Wellmed, Inc.
IIII om n m Inl II II I_I 0011111111l1li om 1I1I1II
EXHIBIT A
30427 '16LOIJ41 M000261