The URL can be used to link to this page

1154-Blue Cross and Blue Shield Service Agreementc - k � '_S4 ADMINISTRATIVE SERVICES AGREEMENT between BLUE CROSS AND BLUE SHIELD OF FLORIDA, INC. and CITY OF SANFORD This Administrative Services Agreement (hereinafter referred to as the "Agreement "), made this a'7 day of j �Gie, 2005, is by and between Blue Cross and Blue Shield of Florida, Inc., a Florida corporation having its principal place of business at 4800 Deerwood Campus Parkway, Jacksonville, Florida 32246 (hereinafter referred to as the "BCBSF ") and City of Sanford located at 300 North Park Avenue, Sanford, Florida 32772 -1788 (hereinafter referred to as the "Employer "). WHEREAS, the Employer has established and currently sponsors a self- insured Employee Welfare Benefit Plan, to provide certain benefits (attached hereto as Exhibit "A" and hereinafter called the "Group Health Plan ") for covered group members and their covered dependents; and WHEREAS, except as otherwise specifically provided herein, the Employer is to retain all liabilities under its Group Health Plan, and BCBSF is to provide the agreed upon services to the Group Health Plan without assuming any such liability; and WHEREAS, the Employer desires that, with respect to the Group Health Plan, BCBSF furnish certain claims processing and administrative services. NOW, therefore, in consideration of the mutual promises contained herein, and other good and valuable consideration, the parties agree as follows: SECTION I TERM 1.1 Initial Term r °. The initial term of this Agreement shall be a period of one (1) year commencing on October 1, 2004 (notwithstanding the date of execution) and ending on September 30, 2005, and shall be renewable for an additional one (1) year term, at the option of the Employer, said renewal term commencing on October 1, 2005 and ending on September 30, 2006. ASAPPOSTD 1.2 Renewal Terms This Agreement will automatically renew each anniversary date for successive one year terms at the renewal rates then in effect, unless either party notifies the other party of its intent not to extend this Agreement at least 30 days prior to the applicable anniversary date. SECTION II DUTIES AND RESPONSIBILITIES OF THE EMPLOYER 2.1 Final Authority The Employer retains all final authority and responsibility for the Group Health Plan including, but not limited to eligibility and enrollment for coverage under the Group Health Plan, the existence of coverage, the benefits structure of the Group Health Plan, claims payment decisions, cost containment program decisions, utilization benefits management, compliance with the requirements of COBRA (Consolidated Omnibus Budget Reconciliation Act of 1985, as amended), compliance with the requirements of ERISA (Employee Retirement Income Security Act of 1974, as amended), compliance with reporting and remitting abandoned property funds, and compliance with any other state and federal law or regulation applicable to the Employer, the Group Health Plan, or the administration of the Group Health Plan. The Employer agrees to provide BCBSF with any information BCBSF reasonably requires in order to perform the administrative services set forth herein. 2.2 Eligibility and Enrollment As of the first day of the term of this Agreement, the Employer will have delivered to BCBSF enrollment information regarding eligible and properly enrolled members, as determined by the Employer. The Employer shall deliver to BCBSF all employee and dependent eligibility status changes on a monthly basis, or more frequently as mutually agreed by the parties. The Employer shall be responsible for providing each covered employee with a copy of the plan document which shall include the Group Health Plan. ASAPPOSTD 2.3 Financial Obligations. A. Claims Payment The Employer is financially responsible for the payment of all claims paid under the Group Health Plan. Financial arrangements regarding the payment of such claims are set forth in Exhibit "B ". B. Administrative Fees The Employer agrees to promptly pay all administrative fees as set forth in Exhibit "B ". Administrative fees are not subject to change during the initial term of this Agreement, except as set forth below. The administrative fees shall be payable to BCBSF within 10 days of written notification to the Employer of the amount owed. C. Late Charges In the event the Employer fails to pay any amount owed in full by the due date, the Employer shall pay BCBSF, in addition to the amount due, a late charge as set forth in Exhibit "B ". D. Modifications BCBSF may modify the administrative fees contained in Exhibit "B" at any time on or after the first anniversary of this Agreement's effective date, upon giving forty -five (45) days prior written notice to the Employer. Additionally, BCBSF, at any time, may modify the administrative fee, if the Employer substantially modifies the Group Health Plan or changes enrollment. 2.4 Use of Names and Logos The Employer agrees to allow BCBSF to use the Employer's name and logo on I.D. cards and other forms necessary to effectuate this Agreement, and to promote the Employer's relationship with BCBSF to potential or existing providers. BCBSF shall not use the Employer's name or logo for any other purpose without the prior written consent of the Employer. BCBSF may only reasonably use the Employer's name for necessary purposes. The Employer agrees that the names, logos, symbols, trademarks, tradenames, and service marks of BCBSF, whether presently existing or hereafter established, are the sole property of BCBSF and BCBSF retains the right to the use and control thereof. The Employer shall not use BCBSF's name, logos, symbols, trademarks or service marks in advertising or promotional materials or otherwise without the prior written consent of ASAPPOSTD BCBSF and shall cease any such usage immediately upon written notice by BCBSF or upon termination of this Agreement, whichever is sooner. SECTION III DUTIES AND RESPONSIBILITIES OF BCBSF 3.1 Generally It is understood and agreed that BCBSF is empowered and required to act with respect to the Group Health Plan only as expressly stated herein. The Employer and BCBSF agree that BCBSF's role is to provide administrative claims payment services, that BCBSF does not assume any financial risk or obligation with respect to claims, that the services rendered by BCBSF under this Agreement shall not include the power to exercise control over the Group Health Plan's assets, if any, or discretionary authority over the Health Care Plan's operations, and that BCBSF will not for any purpose, under ERISA or otherwise, be deemed to be the "Plan Administrator" of the Group Health Plan or a "fiduciary" with respect to the Group Health Plan. BCBSF's services hereunder are intended to and shall consist only of ministerial functions. The Group Health Plan's "Administrator" for purposes of ERISA is the Employer. 3.2 Enrollment: Forms and I.D. Cards BCBSF shall enroll those individuals who have completed an application and are identified by the Employer as eligible for benefits under the Group Health Plan on the effective date of this Agreement, and subsequently during the continuance of this Agreement. BCBSF shall be entitled to rely on the information furnished to it by the Employer, and the Employer shall hold BCBSF harmless for any inaccuracy or failure to provide such information in a timely manner. BCBSF shall furnish to the Employer, for distribution to persons participating in the Group Health Plan, a supply of identification cards, benefit plan descriptions, forms to be used for submission of claims and enrollment, and any other forms necessary for the administration of the Group Health Plan, as determined by BCBSF. 3.3 Claims Processing BCBSF shall provide claims processing services on behalf of the Employer for all properly submitted claims, in accordance with the benefits and procedures set forth in Exhibit "A ", using funds solely supplied by the 4 ASAPPOSTD Employer, as set forth in Exhibit "B ". BCBSF shall furnish each claimant with an explanation of each claim that is paid, rejected, suspended or denied. For purposes of this Agreement, the term "claim(s)" shall be defined as the amount paid or payable by BCBSF to providers of services and /or covered group members under this Agreement and the Group Health Plan, and in conformity with any agreements BCBSF enters into with such providers of services, and includes capitation, physician incentives, pharmacy, physician, hospital and other fee - for - service claims expenditures. Processing services shall be provided in a timely manner by BCBSF and BCBSF shall adhere to any and all statutory and other guidelines and requirements of law and shall pay any and all fees and charges that may result from BCBSF's failure to comply with any and all statutory and other guidelines and requirements of law when such failure is the fault of BCBSF 3.4 Program Administration BCBSF shall administer its established cost containment programs and utilization benefits management programs, as selected by the Employer and described in the Group Health Plan. BCBSF shall make available its Preferred Provider Organization Program(s) to covered group members and their covered dependents, as set forth in the Group Health Plan. Any agreements between providers of services and BCBSF are the sole property of BCBSF and BCBSF retains the right to the use and control thereof. 3.5 Inaccurate Payments Whenever BCBSF becomes aware that the payment of a claim under the Group Health Plan to any person was, or may have been, made which was not in accordance with the terms of the Group Health Plan, whether or not such payment was BCBSF's fault, and whether not such payment was more than or less than was appropriate under the terms of the Group Health Plan, BCBSF shall investigate such payment in accordance with its standard commercial insurance business practices and either 1) for a payment of $50.00 or more, make a diligent effort to recover any payment which was more than was appropriate under the Group Health Plan or 2) as the case may be, adjust any claim the payment of which was less than appropriate under the Group Health Plan. The Employer delegates to BCBSF the discretion and the authority to determine under what circumstances to compromise a claim or to settle for less than the full amount of the claim. BCBSF shall coordinate the payment and compromise of claims with the City Manager of the Employer or his designee. In the event any part of an inaccurate payment is recovered, the Employer will receive a refund from BCBSF. BCBSF shall notify the Employer whenever attempted recovery is unsuccessful. Nothing herein shall require BCBSF to institute a legal action or suit to recover payments made by BCBSF. ASAPPOSTD 3.6 Records and Reports BCBSF agrees to establish, maintain and provide to the Employer, records and reports generated for the purposes of reporting claims experience and conducting audits of operations. BCBSF will provide claims information only accordance with Exhibit C (and Exhibit D, if applicable) to this Agreement. BCBSF will not provide any information with regard to provider pricing agreements or any other information which is of a confidential or proprietary nature, as determined by the Administrator. 3.7 Pharmacy Rebates In certain circumstances, BCBSF and /or its pharmacy benefit manager ( "PBM ") negotiate(s) and receive(s) formulary rebates, volume discounts, and /or fees from certain drug manufacturers as a result of the inclusion of such manufacturer's branded products on BCBSF's formularies ( "Rebates "). The PBM generally passes Rebates through to BCBSF, less a 12.5% fee as part of its compensation for its services. At times, the PBM may pass through a guaranteed minimum amount per prescription that exceeds the Rebates otherwise payable to BCBSF. In either situation, BCBSF passes through 100% of the amounts it receives to the Employer. BCBSF may receive a portion of the Rebates on a prepaid, estimated basis, before any drug claims are filed and paid. To the extent that BCBSF receives prepaid, estimated rebate amounts, BCBSF retains, as part of its compensation, the interest earned on such amounts from the time it receives such prepayments until it forwards the Employer's Rebates. This time period is generally nine to twelve months. BCBSF expects to earn interest at the rate of 1.25% per annum. BCBSF pays the Employer its Rebates or guaranteed minimum amount after BCBSF is able to determine the share attributable to the drug claims actually made by Employer's group members. This typically occurs seven to nine months after the end of the calendar quarter in which the drugs were dispensed. BCBSF will provide more specific information on the amounts retained by BCBSF or the PBM upon request by the Employer. 3.8 Claims Payments The source or sources of payment under the Group Health Plan are to be only the assets of the Employer, and BCBSF will have no liability whatsoever for providing a source from which payments will be made under the Health Care Plan. ASAPPOSTD '3.9 Providers Outside the State of Florida A. BlueCard Administrator participates in a program called "BlueCard." Whenever member's access health care services outside the geographic area BCBSF serves, the claim for those services may be processed through BlueCard and presented to BCBSF for payment in conformity with network access rules of the BlueCard Policies then in effect ( "Policies "). Under BlueCard, when members receive covered health care services within the geographic area served by an on -site Blue Cross and /or Blue Shield Licensee ( "Host Blue "), BCBSF will remain responsible to Employer for fulfilling BCBSF contract obligations. However, the Host Blue will only be responsible, in accordance with applicable BlueCard Policies, if any, for providing such services as contracting with its participating providers and handling all interaction with its participating providers. The financial terms of BlueCard are described generally below. B. Liability Calculation Method Per Claim The calculation of member liability on claims for covered health care services incurred outside the geographic area BCBSF serves and processed through BlueCard will be based on the lower of the provider's billed charges or the negotiated price BCBSF pays the Host Blue. The calculation of Employer's liability on claims for covered health care services incurred outside the geographic area BCBSF serves and processed through BlueCard will be based on the negotiated price BCBSF pays the Host Blue. The methods employed by a Host Blue to determine a negotiated price will vary among Host Blues based on the terms of each Host Blue's provider contracts. The negotiated price paid to a Host Blue by Administrator on a claim for health care services processed through BlueCard may represent: (i) the actual price paid on the claim by the Host Blue to the health care provider ( "Actual Price "), or (ii) an estimated price, determined by the Host Blue in accordance with BlueCard Policies, based on the Actual Price increased or reduced to reflect aggregate payments expected to result from settlements, withholds, any other contingent payment arrangements and non - claims transactions with all of the Host Blue's health care providers or one or more particular providers ( "Estimated Price "), or ASAPPOSTD (iii) an average price, determined by the Host Blue in accordance with BlueCard Policies, based on a billed charges discount representing the Host Blue's average savings expected after settlements, withholds, any other contingent payment arrangements and non - claims transactions for all of its providers or for a specified group of providers ( "Average Price "). An Average Price may result in greater variation to the member and the Employee from the Actual Price than would an Estimated Price. Host Blues using either the Estimated Price or Average Price will, in accordance with BlueCard Policies, prospectively increase or reduce the Estimated Price or Average Price to correct for over - or underestimation of past prices. However, the amount paid by the member and the Employer is a final price and will not be affected by such prospective adjustment. In addition, the use of a liability calculation method of Estimated Price or Average Price may result in some portion of the amount paid by the Employer being held in a variance account by the Host Blue, pending settlement with its participating providers. Because all amounts paid are final, the fund held in a variance account, if any, do not belong to the Employer and are eventually exhausted by provider settlements and through prospective adjustment to the negotiated prices. Statutes in a small number of states may require a Host Blue either (1) to use a basis for calculating the member's liability for covered health care services that does not reflect the entire savings realized, or expected to be realized, on a particular claim or (2) to add a surcharge. Should any state statutes mandate liability calculation methods that differ from the negotiated price methodology or require a surcharge, the Host Blue would then calculate member's liability and the Employer liability for any covered health care services consistent with the applicable state statute in effect at the time the member received those services. C. Return of Recoveries Under BlueCard, recoveries from a Host Blue or from participating providers of a Host Blue can arise in several ways, including but not limited to anti -fraud and abuse audits, provider /hospital audits, credit balance audits, utilization review refunds, and unsolicited refunds. In some cases, the Host Blue will engage third parties to assist in discovery or collection of recovery amounts. The fees of such a third party are netted against the recovery. Recovery amounts, net of fees, if any, will be applied in accordance with applicable BlueCard Policies, which generally require correction on a claim -by -claim or prospective basis. Unless otherwise agreed to by the Host Blue, Home Licensees may request adjustments from the Host Blue for full provider refunds due to the retroactive cancellation of membership only for one year after the Inter - Licensee ASAPPOSTD financial settlement process date of the original claim. However, recovery of claim payments associated with a retroactive cancellation may not be possible if the recovery conflicts with the Host Blue's state law, provider contracts or jeopardizes its relationship with its providers. D. BlueCard Fees and Compensation Employer understands and agrees (1) to pay certain fees and compensation to BCBSF which BCBSF is obligated under BlueCard to pay to the Host Blue, to the Blue Cross Blue Shield Association, or to the BlueCard vendors, unless BCBSF's contract obligations to the Employer require those fees and compensation to be paid only by Administrator and (2) that fees and compensation under BlueCard may be revised from time to time without Employer's prior approval in accordance with the standard procedures for revising fees and compensation under BlueCard. Some of these fees and compensation are charged each time a claim is processed through BlueCard and include, but are not limited to, access fees, administrative expense allowance fees, Central Financial Agency Fees, and ITS Transaction Fees. Also, some of these claim -based fees, such as the access fee and the administrative expense allowance fee may be passed on to the Employer as an additional claim liability. E. Inconsistencies To the extent of any inconsistency between the above provision titled "Providers Outside the State of Florida" and other terms or conditions of the Agreement, the above provision controls. SECTION IV TERMINATION 4.1 Administration After Termination The Employer is solely liable and responsible for all claims incurred under the Group Health Plan by its covered group members and their dependents during the term of this Agreement, including those incurred claims which are not presented to the Employer or BCBSF during the term of this Agreement. BCBSF will adjudicate all claims incurred during the term of this Agreement. For purposes of this Agreement, the date of an incurred claim is the date the particular service was rendered or the supply was furnished. After the effective date of termination of this Agreement, the Employer will continue to provide BCBSF with funds to pay claims incurred prior to the termination date and will continue to pay the applicable administrative fees as set forth in Exhibit "B ". ASAPPOSTD 4.2 Unilateral Termination The Employer or BCBSF may unilaterally terminate this Agreement upon 90 days prior written notice to the other after the initial term of this Agreement. 4.3 Termination On Anniversary Date This Agreement shall automatically terminate as of the date of any anniversary of the effective date of this Agreement, if either the Employer or BCBSF has given at least 30 days prior written notice to the other of its intention not to renew this Agreement as of that anniversary date. 4.4 Termination Upon Default Upon the occurrence of any of the following events, as determined by BCBSF, this Agreement will automatically terminate at the end of the 8th business day following the day upon which the Employer is notified of any of the events of default set forth hereunder, and then only in the event that the Employer has not cured the incident of default: The Employer's failure to provide adequate funds, as set in Exhibit "B ", as necessary for the payment of claims pursuant to the Group Health Plan; 2. The Employer's failure to pay any administrative fees or late penalty as set forth in Exhibit "B" of this Agreement; 3. The Employer ceases to maintain a Group Health Plan; 4. The Employer modifies the Group Health Plan without the prior written consent of BCBSF; 5. At any time BCBSF has reasonable grounds for insecurity with respect to the Employer's financial ability to adequately fund the Group Health Plan, and the Employer has failed to immediately provide adequate assurances of financial soundness to BCBSF; 6. At any time any judicial or regulatory body determines that this Agreement, or any provision of this Agreement, is invalid or illegal, or that this arrangement constitutes an insurance policy or program which is subject to state and /or federal insurance regulations and /or taxation; 7. At any time the Employer otherwise materially breaches this Agreement. io ASAPPOSTD The events listed in this provision must be reasonably determined by BCBSF. 4.5 Rights and Responsibilities Upon Termination In the event of termination of this Agreement, the Employer will immediately notify each covered group member of the termination date. Termination of this Agreement for any reason shall not affect the rights or obligations of either party which arise prior to the date of termination. SECTION V LEGAL ACTION; INDEMNIFICATION 5.1 Standard of Care BCBSF and the Employer shall each use the care, skill, prudence and diligence under the circumstances then prevailing that a prudent person acting in a like capacity and familiar with such matters would use in the conduct of an enterprise of like character and with like aims in the performance of its duties hereunder. Time is of the essence of the lawful performance of the duties and obligations contained in this Agreement. The parties covenant and agree that they shall diligently and expeditiously pursue their respective obligations set forth in this Agreement. 5.2 Liability; Indemnification BCBSF shall not be liable to the Employer or any other person for any mistake of judgment or other action taken in good faith, or for any loss or damage occasioned thereby, unless the loss or damage is due to BCBSF's gross negligence, criminal conduct or fraudulent acts. The Employer hereby agrees to indemnify and hold harmless BCBSF, its directors, officers, employees and agents against any and all actions, claims, lawsuits, settlements, judgments, costs, interest, penalties, expenses and taxes, including but not limited to, attorneys fees and courts costs, resulting from or arising directly or indirectly out of or in connection with any function of BCBSF under this Agreement, including the administration of any Cost Containment or Utilization Benefit Management Programs, or payments made pursuant to the direction of the Employer, or arising from any legal action or proceeding to recover benefits under this Agreement, in consequence of any acts or omissions occurring during the operation of this Agreement alleged to be a breach of fiduciary duty under ERISA, or arising ASAPPOSTD from any allegation of a breach of confidentiality arising out of a release of confidential information to the Group or a third party unless it is determined that the direct and sole cause of such liability was the result of gross negligence, criminal conduct or fraudulent acts on the part of BCBSF or any of its directors, officers, employees or agents. Further, the Employer agrees to indemnify and hold harmless BCBSF for any taxes or assessments, including penalties and interest, or any other amounts legally levied based on the terms of this Agreement. This provision applies to any amounts imposed, now or later, under the authority of any federal, state, or local taxing jurisdiction. This provision will continue in effect after termination of this Agreement for any reason. Nothing in this Agreement or any action relating to this Agreement shall be construed as the Employer's waiver of sovereign immunity beyond the limits set forth in Section 768.28, Florida Statutes. 5.3 Legal Actions In the event BCBSF is served with process in any lawsuit or is made a party to any arbitration proceeding or other legal action relating to any matter for which indemnification is required under the preceding paragraph, the Employer shall, upon written request by BCBSF, immediately furnish a defense to and indemnify and hold harmless BCBSF in any such lawsuit, proceeding or other action and shall use its best efforts to secure, by motion or otherwise, the dismissal of BCBSF from such lawsuit, proceeding or other action. BCBSF will provide the Employer with available data and materials that are reasonably necessary for the preparation of the defense of such lawsuit, proceeding or other action. SECTION VI MISCELLANEOUS PROVISIONS 6.1 Amendment Except as otherwise provided for herein, this Agreement may be modified, amended, renewed, or extended only upon mutual agreement, in writing, signed by the duly authorized representatives of the Employer and BCBSF. 6.2 Subsidiaries and Affiliates Any of the functions to be performed by BCBSF under this Agreement may be performed by BCBSF or any of its subsidiaries, affiliates, or designees. 6.3 Governing Law 12 ASAPPOSTD This Agreement is subject to and shall be governed by the laws of the State of Florida, except where those laws are preempted by the laws of the United States. All State laws relating to public records to include, but not be limited to, Chapter 119, Florida Statutes, and Article I, Section 24 of the Constitution of the State of Florida control as to any and all provisions of this Agreement. 6.4 Venue All actions or proceedings instituted by the Employer or BCBSF hereunder shall be brought in a court of competent jurisdiction in Seminole County, Florida. 6.5 Waiver of Breach Waiver of a breach of any provision of this Agreement shall not be deemed a waiver of any other breach of the same or a different provision. 6.6 Inconsistencies If the provisions of this Agreement are in any way inconsistent with the provisions of the Group Health Plan, then the provisions of this Agreement shall prevail and the other provisions shall be deemed modified, but only to the extent necessary to implement the intent of the parties expressed herein. 6.7 Notices Any notice required to be given pursuant to this Agreement shall be in writing, postage pre -paid, and shall be sent by certified or registered mail, return receipt requested, or by Federal Express or other overnight mail delivery for which evidence of delivery is obtained by the sender, to BCBSF or the Employer at the addresses indicated on the first page of this Agreement, or such other addresses that the parties may hereafter designate. The notice shall be effective on the date the notice was posted. 6.8 Entire Agreement This Agreement, including the attachments hereto, contains the entire agreement between BCBSF and the Employer with respect to the specific subject matter hereof. Any prior agreements, promises, negotiations or representations, either verbal or written, relating to the subject matter of this Agreement and not expressly set forth in this Agreement are of no force and effect. This Agreement is the result of bona fide arms length negotiations between the Employer and BCBSF and all parties have contributed substantially and 13 ASAPPOSTD materially to the preparation of the Agreement. Accordingly, this Agreement shall not be construed or interpreted more strictly against any one party than against any other party. 6.9 Severability In the event any provision of this Agreement is deemed to be invalid or unenforceable, all other provisions shall remain in full force and effect. 6.10 Binding Effect of Agreement The Agreement shall be binding upon and inure to the benefit of the parties, their agents, servants, employees, successors, and assigns unless otherwise set forth herein or agreed to by the parties. 6.11 Survival The rights and obligations of the parties as set forth herein shall survive the termination of this Agreement to the extent necessary to effectuate the intent of the parties as expressed herein. 6.12 Independent Relationship Notwithstanding any other provision of this Agreement, in the performance of the obligations of this Agreement, each party is at all times acting and performing as an independent contractor with respect to the other party. It is further expressly agreed that no work, act, commission or omission of either party (or any of its agents or employees) pursuant to the terms and conditions of this Agreement, shall be construed to make or render such party (or any of its agents or employees) an agent, servant, representative, or employee of, or joint venture with, such other party. 6.13 Hiring Practices BCBSF agrees that it will not discriminate against any person because of race, color, religion, sex, age, national origin or disability and will take affirmative steps to insure that all persons are treated during employment without regard to race, color, religion, sex, age, national origin or disability. This provision shall include, but not be limited to, the following: employment, upgrading, demotion or transfer; recruitment advertising; layoff or termination; rates of pay or their forms or compensation; and selection for training, including apprenticeship. BCBSF, moreover, shall comply with all the requirements as imposed by the Americans with Disability Act, the regulations of the Federal government issued thereunder, and any and all requirements of State law related thereto. BCBSF shall not discriminate on the grounds of race, color, religion, sex, or national origin in the performance of work under this Agreement. 14 ASAPPOSTD BCBSF warrants that it has not employed or retained any company or person, other than a bona fide employee working solely for BCBSF, to solicit or secure this Agreement and that BCBSF has not paid or agreed to pay any person, company, corporation, individual or firm other than a bona fide employee working solely for BCBSF, any fee, commission, percentage, gift, or any other consideration, contingent upon or resulting from the award of making this Agreement. 6.14 Tobacco Litigation Disclosure The Employer understands and acknowledges that BCBSF is currently a plaintiff, together with a number of other Blue Cross and /or Blue Shield organizations, in an action filed in the United States District Court for the Eastern District of New York on April 29, 1998 against the major tobacco manufacturers and related entities (the "Tobacco Litigation "). The action is entitled Blue Cross and Blue Shield of New Jersey, Inc. et al. v. Philip Morris, Inc. et al. (No. CV98 -3287 (JBW)). The Employer further understands and acknowledges that: (1) the suit seeks both injunctive relief and reimbursement of billions of dollars in damages attributable to the payment of health care costs for tobacco - related illnesses; (2) BCBSF has offered to its customers who have an Administrative Services Agreement in effect either (a) as of the date of the filing of the complaint or (b) at a date subsequent to the filing of the complaint up through December 31, 1998 ( "ASO customers "), the opportunity to participate in the Tobacco Litigation; (3) certain of those ASO customers have decided to participate in the Tobacco Litigation (those ASO customers of BCBSF that have decided to participate in the Tobacco Litigation are referred to below as the "Participating ASO Customers "); (4) BCBSF intends to seek to recover damages, among other things, for benefits paid for medical care provided to its insureds, and as claims administrator for its Participating ASO Customers, additional damages with respect to benefits paid by them for tobacco - related illnesses during the period that BCBSF served as their claims administrator; (5) the damages BCBSF intends to seek to recover in the Tobacco Litigation cover the period both prior to the filing of the complaint on April 29, 1998 and the period subsequent to the filing of the complaint; (6) the period subsequent to the filing of the complaint for which BCBSF intends to seek to recover damages will likely overlap with the time period during which BCBSF will serve as claims administrator on behalf of the Employer; (7) if BCBSF recovers money by way of a settlement or judgment in the Tobacco Litigation, then the Participating ASO Customers are likely to receive a pro rata share of that monetary recovery and that pro rata share may be substantial; (8) because the Employer was not an ASO customer either as of the date of filing the complaint or at a date subsequent to the filing of the complaint up through December 31, 1998, BCBSF has not offered the Employer the option of participating in the Tobacco Litigation is ASAPPOSTD and, as a consequence, if BCBSF recovers money by way of a settlement or judgment in the Tobacco Litigation, the Employer: (a) will not receive any pro rata share of that monetary recovery, (b) will not be entitled to any pro rata share of that monetary recovery, and (c) will not assert or interpose any claim with respect to that monetary recovery; and (9) THE EMPLOYER IS FREE TO BRING A SEPARATE ACTION (EITHER ALONE OR WITH OTHER PLAINTIFFS) AGAINST THE MAJOR TOBACCO MANUFACTURERS AND RELATED ENTITIES IF IT CHOOSES TO DO SO. The Employer hereby agrees to indemnify and hold harmless BCBSF, its directors, officers, employees and agents against any and all actions, claims, lawsuits, settlements, judgments, costs, interest, penalties, expenses and taxes, including but not limited to, attorney's fees and court costs, resulting from or arising directly or indirectly out of or in connection with the participation, or non - participation, by the Employer in the Tobacco Litigation and /or in any other actions against the major tobacco manufacturers and related entities. 6.14 Execution of Agreement This Agreement may be executed in any number of counterparts, each of which shall be deemed an original and such counterparts shall constitute one and the same instrument. IN WITNESS WHEREOF, on the date first written above, the parties have caused this Agreement to be executed by their duly authorized representatives. BLUE CROSS AND BLUE SHIELD FLORIDA, IN Signature Name (Printed) Title Date CITY OF SANFORD Siog6ature 1Cevft, L, Sm /t Name (Printed) F; i h Aj, Cc -ii G'ed Title Tulle - aDo� Date 16 ASAPPOSTD EXHIBIT "A" to the ADMINISTRATIVE SERVICES AGREEMENT between BLUE CROSS AND BLUE SHIELD OF FLORIDA, INC. and CITY OF SANFORD GROUP HEALTH PLAN The entire Group Health Plan is attached hereto and made a part of this Agreement. 17 ASAPPOSTD EXHIBIT "B" to the ADMINISTRATIVE SERVICES AGREEMENT between BLUE CROSS AND BLUE SHIELD OF FLORIDA, INC. and CITY OF SANFORD FINANCIAL ARRANGEMENTS Effective Date The effective date of this Exhibit is October 1, 2004. II. Monthly Payments A. Each month, BCBSF will notify the Employer of the amount due to satisfy the previous month's paid claims liability. BCBSF also will provide the Employer with a detailed printout of the previous months claim payments. The Employer agrees to pay the full amount of the bill within ten (10) days of the written notification. If the payment is not received by BCBSF by the payment due date, the payment will be considered past due and subject to a late payment charge, as set forth below. Additionally, BCBSF will immediately suspend claims until payment is received by BCBSF. B The Employer agrees to pay to BCBSF, each month during and after the term of this Agreement, an administrative fee, as set forth below. The Employer agrees to pay to BCBSF, each month, the administrative fee within ten (10) days of the written notification of the amount due. If payment is not received by BCBSF by the due date, the payment will be considered past due and subject to a late payment charge, as set forth below. Additionally, BCBSF will immediately suspend claims until payment is received by BCBSF. III. Funding Information A. Method of Funding Transfer: ACH IV. Administrative Fees A. Administrative fees during the term of the Agreement: Exhibit B -B1- $ 43.00 per enrolled employee per month from October 1, 2004 through September 30, 2005 and no greater than $48.00 per enrolled employee per month from October 1, 2005 through September 30, 2006. B. Administrative fees after the termination of the Agreement: N/A % of claims paid. V. Late Payment Penalty A. A daily charge of .00038 times the amount of overdue payment. The provisions of the Prompt Payment Act shall apply to this Agreement. VI. Expected Enrollment A. The administrative fees referenced above are based on an expected enrollment of: Single — 319 and Family — 254. B. If the actual enrollment is materially different from this expected enrollment, BCBSF reserves the right to adjust the administrative fees as set forth in the Agreement. Actual administrative fees will be charged based on actual enrollment. Exhibit B -B2- EXHIBIT "C" to the ADMINISTRATIVE SERVICES AGREEMENT between BLUE CROSS AND BLUE SHIELD OF FLORIDA, INC. and CITY OF SANFORD HIPAA -AS ADDENDUM TO ADMINISTRATIVE SERVICES AGREEMENT This addendum ( "Addendum ") is effective upon execution and amends that Administrative Services Agreement ( "Agreement ") made as of October 1, 2004 by and among Blue Cross and Blue Shield of Florida, Inc. ( "Administrator "); City of Sanford ( "Employer ") and City of Sanford Health Plan ( "GHP "). WHEREAS, Employer has established and maintains GHP as a self - insured employee welfare benefit plan, as described in GHP's Plan Document (referred to in the Agreement as the Group Health Plan); and WHEREAS, Employer and GHP desire to retain Administrator to provide certain claim processing and administrative services with respect to GHP; and WHEREAS, Employer, GHP, and Administrator agree to modify the Agreement to incorporate the provisions of this Addendum to address applicable requirements of the implementing regulations, codified at 45 Code of Federal Regulations ( "C.F.R. ") Parts 160 -64, for the Administrative Simplification provisions of Title II, Subtitle F of the Health Insurance Portability and Accountability Act of 1996 (collectively, "HIPAA -AS "), so that GHP may meet its compliance obligations under HIPAA -AS, and to include additional provisions that Employer, GHP, and Administrator desire to have as part of the Agreement; NOW, THEREFORE, in consideration of the mutual promises contained herein, Employer, GHP, and Administrator hereby agree as follows: PART 1— DEFINITIONS I. DEFINITIONS All capitalized terms in this Addendum that are not defined by this Addendum will have the meaning ascribed to them by 45 C.F.R. Parts 160 -64. The following terms have the following meanings when used in this Addendum: A. "Covered Employee" means the person to whom coverage under GHP has been extended by Employer. B. "Covered Person" means the Covered Employee and any other persons to whom coverage has been extended under GHP as specified by GHP's Plan Document. C. "Creditable Coverage Certificate" means a certificate disclosing information relating to an individual's creditable coverage under a health care benefit program for purposes of reducing any preexisting condition limitation or exclusion imposed by any group health plan coverage. Cl HIPAA \BA D. "Disclose" and "disclosure" mean, with respect to Protected Health Information, release, transfer, providing access to or divulging to a person or entity not within Administrator. E. "Electronic Protected Health Information" means Protected Health Information that is (1) transmitted by electronic media or (2) maintained in electronic media. F. "Protected Health Information" means the Protected Health Information, as that term is defined in 45 C.F.R. § 160.103, that Administrator creates or receives for, on behalf of, or from GHP (or from a GHP Business Associate) in the performance of Administrator's duties under the Agreement and this Addendum. For purposes of this Addendum, Protected Health Information encompasses Electronic Protected Health Information. G. "Plan Document" means GHP's written documentation that informs Covered Persons of the benefits to which they are entitled from GHP and describes the procedures for (1) establishing and carrying out funding of the benefits to which Covered Persons are entitled under GHP, (2) allocating and delegating responsibility for GHP's operation and administration, and (3) amending the Plan Document. Employer and GHP represent and warrant that GHP's Plan Document provides for the allocation and delegation of the responsibilities assigned to Administrator under the Agreement. I. "Use" means, with respect to Protected Health Information, utilization, employment, examination, analysis or application within Administrator. PART 2-- ADMINISTRATOR'S RESPONSIBILITIES II. SERVICES PROVIDED BY ADMINISTRATOR During the continuance of the Agreement, Administrator will perform the services set forth in the Agreement with respect to the benefits offered to Covered Persons by GHP. III. PRIVACY AND SECURITY OF PROTECTED HEALTH INFORMATION A. Preservation of Privacy Administrator will keep confidential all Protected Health Information that Administrator creates or receives on GHP's behalf or receives from GHP (or another Business Associate of GHP) in the performance of its duties under the Agreement and this Addendum. B. Prohibition on Non - Permitted Use or Disclosure Administrator will neither use nor disclose Protected Health Information (including any Protected Health Information that Administrator may receive from a GHP Business Associate) except (1) as permitted or required by this Addendum, (2) as permitted or required in writing by GHP, or (3) as Required by Law. C. Permitted Uses and Disclosures Administrator will be permitted to use or disclose Protected Health Information only as follows: C2 HIPAA \BA 1. Functions and Activities on GHP's Behalf Administrator will be permitted to use and disclose Protected Health Information for the performance of services set forth in the Agreement, which the parties agree are intended to include, but are not limited to, Payment activities and Health Care Operations, and which shall hereby also include Data Aggregation. 2. Payment Activities and Health Care Operations Administrator will be permitted to disclose Protected Health Information in accordance with 45 C.F.R. § 164.506(c) for the Payment activities of another Covered Entity or Health Care Provider and for the qualifying Health Care Operations of another Covered Entity. 3. Covered Person Permission Administrator will be permitted to use or disclose Protected Health Information in accordance with an authorization or other permission granted by an Individual (or the Individual's Personal Representative) in accordance with 45 C.F.R. § 164.508 or 45 C.F.R. § 164.510, as applicable. 4. Administrator's Own ManaEement and Administration a. Protected Health Information Use Administrator will be permitted to use Protected Health Information as necessary for Administrator's proper management and administration or to carry out Administrator's legal responsibilities. b. Protected Health Information Disclosure Administrator will be permitted to disclose Protected Health Information as necessary for Administrator's proper management and administration or to carry out Administrator's legal responsibilities only (i) if the disclosure is Required by Law, or (ii) if before the disclosure, Administrator obtains from the entity to which the disclosure is to be made reasonable assurance, evidenced by written contract, that the entity will (1) hold Protected Health Information in confidence, (2) use or further disclose Protected Health Information only for the purposes for which Administrator disclosed it to the entity or as Required by Law; and (3) notify Administrator of any instance of which the entity becomes aware in which the confidentiality of any Protected Health Information was breached. 5. De- Identified Health Information Administrator may use Protected Health Information to create De- Identified Health Information in conformance with 45 C.F.R. § 164.514(b). Administrator may use and disclose De- Identified Health Information for any purpose, including after any termination of the Agreement and this Addendum. C3 HIPAA \BA 6. Limited Data Set a. Creation of Limited Data Set Administrator may use Protected Health Information to create a Limited Data Set: i. that contains the minimum amount of Protected Health Information reasonably necessary to accomplish the purposes set out in Paragraph b of this Section III.C.6, below; and ii. from which have been removed all of the direct identifiers, as specified in 45 C.F.R. § 164.514(e)(2), of the Individuals whose Protected Health Information is included in the Limited Data Set and of the relatives, household members and employers of those Individuals. b. Administrator's Permitted Uses and Disclosures Administrator may use and disclose the Limited Data Set for only Health Care Operations permitted by this Addendum. c. Prohibition on Unauthorized Use or Disclosure i. Administrator will neither use nor disclose the Limited Data Set for any purpose other than as permitted by Paragraph b of this Section III.C.6, as otherwise permitted in writing by GHP, or as Required by Law. ii. Administrator is not authorized to use or disclose the Limited Data Set in a manner that would violate the Privacy Rule, 45 C.F.R. Part 164, Subpart E, if done by GHP. iii. Administrator will not attempt to identify the information contained in the Limited Data Set or contact any Individual who may be the subject of information contained in the Limited Data Set. d. Information Safeguards Administrator will adopt and use appropriate administrative, physical, and technical safeguards to preserve the integrity and confidentiality of the Limited Data Set and to prevent its use or disclosure other than as permitted by this Section III.C.6. e. Permitted Subcontractors, and Agents Administrator will require any agent or subcontractor to which it discloses the Limited Data Set, to agree to comply with the same restrictions and conditions that apply to Administrator's use and disclosure of the Limited Data Set pursuant to this Section III.C.6. C Breach of Privacy Obligations Administrator will report to GHP any use or disclosure of the Limited Data Set that is not permitted by this Section III.C.6 of which Administrator becomes aware. D. Minimum Necessary Administrator will, in the performance of its functions and activities on GHP's behalf under the Agreement and this Addendum, make reasonable efforts to use, to disclose, or to request of a Covered Entity only the minimum necessary amount of Protected Health Information to C4 HIPAA \BA accomplish the intended purpose of the use, the disclosure, or the request, except that Administrator will not be obligated to comply with this minimum necessary limitation with respect to: Disclosures to GHP, as distinguished from disclosures to Employer; 2. Disclosure to or request by a health care provider for Treatment; 3. Use with or disclosure to a Covered Person who is the subject of Protected Health Information, or that Covered Person's Personal Representative; 4. Use or disclosure made pursuant to an authorization compliant with 45 C.F.R. § 164.508 that is signed by an Individual who is the subject of Protected Health Information to be used or disclosed, or by that Individual's Personal Representative, as defined in 45 C.F.R. § 164.502(g); 5. Disclosure to the United States Department of Health and Human Services ( "DHHS ") in accordance with Section VIII below; 6. Use or disclosure that is Required by Law; or 7. Any other use or disclosure that is excepted from the minimum necessary limitation as specified in 45 C.F.R. § 164.502(b)(2). E. Disclosure to GHP and GHP's Business Associates Other than disclosures permitted by Section III.C. above, Administrator will not disclose Protected Health Information to GHP, a GHP Business Associate, or a GHP Vendor, except as directed by GHP in writing. F. Disclosure to Administrator's Subcontractors and Ap_ents Administrator may disclose Protected Health Information to a subcontractor or agent. Administrator will require each subcontractor and agent to which Administrator may disclose Protected Health Information to provide reasonable assurance, evidenced by written contract, that such subcontractor or agent will comply with the same privacy and security obligations with respect to Protected Health Information as this Addendum applies to Administrator. G. Disclosure to Employer Administrator will not disclose any Protected Health Information to Employer, except as permitted by and in accordance with PART 3 below. H. Reporting Non - Permitted Use or Disclosure and Security Incidents 1. Privacy Breach Administrator will report to GHP any use or disclosure of Protected Health Information not permitted by this Addendum or in writing by GHP of which Administrator becomes aware. C5 HIPAA \BA 2. Security Incidents Administrator will report to GHP any incident of which Administrator becomes aware that is (a) a successful unauthorized access, use or disclosure of Electronic Protected Health Information; or (b) a successful major (i) modification or destruction of Electronic Protected Health Information or (ii) interference with system operations in an Information System containing Electronic Protected Health Information. Upon GHP's request, Administrator will report any incident of which Administrator becomes aware that is a successful minor (a) modification or destruction of Electronic Protected Health Information or (b) interference with system operations in an Information System containing Electronic Protected Health Information. I. Duty to Mitip-ate Administrator will mitigate to the extent practicable any harmful effect of which Administrator is aware that is caused by any use or disclosure of Protected Health Information in violation of this Addendum. J. Termination of Addendum GHP will have the right to terminate the Agreement and this Addendum if Administrator has engaged in a pattern of activity or practice that constitutes a material breach or violation of Administrator's obligations regarding Protected Health Information under this Addendum and, on notice of such material breach or violation from GHP, fails to take reasonable steps to cure the breach or end the violation. If Administrator fails to cure the material breach or end the violation within 90 days after receipt of GHP's notice, GHP may terminate the Agreement and this Addendum by providing Administrator written notice of termination, stating the uncured material breach or violation that provides the basis for the termination and specifying the effective date of the termination. K. Disposition of Protected Health Information 1. Return or Destruction Feasible Upon termination of the Addendum, Administrator will, if feasible, return to GHP or destroy, all Protected Health Information in Administrator's custody or control (or in the custody or control of any subcontractor or agent to which Administrator disclosed Protected Health Information). Administrator will complete such return or destruction as promptly as practical after termination of the Addendum. 2. Return or Destruction Not Feasible Administrator will identify for GHP any Protected Health Information that Administrator (or any subcontractor or agent to which Administrator disclosed Protected Health Information) cannot feasibly return to GHP or destroy upon termination of the Addendum and will describe the purposes that make the return to GHP or destruction infeasible. Administrator will limit its (and, by its written contract pursuant to Section III.F. above, any subcontractor's or agent's) further use or disclosure of Protected Health Information after termination of the Addendum to the purposes that make return to GHP or destruction infeasible and to those uses or disclosures Required by Law. C6 HIPAA \BA r } 3. Ongoing Privacy and Security Obligations Administrator's obligations to preserve the privacy and safeguard the security of Protected Health Information as specified in this Addendum will survive termination or other conclusion of the Agreement and this Addendum. IV. ACCESS, AMENDMENT, AND DISCLOSURE ACCOUNTING FOR PROTECTED HEALTH INFORMATION A. Access Administrator will, consistent with 45 C.F.R. § 164.524(b)(2), make available to the Covered Person (or the Covered Person's Personal Representative) for inspection and copying any of the Protected Health Information about the Covered Person that qualifies as part of a Designated Record Set that Administrator has in its custody or control, and that is not exempted from access by 45 C.F.R. § 164.524(a), so that GHP can meet its access obligations under 45 C.F.R. § 164.524. B. Amendment Administrator will, consistent with 45 C.F.R. § 164.526(b)(2), amend, pursuant to a Covered Person's written request to amend (or a written request to amend by the Covered Person's Personal Representative), any portion of Protected Health Information about the Covered Person that qualifies as part of a Designated Record Set that Administrator has in its custody or control, so that GHP can meet its amendment obligations under 45 C.F.R. § 164.526. C. Disclosure Accounting So that GHP may meet its disclosure accounting obligations under 45 C.F.R. § 164.528, Administrator will do the following: 1. Disclosure Trackin Starting April 14, 2003, Administrator will, consistent with 45 C.F.R. § 164.528(b), record each disclosure of Protected Health Information that is not excepted from disclosure accounting under 45 C.F.R. § 164.528(a) that Administrator makes to GHP or to a third party ( "Accountable Disclosures "). 2. Disclosure Tracking Time Periods Administrator will have available for Covered Person the disclosure information for each Accountable Disclosure for at least six (6) years immediately following the date of the Accountable Disclosure (except Administrator will not be required to have disclosure information for disclosures occurring before April 14, 2003). 3. Provision of Disclosure Information Administrator will, consistent with 45 C.F.R. § 164.528(c)(1), make available to the Covered Person (or the Covered Person's Personal Representative) the disclosure information regarding the Covered Person, so that GHP can meet its disclosure accounting obligations under 45 C.F.R. § 164.528. C7 HIPAA\BA D. Restriction Reauests GHP will direct a Covered Person to promptly notify Administrator in the manner designated by Administrator of any request for restriction on the use or disclosure of Protected Health Information about a Covered Person that may affect Administrator. Consistent with 45 C.F.R. § 164.522(a), and on behalf of GHP, Administrator will agree to or deny any such restriction request. Administrator will not be in breach of the Agreement or this Addendum for failure to comply with a restriction request on the use or disclosure of Protected Health Information about a Covered Person unless GHP or the Covered Person (or the Covered Person's Personal Representative) notifies Administrator in the manner designated by Administrator of the terms of the restriction and Administrator agrees to the restriction request in writing. E. Confidential Communications Administrator will provide a process for a Covered Person to request that Administrator communicate with the Covered Person about Protected Health Information about the Covered Person by confidential alternative location, and Covered Person to provide Administrator with the information that Administrator needs to be able to evaluate that request. Consistent with 45 C.F.R. § 164.522(b) and on behalf of GHP, Administrator will agree to or deny any confidential communication request. Furthermore, Administrator will develop policies and procedures consistent with 45 C.F.R. § 164.522(b) to fulfill its obligations under this paragraph. Administrator will provide a process for termination of any requirement to communicate with the Covered Person about Protected Health Information about the Covered Person by confidential alternative location. F. Complaint Process Administrator will, consistent with 45 C.F.R. § 164.530(d) and on behalf of GHP, provide a process for Covered Persons (or Covered Person's Personal Representative) to make complaints concerning Administrator's policies and procedures, which policies and procedures GHP hereby adopts as its own so that GHP can meet its compliance obligations under 45 C.F.R. Part 164. V. GHP'S PRIVACY PRACTICES NOTICE A. Preparation of GHP's Privacy Practices Notices Administrator will prepare Privacy Practices Notices appropriate for the benefit plans that Administrator administers for GHP under the Agreement and reflective of the requirements of 45 C.F.R. Part 164 pertaining to use and disclosure of Protected Health Information and Covered Person's rights with respect to Protected Health Information. The Privacy Practices Notices will address whether GHP discloses or authorizes Administrator to disclose to Employer enrollment data, Summary Health Information that may include Covered Persons' Individually Identifiable Health Information, or Protected Health Information for plan administration functions. Unless otherwise agreed upon by the Parties, GHP hereby adopts Administrator's Privacy Practices Notice attached as EXHIBIT 1, and any future revisions thereof, as its own. HIPAA \BA B. Distribution of GHP's Privacy Practices Notice Administrator will distribute GHP's then effective and appropriate Privacy Practices Notice to each new Covered Employee upon the Covered Employee's enrollment in GHP and to any Covered Employee upon request. Administrator will distribute any GHP revised Privacy Practices Notice to each Covered Employee then enrolled in GHP, and may distribute any GHP revised Privacy Practices Notice to any other Covered Person over the age of 18 then enrolled in GHP, within sixty (60) days after any material change in GHP's Privacy Practices Notice. Administrator will distribute GHP's Privacy Practices Notice to any Covered Person requesting it. Additionally, every three (3) years after April 14, 2003, Administrator will notify each Covered Employee then enrolled in GHP, and may notify any other Covered Person over the age of 18 then enrolled in GHP, of the availability of GHP's Privacy Practices Notice upon request. C. Administrator to Comply with Notices Administrator will neither use nor disclose Protected Health Information in any manner inconsistent with the content of GHP's then current Privacy Practices Notice applicable to the benefit plans that Administrator administers for GHP under the Agreement. VI. ISSUANCE OF CERTIFICATE OF CREDITABLE COVERAGE At the written or electronic direction of Employer or GHP, Administrator may use and disclose Protected Health Information to issue to each Covered Person, whose coverage under a benefits plan administered pursuant to the Agreement terminates during the term of the Agreement, a Certificate of Creditable Coverage. The Certificate of Creditable Coverage will be based upon the coverage that the Covered Person had under the benefits plan administered pursuant to the Agreement and the information that Employer or GHP provides to Administrator regarding the Covered Person's coverage eligibility and coverage termination under that benefits plan. VII. SAFEGUARDING PROTECTED HEALTH INFORMATION A. Privacy of Protected Health Information Administrator will maintain reasonable and appropriate administrative, physical, and technical safeguards, consistent with 45 C.F.R. § 164.530(c) and any other implementing regulations issued by DHHS that are applicable to Administrator as GHP's Business Associate, to protect against reasonably anticipated threats or hazards to and to ensure the security and integrity of Protected Health Information, to protect against reasonably anticipated unauthorized use or disclosure of Protected Health Information, and to reasonably safeguard Protected Health Information from any intentional or unintentional use or disclosure in violation of this Addendum. B. Security of Electronic Protected Health Information Administrator will develop, implement, maintain, and use administrative, technical, and physical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of Electronic Protected Health Information that Administrator creates, receives, maintains, or transmits on behalf of GHP consistent with the Security Rule, 45 C.F.R. Part 164, Subpart C. C9 HIPAA \BA VIII. INSPECTION OF INTERNAL PRACTICES, BOOKS, AND RECORDS Administrator will make its internal practices, books, and records relating to its use and disclosure of Protected Health Information available to GHP and to DHHS to determine GHP's compliance with 45 C.F.R. Part 164, Subpart E "Privacy of Individually Identifiable Health Information." PART 3— EMPLOYER'S RESPONSIBILITIES IX. DATA EXCHANGE BETWEEN EMPLOYER AND ADMINISTRATOR A. Enrollment Data Administrator may disclose to Employer the minimum necessary information regarding whether an individual is a Covered Person participating in GHP or enrolled or disenrolled from coverage under the GHP. Employer may electronically exchange data with Administrator regarding the enrollment and disenrollment of Covered Persons as participants in GHP using the Enrollment and Disenrollment in Health Plan Standard Transaction (ASC X12N 834 - Benefit Enrollment and Maintenance) as specified in 45 C.F.R. Part 162, Subpart O. B. Other Data Exchanges and Notifications Employer will exchange with Administrator all data not otherwise addressed in this Section IX and any notification by using such forms, tape formats, or electronic formats as Administrator may approve. Employer will furnish all information reasonably required by Administrator to effect such data exchanges or notifications. X. SUMMARY HEALTH INFORMATION Upon Employer's written request for the purpose either (A) to obtain premium bids for providing health insurance coverage under GHP, or (B) to modify, amend, or terminate GHP, Administrator will provide Summary Health Information regarding the Covered Persons participating in GHP to Employer. XI. EMPLOYER'S CERTIFICATION Employer hereby makes the certification specified in EXHIBIT 2 so that Employer may request and receive the minimum necessary Protected Health Information from Administrator for those plan administration functions that Employer will perform for GHP. GHP therefore authorizes Administrator to disclose the minimum necessary Protected Health Information to those authorized representatives of Employer as specified in EXHIBIT 3 for the plan administration functions that Employer will perform for GHP as specified in GHP's Plan Document as amended and in EXHIBIT 3. Administrator may rely on Employer's certification and GHP's authorization that Employer has provided the requisite certification and will have no obligation to verify (1) that GHP's Plan Document has been amended to comply with the requirements of 45 C.F.R. § 164.504(f)(2), 45 C.F.R. § 164.314(b)(2), or this Section XI, or (2) that Employer is complying with GHP's Plan Document as amended. C10 HIPAA \BA PART 4— MISCELLANEOUS XIY. AUTOMATIC AMENDMENT TO CONFORM TO APPLICABLE LAW Upon the compliance date of any final regulation or amendment to final regulation with respect to Protected Health Information, Standard Transactions, the security of Health Information, or other aspects of HIPAA -AS applicable to this Addendum or to the Agreement, this Addendum will automatically amend such that the obligations imposed on Employer, GHP, and Administrator remain in compliance with such regulations, unless Administrator elects to terminate the Agreement by providing Employer and GHP notice of termination in accordance with the Agreement at least 90 days before the compliance date of such final regulation or amendment to final regulation. XIII. CONFLICTS The provisions of this Addendum will override and control any conflicting provision of the Agreement. All nonconflicting provisions of the Agreement will remain in full force and effect. XIV. ADD GHP AS A PARTY TO AGREEMENT Notwithstanding Section 3.1 of the Agreement, in order to make clear the respective HIPAA -AS compliance obligations of Administrator, GHP, and Employer, as set forth in this Addendum, GHP shall hereby be added as a separate party to the Agreement. XV. REVISION TO SECTION 3.3 The first sentence of Section 3.3 of the Agreement shall be deleted and replaced as follows: "The Administrator shall provide claims processing services on behalf of the Group Health Plan." XVI. REVISION TO SECTION 3.6 In order for GHP to be able to comply with its obligations under the HIPAA -AS Privacy and Security Rules and for Employer and Administrator to be able to comply with their obligations hereunder, the terms and conditions of Section 3.6 of the Agreement, and any subsequent amendments made thereto by the parties, shall be made subject to this Addendum. XVIL REVISION TO SECTION 6.6 Section 6.6 of the Agreement shall be given effect except with respect to the subject matter of this Addendum, in which case Section XIII of this Addendum shall control. XVIII. COMPLIANCE DATE FOR SECURITY OBLIGATIONS Administrator's security obligations as set forth in Sections III.F, III.H.2, and VII.B herein shall take effect the later of (A) the last date set forth in PART 5 below or (B) the compliance deadline of the HIPAA -AS Security Rule (which is, as of the date hereof, April 20, 2005 or April 20 2006 for Small Health Plans). C11 HIPAA\BA PART 5— SIGNATURES ADMINISTRATOR: GROUP HEALTH PLAN: Blue Cross a i 1 of Florida, Inc. City of Sanford Health Vlan By: By: Title: Title: FiaA`Ice .Qi U "2c4 Date: Date: J6,11C EMPLOYER: City of Sanford By: Title: � hwj ce j)) k A>y Date: JUP7 a?., A 005 - C12 HIPAA \BA EXHIBIT 1— SAMPLE NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. Si usted desea una copia de esta notificacion en espanol, por favor comunfquese con un representante de servicio al cliente utilizando el numero telefonico indicado en su tarjeta de asegurado. Health Insurance Portability and Accountability Act - Administrative Simplification (HIPAA -AS) Notice of Privacy Practices for your group health plan Sponsored by your employer and for which Blue Cross and Blue Shield of Florida, Health Options, Inc. and /or Florida Combined Life Insurance Company, Inc. provides claim administration and other services. Our Legal Duty As your health plan, we are required by applicable federal and state laws to maintain the privacy of your protected health information (PHI). We want you to be aware of our privacy practices, our legal duties, and your rights concerning your PHI. We will follow the privacy practices that are described in this notice while it is in effect. This notice took effect April 14, 2003, and will remain in effect until a revised notice is issued. We reserve the right to change our privacy practices and the terms of this notice at any time and to make the terms of our notice effective for all PHI that we maintain. Before we make a significant change in our privacy practices, we will change this notice and send the new notice to you. How we can use or disclose PHI without a specific authorization To You: We must disclose your PHI to you, as described in the Individual Rights section of this notice. For Treatment: For example: we may disclose your PHI to a doctor, dentist or a hospital when requested, in order for the treating provider to provide treatment to you. For Payment: For example: we may use and disclose PHI to pay claims for services provided to you by doctors, dentists or hospitals. We may also disclose your PHI to a health care provider or another health plan so that the provider or plan may obtain payment of a claim or engage in other payment activities. C13 HIPAA\BA For Health Care Operations: For example: we may use or disclose PHI to conduct quality assessment and improvement activities, to conduct fraud and abuse investigations, to engage in care coordination or case management or to communicate with you about health related benefits and services or about treatment alternatives that may be of interest to you. We may also disclose PHI to another health plan or a health care provider subject to federal privacy laws, as long as the plan provider has or had a relationship with you and the PHI is disclosed only for certain health care operations of that plan or provider. For Public Health and Safety: We may use or disclose PHI to the extent necessary to avert a serious and imminent threat to the health or safety of you or others. We may also disclose PHI for public health and government health care oversight activities and to report suspected abuse, neglect or domestic violence to government authorities. As Required by Law: We may use or disclose PHI when we are required to do so by law. For Process and Proceedings: We may disclose PHI in response to a court or administrative order, subpoena, discovery request, or other lawful process. For Law Enforcement: We may disclose PHI to a law enforcement official with regard to crime victims and criminal activities. Special Government Functions: We may disclose the PHI of military personnel or inmates or other persons in lawful custody under certain circumstances. We may disclose PHI to authorized federal officials for lawful national security activities. To Plan Sponsors (including employers who act as Plan Sponsors): We may disclose certain PHI to the Sponsor of your group health plan to perform plan administration functions. We may also disclose enrollment and disenrollment information, or summary health information to the Plan Sponsor so that the Plan Sponsor may: • Obtain premium bids • Decide whether to amend, modify or terminate your group health plan For Research, Death, and Organ Donation: We may use or disclose PHI in certain circumstances related to research, death or organ donation. For Workers Compensation: We may disclose PHI as permitted by workers' compensation and similar laws. Uses and Disclosures of PHI permitted only after Authorization received Authorization: You may give us written authorization to use your PHI or to disclose it to anyone for any purpose not otherwise permitted or required by law. If you give us an authorization, you may revoke it in writing at any time. Your revocation will not affect any use or disclosure permitted by your authorization while it was in effect. To Family and Friends: While the law permits us in certain circumstances to disclose your PHI to family, friends and others, we will do so only with your authorization. In the event you are unable to authorize such disclosure, but emergency or similar circumstances indicate that disclosure would be in your best interest, we may disclose your PHI to family, friends or others to the extent necessary to help with your health care coverage arrangements. C14 HIPAA \BA Individual Rights To exercise any of these rights, please call the customer service number on your ID card. Access: With limited exceptions, you have the right to review in person, or obtain copies of your PHI. We reserve the right to impose reasonable fees associated with this access request as allowed by law. Amendment: With limited exceptions, you have the right to request that we amend your PHI that we have on file. Disclosure Accounting: You have the right to request and receive a list of certain disclosures made of your PHI. If you request this list more than once in a 12 -month period, we may charge you a reasonable, cost -based fee to respond to any additional request. Use /Disclosure Restriction: You have the right to request that we place certain additional restrictions on our use or disclosure of your PHI. We are not required to agree to a requested restriction. Confidential Communication: You have the right to request that we communicate with you in confidence about your PHI at an alternative address. To receive confidential communications at an alternative address, please ask for a PHI address when you call the customer service number located on your ID card. Provider Services and Confidential Communications: If you receive services from any health care providers, you are responsible for notifying those providers directly if you would like to request a PHI address from them. Privacy Notice: You may request a copy of our notice at any time. For more information about our privacy practices, or for additional copies of or questions about this notice, please contact us using the information listed at the end of this notice. Organizations Covered by this Notice This Notice applies to the privacy practices of the organizations listed below: Your group health plan sponsored by your employer and for which Blue Cross and Blue Shield of Florida, Health Options, Inc. or Florida Combined Life Insurance Company, Inc. provides claim administration and other services. Complaints If you are concerned that we may have violated your privacy rights, you may complain to us using the contact information listed at the end of this Notice. You also may submit a written complaint to the U.S. Department of Health and Human Services. We will provide you with the C15 HIPAA \BA address to file your complaint with the U.S. Department of Health and Human Services upon request. We support your right to protect the privacy of your PHI. We will not retaliate in any way if you choose to file a complaint with us or with the U.S. Department of Health and Human Services. Contact Office: The Corporate Compliance Office of Blue Cross and Blue Shield of Florida, administrative service provider for your group health plan. Telephone: 888 - 574 -2583 Address: P.O. Box 44283, Jacksonville, FL 32203 -4283 Si usted desea una copia de esta notificaci6n en espanol, por favor comuniquese con un representante de servicio al cliente utilizando el ndmero telef6nico indicado en su tarjeta de asequrado. C16 HIPAA\BA EXHIBIT 2— EMPLOYER'S CERTIFICATION PART 1 – Employer to Amend Plan Documents for Privacy provisions Employer certifies that Employer has amended GHP's Plan Document to incorporate the provisions required by 45 C.F.R. § 164.504(f)(2), as set forth below, and agrees to comply with GHP's Plan Document as amended. 1. Neither use nor further disclose Protected Health Information, except as permitted or required by GHP's Plan Document or as required by law. 2. Neither use nor disclose Protected Health Information for any employment- related action or decision, or in connection with any other benefit or employee benefit plan of Employer. 3. Ensure adequate separation between Employer and GHP by (a) describing those employees or classes of employees or other persons under Employer's control who will be given access to Protected Health Information to perform plan administration functions for GHP, (b) restricting the access to and use of Protected Health Information by such employees or other persons to the plan administration functions that Employer will perform for GHP, and (c) instituting an effective mechanism for resolving any noncompliance with GHP's Plan Document by such employees or other persons. 4. Ensure that any subcontractor or agent to which Employer provides Protected Health Information agrees to the restrictions and conditions of GHP's Plan Document with respect to Protected Health Information. 5. Report to GHP any use or disclosure of Protected Health Information of which Employer becomes aware that is inconsistent with the uses and disclosures allowed by GHP's Plan Document. 6. Make Protected Health Information available to GHP or, at GHP's direction, to the Covered Person who is the subject of Protected Health Information (or the Covered Person's Personal Representative) so that GHP can meet its access obligations under 45 C.F.R. § 164.524. 7. Make Protected Health Information available to GHP for amendment and, on notice from GHP, amend Protected Health Information, so that GHP can meet its amendment obligations under 45 C.F.R. § 164.526. 8. Record Disclosure Information as defined above for each disclosure that Employer makes of Protected Health Information that is not excepted from disclosure accounting and provide that Disclosure Information to GHP on request so that GHP can meet its disclosure accounting obligations under 45 C.F.R. § 164.528. 9. Make its internal practices, books, and records relating to its use and disclosure of Protected Health Information available to GHP and to DHHS to determine GHP's compliance with 45 C.F.R. Part 164, Subpart E "Privacy of Individually Identifiable Health Information." 10. Return to GHP or destroy if feasible all Protected Health Information in whatever form or medium that Employer (and any subcontractor or agent of Employer) received from GHP or Administrator, C17 HIPAA \BA including all copies thereof and all data, compilations, and other works derived there from that allow identification of any present or past Covered Person who is the subject of Protected Health Information, when Employer no longer needs Protected Health Information for the plan administration functions for which the Employer received Protected Health Information. Employer will limit the use or disclosure of any of Protected Health Information that Employer (or any subcontractor or agent of Employer) cannot feasibly return to GHP or destroy to the purposes that make its return to GHP or destruction infeasible. PART 2 - Employer to Amend Plan Documents for Security provisions Employer further certifies that Employer has amended GNP's Plan Document to incorporate the provisions required by 45 C.F.R. § 164.314(b)(2), as set forth below, and agrees to comply with GHP's Plan Document as amended. 1. Implement administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity and availability of Electronic Protected Health Information that Employer creates, receives, maintains or transmits on GHP's behalf. 2. Ensure that the adequate separation between Employer and GHP required by 45 C.F.R. § 164.504(f)(2)(iii) (as described in item 3 above) is supported by reasonable and appropriate Security Measures. 3. Ensure that any subcontractor or agent to which Employer provides Electronic Protected Health Information agrees to implement reasonable and appropriate Security Measures to protect the Electronic Protected Health Information. 4. Report to GHP any incident of which Employer becomes aware that is (a) a successful unauthorized access, use or disclosure of Electronic Protected Health Information; or (b) a successful major (i) modification or destruction of Electronic Protected Health Information or (ii) interference with system operations in an Information System containing Electronic Protected Health Information. Upon GHP's request, Employer will report any incident of which Employer becomes aware that is a successful minor (a) modification or destruction of Electronic Protected Health Information or (b) interference with system operations in an Information System containing Electronic Protected Health Information. C18 HIPAA \BA EXHIBIT 3— DISCLOSURE OF PROTECTED HEALTH INFORMATION FOR PLAN ADMINISTRATION Group Health Plan ( "GHP ") must promptly notify Administrator in writing if any of the information contained in EXHIBIT 3 changes. PART 1 Name(s) and Title(s) of Employer representatives (i.e. employees of Employer) authorized to request and receive the minimum necessary Protected Health Information from Administrator: Jo ce Ri ins - McCo H.R. Administrator kf 0, �► N �+t�cc J rUecf oV herY C �rh�li i ; We��ov - ire W,rossorl� ;sY for the performance of the following plan administration functions for GHP unless otherwise indicated by GHP: • Actuarial and statistical analysis • Claims /membership inquiries • Procurement of reinsurance or stop loss coverage • Quality assessment and improvement activities • Performance monitoring • Other health care operations • Payment activities PART 2 Identify the name(s), title(s) and company name(s) of any individual(s) from organizations other than Employer or Group Health Plan ( "GHP ") (examples of such "GHP Vendor" types of services include, but are not limited to, stop -loss carriers; reinsurers; agents, brokers or consultants; or external auditors) that Employer or GHP hereby authorizes to request and receive the minimum necessary Protected Health Information to perform plan administration functions and/or assist with the procurement of reinsurance or stop -loss coverage: Company Name Type of Service Performed (Example: stop -loss carrier, reinsures agent, broker Name of Individual Performing Service Title of Individual Performing Service T r h ,c1i'cC i'0+�c et fcrce c Vefet� C19 HIPAA \BA EXHIBIT "D" to the ADMINISTRATIVE SERVICES AGREEMENT between BLUE CROSS AND BLUE SHIELD OF FLORIDA, INC. and CITY OF SANFORD CONFIDENTIALITY AND INDEMNITY AGREEMENT This Agreement, effective October 1, 2004 is entered into between Blue Cross and Blue Shield of Florida, Inc. (hereinafter "Administrator "), and City of Sanford (hereinafter "Employer "), and McLain, Pierce and Associates (hereinafter "Consultant ") and ' ( hereinafter "Reinsures'). 6LfmeA44 0� -DF 5Ut -AAC&� eavy"Ly WHEREAS, Employer has established and maintains a self - insured Employee Welfare Benefit Plan pursuant to the Employee Retirement Income Security Act of 1974 to provide certain benefits as its Group Health Plan (hereinafter "Plan ") for covered group members and their covered dependents; and WHEREAS, Administrator and Employer have entered into an agreement for the administration of the Group Health Plan (hereinafter "Administrative Services Agreement "); and WHEREAS, Employer has directed Administrator to provide Consultant and /or Reinsurer access to certain Confidential Information (hereinafter defined) for cases which meet the criteria set forth in attached Exhibit 1, which Employer has determined is necessary for Consultant and/or Reinsurer to perform the certain services for the Employer; and WHEREAS, Administrator desires to safeguard the confidentiality of the medical claims and other information acquired with regard to the covered group members and their covered dependents and to safeguard information regarding Administrator's policies and procedures which are regarded as confidential and proprietary; and WHEREAS, Employer, Consultant, and Reinsurer recognize the legitimate interests of Administrator and the individuals whose health benefits are administered by Administrator in the proprietary, confidential, and private nature of such Confidential Information, and Administrator is willing to provide the Confidential Information only if its use is restricted to the purpose for which it is released and its confidentiality is maintained; NOW, THEREFORE, for good and valuable consideration, the parties hereby agree as follows: 1. For the purposes of this Agreement, "Confidential Information" means the information listed below in this Paragraph 1, any information that Consultant and/or Reinsurer learns or becomes aware of, directly or indirectly, through the disclosure of Confidential ASA Conf D1 Information, and any and all summaries, distillations, excerpts, work product or other documents utilizing or incorporating same, whether in whole or in part. — Medical claim record information concerning individuals covered under the Plan, — Administrator's provider contract information, e.g., allowances, fee schedules, etc., and — any other information designated by Administrator as confidential, trade secret, or proprietary. 2. Consultant and /or Reinsurer shall only request, use and disclose the minimum amount of Confidential Information necessary for Consultant and /or Reinsurer to perform the services for Employer. 3. Confidential Information shall not include information that (i) is already known to Consultant and /or Reinsurer on effective date of this Agreement; (ii) is or becomes known to the general public other than as a direct or indirect result of any act or omission of Employer, Consultant, Reinsurer, or the affiliates, officers, directors, partners, employees, or agents (collectively, the "Related Parties ") of Employer, Consultant or Reinsurer; (iii) is lawfully received by Consultant and /or Reinsurer from a third party that Consultant and/or Reinsurer has verified is free to disclose the information without restriction on disclosure; or (iv) is independently developed by Consultant and /or Reinsurer without use of Confidential Information. 4. Subject to applicable laws, Administrator will release to Consultant and /or Reinsurer certain Confidential Information for purposes of. 1) monitoring designated cases for which reinsurance coverage may be available to Employer; and /or 2) auditing claims payments made by Administrator; provided that Employer is in compliance with all other terms and conditions of this Agreement and the Administrative Services Agreement, and Consultant and Reinsurer are in compliance with all other terms and conditions of this Agreement. 5. Consultant and Reinsurer each acknowledge that Administrator will provide Confidential Information to Consultant and /or Reinsurer in confidence and solely for Consultant's and /or Reinsurer's use in performing the services for Employer. Accordingly, Consultant and Reinsurer each agree (i) to protect any and all Confidential Information Consultant or Reinsurer receives from unauthorized access, use and disclosure; (ii) not to use the Confidential Information for any purpose other than performing the services for Employer; (iii) not to record, copy, or reproduce any Confidential Information in any form, except to the extent necessary to perform the services for Employer; (iv) not to disclose the Confidential Information to, or otherwise permit to access the Confidential Information, any third party, including without limitation Consultant's or Reinsurer's Related Parties, except as expressly provided herein or with Administrator's prior written consent; (v) to limit access to and use of the Confidential Information to those of Consultant's or Reinsurer's employees who have a need to know such information for the purpose of performing the services and have acknowledged, in a writing which will be made available to Administrator upon request, their individual agreement to the terms hereof; and (vi) to take any and all other steps necessary to safeguard Confidential ASA Conf D2 Information against unauthorized access, use, and disclosure to at least the extent Consultant or Reinsurer maintains the confidentiality of its most proprietary and confidential information. 6. Consultant and/or Reinsurer shall ensure that its agents, contractors and vendors to whom it discloses Confidential Information agree to abide by those provisions within this Agreement that govern the use, disclosure, and protection of all Confidential Information obtained from Administrator. This provision shall not be construed to permit any delegation or assignment of Consultant's or Reinsurer's obligations otherwise prohibited by this Agreement. 7. Consultant and /or Reinsurer shall promptly report in writing to Administrator any use or disclosure of Confidential Information not provided for under this Agreement, of which Consultant and /or Reinsurer becomes aware, but in no event later than within five business days of first learning of any such use or disclosure. Consultant and /or Reinsurer shall mitigate, to the extent practicable, any harmful effect that is known to Consultant and /or Reinsurer of a use or disclosure of Confidential Information by Consultant and /or Reinsurer in violation of this Agreement. 8. Consultant and /or Reinsurer may disclose Confidential Information if required to do so under any federal, state, or local law, statute, rule or regulation; provided, however, that (i) Consultant and /or Reinsurer will provide Administrator with immediate written notice of any request that Consultant and/or Reinsurer disclose Confidential Information, so that Administrator may object to the request and /or seek an appropriate protective order or, if such notice is prohibited by law, Consultant and/or Reinsurer shall disclose the minimum amount of Confidential Information required to be disclosed under the applicable legal mandate; and (ii) in no event shall Consultant and /or Reinsurer disclose Confidential Information to a party other than a government agency except under a valid order from a court having jurisdiction requiring the specific disclosure. 9. By disclosing Confidential Information to Consultant and /or Reinsurer under this Agreement (including but not limited to information incorporated in computer software or held in electronic storage media), Administrator grants Consultant and /or Reinsurer no ownership right or interest in the Confidential Information. When Consultant and /or Reinsurer no longer need Confidential Information for the purpose for which it was disclosed but no later than the expiration or termination of this Agreement, Consultant and /or Reinsurer shall collect and return to Administrator or destroy all Confidential Information received from or on behalf of Administrator that Consultant and /or Reinsurer has in its control or custody in any form and shall retain no copies of such information. Consultant and /or Reinsurer shall complete these obligations as promptly as possible. Upon request, an authorized officer of Consultant and /or Reinsurer shall certify on oath to Administrator that all Confidential Information has been returned or destroyed and deliver such certification to Administrator within ten (10) business days of its request. If return or destruction of any Confidential Information is not feasible, Consultant and /or Reinsurer shall limit further uses and disclosures of such Confidential Information to those purposes making return or destruction infeasible and continue to apply the protections of this Agreement to such Confidential Information for so long as Consultant and /or Reinsurer retains such Confidential Information. Consultant and /or ASA Conf D3 i ' Reinsurer may, subject to its continued adherence to its obligations of confidentiality as defined in this Agreement, retain one copy of documents containing Confidential Information to defend its work product and to comply with applicable insurance record - keeping laws and regulations. 10. In the event that Consultant and /or Reinsurer perform any of the services on Administrator's premises, Consultant and /or Reinsurer agree not to remove from Administrator's premises any Confidential Information that is provided to or obtained by the Consultant and /or Reinsurer on such premises, without the prior written consent of Administrator. 11. In any report or transmittal to Employer by Consultant and /or Reinsurer that contains or pertains to oral or written Confidential Information, no medical information or dates of service will be identifiably attributed to any particular employee, dependent, or provider. Furthermore, any such report or transmittal shall not contain any information designated by Administrator as confidential, trade secret, or proprietary. 12. As the administrative simplification provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA -AS) and certain of its implementing regulations (HIPAA -AS Regulations) are now effective, Employer, Consultant, and Reinsurer agree to institute any additional procedures and/or agreements required to ensure the parties' compliance with that law and those regulations. Employer represents and warrants that Employer (i) has amended each Plan's plan document to permit Employer to perform plan administration for the Plans (including the activity(ies) described in the recital clauses above) in accordance with 45 C.F.R. § 164.504(f) and 45 C.F.R. § 164.314(b) of the HIPAA -AS Regulations ( "HIPAA Amendment "); (ii) has delivered to each Plan and Administrator a written statement, certifying its amendment of the Plan's plan document as required by the HIPAA -AS Regulations and its agreement to comply with that amendment; and (iii) has obtained each Plan's permission to receive individually identifiable health information from Administrator for the purposes and subject to the restrictions and protections described in the HIPAA Amendment. Consultant and Reinsurer each agree to be bound, and to cause any agent or subcontractor to be bound, by the same restrictions and protections agreed to by Employer in the HIPAA Amendment with respect to any individually identifiable health information encompassed within the Confidential Information Consultant and /or Reinsurer receives. 13. No health insurance records or information, or claims information, shall be disclosed without the prior written authorization of the individual whose records or information would be disclosed; provided, however, that Consultant and Reinsurer may release information provided pursuant to this Agreement to subsidiaries of Consultant and Reinsurer so long as any and all such subsidiaries agree to abide by all terms and conditions of this Agreement. 14. Employer, Consultant and Reinsurer shall comply with all applicable federal, state or local laws, rules, or regulations or any other order of any authorized court, agency, or regulatory commission, and all applicable professional standards and practices, concerning the handling and /or safekeeping of information and /or other records of the ASA Conf D4 • nature disclosed by Administrator hereunder and shall use such information only for proper and lawful purposes. 15. Employer, Consultant and Reinsurer shall comply with all state and federal laws regulating the disclosure of patient records or private and medically sensitive information released pursuant to this Agreement, including without limitation, alcohol and drug abuse patient records, information relating to treatment of alcohol or drug dependency, HIV testing results, and psychological or psychiatric evaluation. 16. To the extent permitted by law now or hereinafter enacted, Employer agrees to indemnify, defend, and hold Administrator and each of its officers, directors, employees, agents, and other representatives (collectively, "Administrator's Related Parties ") harmless from any actual or threatened legal or administrative action, claim, liability, penalty, fine, assessment, lawsuit, litigation, or other loss, expense, or damage, including without limitation reasonable attorneys' fees and costs (collectively, "Liability "), that Administrator or Administrator's Related Parties may incur arising out of or relating to the disclosure of Confidential Information to Employer, Consultant, or Reinsurer, including without limitation any Liability incurred as a result of any actual or alleged breach by Employer, Consultant, Reinsurer or any Related Parties of Employer, Consultant, or Reinsurer of any applicable law, regulation, or other legal mandate or any provision of this Agreement. 17. Consultant agrees to indemnify, defend, and hold Administrator and Administrator's Related Parties harmless from any actual or threatened legal or administrative action, claim, liability, penalty, fine, assessment, lawsuit, litigation, or other loss, expense, or damage, including without limitation reasonable attorneys' fees and costs (collectively, "Liability "), that Administrator or Administrator's Related Parties may incur arising out of or in connection with any actual or alleged breach by Consultant or any of Consultant's Related Parties of any applicable law, regulation, or other legal mandate or any provision of this Agreement. 18. Reinsurer agrees to indemnify, defend, and hold Administrator and Administrator's Related Parties harmless from any actual or threatened legal or administrative action, claim, liability, penalty, fine, assessment, lawsuit, litigation, or other loss, expense, or damage, including without limitation reasonable attorneys' fees and costs (collectively, "Liability "), that Administrator or Administrator's Related Parties may incur arising out of or in connection with any actual or alleged breach by Reinsurer or any of Reinsurer's Related Parties of any applicable law, regulation, or other legal mandate or any provision of this Agreement. 19. Administrator shall have the option to either provide its own legal counsel or arrange for outside counsel for the defense of such matters referenced above, and the costs of either shall be borne by the indemnifying party in the event of indemnification. 20. Employer, Consultant, and Reinsurer acknowledge and agree that Administrator operates in a highly regulated and competitive environment and that the unauthorized use or disclosure of Confidential Information will cause irreparable harm and significant injury to Administrator, which will be difficult to measure with certainty or to compensate through money damages. Accordingly, Administrator shall be entitled to seek injunctive ASA Conf D5 y or other equitable relief, without bond, and /or specific performance as a remedy for any breach of this Agreement. Such remedy shall not be deemed to be the exclusive remedy for a breach of this Agreement, but shall be in addition to all other remedies available at law or in equity. 21. It is understood and agreed that no failure or delay by Administrator in exercising any right, power or privilege hereunder shall operate as a waiver thereof, nor shall any single or partial exercise thereof preclude any other or further exercise thereof or the exercise of any right, power or privilege hereunder. 22. Upon occurrence of any of the following, this Agreement shall terminate without notice, unless notice is specifically required: a. Termination of the Administrative Services Agreement. b. If Administrator determines at its own discretion that the Confidential Information released pursuant to this Agreement is not being adequately protected by either Employer, Consultant or Reinsurer for confidentiality purposes. c. Upon fifteen (15) days notice to Employer, Consultant or Reinsurer, as appropriate. Such notice shall be given without need for cause. d. Upon any attempt by Employer, Consultant or Reinsurer (which attempts shall be null and void) to assign this Agreement or the right to receive information, without the prior express consent of Administrator. e. Upon enactment of or the effective date of, whichever first occurs, any applicable state or federal law or any rule or regulation of any agency having applicable jurisdiction, which law, rule or regulation shall prohibit (in part or in full) Administrator from fulfilling its obligations hereunder. No penalty, liability or damage shall be applicable or claimed by Employer, Consultant or Reinsurer against Administrator in such event. 23. The relationship between the parties is that of independent contractors. Nothing in this Agreement shall be construed to create a partnership or joint venture between the parties and neither party shall have the right to bind the other to any contracts, agreements, or other obligations without the express, written consent of an authorized representative of the other. 24. This Agreement shall be governed and construed by the laws of the State of Florida (irrespective of its choice of law principles). It constitutes the entire Agreement between the parties in reference to all matters expressed in the Agreement. All previous discussions, promises, representations, and understandings between the parties pertaining thereto, if any, being merged herein. 25. This Agreement may not be assigned, nor any obligations delegated, by Employer, Consultant, and /or Reinsurer, without the prior written consent of Administrator, and any such non - permitted assignment or delegation shall be void. ASA Conf D6 r y . '26. In the event any provision of this Agreement is rendered invalid or unenforceable by any valid act of Congress or the Florida Legislature or by any regulation duly promulgated by the officers of the United States or the State of Florida acting in accordance with law, or if declared null and void by any court of competent jurisdiction, the remainder of this Agreement shall remain in full force and effect. 27. Waiver of breach of any provision of this Agreement shall not be deemed a waiver of any other breach of the same or a different provision. 28. The obligation of Employer, Consultant and /or Reinsurer to protect the privacy of Confidential Information as specified in this Agreement shall be continuous and survive the expiration or termination of this Agreement. In addition, the rights and obligations of the parties set forth in Sections 9, 11, 16 - 20 and of this paragraph 28 of this Agreement shall survive its expiration or termination. 29. This Agreement may be amended by mutual agreement of the parties, but no such amendment shall become effective until it is reduced to writing and signed by duly authorized representatives of each party. IN WITNESS WHEREOF, the parties have caused this Agreement to be executed by their duly authorized representative as set forth below. EMPLOYER CITY OF SANFORD By: Title: 1"i ;74tki� AV �G - Date: Lae 9Z o w.5 ADMINISTRATOR BLUE CROSS AND BLUE SHIELD OF FLORIDA, INC. By: Title: Date: Z �� \o CONSULTANT MCLAI , RCE AND ASSOCIATES By: Title: Date: W(�'— REINSURER By: Title: Date: ASA Conf D7 ! q EXHIBIT 1 Administrator shall release confidential information to Consultant and /or Reinsurer for cases which meet the following criteria: