The URL can be used to link to this page

R2024-09 Ambulance Billing Services Contract31822782v2 BILLING SERVICES AGREEMENT THIS BILLING SERVICES AGREEMENT (hereinafter “Agreement”), is entered into this day of _____________ 20__, between EMS MANAGEMENT & CONSULTANTS, INC. (hereinafter “EMS|MC”) and the VILLAGE OF NORTH PALM BEACH, (hereinafter Client”). WITNESSETH: WHEREAS, EMS|MC is an ambulance billing service company with experience in providing medical billing and collection services to medical transport providers, including fire and rescue and emergency medical service (EMS) providers; and WHEREAS, Client is a Florida municipal corporation with a Fire Rescue Department engaged in the business of providing emergency medical services, and billable medical transportation services; and WHEREAS, Client wishes to retain EMS|MC to provide medical billing, collection and related services as set forth in this Agreement. NOW, THEREFORE, in consideration of the mutual agreements described below and other good and valuable consideration, the receipt and sufficiency of which are acknowledged, the parties agree as follows: 1. ENGAGEMENT. a. During the term of this Agreement, EMS|MC shall provide routine billing, bill processing and fee collection services reasonably required and customary for service providers of similar size and situation to Client (the “Revenue Cycle Management Services” or “RCM Services”). The RCM Services shall include: (1) preparing and submitting initial and secondary claims and bills for Client to insurers and others responsible for payment; (2) performing reasonable and diligent routine collection efforts to secure payments from primary and secondary payers and patients or other entities, as EMS|MC, in its sole discretion deems appropriate); (3) issuing up to three patient statements for all unpaid balances; and (4) referring accounts which have not been collected during EMS|MC normal billing cycle to an outside collection agency if so directed by Client. b. Collectively, the RCM Services that EMS|MC provides to Client shall be referred to as the “Services”. DocuSign Envelope ID: 0D89C347-D1B9-4013-8112-9DC3BB599180DocuSign Envelope ID: 453CA182-ABF8-4510-856B-C657E3EFD084 May15th 24 2 31822782v9 2. EMS|MC Responsibilities. a. EMS|MC will provide the RCM Services in material compliance with all applicable state and federal laws and regulations. b. EMS|MC will submit all “Completed Claims” to the applicable third-party payer. A “Completed Claim” is a claim for emergency medical services and billable medical transportation services that (i) is received by EMS|MC and supported by an ePCR record that contains all necessary and accurate information; (ii) has been reviewed and any identified issues sent to Client for remediation have been rectified; (iii) is for a patient encounter that has been electronically signed off by Client in the ePCR; (iv) has been reviewed by Client and deemed ready for billing; and (v) is not subject to a billing hold. EMS|MC will not have any responsibility for any adverse impact to Client that may result from any delay of Client in completing claims. c. Accounts with outstanding balances after the insurance and/or third-party payer has determined benefits due will be billed by EMS|MC to the patient. EMS|MC will send up to three patient statements to the patient or responsible party, except as to those accounts on which an insurance carrier or third-party payer has accepted responsibility to pay. Once Client has submitted all necessary information, EMS|MC will bill all uninsured patients directly. d. Within ten (10) business days of the last business day of the month, EMS|MC will provide to Client a month end report, which shall include an account analysis report, aging report and accounts receivables reconciliation report for the previous month. Deposit reports will be provided daily. e. During the term of this Agreement, EMS|MC shall maintain, provide appropriate storage and data back-up for all billing records pertaining to the RCM Services provided by EMS|MC hereunder. Upon at least five (5) business days’ prior written notice, EMS|MC shall make such records accessible to Client during EMS|MC business hours. Upon termination of this Agreement, trip data pertaining to the RCM Services shall be returned to Client. Notwithstanding anything to the contrary herein, Client acknowledges and agrees that EMS|MC is not a custodian of clinical records nor a clinical records repository. Client is responsible for maintaining all clinical records in accordance with Section 3(d). f. EMS|MC shall notify Client of (i) all patient complaints about clinical services within five (5) business days of receipt; (ii) all patient complaints about billing within ten 10) business days of receipt; and (iii) all notices of audit, requests for medical records or other contacts or inquiries out of the normal course of business from representatives of Medicare, Medicaid or private payers with which Client contracts or any law enforcement DocuSign Envelope ID: 0D89C347-D1B9-4013-8112-9DC3BB599180DocuSign Envelope ID: 453CA182-ABF8-4510-856B-C657E3EFD084 3 31822782v9 or government agency ("Payer Inquiries") within ten (10) business days of receipt, unless such agency prohibits EMS|MC from disclosing its inquiry to Client. g. EMS|MC will reasonably assist Client in responding to Payer Inquiries which occur in the normal course of Client’s business and arise from EMS|MC’s provision of the Services. If EMS|MC, in its sole discretion, determines that (i) Client is excessively utilizing EMS|MC’s assistance in responding to Payer Inquiries, (ii) a Payer Inquiry is outside the normal course of Client’s business; or (iii) a Payer Inquiry does not arise from the Services provided by EMS|MC, EMS|MC may charge Client, and Client shall pay, for any assistance provided by EMS|MC at EMS|MC’s then current hourly rates. h. EMS|MC is appointed as the agent of Client under this Agreement solely for the express purposes of this Agreement relating to billing and receiving payments and mail, receiving and storing documents, and communicating with hospitals and other entities to facilitate its duties. EMS|MC will have no authority to pledge credit, contract, or otherwise act on behalf of Client except as expressly set forth herein. i. As to all payments received from Medicare, Medicaid and other government funded programs, the parties specifically acknowledge that EMS|MC will only prepare claims for Client and will not negotiate checks payable or divert electronic fund transfers to Client from Medicare, Medicaid or any other government funded program. All Medicare, Medicaid and any other government funded program payments, including all electronic fund transfers, will be deposited directly into a bank account designated by Client to receive such payments and as to such account only Client, through its officers and directors, shall have access. j. The Services provided by EMS|MC to Client under this Agreement are conditioned on Client’s fulfillment of the responsibilities set forth in this Agreement. k. EMS|MC shall have no responsibility to provide any of the following services: i. Determining the accuracy or truthfulness of documentation and information provided by Client; ii. Providing services outside the EMS|MC billing system; iii. Submitting any claim that EMS|MC believes to be inaccurate or fraudulent; or iv. Providing any service not expressly required of EMS|MC by this Agreement. DocuSign Envelope ID: 0D89C347-D1B9-4013-8112-9DC3BB599180DocuSign Envelope ID: 453CA182-ABF8-4510-856B-C657E3EFD084 4 31822782v9 l. For Client’s service dates that occurred prior to the mutually agreed go live date for the Services, Client agrees and understands that EMS|MC is not responsible for any services including, but not limited to, submitting claims or managing any denials, refunds or patient calls. As between Client and EMS|MC, Client is fully responsible for the proper billing and accounting of any remaining balances related to service dates that occurred prior to such go live date. 3. RESPONSIBILITIES OF CLIENT. The following responsibilities of Client are a condition of EMS|MC’s services under this Agreement, and EMS|MC shall have no obligation to provide the Services to the extent that Client has not fulfilled these responsibilities: a. Client will pay all amounts owed to EMS|MC under this Agreement. b. Client will implement standard commercially reasonable actions and processes as may be requested by EMS|MC from time-to-time to allow EMS|MC to properly and efficiently provide the RCM Services. These actions and processes include, but are not limited to, the following: i. Providing EMS|MC with complete and accurate demographic and charge information necessary for the processing of professional and/or technical component billing to third parties and/or patients including , without limitation, the following: patient identification (name, address, phone number, birth date, gender); guarantor identification and address; insurance information; report of services; special claim forms; pre - authorization numbers; and such additional information as is requested by EMS|MC; ii. Providing EMS|MC with complete and accurate medical record documentation for each incident or patient service rendered for reimbursement, which is necessary to ensure proper billing and secure claim payment; iii. Providing EMS|MC, in a timely manner, with Patient Care Reports PCRs) that thoroughly detail the patient’s full medical condition at the time of service and include a chronological narrative of all services and treatment rendered; iv. Obtaining authorizations and signatures on all required forms, including consent to treat, assignment of benefits, release of information and claims; DocuSign Envelope ID: 0D89C347-D1B9-4013-8112-9DC3BB599180DocuSign Envelope ID: 453CA182-ABF8-4510-856B-C657E3EFD084 5 31822782v9 v. Obtaining physician certification statements (PCS) forms for all non- emergency transports and other similar medical necessity forms or prior authorization statements as deemed necessary by the payer; vi. Obtaining or executing all forms or documentation required by Medicare, Medicaid, CHAMPUS, and any other payer or insurance carriers to allow EMS|MC to carry out its billing and other duties under this Agreement; and vii. Implementing reasonable and customary charges for complete, compliant billing. c. Client represents and warrants that the PCR and any and all associated medical records, forms and certification statements provided to EMS|MC are true and accurate and contain only factual information observed and documented by the attending field technician during the course of the treatment and transport. d. Client shall maintain Client’s own files with all original or source documents, as required by law, and only provide to EMS|MC copies of such documents. Client acknowledges that EMS|MC is not the agent of Client for storage of source documentation. e. Client will provide EMS|MC with a copy of any existing billing policy manuals or guidelines, Medicare or Medicaid reports, or any other record or document related to services or billing of Client’s accounts. f. Client will report to EMS|MC within ten (10) business days of payments received directly by Client, and promptly notify EMS|MC of any cases requiring special handling or billing. Client shall advise EMS|MC of any Payer Inquiries within ten (10) business days of receipt. g. Client shall ensure that any refunds posted by EMS|MC are actually issued and paid to the patient, insurer, or other payer as appropriate. h. Client agrees to provide EMS|MC with administrative access to the ePCR system or similar access in order to run reports and review documents and attachments to better service Client’s account. i. Client shall provide EMS|MC with access to its facilities and personnel for the purpose of providing on-site and/or online training to such personnel. Client shall cooperate with EMS|MC and facilitate any training that EMS|MC wishes to provide. j. Client shall complete EMS|MC’s online training course within 90 days of the contract start date and all new hires will complete EMS|MC’s online documentation DocuSign Envelope ID: 0D89C347-D1B9-4013-8112-9DC3BB599180DocuSign Envelope ID: 453CA182-ABF8-4510-856B-C657E3EFD084 6 31822782v9 training within 90 days of hire date. Newly developed training materials by EMS|MC should be mutually agreed upon by the parties to be required training. k. Client shall comply with all applicable federal, state, and local laws, rules, regulations, and other legal requirements that in any way affect this Agreement or the duties and responsibilities of the parties hereunder. 4. EMS|MC WEB PORTALS. a. EMS|MC shall provide Client and those individuals appointed by Client Users”) with access to EMS|MC Web Portals (the “Portals”), which shall be subject to the applicable Terms of Use found on the Portals. To be appointed as a User, the individual must be an employee of Client or otherwise approved by Client and EMS|MC. Client is responsible for all activity of Users and others accessing or using the Portals through or on behalf of Client including, but not limited to, ensuring that Users do not share credentials for accessing the Portals. Client is also responsible for (i) identifying individuals who Client determines should be Users; (ii) determining and notifying EMS|MC of each User’s rights; (iii) monitoring Users’ access to and use of the Portals; (iv) acting upon any suspected or unauthorized access of information through the Portals; (v) ensuring each User’s compliance with this Agreement and the Terms of Use governing the use of the Portals; and (vi) notifying EMS|MC to deactivate a User account whenever a User’s employment, contract or affiliation with Client is terminated or Client otherwise desires to suspend or curtail a User’s access to and use of the Portals. Client agrees to follow best practices to ensure compliance with this provision. b. Client acknowledges that EMS|MC may suspend or terminate any User's access to the Portals (i) for noncompliance with this Agreement or the applicable Terms of Use; (ii) if such User poses a threat to the security or integrity of the Portals or information available therein; (iii) upon termination of Client; or (iv) upon notice of suspension or termination of such User by Client. Client may suspend or terminate a User's access to the Portals at any time. 5. COMPENSATION OF EMS|MC. a. Client shall pay a fee for the Services of EMS|MC hereunder, on a monthly basis, in an amount equal to 4.75% percent of “Net Collections” and $8.50 per Medicaid Claim, as defined below (the “RCM Fee”). Net Collections shall mean all cash and check amounts including electronic fund transfers (EFTs) received by EMS|MC from payers, patients, attorney’s offices, court settlements, collection agencies, government institutions, debt set-off programs, group health insurance plans, private payments, credit cards, healthcare facilities or any person or entity submitting funds on a patient’s account, or any amounts paid directly to Client with or without the knowledge of EMS|MC that are DocuSign Envelope ID: 0D89C347-D1B9-4013-8112-9DC3BB599180DocuSign Envelope ID: 453CA182-ABF8-4510-856B-C657E3EFD084 7 31822782v9 paid, tendered, received or collected each month for Client’s transports, less refunds processed or any other necessary adjustments to those amounts. Price adjustments for such services shall be allowed at the completion of each contract year. Price adjustments shall not exceed the change in the average of the Consumer Price Index (CPI) for all Urban Consumers, Not Seasonally Adjusted, Area: U.S. city average, Item: All item, Base Period: 1982-84=100 over the twelve months prior. b. The RCM Fee is referred to as the "Compensation". c. EMS|MC shall submit an invoice to Client by the tenth (10th) day of each month for the Compensation due to EMS|MC for the previous calendar month. The Compensation amount reflected on the invoice shall be paid in full by the 20th day of the month in which the invoice is first presented to Client (the “Payment Date”). Such amount shall be paid without offset unless the calculation of the amount is disputed in good faith, in which case Client shall pay the undisputed amount and shall provide EMS|MC with detailed written notice of the basis for the disputed portion no later than the Payment Date. Any invoices not disputed in writing by the Payment Date shall be deemed undisputed” for all purposes of the Agreement. All invoices are to be paid directly from Client’s banking institution to EMS|MC via paper check, direct deposit or ACH draft initiated by EMS|MC into EMS|MC’s bank account. d. A one-time late fee of 5% shall be added to any invoices that remain unpaid by the 5th day of the calendar month following the Payment Date. Interest shall begin to accrue on all unpaid balances starting thirty (30) days after the presentment of said invoice for any unpaid balances at the rate of 1½% per month or the highest rate allowed under applicable law, whichever is lower. Client shall be responsible for all costs of collection incurred by EMS|MC or others in attempting to collect any amounts due from Client under this Agreement, including, but not limited to, reasonable attorney fees. e. In the event of a material change to applicable law, the billing process and/or scope of Services provided in this Agreement or a material difference in any of the patient demographics provided by the Client and set forth in Exhibit A, EMS|MC reserves the right to negotiate a fee change with Client and amend this Agreement accordingly or terminate this Agreement. f. EMS|MC may, in its sole discretion, immediately cease to provide Services for Client should the outstanding balance owed to EMS|MC become in arrears . Claims processing will not resume until all outstanding balances are paid in full or arrangements approved by EMS|MC have been made to wholly resolve any outstanding balances. DocuSign Envelope ID: 0D89C347-D1B9-4013-8112-9DC3BB599180DocuSign Envelope ID: 453CA182-ABF8-4510-856B-C657E3EFD084 8 31822782v9 6. TERM OF AGREEMENT. a. This Agreement shall be effective commencing on __________ and shall thereafter continue through __________ (“Initial Term”). This Agreement shall be binding upon the parties hereto and their respective successors, assigns, and transferees. The Agreement shall automatically renew on the same terms and conditions as stated herein, for successive one (1) year terms (each a “Renewal Term”), unless either party gives written notice of intent not to renew at least 60 days before expiration of any term. Notwithstanding anything herein to the contrary, this Agreement may be terminated under the provisions provided below. (The Initial Term and any Renewal Terms are referred to as the “Term”.) b. Termination for Cause. Notwithstanding Section 6(a), either party may terminate this Agreement if the other party materially breaches this Agreement, unless (i) the breaching party cures the breach within 10 days following receipt of notice describing the breach in reasonable detail, or (ii) with respect to a breach which may not reasonably be cured within a 10-day period, the breaching party commences, is diligently pursuing cure of, and cures the breach as soon as practical following receipt of notice describing the breach in reasonable detail. c. Immediate Termination. Either party may terminate this Agreement immediately as a result of the following: i. Failure of Client to make timely payments due under this Agreement; ii. Injury to any customer, independent contractor, employee or agent of the other party hereto arising from the gross negligence or willful misconduct of a party; iii. Harassment of any employee or contractor of a party or commitment of any act by a party which creates an offensive work environment; or iv. Commitment of any unethical or immoral act which harms the other party or could have the effect of harming the other party. 7. RESPONSIBILITIES UPON TERMINATION. a. Subject to Client’s payment of all amounts due hereunder, upon any termination of this Agreement, and during the period of any notice of termination, EMS|MC will make available to Client or its authorized representatives data from the billing system regarding open accounts in an electronic format, and will otherwise reasonably cooperate and assist in any transition of the Services to Client, or its successor billing agent. Upon request, EMS|MC will provide to Client trip data associated with the claims submitted by EMS|MC on behalf of Client pursuant to this Agreement. EMS|MC shall retain financial DocuSign Envelope ID: 0D89C347-D1B9-4013-8112-9DC3BB599180DocuSign Envelope ID: 453CA182-ABF8-4510-856B-C657E3EFD084 May 15, 2025 May 15, 2024 9 31822782v9 and billing records not tendered or returned to Client on termination hereof for at least ten 10) years following the date of service. b. Following termination of this Agreement, for a period of ninety (90) days (the Wind Down”), EMS|MC will continue its billing and collection efforts as to those accounts with dates of services prior to termination, subject to the terms and condit ions of this Agreement including, but not limited to, Section 5. Client will continue to provide EMS|MC with copies of checks and payments on those accounts which were filed by EMS|MC under this Agreement. EMS|MC shall have no further responsibilities as to such accounts after the Wind Down; however, EMS|MC shall be entitled to compensation as provided in Section 5(a) for such amounts filed by EMS|MC, regardless of whether such amounts are collected by Client during or after the Wind Down period. During the Wind Down and for up to twelve months following termination of this Agreement , EMS|MC shall continue to make the Portals available to Client, subject the applicable Terms of Use. Notwithstanding the foregoing, in the event EMS|MC terminated this Agreement pursuant to Sections 6(b) or 6(c), EMS|MC shall have no obligation to provide any Services after the date of termination. 8. EXCLUSIVITY AND MISCELLANEOUS BILLING POLICIES. a. During the term of this Agreement, EMS|MC shall be Client’s exclusive provider of the RCM Services. Client may not directly file, submit or invoice for any medical or medical transportation services rendered while this Agreement is in effect. b. In addition, Client agrees not to collect or accept payment for services from any patient unless the service requested does not meet coverage requirements under any insurance program in which the patient is enrolled or the patient is uninsured. Payments received directly by Client for these services must be reported to EMS|MC as provided in Section 3(f) hereof and shall be treated as Net Collections for purposes of Section 5(a) hereof. c. In compliance with CMS regulations, Medicare patients will not be charged by Client a higher rate or amount for identical covered services charged to other insurers or patients. Accordingly, only one fee schedule shall exist and be used in determining charges for all patients regardless of insurance coverage. d. EMS|MC reserves the right not to submit a claim for reimbursement on any patient in which the PCR and/or associated medical records are incomplete or appear to be inaccurate or do not contain enough information to substantiate or justify reimbursement. This includes missing patient demographic information, insurance information, Physician Certification Statements (PCS) or any required crew and/or patient signatures, or otherwise contradictory medical information. DocuSign Envelope ID: 0D89C347-D1B9-4013-8112-9DC3BB599180DocuSign Envelope ID: 453CA182-ABF8-4510-856B-C657E3EFD084 10 31822782v9 e. Client shall implement and maintain a working compliance plan Compliance Plan”) in accordance with the most current guidelines of the U.S. Department of Health and Human Services (“HHS”). The Compliance Plan must include, but not be limited to, formal written policies and procedures and standards of conduct, designation of a compliance officer, quality assurance policy and effective training and education programs. f. In accordance with the HHS Office of Inspector General (“OIG”) Compliance Program Guidance for Third-Party Medical Billing Companies, EMS|MC is obligated to report misconduct to the government, if EMS|MC discovers credible evidence of Client’s continued misconduct or flagrant, fraudulent or abusive conduct. In the event of such evidence, EMS|MC has the right to (a) refrain from submitting any false or inappropriate claims, (b) terminate this Agreement and/or (c) report the misconduct to the appropriate authorities. 9. NON-INTERFERENCE/NON-SOLICITATION OF EMS|MC EMPLOYEES. Client understands and agrees that the relationship between EMS|MC and each of its employees constitutes a valuable asset of EMS|MC. Accordingly, Client agrees that both during the term of this Agreement and for a period beginning on the date of termination of this Agreement, whatever the reason, and ending three (3) years after the date of termination of this Agreement (the “Restricted Period”), Client shall not, without EMS|MC’s prior written consent, directly or indirectly, solicit or recruit for employment; attempt to solicit or recruit for employment; or attempt to hire or accept as an employee, consultant, contractor, or otherwise, or accept any work from EMS|MC’s employees with whom Client had material contact during the term of this Agreement, in any position where Client would receive from such employees the same or similar services that EMS|MC performed for Client during the term of this Agreement. Client also agrees during the Restricted Period not to unlawfully urge, encourage, induce, or attempt to urge, encourage, or induce any employee of EMS|MC to terminate his or her employment with EMS|MC. Client has carefully read and considered the provisions of Section 9 hereof, and having done so, agrees that the restrictions set forth in such section (including, but not limited to, the time period) are fair and reasonable and are reasonably required for the protection of the legitimate interests of EMS|MC, its officers, directors, shareholders, and employees. 10. PRIVACY. a. Confidentiality. The Parties acknowledge that they will each provide to the other Confidential Information as part of carrying out the terms of this Agreement. EMS|MC and Client will be both a Receiving Party and a Disclosing Party at different DocuSign Envelope ID: 0D89C347-D1B9-4013-8112-9DC3BB599180DocuSign Envelope ID: 453CA182-ABF8-4510-856B-C657E3EFD084 11 31822782v9 times. The Receiving Party agrees that it will not (i) use any such Confidential Information in any way, except for the exercise of its rights and performance of its obligations under this Agreement, or (ii) disclose any such Confidential Information to any third party, other than furnishing such Confidential Information to its employees, consultants, and subcontractors, who are subject to the safeguards and conf identiality obligations contained in this Agreement and who require access to the Confidential Information in the performance of the obligations under this Agreement. In the event that the Receiving Party is required by applicable law to make any disclosure of any of the Disclosing Party’s Confidential Information, by subpoena, judicial or administrative order or otherwise, the Receiving Party will first give written notice of such requirement to the Disclosing Party, and will permit the Disclosing Party to intervene in any relevant proceedings to protect its interests in the Confidential Information, and provide full cooperation and assistance to the Disclosing Party in seeking to obtain such protection, at the Disclosing Party’s sole expense. “Confidential Information” means the provisions of the Agreement (including, but not limited to, the financial terms herein) and any information disclosed by a Party (the Disclosing Party”) to the other Party (the “Receiving Party”). Information will not be deemed Confidential Information hereunder if the Receiving Party can prove by documentary evidence that such information: (a) was known to the Receiving Party prior to receipt from the Disclosing Party directly or indirectly from a source other than one having an obligation of confidentiality to the Disclosing Party; (b) becomes known independently of disclosure by the Disclosing Party) to the Receiving Party directly or indirectly from a source other than one having an obligation of confidentiality to the Disclosing Party; (c) becomes publicly known or otherwise ceases to be secret or confidential, except through a breach of this Agreement by the Receiving Party; or (d) is independently developed by the Receiving Party without the use of any Confidential Information of the Disclosing Party. b. HIPAA Compliance. The parties agree to comply with the Business Associate Addendum, attached hereto and incorporated by reference herein as Attachment 1, documenting the assurances and other requirements respecting the use and disclosure of Protected Health Information. It is Client’s responsibility to ensure that it obtains all appropriate and necessary authorizations and consents to use or disclose any individually identifiable health information in compliance with all federal and state privacy laws, rules and regulations, including but not limited to the Health Insurance Portability and Accountability Act. In the event that this Agreement is, or activities permitted or required by this Agreement are, inconsistent with or do not satisfy the requirements of any applicable privacy or security law, rule or regulation, the parties shall take any reasonably necessary action to remedy such inconsistency. DocuSign Envelope ID: 0D89C347-D1B9-4013-8112-9DC3BB599180DocuSign Envelope ID: 453CA182-ABF8-4510-856B-C657E3EFD084 12 31822782v9 11. DISCLAIMERS, LIMITATIONS OF LIABILITY AND DISPUTE RESOLUTION a. Each Party acknowledges that the liability limitations and warranty disclaimers in the Agreement are independent of any remedies hereunder and shall apply regardless of whether any remedy fails of its essential purpose. Client acknowledges that the limitations of liability set forth in this Agreement are integral to the amount of consideration offered and charged in connection with the Services and that, were EMS|MC to assume any further liability other than as provided in the Agreement, such consideration would of necessity be set substantially higher. b. EMS|MC and Client acknowledge and agree that despite their best efforts, billing errors may occur from time to time. Each party will promptly notify the other party of the discovery of a billing error. EMS|MC’s sole obligation in the event of a billing error will be to correct the error by making appropriate changes to the information in its system, posting a refund if appropriate, and re-billing the underlying claim if permissible. c. Except for any express warranty provided herein or in the applicable exhibit, the services are provided on an "as is," “as available” basis. Client agrees that use of the services is at client’s sole risk; and, to the maximum extent permitted by law, EMS|MC expressly disclaims any and all other express or implied warranties with respect to the services including, but not limited to, warranties of merchantability, fitness for a particular purpose, title, non-infringement or warranties alleged to arise as a result of custom and usage. d. A “Claim” is defined as any claim or other matter in dispute between EMS|MC and Client that arises from or relates in any way to this Agreement or to the Services, or data provided by EMS|MC hereunder, regardless of whether such claim or matter is denominated as a contract claim, tort claim, warranty claim, indemnity claim, statutory claim, arbitration demand, or otherwise. e. To the fullest extent allowed by law, the total liability of EMS|MC to Client regarding any and all Claims shall be capped at, and shall in no event exceed, the total fees paid by Client to EMS|MC under this Agreement in the twelve (12) months prior to the event giving rise to the Claim (the “Liability Cap”). All amounts that may be potentially awarded against EMS|MC in connection with a Claim are included in and subject to the Liability Cap and shall not cause the Liability Cap to be exceeded, including, without limitation, all direct compensatory damages, interest, costs, expenses, and attorneys’ fees. Provided, however, that nothing in the foregoing shall be construed as an admission of liability by EMS|MC in any amount or as a waiver or compromise of any other defense that may be available to EMS|MC regarding any Claim. DocuSign Envelope ID: 0D89C347-D1B9-4013-8112-9DC3BB599180DocuSign Envelope ID: 453CA182-ABF8-4510-856B-C657E3EFD084 13 31822782v9 f. To the fullest extent allowed by law, and notwithstanding any statute of limitations, statute of repose, or other legal time limit to the contrary, no Claim shall be brought by Client against EMS|MC after the earlier of the following to occur (the “Claim Time Limit”): (i) the time period for bringing an action under any applicable state or federal statute of limitations; or (ii) one (1) year after the date upon which Client discovered, or should have discovered, the facts giving rise to an alleged claim;. Any Claim not brought within the Claim Time Limit is waived. The Claim Time Limit applies, without limitation, to any Claim g. Client agrees that any Claim Client may have against EMS|MC, including EMS|MC’s past or present employees or agents, shall be brought individually and Client shall not join such Claim with claims of any other person or entity or bring, join or participate in a class action against EMS|MC. h. To the fullest extent allowed by law, EMS|MC and Client waive claims against each other for consequential, indirect, incidental, special, punitive, exemplary, and treble damages, and for any other damages in excess of direct, compensatory damages including, but not limited to, loss of profits, loss of data, or loss of business, regardless of whether such claim or matter is denominated as a contract claim, tort claim, warranty claim, indemnity claim, statutory claim, arbitration demand, or otherwise , even if a party has been apprised of the possibility or likelihood of such damages occurring (the Non-Direct Damages Waiver”). i. Subject to the Liability Cap, the Claim Time Limit and the Non-Direct Damages Waiver, EMS|MC agrees to indemnify, hold harmless, and defend Client , with reasonably acceptable counsel, from and against any fines, penalties, damages, and judgments that Client becomes legally obligated to pay to a third party proximately caused by EMS|MC’s negligence or intentional acts or omissions. Provided, however, that this indemnity is subject to the following further conditions and limitations: (i) Client must provide prompt written notice to EMS|MC of the matter for which indemnity is or may be sought, within such time that no right of EMS|MC is prejudiced, and in no event no later than thirty (30) days after Client first becomes aware of the facts that give rise or may give rise to a right of indemnity; (ii) Client must allow EMS|MC the opportunity to direct and control the defense and handling of the matter for which indemnity is or may be sought; (iii) Client must not agree to any settlement or other voluntary resolution of a matter for which indemnity is or may be sought without EMS|MC‘s express consent; and iv) Client shall not seek or be entitled to indemnify for amounts that Client reimburses or refunds to Medicaid, Medicare, any governmental entity, any insurer, or any other payer as a result of medical services or medical transportation services for which Client should not have received payment in the first place under applicable rules, regulations, standards DocuSign Envelope ID: 0D89C347-D1B9-4013-8112-9DC3BB599180DocuSign Envelope ID: 453CA182-ABF8-4510-856B-C657E3EFD084 14 31822782v9 and policies. Client waives all rights of indemnity against EMS|MC not in accordance with this subsection. j. In any court proceeding regarding any Claim, the prevailing party shall be entitled to recover from the non-prevailing party the reasonable costs and expenses incurred by the prevailing party in connection with such proceeding, including, without limitation, the reasonable attorneys’ fees, arbitration or court filing fees, arbitrator compensation, expert witness charges, court reporter charges, and document reproduction charges incurred by the prevailing party. . 12. GENERAL. a. Status of Parties. Nothing contained in this Agreement shall be construed as establishing a partnership or joint venture relationship between EMS|MC and Client, or as establishing an agency relationship beyond EMS|MC’s service as a billing and collection agent of Client under the express terms of this Agreement. EMS|MC and its employees and representatives shall have no legal authority to bind Client. b. Assignment. Neither this Agreement nor any rights or obligations hereunder shall be assigned by either party without prior written consent of the other party, except that this Agreement may be assigned without consent to the survivor in any merger or other business combination including either party, or to the purchaser of all or substantially all of the assets of either party. c. Binding Effect. This Agreement shall inure to the benefit of and be binding upon the parties hereto and their respective successors, assigns (where permitted), and transferees. d. Notices. All notices required or permitted by this Agreement shall be in writing and shall be deemed to have been given: (i) on the day received, if personally delivered; (ii) on the day received if sent by a recognized overnight delivery service, according to the courier’s record of delivery; and (iii) on the 5th (fifth) calendar day after the date mailed by certified or registered mail. Such notices shall be addressed as follows: Client: Village of North Palm Beach Village Manager 500 U.S. Highway One North Palm Beach, FL 33408 EMS|MC: DocuSign Envelope ID: 0D89C347-D1B9-4013-8112-9DC3BB599180DocuSign Envelope ID: 453CA182-ABF8-4510-856B-C657E3EFD084 15 31822782v9 EMS Management & Consultants, Inc. Chief Executive Officer 2540 Empire Drive Suite 100 Winston-Salem, NC 27103 Either party may change its address for notices under this Agreement by giving written notice of such change to the other party in accordance with the terms of this section. e. Governing Law. This Agreement and the rights and obligations of the parties hereunder shall be construed in accordance with and governed by the laws of the State of Florida. f. Integration of Terms. This instrument together with all attachments, exhibits and schedules constitutes the entire agreement between the parties, and supersedes all prior negotiations, commitments, representations and undertakings of the parties with respect to its subject matter. Without limiting the foregoing, this Agreement supersedes and takes precedence over any inconsistent terms contained in any Request for Proposal RFP”) from Client and any response to that RFP from EMS|MC. g. Amendment and Waiver. This Agreement may be amended or modified only by an instrument signed by all of the parties. A waiver of any provision of this Agreement must be in writing, designated as such, and signed by the party against whom enforcement of the waiver is sought. The waiver of a breach of any provision of this Agreement shall not operate or be construed as a waiver of any subsequent or other breach thereof. h. Severability. If any provision of this Agreement shall not be valid for any reason, such provision shall be entirely severable from, and shall have no effect upon, the remainder of this Agreement. Any such invalid provision shall be subject to partial enforcement to the extent necessary to protect the interest of the parties hereto. i. Force Majeure. With the exception of Client’s payment obligation, a Party will not be in breach or liable for any delay of its performance of this Agreement caused by natural disasters or other unexpected or unusual circumstances reasonably beyond its control. j. Third Party Beneficiaries. There are no third-party beneficiaries to this Agreement. DocuSign Envelope ID: 0D89C347-D1B9-4013-8112-9DC3BB599180DocuSign Envelope ID: 453CA182-ABF8-4510-856B-C657E3EFD084 16 31822782v9 k. Counterparts. This Agreement may be executed in multiple counterparts by a duly authorized representative of each party. l. Survival. All terms which by their nature survive termination shall survive termination or expiration of the Agreement including, but not limited to, Sections 3(c), 3(f) h), 5(a), 5(c), 7, 9 – 12. m. Inspector General. EMS|MC is aware that the Inspector General of Palm Beach County has the authority to investigate and audit matters relating to the negotiation and performance of the Agreement and in furtherance thereof, may demand and obtain records and testimony from EMS|MC and its subcontractors. EMS|MC understands and agrees that in addition to all other remedies and consequences provided by law, the failure of EMS|MC or its subcontractors to fully cooperate with the Inspector General when requested may be deemed by the Village to be a material breach of the Agreement justifying termination. n. Public Records. As required by Section 119.0701, Florida Statutes, EMS|MC shall: (1) Keep and maintain public records required by the Village to perform the service; (2) Upon request from the Village’s custodian of public records, provide the Village with a copy the requested records or allow the records to be inspected or copied within a reasonable time at a cost that does not exceed the cost provided in Chapter 119, Florida Statutes, or as otherwise provided by law; (3) Ensure that public records that are exempt or confidential and exempt from public records disclosure requirements are not disclosed except as authorized by law for the duration of the Agreement term and following completion of the Agreement if EMS|MC does not transfer the records to the Village; (4) Upon completion of the Agreement, transfer, at no cost, to the Village all public records in possession of EMS|MC or keep and maintain public records required by the Village to perform the services. If EMS|MC transfers all public records to the Village upon completion of the Agreement, EMS|MC shall destroy any duplicate public records that are exempt or confidential and exempt from public records disclosure requirements. If EMS|MC keeps and maintains public records upon completion of the Agreement, EMS|MC shall meet all applicable requirements for retaining public records. All records stored electronically must be provided to the Village, upon request from the Village’s custodian of public records, in a format that is compatible with the information technology systems of the Village. IF EMS|MC HAS QUESTIONS REGARDING THE APPLICATION OF CHAPTER 119, FLORIDA STATUTES, TO EMS|MC ’S DUTY TO PROVIDE PUBLIC RECORDS RELATING TO THIS AGREEMENT, CONTACT THE CUSTODIAN OF PUBLIC RECORDS AT: (561) 841-3355; DocuSign Envelope ID: 0D89C347-D1B9-4013-8112-9DC3BB599180DocuSign Envelope ID: 453CA182-ABF8-4510-856B-C657E3EFD084 17 31822782v9 NPBCLERK@VILLAGE-NPB.ORG; OR 501 U.S. HIGHWAY ONE, NORTH PALM BEACH, FL 33408. o. E-Verify. Pursuant to Section 448.095(2), Florida Statutes, EMS|MC shall: a) register and use the E-Verify system to verify the work authorization of newly hired employees and require all subcontractors (providing services or receiving funds under this Agreement) to register and use the E-Verify system to verify the work authorization status of the subcontractor’s newly hired employees; (b) secure an affidavit from all subcontractors (providing services or receiving funding under this Agreement) stating that the subcontractor does not employ, contract with, or subcontract with unauthorized aliens; c) maintain copies of all subcontractor affidavits for the duration of the Agreement; (d) comply fully with Section 448.095, Florida Statutes; (e) be aware that a violation of Section 448.09, Florida Statutes, shall be grounds for termination of this Agreement; and (f) be aware that if Village terminates this Agreement under Section 448.095(2)(c), Florida Statutes, EMS|MC may not be awarded a public contract for at least one year after the date on which the Agreement is terminated. IN WITNESS WHEREOF, the undersigned have caused this Agreement to be duly executed on the later of the dates set forth below. Each person whose signature appears hereon represents, warrants and guarantees that he/she has been duly authorized and has full authority to execute this Agreement on behalf of the party on whose behalf this Agreement is executed. EMS|MC: CLIENT: EMS Management & Consultants, Inc. Village of North Palm Beach By: ____________________________ By: ____________________________ Print Name: _____________________ Print Name: ______________________ Title: ___________________________ Title: ___________________________ Date: ___________________________ Date: __________________________ DocuSign Envelope ID: 0D89C347-D1B9-4013-8112-9DC3BB599180 Chief Financial Officer 1/22/2024 Jay Gyure DocuSign Envelope ID: 453CA182-ABF8-4510-856B-C657E3EFD084 2/9/2024 Mayor Susan Bickel 18 31822782v9 Exhibit A Exhibit A Patient Demographics Provided by Client 1. Projected annual billable trip volume: 1,011 2. Payor mix: a. Medicare – 56.97% b. Medicaid – 6.43% c. Insurance – 18.99% d. Self Pay – 17.61% 3. Run mix: a. ALSE – 59.2% b. BLSE – 39.4% c. ALS2 – 1.4% 4. Average Loaded mileage: 3.9 DocuSign Envelope ID: 0D89C347-D1B9-4013-8112-9DC3BB599180DocuSign Envelope ID: 453CA182-ABF8-4510-856B-C657E3EFD084 19 31822782v9 Attachment 1 Business Associate Addendum This Business Associate Addendum (the “Addendum”) is made effective the ____ day of ____________ 2023, by and between Village of North Palm Beach, hereinafter referred to as “Covered Entity,” and EMS Management & Consultants, Inc., hereinafter referred to as “Business Associate” (individually, a “Party” and collectively, the “Parties”). WITNESSETH: WHEREAS, the Parties wish to enter into a Business Associate Addendum to ensure compliance with the Privacy and Security Rules of the Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy and Security Rules”) (45 C.F.R. Parts 160 and 164); and WHEREAS, the Health Information Technology for Economic and Clinical Health (“HITECH”) Act of the American Recovery and Reinvestment Act of 2009, Pub. L. 111-5, modified the HIPAA Privacy and Security Rules (hereinafter, all references to the “HIPAA Privacy and Security Rules” include all amendments thereto set forth in the HITECH Act and any accompanying regulations); and WHEREAS, the Parties have entered into a Billing Services Agreement (the “Agreement”) whereby Business Associate will provide certain services to Covered Entity and, pursuant to such Agreement, Business Associate may be considered a “business associate” of Covered Entity as defined in the HIPAA Privacy and Security Rules; and WHEREAS, Business Associate may have access to Protected Health Information or Electronic Protected Health Information (as defined below) in fulfilling its responsibilities under the Agreement; and WHEREAS, Covered Entity wishes to comply with the HIPAA Privacy and Security Rules, and Business Associate wishes to honor its obligations as a Business Associate to Covered Entity. THEREFORE, in consideration of the Parties’ continuing obligations under the Agreement, and for other good and valuable consideration, the receipt and sufficiency of which is hereby acknowledged, the Parties agree to the provisions of this Addendum. I. DEFINITIONS Except as otherwise defined herein, any and all capitalized terms in this Addendum shall have the definitions set forth in the HIPAA Privacy and Security Rules. In the event of an inconsistency between the provisions of this Addendum and mandatory provisions of the HIPAA Privacy and Security Rules, as amended, the HIPAA Privacy and Security Rules in effect at the time shall control. Where provisions of this Addendum are different than those mandated by the HIPAA Privacy and Security Rules, but are nonetheless permitted by the HIPAA Privacy and Security Rules, the provisions of this Addendum shall control. The term “Breach” means the unauthorized acquisition, access, use, or disclosure of protected health information which compromises the security or privacy of such information, except where an unauthorized person to whom such information is disclosed would not reasonably have been able to retain such information. The term “Breach” does not include: (1) any unintentional acquisition, access, or use of protected health information by any employee or individual acting under the authority of a covered entity DocuSign Envelope ID: 0D89C347-D1B9-4013-8112-9DC3BB599180DocuSign Envelope ID: 453CA182-ABF8-4510-856B-C657E3EFD084 15 May 4 20 31822782v9 or business associate if (a) such acquisition, access, or use was made in good faith and within the course and scope of the employment or other professional relationship of such employee or individual, respectively, with the covered entity or business associate, and (b) such information is not further acquired, accessed, used, or disclosed by any person; or (2) any inadvertent disclosure from an individual who is otherwise authorized to access protected health information at a facility operated by a covered entity or business associate to another similarly situated individual at same facility; and (3) any such information received as a result of such disclosure is not further acquired, accessed, used, or disclosed without authorization by any person. The term “Electronic Health Record” means an electronic record of health-related information on an individual that is created, gathered, managed, and consulted by authorized health care clinicians and staff. The term “HIPAA Privacy and Security Rules” refers to 45 C.F.R. Parts 160 and 164 as currently in effect or hereafter amended. The term “Protected Health Information” means individually identifiable health information as defined in 45 C.F.R § 160.103, limited to the information Business Associate receives from, or creates, maintains, transmits, or receives on behalf of, Covered Entity. The term “Electronic Protected Health Information” means Protected Health Information which is transmitted by or maintained in Electronic Media (as now or hereafter defined in the HIPAA Privacy and Security Rules). The term “Secretary” means the Secretary of the Department of Health and Human Services. The term “Unsecured Protected Health Information” means Protected Health Information that is not rendered unusable, unreadable, or indecipherable to unauthorized individuals through the use of a technology or methodology specified by the Secretary in guidance published in the Federal Register at 74 Fed. Reg. 19006 on April 27, 2009 and in annual guidance published thereafter. II. PERMITTED USES AND DISCLOSURES BY BUSINESS ASSOCIATE a. Business Associate may use or disclose Protected Health Information to perform functions, activities, or services for, or on behalf of, Covered Entity as specified in the Agreement or this Addendum, provided that such use or disclosure would not violate the HIPAA Privacy and Security Rules if done by Covered Entity. Until such time as the Secretary issues regulations pursuant to the HITECH Act specifying what constitutes “minimum necessary” for purposes of the HIPAA Privacy and Security Rules, Business Associate shall, to the extent practicable, disclose only Protected Health Information that is contained in a limited data set (as defined in Section 164.514(e)(2) of the HIPAA Privacy and Security Rules), unless the person or entity to whom Business Associate is making the disclosure requires certain direct identifiers in order to accomplish the intended purpose of the disclosure, in which event Business Associate may disclose only the minimum necessary amount of Protected Health Information to accomplish the intended purpose of the disclosure. b. Business Associate may use Protected Health Information in its possession for its proper management and administration and to fulfill any present or future legal responsibilities of Business Associate, provided that such uses are permitted under state and federal confidentiality laws. c. Business Associate may disclose Protected Health Information in its possession to third parties for the purposes of its proper management and administration or to fulfill any present or future legal responsibilities of Business Associate, provided that: DocuSign Envelope ID: 0D89C347-D1B9-4013-8112-9DC3BB599180DocuSign Envelope ID: 453CA182-ABF8-4510-856B-C657E3EFD084 21 31822782v9 1. the disclosures are required by law; or 2. Business Associate obtains reasonable assurances from the third parties to whom the Protected Health Information is disclosed that the information will remain confidential and be used or further disclosed only as required by law or for the purpose for which it was disclosed to the third party, and that such third parties will notify Business Associate of any instances of which they are aware in which the confidentiality of the information has been breached. d. Until such time as the Secretary issues regulations pursuant to the HITECH Act specifying what constitutes “minimum necessary” for purposes of the HIPAA Privacy and Security Rules, Business Associate shall, to the extent practicable, access, use, and request only Protected Health Information that is contained in a limited data set (as defined in Section 164.514(e)(2) of the HIPAA Privacy and Security Rules), unless Business Associate requires certain direct identifiers in order to accomplish the intended purpose of the access, use, or request, in which event Business Associate may access, use, or request only the minimum necessary amount of Protected Health Information to accomplish the intended purpose of the access, use, or request. Covered Entity shall determine what quantum of information constitutes the minimum necessary” amount for Business Associate to accomplish its intended purposes. e. Business Associate may use Protected Health Information to de-identify such information in accordance with 45 C.F.R. § 164.514(b) for Business Associate’s own business purposes or in connection with the services provided pursuant to the Agreement or to provide Data Aggregation services to Customer as permitted by 45 C.F.R. 164.504(e)(2)(i)(b). Once the Protected Health Information has been de- identified or aggregated, it is no longer considered Protected Health Information governed by this Addendum. III. OBLIGATIONS AND ACTIVITIES OF BUSINESS ASSOCIATE a. Business Associate acknowledges and agrees that all Protected Health Information that is created or received by Covered Entity and disclosed or made available in any form, including paper record, oral communication, audio recording, and electronic display by Covered Entity or its operating units to Business Associate or is created or received by Business Associate on Covered Entity’s behalf shall be subject to this Addendum. b. Business Associate agrees to not use or further disclose Protected Health Information other than as permitted or required by the Agreement, this Addendum or as required by law. c. Business Associate agrees to use appropriate safeguards to prevent use or disclosure of Protected Health Information other than as provided for by this Addendum. Specifically, Business Associate will: 1. implement the administrative, physical, and technical safeguards set forth in Sections 164.308, 164.310, and 164.312 of the HIPAA Privacy and Security Rules that reasonably and appropriately protect the confidentiality, integrity, and availability of any Protected Health Information that it creates, receives, maintains, or transmits on behalf of Covered Entity, and, in accordance with Section 164.316 of the HIPAA Privacy and Security Rules, implement and maintain reasonable and appropriate policies and procedures to enable it to comply with the requirements outlined in Sections 164.308, 164.310, and 164.312; and 2. report to Covered Entity any use or disclosure of Protected Health Information not provided for by this Addendum of which Business Associate becomes aware. Business Associate shall report to Covered Entity any Security Incident of which it becomes aware. Notice is deemed to have been DocuSign Envelope ID: 0D89C347-D1B9-4013-8112-9DC3BB599180DocuSign Envelope ID: 453CA182-ABF8-4510-856B-C657E3EFD084 22 31822782v9 given for unsuccessful Security Incidents, such as (i) “pings” on an information system firewall; (ii) port scans; (iii) attempts to log on to an information system or enter a database with an invalid password or user name; (iv) denial-of-service attacks that do not result in a server being taken offline; or (v) malware (e.g., a worms or a virus) that does not result in unauthorized access, use, disclosure, modification or destruction of Protected Health Information. d. Business Associate agrees to ensure that any agent, including a subcontractor, to whom it provides Protected Health Information received from, or created or received by Business Associate on behalf of Covered Entity, agrees to the same restrictions and conditions that apply through this Addendum to Business Associate with respect to such information. e. Business Associate agrees to comply with any requests for restrictions on certain disclosures of Protected Health Information to which Covered Entity has agreed in accordance with Section 164.522 of the HIPAA Privacy and Security Rules and of which Business Associate has been notified by Covered Entity. In addition, and notwithstanding the provisions of Section 164.522 (a)(1)(ii), Business Associate agrees to comply with an individual’s request to restrict disclosure of Protected Health Information to a health plan for purposes of carrying out payment or health care operations if the Protected Health Information pertains solely to a health care item or service for which Covered Entity has been paid by in full by the individual or the individual’s representative. f. At the request of the Covered Entity and in a reasonable time and manner, not to extend ten (10) business days, Business Associate agrees to make available Protected Health Information required for Covered Entity to respond to an individual’s request for access to his or her Protected Health Information in accordance with Section 164.524 of the HIPAA Privacy and Security Rules. If Business Associate maintains Protected Health Information electronically, it agrees to make such Protected Health Information available electronically to the applicable individual or to a person or entity specifically designated by such individual, upon such individual’s request. g. At the request of Covered Entity and in a reasonable time and manner, Business Associate agrees to make available Protected Health Information required for amendment by Covered Entity in accordance with the requirements of Section 164.526 of the HIPAA Privacy and Security Rules. h. Business Associate agrees to document any disclosures of and make Protected Health Information available for purposes of accounting of disclosures, as required by Section 164.528 of the HIPAA Privacy and Security Rules. i. Business Associate agrees that it will make its internal practices, books, and records relating to the use and disclosure of Protected Health Information received from, or created or received by Business Associate on behalf of, Covered Entity, available to the Secretary for the purpose of determining Covered Entity’s compliance with the HIPAA Privacy and Security Rules, in a time and manner designated by the Secretary, subject to attorney-client and other applicable privileges. j. Business Associate agrees that, while present at any Covered Entity facility and/or when accessing Covered Entity’s computer network(s), it and all of its employees, agents, representatives and subcontractors will at all times comply with any network access and other security practices, procedures and/or policies established by Covered Entity including, without limitation, those established pursuant to the HIPAA Privacy and Security Rules. k. Business Associate agrees that it will not directly or indirectly receive remuneration in exchange for any Protected Health Information of an individual without the written authorization of the individual or the individual’s representative, except where the purpose of the exchange is: DocuSign Envelope ID: 0D89C347-D1B9-4013-8112-9DC3BB599180DocuSign Envelope ID: 453CA182-ABF8-4510-856B-C657E3EFD084 23 31822782v9 1. for public health activities as described in Section 164.512(b) of the Privacy and Security Rules; 2. for research as described in Sections 164.501 and 164.512(i) of the Privacy and Security Rules, and the price charged reflects the costs of preparation and transmittal of the data for such purpose; 3. for treatment of the individual, subject to any further regulation promulgated by the Secretary to prevent inappropriate access, use, or disclosure of Protected Health Information; 4. for the sale, transfer, merger, or consolidation of all or part of Business Associate and due diligence related to that activity; 5. for an activity that Business Associate undertakes on behalf of and at the specific request of Covered Entity; 6. to provide an individual with a copy of the individual’s Protected Health Information pursuant to Section 164.524 of the Privacy and Security Rules; or 7. other exchanges that the Secretary determines in regulations to be similarly necessary and appropriate as those described in this Section III.k. l. Business Associate agrees that it will not directly or indirectl y receive remuneration for any written communication that encourages an individual to purchase or use a product or service without first obtaining the written authorization of the individual or the individual’s representative, unless: 1. such payment is for a communication regarding a drug or biologic currently prescribed for the individual and is reasonable in amount (as defined by the Secretary); or 2. the communication is made on behalf of Covered Entity and is consistent with the terms of this Addendum. m. Business Associate agrees that if it uses or discloses patients’ Protected Health Information for marketing purposes, it will obtain such patients’ authorization before making any such use or disclosure. n. Business Associate agrees to implement a reasonable system for discovery of breaches and method of risk analysis of breaches to meet the requirements of HIPAA, The HITECH Act, and the HIPAA Regulations, and shall be solely responsible for the methodology, policies, and procedures implemented by Business Associate. o. State Privacy Laws. Business Associate shall understand and comply with state privacy laws to the extent that state privacy laws are not preempted by HIPAA or The HITECH Act. IV. BUSINESS ASSOCIATE’S MITIGATION AND BREACH NOTIFICATION OBLIGATIONS a. Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of Protected Health Information by Business Associate in violation of the requirements of this Addendum. DocuSign Envelope ID: 0D89C347-D1B9-4013-8112-9DC3BB599180DocuSign Envelope ID: 453CA182-ABF8-4510-856B-C657E3EFD084 24 31822782v9 b. Following the discovery of a Breach of Unsecured Protected Health Information, Business Associate shall notify Covered Entity of such Breach without unreasonable delay and in no case later than forty-five (45) calendar days after discovery of the Breach. A Breach shall be treated as discovered by Business Associate as of the first day on which such Breach is known to Business Associate or, through the exercise of reasonable diligence, would have been known to Business Associate. c. Notwithstanding the provisions of Section IV.b., above, if a law enforcement official states to Business Associate that notification of a Breach would impede a criminal investigation or cause damage to national security, then: 1. if the statement is in writing and specifies the time for which a delay is required, Business Associate shall delay such notification for the time period specified by the official; or 2. if the statement is made orally, Business Associate shall document the statement, including the identity of the official making it, and delay such notification for no longer than thirty (30) days from the date of the oral statement unless the official submits a written statement during that time. Following the period of time specified by the official, Business Associate shall promptly deliver a copy of the official’s statement to Covered Entity. d. The Breach notification provided shall include, to the extent possible: 1. the identification of each individual whose Unsecured Protected Health Information has been, or is reasonably believed by Business Associate to have been, accessed, acquired, used, or disclosed during the Breach; 2. a brief description of what happened, including the date of the Breach and the date of discovery of the Breach, if known; 3. a description of the types of Unsecured Protected Health Information that were involved in the Breach, if known (such as whether full name, social security number, date of birth, home address, account number, diagnosis, disability code, or other types of information were involved); 4. any steps individuals should take to protect themselves from potential harm resulting from the Breach; and 5. a brief description of what Business Associate is doing to investigate the Breach, to mitigate harm to individuals, and to protect against any further Breaches. e. Business Associate shall provide the information specified in Section IV.d., above, to Covered Entity at the time of the Breach notification if possible or promptly thereafter as information becomes available. Business Associate shall not delay notification to Covered Entity that a Breach has occurred in order to collect the information described in Section IV.d. and shall provide such information to Covered Entity even if the information becomes available after the forty-five (45)-day period provided for initial Breach notification. V. OBLIGATIONS OF COVERED ENTITY a. Upon request of Business Associate, Covered Entity shall provide Business Associate with the notice of privacy practices that Covered Entity produces in accordance with Section 164.520 of the HIPAA Privacy and Security Rules. DocuSign Envelope ID: 0D89C347-D1B9-4013-8112-9DC3BB599180DocuSign Envelope ID: 453CA182-ABF8-4510-856B-C657E3EFD084 25 31822782v9 b. Covered Entity shall provide Business Associate with any changes in, or revocation of, permission by an individual to use or disclose Protected Health Information, if such changes affect Business Associate’s permitted or required uses and disclosures. c. Covered Entity shall notify Business Associate of any restriction to the use or disclosure of Protected Health Information to which Covered Entity has agreed in accordance with Section 164.522 of the HIPAA Privacy and Security Rules, and Covered Entity shall inform Business Associate of the termination of any such restriction, and the effect that such termination shall have, if any, upon Business Associate’s use and disclosure of such Protected Health Information. VI. TERM AND TERMINATION a. Term. The Term of this Addendum shall be effective as of the date first written above, and shall terminate upon the later of the following events: (i) in accordance with Section VII.c., when all of the Protected Health Information provided by Covered Entity to Business Associate or created or received by Business Associate on behalf of Covered Entity is destroyed or returned to Covered Entity or, if such return or destruction is infeasible, when protections are extended to such information; or (ii) upon the expiration or termination of the Agreement. b. Termination for Cause. Upon Covered Entity’s knowledge of a material breach of this Addendum by Business Associate and Business Associate’s failure to cure such breach within thirty (30) days of receiving notice of same from Covered Entity, Covered Entity shall have the right to terminate this Addendum and the Agreement. c. Effect of Termination. 1. Except as provided in paragraph 2. of this subsection, upon termination of this Addendum, the Agreement or upon request of Covered Entity, whichever occurs first, Business Associate shall return or destroy all Protected Health Information received from Covered Entity, or created or received by Business Associate on behalf of Covered Entity. This provision shall apply to Protected Health Information that is in the possession of subcontractors or agents of Business Associate. Neither Business Associate nor its subcontractors or agents shall retain copies of the Protected Health Information. 2. In the event that Business Associate determines that returning or destroying the Protected Health Information is infeasible, Business Associate shall provide to Covered Entity notification of the conditions that make return or destruction infeasible and shall extend the protections of this Addendum to such Protected Health Information and limit further uses and disclosures of such Protected Health Information to those purposes that make the return or destruction infeasible, for so long as Business Associate maintains such Protected Health Information. VII. MISCELLANEOUS a. No Rights in Third Parties. Except as expressly stated herein, the Parties to this Addendum do not intend to create any rights in any third parties. b. Survival. The obligations of Business Associate under Section VII(c) of this Addendum shall survive the expiration, termination, or cancellation of this Addendum, the Agreement, and/or the business relationship of the parties, and shall continue to bind Business Associate, its agents, employees, contractors, successors, and assigns as set forth herein. DocuSign Envelope ID: 0D89C347-D1B9-4013-8112-9DC3BB599180DocuSign Envelope ID: 453CA182-ABF8-4510-856B-C657E3EFD084 26 31822782v9 c. Amendment. This Addendum may be amended or modified only in a writing signed by the Parties. The Parties agree that they will negotiate amendments to this Addendum to conform to any changes in the HIPAA Privacy and Security Rules as are necessary for Covered Entity to comply with the current requirements of the HIPAA Privacy and Security Rules. In addition, in the event that either Party believes in good faith that any provision of this Addendum fails to comply with the then-current requirements of the HIPAA Privacy and Security Rules or any other applicable legislation, then such Party shall notify the other Party of its belief in writing. For a period of up to thirty (30) days, the Parties shall address in good faith such concern and amend the terms of this Addendum, if necessary to bring it into compliance. If, after such thirty (30)-day period, the Addendum fails to comply with the HIPAA Privacy and Security Rules or any other applicable legislation, then either Party has the right to terminate this Addendum and the Agreement upon written notice to the other party. d. Independent Contractor. None of the provisions of this Addendum are intended to create, nor will they be deemed to create, any relationship between the Parties other than that of independent parties contracting with each other solely for the purposes of effecting the provisions of this Addendum and any other agreements between the Parties evidencing their business relationship. e. Interpretation. Any ambiguity in this Addendum shall be resolved in favor of a meaning that permits Covered Entity to comply with the HIPAA Privacy and Security Rules. f. Certain Provisions Not Effective in Certain Circumstances. The provisions of this Addendum relating to the HIPAA Security Rule shall not apply to Business Associate if Business Associate does not receive any Electronic Protected Health Information from or on behalf of Covered Entity. g. Ownership of Information. Covered Entity holds all right, title, and interest in and to the PHI and Business Associate does not hold and will not acquire by virtue of this Addendum or by virtue of providing goods or services to Covered Entity, any right, title, or interest in or to the PHI or any portion thereof. h. Entire Agreement. This Addendum is incorporated into, modifies and amends the Agreement, inclusive of all other prior amendments or modifications to such Agreement. The terms and provisions of this Addendum shall control to the extent they are contrary, contradictory or inconsistent with the terms of the Agreement. Otherwise, the terms and provisions of the Agreement shall remain in full force and effect and apply to this Addendum. DocuSign Envelope ID: 0D89C347-D1B9-4013-8112-9DC3BB599180DocuSign Envelope ID: 453CA182-ABF8-4510-856B-C657E3EFD084 27 31822782v9 IN WITNESS WHEREOF, the Parties have executed this Addendum as of the day and year written above. Each person whose signature appears hereon represents, warrants and guarantees that he/she has been duly authorized and has full authority to execute this Agreement on behalf of the party on whose behalf this Agreement is executed. Business Associate: Covered Entity: EMS Management & Consultants, Inc. Village of North Palm Beach By: _________________________________ By: _________________________________ Print: ________________________________ Print: ________________________________ Title: ________________________________ Title: ________________________________ Date: _____________________________ Date: _____________________________ DocuSign Envelope ID: 0D89C347-D1B9-4013-8112-9DC3BB599180 Jay Gyure Chief Financial Officer 1/22/2024 DocuSign Envelope ID: 453CA182-ABF8-4510-856B-C657E3EFD084 Mayor 2/9/2024 Susan Bickel