The URL can be used to link to this page

Home My WebLink About2023-130ADADMINISTRATIVE SERVICES AGREEMENT BETWEEN AMERITAS LIFE INSURANCE CORP. AND INDIAN RIVER COUNTY Table of Contents SectionI.................................................................................................................. Scope of Agreement Section II........................................................................................Services to be Provided by Ameritas Section III....................................................................................................Obligations of Plan Sponsor Section IV........................................................................................................... Banking Arrangements Section V................................................................................. Administrative Service Charge Schedule Section VI............................................................................................................Term and Termination Section VII.................................................................................................................General Provisions Administrative Services Agreement This Administrative Services Agreement ("Agreement") is between Indian River County ("Plan Sponsor"), and Ameritas Life Insurance Corp., a Nebraska corporation ("Ameritas"), and is effective upon the date set forth herein. Throughout the Agreement Ameritas and Plan Sponsor may be referred to individually as "Party" or collectively as "Parties." WHEREAS, Plan Sponsor has established and will administer an employee Dental benefit plan ("Plan") according to the Employee Retirement Income Security Act of 1974 ("ERISA") or the Public Health Service Act ("PHSA"), as applicable, for its employees and their dependents; WHEREAS, Plan Sponsor desires to utilize the services of Ameritas to assist in its duties to administer the Plan; and WHEREAS, Ameritas has agreed to provide such non -fiduciary administrative services in connection with the Plan such as processing of claims and other services under the terms and conditions of this Agreement. NOW, THEREFORE, in consideration of the premises and mutual promises contained in this Agreement, Plan Sponsor and Ameritas hereby agree as follows: Section I. Scope of Agreement Ameritas agrees to perform certain non -fiduciary administrative services, such as claim processing and other services specified herein for the Plan, as amended, as described in Addendum A. Section II. Services to be Provided by Ameritas Ameritas shall perform the following administrative services in connection with the Plan: A. Process claims and determine the Plan benefits applicable to Covered Employees and their dependents (collectively, "Covered Persons"), including coordination of benefits, where applicable, in accordance with the terms of the Plan and as specified to Ameritas by Plan Sponsor, using Ameritas' claim paying system as specified to Ameritas by Plan Sponsor. Ameritas will process claims incurred on or after the Effective Date of this Agreement and received while this Agreement is still in effect. B. Notify a Covered Person of the initial denial of a claim (benefits) and his or her right of review of the denial as specified by the Plan Sponsor and in accordance with the terms of the Plan. C. Issue checks in payment of benefits payable under the Plan which, subject to the terms of this Agreement, shall be paid through the bank account as set forth in Section IV. of this Agreement. D. Answer benefits and claims questions and inquiries of Covered Persons and providers through toll free telephone number. E. Communicate with Plan Sponsor as is necessary to verify eligibility of Covered Persons. F. Provide to Plan Sponsor estimated Plan benefit costs after the Initial Term, and Plan design and underwriting services in connection with benefit revisions, addition of new benefits, and extensions of coverage to new Covered Persons, as requested by the Plan Sponsor. G. Bond all of its employees who will be handling funds of Plan Sponsor. H. Prepare reports regarding the Plan for use by Plan Sponsor in accounting for and managing the Plan, which shall include the standard reports identified in Addendum D. I. Prepare and provide form 1099 MED for each provider of services, in accordance with IRS rules. J. Provide Plan identification cards, Ameritas PPO dentist lists, if applicable, and a description of the Plan, as set forth in Addendum A, for each of the Plan Sponsor eligible employees. K. Assist Plan Sponsor upon requests in connection with the general administration of the Plan, administration and record keeping systems for the ongoing operation of the Plan and reconciliation of claims paid. As mutually agreed by the Parties, Ameritas will provide forms, including claims forms, related to the general administration of the Plan. L. Maintain all benefit payment records as to requests for benefits for a period of seven (7) years following the month in which the final benefit payment was made, or such longer period as required by applicable law. In the event of discontinuance of this Agreement, Ameritas, upon the Plan Sponsor's request and their expense, shall promptly forward to Plan Sponsor the subject records in its possession in the format identically maintained by Ameritas at the time the Agreement is discontinued. During the time in which Ameritas is to maintain benefit payment records, Ameritas shall be permitted, if it so desires, and unless otherwise prohibited by law, to destroy hard copies whenever the information has been transferred to microfiche or such other similar process which permits the retention of such information. M. If it is determined that any payment has been made under this Agreement to an ineligible person, or if it is determined that more or less than the correct amount has been paid by Ameritas, Ameritas will make a diligent attempt to recover the overpayment or will adjust the underpayment in accordance with Ameritas' established claim practices. However, in no event shall such recovery or adjustment be performed in a manner violative of any state's Unfair Claims Practices Act. Ameritas shall not initiate court proceedings for any such recovery. In the event, however, that Ameritas is sued by any beneficiary seeking to recover an adjustment to an alleged underpayment, then the decision whether to defend such court suit shall be the responsibility of Plan Sponsor. Plan Sponsor may direct Ameritas to enter into a settlement or to forego the defense to any such action, provided, however, that Plan Sponsor shall ensure that Ameritas is fully reimbursed and indemnified for any and all payments made by reason of such decision by Plan Sponsor. N. If the Plan includes PPO benefits, Ameritas shall arrange for those contracted dental providers comprising the Ameritas PPO Network to render services to those Covered Persons who seek such services from a member of the Ameritas PPO Network. Ameritas' foregoing obligation, when measured at an individual provider level, is subject to the provider's then -current patient load and ability to accept new patients. Ameritas represents and warrants that in exchange for rendering services to the Covered Persons, each participating provider member of the Ameritas PPO Network agrees to accept the amount set forth in their respective fee schedule as payment in full for procedures listed on the fee schedules and further, that the participating providers have agreed to bill Covered Persons only for the cost of services not covered under the Plan. Section III. Obligations of Plan Sponsor Plan Sponsor or Plan Sponsor's subcontractor shall: A. Promptly and diligently provide eligibility information for Covered Persons under the Plan, on or after the Effective Date of this Agreement, to Ameritas in a format mutually agreed upon by Plan Sponsor and Ameritas. B. Provide benefit information, eligibility information and periodic (at least monthly) updates of additions, deletions and changes with regard to Covered Persons by an agreed upon medium. C. Designate personnel with authority to answer questions relative to eligibility so that accurate eligibility information is available to Ameritas upon request. D. Maintain and administer the Plan in compliance with ERISA or the PHSA, as applicable; provide discretionary authority and exercise control respecting Plan management and claims decisions. Section IV. Banking Arrangements During the term of this Agreement: A. All benefit payments made by Ameritas on behalf of the Plan will be issued by Ameritas on checks payable through Ameritas' bank of choice. B. Ameritas will send to Plan Sponsor, or, upon request and authorization, an entity designated by Plan Sponsor ("Designee"), the Weekly Paid/Denied Claim Report identified in Addendum D. Accompanying this report will be a cover letter setting forth the total amount paid as reflected by the report. Three (3) business days after sending, Plan Sponsor or Designee will pay or cause to be paid to Ameritas the amount listed in the letter in a mutually agreed upon format. Plan Sponsor will complete and provide all necessary authorizations to accommodate the payment. C. Failure to reimburse Ameritas in accordance with the above will result in interest being charged on the unpaid amount from the date due until fully paid at a rate equal to the lower of a) ten percent (10%) per year or, b) the maximum rate allowable by applicable usury laws and may result in the discontinuance of the Agreement in accordance with Section VI. Section V. Administrative Service Charge Schedule A. Except as otherwise provided hereafter, the administrative service charge for each month of this Agreement shall be as specified in Addendum B ("Administrative Service Charge"), both for the Initial Term of this Agreement and for any Subsequent Agreement Period unless adjusted by Ameritas in accordance with Section V(E) or otherwise agreed by the Parties. Initial Term and Subsequent Agreement Period shall be as defined in Section VI., below. B. The Administrative Service Charge as applied and provided for in Addendum B, will start on the first day of the month falling on or after the date the applicable coverage is effective. The Administrative Service Charge for the applicable coverage will cease on the last day of the month falling on or after the date of termination of the applicable coverage. There will be no pro rata charges or credits for partial month. C. Ameritas will refund unearned Administrative Service Charges to Plan Sponsor for up to three (3) months before the date Ameritas receives evidence that a refund is due. D. Prior to the first (1St) day of each month of this Agreement, Ameritas will submit a report to Plan Sponsor, or, if applicable to Designee, identifying the Covered Person(s) and listing the Administrative Charges for the month. Remittance of the Administrative Service Charges shall be due by the first (1 st) of the month and past due on the tenth (10th) of the month. Such report and remittance shall be subject to audit and adjustment, as necessary, by Ameritas within ninety (90) days of receipt. E. The Administrative Service Charge may be adjusted by Ameritas at the start of any Subsequent Agreement Period following the Initial Term, provided Ameritas has given Plan Sponsor at least forty-five (45) days advance written notice of its intent to adjust the Administrative Service Charge. Subsequent Agreement Period shall be as defined in Section VI., below. Should Ameritas fail to timely deliver any Administrative Service Charge change notice, the Administrative Service Charge contained in the notice shall still be effective but not until the first month following the month in which the advance notice period required hereunder ended. Upon the delivery of such Administrative Service Charge change notice, Addendum B attached hereto shall be deemed to be modified without any further action by the parties. Section VI. Term and Termination A. Term 1. Although executed on the dates shown below, this Agreement shall be effective as of 10/1/2023 (the "Effective Date") through 9/30/2024 (This time period shall be considered the "Initial Term"). 2. This Agreement shall be automatically renewed for successive twelve (12) month periods beginning the first day following the expiration of the Initial Term and each anniversary of such date thereafter, unless terminated as provided for herein. Such renewal periods shall be considered "Subsequent Agreement Periods." B. Termination 1. Termination without cause. This Agreement may be terminated without cause by either Party at the expiration of the Initial Term or any subsequent term with at least thirty (30) days written notice to the other Party in advance of such date. The Parties may also mutually agree in writing to terminate at any time. 2. Termination with Cause. Either Party has the right to terminate this Agreement upon at least 30 days' advance written notice of such termination to the other Party if the Party to whom such notice is given breaches any material provision of this Agreement. The Party claiming the right to terminate shall provide the facts underlying its claim of breach and cite the relevant sections of this Agreement that are claimed to have been breached. Remedy of such breach to the satisfaction of the other Party, within 30 days of the receipt of such notice, shall revive this Agreement for the remaining portion of its then -current term, subject to any other rights of termination contained in this Agreement. C. Effect of Termination 1. Termination of this Agreement for whatever reason, shall not terminate the rights or liabilities of either Party arising out of a period prior to termination. Ameritas will continue to process all claims received on or before the date the Agreement is terminated. Upon request, and with appropriate guarantees of funding and agreement to Administrative Service Charges from Plan Sponsor, Ameritas will, for a period of ninety (90) days subsequent to the date of termination of this Agreement, continue to process those standard claims containing expenses for services performed prior to the date of termination of this Agreement which claims are received during said ninety (90) day period. At the expiration of said ninety (90) day period, Ameritas will cease all claim processing in accordance with (3) hereof. Plan Sponsor agrees to reimburse Ameritas in the same manner as provided for in accordance with Section IV. B., for benefit payments made subsequent to the date of termination until all payments made by Ameritas have been reimbursed by Plan Sponsor. Section VII. General Provisions A. Plan Administration 1. The Plan Sponsor is the fiduciary with respect to the management, and administration of the Plan and Ameritas does not insure or underwrite the liability of the Plan Sponsor under the Plan. Ameritas shall not have discretionary authority or control over plan management or disposition of assets of the Plan (including final claim decisions). In no event shall Ameritas be responsible for Plan Sponsor's compliance with the requirements of ERISA or PHSA if applicable. Ameritas shall not be responsible for complying with the provisions of any federal or state laws and regulations pertaining to the Plan and Plan administration (except as to its non -fiduciary administrative functions regarding processing claims and customer claims service). The Plan Sponsor has final complete discretion to construe or interpret the provisions of the Plan, to determine eligibility for benefits from the Plan, to determine the type and extent of benefits, to be provided by the Plan, and to make final claims decisions under the Plan. Plan Sponsor's decisions in such matters shall be controlling, binding, and final. By this Agreement, Plan Sponsor is delegating to Ameritas such authority as is necessary to process or otherwise resolve undisputed claims, eligibility questions, or other matters governed by this Agreement, but the Plan Sponsor reserves ultimate authority with respect to those and all other aspects of the Plan. 2. Ameritas shall have no responsibility to provide Summary Plan Descriptions or other disclosures required under the PHSA; comply with COBRA or state continuation of coverage requirements; or to comply with HIPAA portability requirements. If such obligations exist, they shall be the sole responsibility of Plan Sponsor and not the responsibility of Ameritas. B. Indemnification 1. General Indemnity. Subject to the limitations on liability contained in Section VII.B.2, below, each Party ("Indemnitor") shall indemnify and hold the other Party harmless from and against any and all claims, suits, liabilities, obligations, damages and expenses (including reasonable attorneys' fees and expenses of litigation) arising out of either Indemnitor's (or Indemnitor's agent, employee, subcontractor, or Designee) performance or failure to perform in accordance with the terms of this Agreement or any negligence or willful misconduct of any kind on the part of Indemnitor. Ameritas or Plan Sponsor, as applicable, shall reasonably cooperate with the indemnifying Party in connection with the indemnifying Party's obligations under this section. 2. Limitation of Liability. Except for breach by either Party of Sections VII. C. or D., below, neither Party shall be liable to the other for any indirect, special, incidental, exemplary, reliance, punitive or consequential damages arising out of or related to this agreement, even if advised of the possibility thereof. 3. Survival. The provisions of this Section VII. B. shall survive the expiration or termination of the Agreement. C. Proprietary Interest Plan Sponsor acknowledges that the claims paying, administration and eligibility systems employed by Ameritas and, if applicable, the Ameritas PPO Network and the listing of the dental providers participating therein, have been developed by Ameritas and that Ameritas has a proprietary interest therein. Plan Sponsor further agrees that at no time shall Plan Sponsor or any of its employees use such other than for the intended purposes of this Agreement. D. Confidentiality and Privacy Except as otherwise provided in this Agreement, all information communicated to one Party by the other Party, whether before or after the Effective Date of this Agreement, was and shall be, to the extent permitted by law, received in confidence and shall be used only for purposes of this Agreement. No such information, including without limitation the provisions of this Agreement, shall be disclosed by the recipient Party to other persons including its own employees, except as may be necessary by reason of legal, accounting, regulatory or administrative requirements under this Agreement. The Parties further agree to comply with all applicable laws respecting privacy and security, including HIPAA, and agree to abide by the HIPAA Business Associate Addendum, which is incorporated herein and attached hereto as Addendum E. The provisions of such Business Associate Addendum shall control as to all matters falling within the scope of such Business Associate Addendum. E. Examination of Records Each Party shall have the right to examine any records of the other relating to the other Party's obligations under this Agreement provided, however, such examination shall take place on a regular working day in a manner agreed to between the Parties and in a manner designed to protect the confidentiality of an individual's medical information. The cost of any such examination shall be borne by the Party requesting the examination. F. Entire Agreement, Amendments, May be signed in Counterparts, Notices This Agreement and attached Addendums, shall constitute the entire agreement between the Parties and all prior oral agreements shall be merged into this written Agreement. This Agreement may be amended from time to time by written agreement between the Parties. The Parties may execute this Agreement in one or more counterparts, each of which shall be deemed an original, but all of which together shall constitute one and the same instrument. The Parties may provide notice to each other as follows: In the case of Ameritas: Ameritas Life Insurance Corp. 5900 O Street P.O. Box 81889 Lincoln, Nebraska 68501-1889 Attn: Group Department In the case of Plan Sponsor: INDIAN RIVER COUNTY 1800 27TH ST VERO BEACH, FL 32960 ATTN: SUZANNE BOYLL AIM/s"'••.. Plan Sponsor and Ameritas have caused this Agreement tobe executed on the dates set fgow••S!o,.,F AMERITAS LIFE INSURANCE CORP. INDIAN RIVER COUNTY •.oma i By. a By: r. •off: Bruce E. Mieth Print: Joseph H. Earman ♦•R' . ........ Senior Vice President — Group Operations Date: 10/3/23 Attest: Ryan L. Butler, Clerk of Circuit Court and Comptroller Title: Chairman Date: 12/26/2023 APPROVED AS TO FORM AND SUIC BY ILLIAM K. DEBRAAL COUNTY ATTORNEY Addendum A Plan Booklet [See attached] Addendum B - Administrative Service Charges Administrative Service Charges The Administrative Service Charges from Effective Date through 9/30/2024 $3.75 per Covered Persons per month Fees shown above are based on the services outlined in Section II. Services to be Provided by Ameritas. Addendum C - Intentionally Omitted Addendum D - Summary of Reports Weekly Reports Paid/Denied Claims Report Monthly Reports Fees List Bill Annual Reports Experience Detail Report Customer Reporting Package Claim Payment Summary Claim Payment Breakdown by Procedure Type Claim Summary — PPO vs. Non -PPO Claim Payment analysis by Procedure Group Claim Payment analysis by Category within Procedure Group Claims Savings Categories Claims Savings Categories — PPO Claims Savings Categories — Non -PPO PPO Savings Illustration Fees include this reporting package. Deviations from these reports and/or frequency will be priced accordingly. ADDENDUM E HIPAA BUSINESS ASSOCIATE ADDENDUM This HIPAA Business Associate Addendum ("BAA") supplements and is made a part of the Administrative Services Agreement ("Service Agreement") by and between Ameritas ("Business Associate") and the party identified in the Service Agreement above ("Covered Entity"). Covered Entity and Business Associate shall be collectively referred to herein as the ("Parties"). RECITALS A. Covered Entity and Business Associate have entered or may enter into one or more services agreements (collectively the "Service Agreement") pursuant to which Business Associate is or will be providing those certain agreed upon services for and on behalf of Covered Entity, some of which may involve Business Associate's use, disclosure or creation of Protected Health Information. B. Covered Entity and Business Associate intend to protect the privacy and provide for the security of Protected Health Information received, created, used, and disclosed to or by Business Associate pursuant to the Service Agreement in compliance with HIPAA and HITECH (each as defined below). C. As part of the HIPAA and HITECH, the Standards for Privacy and the Standards for Security of Individually Identifiable Health Information codified at 45 CFR Parts 160, 162 and 164 require Covered Entity to enter into a contract with Business Associate that includes and imposes on Business Associate specific duties, obligations and requirements with respect to Business Associate's use, disclosure, creation and general handling of Protected Health Information, as set forth in, but not limited to, Title 45, §§ 164.502(e) and 164.504(e) of the Code of Federal Regulations ("CFR") and as otherwise provided in this BAA. In consideration of the mutual promises below and the exchange of information pursuant to this BAA, the Parties agree as follows: 1) Definitions. a) Specific Definitions. i) "Breach" shall have the meaning given to such term under the Privacy Rule, at 45 CFR § 164.402. ii) "Business Associate" shall have the meaning set forth above. iii) "Compliance Date" shall mean, in each case, the date by which compliance with a particular provision is required under HITECH; provided that, in any case for which that date occurs prior to the effective date of this BAA, the Compliance Date shall mean the effective date of this BAA. iv) "Covered Entity" shall have the meaning set forth above. v) "Data Agg_re atg ion" shall have the meaning given to such term under the Privacy Rule at 45 CFR § 164.501. vi) "Designated Record Set" shall have the meaning given to such term under the Privacy Rule, at 45 CFR § 164.501. vii) "Electronic Health Record" shall have the meaning given to such term in 42 USC 17921(5). viii) "Electronic Media" has the meaning in CFR § 160.103, which is: (1) Electronic storage media including memory devices in computers (hard drives) and any removable or transportable digital memory medium, such as magnetic tape or disk, optical disk, or digital memory card; or (2) Transmission media used to exchange information already in electronic storage media. Transmission media include, for example, the Internet, extranet, leased lines, dialup lines, private networks, and the physical movement of removable or transportable electronic storage media. Certain transmissions, including paper, via facsimile, and via telephone, are not considered transmissions via electronic media because the information did not exist in electronic form before the transmission. ix) "Electronic Protected Health Information" (or "EPHI") has the meaning of 45 CFR § 160.103 and is defined as protected health information contained in or transmitted on electronic media received from us or created or received on behalf of us. x) "Health Care Operations" shall have the meaning given to such term under the Privacy Rule at 45 CFR 164.501. xi) "HIPAA" shall mean the Health Insurance Portability and Accountability Act, 42 U.S.C. §§ 1320d through 1320d-8, as amended from time to time, and all associated existing and future implementing regulations, when effective and as amended from time to time. xii) "HITECH" shall mean Subtitle D of the Health Information Technology for Economic and Clinical Health Act (a.k.a. the "HITECH Act") provisions of the American Recovery and Reinvestment Act of 2009, 42 U.S.C. §§17921-17954, as amended from time to time, and all associated existing and future implementing regulations, when effective and as amended from time to time. xiii) "Individual" shall mean the person who is the subject of PHI and shall include a person who qualifies as a personal representative in accordance with the Privacy Rule. xiv) "Privacy Rule" shall mean the standard for Privacy of Individually Identifiable Health Information codified at 45 CFR Parts 160 and 164. xv) "Protected Health Information" ("PHP') has the meaning in 45 CFR § 164.304. xvi) "Required by Law" shall mean a mandate contained in law that compels a covered entity to make a use or disclosure of PHI and that is enforceable in a court of law. xvii) "Security Rule" shall mean the standard for Security of Individually Identifiable Health Information codified at 45 CFR Parts 160, 162 and 164. xviii) "Security Incident" has the meaning in 45 CFR § 164.304, which is the attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations. xix) "Subcontractor" shall have the meaning given to such term at 45 CFR § 160.103 and includes any agent/agency relationships. xx) "Unsecured Protected Health Information" (or "unsecured PHI") shall mean Protected Health Information has the meaning as set forth in 45 C.F.R. 164.402.that is not rendered unusable, unreadable, or indecipherable to unauthorized individuals through the use of a technology or methodology specified by the Secretary in the regulations or guidance issued pursuant to 42 U. S.C. §§17932(h)(2). xxi) "Unsuccessful Security Incident" shall mean, without limitation, pings and other broadcast attacks on Business Associate's firewall, port scans, unsuccessful log -on attempts, denial of service attacks, and any combination of the above, so long as no such incident results in unauthorized access, use, disclosure, modification or destruction of PER or intentional interference with system operations in an information system that contains PHI. b) Catch-all Definition. Terms used, but not otherwise defined, in this Addendum shall have the same meaning as those terms in the Privacy Rule and Security Rule. 2) Obligations of Business Associate. a) Permitted Uses. Business Associate shall not use PHI except for the purpose of performing Business Associate's obligations under the Service Agreement and as permitted or required by this BAA. Further, Business Associate shall not use PHI in any manner that would constitute a violation of the Privacy Rule if so used by Covered Entity. However, Business Associate may (i) use PHI for the proper management and administration of Business Associate and to carry out the legal responsibilities of Business Associate, and (ii) provide Data Aggregation services relating to the health care operations of Covered Entity if such services are provided by Business Associate to Covered Entity under the Service Agreement. b) Permitted Disclosures. Business Associate shall not disclose PHI in any manner that would constitute a violation of HITECH and HIPAA (including without limitation the Privacy Rule) if disclosed by Covered Entity. However, Business Associate may disclose PHI in a manner permitted pursuant to the Service Agreement, for the proper management and administration of Business Associate; and as required by law. Additionally, Business Associate may disclose PHI in a manner allowed by law if Covered Entity specifically authorizes the disclosure. In no event shall Business Associate be permitted to receive remuneration, either directly or indirectly, in exchange for PHI, except as may be approved by Covered Entity in its sole discretion and then, only to the extent permitted by 42 U.S.C. § 17935(d). To the extent that Business Associate discloses PHI to a third party, Business Associate must prior to making any such disclosure obtain, (i) reasonable assurances from such third party that such PHI will be held confidential as provided pursuant to this BAA and only disclosed as required by law or for the purposes for which it was disclosed to such third party, and (ii) an agreement from such third party to immediately notify Business Associate of any breaches of confidentiality of the PHI, to the extent it has obtained knowledge of such breach. c) Appropriate Safeguards. i) Business Associate will comply with all applicable federal and states laws and regulations and implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of EPHI that it creates, receives, maintains, or transmits on behalf of the Covered Entity as required by the Security Rule and as of the Compliance Date of 42 U.S.C. § 17931, comply with the Security Rule requirements set forth in 45 C.F.R. §§ 164.308, 164.310, 164.312, and 164.316; ii) Business Associate agrees to ensure that any agent, including a subcontractor, to whom it provides EPHI agrees to implement reasonable and appropriate safeguards to protect it; and iii) Business Associate will report to Covered Entity as soon as reasonably practicable (i) any use or disclosure of protected health information not provided for by this BAA of which it becomes aware in accordance with 45 C.F.R. § 164.504(e)(2)(ii)(C); and/or (ii) any security incident affecting EPHI of which Business Associate becomes aware in accordance with 45 C.F.R. § 164.314(a)(2)(C) provided, however, that the Parties acknowledge and agree that this Section constitutes notice by Business Associate to Covered Entity of the ongoing existence and occurrence of Unsuccessful Security Incidents for which no additional notice to Ameritas shall be required; and iv) Business Associate agrees to promptly report to Covered Entity any Breach of which it becomes aware as soon as reasonably practicable following Business Associate's discovery of any Breach involving Covered Entity's unsecured PHI. The foregoing report shall include identification of each Individual whose PHI Business Associate reasonably believes to have been accessed, acquired, or disclosed during such Breach. As soon as possible thereafter, and to the extent known, Business Associate shall also provide Covered Entity with a description of (i) what happened, including the date of the Breach and the date of the discovery, (ii) the types of unsecured PHI involved in the Breach, (iii) any steps individuals should take to protect themselves from potential harm from the Breach, and (iv) what Business Associate is doing to investigate the Breach, to mitigate harm to individuals, and to protect against any further Breaches. d) Restrictions on Disclosures. Business Associate will restrict its disclosures of the Individual's PHI in the same manner as would be required for Covered Entity. If Business Associate receives an Individual's request for restrictions, Business Associate shall forward such request to Covered Entity within ten (10) business days. e) Subcontractors. Business Associate shall ensure that any Subcontractor, to whom it provides PHI agree in writing to the same or substantially similar restrictions and conditions that apply to Business Associate with respect to such PHI. Business Associate will advise Covered Entity if any such Subcontractor breaches its agreement with Business Associate with respect to the disclosure or use of Covered Entity's Protected Health Information or EPHI. f) Access to Protected Information. Business Associate shall make PHI maintained by Business Associate or its agents or subcontractors in Designated Record Sets available to Covered Entity for inspection and copying to enable Covered Entity to fulfill its obligations under the Privacy Rule, including, but not limited to 45 CFR Section 164.524. g) Amendment of PHI. Upon receipt of a request from Covered Entity for an amendment of PHI or a record about an individual contained in a Designated Record Set, Business Associate or its agents or subcontractors shall make such PHI available to Covered Entity for amendment and incorporate any such amendment to enable Covered Entity to fulfill its obligations under the Privacy Rule, including, but not limited to, 45 CFR Section 164.526. If any individual requests an amendment of PHI directly from Business Associate or its agents or subcontractors, Business Associate shall notify Covered Entity in writing within ten (10) days of the request. Any decision to deny the requested amendment of PHI maintained by Business Associate or its agents or subcontractors shall be the sole responsibility of Covered Entity. h) Accounting Rights. Upon request for an accounting of disclosures of PHI from Covered Entity, Business Associate and its agents or subcontractors shall make available to Covered Entity the information required to provide an accounting of disclosures to enable Covered Entity to fulfill its obligations under the Privacy Rule, including, but not limited to, 45 CFR Section 164.528. As set forth in, and as limited by, 45 CFR section 164.528, Business Associate shall not provide an accounting to Covered Entity of disclosures: (i) to carry out treatment, payment or health care operations, as set forth in 45 CFR Section 164.502; (ii) to individuals of PHI about them as set forth in 45 CFR 164.502; (iii) to persons involved in the individual's care or other notification purposes as set forth in 45 CFR Section 164.510; (iv) for national security or intelligence purposes as set forth in 45 CFR Section 164.512(k)(2); or (v) to correctional institutions or law enforcement officials as set forth in 45 CFR Section 164.512(k)(5). Business Associate agrees to implement a process that allows for an accounting to be collected and maintained by Business Associate and its agents or subcontractors for at least six (6) years prior to the request, but not before the compliance date of the Privacy rule. In the event that the request for an accounting is delivered directly to Business Associate or its agents or subcontractors, Business Associate shall forward it to Covered Entity. It shall be Covered Entity's responsibility to prepare and deliver any such accounting requested. Business Associate shall not disclose any PHI except as set forth in Sections 2(b) of this BAA. i) Governmental Access to Records. If requested, Business Associate shall make its internal practices, books and records relating to the use and disclosure of PHI available to the Secretary of the U.S. Department of Health and Human Services (the "Secretary") for purposes of determining Covered Entity's compliance with Privacy Rule in accordance with 45 CFR 164.504(e)(ii)(I). j) Minimum Necessary. Business Associate (and its agents and subcontractors) shall only request, use and disclose the minimum amount of PHI necessary to accomplish the purpose of the request, use or disclosure and consistent with Covered Entity's minimum necessary policies and procedures. k) Data Ownership. Business Associate acknowledges that Business Associate has no ownership rights with respect to the PHI. 1) Retention of PHI. Upon termination of the Service Agreement for any reason, Business Associate shall return or destroy all PHI that Business Associate or its agents or subcontractors still maintain in any form and shall retain no copies of such PHI. If return or destruction is not feasible, Business Associate shall continue to extend the legally required protections of this BAA to such information, and limit further use of such PHI to those purposes that make the return or destruction of such PHI infeasible. If Business Associate elects to destroy the PHI, Business Associate shall certify in writing to Covered Entity that such PHI has been destroyed. m) Electronic Health Record. In the event that Business Associate in connection with rendering the services under the Service Agreement uses or maintains an Electronic Health Record of PHI of or about an individual, the Business Associate will provide an electronic copy of such PHI in accordance with 42 U.S.C. § 17935(e) as of its Compliance Date. Moreover, in the event that Business Associate uses or maintains an Electronic Health Record of PHI of or about an individual, then Business Associate shall make an accounting of disclosures of such PHI in accordance with the requirements for accounting of disclosures made through an Electronic Health Record in 42 U.S.C. 17935(c), as of its Compliance Date. n) Business Associate will not make or cause to be made any communication about a product or service that is prohibited by 42 U.S.C. § 17936(a) as of its Compliance Date. o) Business Associate will not make or cause to be made any written fundraising communication that is prohibited by 42 U.S.C. § 17936(b) as of its Compliance Date. p) Pursuant to the Privacy Rule, made applicable to Business Associate by HITECH, Business Associate shall adopt, implement, and follow privacy policies and procedures in the same manner and to the same extent as if it were a Covered Entity. q) Pursuant to the Security Rule, made applicable to Business Associate by HITECH, Business Associate shall adopt, implement, and follow security policies and procedures in the same manner and to the same extent as if it were a Covered Entity. 3) Obligations of Covered Entity. a) Covered Entity shall be responsible for using appropriate safeguards to maintain and ensure the confidentiality, privacy and security of PHI transmitted to Business Associate pursuant to this BAA, in accordance with the Covered Entity and requirements of the Privacy Rule, until such PHI is received by Business Associate. b) Covered Entity shall notify Business Associate of any limitation(s) in its notice of privacy practices of Covered Entity in accordance with 45 CFR § 164.520, to the extent that such limitation may affect Business Associate's use or disclosure of PHI. c) Covered Entity shall notify Business Associate of any changes in, or revocation of, permission by Individual to use or disclose PHI, to the extent that such changes may affect Business Associate's use or disclosure of PHI. d) Covered Entity shall notify Business Associate of any restriction to the use or disclosure of PHI that Covered Entity has agreed to in accordance with 45 CFR § 164.522, to the extent that such restriction may affect Business Associate's use or disclosure of PHI. 4) Term and Termination. a) Term. This BAA shall be effective as of the effective date of the underlying Service Agreement and shall terminate when all of the PHI provided by Covered Entity to Business Associate, or created or received by Business Associate on behalf of Covered Entity, is destroyed or returned to Covered Entity, or, if it is infeasible to return or destroy PHI, protections are extended to such information, in accordance with the termination provision in this section. b) Material Breach. A breach by Business Associate of any provision of this BAA, as determined by Covered Entity, shall constitute a material breach of the Service Agreement and shall provide grounds for immediate termination of the Service Agreement by Covered Entity pursuant to the Service Agreement. c) Reasonable Steps to Cure Breach. If Covered Entity knows of a pattern of activity or practice of Business Associate that constitutes a material breach or violation of Business Associate's obligations under the provisions of this BAA or another arrangement and does not terminate the Service Agreement pursuant to Section 4 (b), then Covered Entity shall take reasonable steps to cure such breach or end such violation, as applicable. If Covered Entity's efforts to cure such breach or end such violation are unsuccessful, Covered Entity shall either (i) terminate the Service Agreement, if feasible, or (ii) if termination of the Service Agreement is not feasible, Covered Entity shall report Business Associate's breach or violation to the Secretary of the Department of Health and Human Services. d) Judicial or Administrative Proceedings. Either party may terminate the Service Agreement, effective immediately, if (i) the other party is named as a defendant in a criminal proceeding for a violation of HIPAA, HITECH or other security or privacy laws or (ii) a finding or stipulation that the other party has violated any requirement of HIPAA, HITECH or other security or privacy laws is made in any administrative or civil proceeding in which the party has been joined. 5) Disclaimer. Covered Entity makes no warranty or representation that compliance by Business Associate with this BAA, HIPAA or HITECH will be adequate or satisfactory for Business Associate's own purposes. Business Associate is solely responsible for all decisions made by Business Associate regarding the safeguarding of PHI. 6) Certifications. To the extent Covered Entity determines that such examination is necessary to comply with Covered Entity's legal obligations pursuant to HIPAA and HITECH relating to certification of its security practices, Covered Entity or its authorized agents or contractors, may, at Covered Entity's expense, examine Business Associate's facilities, systems, procedures and records as may be necessary for such agents or contractors to certify to Covered Entity the extent to which Business Associate's security safeguards comply with HIPAA, HITECH or this BAA. 7) Amendment to Comply with Law. The Parties acknowledge that state and federal laws relating to data security and privacy are rapidly evolving and that amendment of this BAA may be required to provide for procedures to ensure compliance with such developments. The Parties specifically agree to take such action as is necessary to implement the amendments and requirements of HIPAA (including without limitation the Privacy Rule), HITECH and other applicable laws relating to the security or confidentiality of PHI. The Parties understand and agree that Covered Entity must receive satisfactory written assurance from Business Associate that Business Associate will adequately safeguard all PHI. Upon the request of either party, the other party agrees to promptly enter into negotiations concerning the terms of an amendment to this BAA embodying written assurances consistent with the amendments and requirements of HIPAA (including without limitation the Privacy rule), HITECH or other applicable laws. Covered Entity may terminate the Service Agreement upon thirty (30) days written notice in the event (i) Business Associate does not promptly enter into negotiations to amend this BAA when requested by Covered Entity pursuant to this Section or (ii) Business Associate does not enter into an amendment to this BAA providing assurances regarding the safeguarding of PHI that Covered Entity, in its sole discretion, deems sufficient to satisfy the Covered Entity and requirements of HIPAA, including without limitation the Privacy Rule, and HITECH. 8) Assistance in Litigation or Administrative Proceedings. Business Associate shall make itself, and any subcontractors, employees or agents assisting Business Associate in the performance of its obligations under the Service Agreement, available to Covered Entity, at no cost to Covered Entity, to testify as witnesses, or otherwise, in the event of litigation or administrative proceedings being commenced against Covered Entity, its directors, officers or employers based upon a claimed violation of HIPAA, including without limitation the Privacy Rule, HITECH or other laws relating to security and privacy, except where Business Associate or its subcontractor, employee or agent is a named adverse party. 9) No Third -Party Beneficiaries. Nothing express or implied in this BAA is intended to confer, nor shall anything herein confer, upon any person other than Covered Entity, Business Associate and their respective successors or assigns, any rights, remedies, obligations or liabilities whatsoever. 10) Effect on Agreement. Except as specifically required to implement the purposes of this BAA, or to the extent inconsistent with this BAA, all other terms of the Service Agreement shall remain in force and effect. 11) Indemnification. In addition to any indemnification obligations, which are a part of the Service Agreement, the Business Associate hereby indemnifies and agrees to hold the Covered Entity harmless against any and all claims, liabilities, obligations, costs or damage, including Civil Monetary Penalties, arising from a breach by the Business Associate of its obligations in connection with this BAA or HITECH, or HIPAA. 12) Interpretation. This BAA shall be interpreted as broadly as necessary to implement and comply with HIPAA and HITECH. The Parties agree that any ambiguity in this BAA shall be resolved in favor of a meaning that complies and is consistent with HIPAA and HITECH in light of any interpretation and/or guidance on HIPAA, the Privacy Regulation and/or the Security Regulation issued by HHS from time to time. 13) Counterparts; Facsimiles. This BAA may be executed in any number of counterparts, each of which shall be deemed an original. Facsimile copies hereof shall be deemed to be originals. 14) Disputes. If any controversy, dispute or claim arises between the Parties with respect to this BAA, the Parties shall make good faith efforts to resolve such matters informally.