Loading...
HomeMy WebLinkAbout25A - AGMT EMPLOYEE TRACKING SVCSREQUEST FOR COUNCIL ACTION CITY COUNCIL MEETING DATE: SEPTEMBER 18, 2018 TITLE: EXECUTE AN AGREEMENT WITH BASIC HR SERVICES FOR ADMINISTRATION AND TRACKING SERVICES OF EMPLOYEE LEAVES OF ABSENCE AND A BUSINESS ASSOCIATE AGREEMENT (STRATEGIC PLAN NO. 7,5A) Y MANAGER RECOMMENDED ACTION CLERK OF COUNCIL USE ONLY: r_\:7C 100A ; ❑ As Recommended ❑ As Amended ❑ Ordinance on 18' Reading ❑ Ordinance on 2nd Reading ❑ Implementing Resolution ❑ Set Public Hearing For CONTINUED TO FILE NUMBER 1. Authorize the City Manager and Clerk of the Council to execute an agreement with BASIC HR Services for an annual reoccurring amount of $16,660 for Family Medical and Leave Act "FMLA" Administration and other qualified leaves under Federal and State Law and Tracking Services of these leaves and other employee leaves of absence, for three (3) years for the period of September 1, 2018 through August 31, 2021 and with two (2) one year renewals of $17,500 each additional year, not to exceed $85,000 over a five (5) year period. Subject to non -substantive changes approved by the City Manager and City Attorney; and 2. Authorize the City Manager and Clerk of Council to execute a business associate agreement with BASIC to supplement the BASIC "FMLA" Administration agreement and outline each party's privacy rights and obligations under the BASIC agreement. DISCUSSION In alignment with the City Strategic Plan, which promotes innovation and efficiency, staff recommends adopting an agreement with BASIC; in order to provide a FMLA administration and tracking services for employee's leave of absence. The agreement will help automate business processes for greater efficiency, process improvement and compliance with the Department of Labor. The services will assist the City's Human Resources Department with Federal and State qualified leave record keeping and notification regulations by recording dates and increments of time pertaining to qualified leaves of absence taken by eligible employees storing copies of employee histories, created for purposes of FMLA. The services will also include; providing timely notices, forms and determination letters to employees; provide consistent, non -biased qualified leave administration; track employee 12 -month qualifying period and produce reports based on Employer data; collect medical certification forms; provide a web and phone reporting system for employees to report their request for leave time that may qualify them for federal and state qualified leaves and to notify the Employer of those requests; provide a web based dashboard to designated staff of Human Resources for review and intake review; and review City's Family and Medical Leave Policy and recommend changes if necessary; to attend an audit held by the 25A-1 BASIC FMLA Tracking September 18, 2018 Page 2 Department of Labor or a hearing by any governmental agency or bureau, regarding compliance with qualified leaves, including any changes or modifications to the City's Family and Medical Leave Policy and the steps required to comply with the changes. The City obtained information and quotes through the City's benefits broker, Kennan and Associates. Interviews were conducted by City staff and ultimately selected, BASIC. Currently, the process of FMLA Administration and tracking is being done manually with Excel spreadsheets, which is not an efficient way to track qualified leaves of absence. It also requires, hours of staff time to run reports, log time, evaluate qualifying time and track leave time. It will also keep our City in compliance with the Department of Labor and Health Insurance Portability and Accountability Act of 1996 (HIPPA) compliance. The parties have agreed that any claim or controversy arising out of or relating to this agreement will be settled by binding arbitration in Orange County, California. STRATEGIC PLAN ALIGNMENT Approval of this item allows the City to meet Goal #7 — Team Santa Ana, Objective #5 (Create a culture of innovation and efficiency within the organization), Strategy A (Promote the use of new technology to improve the delivery of services and information to staff and the community). FISCAL IMPACT The agreement is for three (3) years from September 1, 2018 to August 31, 2021 at a quoted cost of $16,660 for fiscal year 2018-2019 and approximately $16,660 per subsequent fiscal years. There are two (2) one year options for renewal. If all options are exercised, the agreement would last five (5) years for a total agreement amount not to exceed $85,000. Funds will be budgeted in the Human Resources Contractual Services Account (no. 08109053-62300) in fiscal year 2018-2019, fiscal year 2019-2020 and fiscal year 2020-2021 with the following distribution: Fiscal Year/Account Three Year Agreement Human Resources Contractual Services 08109053 62300 Estimated Total Amount FY 2018-2019 $16,660 $16,660 FY 2019-2020 $16,660 $16,660 FY 2020-2021 $16,660 $16,660 Two Year Renewal Option FY 2021-2022 $17,500 $17,500 FY 2022-2023 $17,500 $17,500 TOTAL Not to Exceed: $85,000 25A-2 BASIC FMLA Tracking September 18, 2018 Page 3 rYJ�, M i St en V. Pham Executive Director Human Resources Department Exhibits: 1. Basic Service Agreement 2. Basic Business Agreement 3. Basic Fee Schedule APPROVE S TO FUNDS AND ACCOUNTS: Sergio Vidal ?Yid Assistant Executive Director Finance and Management Services Agency 25A-3 25A-4 ' xa sXuvlces BASIC FMLA EASE PLUS ADMINISTRATION AGREEMENT BASIC assists employers In complying with the Family Medical Leave Act, as amended ("FMLA"). City of Santa Ana ("Employer") employs fifty (50) or more employees for each working day during each of 20 or more calendar workweeks in the current or preceding calendar year and, therefore, Is subject to FMLA. For the purpose of this agreement, the term "employee" means the employee of the Employer. In consideration of the mutual promises set forth In this Basic FMLA Administration Agreement ("Agreement"), effective September 1, 2018, BASIC and the Employer agree to the provisions set forth below. SECTION I: DUTIES OF BASIC BASIC agrees to assist the Employer in carrying out the duties and responsibilities regarding the FMLA, Specifically, BASIC agrees: 1. To facilitate implementation of the FMLA program including; a) To organize initial kickoff meeting with designated staff of the Employer to establish FMLA processes including timeline, FMLA sample letters, and Data import templates (demographic, historical and supervisor security); b) To confirm with the Employer unique employee ID numbers, supervisor security setup, Interactive Voice Response (IVR) option and languages and mailing of short term disability paperwork; c) To establish and hold weekly or bi-weekly meetings with designated staff of the Employer to discuss timeline and outstanding items; d) To provide web reporting for FMLA intake for the designated staff of the Employer. Standard script is English only. Customized script, such as wording changes or adding new fields, is an additional fee. Please see the pricing section for rate; e) To review FMLA Policy and recommend changes if necessary with the designated staff of the Employer. To provide FMLA policy if policy does not exist; f) To provide Ongoing Data load based on BASIC standard template; g) To provide a one-time supervisor load into FMLA dashboard based on BASIC standard template; h) To assist in the historical FMLA data loaded into BASIC system. Maximum of 12 months of employee FMLA history - based on the Employer's plan year; I) To provide electronic copies of training materials: employee brochure, FMLA FAQ, FMLA procedures and supervisor user guide for FMLA dashboard; to the designated staff of the Employer j) To provide black and white ID card for all employees of the Employer provided in Data file k) To conduct Supervisor Training on dashboard and FMLA for the designated staff of the Employer. Two (one-hour) on-line training sessions available. Sessions are recorded and provided to the Employer within one week after recording. Onsite training is available. Employer is required to pay for any travel or living expenses Incurred by the staff of BASIC to perform training; and Ongoing Administration: 1. To provide timely notices to employees, via US Mail, upon a potential qualifying event, of FMLA rights, obligations and consequences relating to the such employee's annual FMLA entitlement, certification requirements, the any employee's status as a "key employee," and restoration to the same or an E25A-5 equivalent job upon return from FMLA leave within five business days after receiving notification of the potential qualifying event; 2. To provide medical certification forms, via US Mail, to employees that are to be completed by a licensed health care provider within five business days after receiving notification of the potential qualifying event; 3. To provide timely notices, via US Mail, to employees of the result of any decision regarding FMLA qualification based on medical certification from health care provider within five business days after receiving the certification form; 4. To assist the Employer with FMLA record keeping and notification regulations by recording dates and increments of time FMLA leave is taken by FMLA eligible employees, storing copies of employee notices of leave and records and documents relating to certifications, recertification or medical histories of employees or employees' family member, created for purposes of FMLA. All records will be held for no less than three years; 5, To provide consistent, non -biased FMLA administration; 5. To track each employee's 12 -month qualifying period and produce standard reports based on Employer's data; 7. To track and administer federal and state -related leave plans: Family Medical Leave Act (FMLA) including California Family Rights Act ("CFRA") leave, Pregnancy Disability Leave (°PDL"), and qualified exigency leave. 8. To provide a web reporting system and optional IVR system for employees to report their absences which could qualify them for FMLA and to notify the Employer of those absences; 9. To attend any audit held by the Department of Labor or a hearing by any governmental agency or bureau, regarding the Employer's compliance with FMLA and provide at the audit or hearing records and documentation demonstrating compliance with FMLA. Employer is required to pay for any travel or living expenses incurred by the staff of BASIC; 10. To provide the Employer with reports confirming that proper notice has been given to those employees who qualified for FMLA leave and to provide current and updated information to the Employer regarding compliance with FMLA, including any changes or modifications to FMLA and the steps required to comply with the changes; 11. To provide web based dashboard to the designated staff of the Employer for review and intake review; and 12. To provide the Employer with black and white ID cards for any new hire within two weeks of the new hire appearing on the data file provided by the employer. SECTION II: DUTIES OF THE EMPLOYER The Employer agrees: To provide to BASIC'S home office, data files in BASIC's format that Includes the following information, as well as any change that may occur, as It relates to employees: a. Name, address, home telephone number and office telephone number of each employee; b. Social Security Number, gender, and marital status of each employee; C. Whether the employee is married to another employee and the Identity of immediate family members of employee; d. Number of hour's employee Is regularly scheduled to work; e. Whether the employee Is considered a "key employee" as that term is defined by FMLA; f. Employee's supervisor's name, office telephone and telefax numbers; g. Employee's date of hire and date of termination of employment; 25A-6 $17,500 for each year of the optional renewal terms. The total not to exceed amount for the term of the Agreement Including all optional renewals is $85,000. After the initial three (3) year period, BASIC may adjust fees, with a ninety day (90) written notice, based on more than a two percent (2%n) increase in administration, for eligible members. Any unpaid fee shall be immediately due upon termination of this Agreement. Each party agrees to maintain, on a confidential basis, all information that the other has designated as confidential or proprietary ("Confidential Information") and will not disclose that Confidential Information to any third party (except to consult with their respective attorneys or accountants) unless otherwise required by law. The parties agree to use the Confidential Information to facilitate the performance or enforcement of this Agreement and for no other purpose. SECTION V: INDEMNIFICATION; COOPERATION The Employer shall be solely responsible for FMLA compliance prior to the effective date of this Agreement and shall hold BASIC harmless for any action or failure to act in accordance with FMLA prior to such effective date. BASIC will hold the Employer harmless for any action or failure made by BASIC. It shall not be responsible for any action or failure caused by the Employer. If an employee files any type of claim, lawsuit or charge against the Employer and/or BASIC, alleging a violation(s) of law the Employer and BASIC will cooperate with the other's defense of such claim, lawsuit or charge. The Employer and BASIC will make available to each other upon request any and all non -privileged documents that either party has In its possession that relate to any such claim, lawsuit or charge. This provision, however, shall not preclude the raising of cross claims or third -party claims between the Employer and BASIC, if the circumstances justify such proceedings. The parties agree that this provision shall survive the termination of this Agreement. SECTION VI: MISCELLANEOUS PROVISIONS Each party represents and warrants to the other that execution of and the parties' performance of obligations under this Agreement have been duly authorized by their respective entities and that this is a valid and legal Agreement that is binding on each party and enforceable in accordance with its terms. Each provision In this Agreement is separate. If any provisions of this Agreement are ever held by a court to be unreasonable, the Parties agree that this Agreement shall be enforced to the extent it is deemed to be reasonable and in such a manner as to make this Agreement, as modified, legal and enforceable under applicable laws, and the balance of this Agreement shall not be affected, the balance being construed as severable and independent. Either party's failure to exercise or delay in exercising any power or right under this Agreement shall not operate as a waiver, or shall any single or partial exercise of any such right or power preclude any other or further exercise thereof or the exercise of remedies otherwise available in equity or at law. BASIC will provide evidence of errors and omissions or professional liability insurance coverage to Employer in the amount of $1,000,000 per occurrence and $1,000,000 of cyber liability insurance coverage prior to the start of work pursuant to this Agreement. BASIC will maintain such insurance coverages throughout the term of this Agreement and will provide evidence of such coverages upon reasonable request and when renewed. Failure to maintain insurance coverages is cause for immediate termination of said Agreement. This Agreement may be executed in one or more counterparts, each of which will be deemed to be an original but all of which together will constitute one and the same instrument. Without written consent of the other party, neither this Agreement nor any of Its benefits or obligations is assignable. For purposes of this agreement, a signed copy delivered by facsimile or electronically shall be treated by the parties as an original of this agreement and shall be given the same force and effect. An electronic signature captured within a software system will result in a legally binding contract under applicable state law, This Agreement shall be governed by and interpreted in accordance with California law. 25A-7 h. Employee's hours worked in prior 12 -month period; and Employee's assigned department. 2. To provide to BASIC'S home office copies of the following information, and any change that may occur, as it relates to the Employer's workforce and policies: a. Sick and Personal time, Vacation, Paid Time Off, Health Insurance, and Attendance, Workers Compensation, Medical Leave and Family Medical Leave Act policies; b. Number of employees within a 75 -mile radius and number of Full -Time Equivalents (FTE's); 3. To provide BASIC with up-to-date, pertinent information relating to the balance of time under FMLA that each employee is eligible to take during the 12 -month qualifying period as of the effective date of this Agreement. The parties agree that BASIC may rely on and act in accordance with any information or other Instruction believed by BASIC in good faith to be genuine and properly given; 4. To send out required COBRA forms upon the expiration of the approved FMLA leave if the employee falls to return to work; 5. To post the required notice of FMLA rights in conspicuous places, as required by the FMLA; 6. To Inform employees whether and how premiums payments are to be made in order to maintain insurance benefits, the consequences If they fail to do so, and the employee's potential liability to repay any premiums by the Employer during the employee's unpaid FMLA leave if the employee fails to return to work after taking FMLA leave, as provided by the FMLA; 7. To inform employees whether, and to what extent, paid time off must be exhausted as part of the FMLA leave; a To Inform employees of any requirement for the employee to present a fitness -for -duty certificate to be restored to employment; 9. To include an FMLA policy in the employee handbook, if the Employer has an employee handbook; 10. To facilitate the return to work process and Inform BASIC of any changes in the previously approved FMLA leave period; 11. To maintain the FMLA dashboard administrative section, this includes adding, deleting, and changing supervisor access as changes occur internally; and 12. To review daily, weekly, and/or monthly reports to ensure accuracy of information. SECTION I: RELATIONSHIP OF PARTIES; TERMINATION The parties Intend that an independent contractor -employer relationship will be created by this Agreement. BASIC shall have exclusive control and direction over its work. BASIC is not an agent or employee of the Employer for any purpose, and the employees are not employees of BASIC. It Is understood that BASIC may, in its sole discretion, enter Into an agreement for similar services to be performed for other employers not related to the Employer while this Agreement is In effect with Employer. Further, nothing set forth in this Agreement shall be construed as creating a partnership, joint venture or agency relationship between Employer and BASIC. The term of this Agreement shall be for three years from the effective date noted on page one of this Agreement with two (2) one year options to renew exercisable at the sole discretion of the Employer and subject to approval by BASIC. This Agreement can be canceled by BASIC or the Employer by providing the other party sixty (60) days written notice of the termination. SECTION V: BILLING FOR SERVICES RENDERED; CONFIDENTIALITY The Employer agrees to pay BASIC for services rendered within thirty (30) days of receipt of written invoice to Employer. The fees and payment terms are specified in the Fee Schedule that is attached to this Agreement. Annually, the compensation authorized by this Agreement shall not exceed $50,000 for the first three years and 25A-8 1.1 Notices. Any notice to be given hereunder to any Party hereto shall be in writing and delivered personally or by registered or certified national mail service or by any overnight courier service, postage or fees prepaid, addressed to the respective Party at the address set forth in this Agreement. 1.2 Arbitration. Any controversy or claim arising out of or relating to this Agreement or the breach thereof, will be settled by arbitration in California, specifically Orange County in accordance with the Commercial Arbitration Rules of the American Arbitration Association, using three arbitrators, and judgment upon the award rendered by the arbitrators may be entered in any court of competent jurisdiction. Any legal or financial services required to resolve any controversy or claim relating to this Agreement shall be paid for by the losing party. 1.3 Amendment: Entire Agreement. The Addendum(s) to this Agreement are incorporated herein by reference as if set out herein in their entirety. This Agreement, Including the Addendum(s) to this Agreement constitutes the entire agreement between the Parties hereto relating to the subject matter hereof, and supersedes all prior or contemporaneous negotiations, agreements, representations and understandings, whether oral or written, related to the subject matter. This Agreement may be amended only by mutual written agreement of the Parties and no amendment, modification, change, waiver or discharge hereof shall be valid unless in writing and signed by an authorized representative of the Party against which such amendment, modification, change, waiver, or discharge is sought to be enforced. 1.4 Section Headings. The Section headings herein are for convenience only and are not intended to affect the meaning or interpretation of this Agreement. 1.5 Counterparts. This Agreement may be executed in several counterparts, all of which taken together shall constitute one single agreement between the Parties hereto. 1.6 Consents and Approval. Except where expressly provided as being in the sole discretion of a Party, where agreement, approval, acceptance, consent, confirmation, notice or similar action by either Party is required under this Agreement, such action shall not be unreasonably delayed or withheld. An approval or consent given by a Party under this Agreement shall not relieve the other Party from responsibility for complying with the requirements of this Agreement, nor shall it be construed as a waiver of any rights under this Agreement, except as and to the extent otherwise expressly provided in such approval or consent. 1.7 Further Assurances. Each Party covenants and agrees that, subsequent to the execution and delivery of this Agreement and without any additional consideration, each Party shall execute and deliver any further legal Instruments and perform any acts that are or may become necessary to effectuate the purposes of this Agreement. 1.8 Performance of Responsibilities Except as otherwise provided in this Agreement, each Party covenants that it shall perform its responsibilities under this Agreement in a manner that does not infringe, or constitute an infringement or misappropriation of, any patent, copyright, trademark, trade secret or other proprietary rights of any third party; provided, however, that the performing Party shall not have any obligation or liability to the extent any infringement or misappropriation is caused by (i) modifications made by the other Party or Its contractors or subcontractors, without the knowledge or approval of the performing Party;( 11) the other Party's combination of the performing Party's work product or Materials with Items not furnished, specified or reasonably anticipated by the performing Party or contemplated by this Agreement; (iii) a breach of this Agreement by the other Party; (iv) the failure of the other Party to use corrections or modifications provided by the performing Party offering equivalent features and functionality, or (v)Third Party Software, except to the extent that such infringement or misappropriation arises from the failure of the performing Party to obtain the necessary licenses or required consents or to abide by the limitations of the applicable Third Party Software licenses. Each Party further covenants that it will not use or create materials in connection with the Services which are libelous, defamatory or obscene. 1.9 Covenant of Good Faith. Each Party agrees that, in Its respective dealings with the other Party under or in connection with this Agreement, it shall act in good faith. 25A-9 1.10 Severabiiity. In the event that any one or more of the provisions contained herein shall, for any reason, be held to be invalid, illegal, or unenforceable in any respect, such Invalidity, illegality, or unenforceability shall not affect any of the other provisions of this Agreement, and this Agreement shall be construed as if such provision(s) had never been contained herein, provided that such provision(s) shall be curtailed, limited, or eliminated only to the extent necessary to remove the invalidity, Illegality, or unenforceability. 1.11 Waiver: No Oral Modification. No waiver by the Service Provider of any breach by Client of any of the provisions of this Agreement shall be deemed a waiver of any preceding or succeeding breach of this Agreement. No such waiver shall be effective unless it is in writing signed by the Parties hereto, and then only to the extent expressly set forth in such writing. No modification of this Agreement shall be effective unless it is in writing and signed by the Parties hereto, and then only to the extent set forth in such writing._ 1.12 NoAssignment. No benefit or duty under this Agreement shall be subject in any manner to anticipation, alienation, sale, transfer, assignment, pledge, encumbrance or charge, and any attempt to do so shall be void. 5T1 le] Signature: _ Print Name: Title: Date: Employer: See attached Signature: Print Name: Title: Date: 25A-10 ATTEST: MARIA HUIZAR Clerk of the Council APPROVED AS TO FORM: SONIA R. CARVALHO City Attorney By:CJUUL� Laura A. Rossini Senior Assistant City Attorney RECOMMENDED FOR APPROVAL: STEVEN V. PHAM Executive Director of Human Resources Revised 01114/2016 CITY OF SANTA ANA Raul Godinez, ll. City Manager tl 25A-11 HSI( MR ".• MR SERVICES FEE SCHEDULE Per Employee per Month (PEPM) Fee $1.32 Optional Services below (additional fees apply If selected): • Additional languages for IVR: Add $800 for Spanish (other languages quoted) • Customized IVR Scripts: $150/hour • Updating & Script Revisions for IVR: $150/hour • BASIC has the right to apply additional fees for any service outside the scope of its contracted services. • IT development for special processing, custom reports, and data formatting/cleansing- $125/hour • Intake script customization or mid -year changes - $125/ hour • Second and Third Opinion on FMLA: $100 per event and cost of doctor visit • EDI (,Electronic Data Interchange): A. Monthly Fees (if applicable): Monthly fees will be assessed on a case by case basis for each line of service (likely between $50 and $250 per month) for EDI files with the following issues: a. Files not provided in BASIC's format b. Required data is missing/not provided c. Data is inaccurate or conflicting data Is provided d. Files transmitted in a non-standard manner e. Other reasons as determined by BASIC THE EMPLOYER TO INTIAL WITH ACCEPTANCE OF FEES HERE Revised 5.25.17 25A-12 4bflsl( BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement, is entered into as of September 1, 2018, by and between The City of Santa Ana (the "Plan" or "Covered Entity"); and Benefit Administration Services International Corporation (the "Business Associate"). WITNESSETH: WHEREAS, the Covered Entity previously has entered into an agreement (the "Agreement") with the Business Associate, whereby the Business Associate has agreed to provide certain services to the Plan; WHEREAS, to provide such services to the Plan, the Business Associate must have access to certain protected health information ("Protected Health Information" or "PHI"), as defined in the Standards for Privacy of Individually Identifiable Health Information (the "Privacy Standards") set forth by the U.S. Department of Health and Human Services ("HHS") pursuant to the Health Insurance Portability and Accountability Act of 1998, ("HIPAA") and amended by the Health Information Technology for Economic and Clinical Health Act ("HITECH Act"), part of the American Recovery and Reinvestment Act of 2009 ("ARRA"), the Genetic Information Nondiscrimination Act of 2008 ("GINA"), and the final regulations to such Acts promulgated in January 2013; WHEREAS, to comply with the requirements of the Privacy Standards, the Covered Entity must enter into this Business Associate Agreement with the Business Associate. NOW, THEREFORE, in consideration of the mutual covenants and agreements hereinafter contained, and other good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged, and Intending to be legally bound hereby, the parties hereto agree as follows: I. Definitions The following terms used in this Agreement shall have the same meaning as those terms in the Privacy Rules: Breach, Data Aggregation, Designated Record Set, Disclosure, Health Care Operations, Individual, Minimum Necessary, Notice of Privacy Practices, Secretary, Subcontractor, and Use. If other terms are used, but not otherwise defined under this Business Associate Agreement, such terms shall then have the same meaning as those terms in the Privacy Rule. (a) Business Associate. "Business Associate" shall generally have the same meaning as the term "business associate" at 45 CFR 160.103. (b) Covered Electron& Transactions. "Covered Electronic Transactions" shall have the meaning given the term "transaction"" in 45 CFR §160.103. (c) Covered€ntity. "Covered Entity" shall generally have the same meaning as the term 'covered entity" at 45 CFR 160.103. (d) Electronic Protected Health information. "Electronic Protected Health Information" shall have the same meaning as the term "electronic protected health information" in 45 CFR §160.103. (e) Genetic Information. "Genetic Information" shall have the same meaning as the term "genetic Information" in 45 CFR §160.103. (t7 HIPAA Rules. "HIPAA Rules" shall mean the Privacy, Security, Breach Notification, and Enforcement Rules at 45 CFR Part 160 and Part 164. (g) Indivl ual. "Individual" shall have the same meaning as the term "individual" in 45 CFR §160.103 and shall include a person who qualifies as a personal representative in accordance with 45 CFR §164.502(g). (h) Privacy Rule. "Privacy Rule" shall mean the Standards for Privacy of Individually Identifiable Health Information at 45 CFR Part 160 and Part 164, subparts A and E. Exhibit 2 25A-13 (I) Protected Health Information (PHI). "Protected Health Information (PHI)" shall have the same meaning as the term "protected health information" in 45 CFR §160.103, limited to the information created or received by Business Associate from or on behalf of a Covered Entity pursuant to this Agreement. (%) Repaired By Law. "Required By Law" shall have the same meaning as the term "required by law" in 45 CFR §164.103. (k) Secretary. "Secretary" shall mean the Secretary of the Department of Health and Human Services or his designee. (I) Standards for Electronic Transactions Rule. "Standards for Electronic Transactions Rule" means the final regulations issued by HHS concerning standard transactions and code sets under the Administration Simplification provisions of HIPAA, 45 CFR Part 160 and Part 162. (m) Security lncidenf. "Security Incident" shall have the same meaning as the term "security Incident" in 45 CFR §164,304. (n) Security Rule. "Security Rule" shall mean the Security Standards and Implementation Specifications at 45 CFR Part 160 and Part 164, subpart C. (®) Subcontractor. "Subcontractor" shall have the same meaning as the term "subcontractor" in 45 CFR §160.103. (p) Transaction. "Transaction" shall have the meaning given the term "transaction" in 45 CFR §160.103 (q) Unsecured Protected Health information. "Unsecured Protected Health Information" shall have the meaning given the term "unsecured protected health information" in 45 CFR §164.402. II. Safeguarding Privacy and Security of Protected Health Information (a) Permitted Uses and Disclosures. The Business Associate Is permitted to use and disclose Protected Health Information that it creates or receives on the Covered Entity's behalf or receives from the Covered Entity (or another business associate of the Covered Entity) and to request Protected Health Information on the Covered Entity's behalf (collectively, "Covered Entity's Protected Health information") only: (i) Functions and Activities on the Covered Entity's Behalf. To perform those services referred to In the services agreement. (ii) Business Associate's Operations. For the Business Associate's proper management and administration or to carry out the Business Associate's legal responsibilities, provided that, with respect to disclosure of the Covered Entity's Protected Health Information, either: (A) The disclosure is Required by Law; or (B) The Business Associate obtains reasonable assurance from any person or entity to which the Business Associate will disclose the Covered Entity's Protected Health Information that the person or entity will: (1) Hold the Covered Entity's Protected Health Information in confidence and use or further disclose the Covered Entity's Protected Health information only for the purpose for which the Business Associate disclosed the Covered Entity's Protected Health Information to the person or entity or as Required by Law; and (2) Promptly notify the Business Associate (who will in turn notify the Covered Entity In accordance with the breach notification provisions) of any instance of which the person or entity becomes aware in which the confidentiality of the Covered Entity's Protected Health Information was breached. (C) To de -identify the Information in accordance with 45 CFR 164.514(a) — (c) as necessary to perform those services required under the Agreement. 25A-14 (iii) Minimum Necessary. The Business Associate will, in Its performance of the functions, activities, services, and operations specified above, make reasonable efforts to use, to disclose, and to request only the minimum amount of the Covered Entity's Protected Health Information reasonably necessary to accomplish the intended purpose of the use, disclosure or request, except that the Business Associate will not be obligated to comply with this minimum -necessary limitation if neither the Business Associate nor the Covered Entity is required to limit Its use, disclosure or request to the minimum necessary. The Business Associate and the Covered Entity acknowledge that the phrase "minimum necessary' shall be interpreted in accordance with the HITECH Act. (b) Prohibition on Unauthorized Use or Disclosure. The Business Associate will neither use nor disclose the Covered Entity's Protected Health Information, except as permitted or required by this Agreement or in writing by the Covered Entity or as Required by Law. This Agreement does not authorize the Business Associate to use or disclose the Covered Entity's Protected Health Information in a manner that will violate Subpart E of 45 CFR Part 164 if done by the Covered Entity. (c) information Safeguards. (i) Privacy of the Covered Entity's Protected Health information. The Business Associate will develop, Implement, maintain, and use appropriate administrative, technical, and physical safeguards to protect the privacy of the Covered Entity's Protected Health Information. The safeguards must reasonably protect the Covered Entity's Protected Health Information from any Intentional or unintentional use or disclosure in violation of the Privacy Rule and limit incidental uses or disclosures made to a use or disclosure otherwise permitted by this Agreement. (ti) Security of the Covered Entity's Electronic Protected Health Information. The Business Associate will develop, implement, maintain, and use administrative, technical, and physical safeguards that reasonably and appropriately protect the confidentiality, Integrity, and availability of Electronic Protected Health Information that the Business Associate creates, receives, maintains, or transmits on the Covered Entity's behalf as required by the Security Rule. The Business Associate will comply with Subpart C of 45 CFR Part 164 with respect to Electronic Protected Health Information, to prevent use or disclosure of protected health information other than as provided for by the Agreement, (iii) No Transfer of PHI Outside United States. Business Associate will not transfer Protected Health Information outside the United States without the prior written consent of the Covered Entity. In this context, a "transfer" outside the United States occurs if Business Associate's workforce members, agents, or subcontractors physically located outside the United States are able to access, use, or disclose Protected Health Information. (iv) Policies and Procedures. The Business Associate shall maintain written policies and procedures, conduct a risk analysis, and train and discipline its workforce. (d) Subcontractors and Agents. In accordance with 45 CFR 164.502(e)(1)(11) and 164.308(b)(2), if applicable, the Business Associate will ensure that any of Its Subcontractors and agents that create, receive, maintain, or transmit Protected Health Information on behalf of the Business Associate agree to the same restrictions, conditions, and requirements that apply to the Business Associate with respect to such Information. (e) Prohibition on Sale of Records. As of the effective date specified by HHS in final regulations to be Issued on this topic, the Business Associate shall not directly or Indirectly receive remuneration in exchange for any Protected Health Information of an individual unless the Covered Entity or Business Associate obtained from the individual, in accordance with 45 CFR §164.508, a valid authorization that includes a specification of whether the Protected Health Information can be further exchanged for remuneration by the entity receiving Protected Health Information of that individual, except as otherwise allowed under the HITECH Act. (f) Prohibition on Use or Disclosure of Genetic Information. Business Associate shall not use or disclose Genetic Information for underwriting purposes in violation of the HIPAA rules. (g) Penalties For Noncompliance. The Business Associate acknowledges that it is subject to civil and criminal enforcement for failure to comply with the privacy rule and security rule under the HIPAA Rules, as amended by the HITECH Act. 25A-15 Compliance with Electronic Transactions Rule If the Business Associate conducts in whole or part Electronic Transactions on behalf of the Covered Entity for which HHS has established standards, the Business Associate will comply, and will require any Subcontractor or agent it involves with the conduct of such Transactions to comply, with each applicable requirement of the Electronic Transactions Rule, The Business Associate shall also comply with the National Provider Identifier requirements, if and to the extent applicable. IV. Obligations of the Covered Entity The Covered Entity shall notify the Business Associate of: (a) Any limitation(s) in its notice of privacy practices of the Covered Entity in accordance with 45 CFR §164.620, to the extent that such limitation may affect the Business Associate's use or disclosure of Protected Health Information; (b) Any changes In, or revocation of, permission by the Individual to use or disclose Protected Health Information, to the extent that such changes may affect the Business Associate's use or disclosure of Protected Health Information; and (c) Any restriction to the use or disclosure of Protected Health Information that the Covered Entity has agreed to in accordance with 45 CFR §164.522, to the extent that such restriction may affect the Business Associate's use or disclosure of Protected Health Information. V. Permissible Requests by the Covered Entity The Covered Entity shall not request the Business Associate to use or disclose Protected Health Information in any manner that would not be permissible under the Privacy Rule if done by the Covered Entity. VI, Individual Rights (a) Access. The Business Associate will, within twenty-five (25) calendar days following the Covered Entity's request, make available to the Covered Entity or, at the Covered Entity's direction, to an individual (or the individual's personal representative) for inspection and obtaining copies of the Covered Entity's Protected Health Information about the individual that is in the Business Associate's custody or control, so that the Covered Entity may meet its access obligations under 45 CFR §164.624. Effective as of the date specified by HHS, if the Protected Health Information is held electronically in a designated record set In the Business Associate's custody or control, The Business Associate will provide an electronic copy in the form and format specified by the Covered Entity if it is readily producible in such format; if it is not readily producible in such format, the Business Associate will work with the Covered Entity to determine an alternative form and format as specified by the Covered Entity to meet its electronic access obligations under 45 CFR 164.624. (b) Amendment. The Business Associate will, upon receipt of written notice from the Covered Entity, promptly amend or permit the Covered Entity access to amend any portion of the Covered Entity's Protected Health Information in a designated record set as directed or agreed to by the Covered Entity, so that the Covered Entity may meet its amendment obligations under 45 CFR §164,526. (c) Disclosure Accounting. The Business Associate will maintain and make available the information required to provide an accounting of disclosures to the Covered Entity as necessary to satisfy the Covered Entity's obligations under 45 CFR §164.528. (1) Disclosures Subject to Accounting. The Business Associate will record the Information specified below ("Disclosure Information') for each disclosure of the Covered Entity's Protected Health Information, not excepted from disclosure accounting as specified below, that the Business Associate makes to the Covered Entity or to a third party. (II) Disclosures Not Subject to Accounting. The Business Associate will not be obligated to record Disclosure Information or otherwise account for disclosures of the Covered Entity's Protected Health Information If the Covered Entity need not account for such disclosures under the HIPAA Rules. 25A-16 (111) Disclosure Information. With respect to any disclosure by the Business Associate of the Covered Entity's Protected Health Information that is not excepted from disclosure accounting under the HIPAA Rules, the Business Associate will record the following Disclosure Information as applicable to the type of accountable disclosure made: (A) Disclosure Information Generally. Except for repetitive disclosures of the Covered Entity's Protected Health Information as specified below, the Disclosure Information that the Business Associate must record for each accountable disclosure Is (1) the disclosure date, (2) the name and (if known) address of the entity to which the Business Associate made the disclosure, (3) a brief description of the Covered Entity's Protected Health Information disclosed, and (4) a brief statement of the purpose of the disclosure. (B) Disclosure Information for Repetitive Disclosures. For repetitive disclosures of the Covered Entity's Protected Health Information that the Business Associate makes for a single purpose to the same person or entity (Including the Covered Entity), the Disclosure Information that the Business Associate must record Is either the Disclosure Information specified above for each accountable disclosure, or (1) the Disclosure Information specified above for the first of the repetitive accountable disclosures; (2) the frequency, periodicity, or number of the repetitive accountable disclosures; and (3) the date of the last of the repetitive accountable disclosures. (iv) Availability of Disclosure Information. The Business Associate will maintain the Disclosure Information for at least 6 years following the date of the accountable disclosure to which the Disclosure Information relates (3 years for disclosures related to an Electronic Health Record, starting with the date specified by HHS). The Business Associate will make the Disclosure Information available to the Covered Entity within twenty-five (25) calendar days following the Covered Entity's request for such Disclosure Information to comply with an individual's request for disclosure accounting. Effective as of the date specified by HHS, with respect to disclosures related to an Electronic Health Record, the Business Associate shall provide the accounting directly to an individual making such a disclosure request, if a direct response is requested by the individual. To the extent the Business Associate is to carry out one or more of Covered Entity's obligation(s) under Subpart E of 45 CFR Part 164, comply with the requirements of Subpart E that apply to the covered entity in the performance of such obligation(s); and make its Internal practices, books, and records available to the Secretary for purposes of determining compliance with the HIPAA Rules. (d) Restriction Agreements and Confidential Communications. The Covered Entity shall notify the Business Associate of any limitations in the notice of privacy practices of Covered Entity under 45 CFR §164.520, to the extent that such limitation may affect the Business Associate's use or disclosure of Protected Health Information. The Business Associate will comply with any agreement that the Covered Entity makes that either (1) restricts use or disclosure of the Covered Entity's Protected Health Information pursuant to 45 CFR §164.522(a), or (ii) requires confidential communication about the Covered Entity's Protected Health Information pursuant to 45 CFR §164.522(b), provided that the Covered Entity notifies the Business Associate in writing of the restriction or confidential communication obligations that the Business Associate must follow. The Covered Entity will promptly notify the Business Associate in writing of the termination of any such restriction agreement or confidential communication requirement and, with respect to termination of any such restriction agreement, instruct the Business Associate whether any of the Covered Entity's Protected Health Information will remain subject to the terms of the restriction agreement. Effective February 17, 2010 (or such other date specified as the effective date by HHS), the Business Associate will comply with any restriction request If: (1) except as otherwise required by law, the disclosure is to a health plan for purposes of carrying out payment or health care operations (and is not for purposes of carrying out treatment); and (ii) the Protected Health Information pertains solely to a health care item or service for which the health care provider involved has been paid out-of-pocket in full. VII. Breaches and Security Incidents (a) Reporting. (1) Impermissible Use or Disclosure. The Business Associate will report to Covered Entity any use or disclosure of Protected Health Information not permitted by this Agreement not more than twenty-five (25) calendar days after Business Associate becomes aware of such non -permitted use or disclosure. (11) Privacy or Security Breach. The Business Associate will report to the Covered Entity any use or disclosure of the Covered Entity's Protected Health Information not permitted by this Agreement of which it becomes aware, including breaches of Unsecured Protected Health Information as required by 45 CFR 25A-17 164.410, and any Security Incident of which it becomes aware. The Business Associate will make the report to the Covered Entity's Privacy Official not more than twenty-five (25) calendar days after the Business Associate becomes aware of such non -permitted use or disclosure. If a delay is requested by a law-enforcement official in accordance with 45 CFR §164.412, the Business Associate may delay notifying the Covered Entity for the applicable time period. The Business Associate's report will at least: (A) Identify the nature of the Breach or other non -permitted use or disclosure, which will include a brief description of what happened, including the date of any Breach and the date of the discovery of the Breach; (B) Identify the Covered Entity's Protected Health Information that was subject to the non -permitted use or disclosure or Breach (such as whether full name, social security number, date of birth, home address, account number or other information were involved) on an Individual basis; (C) Identify who made the non -permitted use or disclosure and who received the non -permitted use or disclosure; (D) Identify what corrective or Investigational action the Business Associate took or will take to prevent further non -permitted uses or disclosures, to mitigate harmful effects and to protect against any further Breaches; (E) Identify what steps the Individuals who were subject to a Breach should take to protect themselves; and (F) Provide such other Information, including a written report and risk assessment under 45 CFR §164.402, as the Covered Entity may reasonably request, (iii) Security Incidents. The Business Associate will report to The Covered Entity any Security Incident of which the Business Associate becomes aware. The Business Associate will make this report once per month, except If any such Security Incident resulted in a disclosure not permitted by this Agreement or Breach of Unsecured Protected Health Information, Business Associate will make the report in accordance with the provisions set forth above, (b) Mitigation. The Business Associate shall mitigate, to the extent practicable, any harmful effect known to the Business Associate resulting from a use or disclosure in violation of this Agreement. VIII. Term and Termination (a) Tenn. The term of this Agreement shall be effective as of the date specified below, and shall terminate when all Protected Health Information provided by the Covered Entity to the Business Associate, or created or received by the Business Associate on behalf of the Covered Entity, is destroyed or returned to the Covered Entity, or, if It Is infeasible to return or destroy Protected Health Information, protections are extended to such information, in accordance with the termination provisions in this section. (b) Right to Terminate for Cause. The Covered Entity may terminate this Agreement if it determines, in its sole discretion that the Business Associate has breached a material term of this Agreement, and upon written notice to the Business Associate of the breach, the Business Associate fails to cure the breach within thirty (30) calendar days after receipt of the notice. Any such termination will be effective Immediately or at such other date specified in the Covered Entity's notice of termination. (c) Treatment of Protected Health Information on Termination. (i) Return or Destruction of Covered Entity's Protected Health Information as Feasible. Upon termination or other conclusion of this Agreement, the Business Associate will, if feasible, return to the Covered Entity or destroy all of the Covered Entity's Protected Health Information in whatever form or medium, Including all copies thereof and all data, compilations, and other works derived there from that allow Identification of any Individual who Is a subject of the Covered Entity's Protected Health Information. This provision shall apply to Protected Health Information that is In the possession of Subcontractors or agents of the Business Associate. Further, the Business Associate shall require any such Subcontractor or agent to certify to the Business Associate that It returned to the Business Associate (so that the Business Associate may return it to the Covered Entity) or destroyed all such information which could be returned or destroyed. The Business 25A-18 Associate will complete these obligations as promptly as possible, but not later than thirty (30) calendar days following the effective date of the termination or other conclusion of this Agreement. (Ii) Procedure When Return or Destruction Is Not Feasible. The Business Associate will identify any of the Covered Entity's Protected Health Information, Including any that the Business Associate has disclosed to Subcontractors or agents as permitted under this Agreement, that cannot feasibly be returned to the Covered Entity or destroyed and explain why return or destruction is infeasible. The Business Associate will limit its further use or disclosure of such information to those purposes that make return or destruction of such Information infeasible. The Business Associate will complete these obligations as promptly as possible, but not later than thirty (30) calendar days following the effective date of the termination or other conclusion of this Agreement. (Iii) Continuing Privacy and Security Obligation. The Business Associate's obligation to protect the privacy and safeguard the security of the Covered Entity's Protected Health Information as specified in this Agreement will be continuous and survive termination or other conclusion of this Agreement. IX. Miscellaneous Provisions (a) Definitions. All terms that are used but not otherwise defined in this Agreement shall have the meaning specified under HIPAA, including its statute, regulations and other official government guidance. (b) Inspection of Internal Practices, Books, and Records. The Business Associate will make its internal practices, books, and records relating to its use and disclosure of the Covered Entity's Protected Health Information available to the Covered Entity and to HHS to determine compliance with the HIPAA Rules. (c) Amendment to Agreement. This Agreement may be amended only by a written instrument signed by the parties. In case of a change in applicable law, the parties agree to negotiate in good faith to adopt such amendments as are necessary to comply with the change in law. (d) No Third -Party Beneficiaries. Nothing in this Agreement shall be construed as creating any rights or benefits to any third parties. (e) Regulatory References. A reference in this Business Associate Agreement to a section in the Privacy Rule means the section as in effect or as amended. (f) Survival. The respective rights and obligations of the Business Associate Agreement shall survive the termination of this Agreement. (g) Interpretation. Any ambiguity in this Agreement shall be resolved to permit the Covered Entity to comply with the HIPAA Rules. (h) Notices. All notices hereunder shall be in writing and delivered by hand, by certified mail, return receipt requested or by overnight delivery. Notices shall be directed to the parties at their respective addresses set forth in the first paragraph of this Business Associate Agreement or below their signature, as appropriate, or at such other addresses as the parties may from time to time designate In writing. (1) Entire Agreement, Modification, This Business Associate Agreement represents the entire agreement between the Business Associate and the Covered Entity relating to the subject matter hereof. No provision of this Business Associate Agreement may be modified, except in writing, signed by the parties. Q) Indemnification. Each Party agrees to indemnify, defend and hold harmless each other Party, Its affiliates and each of their respective directors, officers, employees, agents or assigns from and against any and all actions, causes of actions, claims, sults and demands whatever, and from all damages, liabilities, costs, charges, debts and expenses whatever (including reasonable attorneys' fees and expenses related to any litigation or other defense of any claims), which may be asserted or for which they may now or hereafter become subject arising in connection with (1) any misrepresentation, breach of warranty or non -fulfillment of any undertaking on the part of the Party to the Agreement and (ii) any claims, demands, awards, judgments, actions, and proceedings made by any person or organization arising out of any way connected with the Party's performance. (k) Assistance In Litigation or Administrative Proceedings. The Business Associate shall make Itself, and any subcontractors, employees or agents assisting the Business Associate in the performance of Its obligations under 25A-19 this Agreement, available to the Covered Entity, at no cost to the Covered Entity, to testify as witnesses, or otherwise, in the event of litigation or administrative proceedings being commenced against the Covered Entity, Its directors, officers; or employees based upon a claimed violation of HIPAA, the HIPAA regulations, or other laws relating to security and privacy, except where the Business Associate or its subcontractors, employees, or agents are named as an adverse party. (1) Binding Effect. This Business Associate Agreement shall be binding upon the parties hereto and their successors and assigns. For purposes of this agreement, a signed copy delivered by facsimile or electronically shall be treated by the parties as an original of this agreement and shall be given the same force and effect. (m) Governing Law, Jurisdiction, and Venue. This Agreement shall be governed by the law of California except to the extent preempted by federal law. (n) Severability. The invalidity or unenforceability of any provisions of this Agreement shall not affect the validity or enforceability of any other provision of this Agreement, which shall remain in full force and effect. (o) Construction and Interpretation. The section headings contained in this Agreement are for reference purposes only and shall not in any way affect the meaning or interpretation of this Agreement. This Agreement has been negotiated by the parties at arm's-length and each of them has had an opportunity to modify the language of the Agreement. Accordingly, the Agreement shall be treated as having been drafted equally by the parties and the language shall be construed as a whole and according to Its fair meaning. Any presumption or principle that the language Is to be construed against any party shall not apply. This Agreement may be executed in counterparts, each of which shall be deemed to be an original, but all of which, taken together, shall constitute one and the same agreement. (p) Electronic Signature. An electronic signature captured within a software system will result in a legally binding contract under applicable state law. In Witness Whereof, the parties hereto have caused this Agreement to be executed as of the date first above written. BUSINESS ASSOCIATE: COVERED ENTITY: BASIC Employer: See Attached. Signature, Signature: _ Print Name: Print Name: Title: _ Title: Date: Date: 25A-20 ATTEST: CITY OF SANTA ANA MARIA HUIZAR Raul Godinez, II. Clerk of the Council City Manager APPROVED AS TO FORM: SONIA R. CARVALHO City Attorney By:C c,,— A,y-� � — Laura A. Rossini Senior Assistant City Attorney RECOMMENDED FOR APPROVAL: STEVEN V. PHAM Executive Director of Human Resources (Revised 6.18.14) 9 25A-21 25A-22 �. Gil NQ SFAVICE5 FEE SCHEDULE Per Employee per Month (PEPM) Fee $1.32 Optional Services below (additional fees apply if selected): • Additional languages for IVR: Add $800 for Spanish (other languages quoted) • Customized IVR Scripts: $150/hour Updating & Script Revisions for IVR: $150/hour • BASIC has the right to apply additional fees for any service outside the scope of its contracted services, • IT development for special processing, custom reports, and data formatting/cleansing- $125/hour • Intake script customization or mid -year changes - $125/ hour • Second and Third Opinion on FMLA: $1100 per -event and cost of doctor visit • EDI (Electronic Data Interchange): A. Monthly Fees (if applicable): Monthly fees will be assessed on a case by case basis for each line of service (likely between $50 and $250 per month) for EDI files with the following issues: a. Files not provided in BASIC's format b. Required data is missing/not provided c. Data is Inaccurate or conflicting data is provided d. Files transmitted in a non-standard manner e. Other reasons as determined by BASIC THE EMPLOYER TO INTIAL WITH ACCEPTANCE OF FEES HERE Revised 5,25.17 =711171X] 25A-23 25A-24