HomeMy WebLinkAboutHEALTH RISK MANAGEMENT AGREEMENT BETWEEN HEALTHSTAT NC AND AUGUSTA GAThis Health Risk Management Agreement ( "Agreement ") is made and entered into as of the 26
day of July, 2012 by and between Healthstat, Inc., a North Carolina Corporation ( "Healthstat ") and
Augusta, Georgia , a political subdivision of the State of Georgia ( "Employer "), acting on behalf of
Augusta, Georgia health plan ( "Plan "). All references to Employer in this Agreement shall be deemed to
refer to it as acting in its capacity as Plan Administrator or on behalf of the Plan.
WHEREAS, Employer conducts business in the state of Georgia and is headquartered with its
principal offices located in Augusta, Georgia; and
WHEREAS, Employer desires to reduce Plan healthcare costs for its employees while improving
the overall health of its employees, and is therefore entering into this Agreement for the Plan; and
WHEREAS, Healthstat has offered to assist Employer by establishing and operating nurse
practitioner, physician's assistant and /or physician ( "Clinician ") clinics ( "Clinic(s) ") on or near the premises
of Employer and by providing other value -added services, all designed to assist Employer in reducing
Plan health care costs and decreasing lost productivity due to illness - related absences ( "Benefits "); and
WHEREAS, Employer desires to contract with Healthstat and establish Clinic(s) on or near
Employer's premises; and
WHEREAS, Healthstat has agreed to contract with Employer for the establishment of Clinic(s) on
or near Employer's premises and to provide other services as set forth in this Agreement; and
WHEREAS, Healthstat has made Employer aware, and, Employer acknowledges the success
and effectiveness of the services offered by Healthstat in achieving Benefits is greatly dependent upon
the support and assistance Employer provides Healthstat regarding educating and participation of
Employer's workforce, allowing sufficient clinic hours of operation, and, providing suitable premises for a
clinic with convenient physical access.
NOW, THEREFORE, in consideration of the mutual premises, promises, covenants and
conditions contained herein, and as hereinafter set forth, the sufficiency of which is acknowledged, the
parties agree as follows:
1. Healthstat Services. Healthstat shall provide the Plan the services set forth in this Agreement.
Employer shall provide the assistance described hereafter to increase the Benefits achieved. Employer
acknowledges that Healthstat is not engaged in the practice of medicine.
1.1 Establishment of Clinic(s).
HEALTH RISK MANAGEMENT AGREEMENT
RECITALS
1
Healthstat shall provide licensed and certified Clinician(s) who are employed by
Healthstat, or contracted with licensed physicians or physician practices ( "Group"
or "Groups" which term shall include both sole physician practices and practices
with multiple physicians) to provide services under contract with Healthstat, to
provide professional services consistent with reasonable and appropriate
standards of community -based primary care providers, and who are responsible
for supervising the Clinician(s) operating the clinics on the Employer's premises
as required in accordance with applicable state law. Each Clinician that is
employed or contracted by Healthstat shall be supervised by a Physician
independently contracted by Healthstat, as required in accordance with
applicable state law. Each Clinician, MD and the Group(s) shall be certified in
their medical specialty and shall meet all requirements for continuing education
and peer review. Each Clinician and Group shall remain in good standing with
the State licensing authority governing the practice of medicine within the state
where each Clinic is located. Each Group shall supervise and oversee each
Clinician at every Clinic location in accordance with applicable state law. Every
Healthstat contract with a Group shall contain provisions requiring the Group to
comply with all applicable state laws in the provision of professional medical
services at the Clinic(s) and, shall contain an agreement to indemnify Employer
against all claims, losses, and liability sought or determined in connection with
the provision of medical services at the Clinic unless such indemnity is prohibited
by law. Healthstat shall further require that each Group carry medical
malpractice insurance.
1.1.2 Healthstat shall provide Employer with a design layout of the space to serve as
the Clinic. All costs associated with renovating or preparing the physical space
for the Clinic shall be borne by Employer.
1.1.3 The services to be provided under this Agreement, and, therefore, the success of
Healthstat in improving Benefits is initially dependent upon Healthstat being able
to locate and staff each Clinic(s). Healthstat shall use its best efforts to locate
and coordinate Clinician in order to provide hours of service at the Clinic as
mutually agreed to by the parties and set forth on Exhibit "A" attached hereto,
which may only be amended by consent of both parties in writing.
Employer shall pay Healthstat a good faith deposit, as identified on Exhibit B, to
help defray a portion of the cost incurred by Healthstat in establishing the Clinic.
1.1.4 Each Clinic shall be opened at the location(s) described on Exhibit "A" by the
date(s) set forth on Exhibit "A ". In the event any Clinic is not opened on the date
set forth on Exhibit "A" as a result of the failure of Healthstat to provide a
Clinician at a Clinic location, then Healthstat shall return that portion of the good
faith deposit attributed to that Clinic. And, in the event Healthstat fails to open
any Clinic(s) on the date(s) set forth on Exhibit "A" due to the failure to provide a
Clinician, Employer shall have the right to terminate this Contract and receive a
refund of the total good faith deposit.
1.2 Education of workforce about Healthstat Services. Healthstat shall provide educational
sessions at each health assessment event described in Section 1.3 below. In each education session,
Healthstat shall provide education to Employer's workforce about the services offered by Healthstat and
the benefits which employees, and eligible spouses and dependents, if included, may derive from using
the services provided by Healthstat.
1.3 Health Assessment(s). An initial health assessment shall be performed on each
participating employee, which shall include the collection of certain baseline clinical data indices including
cholesterol, triglycerides, and glucose. In addition, Healthstat shall collect the clinical indices for the
Prostate Screening Antigen (PSA) if Employer has selected this service as evidenced on Exhibit "B"
attached hereto. The initial health assessment of Employer's entire participating workforce shall be
completed before the opening of the Clinic(s). The next mass assessment will be conducted eighteen
(18) months after the Clinic opens. Subsequent health assessments shall be completed once every
twelve (12) months thereafter. Healthstat shall be responsible for collecting blood pressure, body weight
indexing, and providing a health survey to be completed by the employees. Healthstat shall work with
Employer to encourage employees to participate in such health assessment(s). At Employer's request,
Healthstat shall participate in an employee health fair and such other wellness activities as may be
sponsored by Employer (at an additional cost to Employer for such services as agreed). Personal Health
Information obtained during each assessment will be collected in accordance with Healthstat business
practices designed to ensure its privacy and security in accordance with the Health Insurance Portability
and Accountability Act of 1996 ( "HIPAA ").
1.4 Periodic Reports. Healthstat shall produce the following reports for Employer and
Employer's group health plan as well as such other reports as Employer may request and Healthstat has
2
the programming capabilities to comply. Healthstat shall charge Employer a programming charge as
described in Exhibit "B" for reports other than the ones listed below. The form and substance of
additional requested reports shall be as mutually agreed to by Healthstat and Employer. All reports shall
be HIPAA compliant. Healthstat's ability to comply with this section 1.4 is based entirely on Employer or
Employer's health plan supplying the data elements in Exhibit "E" to this Agreement.
1.4.1 Healthy Life Profile - Individual health profiles for assessment participants shall
be compiled and distributed to each participant only after each health
assessment.
1.4.2 Health Risk Assessment Overview - Aggregate health risk report(s) for the entire
employee population on a de- identified basis shall be compiled and distributed to
Employer after each health assessment.
1.4.3 Clinic Utilization — Monthly clinic utilization reports summarizing the services
furnished on -site at each Clinic in a de- identified format.
1.4.4 Quarterly Report - Provided the Employer's health plan, health insurer or third -
party administrator furnishes historical claims data in accordance with Employer's
instruction pursuant to paragraph 2, and, after the Clinic has been opened no
less than six (6) months, Healthstat shall provide insurance cost claims impact
statements four (4) times per twelve (12) month period. Additionally, Healthstat
shall provide clinic utilization and activity reports and summary data related to the
Clinic participants' compliance with the frequency guidelines recommended for
the number of risk factors identified during the health assessment(s).
1.4.5 Non - Compliance Report - After the Clinic has been opened for two (2)
consecutive quarters, non - compliance reports for employees with health risk
factors and clinic visit frequency shall be provided on a quarterly basis.
1.4.6 Business Intelligence Dashboard — Employer will have access to the web -based
detailed clinic utilization tool for self- reporting.
No Personal Health Information contained in reports generated by Healthstat shall
be released except in a de- identified format by Healthstat, or the Group(s) and
Clinician(s) without the prior written consent of the individual(s) or in accordance
with HIPAA.
1.5 Interventions. The Clinician at each Clinic, or, a Healthstat representative shall contact
each health assessment participant which is identified as having two (2) or more high healthcare risk
factors according to the health assessment (and each participant with one (1) risk factor if at panic levels)
within twelve (12) months of the Clinic opening. The Clinician at each Clinic shall be available during
regularly scheduled Clinic hours of operation to consult with and assist in the development of a program
for each health assessment participant contacted in accordance with this paragraph 1.5.
1.6. Appointment of Account Manager. Healthstat shall appoint an account manager and
provide notice to Employer of the appointment within ten (10) days of the date this Agreement is
executed. In addition to overseeing the implementation of this program, the account manager shall be
available to review and discuss the activities of and reports generated from each Clinic.
1.7 Practitioner Selection. Healthstat shall present a Clinician who is trained and qualified to
perform clinical services required in the Clinic. Healthstat shall offer to introduce the Clinician candidate to
Employer so Employer may evaluate the candidate proposed. However, Healthstat shall make the final
decision with respect to whether to contract with Clinician candidates. Employer understands that due to
the limited availability of Clinician candidates in some geographic locations, the opening of the Clinic may
be delayed if a Clinician candidate is rejected at Employer's request.
3
1.8 Professional Conduct of Clinician.
1.8.1 The professional conduct of Clinician is governed by applicable state laws and
supervised by Group. Neither Healthstat nor Employer shall exercise any control
or direction over the method or manner in which Clinician performs professional
services and functions at the Clinic. Neither Healthstat nor Employer shall
intervene in any way or manner with the services provided by Clinician unless
Clinicians' actions are in violation of the regulations and /or rules of conduct
governing employees at Employer's place of business. It is understood between
the parties that the traditional, customary, usual and confidential relationship
between a health care provider and a patient exists between Clinician and
employees and all authorized persons seeking the professional services of
Clinician.
1.8.2 In the event Employer deems the performance of any Clinician disruptive to
Employer's place of business, detrimental to the health or safety of members of
Employer's workforce or any dependent family members, or is in violation of the
regulations and rules of conduct governing employees of Employer, Employer
may request that a Clinician be removed from the Clinic. When Healthstat is
notified of such a request by Employer, Healthstat shall notify the Clinician and
Group and Healthstat shall place Clinician administrative leave with pay until a
review of the matter is completed within ten (10) days. If after a review of the
matter complained about, Employer or Healthstat desire that the Clinician not
return to the Clinic, Healthstat shall immediately commence actions to recruit
another Clinician to provide services at the Clinic and advise Employer when a
substitute Clinician may be placed at the Clinic.
1.9 Clinician(s), Physician(s), and Physician Group(s) as Independent Contractors. Each
Clinician providing services at Clinic is an independent contractor as related to practice of medicine.
Each Clinician shall be supervised by Group pursuant to the terms of a written contract. It is understood
and agreed that no Clinician and no Group shall be deemed to be an employee of Employer. No Clinician
nor any Group shall be eligible for vacation pay, health insurance, life insurance, sick leave, retirement
benefits, social security, workers' compensation, disability insurance, unemployment insurance benefits
or any other employee benefit of any kind provided by Employer. Employer shall have no liability for any
compensation due Clinician, nor any Group providing direct or supervisory services at any Clinic.
Healthstat shall indemnify Employer from and against any and all claims for any such benefits.
1.10 MEDai Services. As long as all data elements described in Section 2 of this Agreement are
supplied, Healthstat shall provide the following services as a part of the MEDai Predictive Modeling and
Guidance Gaps Package after the Clinician Clinic has been operational for six (6) full months.
1.10.1 Healthstat will provide the Patient Profile report to the Clinician on a monthly
basis which includes:
• Forecasted Risk Profile
• Impact Scores
• Diagnosis Profile
• Utilization Profile
• Risk Contribution Profile
• Guideline Compliance Profile
• Physician Pharmacy Profile — Therapeutic Classes
• Physician Pharmacy Profile — Maintenance Medications
• Physician Pharmacy Profile — Injectibles
4
1.10.2. Healthstat shall provide the following to Employer on a Quarterly Basis
• Risk Navigator Clinical Summary
2. Electronic Data Sharing. Employer shall supply the data listed on Exhibit "E" in electronic format
compatible with Healthstat software systems, for its employees who are eligible to take advantage of
Healthstat services in order to populate the Healthstat data base. This delivery of data shall be complete
thirty (30) days prior to the initial health assessment and monthly thereafter. Healthstat shall enter into a
Business Associate Agreement, as defined in HIPAA, with Employer and its health claims processing or
insurance vendor. Employer shall instruct each third -party administrator, insurance vendor or other party
responsible for managing Employer's Plan claims system to provide Healthstat all historical claims data,
including but not limited to, healthcare claims, pharmaceutical claims, and medical claims for all
employees and described on Exhibit "E ". Healthstat shall use the data provided to establish and track
employee utilization trends and insurance cost impact which shall be provided in the periodic reports
generated and supplied to Employer. All costs associated with the transfer of data to the Healthstat
database, including but not limited to implementation of software interface, shall be borne by Employer.
Employer acknowledges that the successful transfer of the data described herein is a condition
precedent to the application of the guaranty described on Exhibit D. All data transmitted pursuant to
this Section must be in electronic non - facsimile format, ie. CD, floppy disk or direct electronic interface.
Healthstat shall supply Employer's claims payer or other similar vendor ( "Vendor ") information related to
each patient's encounter in the Clinician clinic in an 837P "standard" file as the format to transfer the data
to the Vendor. If the 837P "standard" format has to be manipulated to comport to with the Vendor,
Healthstat will charge a programming and testing cost as described in Exhibit "B ". Healthstat and
Employer will agree to the frequency of regular data transfers and Healthstat will charge Employer the
cost outlined in Exhibit "B" for each data transfer.
3. Premises and Support Services of Employer.
3.1 Premises. Employer shall provide Healthstat access to the premises provided by
Employer as a Clinic during Employer's normal operating hours. Employer shall be responsible for
maintaining and securing the safety and safekeeping of the premises designated as the Clinic and all the
equipment therein. Employer shall provide heat and air conditioning, janitorial service, telephone, high
speed DSL internet access (or similar service), replace light bulbs as needed and other materials for the
Clinic described on Exhibit "F ". Employer shall maintain the safe and proper operation of all equipment
located within the Clinic.
3.2 Clinic Area. Employer shall dedicate no less than eighty (80) square feet to be used as
the Clinic. The Clinic shall be in close proximity to toilet facilities and, to the extent reasonably
practicable, shall be equipped with a sink. In the event Employer desires to offer Clinician services at the
Clinic to spouses and dependents of employees, Employer shall, as practical, ensure access to the Clinic
from the exterior of the facility through an administrative or otherwise convenient public access way.
Privacy and accessibility for non - employee users offered the services of the Clinic is important for the
overall success of its operation. The Benefits derived from Healthstat services are partially dependent
upon significant usage of the Clinic. Augusta, Georgia may, at reasonable times, inspect the part of the
plant, place of business, or work site of Healthstat or any subcontractor of Healthstat or subunit thereof
which is pertinent to the performance of any contract awarded or to be awarded by Augusta, Georgia.
3.3 Hours of Clinic Operation. The weekly schedule for the hours of operation of the Clinic
will be mutually agreed upon by Employer and Healthstat. Changes to the weekly schedule may be
made only with the mutual written consent of Healthstat and Employer.
3.4 Contact Person for Scheduling. Employer shall be responsible for scheduling all
participant appointments with the Clinician at the Clinic. The method of scheduling appointments for
employees and others shall not violate HIPAA.
5
4. Term and Termination.
4.1 The term of this Agreement shall be for a period of twelve (12) calendar months
beginning on the date the first Clinic described on Exhibit "A" opens (the "Initial Term "). Thereafter, this
Agreement shall automatically renew for successive one (1) year terms ( "Renewal Term ") unless earlier
terminated in accordance with the terms of this Agreement, or unless either party gives sixty (60) days'
prior written notice of non - renewal to the other party prior to the expiration of the Initial Term or any
subsequent Renewal Term.
4.2 If either party defaults in the performance of any of its obligations hereunder, and such
condition of default is not cured within thirty (30) days after delivery of written notice of such condition,
any non - defaulting party may, at its option, terminate this Agreement by delivery of written notice of its
intention to terminate seven (7) days after the expiration of the thirty (30) day cure period.
4.3 During the Initial Term, Employer may terminate this Agreement without cause upon sixty
(60) days written notice to Healthstat.
4.4 In the event a Clinician resigns, quits, is terminated, or otherwise unable or unwilling to
continue at any Clinic location and Healthstat is unable to find a suitable replacement after employing
reasonable commercial efforts, Healthstat may terminate this Agreement.
4.5 Any outstanding invoices as of the date of termination will be due and payable according
to the terms set forth below. Termination of this Agreement shall not release or discharge either party
from any obligation, debt or liability incurred hereunder nor shall termination release or excuse payment
for services rendered.
4.6 To the extent that it does not alter the scope of this agreement, Employer may unilaterally
order a temporary stopping of the work, or delaying of the work to be performed by Healthstat under this
agreement.
5. Compensation.
5.1 Healthstat shall be compensated for its services in accordance with Exhibit "B" attached
hereto and incorporated by reference herein.
5.2 Employer shall remit payment using wire transfers within thirty (30) days of receipt of
each invoice issued by Healthstat.
5.3 Healthstat warrants that no person or selling agency has been employed or retained to
solicit or secure this Agreement upon an agreement or understanding for a commission, percentage,
brokerage, or contingent fee, excepting bona fide employees or bona fide established commercial or
selling agencies maintained by Healthstat for the purpose of securing business and that Healthstat has
not received any non- Employer fee related to this Agreement without the prior written consent of
Employer. For breach or violation of this warranty, Employer shall have the right to annul this Agreement
without liability or at its discretion to deduct from the Agreement Price of consideration the full amount of
such commission, percentage, brokerage or contingent fee.
Act.
5.4 The terms of this agreement supersede any and all provisions of the Georgia Prompt Pay
6
6. Privacy and Security of Employee Health Information.
6.1 Healthstat and Employer acknowledge and agree that some of the services provided
under this Agreement may involve the sharing of protected health information ( "PHI" as defined under 45
C.F.R. § 164.501) of Employer's workforce. Healthstat agrees to maintain the privacy of such information
in accordance with the business associate provisions set forth under the Privacy Regulations adopted by
the United States Department of Health and Human Services pursuant to HIPAA. In furtherance thereof,
Healthstat and Employer agree to execute the Business Associate Agreement, attached as Exhibit "C ",
and incorporated herein by reference.
6.2 The parties agree to revise the Business Associate Agreement as necessary in order to
comply with current or subsequent regulations adopted pursuant to HIPAA.
7. Confidentiality of Information. Healthstat and Employer shall maintain the confidentiality of data
and information gathered, delivered and /or exchanged as further described in the HIPAA Business
Associate Agreement.
7.1 Upon termination of this Agreement, each party agrees to return to the other all
proprietary information of the other party in their possession including, without limitation, any
documentation evidencing Employer's or Healthstat' policies and procedures, or, give written assurances
of its destruction.
8. Insurance.
8.1 Healthstat shall maintain primary commercial general liability insurance with limits of not
less than $1 million per occurrence with a $3 million per occurrence umbrella liability policy in excess of
primary insurance. Healthstat can also name Employer as an additional insured if requested to provide
coverage for a Clinic site. Medical Malpractice Insurance shall also be maintained by Healthstat at limits
of not less than $2 million per claim with $4 million annual policy aggregate.
8.2 All services provided at each Clinic shall be provided in accordance with state law
governing the operation of each Clinic, including, supervision of each Clinician by a Group if required by
state law. Each Clinician and Group shall obtain and keep in force a policy of (a) professional liability
(malpractice) insurance with a minimum coverage of $1,000,000 for each medical incident and
$3,000,000 annually for the aggregate of all claims and (b) workers' compensation insurance in such
amounts as required under applicable state laws covering its Clinician and any other employees or
contractors providing services on Employer's premises pursuant to this Agreement.
8.3 At Employer's request, Healthstat, Clinician and Group(s) shall provide certificates
evidencing any insurance coverage required under this Section. In the event such party fails to obtain
new or substitute insurance consistent with the requirements set forth above, Employer may terminate
this Agreement for cause as of the cancellation date of such prior insurance.
9. Independent Contractors. Each Clinician and Group is acting and performing as an independent
contractor while carrying out the duties and obligations described in this Agreement. No act or failure to
act by any party shall be construed to make or render the other party to this Agreement its partner, joint
venturer, employee, employer, principal, agent or associate.
10. Indemnification.
10.1 Healthstat agrees to defend, indemnify and hold harmless Employer from and against
any and all losses, judgments, damages, costs and expenses (including, but not limited to, reasonable
attorneys' fees, court costs and costs of settlement) which directly result from or arise out of any breach
by Healthstat or any of its representations, warranties, covenants or obligations in this Agreement or its
negligent acts or omissions in carrying out this Agreement.
7
Employer agrees to defend, indemnify and hold harmless Healthstat from and against any and all
losses, judgments, damages, costs and expenses (including, but not limited to, reasonable attorneys'
fees, court costs and costs of settlement) which directly result from or arise out of any breach by
Employer of any of its representations, warranties, covenants or obligations in this Agreement or its
negligent acts or omissions in carrying out this Agreement.
In addition, if requested by Employer, Healthstat shall cause any Clinician or Group(s) contracted
to provide services to Employer's employees to enter into a written agreement, satisfactory to Employer,
to indemnify and hold harmless Employer and its officers, directors, affiliates, employees and agents,
from and against any claims, liabilities, losses or expenses, including without limitation reasonable
attorneys' fees, arising or resulting from the negligent performance of professional services or acts and
omissions as contemplated by this Agreement.
10.2 The Indemnitee shall notify the Indemnitor by registered mail of the existence of any such
action, claim or demand giving rise to a claim for indemnity under this paragraph in writing of the same
within thirty (30) days of receipt of such written assertion of a claim or liability; provided, however, the
failure to give such notice shall affect the Indemnitor's obligations hereunder only to the extent the
Indemnitor is materially prejudiced by such failure. The Indemnitor shall not, without the prior written
consent of the Indemnitee, settle or compromise any claim or consent to the entry of any judgment
without the consent of the other party which does not include as an unconditional term thereof the giving
by the claimant to the Indemnitee a release from all liability in respect to such claim.
10.3 All indemnifications made by the parties shall survive the termination of this Agreement.
10.4 Each party agrees to use its commercially reasonable best efforts to cooperate in the
investigation, mitigation, defense, and settlement of any third -party claim subject to this section 10 and to
permit the cooperation and participation of the other party in any such claim or action, including the
sharing of legal counsel where practicable. Each party agrees to promptly notify the other party of the
occurrence of any indemnified event or material developments or amounts due respecting any
indemnified event.
NEITHER PARTY SHALL BE LIABLE TO THE OTHER FOR ANY INDIRECT, INCIDENTAL,
CONSEQUENTIAL, SPECIAL, PUNITIVE OR EXEMPLARY DAMAGES.
10.5. No action, regardless of form, arising out of any transaction under this Agreement may be
brought by either party more than one (1) year after the injured party has actual knowledge of the
occurrence which gives rise to the cause of such action.
10.4 Healthstat agrees to pay as liquidated damages to Employer the sum of $100 for each
consecutive calendar day after expiration of the anticipated clinic opening date as set forth in Exhibit A,
except for authorized extensions of time by Employer. This Section is independent of Sections 1.1.4 and
4.2. The parties agree that these provisions for liquidated damages are not intended to operate as
penalties for breach of Contract.
The liquidated damages set forth above are not intended to compensate Employer for any
damages other than inconvenience and loss of use or delay in services. The existence or recovery of
such liquidated damages shall not preclude Employer from recovering other damages in addition to the
payments made hereunder which Employer can document as being attributable to the documented
Healthstat failures. In addition to other costs that may be recouped, Employer may include costs of
personnel and assets used to coordinate, inspect, and re- inspect items within this Contract as well as
attorney fees if applicable.
8
11. Non - Solicitation of Contractors.
11.1 Employer covenants that it, its employees, agents, or representatives shall not during
the term of this Agreement, and any renewals thereof, and for the twenty four (24) month period following
the termination of this Agreement, make offers or contracts of employment or offer or contract for services
with or encourage or assist the Clinician(s) in obtaining different employment other than Healthstat or the
Group(s) which had employed the Clinician(s) during the period of this Agreement. And, the Employer
shall not allow any similar provider as Healthstat during this period to place any Clinician at any Employer
location or Clinic which had been contracted or employed by Healthstat.
11.2 Healthstat covenants that it, its employees, agents, or representatives including
Clinician(s) and Group(s) shall not during the term of the Agreement, and any renewals thereof and for a
period of twenty -four (24) months after the effective date of any termination of this Agreement make offers
or contracts of employment or offer or contract services with health related employees of the employer.
11.3 Employer shall pay to Healthstat, or, Healthstat shall pay to Employer liquidated
damages in the amount of $50,000.00 for each such breach of Section 11.1 or 11.2 as the case may be.
Each party acknowledges that the breach or threatened breach of any of the covenants set forth in this
Section may result in immediate and irreparable injury to the injured party, and that damages and
remedies at law for such breaches may be inadequate. Nothing herein shall be construed as prohibiting
either party from pursuing any other legal or equitable remedies that may be available to it for any such
breach or threatened breach.
12. Consents. Any consent required or any discretion vested in a party to this Agreement shall not
be unreasonably withheld or arbitrarily or capriciously exercised.
13. Governing Law. This Agreement shall be interpreted according to the laws of the State of
Georgia. All claims, disputes and other matters in question between Employer and Healthstat arising out
of or relating to the Agreement, or the breach thereof, shall be decided in the Superior Court of Richmond
County, Georgia. Healthstat, by executing this Agreement, specifically consents to jurisdiction and venue
in Richmond County and waives any right to contest the jurisdiction and venue in the Superior Court of
Richmond County, Georgia.
14. Notices. All notices and other communications required or permitted under this Agreement shall
be effective upon receipt or rejection. Any notice shall be delivered to the parties as follows:
Employer: Augusta, Georgia Law Department
520 Greene Street
Augusta, Georgia 30901
Fax: 706 - 842 -5556
Attn: Andrew MacKenzie, General Counsel
Healthstat: Healthstat, Inc.
4651 Charlotte Park Dr., Suite 300
Charlotte, NC 28217
Fax: 704 - 529 -6572
Attn: Warren Hutton, General Counsel
15. Severabilitv Clause. In the event any term or provision of this Agreement is found to be
unenforceable or void, in whole in part, as drafted, then the offending term or provision shall be construed
as valid and enforceable to the maximum extent permitted by law, and the balance of this Agreement
shall remain in full force and effect.
9
16. Amendments. Amendments may be made to this Agreement but only after the mutual approval
in writing by Employer and Healthstat. Healthstat acknowledges that this contract and any changes to it
by amendment, modification, change order or other similar document may have required or may require
the legislative authorization of the Board of Commissioners and approval of the Mayor. Under Georgia
law, Healthstat is deemed to possess knowledge concerning Augusta, Georgia's ability to assume
contractual obligations and the consequences of Healthstat's provision of goods or services to Augusta,
Georgia under an unauthorized contract, amendment, modification, change order or other similar
document, including the possibility that Healthstat may be precluded from recovering payment for such
unauthorized goods or services. Accordingly, Healthstat agrees that if it provides goods or services to
Augusta, Georgia under a contract that has not received proper legislative authorization or if Healthstat
provides goods or services to Augusta, Georgia in excess of the any contractually authorized goods or
services, as required by Augusta, Georgia's Charter and Code, Augusta, Georgia may withhold payment
for any unauthorized goods or services provided by Healthstat. Healthstat assumes all risk of non-
payment for the provision of any unauthorized goods or services to Augusta, Georgia, and it waives all
claims to payment or to other remedies for the provision of any unauthorized goods or services to
Augusta, Georgia, however characterized, including, without limitation, all remedies at law or equity.
17. Assignment. This Agreement may not be assigned by either party without the prior written
consent of the other party, which consent shall not unreasonably be withheld.
18. Waiver. The waiver by either party of a breach or violation of any provision of this Agreement
shall not operate as or be construed to be a waiver of any such party's rights with respect to any
subsequent breach thereof.
19. Entire Agreement. This Agreement supersedes all previous contracts and constitutes the entire
agreement between the parties. Healthstat and Employer shall be entitled to no benefit other than those
specified herein. No oral statements or prior written material not specifically incorporated herein shall be
of any force and effect and no changes in or additions to this Agreement shall be recognized unless and
until made in writing signed by all parties hereto.
20. Attorney's Fees. The prevailing party shall have the right to collect from the other party its
reasonable costs and necessary disbursements and attorneys' fees incurred in enforcing this Agreement.
21. Use of Employer Name. Employer grants Healthstat the right to use the name of Employer on all
advertising and marketing by Healthstat.
22. E- Verify. All contractors and subcontractors entering into contracts with Augusta, Georgia for the
physical performance of services shall be required to execute an Affidavit verifying its compliance with
O.C.G.A. § 13- 10 -91, stating affirmatively that the individual, firm, or corporation which is contracting with
Augusta, Georgia has registered with and is participating in a federal work authorization program. All
contractors and subcontractors must provide their E- Verify number and must be in compliance with the
electronic verification of work authorized programs operated by the United States Department of
Homeland Security or any equivalent federal work authorization program operated by the United States
Department of Homeland Security to verify information of newly hired employees, pursuant to the
Immigration Reform and Control Act of 1986 (IRCA), P.L. 99 -603, in accordance with the applicability
provisions and deadlines established in O.C.G.A. § 13 -10 -91 and shall continue to use the federal
authorization program throughout the contract term. All contractors shall further agree that, should it
employ or contract with any subcontractor(s) in connection with the physical performance of services
pursuant to its contract with Augusta, Georgia the contractor will secure from such subcontractor(s) each
subcontractor's E- Verify number as evidence of verification of compliance with O.C.G.A. § 13 -10 -91 on
the subcontractor affidavit provided in Rule 300- 10- 01 -.08 or a substantially similar form. All contractors
shall further agree to maintain records of such compliance and provide a copy of each such verification to
Augusta, Georgia at the time the subcontractor(s) is retained to perform such physical services.
10
IN WITNESS WHEREOF, the parties have executed this Agreement as of the date set out above.
Augusta, Geor
By:
A 6 ;7 ,4 0
�
Titlq / 'Mayor
Date:
Lena . B wne ,e of
ATTES
LIST OF EXHIBITS:
Exhibit "A ": Clinician , ,r
Exhibit "B ": Compensation
Exhibit "C ": Business Associate Agreement
Exhibit "D ": Guarantee Details
Exhibit "E ": Electronic Data Sharing
Exhibit "F ": Premises
11
Healthstat, I
By:
Title: CFO & Executive Vice esident
Date: l A /it IL--
Clinic Name
City, State
Number of Hours of Clinic
Operation Per Week
Augusta, Georgia Wellness
Center
Augusta, Georgia
40
EXHIBIT "A ":
CLINICIAN CLINIC
Clinic(s) shall be opened at the location(s)and for the number of operating hours at each location as
described in the table below.
If the clinic is normally scheduled on the following holidays, please know that it will be closed:
New Years, Good Friday, Memorial Day, July 4` Labor Day, Thanksgiving Day, Christmas.
The clinic will be closed the following
in any given 52 -week period: 2 Weeks for Vacation
1 Week for Continuing Medical Education
Clinic(s) will open no later than 120 days from the effective date of this Agreement.
12
Clinic Location
Minimum Program Administration Fee Billed Per
Month
Augusta, Georgia
$10,399.69
EXHIBIT "B ":
SERVICE COST
Clinic Participant. A Clinic Participant is defined as anyone who submits to a health assessment under
paragraph 1.3, and /or, anyone who visits the Clinic for health services at least one time. If participation
levels vary by +/- 10% from census originally quoted, Healthstat and Employer reserve the right to
reevaluate the pricing and staffing, provided, however that no changes shall be made without the written
consent of the other party.
Good Faith Deposit. To help defray the cost associated with implementing the Clinic, Employer shall pay
Healthstat $30,639.69 within 5 business days of executing this Agreement.
Program Administration Fees. During the initial term of this Agreement, Employer shall pay Healthstat
a fee of $13.63 per Clinic Participant per month to cover the cost to support effective on -going operation
of the program. This fee is calculated based on the actual number of Clinic Participants as defined above
but will not be less than the following for each clinic location listed:
At the beginning of each subsequent term, this fee shall increase by 4 %. This fee will be due and
payable to Healthstat unless Clinic is closed for more than two consecutive months, in which case the fee
will be suspended until Clinic is reopened.
Initial Health Risk Assessment including Blood Draw, & Analysis. The basic health assessment
blood analysis panel shall include lipid panel, and glucose and will be billed at a rate of $ 40.00
per Health Risk Assessment Participant and will not be less than $36,000.00 within 30 days of the
scheduled assessment. If PSA testing is also performed for age appropriate males, there is an additional
cost of $28 per PSA test. Additional blood tests may be included with Employer approval and cost of
such tests will be paid by Employer. At the beginning of each subsequent term, this fee shall increase by
4 %.
(Initial)
If initialed, PSA testing will be performed:
PSA testing is for adult males age 40 and older.
Subsequent Health Risk Assessment including eighteen (18) months after initial and annually
thereafter on the anniversary of the first subsequent Health Risk Assessment. If Employer does not
have subsequent Health Risk Assessments, Healthstat will add $1.17 per participant per month to the
Program Administration fee. Once Employer has the subsequent Health Risk Assessment, the $1.17 will
be removed from the Program Administration fee until the following subsequent Health Risk Assessment.
This will be evaluated annually after the first subsequent Health Risk Assessment.
Nurse Practitioner Hourly Fee. The hourly cost to staff the clinic by a Clinician shall be paid by
Employer as agreed. At the beginning of each subsequent term, this fee shall increase by 4 %. $98.00
per hour for Clinician hours scheduled is estimated. $28.50 per hour for Medical Office Assistant per hour
for scheduled is estimated
Final agreed upon hourly rate negotiated (to be completed AFTER final negotiation with the CP):
$ Initialed: Date:
13
IRS Mileage Reimbursement billed to Employer (to be completed AFTER final negotiation with the CP):
Yes: No: Initialed: Date:
If the final rate negotiated with the clinic provider and supervising physician exceeds 110% of the
estimated cost, the Employer will have the right to terminate the agreement for that clinic.
Medical & Administrative Supplies Healthstat shall order and Employer shall be billed the cost of the
initial supplies and minor equipment required for the establishment of each clinic location including
required CLIA waivers and medical waste disposal services. All supplies and equipment required for the
on -going operation of the clinic shall be ordered and paid for by Employer. Employer shall have the option
to utilize the Healthstat Master Contract or contracts negotiated by Employer independently for medical
and administrative supplies purchased for the Clinician Clinic. Employer will also be billed the one -time
cost of $7,100 per staff member for the Licensing Fee associated with the Electronic Medical Record and
Practice Management System.
Reference Lab, Pathology Services and Medical Records. Employer shall pay Healthstat based on a
consolidated monthly Invoice for any reference laboratory and pathology services furnished to Clinic
Participants. Unit prices for such services shall be based on a percentage of the Medicare Fee Schedule.
All lab services will be itemized by accession numbers and totaled each month and submitted to
Employer on one invoice for payment. Employer shall pay copying charges of $0.75 per page for
Participant medical records as requested upon termination of this Agreement.
Data Processing and Programming. Employer shall pay Healthstat a programming fee of $150 per
hour for Ad Hoc reporting, data integration, and /or testing. Employer and Healthstat will agree to the
number of programming hours in writing before any programming services begin. In addition, Healthstat
will charge $200 for each data exchange from Healthstat's system to Employer's healthcare plan or other
designated recipient based on the frequency agreed to in writing by Healthstat and Employer. The data
exchange fee will not exceed $4,800 in any calendar year.
14
EXHIBIT "C ":
BUSINESS ASSOCIATE AGREEMENT
This Agreement made and entered into this 26th day of July, 2012 by and between
Augusta, Georgia ( "Covered Entity ") and Healthstat, Inc. ( "Business Associate ") (jointly "the Parties ").
The Parties wish to enter into a Business Associate Agreement ( "Agreement ") to comply with the
requirements of: (i) the implementing regulations at 45 C.F.R Parts 160, 162, and 164 for the
Administrative Simplification provisions of Title II, Subtitle F of the Health Insurance Portability and
Accountability Act of 1996 ( "HIPAA ") (i.e., the HIPAA Privacy Rule, the HIPAA Security Standards, and
the HIPAA Standards for Electronic Transactions (collectively referred to in this Agreement as "the HIPAA
Regulations ")), and (ii) the requirements of the Health Information Technology for Economic and Clinical
Health Act, as incorporated in the American Recovery and Reinvestment Act of 2009 (the "HITECH Act ")
that are applicable to business associates, along with any guidance and /or regulations issued by the U.S.
Department of Health and Human Services ( "DHHS ").
WITNESSETH:
WHEREAS, the Parties have entered into a Health Risk Management Agreement providing for certain
services; and
WHEREAS, the Parties agree that this Agreement shall supersede any previous business associate
agreement entered into by the Parties. Covered Entity and Business Associate agree to incorporate into
this Agreement any regulations issued by DHHS with respect to the HITECH Act that relate to the
obligations of business associates and that are required to be (or should be) reflected in a business
associate agreement; and
WHEREAS, Business Associate recognizes and agrees that it is obligated by law to meet the applicable
provisions of the HITECH Act.
NOW, THEREFORE, based upon the foregoing premises, the promises contained herein and other good
and valuable consideration, the sufficiency of which is acknowledged, the Parties agree as follows:
1. DEFINITIONS
a. "Protected Health Information" or "PHI" shall mean information created or received by
a health care provider, health plan, employer, or health care clearinghouse, that: (i)
relates to the past, present, or future physical or mental health or condition of an
individual, provision of health care to the individual, or the past, present, or future
payment for provision of health care to the individual; (ii) identifies the individual, or
with respect to which there is a reasonable basis to believe the information can be
used to identify the individual; and (iii) is transmitted or maintained in an electronic
medium, or in any other form or medium. The use of the term "Protected Health
Information" or "PHI" in this Agreement shall mean both Electronic PHI and non-
electronic PHI, unless another meaning is clearly specified.
b. "Breach" shall have the same meaning as the term "breach" in § 13400 of the
HITECH Act and shall include the unauthorized acquisition, access, use, or
disclosure of PHI that compromises the security or privacy of such information.
c. "Individual" shall have the same meaning as the term "individual" in 45 CFR §
164.501 and shall include a person who qualifies as a personal representative in
accordance with 45 CFR § 164.502(g).
d. "Limited Data Set" shall mean protected health information that excludes the
following direct identifiers of the individual or of relatives, employers, or household
members of the individual:
i. Names;
15
ii. Postal address information, other than town or city, State, and zip code;
iii. Telephone numbers;
iv. Fax numbers;
v. Electronic mail addresses;
vi. Social security numbers;
vii. Medical record numbers;
viii. Health plan beneficiary numbers;
ix. Account numbers;
x. Certificate /license numbers;
xi. Vehicle identifiers and serial numbers, including license plate numbers
xii. Device identifiers and serial numbers;
xiii. Web Universal Resource Locators (URLs);
xiv. Internet Protocol (IP) address numbers;
xv. Biometric identifiers, including finger and voice prints; and
xvi. Full face photographic images and any comparable images.
e. "Secretary" shall mean the Secretary of the Department of Health and Human
Services or his or her designee.
f. "Security Incident" shall mean the attempted or successful unauthorized access, use,
disclosure, modification, or destruction of information or interference with system
operations in an information system.
g.
"Unsecured Protected Health Information" or "Unsecured PHI" shall mean PHI that is
not secured through the use of a technology or methodology specified by the
Secretary in guidance or as otherwise defined in the § 13402(h) of the HITECH Act.
h. All other terms used in this Agreement shall have the meanings set forth in the
applicable definitions under the HIPAA Regulations and /or the security and privacy
provisions of the HITECH Act that are applicable to business associates along with
any regulations issued by the DHHS.
2. GENERAL TERMS
a. In the event of an inconsistency between the provisions of this Agreement and a
mandatory term of the HIPAA Regulations (as these terms may be expressly
amended from time to time by the DHHS or as a result of interpretations by DHHS, a
court, or another regulatory agency with authority over the Parties), the interpretation
of DHHS, such court or regulatory agency shall prevail. In the event of a conflict
among the interpretations of these entities, the conflict shall be resolved in
accordance with rules of precedence.
b. Where provisions of this Agreement are different from those mandated by the HIPAA
Regulations or the HITECH Act, but are nonetheless permitted by the Regulations or
the Act, the provisions of this Agreement shall control.
c. Except as expressly provided in the HIPAA Regulations, the HITECH Act, or this
Agreement, this Agreement does not create any rights in third parties.
3. SPECIFIC REQUIREMENTS
a. Privacy of Protected Health Information
i. Permitted Uses and Disclosures of PHI. Business Associate agrees to
create, receive, use, or disclose PHI only in a manner that is consistent with
this Agreement or the HIPAA Privacy Rule and only in connection with
providing the services to Covered Entity identified in the Agreement.
Accordingly, in providing services to or for the Covered Entity, Business
Associate, for example, will be permitted to use and disclose PHI for
16
"treatment, payment, and health care operations" in accordance with the
HIPAA Privacy Rule.
1. Business Associate shall report to Covered Entity any use or
disclosure of PHI that is not provided for in this Agreement.
2. Business Associate shall maintain safeguards as necessary to
ensure that PHI is not used or disclosed except as provided for by
this Agreement.
ii. Business Associate Obligations. As permitted by the HIPAA Privacy Rule,
Business Associate also may use or disclose PHI received by the Business
Associate in its capacity as a Business Associate to the Covered Entity for
Business Associate's own operations if:
1. the use relates to: (1) the proper management and administration of
the Business Associate or to carry out legal responsibilities of the
Business Associate, or (2) data aggregation services relating to the
health care operations of the Covered Entity; or (2) the disclosure of
information received in such capacity will be made in connection with
a function, responsibility, or services to be performed by the
Business Associate, and such disclosure is required by law or the
Business Associate obtains reasonable assurances from the person
to whom the information is disclosed that it will be held confidential
and the person agrees to notify the Business Associate of any
breaches of confidentiality.
iii. Minimum Necessary Standard and Creation of Limited Data Set. Business
Associate's use, disclosure, or request of PHI shall utilize a Limited Data Set
if practicable. Otherwise, in performing the functions and activities as
specified in the Agreement and this Agreement, Business Associate agrees
to use, disclose, or request only the minimum necessary PHI to accomplish
the intended purpose of the use, disclosure, or request.
iv. Access. In accordance with 45 C.F.R. § 164.524 of the HIPAA Privacy Rule
and, where applicable, in accordance with the HITECH Act, Business
Associate will make available to those individuals who are subjects of PHI,
their PHI in Designated Record Sets by providing the PHI to Covered Entity
(who then will share the PHI with the individual), by forwarding the PHI
directly to the individual, or by making the PHI available to such individual at
a reasonable time and at a reasonable location. Business Associate shall
make such information available in an electronic format where directed by
the Covered Entity.
v. Disclosure Accounting. Business Associate shall make available the
information necessary to provide an accounting of disclosures of PHI as
provided for in 45 C.F.R. § 164.528 of the HIPAA Privacy Rule, and where so
required by the HITECH Act and /or any accompanying regulations, Business
Associate shall make such information available directly to the individual.
Business Associate further shall provide any additional information to the
extent required by the HITECH Act and any accompanying regulations.
Business Associate is not required to record disclosure information or otherwise account for disclosures
of PHI that this Agreement in writing permits or requires: (i) for the purpose of payment activities or health
care operations (except where such recording or accounting is required by the HITECH Act, and as of the
effective dates for this provision of the HITECH Act), (ii) to the individual who is the subject of the PHI
disclosed, or to that individual's personal representative; (iii) to persons involved in that individual's health
care or payment for health care; (iv) for notification for disaster relief purposes, (v) for national security or
intelligence purposes, (vi) to law enforcement officials or correctional institutions regarding inmates; (vii)
17
pursuant to an authorization; (viii) for disclosures of certain PHI made as part of a limited data set; and (ix)
for certain incidental disclosures that may occur where reasonable safeguards have been implemented.
vi. Amendment. Business Associate shall make available PHI for amendment
and incorporate any amendment to PHI in accordance with 45 C.F.R. §
164.526 of the HIPAA Privacy Rule.
vii. Right to Request Restrictions on the Disclosure of PHI and Confidential
Communications. If an individual submits a Request for Restriction or
Request for Confidential Communications to the Business Associate,
Business Associate and Covered Entity agree that Business Associate, on
behalf of Covered Entity, will evaluate and respond to these requests
according to Business Associate's own procedures for such requests.
viii. Return or Destruction of PHI. Upon the termination or expiration of the
Agreement, Business Associate agrees to return the PHI to Covered Entity,
destroy the PHI (and retain no copies), or further protect the PHI if Business
Associate determines that return or destruction is not feasible.
ix. Availability of Books and Records. Business Associate shall make available
to DHHS or its agents the Business Associate's internal practices, books,
and records relating to the use and disclosure of PHI in connection with this
Agreement.
x. Termination for Breach.
1. Business Associate agrees that Covered Entity shall have the right to
terminate this Agreement or seek other remedies if Business
Associate violates a material term of this Agreement.
2. Covered Entity agrees that Business Associate shall have the right to
terminate this Agreement or seek other remedies if Covered Entity
violates a material term of this Agreement.
b. Information and Security Standards
i. Business Associate will develop, document, implement, maintain, and use
appropriate administrative, technical, and physical safeguards to preserve
the integrity, confidentiality, and availability of, and to prevent nonpermitted
use or disclosure of, PHI created or received for or from the Covered Entity.
ii. Business Associate agrees that with respect to PHI, these safeguards, at a
minimum, shall meet the requirements of the HIPAA Security Standards
applicable to Business Associate.
iii. More specifically, to comply with the HIPAA Security Standards for PHI,
Business Associate agrees that it shall:
1. Implement administrative, physical, and technical safeguards
consistent with (and as required by) the HIPAA Security Standards
that reasonably protect the confidentiality, integrity, and availability of
PHI that Business Associate creates, receives, maintains, or
transmits on behalf of Covered Entity. Business Associate shall
develop and implement policies and procedures that meet the
Security Standards documentation requirements as required by the
HITECH Act;
18
2. As also provided for in Section 3(d) below, ensure that any agent,
including a subcontractor, to whom it provides such PHI agrees to
implement reasonable and appropriate safeguards to protect it;
3. Report to Covered Entity, Security Incidents of which Business
Associate becomes aware that result in the unauthorized access,
use, disclosure, modification, or destruction of the Covered Entity's
PHI, (hereinafter referred to as "Successful Security Incidents ").
Business Associate shall report Successful Security Incidents to
Covered Entity as specified in Section 3(e);
4. For any other Security Incidents that do not result in unauthorized
access, use, disclosure, modification, or destruction of PHI
(including, for purposes of example and not for purposes of
limitation, pings on Business Associate's firewall, port scans,
attempts to log onto a system or enter a database with an invalid
password or username, denial -of- service attacks that do not result in
the system being taken off-line, or malware such as worms or
viruses) (hereinafter "Unsuccessful Security Incidents "), Business
Associate shall aggregate the data and, upon the Covered Entity's
written request, report to the Covered Entity in accordance with the
reporting requirements identified in Section 3(e);
5. Take all commercially reasonable steps to mitigate, to the extent
practicable, any harmful effect that is known to Business Associate
resulting from a Security Incident;
6. Permit termination of this Agreement if the Covered Entity
determines that Business Associate has violated a material term of
this Agreement with respect to Business Associate's security
obligations and Business Associate is unable to cure the violation;
and
7. Upon Covered Entity's request, Business Associate will provide
Covered Entity with access to and copies of documentation
regarding Business Associate's safeguards for PHI.
c. Compliance with HIPAA Transaction Standards
i. Application of HIPAA Transaction Standards. Business Associate will
conduct Standard Transactions consistent with 45 C.F.R. Part 162 for or on
behalf of the Covered Entity to the extent such Standard Transactions are
required in the course of Business Associate's performing services under the
Agreement for the Covered Entity. As provided for in Section 3(d) below,
Business Associate will require any agent or subcontractor involved with the
conduct of such Standard Transactions to comply with each applicable
requirement of 45 C.F.R. Part 162. Further, Business Associate will not enter
into, or permit its agents or subcontractors to enter into, any trading partner
agreement in connection with the conduct of Standard Transactions for or on
behalf of the Covered Entity that:
1. Changes the definition, data condition, or use of a data element or
segment in a Standard Transaction;
2. Adds any data element or segment to the maximum defined data set;
3. Uses any code or data element that is marked "not used" in the
Standard Transaction's implementation specification or is not in the
Standard Transaction's implementation specification; or
19
d. Agents and Subcontractors.
4. Changes the meaning or intent of the Standard Transaction's
implementation specification.
ii. Specific Communications. Business Associate, Plan Sponsor and Covered
Entity recognize and agree that communications between the parties that are
required to meet the Standards for Electronic Transactions will meet the
Standards set by that regulation. Communications between Plan Sponsor
and Business Associate, or between Plan Sponsor and the Covered Entity,
do not need to comply with the HIPAA Standards for Electronic Transactions.
Accordingly, unless agreed otherwise by the Parties in writing, all
communications (if any) for purposes of "enrollment" as that term is defined
in 45 C.F.R. Part 162, Subpart 0 or for "Health Covered Entity Premium
Payment Data," as that term is defined in 45 C.F.R. Part 162, Subpart Q,
shall be conducted between the Plan Sponsor and either Business Associate
or the Covered Entity. For all such communications (and any other
communications between Plan Sponsor and the Business Associate), Plan
Sponsor shall use such forms, tape formats, or electronic formats that it or
Covered Entity may approve. Business Associate will include all information
reasonably required by Plan Sponsor or Covered Entity to affect such data
exchanges or notifications.
iii. Communications Between the Business Associate and the Covered Entity.
All communications between the Business Associate and the Covered Entity
that are required to meet the HIPAA Standards for Electronic Transactions
shall do so. For any other communications between the Covered Entity and
the Business Associate, the Business Associate shall use such forms, tape
formats, or electronic formats that Covered Entity deems acceptable. The
Business Associate will include all information reasonably required by
Covered Entity to affect such data exchanges or notifications.
i. Business Associate shall include in all contracts with its agents or
subcontractors, if such contracts involve the disclosure of PHI to the agents
or subcontractors, the same restrictions and conditions on the use,
disclosure, and security of such PHI that are set forth in this Agreement.
Business Associate shall automatically email to Covered Entity at the email
address noted in paragraph 6 (b) an electronic copy of the document
enforcing these restrictions and conditions prior to the disclosure of any PHI.
e. Breach of Privacy or Security Obligations.
i. Notice and Reporting to Covered Entity. Business Associate will notify and
report to Covered Entity (in the manner and within the timeframes described
below) any use or disclosure of PHI not permitted by this Agreement, by
applicable law, or permitted in writing by Covered Entity.
ii. Notice to Covered Entity. Business Associate will notify Covered Entity
following discovery and without unreasonable delay but in no event later than
five (5) calendar days following discovery, any "Breach" of "Unsecured
Protected Health Information" as these terms are defined by the HITECH Act
and any implementing regulations. Business Associate shall cooperate with
Covered Entity in investigating the Breach and in meeting the Covered
Entity's obligations under the HITECH Act and any other security breach
notification laws. Business Associate shall follow its notification to the
Covered Entity with a report that meets the requirements outlined
immediately below.
20
iii. Reporting to Covered Entity.
1. For Successful Security Incidents and any other use or disclosure of
PHI that is not permitted by this Agreement, by applicable law, or
without the prior written approval of the Covered Entity, Business
Associate — without unreasonable delay and in no event later than
fifteen (15) days after Business Associate learns of such non -
permitted use or disclosure — shall provide Covered Entity a report
that will:
iv. Termination for Breach.
a. Identify (if known) each individual whose Unsecured
Protected Health Information has been, or is reasonably
believed by Business Associate to have been accessed,
acquired, or disclosed during such Breach;
b. Identify the nature of the non - permitted access, use, or
disclosure including the date of the incident and the date of
discovery;
c. Identify the PHI accessed, used, or disclosed (e.g., name;
social security number; date of birth);
d. Identify who made the non - permitted access, use, or
received the non - permitted disclosure;
e. Identify what corrective action Business Associate took or
will take to prevent further non - permitted accesses, uses, or
disclosures;
f. Identify what Business Associate did or will do to mitigate
any deleterious effect of the non - permitted access, use, or
disclosure; and
g. Provide such other information, including a written report, as
the Covered Entity may reasonably request.
2. For Unsuccessful Security Incidents, Business Associate shall
provide Covered Entity, upon its written request, a report that: (i)
identifies the categories of Unsuccessful Security Incidents as
described in Section 3(b)(iii)(4); (ii) indicates whether Business
Associate believes its current defensive security measures are
adequate to address all Unsuccessful Security Incidents, given the
scope and nature of such attempts; and (iii) if the security measures
are not adequate, the measures Business Associate will implement
to address the security inadequacies.
1. Covered Entity and Business Associate each will have the right to
terminate this Agreement if the other party has engaged in a pattern
of activity or practice that constitutes a material breach or violation of
Business Associate's or the Covered Entity's respective obligations
regarding PHI under this Agreement and, on notice of such material
breach or violation from the Covered Entity or Business Associate,
fails to take reasonable steps to cure the material breach or end the
violation.
2. If Business Associate or the Covered Entity fail to cure the material
breach or end the violation after the other party's notice, the Covered
21
4. BASIS OF AGREEMENT
Entity or Business Associate (as applicable) may terminate this
Agreement by providing Business Associate or the Covered Entity
written notice of termination, stating the uncured material breach or
violation that provides the basis for the termination and specifying
the effective date of the termination. Such termination shall be
effective 60 days from this termination notice.
v. Continuing Privacy and Security Obligations. Business Associate's and the
Covered Entity's obligation to protect the privacy and security of the PHI it
created, received, maintained, or transmitted in connection with services to
be provided under the Agreement will be continuous and survive termination,
cancellation, expiration, or other conclusion of this Agreement. Business
Associate's other obligations and rights, and the Covered Entity's obligations
and rights upon termination, cancellation, expiration, or other conclusion of
this Agreement, are those set forth in this Agreement.
a. Business Associate recognizes that the promises it has made in this Agreement
shall, henceforth, be detrimentally relied upon by Covered Entity in choosing to
continue or commence a business relationship with Business Associate.
5. MODIFICATION
a. This Agreement may only be modified through a writing signed by the Parties. No
oral modification hereof shall be permitted. The Parties agree to take such action as
is necessary to amend this Agreement from time to time as is necessary for Covered
Entity to comply with the requirements of the HIPAA and the HITECH Act.
6. MISCELLANEOUS
a. Ambiguity. Any ambiguity in this Agreement shall be resolved to permit Covered
Entity to comply with the Privacy Rule.
b. Notice to Covered Entity. Any notice required under this Agreement to be given to
Covered Entity shall be made in writing to:
Augusta, Georgia Law Department
Address: 520 Greene Street
Augusta, Georgia 30809
Attention: Andrew MacKenzie, General Counsel
Phone: 704.842.5550
Email: amackenzie @augustaga.gov
c. Notice to Business Associate. Any notice required under this Agreement to be given
to Business Associate shall be made in writing to:
Healthstat, Inc.
Address: 4651 Charlotte Park Dr, Suite 300
Charlotte, NC 28217
Attention: Warren Hutton, General Counsel
Phone: 704.529.6161
Email: warren.hutton @healthstatinc.com
22
A y:
Name:
Title:
d. Integration. This Agreement shall be incorporated into and made a part of the Health
Risk Management Agreement. In the event that any term or provision of this
Agreement contradicts or conflicts with a term or provision of the Health Risk
Management Agreement, the term or provision of this Agreement shall control.
IN WITNESS WHEREOF, the parties have duly executed this Agreement on the day and year
first above written.
Augusta, Georgia
Date:
ATTEST:
By:
Deke Copenhaver
Mayor
1 Ca (
ena J Bpfiner, Clerk of Commission
23
Healthstat, Inc.
Name: Susan C. Kinzler
Title: CFO & Executive Vice President
gi
Date:
Return on
Investment Results
Percentage of Fees at
Risk to be Refunded
1.0 or greater :
1
0%
0.9:1
10%
0.8:1
20%
0.7:1
30%
0.6:1
40%
0.5:1
50%
0.4:1
60%
0.3:1
70%
0.2:1
80%
0.1:1
90%
0.0:1
100 %
EXHIBIT "D ": GUARANTY DETAILS
1 THE HEALTHSTAT GUARANTY
Healthstat, Inc. guarantees a return on investment of 1 : 1 over the first 18 months of the Clinician clinics' operation at the
Employer. Healthstat guarantees to reduce by 50% of the program administration fee paid by the Employer to Healthstat for
administering and managing the On -Site Clinic and is calculated based on a floating scale. In accordance with the example
set forth hereafter, if Employer satisfies the following terms and conditions and if the projected return on investment is not
realized:
1. All levels of management (including managers and supervisors at the On -Site Clinic location) EMBRACE and
SUPPORT wellness including usage of the On -Site Clinic.
2. The amount of fees at risk will be based on the actual percentage participation of employees eligible to take part in the
health risk assessment and the health risk assessment participants compliance with the clinic visitation frequency
guidelines
3. Employer mandates that all eligible employees attend at least one (1) introductory education session facilitated by a
Healthstat associate detailing the program.
4. Employer provides access to the On -Site Clinic at no cost to the employee.
5. Employee is not required to "clock -out" while using the On -Site Clinic.
6. Healthstat will present a qualified candidate to staff the On -Site Clinic and Employer agrees to accept the candidate
Healthstat presents.
7. Employer and Healthstat agree to the calculation used to measure the financial impact of the On -Site Clinic on
medical and prescription drug claims prior to the opening of the On -Site Clinic
8. Employer agrees to remove from the paid claims totals any outlier claim in excess of $75,000 per claimant per year.
9. Employer agrees to provide Healthstat, Inc. detailed medical and prescription drug claims information and employee
demographic data for at least the 24 -month period prior to the clinics opening and on a monthly basis after the
effective date of the clinic.
'The amount of fees at risk to be refunded to the Employer will be determined based on the actual return
on investment results calculated at the end of the first 18 months of clinic operation. The On -Site Clinic
location return on investment will be calculated on a stand -alone basis based on the following schedule:
2 The amount of the fees at risk will vary based on the actual level of participation of the eligible
employees. Participation is defined as the employee's involvement in the Health Risk Assessment and
compliance with the recommended clinic visitation frequency schedule determined base on each person's
risk profile. The following table applies:
24
Eligible Employee
Participation Level
Percentage of Total Cost Paid for
the On -Site Clinic at Risk
90%
100%
80%
75%
70%
50%
69% or less
0%
An Panic Value
Once eve 90
to 8 Risk Factors
to 3 Risk Factors.
0 Risk Factors
Once eve 90 day
Once every 180
Once eve
The calculation will be based on the following formula:
1. Determine medical & RX claims per employee per year (pepy) effective on the date the clinic
opened — excluding all claimants who had expenses paid in excess of $75,000 by analyzing the
actual cost the Health Care Plan paid over the most - recent 24 -month period.
2. Determine the anticipated health care trend over the first 18 months after the clinic opens (for
Employer's with Tess than 2,000 participants, health care trend is defined by the Employer's
health insurance carrier or third party administrator).
3. Determine the actual medical & RX claims pepy over the 18 -month period following the clinic
opening date — excluding all claimants who had expenses paid in excess of $75,000 over the
most recent 18 month period.
4. Analyze the difference between the actual pepy and the trended pepy to determine the pepy cost
avoidance.
5. Multiply the difference between actual claims paid and the anticipated trended claims by the
number of clinic participants (see definition of Participant in #2 above).
6. Compare the cost avoidance to the actual amount paid for the On -Site Clinic Program to
determine the ROI.
25
File
File Description
File Name Format
Employee File
All employees eligible for
the HealthSTAT program.
Alphanumeric
Max Size: 40 characters
Format: "Company Name -Emp- Date"
(ex: Acme Products - Emp - mmddyyyy)
Field Name
Field Description
Required
Field Format
CompanyName
Company Name
Required
Alphanumeric
Max Size: 50 characters
LastName
Employee Last Name
Required
Alpha Characters, do not include
suffix
Max Size: 50 characters
FirstName
Employee First Name
Required
Alpha Characters
Max Size: 50 characters
MiddleName
Employee Middle Name or
Initial
Optional
Alpha Characters
Max Size: 50 characters
Suffix
Employee Name Suffix
Optional
Alphanumeric
Max Size: 10 characters
(ex: Jr, Sr, II, III, 2nd)
SSN
Employee Social Security
Number
Required
Alphanumeric (numbers and hyphens
only)
Max Size: 15 characters
(ex: 123 -45 -6789)
DOB
Employee Date of Birth
Required
Alphanumeric (numbers and slashes
only)
Max Size: 10 Characters
(mm /dd /yyyy ex: 01/21/1956)
Gender
Employee Gender
Required
M or F
EXHIBIT "E ": Electronic Data Sharing
Following are the elements the employer is required to provide to Healthstat as described in this
Agreement.
Demographic Data File Requirements
Below are the general guidelines for creating two separate files: I) for all eligible employees and
II) for all eligible dependents in the program. A dependent file is not necessary if dependents are
not eligible for the program.
1. Create a tab - delimited text file or an Excel workbook file with the fields in the indicated order.
Please use the column header names exactly as specified.
2. Populate all required fields, even if the value is the same for all records — e.g.
"CompanyName," "PlantName," or "PlantLocation."
3. For optional fields that will not be populated, include the empty column(s) with the column
header(s).
4. Please format data fields as indicated, using only alphanumeric characters, numbers, or
numbers plus the special characters listed in the Field Format specified. For example, do not
use parentheses in the "Hphone" and "Wphone" columns. Do not use hyphens in the "DOB,"
"HireDate," and "TermDate" columns.
5. Send complete files monthly to data a(�,Healthstatinc.com. Files must be protected by
password and /or other security measures such as ftp, pgp encryption, secure email, and zip
compression. Passwords can be provided by Healthstat.
File naming conventions and field definitions follow.
I. Employee File:
26
File
File Description
Max Size: 1 character
PositionStatus
Current Employee Status
Required
Alpha from list: Active, Retired,
Cobra, Terminated, or Other
Max Size: 15 characters
Address1
Employee Home Address
Line 1
Required
Alphanumeric
Max Size: 50 characters
Address2
Employee Home Address
Line 2
Optional
Alphanumeric
Max Size: 50 characters
City
Employee City
Required
Alphanumeric
Max Size: 50 characters
State
Employee State
Required
Alphanumeric
Max Size: 2 characters
Zip
Employee Zip Code
Required
Alphanumeric (numbers and hyphen
only, 5 or 9 digit zip codes)
Max Size: 10 characters
(ex: 12345 or 12345 -6789)
Hphone
Employee Home Telephone
Number
Required
Alphanumeric (numbers, '-', 'x' if
extension)
Max Size: 50 characters
(ex: 123 - 456 -7890 x1234)
Wphone
Employee Work Telephone
Number
Optional
Alphanumeric (numbers, '-', 'x' if
extension)
Max Size: 50 characters
(ex: 123 - 456 -7890 x1234)
PlantName
Plant Number or Name of
Employee's Work Location
Required
Alphanumeric
Max Size: 50 characters
PlantLocation
City of Employee's
Plant/Work Location
Required
Alphanumeric
Max Size: 50 characters
HireDate
Employee Date of Hire
Required
Alphanumeric (numbers & slashes
only)
Max Size: 10 Characters
(mm /dd /yyyy ex: 01/21/1956)
TermDate
Date of Employee
Termination
Required
(if Position Status
= Terminated)
Alphanumeric (numbers & slashes
only)
Max Size: 10 Characters
(mm /dd /yyyy ex: 01/21/1956)
CustomerMemberlD
Employee's unique
insurance identifier # if
other than SSN #
Optional*
( *if = SSN)
Alphanumeric
Max Size: 15 characters
CustomerEmployeelD
Employee's unique
identifier # within the
company
Optional
Alphanumeric
Max Size: 15 characters
File
File Description
File Name Format
Dependent File
All dependents eligible for
the HealthSTAT program.
Alphanumeric
Max Size: 40 characters
Format: "Company Name -Dep-
Date"
(ex: Acme Products -Dep-
mmddyyyy)
Field
Field Description
Required
Field Format
CompanyName
Company Name
Required
Alphanumeric
Max Size: 50 characters
LastName
Dependent Last Name
Required
Alpha Characters, do not include
II. Dependent File:
27
Claims Data File Required Elements
28
suffix
Max Size: 50 characters
FirstName
Dependent First Name
Required
Alpha Characters
Max Size: 50 characters
MiddleName
Dependent Middle Name or
Initial
Optional
Alpha Characters
Max Size: 50 characters
Suffix
Dependent Name Suffix
Optional
Alphanumeric
Max Size: 10 charaters
(ex: Jr, Sr, II, III, 2nd)
SSN
Dependent Social Security
Number
Required
Alphanumeric (numbers and
hyphens only)
Max Size: 15 characters
(ex: 123 -45 -6789)
DOB
Dependent Date of Birth
Required
Alphanumeric (numbers and
slashes only)
Max Size: 10 Characters
(mm /dd /yyyy ex: 01/21/1956)
Gender
Dependent Gender
Required
M or F
Max Size: 1 character
RelationCode
Relationship To Employee
Required
Alphanumeric
Max Size: 10 characters
(Spouse, Child, or Other)
RespPartySSN
Employee's Social Security
Number
Required
Alphanumeric (numbers and
hyphens only)
Max Size: 15 characters
(ex: 123 -45 -6789)
RespPartyEmployee
ID
Employee's unique
EmployeelD
Optional (unless
EmployeelD is
key identifier)
Alphanumeric
Max Size: 15 characters
RespPartyMemberlD
Employee's unique
insurance MemberlD
Optional (unless
MemberlD is key
identifier)
Alphanumeric
Max Size: 15 characters
Address1
Dependent Home Address
Line 1
Optional if same
as employee
Alphanumeric
Max Size: 50 characters
Address2
Dependent Home Address
Line 2
Optional
Alphanumeric
Max Size: 50 characters
City
Dependent City
Optional if same
as employee
Alphanumeric
Max Size: 50 characters
State
Dependent State
Optional if same
as employee
Alphanumeric
Max Size: 2 characters
Zip
Dependent Zip Code
Optional if same
as employee
Alphanumeric (numbers and
hyphen only, 5 or 9 digit zip codes)
Max Size: 10 characters
(ex: 12345 or 12345 -6789)
Hphone
Dependent Home
Telephone Number
Optional if same
as employee
Alphanumeric (numbers, ' -', 'x' if
extension)
Max Size: 50 characters
(ex: 123- 456 -7890 x1234)
Wphone
Dependent Work
Telephone Number
Optional
Alphanumeric (numbers, ' -', 'x' if
extension)
Max Size: 50 characters
(ex: 123- 456 -7890 x1234)
CustomerMemberlD
Dependent's unique
insurance identifier # if
other than SSN #
Optional*
( *if SSN)
Alphanumeric
Max Size: 15 characters
Claims Data File Required Elements
28
Claims data files should be fixed - length text files. Headers are not allowed. If delimited files are used
instead, a column header record is required. Please send documentation of your file layout and any
definitions /descriptions /formulas. Data should be in HIPAA- compliant format wherever possible.
Requirement (Medical)
Required
Optional
Required
Required
Required
Required
Required
Optional
Optional
Optional
Required
Required
Required
Optional
Required
Required
Optional
Optional
Optional
Required
Required
Required
Required
Required
Required
Required
Required
Optional
Optional
Required*
Optional
Required
Optional
Optional
Required
Optional
Optional
Optional
Optional
Optional
Optional
ption
Group Number
Subgroup Number
Claim Number
Service Sequence number
Paid Date
Beginning Date of Service
Ending Date of Service
Process Date
Claim Begin Date
Claim End Date
Patient's SSN
Patient's Last Name
Patient's First Name
Patient's Middle Name
Patients Gender
Patients Date of Birth
Patient's City
Patient's State
Patient's Zip Code
Patient Relationship to Policy Holder
Dependent Suffix
Policy Holder Number
Policy Holder's SSN
Policy Holder's Last Name
Policy Holder's First Name
Policy Holder's Gender
Policy Holder's Date of Birth
Policy Holder's Zip Code
In /Out Flag
Place of Service Code
Service Type Code
Procedure Code
Procedure Modifier
UB92 Revenue Code
Primary Diagnosis Code
Secondary Diagnosis Code
Tertiary Diagnosis Code
Quaternary Diagnosis Code
DRG (Diagnosis Related Group)
ICD9 Procedure Code
UB92 Bill Type
29
Optional
Required
Required
Required
Required
Required*
Required*
Required*
Required*
Optional
Required
Optional*
Optional*
Optional
Optional
Optional
Optional
Optional
Optional
Amount Requested
Amount Allowed
Paid Amount
Claim Type
Provider Number (Rendering Provider)
Provider NPI
Provider UPIN
Provider DEA Number
Provider Tax ID Number
Provider Type
Provider Specialty Code
Provider First Name
Provider Last Name
Provider Suffix
Provider Address 1
Provider Address 2
Provider City
Provider State
Provider Zip Code
Ftrequirernont (Rx) Description
Required Group Number
Optional Subgroup Number
Required Rx Claim Number
Required Prescription Sequence
Required Paid Date
Required Date of service / Date Prescription Filled
Optional Process Date
Required Patient's SSN
Required Patient's Last Name
Required Patient's First Name
Optional Patient's Middle Name
Required Patient's Gender
Required Patient's Date of Birth
Optional Patient's City
Optional Patient's State
Optional Patient's Zip Code
Required Patient Relationship to Policy Holder
Required Dependent Suffix
Required Policy Holder Number
Required Policy Holder's SSN
Required Policy Holder's Last Name
Required Policy Holder's First Name
Required Policy Holder's Gender
Required Policy Holder's Date of Birth
30
Optional Policy Holder's Zip Code
Optional Pharmacy Number
Required National Drug Code
Required Drug Name
Optional Ordering Physician
Required Drug Quantity
Required Generic Indicator
Required Days Supply
Optional Amount Requested
Required Amount Allowed
Required Paid Amount
Optional Primary Diagnosis Code
*Claims data cannot be processed unless the demographic data files and any claims files contain the
same unique identifier (usually SSN) for each covered member, including dependents. The
employee's SSN or employee ID is used to link dependents to employees, but it is not sufficient to
link claims to the appropriate member when dependents are covered. If the dependent's SSN is not
available or will not be provided by the insurance carrier, then another identifier is required and must
be the identifier used by the insurance carrier. This identifier will be stored in the
"CustomerMemberlD" column in both the employee and dependent demographic data files.
31
**
EXHIBIT "F ": Premises
Client Check List
Room Specs & Supplies for the Healthstat Clinic
I. Room Specifications:
o Private Room with Lock (windows must be covered), preferably with access through a non -
production facility
o Sound and vibration proofing
o 8' x 10' minimum
o Electrical Outlets
o Heated /air conditioned
o Sink, or in very close proximity
o Restrooms in very close proximity
o Telephone
o Single Clinician Clinic requires internet access that can be provided by the Employer.
o Multiple Clinician Clinic /Multiple Exam Rooms requires Business Class DSL or Cable that does
not run through Employer's network.
II. Clinic Supplies
o Examination table
o Cabinet (preferably with doors for Medical Supplies)
o Table for Blood Drawing Station & Supplies
o Mini - Refrigerator with freezer
o 2 nd Mini - Refrigerator without freezer
o Desk
o Rolling Chair for Clinician
o Chair for counseling employee
o Locking File Cabinet
o Secure Shredder dedicated to the clinic
o Secure Fax/Printer /Scanner Machine (preferably in the clinic or a secure area that is HIPAA
compliant)
o Phone list w/ extensions
o Access to a copy machine
o Paper towels
o Anti - bacterial Soap for Clinician
* * ** *Employer will be responsible for ALL clinic office supplies, clinic lab /medical supplies for the initial
set -u p * * * **