Loading...
HomeMy WebLinkAboutC-2916Ilc0 -ZO ANCILLARY SERVICES AGREEMENT This Ancillary Services Agreement ( "Agreement ") is made and entered into as of July, 1, 2014 ( "Effective Date "), by and between Methodist Hospital of Southern California, a California Non - Profit Corporation ( "Hospital "), and City of Arcadia ( "CITY "). RECITALS 1. Hospital is a 501(c)(3) California Non - Profit Corporation, which provides acute care hospital services. 2. CITY is desirous to obtain the health care services contracted for under this Agreement. 3. Hospital and CITY desire to enter into an Agreement under which Hospital agrees to provide contracted Services to CITY employees. Now therefore, in consideration of the recitals, covenants, conditions and promises contained herein, and for such other good and valuable consideration, the receipt and sufficiency of which is hereby acknowledged, the parties agree as follows: • ' 1[6111 HOSPITAL RESPONSIBILITIES 1. Hospital shall provide annual physical examinations to Arcadia sworn Police and Fire Employees. 2. Hospital agrees to provide biennial physical examinations to City Management employees as listed on Exhibit B which is hereby incorporated into this Agreement. Management positions may be subject to change within terms of this agreement. 3. Physical examinations of employees designated above shall be performed by a qualified Nurse Practitioner at no charge to CITY. CITY shall pay the cost only of all lab and diagnostic tests. Exams will be scheduled according to the staffing availability in the Occupational Health Department. 4. Specific services to be offered to each eligible employee included in physical examinations are set forth in Attachment "B" which is hereby incorporated into this Agreement by reference. IWOV, 5. Those examinations shall be conducted consistent with the Descriptions outlined in Exhibit "C" which is hereby incorporated into this Agreement by reference. 6. Hospital shall properly register all CITY employees prior to providing hospital physical examinations. 7. Hospital shall be available to provide physical examinations during regular office hours, Monday through Friday, 7:30 am to 4:00 pm. 8. Hospital shall maintain medical records in such form and containing such information as required by State and Federal laws, regulations and regulatory agencies. Hospital shall maintain the confidentiality of such records in accordance with all applicable laws. Hospital shall retain all original medical records. 9. For Fire personnel only, Hospital shall provide CITY with completed DMV medical examination report (DL51 and DL 546A form). 10. Hospital is duly licensed, certified or accredited to provide the physical examinations, and shall ensure that the physical examinations are provided by duly licensed, certified or otherwise authorized or accredited personnel. Physica examinations shall be provided in accordance with (i) generally accepted standards prevailing in the applicable professional community; and (ii) all federal, state, and local statutes, regulations, ordinances and requirements and accreditation requirements applicable to CITY and Hospital. 11. Hospital shall comply with all applicable State and Federal Laws, Rules and Regulations. 12. Hospital shall not discriminate in the provision of Covered Services to CITY employees on the basis of race, color, creed, national origin, ancestry, religion, sex, marital status, sexual orientation, age, medical condition, medical history, genetics, handicap, disability, health status, claims history, or evidence of insurability. ARTICLE II CITY RESPONSIBILITIES 1. CITY shall notify covered employees of benefits available to them under this Agreement and will provide contact information to Methodist Hospital Occupational Health Department for covered employees to call to schedule physical examinations. _ �r 2. CITY shall provide its employees with written instructions about Hospital office hours, appointment scheduling, referrals, registration process, and registration forms. 3. CITY's employees shall register through Hospital's admitting department before services are provided. All CITY's employees shall provide a valid form of identification. 4. After registration in the Hospital's admitting department, CITY's employees shall report to Occupational Health Department (OHD). 5. CITY and Hospital shall comply with all applicable State and Federal Laws, Rules and Regulations including but not limited to regulatory agency guidelines, and accreditation requirements. ARTICLE III COMPENSATION Hospital shall use its best efforts to bill CITY for services rendered within ninety (90) days following the provision of the physical examinations. 2. CITY shall reimburse Hospital within forty -five (45) days of receipt of bill in accordance with those rates set forth in Exhibit D for those Covered Services provided to CITY's employees under the terms and conditions of this Agreement. 3. Hospital shall not under any circumstances, including without limitation, breach of this Agreement, bill, charge, collect a deposit from, or receive any form of payment, compensation or reimbursement, or have any recourse against a CITY employee for physical examinations provided under this Agreement. /_1 :49IQ4:1A INSURANCE Hospital shall maintain, at its sole cost and expense, (i) self- insurance covering professional liability with limits in a minimum amount of $1,000,000 per claim and $3,000,000 in the aggregate, (ii) workers compensation insurance as required by law, and (iii) general liability insurance or self- insurance, including premises and personal injury, in the minimum amount of $1,000,000 per occurrence, combined single limit bodily injury and property. sit" ARTICLE V TERM AND TERMINATION OF THE AGREEMENT This Agreement shall commence on July 1, 2014 and shall continue for three years ending on June 30, 2017, unless sooner terminated in accordance with the terms of this Agreement. 2. Either party may terminate this Agreement without cause by either party by giving thirty (30) days' prior written notice to the other party. 3. Either party may terminate this Agreement in the event that either party breaches a material term or condition of this Agreement and the breaching party fails to cure such breach within thirty (30) days after written notice of such breach from the non - breaching party. ARTICLE VI INDEMNIFICATION Each party indemnifies and holds the other party, its parents and subsidiaries, officers, directors, attorneys, employees, and agents harmless, individually and collectively, from and against and with respect to any and all claims, demands, judgments, settlements, losses, costs, expenses, liabilities, actions, damages, penalties, attorneys' fees and other costs incurred, directly or indirectly, as a result of the acts or failure to act of the indemnifying party. I_1:49[N0 *Ti I FORCE MAJEURE Neither party hereto shall be liable for any delay or failure in the performance of any obligation under this Agreement or for any loss or damage (including indirect or consequential damage) to the extent that such nonperformance, delay, loss or damage results from any contingency which is beyond the control of such party, provided such contingency is not caused by the fault or negligence of such party. A contingency for purposes of this Agreement shall be Acts of God, fires, floods, earthquakes, explosions, storms, wars, hostilities, blockades, public disorders, quarantine restrictions, embargoes, strikes or other labor disturbances, and compliance with any law, order or control of, or insistence by any governmental or military authority. OP"I ARTICLE VIII MISCELLANEOUS PROVISIONS The parties are independent contractors and each is solely responsible for all compensation, withholdings and benefits for its own employees and agents. 2. Hospital and CITY shall comply with all applicable state and federal laws regarding privacy and confidentiality of medical information and records, including without limitation, mental health records. Hospital and CITY shall develop policies and procedures to ensure medical records are not disclosed in violation of California Civil Code Section 56, et. seq., or any other applicable state or federal law. To the extent Hospital or CITY receives, maintains, or transmits medical or personal information electronically, Hospital and CITY shall comply with all state and federal laws relating to protection of such information including, without limitation, the Health Insurance Portability & Accountability Act ( "HIPAX) provisions on security and confidentiality and any Centers for Medicare and Medicaid Services ( "CMS ") regulations or directives relating to CITY's Employees. 3. This Agreement constitutes the entire written agreement between the parties with respect to the subject matter hereof. This Agreement may be amended by the parties only upon mutual written consent. 4. The validity, interpretation and performance of this Agreement shall be governed by and construed in accordance with the laws of the State of California and the United States. 5. Any notice required or permitted to be given hereunder by either party to the other shall be in writing and shall be deemed delivered upon personal delivery; or twenty -four (24) hours following deposit with a bonded courier for overnight delivery; or three (3) days after deposit in the U.S. Mail, registered or certified mail, postage prepaid, return - receipt requested, addressed to the parties at the following addresses or to such other addresses as the parties may specify in writing to the other in the manner provided herein: To HOSPITAL: Methodist Hospital of Southern California Chief Executive Officer 300 West Huntington Drive Arcadia, CA 91007 -3402 To CITY: City of Arcadia Attention: Human Resources Administrator 240 West Huntington Drive tot, Arcadia, California 91007 6. If at any time during the term of this Agreement any changes in legislative, regulatory, or legal requirements require a modification to this Agreement, this Agreement shall be deemed to be automatically amended to conform to the requirements of such statutes or regulations. Hospital shall notify CITY in writing of such amendments to this Agreement as soon as is practicable thereafter. 7. This Agreement including the recitals, exhibits and any other attachments hereto constitutes the entire agreement between the parties with respect to the subject matter hereof, supersedes all other and prior agreements on the same subject whether written or oral, and contains all of the covenants and agreements between the parties with respect to the subject matter herein. 8. The recitals, exhibits, schedules and other attachments to this Agreement are hereby incorporated herein by this reference as though fully set forth herein. Signature Page to Follow s �� Signature Page to Ancillary Agreement IN WITNESS WHEREOF, the parties hereto have caused this Agreement to be executed by their duly authorized representatives effective as of the date first written above. Methodist Hospital of Southern C lifornia . By: , Name: William Grigg Title: SVP & Chief Financial Officer Date: 2`7 City of Arcadia By: Name: Dominic Lazzaretto Title: City Manager Date: �vrE,..,c� 2A, 20 It Approved as to form: Stephen P. Deitsch City Attorney City of Arcadia 7 wtv, EXHIBIT A BUSINESS ASSOCIATE ADDENDUM This Business Associate Addendum ( "Addendum ") supplements and is made a part of the Agreement ( "Contract ") by and between Methodist Hospital of Southern California, a California nonprofit corporation ( "Covered Entity" or "CE ") and City of Arcadia ( "Business Associate" or "BA "), dated July 1, 2014. This Addendum is effective as of the Effective Date of the Contract (the "Addendum Effective Date "). A. CE wishes to disclose certain information to BA pursuant to the terms of the Contract, some of which may constitute Protected Health Information ( "PHI ") (defined below). B. CE and BA intend to protect the privacy and provide for the security of PHI disclosed to BA pursuant to the Contract in compliance with the Health Insurance Portability and Accountability Act of 1996, Public Law 104 -191 ( "HIPAA "), the Health Information Technology for Economic and Clinical Health Act, Public Law 111 -005 ( "the HITECH Act "), and regulations promulgated thereunder by the U.S. Department of Health and Human Services (the " HIPAA Regulations ") and other applicable laws. C. As part of the HIPAA Regulations, the Privacy Rule and the Security Rule (defined below) require CE to enter into a contract containing specific requirements with BA prior to the disclosure of PHI, as set forth in, but not limited to, Title 45, Sections 164.314(a), 164.502(e) and 164.504(e) of the Code of Federal Regulations ( "C.F.R. ") and contained in this Addendum. In consideration of the mutual promises below and the exchange of information pursuant to this Addendum, the parties agree as follows: 1) Definitions a) Breach shall have the meaning given to such term under the HITECH Act. b) Business Associate shall have the meaning given to such term under the Privacy Rule, the Security Rule, and the HITECH Act, including, but not limited to, 42 U.S.C. Section 17938 and 45 C.F.R. Section 160.103. c) Covered Entity shall have the meaning given to such term under the Privacy Rule and the Security Rule, including, but not limited to, 45 C.F.R. Section 160.103. d) Data Aggregation shall have the meaning given to such term under the Privacy Rule, including but not limited to, 45 C.F.R. Section 164.501. e) Designated Record Set shall have the meaning given to such term under the Privacy Rule, including, but not limited to, 45 C.F.R. Section 164.501. f) Electronic Protected Health Information means Protected Health Information that is maintained in or transmitted by electronic media. g) Electronic Health Record shall have the meaning given to such term in the HITECH Act, including, but not limited to, 42 U.S.C. Section 17921. h) Health Care Operations shall have the meaning given to such term under the Privacy Rule, including, but not limited to, 45 C.F.R. Section 164.501. i) HITECH Compliance Date shall mean February 17, 2010, unless a separate effective date is specified by law for a particular requirement, in which case such effective date shall apply for that particular requirement. j) Privacy Rule shall mean the HIPAA Regulation that is codified at 45 C.F.R. Parts 160 and 164, Subparts A and E. k) Protected Health Information or PHI means any information, whether oral or recorded in any form or medium: (i) that relates to the past, present or future physical or mental condition of an individual; the provision of health care to an individual; or the past, present or future payment for the provision of health care to an individual; and (ii) that identifies the individual or with respect to which there is a reasonable basis to believe the information can be used to identify the individual, and shall have the meaning given to such term under the Privacy Rule, including, but not limited to, 45 C.F.R. Section 160.103. Protected Health Information includes Electronic Protected Health Information. 1) Security Rule shall mean the HIPAA Regulation that is codified at 45 C.F.R. Parts 160 and 164, Subparts A and C. m) Unsecured PHI shall have the meaning given to such term under the HITECH Act and any guidance issued pursuant to such Act including, but not limited to, 42 U.S.C. Section 17932(h). 2) Obligations of Business Associate a) Permitted Uses. BA shall not use PHI except for the purpose of performing BA's obligations under the Contract and as permitted under the Contract and Addendum. Further, BA shall not use PHI in any manner that would constitute a violation of the Privacy Rule or the HITECH Act if so used by CE. However, BA may use PHI (i) for the proper management and administration of BA, (ii) to carry out the legal responsibilities of BA, (iii) for Data Aggregation purposes for the Health Care Operations of CE, or (iv) as required by law. tot, b) Permitted Disclosures. BA shall not disclose PHI except for the purpose of performing BA's obligations under the Contract and as permitted under the Contract and Addendum. BA shall not disclose PHI in any manner that would constitute a violation of the Privacy Rule or the HITECH Act if so disclosed by CE. However, BA may disclose PHI (i) for the proper management and administration of BA; (ii) to carry out the legal responsibilities of BA; (iii) as required by law; or (iv) for Data Aggregation purposes for the Health Care Operations of CE. If BA discloses PHI to a third party, BA must obtain, prior to making any such disclosure, (i) reasonable written assurances from such third party that such PHI will be held confidential as provided pursuant to this Addendum and only disclosed as required by law or for the purposes for which it was disclosed to such third party, and (ii) a written agreement from such third party to immediately notify BA of any breaches of confidentiality of the PHI, to the extent it has obtained knowledge of such breach. c) Prohibited Uses and Disclosures under HITECH. Notwithstanding any other provision in this Addendum, no later than the HITECH Compliance Date, BA shall comply with the following requirements: (i) BA shall not use or disclose PHI for fundraising or marketing purposes, except as provided under the Contract and consistent with the requirements of 42 U.S.C. 17936; (ii) BA shall not disclose PHI to a health plan for payment or health care operations purposes if the patient has requested this special restriction, and has paid out of pocket in full for the health care item or service to which the PHI solely relates, 42 U.S.C. Section 17935(a); (iii) BA shall not directly or indirectly receive remuneration in exchange for PHI, except with the prior written consent of CE and as permitted by the HITECH Act, 42 U.S.C. Section 17935(d)(2); however, this prohibition shall not affect payment by CE to BA for services provided pursuant to the Contract. d) Appropriate Safeguards. BA shall implement appropriate safeguards as are necessary to prevent the use or disclosure of PHI other than as permitted by the Contract or Addendum. BA further agrees to use administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity and availability of Electronic PHI, and security measures that are consistent with the highest industry standards (including ISO 27002, standards set forth and maintained by the National Institute of Standards and Technology ( "NIST "), and to the extent applicable, PCI DSS), and practices in the health information technology industries and otherwise meet the requirements of applicable federal, state and local law, including HIPAA, and state data privacy laws, to (i) protect Client Confidential Information against unauthorized destruction, loss, alteration, access, misuse or disclosure, and (ii) ensure the availability, integrity and confidentiality of Client Confidential Information that BA receives, transmits, has access to, stores or maintains including data at rest and data in transit.. No later than the HITECH Compliance Date, BA shall comply with each of the requirements of 45 C.F.R. Sections 164.308, 164.310, and 164.312 and the policies and procedures and documentation requirements of the HIPAA Security Rule, including, but not limited to, 45 C.F.R. Section 164.316. e) Right to Audit. BA agrees that, MHSC authorized personnel, or other agencies as designated by MHSC, shall have the option to perform a security assessment of the outsourced service /operations or request security related reports of the entity. Records pertaining to the service(s) shall be made available to MHSC and /or its representatives during normal working hours for this purpose. f) Mitigation. BA agrees to mitigate, to the extent practicable, any harmful effect that is known to BA of a use or disclosure of PHI in violation of this Addendum. g) Reporting of Improper Access, Use or Disclosure. BA shall promptly report to CE in writing, without unreasonable delay but in no event later than three (3) days after it becomes aware, of any access, use or disclosure of PHI not permitted by the Contract and Addendum or applicable law and any security incident, as defined in the Security Rule. BA shall, following the discovery of any Breach of Unsecured PHI, notify CE in writing of such breach without unreasonable delay and in no case later than three (3) days after discovery. BA shall have primary responsibility (in consultation with CE) and solely bear the costs of investigating any such access, use or disclosure of PHI not permitted by the Contract and Addendum or applicable law, any security incident or any Breach. In addition, BA agrees to (a) reimburse the actual, reasonable costs of CE to provide the required notifications and to cure or mitigate any access, use or disclosure of PHI not permitted by the Contract and Addendum or applicable law, any security incident or any Breach; or (b) if requested by CE, BA shall directly pay the actual, reasonable costs to provide the required notifications and to cure or mitigate any access, use or disclosure of PHI not permitted by the Contract and Addendum or applicable law, any security incident or any Breach. h) Business Associate's Subcontractors and Agents. BA shall ensure that any agents or subcontractors to whom it provides PHI, agree in writing to the same restrictions and conditions that apply to BA with respect to such PHI. To the extent that BA creates, maintains, receives or transmits Electronic PHI on behalf of the CE, BA shall implement the safeguards required by paragraph 2.c above with respect to Electronic PHI. i) Access to PHI. To the extent BA maintains a Designated Record Set on behalf of the CE, BA shall make PHI maintained by BA or its agents or subcontractors in Designated Record Sets available to CE for inspection and copying within fifteen (15) days of a request by CE to enable CE to fulfill its obligations under the Privacy Rule, including, but not limited to, 45 C.F.R. Section 164.524. No later than the Compliance Date, if BA maintains an Electronic Health Record, BA shall provide such information in electronic format to enable CE to fulfill its obligations under the HITECH Act, including, but not limited to, 42 U.S.C. Section 17935(e). j) Amendment of PHI. To the extent BA maintains a Designated Record Set on behalf of CE, within thirty (30) days of receipt of a request from the CE or an individual for an amendment of PHI or a record about an individual contained in a 11 0%, t; � Designated Record Set, BA or its agents or subcontractors shall make any amendments that CE directs or agrees to in accordance with the Privacy Rule. k) Accounting Rights. Within thirty (30) days of notice by CE of a request for an accounting of disclosures of PHI, BA and its agents or subcontractors shall make available to CE the information required to provide an accounting of disclosures to enable CE to fulfill its obligations under the Privacy Rule, including, but not limited to, 45 C.F.R. Section 164.528, and, no later than the HITECH Compliance Date, its obligations under the HITECH Act, including but not limited to 42 U.S.C. Section 17935(c), as determined by CE. The provisions of this subparagraph 2.i shall survive the termination of this Addendum. 1) Governmental Access to Records. BA shall make its internal practices, books and records relating to the use and disclosure of PHI available to CE and to the Secretary of the U.S. Department of Health and Human Services (the "Secretary") for purposes of determining BA's compliance with the Privacy Rule. m) Minimum Necessary. No later than the HITECH Compliance Date, BA (and its agents or subcontractors) shall request, use and disclose only the minimum amount of Protected Information necessary to accomplish the purpose of the request, use or disclosure. To the extent practicable, BA shall not request, use or disclose any direct identifiers (as described in the limited data set standard of HIPAA). BA understands and agrees that the definition of "minimum necessary" is in flux and shall keep itself informed of guidance issued by the Secretary with respect to what constitutes "minimum necessary. n) Trading Partner Agreement. BA shall not take any of the following actions.. (a) change the definition, data condition or use of a data element or segment in a standard; (b) add any data elements or segments to the maximum defined data set; (c) use any code or data elements that are either marked "not used" in the standards' implementation specification or are not in the standard's implementation specification(s); or (d) change the meaning or intent of the standard's implementation specification(s). For purposes of this Addendum, the terms data condition, data element, segment, standard and standard implementation specification shall have the same meanings set forth in 45 C.F.R. Section 162.103.] 3) Termination a) Material Breach by BA. A breach by BA of any provision of this Addendum, as determined by CE, shall constitute a material breach of the Contract and shall provide grounds for termination of the Contract, any provision in the Contract to the contrary notwithstanding, with or without an opportunity to cure the breach. If termination of the Contract is not feasible, CE will report the problem to the Secretary of DHHS. �r b) Material Breach by CE. As of the HITECH Compliance Date, pursuant to 42 U.S.C. Section 17934(b), if the BA knows of a pattern of activity or practice of the CE that constitutes a material breach or violation of the CE's obligations under the Contract or Addendum or other arrangement, the BA must take reasonable steps to cure the breach or end the violation. If the steps are unsuccessful, the BA must terminate the Contract or other arrangement if feasible, or if termination is not feasible, report the problem to the Secretary of DHHS. c) Effect of Termination. Upon termination of the Contract for any reason, BA shall, at the option of CE, return or destroy all PHI that BA or its agents or subcontractors still maintain in any form, and shall retain no copies of such PHI. If return or destruction is not feasible, as determined by CE, BA shall continue to extend the protections of Section 2 of this Addendum to such information, and limit further use of such PHI to those purposes that make the return or destruction of such PHI infeasible. If CE elects destruction of the PHI, BA shall certify in writing to CE that such PHI has been destroyed. 4) Indemnification; Limitation of Liability. To the extent permitted by law, BA shall indemnify, defend and hold harmless CE from any and all liability, claim, lawsuit, injury, loss, expense or damage resulting from or relating to the acts or omissions of BA in connection with the representations, duties and obligations of BA under this Addendum. Any limitation of liability contained in the Contract shall not apply to the indemnification requirement of this provision. This provision shall survive the termination of the Addendum. 5) Assistance in Litigation. BA shall make itself and any subcontractors, employees or agents assisting BA in the performance of its obligations under the Contract or Addendum available to CE, at no cost to CE, to testify as witnesses, or otherwise, in the event of litigation or administrative proceedings being commenced against CE, its directors, officers or employees based upon a claim of violation of HIPAA, the HITECH Act, or other laws related to security and privacy, except where BA or its subcontractor, employee or agent is named as an adverse party. 6) Amendment to Comply with Law. The parties acknowledge that state and federal laws relating to data security and privacy are rapidly evolving and that amendment of the Contract or Addendum may be required to provide for procedures to ensure compliance with such developments. The parties specifically agree to take such action as is necessary to implement the standards and requirements of HIPAA, the HITECH Act, the Privacy Rule, the Security Rule and other applicable laws relating to the security or confidentiality of PHI. The parties understand and agree that CE must receive satisfactory written assurance from BA that BA will adequately safeguard all PHI. Upon the request of either party, the other party agrees to promptly enter into negotiations concerning the terms of an amendment to this Addendum embodying written assurances consistent with the standards and requirements of HIPAA, the HITECH Act, the Privacy Rule, the Security Rule or other applicable laws. CE may terminate the Contract upon thirty (30) days written notice in the event (i) BA does not promptly enter into negotiations to amend the 13 "JC Contract or Addendum when requested by CE pursuant to this Section or (ii) BA does not enter into an amendment to the Contract or Addendum providing assurances regarding the safeguarding of PHI that CE, in its sole discretion, deems sufficient to satisfy the standards and requirements of applicable laws. 7) No Third -Party Beneficiaries. Nothing express or implied in the Contract or Addendum is intended to confer, nor shall anything herein confer upon any person other than CE, BA and their respective successors or assigns, any rights, remedies, obligations or liabilities whatsoever. 8) Interpretation. The provisions of this Addendum shall prevail over any provisions in the Contract that may conflict or appear inconsistent with any provision in this Addendum. This Addendum and the Contract shall be interpreted as broadly as necessary to implement and comply with HIPAA, the HITECH Act, the Privacy Rule and the Security Rule. The parties agree that any ambiguity in this Addendum shall be resolved in favor of a meaning that complies and is consistent with HIPAA, the HITECH Act, the Privacy Rule and the Security Rule. Except as specifically required to implement the purposes of this Addendum, or to the extent inconsistent with this Addendum, all other terms of the Contract shall remain in force and effect. 9) Regulatory References. A reference in this Addendum to a section of regulations means the section as in effect or as amended, and for which compliance is required. 10)ldentity Theft Program Compliance. To the extent that CE is required to comply with the final rule entitled "Identity Theft Red Flags and Address Discrepancies under the Fair and Accurate Credit Transactions Act of 2003," as promulgated and enforced by the Federal Trade Commission (16 C.F.R. Part 681) (the "Red Flags Rule ") and that BA is performing an activity in connection with one or more "covered accounts," as that term is defined in the Red Flags Rule, pursuant to the Contract, BA shall establish and comply with its own reasonable policies and procedures designed to detect, prevent, and mitigate the risk of identity theft, which shall be consistent with and no less stringent than those required under the Red Flags Rule or the policies and procedures of Hospital's Red Flags Program. BA shall provide its services pursuant to the Contract in accordance with such policies and procedures. BA shall report any detected "red flags," as that term is defined in the Red Flags Rule, to CE and shall, in cooperation with Hospital, take appropriate steps to prevent or mitigate identity theft. 14 %OV, EXHIBIT B PHYSICAL EXAMINATIONS CITY MANAGEMENT POSITIONS Management positions may be subject to change within the term of the Agreement Accounting Supervisor Administrative Service Director Assistant City Manager /Development Services Director Assistant Director of Recreation and Community Services Building Official Chief Deputy City Clerk /Records Manager City Manager Communications, Marketing & Special Projects Manager Community Development Administrator Crime Analyst Deputy Director of Development Services /City Engineer Deputy Fire Chief Deputy Public Works Services Directors Director of Library & Museum Services Director of Recreation & Community Services Economic Development Manager Environmental Services Officer Financial Services Manager/Treasurer Fire Battalion Chief Fire Chief Fire Marshal General Services Superintendent Human Resources Administrator Human Resources Analyst Library Services Manager Maintenance Contracts Officer Management Aide Management Analyst Police Captain Police Chief Police Lieutenant Police Records Manager Principal Civil Engineer Public Works Services Director Purchasing Officer Recreation Supervisor Senior Human Resources Analyst Senior Management Analyst Transportation Services Manager Utilities Superintendent 15 Q0ft %WTV31 ) *:/:11:3941 DESCRIPTION OF HOSPITAL SERVICES PHYSICAL TYPE: SWORN POLICE Procedure: Physical Exam & Questionnaire Audiogram Simple Spirometry Eye Exam TB Skin Test Urinalysis CBC SMA 18 Total Cholesterol Chest X -Ray (1 view) Tetanus Toxoid (if needed) Hepatitis "B" screening PHYSICAL TYPE: SWORN FIRE Over 40 Add: EKG Occult Stool Prostate Specific Antigen (PSA) Mammogram- woman (symptomatic men) Procedure Over 40 Physical Exam & Questionnaire Add: EKG Audiogram Occult Stool Loop Spirometry Prostate Specific Antigen (PSA) Eye Exam Mammogram- woman TB Skin Test (symptomatic men) Urinalysis CBC SMA18 Total Cholesterol Chest X -Ray (2 views) Hepatitis "B" screening DMV Physician's Health Report (DL51 and DL 546A form) PHYSICAL TYPE: MANAGEMENT Procedure Physical Exam & Questionnaire Eye Exam TB Skin Test Urinalysis CBC SMA 18 Total Cholesterol Chest X -Ray (1 view) Over 40 Add: EKG Occult Stool Prostate Specific Antigen (PSA) Mammogram- woman (symptomatic men) sxsh EXHIBIT D CITY'S REIMBURSEMENT SCHEDULE EFFECTIVE DATE 7/1/2014 to 6/30/2017 Service Description Code Rates CBC. COMPLETE BLOOD COUNT 85025 $42.00 CD- EKG:ROUTINE 93005 $111.00 COMPR METABOLIC PANEL W /GFR 80053 $100.00 HEPATITIS B SURFACE ANTIBODY 86706 $10.00 LEAD, BLOOD 83655 $9.00 LIPID PANEL 80061 $72.00 OCCULT BLOOD 82271 $16.00 PSA PROSTATIC SPECIFIC ANTIGE 84153 $60.00 SPIROMETRY PRE /POST BRONCH ADM 94060 $100.00 URIC ACID BLOOD 84550 $38.00 URINALYSIS, ROUTINE 81001 $29.00 VENIPUNCTURE 36415 $8.00 XR -CHEST 1 VW -AP 71010 $95.00 XR -CHEST 2 VW -AP & LATERAL 71020 $100.00 AUDIOMETRIC TESTING $50.00 VISION $25.00 TB SKIN TEST (TST) $25.00 HOSPITAL PAYMENT ADDRESS: Methodist Hospital of Southern California File 42428 Los Angeles, CA 90074 17 �h