HomeMy WebLinkAboutC-8392-1 - Date Exchange Participation Agreement• PRHR
ONE CALIFORNIA PARTNERSHIP REGIONAL HEALTH INFORMATION ORGANIZATION
DATA EXCHANGE PARTICIPATION AGREEMENT
OCPRHIO, Inc: Participant:
Orange County Partnership Regional Health
Information Organization, Inc. City of Newport Beach Fire Department
Name
dba One California Partnership Regional
Health Information Organization
601 N Park Center Drive
Suite, #104
Santa Ana, CA 92705
PBudilo@ocprhio.org
Phone: (714) 884-4441
FAX: (714) 919-4401
100 Civic Center Drive
Address
Newport Beach, CA 92660
City, State, Zip Code
CDuncan@nbfd.net
E -Mail Address
Telephone
Fax
Participant Type:
Data Provider(y/n): y
Data User (y/n): y
Participant operates a: Emergency Transport
Article 1. Background
A. The Orange County Partnership Regional Health Information Organization, Inc. (OCPRHIO, Inc) dba One
California Partnership Regional Health Information Organization operates Internet -based programs (the
"Programs") involving the private and secure electronic exchange of health information among health care
providers and other qualified organizations (each, a "Participant"), in order to promote the quality and efficiency
of health care services provided to the people who live and work in the communities OCPRHIO, Inc. serves.
OCPRHIO, Inc. provides or arranges for the provision of data transmission and related services to Participants to
enable a Participant to send Patient Information to another Participant. OCPRHIO's services do not include
establishing and applying standards for exchange of Patient Information nor does OCPRHIO have access to and is
not responsible to maintain any such Patient Data in the performance of services to Participants.
B. Participants may act as Data Providers to make Patient Information available to be accessed by Data
Users, and/or as Data Users to be able to access and use Patient Information provided by Data Providers. This
Participant Type shall be specified in advance by the Participant. The Programs do not provide access to data in a
Data Provider's computer system.
One California Partnership Regional Health Information Organization
Data Exchange Participation Agreement
Version 5.4
C. This Data Exchange Participation Agreement (the "Agreement") sets forth the terms and conditions upon
which the Participant will participate in, the Programs.
Article 2. Agreement
1. Participation. The Participant shall participate in the Program(s), as to the extent described in Exhibit B
(Participation), and subject to and in accordance with the terms and conditions of this Agreement.
2. Entire Agreement. This Agreement hereby incorporates by reference the following documents:
(a) Exhibit A (Standard Terms and Conditions►, attached hereto, which describes the terms and
conditions that OCPRHIO, Inc. generally shall apply to participation in the Programs by the Participant and to other
Participants that may either make Patient Information available electronically to be Accessed by the Participant or
that will be able to Access Patient Information that the Participant provides as a Data Provider (the "Standard
Terms and Conditions').
(b) Exhibit B (Participation), attached hereto, which describes the specific Program(s) in which the
Participant shall participate, and any additional terms and conditions that shall apply specifically to that
participation.
(c) Exhibit C (Technical and Functional Specifications), attached hereto, which describes the
technical and functional specifications with which the Participant shall comply in order to participate in the
Program(s) as a Data Provider and/or Data User.
(d) Exhibit D (Participation Fees), attached hereto, which describes the fees and other amounts that
the Participant shall pay to OCPRHIO, Inc in exchange for participation in the Program(s) described on Exhibit B
(Participation).
(e) Exhibit E (Business Associate Agreementl, attached hereto, which sets forth the terms and
conditions upon which OCPRHIO, Inc shall act as the business associate of the Participant (the "Business Associate
Agreement"). To the extent that the terms of the Business Associate Agreement conflict with those of this Data
Exchange Participation Agreement, the terms of the Business Associate Agreement shall prevail.
(f) "OCPRHIO, Ines Policies and Procedure Manual" for the Program (also known as the "Policies
and Procedures"), as OCPRHIO Policies and Procedures shall be in effect from time to time. In the event of a
conflict between the terms of this Agreement and OCPRHIO, Inc.'s Policies and Procedures, the terms of this
Agreement shall prevail.
This Agreement and the documents described above contain the entire agreement between OCPRHIO, Inc. and the
Participant and supersede any and all prior agreements or representations, written or oral, of the parties with
respect to the subject matter of this Agreement. This Agreement and the documents described above may be
amended from time to time as described in the Standard Terms and Conditions.
3. Definitions. Capitalized terms that are not defined in this Agreement shall have the meanings described
in the Standard Terms and Conditions.
4. Effective Date: Term. The effective date of this Agreement shall be December 1 " , 2016
(the "Effective Date"). The term of this Agreement shall continue for a period of (2) years from the Effective Date
of this Agreement until it is terminated as described in the Standard Terms and Conditions.
One California Partnership Regional Health Information Organization
Data Exchange Participation Agreement
Version 5.4
"OCPRHIO, Inc."
Orange County Partnership Regional Health
Information Organization, Inc.
dba One California Partnership Regional
Health Information Organization
By:
Paul Budilo
Executive Director, CEO
\�19 Zoel
Date
ATTEST
r
Leilafil.ro WCIty,ler
Date: _ 1=—J 11
"Participant"
Participant's Name
B �. 4.
Name Chief Chip Duncan
Title: A 1-4 , - ') r� r, e -ti � t �
Date
APPROVED AS TO FORM:
CITY ATTO OFFICE
Date:,, � ] %
REMAINDER OF THIS PAGE LEFT INTENTIONALLY BLANK
One California Partnership Regional Health Information Organization
Data Exchange Participation Agreement
Version 5.4
ONE CALIFORNIA PARTNERSHIP REGIONAL HEALTH INFORMATION ORGANIZATION
DATA EXCHANGE PARTICIPATION AGREEMENT
Exhibit A
Standard Terms and Conditions
1. Definitions.
1.1 "Access" means, as the context requires,
(a) to cause data (such as Patient Information) to be viewed or viewable by an Authorized
User, such as by transferring that data from one computer or other electronic data storage device to another
and/or by causing that data to be displayed (e.g., an Authorized User will "Access" Patient Information through the
OCUnites HIE); or
(b) the ability to cause data to be transferred and/or viewed as described above (e.g., a
Data User will have "Access" to Patient Information through the OCUnites HIE).
1.2 "Authorized User" means an individual designated by OCPRHIO, Inc. or by the Participant to
Access and Use the OCUnites HIE and Patient Information on behalf of OCPRHIO, Inc. or the Participant,
respectively, including without limitation, an employee, contractor or other agent of the Participant, and/or a
credentialed member of the Participant's medical staff.
1.3 "Data Exchange Participation Agreement" means a written agreement between OCPRHIO, Inc.
and a Participant, pursuant to which that Participant agrees to act as a Data Provider and/or a Data User.
1.4 "Data Provider" means any Participant that OCPRHIO, Inc. designates as a Data Provider to make
Patient Information available so that other Participants may Access that information through the Program.
1.5 "Data User" means any Participant OCPRHIO, Inc. designates as a Data User to have Access to
Patient Information provided by the Participant through the Program.
1.6 "Health Information Organization" or "HIO" means a multistakeholder organization created to
facilitate health information exchange
1.7 "Health Information Exchange" or "HIE" means the transfer of healthcare information
electronically across organizations— among or beyond the stakeholders of that region's healthcare system.
1.8 "HIPAA Rules" means the Standards for Privacy of Individually Identifiable Health Information
and the Security Standards for the Protection of Electronic Protected Health Information [45 C.F.R. Parts 160 and
1641 promulgated by the U.S. Department of Health and Human Services under the Health Insurance Portability
and Accountability Act ("HIPAA") of 1996, and the applicable privacy and security provisions of the American
Recovery and Reinvestment Act (42 U.S.C. § 17931(a) et. seq.) (the "ARRA"), as in effect from time to time.
1.9 "OCPRHIO, Inc.'s Policies and Procedures" means OCPRHIO's administrative and operations
Policy and Procedure Manual for the Program, as they shall be in effect from time to time.
One California Partnership Regional Health Information Organization
Data Exchange Participation Agreement
Version 5.4
4
1.10 "OCUnites HIE" means the Internet -based, brokered, peer-to-peer technology health information
exchange platform and advanced clinical search engine that resides on servers operated by OCPRHIO, Inc.
1.11 "Participant" means an individual person or organization that is currently a party to a Data
Exchange Participation Agreement with OCPRHIO, Inc.
1.12 "Participant's System" means the hardware and software controlled by the Participant through
which the Participant conducts its health information exchange related activities pursuant to its Data Exchange
Participation Agreement.
1.13 "Participant Types" means the category lies) of Participant to which a particular Participant is
assigned by OCPRHIO, Inc. and is based upon that Participant's role in the HIE.
1.14 "Patient Information" means all information relating to a patient that a Data Provider makes
available so that Data Users may Access that information through the Program. Patient Information shall be
treated as "protected health information," as defined in the HIPAA Rules, as described in Section 7.1, Protected
Health Information.
1.15 "Prerequisite System" means the technology within the Participant's firewall necessary for the
Participant to Access and Use the OCUnites HIE, as described in OCPRHIO, Inc.'s Policies and Procedures.
1.16 "Program" means any one (1) or more programs of electronic health information exchange
operated by OCPRHIO, Inc. in which a Participant agrees to participate pursuant to its Data Exchange Participation
Agreement.
1.17 "Services" means the health information exchange and related services
1.18 "Technical and Functional Specifications' means OCPRHIO, Ines Technical and Functional
Specifications for the OCUnites HIE, which are set forth on Exhibit C (Technical and Functional Specifications).
1.19 "Use" means to apply data for one {1) or more purposes permitted under this Agreement (e.g., a
party will Use Patient Information by applying that data to medical decision-making in the treatment of a patient).
2. OCPRHIO's Resuonsibilities.
2.1 Conduct of Programs. OCPRHIO, Inc. shall conduct the Program as described in the Participant's
Data Exchange Participation Agreement and OCPRHIO, Inc.'s Policies and Procedures. OCPRHIO, Inc. may suspend
or terminate all or part of the Program as described in Section 8.2, Termination Incident to Termination of
Program.
2.2 Data Exchange Participation Agreements. OCPRHIO, Inc. shall from time to time enter into Data
Exchange Participation Agreement with those Participants that OCPRHIO, Inc. selects in its discretion. This may
include other Health Information Organizations. If necessary and upon its discretion OCPRHIO, Inc. has the right to
cease to participate with any data exchange participant or in another health information organization, or may
reduce the functionality, or make changes to the System and/or services, or may cease providing the services at
any time upon its sole discretion upon not less than ninety (90) days prior notice to the Participants.
2.3 Controlling Access to Patient Information. Except as described in this Section 2.3 Controlling
Access to Patient Information OCPRHIO, Inc. shall make Access to Patient Information available only to
Participants and their respective Authorized Users, and only for purposes of treatment, healthcare operations and
payment, as defined under the HIPAA Rules, of an individual with whom the Participant has a provider -patient
relationship. Without limiting the foregoing, OCPRHIO, Inc. shall make Access to Patient Information available only
One California Partnership Regional Health Information Organization
Data Exchange Participation Agreement
Version 5.4
to Authorized Users, and only to the extent that each such Authorized User reasonably requires such Access in
order to perform the responsibilities assigned to him or her. OCPRHIO, Inc. may make Access to Patient
Information available to the operators and/or users of other health information exchanges to the extent OCPRHIO,
Inc. determines appropriate to permit such users to Access that information for the purpose of treatment, as
defined in the HIPAA Rules, of an individual with whom each such user has a provider-patient relationship. Based
on the information provided by the Participant
2.4 Passwords and Other Security Mechanisms. Base on the information provided by the Participant
pursuant to Section 3.3, Identification of Authorized Users, OCPRHIO, Inc. shall issue a User Name and Password
(and/or other security measures) to each Authorized User that shall permit the Authorized User to access the
Services of OCPRHIO, Inc. OCPRHIO, Inc. shall provide each user name and password (and/or other security
measures) to the Participant and the Participant shall be responsible to communicate that information to the
appropriate Authorized User. When the Participant removes an individual from its list of Authorized Users, and
informs OCPRHIO, Inc. of the change pursuant to Section 3.3, Identification of Authorized Users, OCPRHIO shall
cancel the user name and password (and/or other security measures) of such individual with respect to the
Participant and cancel and deactivate the user name and password (and/or other security measures) of such
individual if that individual is as a result of the change no longer an Authorized User of any Participant.
2.5 OCUnites HIE Availability. OCPRHIO shall exercise commercially reasonable efforts to make the
OCUnites HIE available to Participants 24 hours per day, 7 days per week, 365 days per year; provided, however,
that the availability of the OCUnites HIE may be temporarily suspended for maintenance or unscheduled
interruptions. OCPRHIO shall exercise commercially reasonable efforts to provide the Participant with advance
notice of any such suspension or interruption of OCUnites HIE availability. Without limiting the foregoing,
Participants shall be responsible for obtaining Patient Health Information through means other than the Program
during any periods during which the OCUnites HIE is unavailable.
2.6 Compliance with Laws and Regulations. OCPRHIO, Inc. shall comply with all laws and regulations
applicable to its operations, including without limitation the California Confidentiality of Medical Information Act
(California Civil Code, Section 56 et. seq.) and the HIPAA Rules.
2.7 Privacy and Security of Patient Information. OCPRHIO, Inc. shall implement reasonable
safeguards to protect Patient Information from unlawful Access, tampering or disclosure. These safeguards shall
comply with the HIPAA Rules and/or other applicable laws and include administrative procedures, physical security
measures, and technical security measures that are reasonably necessary to prevent such unlawful Access,
tampering or disclosure, including encryption technology to make the Patient Information unusable, unreadable
and indecipherable to unauthorized persons, as described in the HIPAA Rules. During the term of this Agreement,
the Participant or its third party designee or any regulatory agency of government with jurisdiction may, but is not
obligated to, perform audits of the OCUnites HIE and associated OCPRHIO, Inc. environment, as it relates to the
receipt, maintenance, use or retention of Patient Information and other data provided by the Participant pursuant
to this Agreement.
2.8 Use and Disclosure of Patient Information. OCPRHIO, Inc. shall Access, Use and/or disclose
Patient Information solely in its capacity as a "business associate" within the meaning of the HIPAA Rules and
otherwise as required for OCPRHIO, Inc.'s compliance with applicable laws and regulations and other requirements
imposed or orders issued by any government agency or court with competent jurisdiction. OCPRHIO, Inc. shall
enter into a "business associate agreement" with each Participant, as required by the HIPAA Rules. Without
limiting the generality of the foregoing, OCPRHIO, Inc. shall not be or act as a Data User, but OCPRHIO shall be
permitted to Access and Use Patient Information through the OCUnites HIE for the purposes of maintaining the
OCUnites HIE and/or its resources and otherwise as required for the performance of OCPRHIO's responsibilities as
described in these Standard Terms and Conditions. Without limiting any other provision of these Standard Terms
and Conditions, OCPRHIO, Inc. shall not Use any Patient Information to compare the performance of health care
services by one (1) or more Participants against such performance by one (1) or more other Participants.
One California Partnership Regional Health Information Organization
Data Exchange Participation Agreement
Version 5.4
2.9 Responsibility for Employees and Others. OCPRHIO, Inc. shall inform its employees, contractors
and other agents who perform Program functions, including without limitation its Authorized Users who have
Access to Patient Information, of the applicable terms and conditions of Data Exchange Participation Agreements
and OCPRHIO, Inc.'s Policies and Procedures, including without limitation responsibilities and restrictions imposed
by applicable laws and regulations regarding the privacy and security of Patient Information, such as the HIPAA
Rules. OCPRHIO, Inc. shall be responsible for all acts and omissions by any of its Authorized Users and other
employees, contractors and other agents only in the event that the acts of its employees and agents constitutes
negligence or a breach of the Agreement and in connection with their performance of Program functions, including
without limitation any privacy and/or security breaches, any non-compliance with the terms and conditions of the
applicable Data Exchange Participation Agreement, and their Access or Use of Patient Information.
2.10 Notification of Data Breaches. OCPRHIO, Inc. shall notify Participants, agencies of federal, state
and/or local government, and other parties, of any breach of Patient Information made available for Access
through the Program, as and to the extent required by, and within the periods of time required by, applicable laws
and regulations, as shall be described in OCPRHIO, Inc.'s Policies and Procedures. The parties shall cooperate in
good faith in determining the timing, extent and content of any notifications required by the HIPAA Rules and/or
other applicable federal, state or local laws.
2.11 Training and Support. OCPRHIO, Inc. shall provide training and technical support to Participants
in the Use of the OCUnites HIE, as described in OCPRHIO, Inc.'s Policies and Procedures.
2.12 Patient Control. OCPRHIO, Inc. shall implement and maintain a program pursuant to which
patients may exercise choice concerning the inclusion and/or availability of their own Patient Information through
the Program, as described in OCPRHIO, Inc.'s Policies and Procedures, and OCPRHIO, Inc. shall comply with the
requirements of that program.
2.13 Deletion of Inaccurate and/or Inappropriate Patient Information. OCPRHIO, Inc. shall receive
reports from Participants and others regarding inaccurate and/or inappropriate Patient Information, corruption,
errors and/or omissions in Patient Information. In consultation with the Data Provider that has made the affected
Patient Information available through the Program, OCPRHIO, Inc. shall within a reasonable period of time delete
and/or correct such information in accordance with the Data Provider's instructions.
2.14 Viruses and Other Threats. OCPRHIO shall exercise commercially reasonable efforts to prevent
exposure through the OCUnites HIE of the Participant's System to (i) any program, routine, subroutine, virus, data,
cancelbot, Trojan horse, worm or other software or harmful component that will disrupt the proper operation of
the Participant's System; (ii) any unlawful, threatening, abusive, libelous, defamatory, or otherwise objectionable
information of any kind, including without limitation any transmissions constituting or encouraging conduct that
would constitute a criminal offense, give rise to civil liability, or otherwise violate any local, state or federal law; or
(iii) any information that violates the proprietary rights, privacy rights, or any other rights of a third party, including
without limitation any patient.
2.15 Accounting of Disclosures. OCPRHIO, Inc. shall provide Data Providers with access to the
OCUnites HIE so that they may produce accountings of Disclosures of Patient Information necessary for compliance
with the HIPAA Rules, or develop and maintain a process by which OCPRHIO, Inc. shall provide such accountings to
or on behalf of such Data Providers.
2.16 Reports. OCPRHIO, Inc. shall provide periodic reports to Participants regarding the operation of
the Program, as described in OCPRHIO, Inc.'s Policies and Procedures.
2.17 Regulatory Access to Books and Records. OCPRHIO, Inc. shall, until the expiration of four (4)
years after the furnishing of data and services pursuant to the Agreement, make available, upon written request,
to the Secretary of the United States Department of Health and Human Services or the Comptroller of the United
One California Partnership Regional Health Information Organization
Data Exchange Participation Agreement
Version 5.4
States, or any duly authorized representatives, this Agreement, and books, documents and records that are
necessary to certify the nature and extent of the cost of services provided pursuant to this Agreement. If OCPRHIO,
Inc. carries out any of its duties pursuant to this Agreement through a subcontract with a value of $10,000 or more
over a 12 -month period with a related organization, such subcontract shall contain a clause placing the same
obligations on subcontractor as this clause places on OCPRHIO, Inc.
2.18 Help Desk Support. OCPRHIO, Inc. shall provide by telephone and/or email, during normal
business hours, support and assistance in resolving difficulties in accessing and using the Services. OCPRHIO, Inc.
will not provide problem resolution to solve issues related to the Participant's own internal Electronic Health
Record (EMR) system or internal health information exchange if accessing the Services of OCPRHIO is related to
issues internal with the Participant's internal EHGR or their internal HIE.
3. Particioant's Resoonsibilities. Generallv.
3.1 Participation in Program. The Participant shall participate in the Program in accordance with the
terms and conditions of the Participant's Data Exchange Participation Agreement and OCPRHIO, Inc.'s Policies and
Procedures.
3.2 Compliance with Laws and Regulations. The Participant shall comply with all laws and
regulations applicable to the activities it conducts pursuant to its participation in the Program.
3.3 Identification of Authorized Users. Each Participant will provide OCPRHIO, Inc. with a list in a
medium and format approved by OCPRHIO, Inc. identifying all the Participant's Authorized Users, together with
the required information described in the OCPRHIO Policies and Procedures concerning "Required Information for
Authorized Users" to enable OCPRHIO, Inc. to establish a unique identifier for each Authorized User. The
Participants shall update such list whenever an Authorized User is added or removed by reason of termination of
employment or otherwise, in accordance with the processes described in the Policies and Procedures. Participant
shall then provide any changes to such list to OCPRHIO, Inc. in writing.
3.4 Responsibility for Acts of Authorized Users and Others. The Participant shall be responsible for
all acts and omissions, including without limitation privacy or security breaches and/or failures to comply with the
requirements of the Participant's Data Exchange Participation Agreement or OCPRHIO, Inc.'s Policies and
Procedures, by the Participant's employees, contractors, agents and any other parties who Access or Use the
OCUnites HIE or Patient Information pursuant to the Participant's Data Exchange Participation Agreement,
including without limitation the Participant's Authorized Users.
3.5 Certification of Authorized Users. At the time that a Participant identifies an Authorized User to
OCPRHIO, Inc. pursuant to Section 3.3, Identification of Authorized Users, the Participant shall certify to OCPRHIO,
Inc. that the Authorized User:
a) Has completed a training program conducted by OCPRHIO, Inc. and Participant
b) Will be permitted by Participant to use the Services of OCPRHIO, Inc. only as reasonably necessary for
the performance of Participants activities as the Participant Type under which Participant is
registered with OCPRHIO pursuant to Article 1, Section B of this Agreement.
c) Has acknowledged in writing that his or her failure to comply with the Terms and Conditions may
result in the withdraw of privileges to use the Services of OCPRHIO, Inc. and may constitute cause for
disciplinary action by the Participant.
3.6 Training . The Participant shall provide or arrange for appropriate training in the Use of the
OCUnites HIE and the requirements of these Standard Terms and Conditions for all the Participant's Authorized
One California Partnership Regional Health Information Organization
Data Exchange Participation Agreement
Version 5.4
Users. Without limiting the generality of the foregoing, the Participant shall inform its Authorized Users of the
applicable terms and conditions of its Data Exchange Participation Agreements and OCPRHIO, Inc.'s Policies and
Procedures, including without limitation responsibilities and restrictions imposed by applicable laws and
regulations regarding the privacy and security of Patient Information, such as the HIPAA Rules.
3.7 Program Liaison; Program Team. The Participant shall designate a single individual who shall be
responsible for managing communications between the Participant and OCPRHIO, Inc. in connection with the
Participant's participation in the Program. The Participant shall organize and maintain a Program Team for its
participation in the Program, in accordance with the requirements of OCPRHIO, Inc.'s Policies and Procedures.
3.8 Access Controls. The Participant shall comply with OCPRHIO, Inc.'s Policies and Procedures'
requirements for the application and administration of controls upon individuals' Use of the OCUnites HIE and
Patient Information made available for Access through the OCUnites HIE.
3.9 Unauthorized Use. The Participant shall restrict access to the Services of OCPRHIO, Inc. only to
the Authorized Users that the Participant has identified to OCPRHIO, Inc. in accordance to Section 3.3,
Identification of Authorized Users. The Participant shall monitor Access and Use of the OCUnites HIE and Patient
Information on its behalf for the purpose of detecting unauthorized Access or Use of the OCUnites HIE or Patient
Information through the Participant's connection(s) to the OCUnites HIE. The Participant shall notify OCPRHIO, Inc.
of any unauthorized Access or Use in accordance with the requirements of the OCPRHIO, Inc.'s Policies and
Procedures.
3.10 Prerequisite Systems. The Participant shall be solely responsible for obtaining, installing and
maintaining, at the Participant's expense, the Participant's Prerequisite Systems. OCPRHIO, Inc. shall not be
responsible for the Participant's inability to Access or Use the OCUnites HIE if that inability is for any reason other
than the OCUnites HIE's failure to comply with the specifications therefore set forth in OCPRHIO, Inc.'s Policies and
Procedures, or OCPRHIO, Ines other failure to perform its obligations under the applicable Data Exchange
Participation Agreement, including without limitation any factors arising from the Participant's computing
environment, software, interfaces, or hardware, or any upgrade or alteration to any of them.
3.11 Data Within Participant's Firewall. The Participant shall be solely responsible for the control and
protection of all data stored within the Participant's firewall, including without limitation Patient Information, and
for the Participant's compliance with all laws and regulations applicable thereto.
4. Data Provider's Responsibilities.
Without limiting any other provision of the Participant's Data Exchange Participation Agreement, if the
Participant is a Data Provider, the terms and conditions of this Section 4 (Data Provider's Responsibilities)
shall apply.
4.1 Provision of Patient Information. The Data Provider shall provide Access to Patient Information
as described on Exhibit B, Participation of the Participant's Data Exchange Participation Agreement and OCPRHIO,
Inc.'s Policies and Procedures. The Data Provider shall, by entering into a Data Exchange Participation Agreement,
grant each Data User, and each other user described in Section 2.3, Controlling Access to Patient Information, a
perpetual, royalty -free license to Use the Patient Information that the Data Provider makes available for Access by
Data Users in accordance with these Standard Terms and Conditions.
4.2 Quality of Information Provided. The Data Provider shall exercise reasonable care to assure that
the Patient Information to which the Data Provider provides Access pursuant to its participation in the Program is
correct, accurate, free from serious error and reasonably complete and provided in a timely manner and that the
necessary consent has been obtained.
One California Partnership Regional Health Information Organization
Data Exchange Participation Agreement
Version 5.4
9
4.3 Reporting Inaccurate or Other Inappropriate Information. The Data Provider shall, within the
time frames set forth in OCPRHIO, Inc.'s Policies and Procedures, notify OCPRHIO, Inc. of any Patient Information
to which the Data Provider has provided Access as described in Section 4.1, Provision of Patient Information that
the Data Provider determines is corrupt, incomplete, erroneous or otherwise incorrect, or which is otherwise
inappropriate for availability through the OCUnites HIE.
4.4 Specifically Prohibited Activities. Without limiting any other provision of the Data Provider's Data
Exchange Participation Agreement, the Data Provider shall not: (i) allow to be transmitted to the OCUnites HIE any
unlawful, threatening, abusive, libelous, defamatory, or otherwise objectionable information of any kind, including
without limitation any transmissions constituting or encouraging conduct that would constitute a criminal offense,
give rise to civil liability, or otherwise violate any local, state or federal law; (ii) knowingly allow to be transmitted
to the OCUnites HIE any information or software that contains a virus, cancelbot, Trojan horse, worm or other
harmful component; or (iii) knowingly allow to be transmitted to the OCUnites HIE any information that violates
the proprietary rights, privacy rights, or any other rights of a third party, including without limitation any patient.
4.5 Prohibited Information. The Data Provider shall not make available to Data Users through the
OCUnites HIE any Patient Information containing the following: (i) information relating to a patient's participation
in outpatient treatment with a psychotherapist, as defined in Cal. Civ. Code § 56.104; (ii) psychotherapy notes, as
defined in 45 C.F.R. § 164.501; (iii) records of the identity, diagnosis, prognosis, or treatment of any patient
maintained in connection with any program or activity relating to alcoholism or alcohol abuse education, training,
treatment, rehabilitation, or research, as defined in 42 C.F.R. § 2.2 and Cal. Health & Safety Code § 11977; (iv)
public health records relating to AIDS, as defined in Cal. Health & Safety Code §§ 121025(a); or (v) genetic test
results, as defined in Cal. Civ. Code § 56.17; or (vi) any other data protected from disclosure without valid consent
or authorization under federal or state law or agreement with the subject. To the extent that the Participant shall
provide any Patient Information constituting information subject to the restrictions set forth in California Welfare
and Institutions Code Section 14100.2, the Data Provider represents that such information is being disclosed for
purposes directly connected with the administration of the Medi -Cal program.
4.6 Data Provider's Warranty as to Patient Information. By entering into a Data Exchange
Participation Agreement, each Data Provider shall acknowledge that Patient Information will be Accessed through
the OCUnites HIE and Used by OCPRHIO and Data Users and other users for the provision of treatment, payment
and those health care operations specified in 45 C.F.R. § 164.506(c) without independently verifying that such data
are correct and are valid when used for such purpose(s), and shall acknowledge sole responsibility for the Patient
Information made available to Data Users through the Program, provided however the foregoing shall not relieve
OCPRHIO, Inc. and Data Users from their obligations under this Agreement and the Data Exchange Participation
Agreement, as applicable, and applicable law. The Data Provider shall take reasonable steps to ensure that the
Patient Information that the Data Provider makes available through the OCUnites HIE (a) is accurate and does not
violate any intellectual property rights, privacy rights, or other rights of any third party, (b) is not unlawful, libelous,
defamatory, or otherwise objectionable, and (c) does not violate any local, state or federal law or regulation. By
making Patient Information available to Data Users through the Program, the Data Provider shall represent and
warrant that it owns or has obtained all necessary rights in the Patient Information, and consents for its Use and
disclosure by the Data Provider, so that its Use by OCPRHIO, Inc. or other Participants does not violate any
intellectual property rights, privacy rights, or other rights of a patient or other third party.
4.7 Notice to Patients. Without limiting any other provisions of these Standard Terms and
Conditions, the Data Provider shall notify affected individuals of the Data Provider's participation in the Program,
the Data Provider's policies regarding the use and disclosure of Patient Information through the Program, and such
individuals' rights with respect thereto, all as and to the extent required by applicable laws and regulations
including without limitation the HIPAA Rules.
One California Partnership Regional Health Information Organization
Data Exchange Participation Agreement
Version 5.4
10
5. Data User's Responsibilities.
Without limiting any other provision of the Participant's Data Exchange Participation Agreement, if the
Participant is a Data User, the terms and conditions of this Section 5 (Data User's Responsibilities) shall
apply.
5.1 Access of Patient Information for Permitted Use Only.. The Data User shall Access Patient
Information through the Program only for the purpose of treatment, healthcare operations and payment as
defined in the HIPAA Rules, of an individual with whom the Data User has a provider -patient relationship.
5.2 Limitations Upon Use of Patient Information. Any Use by the Data User of Patient Information
obtained through the OCUnites HIE shall be solely in the Data User's capacity as a "covered entity" within the
meaning of 45 C.F.R. § 160.103 or as a health care provider or health care facility licensed under California law.
The Data User shall Use such Patient Information solely for purposes of treatment, as defined under the HIPAA
Rules, of individuals with whom the Data User has a provider -patient relationship, for payment purposes related
thereto, for those health care operations specified in 45 C.F.R. § 164.506(c), and/or pursuant to a valid
authorization when required under the HIPAA Rules and/or state law, or otherwise as required for the Data User's
compliance with applicable laws and regulations and other requirements imposed or orders issued by any
government agency or court with competent jurisdiction. Without limiting any other provision of these Standard
Terms and Conditions, the Data User shall not Use any Patient Information to compare the performance of health
care services by one (1) or more Participants against such performance by one (1) or more other Participants.
5.3 Use and Disclosure of Patient Information. The Participant shall Use and/or disclose Patient
Information obtained through the Program only as permitted by applicable laws and regulations, including without
limitation the HIPAA Rules, and to the extent not inconsistent therewith, this Agreement.
5.4 Reasonable Safeguards for Privacy and Security.. The Data User shall adopt and maintain
reasonable safeguards, as required under the HIPAA Rules, to maintain the privacy and security of Patient
Information obtained through the OCUnites, and comply with all applicable laws and regulations regarding the
privacy and security of that Patient Information. Without limiting the generality of the foregoing: (a) the Data
User shall not share or disclose, and shall not permit its employees, contractors or other agents to share or
disclose, the Data User's participant identity, password(s) or other identification or authentication device to any
party or individual not authorized to Use that device in accordance with OCPRHIO, Inc: s Policies and Procedures;
and (b) the Data User shall adopt and maintain reasonable safeguards to prevent the Use of the Data User's
identity, password(s) or other identification or authentication device by any unauthorized party or individual.
6. Costs of Participation.
Except as expressly provided otherwise in the applicable Data Exchange Participation Agreement, or in
Exhibit D to these Standard Terms and Conditions, Participation Fees, OCPRHIO, Inc. and the Participant shall each
bear their own costs and expenses relating to their connectivity to one another and for performance of their
respective roles and responsibilities pursuant their respective participation in the Program. Participant shall also
pay an annual Service Fee to OCPRHIO, in accordance with the then -current Fee Schedule (please see attached).
Additional Provisions Regarding Privacy and Security of Patient Information.
7.1 Protected Health Information. Without limiting any other provision of this Agreement, OCPRHIO,
Inc. and each Participant shall treat all Patient Information that is "protected health information," as defined in the
HIPAA Rules, and/or that is "individually identifiable medical information," as defined in the California
Confidentiality of Medical Information Act (California Civil Code, Section 56 et. seq.), in accordance with the laws
and regulations that apply thereto.
One California Partnership Regional Health Information Organization
Data Exchange Participation Agreement
Version 5.4
11
7.2 Disclosures of De -Identified Data. Except as described in OCPRHIO, Inc.'s Policies and
Procedures, OCPRHIO, Inc. shall not disclose de -identified Patient Information unless and to the extent that
OCPRHIO, Inc. shall have obtained in advance the express authorization of the Data Provider that made that
information available for Access through the OCUnites HIE.
7.3 No Consumer Accounts. Without limiting any other provision of this Agreement, the Program
shall not include the provision of a personal health record or other consumer service to patients, and neither
OCPRHIO nor any Participant may Use the OCUnites HIE as a device to provide Patient Information to patients.
8. Termination of Data Exchange Participation Agreements.
8.1 Termination for Convenience. Either OCPRHIO, Inc. or a Participant may terminate a Data
Exchange Participation Agreement for convenience, effective at any time after the second (2nd) anniversary of its
Effective Date, upon sixty (60) days prior written notice.
8.2 Termination Incident to Termination of Program. OCPRHIO, Inc. may terminate any or all Data
Exchange Participation Agreements at any time upon sixty (60) days prior written notice incident to a termination
of its operation of the Program(s) for any reason.
8.3 Termination for Breach. Any Data Exchange Participation Agreement may be terminated at any
time by either party to that Agreement (the "Terminating Party") if the other party to that Agreement (the
"Breaching Party") shall breach materially any of its obligations arising thereunder and fail to cure that breach
within thirty (30) days following receipt of written notice of that breach from the Terminating Party; provided,
however, that if the nature of a curable breach (other than a breach of an obligation to pay money) precludes its
cure within that thirty (30) day period, and if the Breaching Party commences the cure of that breach within that
thirty (30) day period and diligently and continuously proceeds to cure that breach, then this Agreement shall not
be terminated based thereon.
8.4 Other Grounds for Termination. Any Data Exchange Participation Agreement maybe terminated
at anytime (a) by either party to that Agreement if the other party to that Agreement shall be adjudicated or
become a bankrupt or an insolvent; (b) by a party to that Agreement if another party to that Agreement files a
voluntary petition under any bankruptcy, reorganization, or insolvency law; (c) by a party to that Agreement after
the appointment of a trustee or receiver (1) for another party to that Agreement or (2) to take possession of all or
substantially all of the assets of another party to that Agreement, whether applied for or consented to by the other
party or otherwise; (d) by a party to that Agreement if another party to that Agreement consents to or files an
answer admitting the jurisdiction of the court and the material allegations of an involuntary petition filed under
any bankruptcy, reorganization, or insolvency law; (e) by a party to that Agreement if another party to that
Agreement has commenced any proceedings of bankruptcy, reorganization, or insolvency that is not be dismissed
within thirty days after its commencement; (f) by a party to that Agreement if another party to that Agreement
makes any assignment for the benefit of creditors or other arrangement or composition under any laws for the
benefit of insolvents; (g) by a parry to that Agreement if an order for relief is entered against another party to that
Agreement under any bankruptcy, reorganization, or insolvency law of any jurisdiction or any case, proceeding, or
other actions seeking such order is not dismissed for thirty days after its filing; or (h) by a party to that Agreement
if a writ of attachment, garnishment, or execution is levied against all or substantially all assets of a party to that
Agreement, or all or substantially all assets of a party to that Agreement becomes subject to any attachment
garnishment, execution, or other judicial seizure, and the same is satisfied, removed, released, or bonded within
thirty days after the date of the attachment, garnishment, execution, or other judicial seizure.
8.5 Effect of Termination. Upon any termination of a Data Exchange Participation Agreement, all
licenses granted to the Participant thereunder that are not specifically stated to be perpetual shall cease and
terminate. OCPRHIO shall promptly assure that any and all Patient Information in the OCUnites HIE that was
One California Partnership Regional Health Information Organization
Data Exchange Participation Agreement
Version 5.4
12
provided by the Participant shall no longer be available for Access by other Participants through the OCPRHIO or
otherwise.
8.6 Survival of Provisions. Those parts of a terminated Data Exchange Participation Agreement
incorporating the following sections of these Standard Terms and Conditions shall survive termination of that
Agreement: Section 2.7, Privacy and Security of Patient Information; Section 5.4, Reasonable Safeguards for
Privacy and Security: Section 8, Termination of Data Exchange Participation Agreements; Section 11, Warranties
and Disclaimers; Section 12, Indemnification • Section 14, Dispute Resolution; Section 17, Third Party Beneficiaries;
and Section 18,General Terms.
9. Amendments.
OCPRHIO, Inc. may, in consultation with OCPRHIO, Inc.'s Privacy and Security Committee, amend any or
all Data Exchange Participation Agreements or OCPRHIO, Inc.'s Policies and Procedures upon sixty (60) days prior
written notice to the Participant; provided, that any amendment required for compliance with applicable laws
and/or regulations shall take effect automatically upon the effective date thereof stated in OCPRHIO, Inc.'s notice
to the Participant. For any other amendment, the Participant shall have the option of accepting or rejecting the
amendment by written notice to OCPRHIO, Inc.. If the Participant does not object to the amendment in writing
within the sixty (60) day notice period, such amendment shall automatically take effect upon the effective date
specified in OCPRHIO, Inc.'s notice of such amendment. If the Participant does so object, OCPRHIO, Inc. may in its
discretion elect, at any time prior to the effective date of the amendment described in OCPRHIO, Inc.'s notice of
the proposed amendment, either (a) not to implement such amendment with respect to the Participant that has
objected; or (b) terminate the Participant's Data Exchange Participation Agreement on the effective date of such
amendment.
10. Confidential and Proprietary Information.
10.1 Participant's Obligations. Each party acknowledges that the party (the "Receiving Party") shall be
provided with and exposed to information, materials, and data that are confidential and proprietary to the other
party (the "Disclosing Party'), including without limitation documentation, confidential business information of the
Disclosing Party, passwords, Participant lists, and Participant identities, password(s) or other identification or
authentication devices. The Receiving Party shall take commercially reasonable steps to maintain the
confidentiality of such information, materials, and data ("Proprietary Information"). The Receiving Party shall
exercise no less than reasonable care with respect to the handling of Proprietary Information and shall not disclose
Confidential Information to a third party without the express written consent of OCPRHIO, Inc., unless (a) required
to do so by law, or (b) the Confidential Information becomes publicly available without breach of any duty or
obligation. The Receiving Party shall return all Proprietary Information to the Disclosing Party, or destroy such
information if return is not practical, retaining no copies, upon the termination of the Participant's Data Exchange
Participation Agreement.
10.2 Patient Information. Patient Information shall not be deemed to be Proprietary Information
hereunder. The confidentiality of Patient Information and the parties' obligations to protect the privacy and
security thereof, is discussed in Section 2.3, Controlling Access to Patient Information; Section 2.6, Compliance
with Laws and Regulations; Section 2.7, Privacy and Security of Patient Information; Section 2.8, Use and
Disclosure of Patient Information; 3.2, Compliance with Laws and Regulations; Section 5.2 ,Limitations on Use and
Disclosure of Patient Information; Section 5.3, Use and Disclosure of Patient Information: Section 5.4, Reasonable
Safeguards for Privacy and Security; and Section 7, Additional Provisions Regarding Privacy and Security of Patient
Information.
One California Partnership Regional Health Information Organization
Data Exchange Participation Agreement
Version 5.4
13
11. Warranties and Disclaimers.
11.1 OCPRHIO, Inc. represents and warrants as follows: (i) it has the full power, capacity and
authority to enter into and perform this Agreement and to make the grant of rights contained herein; (ii) its
performance of this Agreement does not violate or conflict with any agreement to which OCPRHIO, Inc. is a party;
(iii) there is no pending or threatened litigation that would have a material adverse impact on its performance
under this Agreement; and (iv) to the best of OCPRHIO, Inc.'s knowledge, Participants use of the OCUnites HIE
pursuant to the terms and conditions of the applicable Data Exchange Participation Agreement shall not infringe
the patent rights, copyrights or other intellectual property rights of any third party.
11.2 Disclaimers of Warranties. EXCEPT FOR THE WARRANTIES SET FORTH IN SECTION 11.1,
OCPRHIO, INC. PROVIDES ACCESS TO THE OCUNITES HIE, PATIENT INFORMATION AND USE OF DOCUMENTATION
TO THE PARTICIPANT "AS IS" AND WITHOUT ANY WARRANTY OF ANY KIND TO PARTICIPANTS, WHETHER EXPRESS,
IMPLIED OR STATUTORY. OCPRHIO, INC. DOES NOT WARRANT THAT THE PERFORMANCE OF THE OCUNITES HIE
WILL BE UNINTERRUPTED OR ERROR -FREE, OR THAT ALL ERRORS IN THE OCUNITES HIE OR PATIENT INFORMATION
WILL BE CORRECTED; PROVIDED THAT THE FOREGOING SHALL NOT RELIEVE OCPRHIO, INC. FROM ANY OF ITS
EXPRESS OBLIGATIONS SET FORTH IN THIS AGREEMENT. OCPRHIO, INC. HEREBY DISCLAIMS ALL IMPLIED AND
EXPRESS WARRANTIES, CONDITIONS AND OTHER TERMS, WHETHER STATUTORY, ARISING FROM COURSE OF
DEALING, OR OTHERWISE, INCLUDING WITHOUT LIMITATION TERMS AS TO QUALITY, MERCHANTABILITY, FITNESS
FOR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL OCPRHIO, INC. OR THE PARTICIPANT BE LIABLE TO
THE OTHER FOR ANY CONSEQUENTIAL, INCIDENTAL, INDIRECT, PUNITIVE, OR SPECIAL DAMAGES SUFFERED BY THE
OTHER OR ANY OTHER THIRD PARTY, HOWEVER CAUSED AND REGARDLESS OF LEGAL THEORY OR
FORESEEABILITY, INCLUDING, WITHOUT LIMITATION, LOST PROFITS, BUSINESS INTERRUPTIONS OR OTHER
ECONOMIC LOSS, DIRECTLY OR INDIRECTLY ARISING OUT OF THIS AGREEMENT, THE PARTICIPANT'S USE OF THE
OCUNITES HIE OR ANY COMPONENT THEREOF, OR ANY PATIENT INFORMATION. OCPRHIO, INC. SHALL NOT BE
LIABLE FOR ANY DAMAGES ARISING OUT OF OR RELATED TO (i) THE ACCURACY OR COMPLETENESS OR INPUTTING
OF PATIENT INFORMATION; OR (ii) THE ACTS OR OMISSIONS OF THE PARTICIPANT, WHETHER SUFFERED BY
OCPRHIO OR ANY THIRD PARTY. OCPRHIO'S TOTAL AGGREGATE LIABILITY FOR ANY DAMAGES ARISING OUT OF OR
RELATED TO THIS AGREEMENT WILL NOT EXCEED $30,000; EXCEPT FOR OCPRHIO, INC.'S BREACH OF PRIVACY,
SECURITY OR CONFIDENTIALITY OBLIGATIONS. OCPRHIO, INC.'S TOTAL AGGREGATE LIABILITY FOR ANY DAMAGES
ARISING FROM OCPRHIO, INC.'S BREACH OF PRIVACY, SECURITY OR CONFIDENTIALITY OBLIGATIONS WILL NOT
EXCEED $1,000,000. THE EXISTENCE OF ONE OR MORE CLAIMS SHALL NOT ENLARGE THESE LIMITS. EACH PARTY
ACKNOWLEDGES THAT THE ALLOCATION OF RISK AND THE LIMITATION OF LIABILITY SPECIFIED IN THIS SECTION
WILL APPLY REGARDLESS OF WHETHER ANY LIMITED OR EXCLUSIVE REMEDY SPECIFIED IN THIS AGREEMENT FAILS
OF ITS ESSENTIAL PURPOSE.
11.3 Disclaimer of Responsibility. OCPRHIO, Inc. accepts no responsibility for (a) the performance of
the Prerequisite Systems or any other systems of the Participant, (b) the transmission of the Patient Information to
or from the OCUnites HIE, (c) all Use by the Participant and its employees, contractors or other agents of the
OCUnites HIE, (d) the accuracy, completeness or appropriateness of Patient Information and any health care
decision made in reliance, either in whole or in part, thereon; and (e) all Use by the Participant of information
obtained through the OCUnites HIE including, without limitation, Patient Information; provided however the
foregoing shall not limit OCPRHIO, Inc.'s responsibility for its obligations expressly set forth in this Agreement. The
Participant and its employees, contractors and other agents shall be solely responsible for all decisions involving
patient care, utilization management and quality management for its patients. Without limiting the generality of
the foregoing, the Data User shall have sole responsibility for the Use of Patient Information obtained through the
OCUnites HIE, including without limitation all clinical decision-making based thereon or influenced thereby. THE
OCUNITES HIE SHOULD BE USED AS A SUPPLEMENTTO, AND NOT IN PLACE OF, OTHER DATATHAT IS AVAILABLE
TO THE DATA USER AND/OR THE TREATING HEALTH CARE PROVIDER IN PERFORMING THE ABOVE FUNCTIONS.
The Participant shall have no recourse against OCPRHIO, , Inc. for any loss, damage, claim, or cost relating to or
resulting from the Use or mis-Use of the OCUnites HIE by the Participant or data Accessed through the OCUnites
One California Partnership Regional Health Information Organization
Data Exchange Participation Agreement
Version 5.4
14
HIE by the Participant; provided however the foregoing shall not limit OCPRHIO, Inc.'s responsibility for its
obligations expressly set forth in this Agreement.
11.4 Non -Liability. Without limiting any other provision of this Agreement, OCPRHIO, Inc. shall not be
responsible for the act or omission of any Participant with respect to the Use of the OCUnites HIE and Patient
Information by Participants.
12. Indemnification.
OCPRHIO, Inc. shall indemnify, defend, and hold the Participant and its employees, agents,
subcontractors and licensors harmless from and against all liability to third parties (including reasonable attorneys'
fees), injury or damage that arises from an act or omission of OCPRHIO, Inc., including, without limitation,
OCPRHIO, Inc.'s breach of any obligation, representation, or warranty of OCPRHIO set forth herein. The Participant
shall indemnify, defend, and hold OCPRHIO, Inc. and other Participants, and their respective employees, agents,
subcontractors, and licensors harmless from and against any and all liability to third parties (including reasonable
attorney's fees), injury, or damage that arises from an act or omission of the Participant, including, without
limitation, the Participant's breach of any obligation, representation, or warranty of the Participant set forth
herein. A party's indemnification obligations under this section are conditioned upon the party seeking to be
indemnified: (a) giving prompt notice of the claim to the indemnifying party; (b) granting sole control of the
defense or settlement of the claim or action to the indemnifying party; and (c) providing reasonable cooperation to
the indemnifying party and, at the indemnifying party's request and expense, assistance in the defense or
settlement of the claim; provided however, the indemnifying party shall be relieved of its indemnification
obligations only to the extent failure to comply with any of the foregoing prejudices its ability to provide
indemnification required hereunder. An indemnifying party may not settle any claim against the other without that
other party's consent, which consent shall not be unreasonably withheld.
13. Force Majeure.
If the performance of any material obligation under this Agreement is prevented or interfered with by a
Force Majeure (any act or condition whatsoever beyond the reasonable control of and not occasioned by the fault
or negligence of the affected party, including but not limited to internet brown -outs, terrorism, natural disasters,
acts of God, acts of government, wars, riots, strikes and other labor disputes, fires, and floods) the party so
affected shall be excused from such performance to the extent of such prevention or interference.
14. Dispute Resolution.
Any unresolved disputes between the parties relating to or arising from this Agreement shall be settled by
arbitration in accordance with the then current rules of JAMS (the "JAMS Rules") before a single neutral and
competent arbitrator selected in accordance with the JAMS Rules. Such arbitration shall be conducted in the
English language and shall be held in Orange, California. The cost and expense of arbitration shall be shared
equally by the parties to the arbitration, regardless of which party or parties prevail. The arbitration shall be
conducted in accordance with the following time schedule unless otherwise mutually agreed to in writing by the
parties: (i) no later than thirty (30) days after the appointment of the arbitrator, the arbitrator shall schedule a
hearing on the dispute and (ii) within thirty (30) business days after the date of the hearing referenced in clause (i),
the arbitrator shall render a decision. The decision or award of the arbitrator shall be final and binding upon the
parties, and to the same extent and to the same degree as if the matter had been adjudicated by a court of
competent jurisdiction and shall be enforceable under the Federal Arbitration Act. However, the parties agree that
any breach of a party's privacy, security or confidentiality obligations and the license grant and restrictions set
forth in this Agreement may result in irreparable injury to the other party for which there is no adequate remedy
One California Partnership Regional Health Information Organization
Data Exchange Participation Agreement
Version 5.4
15
at law, and in such an event an aggrieved party may seek prompt equitable relief in addition to its other available
legal remedies without submitting such matter to arbitration. Fallowing any court's ruling on temporary or
preliminary equitable relief, and with the consent of the court, the cause in its entirety shall then be subject to the
mandatory arbitration provisions of this section. As an exception to the mandatory arbitration of this section, the
parties need not arbitrate any dispute in which a third party is joined, whether indispensable or not, which third
party is not contractually bound to arbitrate in the place and before the arbitral authority set forth in this
agreement. The parties consent to the personal jurisdiction of the state courts in Santa Ana, California and the
federal courts in sitting in the Ninth Circuit in Southern California.
15. Participants' Insurance.
15.1 Required Insurance Policies. The Participant shall procure and maintain in effect during the term
of this Agreement commercial general liability insurance, and professional liability insurance that will cover the
Participant's liability with limits of not less than One Million Dollars ($1,000,000) per occurrence and Five Million
Dollars ($5,000,000) in the aggregate for the policy year.
15.2 Carriers. All insurance required under this Section 15 (Participants' Insurance) shall be carried by
companies with a rating not lower than "A, X" by A.M. Best Company.
15.3 Self Insurance. Upon demonstration to OCPRHIO, Inc. that Participant maintains a sufficiently
funded program of self-insurance to cover the risks of liability described in Section 15.1, Required Insurance
Policies OCPRHIO shall issue to the Participant notice confirming that the Participant satisfies the requirements
of Section 15.1, Required Insurance Policies through such self-insurance.
15.4 Certificates of Insurance. On request of OCPRHIO, Inc., the Participant promptly provide
OCPRHIO, Inc. with a certificate of insurance evidencing the aforementioned coverage, and shall notify OCPRHIO,
Inc. immediately upon any cancellation, termination or restriction of any such coverage.
16. OCP R H I O. Inc. Insurance.
16.1 Required Policies. OCPRHIO, Inc. shall procure and maintain in effect during the term of this
Agreement commercial liability insurance that will cover OCPRHIO, Inc.'s liability with limits of not less than One
Million Dollars ($1,000,000) per occurrence and Five Million Dollars ($5,000,000) in the aggregate for the policy
year.
16.2 Carriers. All insurance required under this Section 16 shall be carried by companies with a rating
not lower than "A, X" by A.M. Best Company.
16.3 Certificates of Insurance. On request of the Participant, OCPRHIO, Inc. shall promptly provide the
Participant with a certificate of insurance evidencing the aforementioned coverage, and shall notify the Participant
immediately upon any cancellation, termination or restriction of any such coverage.
17. Third Party Beneficiaries
Except as expressly provided with respect to other Participants, there shall be no third party beneficiaries
of this Agreement.
18. General Terms.
One California Partnership Regional Health Information Organization
Data Exchange Participation Agreement
Version 5.4
16
Each Data Exchange Participation Agreement and Business Associate Agreement set forth the entire
agreement between the parties and supersede any and all prior agreements or representations, written or oral, of
the parties with respect to the subject matter of such Agreement. All exhibits referred to in a Data Exchange
Participation Agreement are incorporated herein by reference. If a party wishes to assign or otherwise transfer a
Data Exchange Participation Agreement to anyone, such parry must obtain the other's prior written consent, which
shall not be unreasonably withheld. Any attempted transfer or assignment in violation of the foregoing shall be
void and of no effect. Each Data Exchange Participation Agreement shall be binding on the parties, their
successors, and permitted assigns. For any breach or threatened breach of obligations identified hereunder as
subjecting a nonbreaching party to irreparable harm, the nonbreaching party shall be entitled to seek equitable
relief in addition to its other available legal remedies in a court of competent jurisdiction. Data Exchange
Participation Agreements shall be construed under the laws of the State of California, without regard to its
conflicts of law principles. The parties hereby disclaim the application of the 1980 U.N. Convention on Contracts
for the International Sale of Goods. If any provision of a Data Exchange Participation Agreement is found invalid or
unenforceable by an arbitrator or a court of competent jurisdiction, the remaining portions shall remain in full
force and effect. A Data Exchange Participation Agreement may be executed in one or more counterparts, each of
which shall be deemed to be an original and all of which together shall constitute one and the same Agreement. A
facsimile signature shall be considered true and genuine. The relationship of the parties to each Data Exchange
Participation Agreement is one of independent contractors and shall not be deemed to be that of employer and
employee, master and servant, principal and agent or any other relationship except that of independent
contractors contracting for the purposes of that Agreement.
19. Medicare/Medicaid Participation.
Each party hereto hereby represents and warrants to the other that neither the party nor its principals (if
applicable) are presently debarred, suspended, proposed for debarment, declared ineligible, or excluded from
participation in any federally funded health care program, including Medicare and Medicaid. Each party shall
immediately notify the other of any threatened, proposed, or actual debarment, suspension or exclusion from any
federally funded health care program, including Medicare and Medicaid. In the event that a party is debarred,
suspended, proposed for debarment, declared ineligible or excluded from participation in any federally funded
health care program during the term of this Agreement, or if at any time after the effective date of this Agreement
it is determined that a party is in breach of this Section 19, this Agreement shall, as of the effective date of such
action or breach, automatically terminate. Each party further understands that the other party may periodically
check contracted individuals and entities against the Office of Inspector General (OIG) and General Service
Administration (GSA) databases of Excluded Individuals and Entities and will notify the other party if it discovers a
match. Each parry will take reasonable measures to verify that the match is the same individual or entity before
taking any action to terminate any underlying agreement(s).
20. Notices.
All notices required under a Data Exchange Participation Agreement shall be in writing. Notices shall be
deemed to have been duly made and received (i) when personally served, (ii) when delivered by commercially
established courier service, (iii) ten (10) days after deposit in mail via certified mail, return receipt requested, or
(iv) on delivery, when delivered by Federal Express, charges prepaid or charged to the sender's account, if delivery
is confirmed by Federal Express. Notices must be delivered to the addresses specified in the applicable Data
Exchange Participation Agreement, or to such other address as a party shall designate in writing from time to time.
Any correctly addressed Notice that is refused, unclaimed, or undeliverable because of an act or omission of the
party to be notified shall be deemed effective as of the first date that the notice was refused, unclaimed, or
deemed undeliverable by the postal authorities, messenger, or overnight delivery service. Any party may change
contact information by giving the other party written notice.
One California Partnership Regional Health Information Organization
Data Exchange Participation Agreement
Version 5.4
17
ONE CALIFORNIA PARTNERSHIP REGIONAL HEALTH INFORMATION ORGANIZATION
DATA EXCHANGE PARTICIPATION AGREEMENT
Exhibit B
Participation
The Participant shall participate in the following Program (s):
1. OCUnites Health Information Exchange (all Phases)
OCUnites is a community collaborative health information exchange which includes health care providers whose
mission is to facilitate health information exchange in California. OCUnites is designed in such a way to provide
maximum flexibility by allowing participation onto the HIE in various ways. For participants who decide to provide
data into the HIE the option to provide the data is a) via an edge server or, b) through direct data feeds into the
OCUnites data warehouse, thus providing maximum flexibility to include participants at various levels of
capabilities. Accessing the data can also be accomplished through a multitude of ways including: a) Interfaces
developed to provide data from OCUnites directly into the participants electronic health record system , or b) by
connecting via an internet connection into the OCUnites portal. Available data from OCUnites includes - but is not
limited to: ADT, Discharge summaries, progress notes, medication, lab results, imaging reports, etc through a
variety of data types.
One California Partnership Regional Health Information Organization
Data Exchange Participation Agreement
Version 5.4
18
ONE CALIFORNIA PARTNERSHIP REGIONAL HEALTH INFORMATION ORGANIZATION
DATA EXCHANGE PARTICIPATION AGREEMENT
Exhibit C
Technical and Functional Specifications
Technical Specifications:
Participants who participate as Data Users need a computer with Internet Explorer or Mozilla Firefox in order to
access the web -based portal.
Functional Specifications:
The Clinical Portal shall aggregate discrete patient data from multiple data sources into a "virtual patient record"
for the Data User to view through a web browser. Additional functional specifications will be provided as part of
the Training Module provided to the Data User.
One California Partnership Regional Health Information Organization
Data Exchange Participation Agreement
Version 5.4
19
ONE CALIFORNIA PARTNERSHIP REGIONAL HEALTH INFORMATION ORGANIZATION
DATA EXCHANGE PARTICIPATION AGREEMENT
Exhibit D
Participation Fees
1. Service Fees.
Unless the Participation Agreement provides otherwise, each Participant shall pay a Service Fee to OCPRHIO, in
accordance with the then -current Fee Schedule (please see attached).
2. Changes to Fee Schedule.
OCPRHIO reserves the right to change its Fee Schedule at any time after the second (2nd) Anniversary of its
Effective Date upon sixty (60) -days prior written notice to the Participant.
3. Miscellaneous Charges.
Unless the Participant's Participation Agreement provides otherwise, the Participant shall also pay OCPRHIO's
charges for all goods and services that OCPRHIO provides at the Participant's request that are not specified in the
then -current Fee Schedule. The Participant shall pay for all costs incurred by the Participant for participating with
OCPRHIO in the exchanging of data on the HIE. This includes Participant's costs for: Personnel, interface
development, license fees related to the Participant's software for accessing the HIE, connectivity and other
related items.
4. Payment
The Participant shall pay all Service Fees and Miscellaneous Charges within thirty (30) days following the date of
invoice from OCPRHIO sent to the Participant's address as shown in this Agreement or to other previously agreed
to address, or emailed in accordance with the Participation Agreement
S. Late Charges
Service Fees and Miscellaneous Charges not paid to OCPRHIO within thirty (30) days following the due date on the
invoice from OCPRHIO are subject to a late charge of five (5) percent of the amount owing and interest thereafter
at the rate of one and one-half (1.5) percent per month on the outstanding balance, or the highest amount
permitted by law, whichever is lower.
6. Suspension of Services
Failure to pay Service Fees and Miscellaneous Charges within sixty (60) days following the due date on the invoice
from OCPRHIO may result in termination of Participant's access to the Services on ten (10) days prior notice. A
connection fee equal to three (3) percent of the outstanding balance shall be assessed to reestablish connection
after the termination due to non-payment.
One California Partnership Regional Health Information Organization
Data Exchange Participation Agreement
Version 5.4
20
Taxes
All Service Fees and Miscellaneous Charges shall be exclusive of all federal, state, municipal, or other government
excise, sales, use, occupational, or like taxes now in force or enacted in the future, and the Participant shall pay
any tax (excluding taxes on OCPRHIO's net income) that OCPRHIO may be required to collect or pay now or at any
time in the future and that are imposed upon the sale or delivery of items and services provided pursuant to the
Terms and Conditions.
8. Other Charges and Expenses
The Participant shall be solely responsible for any other charges or expenses the Participant may incur to access
the HIE and use the Services, including without limitation, telephone and equipment charges, and fees charged by
third -party vendors for products and services.
REMAINDER OF THIS PAGE LEFT INTENTIONALLY BLANK
One California Partnership Regional Health Information Organization
Data Exchange Participation Agreement
Version 5.4
21
ONE CALIFORNIA PARTNERSHIP REGIONAL HEALTH INFORMATION ORGANIZATION
DATA EXCHANGE PARTICIPATION AGREEMENT
Exhibit E
Business Associate Agreement
This Exhibit E sets forth an agreement between Participant ("we" "our" or "us") and Orange County Partnership
Regional Health Information Organization, Inc. ("you" or "your") concerning your use and disclosure of protected
health information that you receive from us in the course of providing services to us, Orin the course of providing
services to our clients on our behalf. When countersigned by you below, this Exhibit E will constitute a binding
agreement between us.
We are required to obtain this agreement from you by the terms of our agreements with our clients who are
covered under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the HIPAA Privacy Rule
(45 CFR Parts 160 and 164). Our agreements with our clients are called "business associate agreements"
For purposes of this agreement, "protected health information" means any information that you receive from us
or from a third party (including our clients) in the course of providing services to us, or in the course of providing
services to our clients on our behalf, and which contains health information relating to an individual. "Health
information" includes any information concerning an individual's health condition, treatment for a health
condition, or payment for such treatment.
This agreement is to be interpreted consistently with the HIPAA Privacy Rule. Undefined terms used in this
agreement have the meanings given them in the HIPAA Privacy Rule.
1. Use and Disclosure of Protected Health Information
(a) Subject to the provisions of this agreement, you may use protected health information to assist us in health
information exchange as described in the Orange County Partnership Regional Health Information Organization,
Inc. Data Participation Exchange Agreement, within the scope of your engagement or contract with us. You may
not use or disclose protected health information for any other purpose, except as required by law or expressly
permitted by us in writing. Under no circumstances will you use protected health information for any purpose for
which our clients would not be permitted to use it under the Privacy Rule.
(b) You may disclose protected health information only for the purposes described in subsection (a) above, or if
you are required bylaw to make the disclosure. If the disclosure is for the purposes described in subsection (a)
above, it may only be made --
(i) to your employees who need the information in order to perform their duties; or
(ii) to your agents and subcontractors to assist you in providing services to us or our clients, but only after
obtaining from them the agreement described in subsection (e) below, and furnishing us with a copy of the
agreement.
If you are required bylaw to make a disclosure, you must give us as much advance notice as you reasonably can
under the circumstances, so that we can notify our clients of the impending disclosure.
One California Partnership Regional Health Information Organization
Data Exchange Participation Agreement
Version 5.4
22
You must maintain a record of all disclosures of protected health information to third parties for six (6) years, and
furnish it to us or to our client from time to time on request. This requirement does not apply to disclosures
contemplated by our agreements with you and made for our clients' operational purposes. This requirement will
survive the termination of our agreements with you.
(c) You will implement reasonable administrative, physical, and technical safeguards to protect the confidentiality,
integrity and availability of protected health information that you create, receive, maintain or transmit on our
behalf or on behalf of our client, and to prevent use or disclosure of protected health information otherwise than
as provided for by this Agreement.
(d) You will immediately report to us any use or disclosure of protected health information not provided for by this
Agreement of which you become aware, including any security incident or breach of confidentiality of the
information.
(e) You will ensure that any agent, including a subcontractor, to whom you provide protected health information
agrees in writing to the same safeguards, restrictions and conditions that apply to you with respect to such
information.
(f) You will make your internal practices, books, and records relating to the use and disclosure of protected health
information available to us, to our client, and to the Secretary of the Department of Health and Human Services
for purposes of determining your compliance with this agreement and our clients' compliance with the Privacy
Rule.
(g) You will comply with any additional restrictions required by our client concerning the use or disclosure of its
protected health information, if we notify you in writing of the restrictions (which we may do by providing you
with a copy of our agreement with the client).
(h) You will comply with any additional requirements imposed by applicable laws or regulations, including without
limitation the privacy and security requirements set forth in Sections 13401 and 13404 of Title XIII of the American
Recovery and Reinvestment Act of 2009.
2. Term and Termination
(a) This Agreement will be effective as of the date on which you first receive protected health information from us,
and will terminate when you have returned or destroyed all protected health information.
(b) If at any time if we determine that you have violated a material term of this agreement, we may terminate any
agreement or arrangement between us under which you have access to protected health information (any
provision to the contrary in any such agreement notwithstanding).
(c) Upon termination for any reason of the agreement or arrangement between us under which you have access to
protected health information, you will return or destroy all protected health information, and you will retain no
copies of it. However, if we determine that returning or destroying protected health information is not feasible,
you need not return or destroy it, but you must extend the protections of this Agreement to the protected health
information and limit further uses and disclosures of the protected health information to those purposes that
make return or destruction infeasible.
3. Miscellaneous. This Agreement constitutes the entire agreement between us with respect to the
confidentiality of protected health information, except that it does not relieve you of any professional obligation
that otherwise exists. It may be amended only by writing, signed by the party to be bound. It has no third -party
beneficiaries. It is to be governed by the internal law of the State of California.
One California Partnership Regional Health Information Organization
Data Exchange Participation Agreement
Version 5.4
23
PARTICIPANT's NAME
Signed: tet'
Name: L/� ;� Jyy\ w
Title: -V-l.fe Cv��C'�r
Effective Date: I 1- 1
jl l PROVED AS TO FORM:
k �YATfORNI=E
ato;
y:
Aaron C. Harp, City Attorney
Orange County Partnership Regional Health
Information Organization, Inc. (OCPRHIO, Inc)
dba One California Partnership Regional Health
Information Organization
Signed: 0, 00f
,i
Name ► AVEVE -
Title:
Date: O�lg�'LOQ'�
AT,
alta It. 'wln, It
erk
Date: % 74.17
REMAINDER OF THIS PAGE LEFT INTENTIONALLY BLANK
One California Partnership Regional Health Information Organization
Data Exchange Participation Agreement
Version 5.4
24
C_% S o
ONE CALIFORNIA PARTNERSHIP REGIONAL HEALTH INFORMATION ORGANIZATION, INC.
DATA EXCHANGE PARTICIPATION AGREEMENT
Fee Schedule
(Effective Date: 12/21/2016)
City of Newport Beach, Fire Department (Newport Fire)
Startup Annual
Fee (only Maintenance Total Year
Facility Model year 1) Fee 1
City of Newport Beach, Fire Department EMS
1 (EMS Transport) Transport $ 0.00 $ 0.00 $ 0.00
$ 0.00 $ 0.00 $ 0.00
Total Year 1 costs above for participation on OCPRHIO are due as follows: a) Startup Fee due 30 -days after agreement to
participate on the HIE, and b) Annual Maintenance Fee invoiced with the Startup Fee and due within 60 -days of invoice date.
Total Year 2 costs below for participation on OCPRHIO as per the Data Exchange Participation Agreement (DEPA) are due on the
1 -year anniversary date of the interface Go -Live as described in the DEPA and, annually, thereafter.
Total Year
Facility Model 2
1 City of Newport Beach, Fire Department EMS
(EMS Transport) Transport $ 0.00
$ 0.00
Information in this Fee Schedule and all associated costs, discounts and offers expire within (45) days of the
Effective Date printed above
OCPRHIO reserves the right to change its Fee Schedule at any time after the second (2ND) anniversary of the
Effective Date of this Agreement, upon SIXTY (60) days prior written notice to the Participant
Notes
lone -time Onboa rding Startup Fee — for Year 1 only, waived.
z
Annual Maintenance Fee — Waived as an initial participant on the EMS Integration Proof of Concept project in Orange County, CA,
3
Other Certain fees not charged by OCPRHIO, however, may be the responsibility of the Participant. These may include but are not limited to
any fees charged by the respective Participant's IT solutions vendor(s) or other Participant's vendors for any system fees, upgrades, or any
additional servers required and are the sole responsibility of the Participant. Access to the OCPRHIO HIE is granted to EMS Transport and
employees employed by the above entities performing any functions related to patient EMS transport. Access to the OCPRHIO HIE and its
services by non -employed entities of the HIE Participant are charged at the rate of $35.00/month/employee and will be negotiated pending
further Discovery, if needed.
One California Partnership Regional Health Information Organization
Data Exchange Participation Agreement
Version 5.4