HomeMy WebLinkAboutC2011-440 - 10/18/2011 - NAORIGINAL
AMENDED AND RESTATED HIPAA BUSINESS ASSOCIATE
AGREEMENT
This HIPAA Business Associate Agreement ( "Agreement ") supplements and is made
a part of the master service agreement ( "Service Agreement ") by and between the City
of Corpus Christi ( "Client ") acting behalf of the City of Corpus Christi — Citicare
Employee Benefit Plan, the City of Corpus Christi — Citicare Public Safety Employee
Benefit Plan, the City of Corpus Christi — Citicare Fire Employee Benefit Plan, the City
of Corpus Christi — Citicare Premium Employee Benefit Plan and the City of Corpus
Christi Basic and Expanded Dental Plan (collectively, the "Covered Entity ") and
Humana Insurance Company and HumanaDental Insurance Company ( "Business
Associate "), and is effective as of August 1, 2011 (the "Effective Date "). This
Agreement is an amendment and restatement of the HIPAA business associate
agreement currently in place between the parties.
RECITALS
WHEREAS, Business Associate has been retained to perform functions or activities as
a third party administrator that require that Business Associate have access to
Protected Health Information in relation to the Covered Entity; and
WHEREAS, Business Associate and Client desire to amend and restate the Agreement
currently in effect in order to incorporate the changes to the Health Insurance Portability
and Accountability Act of 1996 ( "HIPAA") under the Health information Technology for
Economic and Clinical Health Act ( "HITECH ") provisions of the American Recovery and
Reinvestment Act of 2009.
NOW, THEREFORE, in consideration of the mutual covenants, terms and conditions
herein contained, the parties hereto agree as follows:
1. DEFINITIONS,
Terms used but not otherwise defined in the Agreement shall have the same meaning
as those terms in the Privacy Rule and Security Rule.
a. "Breach" shall have the meaning given to it by 45 CFR Section 164.402.
b. "Breach Notification Rule" shall mean the Standards for Breach
Notification for Unsecured Protected Health Information under HIPAA that
is codified at 45 CFR Parts 160 and 164, subparts A and D.
C. "Business Associate" shall mean Humana Insurance Company and
HumanaDental Insurance Company.
d. "Covered Entity" shall mean, collectively, the City of Corpus Christi —
Citicare Employee Benefit Plan, the City of Corpus Christi — Citicare Public
Safety Employee Benefit Plan, the City of Corpus Christi — Citicare Fire
Employee Benefit Plan, the City of Corpus Christi — Citicare Alternative
2011 -440
10/18/11
Humana Insurance Company INDEXED
Choice Employee Benefit Plan and the City of Corpus Christi Dental Plan.
The City of Corpus Christi serves as plan sponsor of the Covered Entity.
e. "Deidentified Data" shall have the same meaning as the term
"deidentified data" in 45 CFR Section 164.514.
"Designated Record Set" shall mean a group of records maintained by
or for a Covered Entity that is: (i) the medical records and billing records
about Individuals maintained by or for a covered health care provider; (ii)
the enrollment, payment, claims adjudication, and case or medical
management record systems maintained by or for a health plan; or (iii)
used, in whole or in part, by or for the Covered Entity to make decisions
about Individuals. For purposes of this definition, the term "record" means
any item, collection, or grouping of information that includes Protected
Health Information and is maintained, collected, used, or disseminated by
or for a Covered Entity.
g. "Health Care Operations" shall have the same meaning as the term
"Health Care Operations" in 45 CFR Section 164.501.
h. "HITECH Act" shall mean the provisions of Title XIII, Subtitle D of the
American Recovery and Reinvestment Act of 2009. Any reference to a
section of the HITECH Act shall also include any HITECH Regulations
related thereto.
"HITECH Regulations" shall mean any guidance issued relating to the
HITECH Act by the Department of Health and Human Services, including
the Breach Notification Rule.
j. "Individual" shall have the same meaning as the term "individual" in 45
CFR Section 160.103 and shall include a person who qualifies as a
personal representative in accordance with 45 CFR Section 164.502(g).
k. "Privacy Officer" shall mean the person designated by the Covered
Entity to serve as its privacy official within the meaning of 45 CFR
164.530(a) and any person to whom the Privacy Officer has delegated any
of his or her duties or responsibilities.
I. "Privacy Rule" shall mean the Standards for Privacy of Individually
Identifiable Health Information that is codified at 45 CFR Parts 160 and
164, subparts A and E.
M. "Protected Health Information" or "PHI" shall mean any information,
whether oral or recorded in any form or medium: (i) that relates to the
past, present or future physical or mental condition of an individual; the
provision of health care to an individual; or the past, present or future
payment for the provision of health care to an individual; and (ii) that
identifies the individual or with respect to which there is a reasonable
HOUSTON\2358310.1 -2-
basis to believe the information can be used to identify the individual, and
shall have the meaning given to such term under 45 CFR Section
160.103. Protected Health Information shall be limited to the information
created or received by Business Associate from or on behalf of Client.
n. "Required By Law" shall have the same meaning as the term "required
by law" in 45 CFR Section 164.103.
o. "Secretary" shall mean the Secretary of the Department of Health and
Human Services or his or her designee.
P. "Security Rule" shall mean the Security Standards for the Protection of
Electronic Protected Health Information under HIPAA that is codified at 45
CFR Parts 160 and 164, subparts A and C.
q. "Unsecured PHI" shall mean Protected Health Information that is not
secured through the use of a technology or methodology that renders
such Protected Health Information unusable, unreadable or indecipherable
to unauthorized individuals, as specified in guidance issued pursuant to
Section 13402(h) of the HITECH Act, including the Breach Notification
Rule.
2. OBLIGATIONS AND ACTIVITIES OF BUSINESS ASSOCIATE.
a. Permitted Uses and Disclosures. Business Associate agrees to not use
or disclose Protected Health Information other than as permitted or
required by this Agreement or as Required By Law. Business Associate
recognizes that the Protected Health Information is and shall remain the
Covered Entity's property except as set forth in the Service Agreement.
Business Associate agrees that it acquires no title or rights to the
Protected Health Information as a result of this Agreement.
Business Associate shall not use or disclose Protected Health Information
in any manner that violates the Privacy Rule or the HITECH Act.
To the extent required by the Privacy Rule, Business Associate shall only
request, use and/or disclose the minimum amount of Protected Health
Information necessary to accomplish the purpose of the request, use
and/or disclosure. The determination of what constitutes the minimum
necessary amount of Protected Health Information shall be determined in
accordance with the provisions of the Privacy Rule, as amended by
Section 13405(b) of the HITECH Act.
Business Associate shall not use or disclose Protected Health Information
that is genetic information for underwriting purposes, as set forth in the
regulations issued pursuant to Section 105 of the Genetic Information
Nondiscrimination Act of 2008.
HOUSTON \ 2358310.1 -3-
b. Safeguards. Business Associate agrees to use administrative, physical
and technical safeguards that reasonably and appropriately protect the
confidentiality, integrity and availability of Protected Health Information, in
electronic or any other form, that it creates, receives, maintains or
transmits under this Agreement, in accordance with the Privacy Rule and
the Security Rule to prevent the use or disclosure of Protected Health
Information other than as provided for by this Agreement. Business
Associate covenants that as of February 17, 2010, such safeguards shall
also include, without limitation, implementing written policies and
procedures in compliance with HIPAA and the HITECH Act, conducting a
security risk assessment and training Business Associate's workforce
members who will have access to PHI with respect to the policies and
procedures adopted to comply with HIPAA and the HITECH Act.
Business Associate shall comply with the provisions of 45 CFR Sections
164.308, 164.310, 164.312 and 164.316 with respect to electronic
Protected Health Information in the same manner that such provisions
apply to a HIPAA covered entity. Business Associate shall also comply
with any additional security requirements contained in the HITECH Act
and the HITECH Regulations that are applicable to HIPAA covered
entities.
C. Reporting of Improper Use or Disclosure. Business Associate agrees
to report to the Covered Entity's Privacy Officer in writing within five (5)
business days of discovery of any use or disclosure of the Protected
Health Information not provided for by this Agreement of which it becomes
aware. Business Associate shall also report any security incident of which
it becomes aware to Covered Entity within five (5) business days of
discovery. To the extent that such use or disclosure also constitutes a
Breach of Unsecured PHI or a suspected Breach of Unsecured PHI, the
provisions of Section 6 shall apply.
d. Mitigation. Business Associate agrees to mitigate, to the extent
practicable, any harmful effect that is known to Business Associate of a
use or disclosure of Protected Health Information by Business Associate
in violation of the requirements of this Agreement. Business Associate
agrees to document in writing any steps taken under this section and
provide any such documentation to Covered Entity upon request.
e. Agents and Subcontractors. Business Associate agrees to require that
any agent, including a subcontractor, to whom it provides Protected Health
Information received from, or created or received by Business Associate
on behalf of Covered Entity agrees in writing to the same restrictions and
conditions that apply through this Agreement to Business Associate with
respect to such information, including the implementation of reasonable
and appropriate measures for safeguarding Protected Health Information.
The Business Associate shall insert the substance of this subsection (e) in
HOUSTON\2358314.1 -4-
all such subcontracts provided that the clause shall be modified to treat
the subcontractor as the Business Associate.
Access to Individuals. Within 10 days of receipt of a request from the
Covered Entity, Business Associate agrees to provide access to Protected
Health Information in a Designated Record Set, to Covered Entity or, as
directed by Covered Entity, to an Individual in order to meet the
requirements under 45 CFR Section 164.524.
g. Amendments to Protected Health Information. Within 10 days of
receipt of a request from the Covered Entity, Business Associate agrees
to make any reasonable amendment(s) to Protected Health Information in
a Designated Record Set that the Covered Entity directs or agrees to
pursuant to 45 CFR Section 164.526 at the request of Covered Entity or
an Individual.
h. Access by Covered Entity. Within 10 days of receipt of a request from
the Covered Entity, Business Associate agrees to make internal practices,
books and records including policies and procedures and Protected Health
Information, relating to the use and disclosure of Protected Health
Information received from, or created or received by Business Associate
on behalf of, Covered Entity available to the Secretary for purposes of the
Secretary determining Covered Entity's compliance with HIPAA.
Disclosure Documentation. Business Associate agrees to document
such disclosures of Protected Health Information and information related
to such disclosures as would be required for Covered Entity to respond to
a request by an Individual for an accounting of disclosures of Protected
Health Information in accordance with 45 CFR Section 164.528. Within 10
days of receipt of a request from the Covered Entity, Business Associate
agrees to provide to Covered Entity or an Individual information collected
in accordance with this subsection to permit Covered Entity to respond to
a request by an Individual for an accounting of disclosures of Protected
Health Information in accordance with 45 CFR Section 164.528.
j. Training. Business Associate agrees to train its workforce members who
handle Covered Entity's Protected Health Information about the Business
Associate's obligations and permitted uses and disclosures under this
Agreement. Business Associate also agrees to train its workforce
members as to Business Associate's obligations and duties under the
HITECH Act, including the Breach Notification Rule.
k. Compliance with the HITECH Act. To the extent not already referenced
in this Agreement, the requirements applicable to Business Associate
under the HITECH Act are hereby incorporated by reference into the
Agreement. Business Associate agrees to comply, as of the applicable
HOUSTON\2358310.1 -5-
effective dates of each such HIPAA obligation, with the requirements
imposed by the HITECH Act and HITECH Regulations.
Business Associate acknowledges that it is directly subject to the Security
Rule, the Breach Notification Rule and applicable provisions of the Privacy
Rule and Business Associate agrees to comply with its duties under such
provisions of HIPAA.
3. PERMITTED USES BY BUSINESS ASSOCIATE.
a. Service Agreement. Except as otherwise limited in this Agreement,
Business Associate may use or disclose Protected Health Information to
perform functions, activities, or services for, or on behalf of, Covered
Entity as specified in the Service Agreement, provided that such use or
disclosure would not violate the Privacy Rule if done by Covered Entity or
the minimum necessary policies and procedures of the Covered Entity.
b. Other Permitted Usage. Except as otherwise limited in this Agreement,
Business Associate may use Protected Health Information for the proper
management and administration of the Business Associate or to carry out
the legal responsibilities of the Business Associate. In addition, Business
Associate may use Protected Health Information to provide Data
Aggregation services as permitted by 45 CFR Section 164.504(e)(2)(i)(B).
4. OBLIGATIONS OF COVERED ENTITY.
a. Change in Privacy Practices. Covered Entity shall notify Business
Associate of any limitation(s) in its notice of privacy practices of Covered
Entity in accordance with 45 CFR Section 164.520, to the extent that such
limitation may affect Business Associate's use or disclosure of Protected
Health Information.
b. Change in right to use Protected Health Information. Covered Entity
shall notify Business Associate of any changes in, or revocation of,
permission by Individual to use or disclose Protected Health Information,
to the extent that such changes may affect Business Associate's use and
disclosure of Protected Health Information.
C. Change in Restrictions Regarding Protected Health Information
Covered Entity shall notify Business Associate of any restriction to the use
or disclosure of Protected Health Information that Covered Entity has
agreed to in accordance with 45 CFR Section 164.522, to the extent that
such restriction may affect Business Associate's use or disclosure of
Protected Health Information. Business Associate will implement a similar
restriction provided such restriction is reasonable and does not impact its
ability to perform services provided to the Covered Entity.
HOUSTON\2358310.1 -fj-
d. Covered Entity Representative. Covered Entity shall notify Business
Associate of those employees of Covered Entity who are authorized to
receive Protected Health Information from Business Associate.
5. PERMISSIBLE REQUESTS BY COVERED ENTITY
Covered Entity shall not request Business Associate to use or disclose Protected
Health Information in any manner that would not be permissible under the
Privacy Rule if done by Covered Entity.
6. DUTIES OF BUSINESS ASSOCIATE UPON BREACH OF UNSECURED PHI
a. Timing for Business Associate to Notify Covered Entity of Breach.
Upon Business Associate's discovery of a Breach of Unsecured PHI or a
suspected Breach of Unsecured PHI which occurs on or after September
23, 2009, Business Associate shall provide written notice of the Breach to
the Covered Entity's Privacy Officer as soon as administratively
practicable (and in no case later than five (5) business days after such
discovery). The content of such written notice of the Breach shall comply
with the requirements of 45 CFR Section 164.410(c). In any case
requiring urgency because of possible imminent misuse of Unsecured
PHI, Business Associate shall notify the Privacy Officer by telephone
within 24 hours after discovery of the Breach. Business Associate shall
coordinate an appropriate course of action with the Privacy Officer.
Business Associate shall apply the provisions of 45 CFR Section 164.410
in determining when a Breach is treated as discovered.
b. Cooperation. Upon notifying Covered Entity of the discovery of a
Breach of Unsecured PHI that is attributable to Business Associate (or an
agent or subcontractor of Business Associate) in accordance with 6(a)
above, Business Associate shall cooperate fully with Covered Entity in
determining the details of the Breach and in notifying all appropriate
parties as required by the Breach Notification Rule. Further, Business
Associate shall cooperate fully with Covered Entity in determining whether
a suspected Breach that is attributable to Business Associate (or an agent
or subcontractor of Business Associate) requires notice under the Breach
Notification Rules, including participation in the risk assessment process if
requested by Covered Entity.
C. Documentation Requirement. Business Associate shall maintain
written records relating to (i) each Breach of Unsecured PHI and (ii) each
suspected Breach which is later determined to not constitute a Breach of
Unsecured PHI for a period of the lesser of six (6) years or the duration of
this Agreement. Business Associate shall maintain records relating to
actual or suspected Breaches (even if it is determined that no notice is
required under the Breach Notification Rules), including all risk
assessments for determining risk of harm to affected individuals and all
HOUSTON\2358310.1 -7-
analyses of whether the Breach Notification Rules are implicated by an
actual or suspected Breach. Business Associate shall also maintain all
records relating to actions taken in response to a Breach of Unsecured
PHI, including all notices provided in accordance with the Breach
Notification Rule, all steps taken to mitigate harm caused by the Breach
and all corrective action steps taken to prevent a future similar Breach.
Upon termination of the Agreement, Business Associate shall provide to
Covered Entity all such documentation for the previous eight (8) year
period.
d. Log of Small Breaches. If a Breach of Unsecured PHI involves less
than 500 individuals, the Business Associate shall maintain a log or other
documentation of the Breach which contains the information required to
report such Breach to the Secretary in accordance with the requirements
of 45 CFR Section 164.408(c). Business Associate shall provide such log
to the Covered Entity (i) within five (5) business days of the Covered
Entity's request.
e. Notification Requirements. Covered Entity, in its discretion, may
require Business Associate to prepare and provide individual notices (as
required under 45 CFR Section 164.404) and media notice (as required
under 45 CFR Section 164.406). Covered Entity may also require
Business Associate to assist in providing notice to the Secretary, in
accordance with 45 CFR Section 164.408(b) and (c). Prior to providing
any such notice, Business Associate shall provide the Covered Entity's
Privacy Officer with an opportunity to review and revise any notice.
Business Associate shall obtain Covered Entity's approval of any
notification prior to sending such notification to any individual or entity.
Covered Entity shall either approve Business Associate's draft of any
notification or provide Business Associate with a revised version of the
notification without unreasonable delay. Alternatively, Covered Entity may
elect to draft any required notification for review by Business Associate.
If Covered Entity determines that Business Associate shall distribute any
notifications described above for a Breach attributable to Business
Associate (or an agent or subcontractor of Business Associate), Business
Associate shall comply with all timeframes for providing such notices in
accordance with the requirements of the Breach Notification Rule.
Further, the content, form and delivery of each of the notices shall comply
with the requirements of the Breach Notification Rule and all guidance
published by the Secretary for complying with the Breach Notification
Rule.
Expenses Associated with a Breach. If a Breach of Unsecured PHI is
attributable to Business Associate (or an agent or subcontractor of
Business Associate), Business Associate shall be liable for and pay all
costs associated with preparing and providing the notices required by the
HOUSTON\2358310.1 -8-
Breach Notification Rule, including but not limited to labor costs, postage,
and expenses relating to substitute notice.
7. TERM AND TERMINATION
a. Term. This Agreement will begin on the Effective Date, and will continue
until terminated in accordance herein.
b. Termination.
1) Termination for Cause. Upon Covered Entity's knowledge of a
material breach of this Agreement by Business Associate, Covered Entity
shall provide not less than 20 days written notice of its intent to terminate
the Agreement if Business Associate does not cure such material breach
no later than the end of the written notice period. If Business Associate
does not cure the breach within such time, then Covered Entity may, in its
sole discretion, immediately terminate this Agreement. If termination of
this Agreement is not feasible, Covered Entity shall report the violation to
the Secretary.
2) Termination without Cause and Termination of the Service
Agreement. Either party may terminate this Agreement effective upon
30 days advance written notice to the other party given with or without any
reason if Business Associate no longer performs services for Covered
Entity requiring the use or disclosure of protected health information. This
Agreement will immediately terminate if the Service Agreement
terminates. The effective date of such termination will be the same as the
effective date that the Service Agreement terminates.
C. Effect of Termination. Except as provided in the next paragraph, upon
termination of this Agreement for any reason, Business Associate shall
return or, with the Covered Entity's express permission, destroy all
Protected Health information received from the Covered Entity, or created
or received by Business Associate on behalf of Covered Entity. If the
Protected Health Information is destroyed, Business shall provide Covered
Entity with appropriate evidence of destruction. Business Associate shall
retain no copies of the Protected Health Information, except in cases of
actual or threatened litigation or if required by law. This provision shall
apply to Protected Health Information that is in the possession of
subcontractors or agents of Business Associate.
In the event that Business Associate determines that returning or
destroying the Protected Health Information is infeasible, Business
Associate shall provide to Covered Entity notification of the conditions that
make return or destruction infeasible. Upon Business Associate's
determination that return or destruction of Protected Health Information is
infeasible, Business Associate shall extend the protections of this
HOUSTON \ 2358310.1 -9-
Agreement to such Protected Health Information and limit further uses and
disclosures of such Protected Health Information to those purposes that
make the return or destruction infeasible, for so long as Business
Associate maintains such Protected Health Information.
8. MISCELLANEOUS
a. Regulatory References. Any reference in this Agreement to a section in
the Privacy Rule, Security Rule, Breach Notification Rule or HITECH Act
means the section as in effect or as amended.
b. Amendment. The Parties agree to take such action as is necessary to
amend this Agreement from time to time as is necessary for Covered
Entity to comply with the requirements of the Privacy Rule, Security Rule,
the Breach Notification Rule or any other requirements of the HITECH Act.
C. Survival. The respective rights and obligations of Business Associate
under Section 7(c) and 8(I) shall survive the termination of this Agreement.
d. Interpretation; Conflict. Any ambiguity in this Agreement shall be
resolved to permit Covered Entity to comply with the Privacy Rule,
Security Rule, the Breach Notification Rule or any other requirements of
the HITECH Act. In addition, to the extent this Agreement, only as it
relates to the Privacy Rule, the Security Rule, the Breach Notification Rule
or any other requirements of the HITECH Act and Protected Health
Information, is inconsistent with the terms of the Service Agreement, the
terms of this Agreement shall govern. To the extent the Service
Agreement conflicts with the terms of this Agreement unrelated to the
Privacy Rule, the Security Rule, the Breach Notification Rule or any other
requirements of the HITECH Act and Protected Health Information, the
terms of the Service Agreement shall govern. All terms of the Service
Agreement not in conflict with this Agreement remain in full force and
effect.
e. No Third -Party Beneficiaries. Except as set forth in this Agreement or
as expressly provided for under HIPAA, this Agreement is entered into by
and among the parties hereto solely for their benefit. The parties have not
created or established any third -party beneficiary status or rights in any
person or entity not a party hereto including, but not limited to, any
individual, provider, subcontractor, or other third -party, and no such third -
party will have any right to enforce any right or enjoy any benefit created
or established under this Agreement.
f. Force Majeure. The obligations of any party under this Agreement will be
suspended for the duration of any force majeure applicable to that party.
The term "force majeure" means any cause not reasonably within the
control of the party claiming suspension, including, without limitation, an
HOUSTON\2358310.1
act of God, industrial disturbance, war, riot, weather - related disaster,
earthquake and governmental action. The party claiming suspension
under this Section will take reasonable steps to resume performance as
soon as possible without incurring unreasonably excessive costs.
g. Entire Agreement; Amendments; Facsimile. This Agreement including
any riders, attachments or amendments hereto, constitutes the entire
agreement among the parties with respect to the Privacy Rule, the
Security Rule, the Breach Notification Rule and any other requirements of
the HITECH Act. This Agreement supersedes any prior agreement or
understandings pertaining to HIPAA obligations between the parties,
whether oral or written, and may be amended only by a writing executed
by authorized representatives of both parties. A facsimile or other
reproductive type copy of this Agreement, so long as signed by all parties,
will be considered an original and will be fully enforceable against all
parties.
h. Choice of Law. This Agreement is made in and will be governed by, and
construed in accordance with, the laws of the State of Texas without
regard to principles of conflict or choice of law.
i. Assignment and Delegation. No party may assign its rights or duties
under this Agreement without the prior written consent of the other. This
Agreement is binding upon and will inure to the benefit of the respective
parties hereto and their successors and permitted assigns.
j. Headings. All headings are for convenience only and may not be
deemed to limit, define or restrict the meaning or contents of the Sections.
k. Unenforceable Provisions. If any provision of this Agreement is held to
be illegal or unenforceable by a court of competent jurisdiction, the
remaining provisions will remain in effect and the illegal or unenforceable
provision will be modified so as to conform to the original intent of this
Agreement to the greatest extent legally permissible. Notwithstanding the
foregoing, if any such modification causes a material change in the
obligations or rights of any party, upon written notice from one party to the
other of the adverse effect thereof upon such notifying party, and then if
the parties are not able to mutually agree as to an amendment hereto, any
party may terminate this Agreement upon 30 days written notice to the
other parties.
1. Indemnity. To the extent allowed under law, the Covered Entity, the
Client, and Business Associate will indemnify, hold harmless, and defend
each other from and against any and all claims, losses, liabilities, costs
and other expenses incurred as a result of, or arising directly or indirectly
out of or in connection with: (i) any misrepresentation, breach of warranty,
any acts or omissions of any party (including its agents, subcontractors
HOUSTON\2358314.1 -11- -
and affiliates) or non - fulfillment of any undertaking on the part of a party
under this Agreement respecting Protected Health Information; and (ii) any
claims, demands, awards, judgments, actions and proceedings, including
legal fees and proceedings costs, made by any person or organization
arising out of or in any way connected with the party's performance under
this Agreement.
M. Notices. Any notice required pursuant to this Agreement must be in
writing and sent by registered or certified mail, return receipt requested, by
fax with proof of delivery, or by a nationally recognized private overnight
carrier with proof of delivery, to the addresses of the parties set forth
below in this Agreement. The date of notice will be the date on which the
recipient receives notice or refuses delivery. All notices must be
addressed as foliows or to such other address as a party may identify in a
notice to the other party:
To Business Associate
To Covered Entity
City of Corpus Christi
1201 Leopard Street, 2" Flr.
Corpus Christi, TX 78404
Attn: Patricia Atkins
Fax: 361 - 844 -1730
n. Waiver. A waiver of a breach or default under this Agreement is not a
waiver of any other or subsequent breach or default. A failure or delay in
enforcing compliance with any term or condition of this Agreement does
not constitute a waiver of such term or condition unless it is expressly
waived in writing.
o. Negotiated Agreement. Each party acknowledges that this Agreement
resulted from negotiations by and among all parties, and therefore any
rule of construction requiring ambiguities to be construed against the
drafter of an agreement will not apply to any provision of this Agreement.
HOUSTON \2358310.1 -12-
IN WITNESS WHEREOF, the parties have executed this Agreement the day and date
first above written by their duly authorized officers for and on behalf of said entity.
Humana Insurance Company
The City of Corpus Christi
By:
Name: Khalid Nazir
Title: VP Large Group Underwritin
Date: I d %f 'f a„ i I
HumanaDental Insurance
Company
Name: Gerald Ganoni
Title: President
Date: / 4 :Z/ 7//(
Name: Ron Olson
HOUSTON\2358314:1 -13-