MD-COLLECT, a service of COMPUTER CREDIT, INC.
Post Office Box 5238
Winston-Salem, NC 27113-5238
SUBSCRIBER AGREEMENT
Services. Computer Credit, Inc. (CCI), a
debt collector, will send to certain debtors of Subscriber, whose account
information is forwarded to CCI by Subscriber, a series of five (5) collection
letters. Subscriber shall determine the accounts that are referred to CCI and
Subscriber can stop the collection letters at any time. CCI may stop the letters
in order to comply with the Fair Debt Collection Practices Act and applicable
state laws. Correspondence received by CCI from debtors or their representatives
shall be read, copied for CCI's files, and forwarded to Subscriber. Debtor
telephone inquiries received at CCI shall be handled by CCI's trained personnel.
CCI will make available to Subscriber information showing performance results
and account statuses. In providing services pursuant to this Agreement, CCI
shall not knowingly employ, with or without compensation, any individual or
entity listed by a federal agency as excluded, debarred, suspended or otherwise
ineligible to participate in any federal health care programs.
EXHIBIT A
RECITALS
Charges. The charge for CCI's service is Seven Dollars ($7.00) per debtor
account. CCI reserves the right to change the foregoing per account price on
thirty (30) days written notice; however, if Subscriber objects to the price
change, it may cancel this Agreement on ten (10) days written notice to CCI.
Payment is due from Subscriber by credit card payment authorization at the time
Subscriber refers accounts to CCI for collection.
Indemnification. Subscriber shall be fully responsible for furnishing accurate,
complete, and timely information to CCI for its service, including but not
limited to, any communications received by Subscriber from any debtor about the
collection of his or her account. Subscriber shall indemnify CCI and hold CCI
harmless from any cost, expense or liability which might arise out of
information which Subscriber furnishes, fails to furnish, or fails to furnish in
a timely manner to CCI concerning any debtor or the debtor's account, or which
might arise out of Subscriber's breach of this Agreement. CCI shall indemnify
and hold Subscriber harmless from any cost, expense or liability arising out of
CCI's failure to comply with applicable state and federal laws pertaining to the
collection of accounts of debtors (excluding violations which are attributable
to CCI's failure to receive accurate, complete and timely information from
Subscriber pertaining to a debtor), or which might arise out of CCI's breach of
this Agreement.
Debtor Payments. In no event shall CCI retain any funds owing to
Subscriber. In the event a debtor shall remit any payment to CCI, CCI shall
forward such payment forthwith to Subscriber with no additional cost to
Subscriber. If a payment is received that pays the account in full, CCI will
cease collection of the account. Partial payments will not stop the collection
process, unless the balance drops below $4.99 (minimum letter balance).
Record Availability. Until the expiration of four years after the
furnishing of any services by CCI hereunder, CCI shall make available upon
written request to the Secretary of Health and Human Services and its
successors, or upon request to the Comptroller General of the United States, or
of their duly authorized representatives, this contract and the books, documents
and records of CCI that are necessary to certify the nature and extent of the
costs of this contract - and, if CCI carries out any of the duties of this
contract through a subcontract (with a value or cost of $10,000.00 or more over
a twelve-month period) with a related organization, such subcontract shall
contain a provision substantially identical to this paragraph requiring such
subcontractor to make similar contracts, books, documents and records available
to the same parties as must CCI for the same time period for the purpose of
verifying the nature and extent of such costs. In the event CCI carries out any
of its duties through a subcontract, CCI agrees that the subcontractor(s) shall
be advised of and be bound by all terms of this Agreement.
HIPAA Compliance. Subscriber is a "covered entity" as defined in the
Health Insurance Portability and Accountability Act of 1996 ("HIPAA") and the
Electronic Transaction, Security and Privacy Standards (the "Standards") which
are set forth in 45 C.F.R. Parts 142, 160, 162 and 164. CCI agrees that it shall
be bound by the obligations of a Business Associate as set forth in the HIPAA
Business Associate Agreement attached hereto as Exhibit A and incorporated
herein by reference.
Transmission of Debtor Data Between Subscriber and CCI. Subscriber
acknowledges that there are security risks in using non-dedicated means of data
transmission. CCI is not responsible for errors in transmission of information
from Subscriber to CCI concerning Subscriber's debtors, or interception by third
parties of transmissions of such information between Subscriber and CCI.
Confidentiality. Both CCI and Subscriber agree that neither it, nor its
employees, agents, or representatives shall, at any time, either during or after
the termination of this Agreement, disclose to any third party any Confidential
Information of the other party to this Agreement. The term "Confidential
Information" shall mean any information regarding a party hereto that is
proprietary to it or is treated by it as confidential, which relates to its
business, operations, or activities and is obtained by the other party as a
result of this Agreement. Confidential Information, however, shall not include
information which (i) is or becomes available to the public through no fault of
a party hereto to which such information is disclosed, (ii) is disclosed to a
party hereto by a third party who has the lawful right to do so, or (iii) is
disclosed to a third party in response to an order of a court having appropriate
jurisdiction. Subscriber authorizes CCI to disclose Confidential Information
pertaining to a debtor of Subscriber directly to said debtor, its
representatives or its attorneys for purposes of carrying out this Agreement, or
as may be permitted under applicable state or federal laws and regulations.
Insurance. CCI, at all times, shall maintain such general liability
insurance with coverages of $1,000,000.00 per occurrence and $2,000,000.00
aggregate.
Applicable Law. This contract shall be interpreted in accordance with the
laws of the State of North Carolina.
Term and Termination. The term of this Agreement shall commence when it
is accepted by Subscriber and shall continue until terminated as provided in the
next sentence. Either party may terminate this Agreement without cause upon
giving thirty (30) days written notice to the other. Either party may terminate
this contract for cause upon written notice to the other party if it determines
that the other party has violated a material term of this contract.
Business Associate Agreement
This Business Associate Agreement ("Agreement") supplements and is made a part
of the attached Subscriber Agreement, by and between the entity that is the
Subscriber therein (the "Covered Entity") and Computer Credit, Inc. (the
"Business Associate")(collectively the "Parties").
In consideration of the mutual promises below and the exchange of information
pursuant to this Exhibit, the parties agree as follows:
1. Definitions:
(a) Business Associate. "Business Associate" shall mean Computer Credit, Inc.
(b) Covered Entity. "Covered Entity" is defined in the paragraph immediately
preceding the RECITALS of this Agreement.
(c)
Data Aggregation. "Data Aggregation" shall have the same meaning given to
such term in 45 CFR 164.501 and shall include the combining of PHI received or
created by Business Associate to permit data analyses relating to healthcare
operations of Covered Entity.
(d)
Designated Record Set. "Designated Record Set" shall have the same meaning
given to such term in 45 CFR 164.501 and shall include patients' medical or
billing records or any group of records which contains PHI that are maintained,
in whole or in part, by or for the Covered Entity.
(e)
Electronic Protected Health Information. "Electronic Protected Health
Information" or "ePHI" shall have the same meaning as the term "electronic
protected health information" in 45 C.F.R. 160.103, limited to the information
created, received, maintained or transmitted by Business Associate from or on
behalf of Covered Entity.
(f)
Health Care Operations. Health Care Operations shall have the meaning set
out in its definition at 45 C.F.R. 164.501, as such provision is currently
drafted and as it is subsequently updated, amended or revised.
(g)
Individual. "Individual" shall have the same meaning as the term
"individual" in 45 CFR 164.501 and shall include a person who qualifies as a
personal representative in accordance with 45 CFR 164.502(g).
(h)
Privacy Rule. "Privacy Rule" shall mean the Standards for Privacy of
Individually Identifiable Health Information at 45 CFR part 160 and part 164,
subparts A and E.
(i)
Protected Health Information. "Protected Health Information" shall have the
same meaning as the term "protected health information" in 45 CFR 164.501,
limited to the information created or received by Business Associate from or on
behalf of Covered Entity.
(j)
Required By Law. "Required By Law" shall have the same meaning as the term
"required by law" in 45 CFR 164.501.
(k)
Secretary. "Secretary" shall mean the Secretary of the Department of Health
and Human Services or his designee. (l) Security Rule. "Security Rule" shall
mean the Standards for Security of Electronic Protected Health Information at 45 C.F.R. part 160 and part 164.
Any other terms used in this Addendum, but not otherwise defined, shall have the
same meaning as those terms in the Privacy Rule and the Security Rule.
2. Limits on Use and Disclosure of PHI:
Except as otherwise specified herein, Business Associate may use PHI only as
necessary to perform its obligations under the terms of the Subscriber
Agreement. All other uses not specifically authorized by the Subscriber
Agreement, this Agreement or state or Federal law are strictly prohibited.
Moreover, Business Associate may only disclose PHI (i) as authorized by this
Agreement (ii) as directed by the Covered Entity in writing, or (iii) as
otherwise permitted or required by law.
3. Obligations And Activities Of Business Associate:
With regard to the use and/or disclosure of PHI, the Business Associate shall:
(a) Not use or further disclose PHI other than as permitted or required by this
Agreement or as permitted or Required By Law;
(b) Use appropriate safeguards to prevent the use or disclosure of PHI other
than as provided for by this Agreement;
(c) Mitigate, to the extent practicable, any harmful effect that is known to
Business Associate of a use or disclosure of Protected Health Information by
Business Associate in violation of the requirements of this Agreement;
(d) Report to the Covered Entity's designated privacy officer, within a
reasonable period of time, any use and/or disclosure of the PHI that is not
permitted or required by the terms of this Agreement and of which the Business
Associate becomes aware;
(e) Require that any and all agents, including subcontractors, to whom it
provides PHI received from, or created or received by the Business Associate on
behalf of the Covered Entity agrees, in writing, to adhere to the same
restrictions and conditions on the use and disclosure of PHI that apply
throughout this Agreement to the Business Associate with respect to such
information;
(f) Upon request of the Covered Entity, provide access to PHI maintained by the
Business Associate on behalf of the Covered Entity in a Designated Record Set to
the Covered Entity or to an Individual, as directed by the Covered Entity, in
accordance with the requirements of 45 C.F.R. 164.524. Such access shall be
permitted within a reasonable period of time and in a manner designated by
Covered Entity;
(g) Upon request of the Covered Entity, amend PHI maintained in a Designated
Record Set by the Business Associate on behalf of the Covered Entity. Any such
amendments shall be made within a reasonable period of time and in a manner
designated by the Covered Entity. Further, the Business Associate shall
incorporate any such amendments into the PHI maintained by it in a Designated
Record Set on behalf of the Covered Entity;
(h) Make available its internal practices, books, and records relating to the
use and disclosure of PHI received from, or created or received by Business
Associate on behalf of, Covered Entity available to the Covered Entity, or to
the Secretary, in a time and manner designated by the Covered Entity or the
Secretary, for purposes of the Secretary determining Covered Entity's compliance
with the Privacy Rule;
(i) Make information available to the Covered Entity regarding Business
Associate's disclosures of PHI sufficient to permit the Covered Entity to
respond to a request by an Individual for an accounting of disclosures of PHI in
accordance with 45 CFR 164.528; and
(j) Upon termination of the Agreement, as provided in Section 7 herein, if
feasible, return to the Covered Entity, or destroy, all PHI received from, or
created or received by, the Business Associate on behalf of the Covered Entity
that Business Associate still maintains in any form and retain no copies of such
information or, if such return or destruction is not feasible, extend the
protections of this Agreement to the PHI and limit further use or disclosure to
those purposes that make the return or destruction of such information
infeasible.
4. Permitted Uses And Disclosures By Business Associate:
Except as otherwise limited in this Agreement:
(a) The Business Associate may use or disclose PHI to perform functions,
activities, or services for, or on behalf of, the Covered Entity as specified in
the Subscriber Agreement, provided that such use or disclosure would not violate
the Privacy Rule or other applicable state or federal laws if done by the
Covered Entity itself;
(b) The Business Associate may use PHI in its possession for the proper
management and administration of the Business Associate or to carry out the
legal responsibilities of the Business Associate;
(c) The Business Associate may disclose PHI for the proper management and
administration of the Business Associate, provided that such disclosures are
required by law, or provided that the Business Associate represents to the
Covered Entity in writing that it has obtained reasonable assurances, from the
person to whom the PHI is disclosed that it will remain confidential and be used
or further disclosed only as required by law or for the purpose for which it was
disclosed to the person, and that person notifies the Business Associate of any
instances of which it is aware in which the confidentiality of the information
received has been breached.
(d) Except as otherwise limited in this Agreement, the Business Associate may
use PHI to provide Data Aggregation services to the Covered Entity as permitted
by 45 CFR 164.504(e)(2)(i)(B).
(e) Business Associate may use PHI to report violations of law to appropriate
state or federal authorities as permitted by 45 CFR 164.502 (j)(1).
5. Obligations Of Covered Entity:
The Covered Entity shall:
(a) Provide the Business Associate with its notice of privacy practices produced
in accordance with 45 CFR 164.520, as well as any changes, amendments or
modifications to such notice;
(b) Provide the Business Associate with any changes in, or revocation of,
authorization by an Individual to use or disclose PHI, if such changes affect
Business Associate's permitted or required uses and disclosures;
(c) Notify the Business Associate of any restriction to the use or disclosure of
PHI that the Covered Entity has agreed to in accordance with 45 CFR 164.522; and
(d) Not request the Business Associate to use or disclose PHI in any manner that
would not be permitted under the Privacy Rule if done by the Covered Entity,
except for Data Aggregation or management and administrative activities of the
Business Associate.
6. Security Rule Obligations of Business Associate:
With regard to the Security
Rules Business Associate agrees that it shall:
(a) Implement administrative, physical, and technical safeguards that reasonably
and appropriately protect the confidentiality, integrity and availability of the ePHI that Business Associate creates, receives, maintains or transmits on behalf
of Covered Entity;
(b) Ensure that any agent, including a subcontractor, to whom Business Associate
provides such ePHI agrees to implement reasonable and appropriate safeguards to
protect that ePHI; and
(c) Report to Covered Entity any "security incident" (as that term is defined at
45 C.F.R. 164.304) of which Business Associate Vendor becomes aware.
7. Term and Termination:
(a) Term. The Term of this Agreement shall be effective as of the commencement
of the term of the Subscriber Agreement, and shall terminate when the Subscriber
Agreement terminates.
(b)
Termination for Cause. The Covered Entity may immediately terminate this
Agreement and any related agreements, including the Subscriber Agreement, if the
Covered Entity makes the determination that the Business Associate has breached
a material term of this Agreement. Alternatively, the Covered Entity may: (i)
provide the Business Associate with 30 days written notice of the existence of
an alleged material breach; and (ii) afford Business Associate an opportunity to
cure the alleged material breach upon mutually agreeable terms. Nonetheless, in
the event that mutually agreeable terms cannot be achieved within 30 days, such
a failure to cure the alleged material breach shall be grounds for the immediate
termination of this Agreement and the Subscriber Agreement. If neither
termination nor cure are feasible, Covered Entity shall report the violation to
the Secretary.
8. Integration:
This Agreement shall be incorporated into and made a part of the
Subscriber Agreement. In the event that any term or provision of this Agreement
contradicts or conflicts with a term or provision of the Subscriber Agreement,
that term or provision of this Agreement shall control.
9. Miscellaneous:
(a) Regulatory References. A reference in this Agreement to a section in the
Privacy Rule means the section as in effect or as amended, and for which
compliance is required.
(b)
Amendment. The Parties agree to take such action as is necessary to amend
this Agreement from time to time as is necessary for Covered Entity to comply
with the requirements of the Privacy Rule and the Health Insurance Portability
and Accountability Act, Public Law 104-191.
(c)
Survival. The respective rights and obligations of Business Associate under
Section 3.(j) of this Agreement shall survive the termination of this Agreement.
(d) Interpretation. Any ambiguity in this Agreement shall be resolved in favor
of a meaning that permits Covered Entity to comply with the Privacy Rule.
(e) No Third Party Rights. This Addendum shall be binding upon and inure to the
benefit of the Parties hereto and their respective successors and assigns;
provided, however, that nothing in this Addendum is intended, nor shall it be
construed, to confer upon any person or entity other than the Parties hereto and
their respective successors and assigns, any rights, remedies, obligations or
liabilities whatsoever.
(f)
Applicable Law. The validity, enforceability and interpretation of this
Addendum shall be governed by the same laws as are applicable to the Agreement
and by the Privacy Rule and the Security Rule.
(g)
Entire Agreement. This Addendum, constitutes the entire agreement between
the Parties regarding the confidentiality of PHI and the security and integrity
of ePHI, and supersedes all other agreements, express or implied, oral or
written, between the Parties related to the subject matter of this Addendum.
IN WITNESS WHEREOF, the parties have duly executed this Agreement on the day
this Agreement is accepted by the Covered Entity.