Standard IHIN Participation Agreement - Iowa E

Document technical information

Format pdf
Size 961.9 kB
First found Feb 12, 2016

Document content analisys

Language
English
Type
not defined
Concepts
no text concepts found

Organizations

Places

Transcript

Iowa Health Information Network (IHIN)
STANDARD PARTICIPATION AGREEMENT
“Participant”
Participant Name:
Participant Type:
Address:
City/State/ZIP:
Group NPI #:
”Department”
Iowa Department of Public Health
th
321 E. 12 Street
Des Moines, IA 50319
Phone: (866) 924-4636
Fax: (515) 281-4958
Email: [email protected]
Web: www.iowaehealth.org
Description and Purpose:
The Department provides a statewide health information exchange (“HIE”) known as the Iowa Health
Information Network (“IHIN”), which electronically connects Participants with different electronic health
records or other clinical or public health information systems for purposes of payment, treatment,
healthcare operations (as defined by HIPAA and to the extent that HIPAA , other federal law or state law
permits such disclosures without the authorization of the individual), and Public Health Activities (as
defined in Attachment C of this Agreement) . The IHIN is not a central data repository where all patient
records are stored; rather, the IHIN facilitates the transfer of health information electronically (“electronic
health information”) between Participants, unless a patient declines to participate in the IHIN.
Notwithstanding the foregoing, or any other information to the contrary in this Agreement or the
Policies and Standards, Participant and the Department agree that the query functionality of the
IHIN will be used solely for treatment purposes (as defined by HIPAA and to the extent that HIPAA,
other federal law or Iowa law permits such disclosures without the authorization of the individual)
and for Public Health Activities, except that the Department will not use the query functionality of
the IHIN in carrying out Public Health Activities, until June 30, 2015, unless either of the following
first occurs: 1) the authorizing legislation for the IHIN is amended such that a hospital or health
care professional’s sharing of health information through the IHIN (or a private health network
maintained in Iowa that is compliant with the authorizing legislation for the IHIN) for purposes of
payment and health care operations is exempt from any other Iowa law that is more restrictive
than HIPAA that would otherwise prevent disclosure without the authorization of the individual;
or 2) technology has advanced such that either the hospital’s or health care professional’s
electronic health records system or the IHIN has the capability of screening out health information
subject to greater restrictions than HIPAA under Iowa law that would otherwise prevent disclosure
without the authorization of the individual. If the Department expands the use of the IHIN to permit
hospitals and health care professionals to use the system for health care operations and payment
purposes prior to June 30, 2015, and neither of the events listed in 1) and 2) has occurred,
Participant shall have the right to terminate this Agreement effective upon the date that the
expansion occurs. The Department shall provide Participant with written notice at lease thirty (30)
days prior to the expansion date.
Services:
Participant desires to have access to the IHIN and services. The Department agrees to provide and
Participant agrees to pay for the services as described in Attachment A to this Agreement (“Services”), all
in accordance with: 1) the terms and conditions of this Agreement, as specified in Attachment C to this
Agreement; 2) the Policies and Standards for access to and use of the IHIN, located on the Iowa e-Health
website (www.iowaehealth.org); and 3) all applicable laws, rules and regulations. The Department may
add services during the term of this Agreement, which will be reflected in an updated Attachment A.
Service Fees:
In consideration for the Department providing Participant with the Services, Participant agrees to pay the
fees associated with such Services (”Service Fees”) as specified in Attachment B, subject to all of the
terms and conditions of this Agreement.
Page 1
September 15, 2014
Payment Terms:
Service Fees are due and payable annually, in advance, within 60 days of invoice date. The Department
will begin invoicing the Participant the Service Fees upon the completion of on-boarding any IHIN Service
including Direct Secure Messaging, Patient query, or any data reporting (e.g., IDSS IRIS, CCDR), or 60
days after the date the Participant joins the IHIN by entering into a Participation Agreement with the
Department, whichever first occurs. Service Fees will be pro-rated by day to State fiscal year (July 1June 30).
Term:
The term of this Agreement shall commence on the Effective Date and continue through the current State
fiscal year (July 1-June 30), unless earlier terminated as provided in this Agreement. The Agreement will
automatically renew for up to four (4) additional one-year periods unless the Participant provides the
Department with at least sixty (60) days’ prior written notice of its intent not to renew prior to the end of
the initial or any renewal term.
Incorporated by Reference:
This Agreement incorporates by reference Attachments A, B, C, D and E. Participant shall complete the
form in Attachment D and, if applicable, the form in Attachment E, and submit the forms with the signed
Participation Agreement.
Effective Date: ______________________ (To be filled in by Department)
IN WITNESS WHEREOF, in consideration of the mutual covenants set forth in this Agreement and for
other good and valuable consideration, the receipt, adequacy and legal sufficiency of which are hereby
acknowledged, the parties have entered into this Agreement and have caused their duly authorized
representatives to execute this Agreement as of the effective date.
Participant:
Iowa Department of Public Health:
Signature: _______________________________
Signature: _______________________________
Printed Name: ___________________________
Printed Name: Gerd W. Clabaugh, MPA
Title: __________________________________
Title:
Date Signed: ____________________________
Date Signed: ___________________________
Page 2
September 15, 2014
Director
ATTACHMENT A - STANDARD IHIN SERVICES
Core Infrastructure and Services
The Department shall provide the following core infrastructure Services and components of the IHIN to be
used in conjunction with Participant policies as applicable:









Federated hybrid infrastructure model – In this model the minimum amount of patient health
information necessary to uniquely identify the patient is stored centrally (e.g., first name, last name,
birth date and other identifiers) and the minimum amount of information necessary to locate a
patient’s health information (e.g., Participant EHR data vault location, date written) is also stored
centrally when IHIN connects to an XDS.b capable system. This information is necessary to facilitate
finding the patient and the patient’s records and exchanging the patient’s health information from the
participating health care organization’s own unique database or data vault, which stores the health
information, to the requesting Participant. In other words, for an XDS.b capable system only the
patient health information necessary for the master patient index service and the record locator
service to facilitate the exchange of the patient health information is stored centrally. For healthcare
information systems that use Edge Services (as described in Optional Services or Components
below), health information is maintained in a data vault unique to the health care organization
because such systems cannot update an XDS registry that would identify to the IHIN the existence of
such information. The data vault is a specific storage area within the IHIN for a specific organization.
Access to the unique data vault is restricted by the IHIN to the health care organization’s authorized
users. It is maintained by the Participant through a VPN connection with the IHIN; therefore, no other
Participants would be able to access this vault except when they query for patient information and
that patient has data in the edge vault.
Access, authentication, and authorization – Access control as well as authentication and authorization
levels of security are provided when user accesses Direct Secure Messaging or Web-based Provider
portal of the IHIN. Access control provides a basic connectivity security. Authentication is the process
by which the identity of participants is verified. Authorization is the process of assigning a user ID and
password.
Auditing and logging - Audit capabilities track all portal and direct connection activities by Participants
and users.
Compliance - Compliance with all emerging HIE system and/or Privacy and Security standards from
the Office of the National Coordinator for Health Information Technology (ONC) and the Certification
Commission for Health Information Technology, as required.
Continuity of care document (CCD) transmission as an attachment – Patient-level clinical summary
document shared between providers via a Direct Secure Message, e.g., when a patient is referred to
a specialist or admitted, transferred, or discharged from a hospital.
Customer support o Technical documentation and information for each Participant to connect to the IHIN (e.g.,
technical specifications, user guides)
o 24/7 telephone support and help desk. The average speed of answer will be 30 seconds and
average hold time will be 60 seconds.
Direct connection - Certified EHR systems connect using Web services and the XDS.b or XCA
protocol where mutual authentication is accomplished via a certificate-based process to establish an
encrypted connection. If a Participant’s EHR product is unable to communicate using the XDS.b or
XCA standard, the Participant will need to use an alternative such as the optional Edge Services.
Direct secure messaging– Ability to send and receive secure messages between IHIN Participants
(e.g., send a continuity of care document (CCD) for referral, request for consultation, quality reporting,
medication lists, reply to medical record request, send clinical results).
HISP Services- The encryption/decryption and transport of secure messages in compliance with the
Direct Project standards. The HISP will configure domain names for Direct email addresses, publish
digital certificates to establish trust, and ensure that messages are routed securely to the intended
recipient(s).
Page 3
September 15, 2014











Laboratory orders and results – IHIN securely receives orders from electronic medical
record/electronic health record systems and delivers them to ancillary clinical systems based on
Health Information Technology Standards Panel (HITSP) standards. Corresponding results are
delivered back to the ordering system/facility.
Master patient index (MPI) – A standard person identity, information correlation process used to
uniquely identify an individual and match patient health information from different healthcare providers
and care settings, including the process for resolving unmatched and/or overmatched patients.
Patient consent – Policies and procedures which allow for the patient’s choice as to having their
Protected Health Information shared through the record locator service of the IHIN.
Provider directory – Directory information which aids in finding a destination address for push
messaging.
Record locator service (RLS) – The RLS queries source data vaults directly, or queries facilityspecific edge server data vaults to locate and identify potential patient records. Data stored in a
Participant’s data vault or edge server data vault is not commingled with data from Other Participants’
data vaults.
Secure Web data transport standards - Encryption of all data transmissions using secure socket layer
(SSL) or transport layer security (TLS), depending on the Web browser, with a minimum of 128-bit
encryption.
Submission of quality metrics data - Ability for providers to push quality data through the IHIN to
payers for meaningful use incentives or other payer incentive programs.
Web-based provider portal – Stand-alone Web-based portal to utilize secure messaging and CCD
query services.
Immunization Registry Information System (IRIS) connectivity - System to system connectivity to
Iowa’s immunization registry.
Electronic reporting of reportable diseases - Ability to electronically report required laboratory results
for reportable diseases or conditions, from laboratories to public health agencies (e.g., the Iowa
Disease Surveillance System IDSS)
State Cancer Reporting connectivity – Ability to submit the CCDR document to the State Health
Registry.
Advanced Clinical and Quality Reporting *


Clinical Analytics -- The IHIN will enable the integration of clinical and administrative data to provide
detailed analysis (e.g., predictive modeling, evidence-based Medicine, medication therapy
management, quality metrics, and return on investment).
Quality Reporting –The IHIN will enable payers to automatically capture and report quality,
performance, and/or accountability measures from an EHR, and will offer a catalog of quality
indicators based on patients' health needs (e.g., alerts or reminders for annual checkups, wellness,
disease management, blood work, etc.).
Additional Services
The following additional services will each be enabled at a future date after thorough preparation and
testing are completed:


National e- Health Exchange connectivity** - Ability to communicate nationally with select federal
agencies and with other state, regional and local HIEs.
Patient portal - Web-based access which may include one or more of the following: personal health
record integration, results delivery, messaging and alerts, CCD query.
Page 4
September 15, 2014
Optional Services or Components
Edge Services – Optional edge services provide RLS support to participants with EHRs that do not
support standards-based interoperability, and allow for the local aggregation of a broad spectrum of
clinical information. Edge services are not included in the core infrastructure. Fees for edge services are
in addition to the Service Fees for the core infrastructure.
* Payers may require optional edge servers to use these services.
** Availability dependent on federal development of the e-Health Exchange.
Page 5
September 15, 2014
ATTACHMENT B - IHIN SERVICES FEES
Please enter the number of facilities for each participant type and multiply by the Annual Fee, calculate
the sub-total for each participant type, and add all subtotals together for the Grand Total.
Hospital Fees
# of Facilities
Annual
Fee
Under $15M Annually
$5,000
$15M - Under $25M Annually
$7,500
$25M - Under $50M Annually
$10,000
$50M - Under $100M Annually
$20,000
$100M - Under $150M Annually
$30,000
$150M - Under $250M Annually
$45,000
$250M - Under $500M Annually
$60,000
$500M - Under $750M Annually
$80,000
Over $750M Annually
$100,000
Minus Group Rate Adjustment*
Sub-Total
AHA reported Net Patient Revenue
Total
Provider Practice Fees
# of Facilities
Number of Providers within the Facility
FQHC/RHC
1 - 5 Providers
6 - 10 Providers
11 - 20 Providers
21 - 30 Providers
31 - 60 Providers
61 - 90 Providers
Over 90 Providers
Annual
Fee
$500
$500
Total
$1,000
$1,500
$2,000
$2,500
$3,000
$4,000
Sub-Total
Pharmacy Fees
# of Facilities
Annual
Fee
$1,000
$5,000
$10,000
Type
Independent
Chain (1 - 15 Locations)
Chain (16 or More Locations)
Sub-Total
Page 6
September 15, 2014
Total
Laboratory Fees
# of Facilities
Annual
Fee
$1,000
$5,000
Laboratory Type
Independent
Affiliated (one fee per group)
Total
Sub-Total
Long-Term Care, Assisted Living
# of Facilities
Number of Beds within the Facility
Up to 50 Beds
51 - 100 Beds
101 - 150 Beds
151 - 200 Beds
201 - 300 Beds
301 - 400 Beds
Over 400 Beds
Annual
Fee
$500
$750
$1,250
$1,750
$2,250
$2,750
$3,000
Total
Sub-Total
Home Health, Behavioral Health, Therapy Fees
# of Facilities
Annual
Fee
$500
$750
$1,250
$1,750
$2,250
$2,750
$3,000
Number of Providers
1 - 5 Providers
6 - 10 Providers
11 - 20 Providers
21 - 30 Providers
31 - 60 Providers
61 - 90 Providers
Over 90 Providers
Total
Sub-Total
Local Public Health Agencies
# of Agencies
Annual
Fee
$250
$500
$750
Type
Rural
Micropolitan
Urban/Metropolitan
Total
Sub-Total
Grand Total
*Please see the IHIN Services and Connection Fees brochure for notes on the Group Rate Adjustment, or contact the IHIN
staff regarding this or any other questions when filling out Attachment B. If this is for a larger organization/system with
numerous facilities and several participant types, please ask for a custom Attachment B. This attachment must be accurate
and will be the basis for invoicing and used when auditing organizational relationships.
Page 7
September 15, 2014
ATTACHMENT C - TERMS AND CONDITIONS
Table of Contents
1.
Definitions.
9
2.
Grant of Right to Use Services. Participant Commitments.
11
3.
Access to the IHIN.
11
4.
Making Information Available through the IHIN.
15
5.
Business Associate Provisions.
17
6.
Computer Systems.
17
7.
Policies and Standards.
17
8.
Training Costs.
17
9.
Fees and Charges.
17
10.
Confidential Information.
18
11.
Warranty and Disclaimer
18
12.
Insurance.
19
13.
Termination.
20
14.
Choice of Law and Forum.
21
15.
Assignment.
21
16.
Force Majeure.
21
17.
Severability.
22
18.
Notices.
22
19.
Waiver.
22
20.
Complete Understanding.
22
21.
No Third-Party Beneficiaries.
22
22.
Not a Joint Venture.
22
23.
Signature Authority.
22
24.
No Medicare or Medicaid Exclusion.
22
25.
Rules of Construction
23
26.
Certification regarding Suspension and Debarment.
23
27.
Supersedes Former Agreements.
23
Page 8
September 15, 2014
1.
Definitions.
For the purposes of this Agreement, the terms set forth in this section shall have the meanings assigned
to them below.
"Authorized User Data" shall mean Participant’s Shared Information, Participant’s Confidential
Information, and any other data and information provided through the IHIN by Authorized Users.
"Authorized Users" means those members of Participant’s Workforce (including employees, agents,
contractors and any other persons having access to the IHIN by virtue of their relationship with
Participant) who are individually authorized by Participant to have access to the IHIN to assist Participant
with respect to the permitted uses as provided herein, and to whom Participant has assigned a unique
identifier for access to the IHIN.
“Breach” shall mean a breach as defined in 45 C.F.R. § 164.402.
“Confidential Information” means any and all of the following information or data:
(a)
Personally identifiable information about applicants for or recipients of health care
services;
(b)
Department and IHIN security protocols or procedures;
(c)
IHIN system architecture;
(d)
Information that could compromise the security of the IHIN or other Department
systems;
(e)
Information about the Department’s current or future competitive procurements, including
the evaluation process, until formal announcement of results; and
(f)
Information deemed confidential pursuant to Iowa Code § 22.7;
(g)
Shared Information.
"Department’s Authorized Personnel" means the Department’s employees, agents and independent
contractors under confidentiality obligations on terms substantially similar to the confidentiality provisions
contained in this Agreement.
"Documentation" means the written specifications and user and technical manuals provided by the
Department regarding the functionality and operation of the IHIN.
“Health Information” or “health information” means health information as defined in 45 C.F.R. §160.103
that is created, transmitted or received by a Participant.
"HIPAA" means the administrative simplification provisions of the Health Insurance Portability and
Accountability Act of 1996, as amended by the HITECH Act, the regulations promulgated thereunder,
including the Privacy Rule and the Security Rule, and all future changes or amendments to HIPAA or the
regulations promulgated thereunder.
"HIPAA Business Associate Agreement" means the agreement posted on the Department’s website,
which may be amended from time to time by the Department and the Participant.
"HITECH Act" means Health Information Technology for Economic and Clinical Health (HITECH) Act,
Title XIII of Division A and Title IV of Division B of the American Recovery and Reinvestment Act of 2009
(ARRA), Pub. L. No. 111-5 (Feb. 17, 2009), the regulations promulgated thereunder, and all future
changes or amendments to the HITECH Act or the regulations promulgated thereunder.
Page 9
September 15, 2014
“IHIN” means the Iowa Health Information Network operated by the Department, including all hardware
provided by the Department, all software used or provided by the Department, and all documentation
provided by the Department in connection with the IHIN.
“Other Participants" means other entities that have access to the IHIN and have signed a participation
agreement containing an obligation, on terms substantially similar to those contained in this Agreement,
to comply with the Policies and Standards and to be responsible for any business associate, contractor or
Workforce member who accesses and uses the IHIN or Services as Authorized Users on its behalf.
“Participant” means an authorized organization (including without limitation, provider, hospital, health
plan, and state government) that has voluntarily agreed to enter into this participation agreement to
access or use the IHIN.
“Participant ID” means a unique user identifier assigned to a Participant by the Department, and by the
Participant to each of its Authorized Users.
"Participant’s Shared Information" or “Shared Information” means health information relating to a
Participant’s patients or enrollees that Participant makes available to Other Participants of the IHIN. With
respect to public health agencies, “Participant’s Shared Information” or “Shared Information” also means
health information in electronic public health registries.
“Payer” means, but is not limited to, an insurance company, self-insured employer, government program,
individual or other purchaser that makes payments for health services.
"Policies and Standards" means the Department’s rules, regulations, policies, procedures and standards
for access to and use of the IHIN, as from time to time posted electronically on the IHIN or otherwise
furnished to Participant.
"Privacy Rule" means the HIPAA Standards for Privacy of Individually Identifiable Health Information at 45
CFR part 160 and part 164, subparts A and E.
“Protected Health Information” or “PHI” means protected health information as defined in 45 C.F.R.
§160.103 that is created, transmitted or received by a Participant.
“Provider” means a person or organization that is a health care provider under HIPAA and is licensed or
otherwise permitted to provide health care items and services under applicable state law.
“Public Health Activities” means actions undertaken by the Department in its capacity as a public health
authority under HIPAA and/or as required or permitted by other federal or state law.
"Security Incident" means the attempted or successful unauthorized access, use, disclosure, modification,
or destruction of information while in transit via the IHIN, or while being stored within IHIN systems, or
interference with IHIN operations.
"Security Rule" means the HIPAA Security Standards for the Protection of Electronic Protected Health
Information at 45 CFR part 160 and subparts A and C of part 164.
"Service Fees" means the service fees set forth in Attachment B, which may be changed in accordance
with this Agreement.
"Services" means the type of data transactions facilitated through the IHIN, including those listed in
Attachment A to this Agreement.
“TPO” means treatment, payment, or healthcare operations, as such terms are defined in the Privacy
Rule.
Page 10
September 15, 2014
“Workforce” means employees, volunteers, trainees, and other persons or entities whose conduct, in the
performance of work for a covered entity, is under the control of such entity, whether or not they are paid
by the covered entity.
2.
Grant of Right to Use Services. Participant Commitments.
2.1
Access. During the Term, the Department grants to Participant and Participant accepts:
(a)
a non-exclusive, nontransferable (except as provided herein) right to access and
use the IHIN, and
(b)
a non-exclusive, nontransferable (except as provided herein), limited license to use
the IHIN software furnished by the Department.
Such access and use is subject to Participant’s compliance with all applicable laws and
regulations, the terms and conditions set forth in this Agreement and the Policies and
Standards. Participant shall obtain no rights to the IHIN except for the limited rights to use
the IHIN expressly granted by this Agreement.
3.
2.2
Restrictions. Participant shall not: (a) make the IHIN or Services, in whole or in part,
available to any other person, entity or business other than as set forth in this Agreement;
(b) copy, reverse engineer, decompile or disassemble the IHIN, in whole or in part, or
otherwise attempt to discover the source code to the software used in the IHIN; or
(c) modify the IHIN or combine the IHIN with any other software or services not provided
or approved by the Department; or (d) modify any security procedures or security
software of or for the IHIN.
2.3
IHIN Support. The Department shall provide reasonable support and assistance to
Participant in using the IHIN and the Services.
Access to the IHIN.
3.1
Permitted Uses. Subject to the terms of this Agreement, the Department authorizes
Participant to access the IHIN and to use the Services for the purposes of TPO and
public health reporting as authorized or required by applicable law. The Participant
agrees not to access, use or further disclose Other Participants’ Shared Information other
than as authorized by this Agreement or permitted by law.
3.2
Prohibited Uses. Participant agrees not to access the IHIN or use the Services for any
other purpose other than as set forth in Section 3.1 above. In particular:
(a)
Participant shall not knowingly reproduce, publish or distribute content in connection
with the IHIN that infringes any third party’s trademark, copyright, patent, trade
secret, publicity, privacy or other personal or proprietary right;
(b)
Participant shall be responsible for its own compliance with all applicable laws,
including laws relating to maintenance of privacy, security and confidentiality of
patient and other health information and the prohibition on the use of
telecommunications facilities to transmit illegal, obscene, threatening, libelous,
harassing or offensive messages, or otherwise unlawful material;
(c)
Participant shall not knowingly: (i) abuse or misuse the IHIN or the Services,
including gaining or attempting to gain unauthorized access to the IHIN or altering or
destroying information in the IHIN, except in accordance with accepted practices;
(ii) use the IHIN or Services in such a manner that interferes with other Authorized
Users’ use of the IHIN; (iii) permit the introduction into the IHIN of any program,
routine or data (such as viruses or worms) that does or may disrupt or in any way
impede the operation of the IHIN, or alter or destroy any data within it;
(d)
Participant shall not use the IHIN or Services for the purpose of exploiting the health
data of Other Participants for Participant’s own personal gain or commercial
Page 11
September 15, 2014
purposes, including aggregating health data from Other Participants for commercial
use or exploitation by third parties;
(e)
Participant shall not use the IHIN or the Services in violation of the Policies and
Standards or any applicable laws of the state or federal governments including,
without limitation, the responsibility to remove treatment information from a federally
funded substance abuse treatment center unless written consent of the patient is
obtained as required by 42 USC 290dd-2(b)(1) and 42 C.F.R. 2.31(a), or unless
another exception under the law is met;
(f)
Subpoenas and Aggregation:
(i)
(ii)
(iii)
3.3
Participant’s Records.
(a)
Participant shall be solely responsible for compliance with any applicable regulatory
requirements related to the preservation, privacy and security of its own records,
including, without limitation, data backup, disaster recovery, and emergency mode
operation. Participant acknowledges that the Department does not undertake to
provide such services.
(b)
Participant may access and use the electronic health information as permitted in this
Agreement and may merge relevant parts of such electronic health information into
its own.
Nothing in this Section 3 or elsewhere in this Participation Agreement is intended or
shall be deemed to limit the Participant’s use of its own patient information in any
way.
(c)
3.4
Participant shall not use the IHIN to create, produce or compile records or
health data of Other Participants for the purpose of furnishing copies of
aggregated records to third parties, except for purposes of the Participant’s
TPO to the extent such uses are permitted under HIPAA or other applicable
federal or state law, or as is otherwise required by law;
If Participant is subpoenaed or otherwise ordered to use the IHIN for the
purpose of compiling the health data of Other Participants that are not already
contained in Participant’s records, Participant shall immediately notify the
Department so that the Department, and such Other Participants or interested
parties as it may determine, might have an opportunity to appear or intervene
and protect their respective interests;
Neither Participant nor the Department shall be required to contest any such
subpoena or order and shall not be required to incur any expense in
connection with legal proceedings or processes, whether initiated by the
Department or any other interested party, with respect thereto.
Other Participants.
(a)
Types of Other Participants may include, but are not limited to:
(i)
(ii)
(iii)
(iv)
(v)
(vi)
(vii)
Provider practice, physician, or clinic (primary or specialty care);
Hospital;
Public health department or local public health agency;
Laboratory;
Radiology facility;
Pharmacy;
Long-term care, assisted living center, nursing facility, or skilled nursing
facility;
(viii) Home health care agency;
(ix) Health Insurer or health plan;
(x)
Mental health provider;
(xi) Substance abuse treatment provider;
Page 12
September 15, 2014
(xii) Iowa Medicaid Enterprise;
(xiii) State agencies.
(b)
3.5
Other Participants having access to the IHIN shall be required to sign a participation
agreement containing an obligation, on terms substantially similar to those
contained in this Agreement, to comply with the Policies and Standards and to be
responsible for any business associate, contractor or Workforce member who
accesses and uses the IHIN or Services as Authorized Users on its behalf.
Privacy and Security Safeguards.
(a)
Participant and the Department shall implement and maintain reasonable and
appropriate administrative, physical and technical safeguards to protect the
confidentiality, privacy, security, integrity and availability of electronic health
information accessible through the IHIN, to protect it against reasonably anticipated
threats or hazards, and to prevent its use or disclosure otherwise than as permitted
by this Agreement or required by law. To that end, each Participant and the
Department shall:
(i)
(ii)
(iii)
(iv)
provide for appropriate identification and authentication of their Authorized
Users and Department’s Authorized Personnel, respectively;
provide appropriate access authorization;
guard against unauthorized access to or use of health information; and
provide appropriate security audit controls and documentation.
Such safeguards shall comply with HIPAA, all applicable federal, state, and local
requirements, and the Policies and Standards.
3.6
(b)
Participant and the Department shall each maintain reasonable and appropriate
security practices, in accordance with the minimum standards and guidelines in the
IHIN Security Policies established by the Department, with regard to all personnel,
systems, and administrative processes used by each party to transmit, store and
process electronic health information through the use of the IHIN. Participant and
the Department each shall be responsible for establishing and maintaining their
respective security management procedures, security incident procedures,
contingency plans, audit procedures, facility access controls, workstation use
controls and security, device and media controls, authentication procedures, and
security policies and procedures to protect electronic health information accessible
through the IHIN.
(c)
Participant shall notify the Department within seven (7) days of Participant’s receipt
of any adverse audit findings related to Participant’s participation in the IHIN and the
resolution of such findings. Participant shall notify the Department of any Security
Incident relating to the relating to the IHIN interface or connection of which
Participant becomes aware, or any unauthorized use or disclosure of information
within or obtained from the IHIN within seven (7) days, and shall cooperate with the
Department in investigating the incident and shall take such action to mitigate any
breach or suspected breach. The Department shall notify Participant of any
Security Incident relating to the Participant's Shared Information of which the
Department becomes aware, or any unauthorized use or disclosure of Participant's
Shared Information within or obtained from the IHIN of which the Department
becomes aware, within seven (7) days of the Department becoming aware of either
the Security Incident or unauthorized use or disclosure of Participant’s Shared
Information, and shall cooperate with Participant in investigating the Security
Incident and shall take such action to mitigate any breach or suspected breach.
Compliance. Participant and the Department, respectively, are responsible for their own
compliance with the terms of this Agreement, HIPAA, the Policies and Standards, and
any applicable laws and regulations. Participant shall be solely responsible for the use of
Page 13
September 15, 2014
the IHIN by Participant and Participant’s Workforce and shall, to the extent permitted by
applicable law , indemnify the Department and hold it harmless from any third party claim,
cost or liability (including, without limitation, reasonable attorneys’ fees) arising from use
that is in violation of this Agreement, the Policies and Standards, or applicable law,
unless caused solely by Department’s or its agent’s gross negligence, recklessness, or
willful misconduct or omission.
3.7
Authorized Use.
(a)
The Department authorizes Participant and Department’s Authorized Personnel to
access and use the IHIN. Participant authorizes its Authorized Users and assigns
each of its Authorized Users a unique ID. Participant shall adopt and maintain
reasonable security precautions for Participant’s and its Authorized Users’ IDs to
prevent their disclosure to or use by unauthorized persons; the Department shall do
the same with respect to Department’s Authorized Personnel. Each Authorized User
shall have and use the Participant ID assigned to them. Participant shall use
reasonable efforts to ensure that no member of its Workforce uses a Participant ID
assigned to another person.
(b)
Participant may permit Participant’s Authorized Users to access and use the IHIN
and the Services on behalf of Participant, subject to the terms of this Agreement.
Participant shall:
(i)
Conduct a reasonable review process to determine that granting an individual
access to the IHIN as an Authorized User is appropriate;
(ii)
Obtain a unique Participant ID from the Department for each Authorized User
and take efforts to ensure that each such person has access to the IHIN only
under his or her assigned Participant ID;
(iii) Provide the appropriate level of access to the IHIN based on the role or
function of the Authorized User in Participant’s Workforce;
(iv) Require that its Authorized Users agree to the same restrictions and
conditions that apply to the Participant with respect to health information;
(v)
Train all Authorized Users regarding the privacy, security and confidentiality
requirements of this Agreement, the Policies and Standards, and applicable
law relating to their access to and use of the IHIN and the Services.
Participant shall be responsible for their compliance with such requirements;
(vi) Take such disciplinary action as it may deem appropriate against any
Authorized User who violates the confidentiality provisions of this Agreement
or the Policies and Standards;
(vii) Report to the Department violations of the confidentiality requirements set
forth in this Agreement by Participant’s Authorized Users;
(viii) Promptly notify the Department of the termination of employment of any
Authorized User (or if the individual is not an employee, of the termination of
the relationship with Participant which granted the individual access to the
IHIN);
(ix) Promptly notify the Department of the termination, revocation or restriction of
any right of an Authorized User to access the IHIN; and
(x)
Take immediate steps to assure that any Authorized User whose access has
been terminated, revoked or restricted by the Department or the Participant
shall have no further access to Protected Health Information through the IHIN
consistent with the revocation or restriction;
(xi) Not permit or allow a person or entity who is deemed debarred under state or
federal law to access the IHIN.
(c)
Department may authorize Department’s Authorized Personnel to access and use
the IHIN on behalf of the Department, and shall perform the tasks and functions with
respect to Department’s Authorized Personnel as Participant is required to perform
Page 14
September 15, 2014
with respect to its Authorized Users as provided in section 3.7(b), subsections (i)-(ii)
and (iii)-(vi).
4.
3.8
Rights of Authorized Users. An Authorized User shall have no rights to access the IHIN,
or to use the Services or any electronic health information or other information made
available through the IHIN, other than those granted to the Authorized User by the
Department or by the Participant. Any such rights of an Authorized User shall cease and
terminate upon the removal of that Authorized User's access privileges for any reason.
3.9
Discipline and Termination of Authorized Users and Department’s Authorized Personnel.
(a)
The Department shall require of Department’s Authorized Personnel and Participant
shall require of its Authorized Users who use or have access to the IHIN and the
Services, to do so only in accordance with the use restrictions and confidentiality
obligations of this Agreement and the Policies and Standards, including without
limitation the provisions thereof governing the confidentiality, privacy and security of
Protected Health Information.
(b)
Participant and Department shall take appropriate disciplinary action (pursuant to
their respective employee disciplinary policies), up to and including termination,
against Participant’s Authorized Users or other members of their Workforce, or
Department’s Authorized Personnel, respectively, who violate the IHIN use
restrictions, confidentiality obligations, or the Policies and Standards.
3.10
Termination of Participant Access. Following written notice to a Participant and a period
of thirty (30) days to cure (if such cure is possible) the Department may terminate the
Participant’s access to the IHIN on a temporary or permanent basis for reasons including,
without limitation, adverse audit findings related to Participant’s or its Authorized Users’
use of the IHIN, breaches of the terms and conditions of this Agreement or the Policies
and Standards, default in payment of Services Fees, privacy or security breaches, or
failure to take reasonable remedial action when a Breach is discovered, including, without
limitation: (i) failure to cooperate in mitigating damages, (ii) failure to appropriately
discipline an Authorized User or other person under the Participant’s control for security
or privacy violations, or (iii) other actions that undermine the confidence of Other
Participants in the effectiveness of IHIN safeguards. When terminating access, the
Department shall explain to Participant the basis and shall provide support for its action.
A permanent termination of access shall be followed by termination of this Agreement. If
this Agreement is terminated by Department pursuant to this subsection 3.10, Participant
shall not be entitled to a refund of Services Fees for the unexpired term.
3.11
Professional Responsibility. Participant shall be solely responsible for the medical,
professional and technical services it provides.
The Department makes no
representations concerning the completeness, accuracy or utility of any information in the
IHIN, or concerning the qualifications or competence of individuals who placed it there.
The Department has no liability for the consequences to Participant or Participant’s
patients of Participant’s use of the IHIN or the Services.
3.12
Cooperation. Participant shall reasonably cooperate with the Department in the
administration of the IHIN, including providing reasonable assistance in evaluating the
IHIN and collecting and reporting data reasonably requested by the Department for
purposes of administering the IHIN.
Making Information Available through the IHIN.
4.1
Purpose of IHIN. The purpose of the IHIN is to facilitate the sharing of information related
to patient health among Participants for the purposes of TPO, public health reporting and
Public Health Activities.
Page 15
September 15, 2014
4.2
Sharing of Health Information. The Department shall from time to time issue Policies and
Standards for the timely sharing of health information through the IHIN, including
standards for the kinds of health information to be shared and the required format for
such health information. It is expressly understood by the parties that the exchange of
PHI among and between the Department and the Participants requires a determination
by the Participant as to when and how a patient’s consent should be obtained for
inclusion of the patient’s PHI in the IHIN. This decision will be unique to each Participant
based on its operational and technical capabilities. Participants shall have the right to
adopt consent models and determine, at the Participant level, whether or not to share
PHI of its patients based on the model(s) it adopts.
4.3
Accuracy and Format of Health Information. Participant shall use reasonable efforts to
ensure that Participant’s Shared Information:
4.4
4.5
(a)
Is current, accurate and (subject to any restrictions imposed by law or this
Agreement, including Section 4.7) complete; and
(b)
Complies with any requirements of the Policies and Standards as to format or
content.
Use and Disclosure of Participant’s Shared Information.
(a)
Participant authorizes the Department to facilitate the exchange of Participant’s
Shared Information to Other Participants for purposes of TPO and Public Health
Activities, to the extent such exchange would be required or authorized by law if
done by Participant.
(b)
The Department may use and disclose Participant’s Shared Information for the
proper management and administration of the IHIN, and to carry out the
Department’s legal responsibilities arising out of or related to the management and
administration of the IHIN. The Department may also disclose Participant’s Shared
Information for such purposes if the disclosure is required by law. Without limiting
the foregoing, the Department may permit access to the IHIN by the Department’s
Authorized Personnel.
Disclosures.
(a)
Participant agrees that any disclosure through the IHIN pursuant to Section 4.4(a) is
a disclosure made by a Participant and not the Department.
(b)
The Department agrees that any disclosure through the IHIN pursuant to Section
4.4(b) is a disclosure made by the Department and not the Participant.
4.6
Reliance on Representations. Participant acknowledges that in granting access to the
IHIN for the purposes as set forth in this Agreement, the Department will rely on the
assurances of the Other Participants as to (i) their identity and credentials, (ii) the
purposes for which they are accessing the IHIN, and (iii) the nature and extent of the
information to which they will have access. Participant acknowledges that, while the IHIN
will contain certain technical safeguards against misuse of the IHIN, it will rely to a
substantial extent on the representations and undertakings of Other Participants and their
Authorized Users. Participant agrees that the Department shall not be responsible for
any unlawful access to or use of Participant’s Shared Information by any Other
Participants resulting from misrepresentation to the Department, breach of their
participation agreements, or violation of the Policies and Standards, unless such unlawful
access to or use of Participant’s Shared Information is due to the Department’s or its
agent’s gross negligence, recklessness, or willful misconduct or omission.
4.7
Compliance with Privacy Rule. The Department applies the standards of the Privacy
Rule in permitting access to the IHIN. Participant acknowledges that other federal and
state laws impose additional restrictions on the use and disclosure of certain types of
health information, or health information pertaining to certain classes of individuals.
Page 16
September 15, 2014
Participant is solely responsible for ensuring that Participant’s Shared Information may
properly be disclosed for the purposes set forth in this Agreement. In particular,
Participant shall:
5.
(a)
Obtain any necessary consents, authorizations or releases from individuals required
by agreement or by law for making their health information available through the
IHIN; and
(b)
Include such statements (if any) in Participant’s notice of privacy practices as may
be required in connection with Participant’s use of the IHIN.
4.8
Individuals’ Rights. Participant shall be solely responsible for affording individuals their
rights with respect to Participant’s Shared Information, such as the rights of access and
amendment, or requests for special restrictions on the use or disclosure of health
information. The Department shall not accept or process any requests from individuals
for the exercise of such rights.
4.9
Rights in Health Information. If Authorized User Data has been used or disclosed for
public health reporting, Public Health Activities or TPO, it may thereafter be integrated
into the records of the recipient. In no event shall the Department claim any rights with
respect to the Authorized User Data, or take any action with respect to such data that is
inconsistent with this Agreement.
Business Associate Provisions.
5.1
Compliance with Privacy and Security Rules. In affording access to and facilitating the
exchange of Participant’s Shared Information in accordance with this Agreement, the
Department shall comply with the Privacy Rule and the Security Rule.
5.2
Business Associate Agreement. The Department and Participant agree to the terms and
conditions of the HIPAA Business Associate Agreement.
6.
Computer Systems. Participant acknowledges that in order to access and use the IHIN, it may
be necessary for Participant to acquire, install, configure and maintain hardware, software and
communications systems in order to connect to the IHIN and comply with this Agreement. The
parties acknowledge that the Participant will be responsible for all costs associated with any
modifications to its internal systems to enable its connection to the IHIN.
7.
Policies and Standards. The Department shall develop the Policies and Standards. The Policies
and Standards, as amended from time to time, are incorporated herein by reference and made a
part of this Agreement. The Department shall notify Participant of any changes in the Policies and
Standards at least ninety (90) days prior to the implementation of the change. However, if the
change is required in order for the Department or Participant to comply with applicable laws or
regulations or if the Iowa State Board of Health (or successor governance body) directs, the
Department may implement the change and provide notice to Participant within a shorter period
of time that the Department determines is appropriate under the circumstances. If Participant is
unable or unwilling to comply with or implement the changes to such Policies and Standards,
Participant may elect to suspend its use of the IHIN, or terminate this Agreement and be released
from all further obligations and liabilities pertaining to this Agreement except for those already
accrued and those that survive termination hereunder.
8.
Training Costs. Participant shall be solely responsible for the participation and costs of training
Participant’s personnel related to the IHIN and its use. The Department shall not require
Participants to use specific vendors for training.
9.
Fees and Charges.
9.1
Service Fees. In consideration for the Department providing Participant with the
Services, Participant agrees to pay the Service Fees as specified in Attachment B.
Page 17
September 15, 2014
10.
11.
9.2
Changes in Service Fees. The Department may from time to time change the amount of,
or basis for, the Service Fees based on an approved business and financial sustainability
plan. The Department shall provide Participant with at least ninety (90) days’ prior written
notice of a fee increase. The Department may, at any time, reduce fees and set fees for
new Services. Any changes in Service Fees will be reflected in a revised Attachment B.
9.3
Payment. The Service Fees shall be due and payable to the Department within sixty (60)
days of invoice. Failure to pay the Service Fees within such time shall constitute a
material breach of this Agreement.
9.4
Taxes. All charges and fees shall be exclusive of all federal, state, municipal, or other
government excise, sales, use, occupational, or like taxes now in force or enacted in the
future, and Participant agrees to pay any tax that the Department may be required to
collect or pay now or at any time in the future and that are imposed upon the sale or
delivery of items and Services purchased under this Agreement.
9.5
Other Charges. Participant is responsible for any charges Participant incurs to use the
IHIN, such as telephone and equipment charges, and fees charged by Participant’s thirdparty vendors of products and services.
Confidential Information.
10.1
Access to Confidential Information. Participant’s employees, agents, and subcontractors
may have access to Confidential Information to the extent necessary to carry out
responsibilities under this Agreement. Access shall be in accordance with this
Agreement, the Policies and Standards and applicable law.
10.2
No Dissemination or Disclosure of Confidential Information. No Confidential Information
collected, maintained, or used in the course of performance of this Agreement shall be
disseminated by the Participant or the Department either during the Term or thereafter
except as expressly authorized by this Agreement or by law. Participant shall immediately
report to the Department any unauthorized disclosure of Confidential Information.
Participant may be held civilly or criminally liable for improper disclosure of Confidential
Information.
10.3
Equitable Relief. Either party shall be entitled to equitable relief in preventing a breach
of this Paragraph 10; such equitable relief is in addition to any other rights or remedies
available to a party.
10.4
Survives Termination. The parties’ obligations under this section shall survive
termination or expiration of this Agreement.
Warranty and Disclaimer
11.1
11.2
Warranty. The Department represents and warrants the following:
(a)
The Services shall conform to this Agreement.
(b)
The Department has the right to grant the access set forth in Section 2 without
violating or infringing upon any rights of any third party and without breach of any
third-party license, and to the best of the Department’s knowledge, there is currently
no suit by any third party based on an alleged violation, infringement or breach by
the Department related to the IHIN.
(c)
Each of the Department’s employees, subcontractors or agents assigned to perform
the Department’s obligations hereunder have the proper skill, training and
background required to perform in a diligent, competent, workmanlike and
professional manner and all work will be so performed.
Carrier Lines. Participant acknowledges that access to the IHIN will be provided over
various facilities and communications lines, and information will be transmitted over local
exchange and internet backbone carrier lines and through routers, switches, and other
Page 18
September 15, 2014
devices (collectively, "Carrier Lines") owned, maintained, and serviced by third-party
carriers, utilities, and internet service providers, all of which are beyond the Department’s
control. The Department assumes no liability for or relating to the integrity, privacy,
security, confidentiality, or use of any information while it is transmitted on the Carrier
Lines, or any delay, failure, interruption, interception, loss, transmission, or corruption of
any data or other information attributable to transmission on the Carrier Lines. Use of the
Carrier Lines is solely at Participant’s risk and is subject to all applicable local, state,
national, and international laws.
12.
11.3
Disclaimer of Warranties. Other than as set forth in this section of the Agreement, the
IHIN is provided “as is” and “as available” without any warranty of any kind, expressed or
implied, including but not limited to, the implied warranties of merchantability and fitness
for a particular purpose. The Department disclaims any and all responsibilities for any
act or omission taken or made by Participant in reliance on the IHIN or the information in
the IHIN, including, without limitation, inaccurate or incomplete information.
11.4
Other Participants. Participant acknowledges that Other Participants have access to the
IHIN and are receiving the Services. Such Other Participants have committed to comply
with the Policies and Standards concerning use of the IHIN; however, the actions of such
Other Participants are beyond the Department’s control. Accordingly, the Department
shall have no responsibility or liability for or relating to any impairment of the privacy or
security of Participant’s or Other Participants’ Shared Information or Protected Health
Information exchanged through the IHIN resulting from any participant’s actions or
failures to act.
11.5
Unauthorized Access; Lost or Corrupt Data. The Department is not responsible for
unauthorized access to Participant’s transmission facilities or equipment by individuals or
entities using the IHIN. Department is not responsible for unauthorized access to, or
alteration, theft, or destruction of, Participant’s data files, programs, procedures, or
information through the IHIN. Participant is solely responsible for validating the accuracy
of all output and reports obtained through use of the IHIN. Participant is responsible for
making reasonable efforts to protect Participant’s own data and programs from loss by
implementing appropriate security measures, including routine backup procedures.
Participant hereby waives any damages occasioned by lost or corrupt data, incorrect
reports, or incorrect data files resulting from programming error, operator error,
equipment or software malfunction, unless such damages are caused by the
Department’s or its agent’s gross negligence, recklessness, or willful misconduct or
omission. The Department is not responsible for the content of any information
transmitted or received through the Department’s provision of the Services.
11.6
Patient Care. Participant shall be solely responsible for all patient care decisions
resulting from or involving the use of the IHIN or the Services. Neither Participant nor
any other person shall have any claim or cause of action against the Department as a
result of patient care rendered or withheld in connection with the use of the IHIN or the
Services.
Insurance. Participant agrees to obtain and maintain in full force and effect during the Term of
this Agreement insurance or self-insurance to insure itself and its Workforce, agents, and
contractors for liability arising out of activities to be performed under, or in any manner related to,
this Agreement. Such policies shall be with reputable insurance companies and shall include
general liability, errors and omissions, professional liability, data breach, and such other
insurance policies as are usually carried by persons engaged in Participant’s business. The
insurance policies shall be in amounts no less than Two Million Dollars ($2,000,000) per
occurrence and Two Million Dollars ($2,000,000) in annual aggregate. Upon reasonable request
the Participant shall provide relevant information regarding its policies of insurance including,
Page 19
September 15, 2014
without limitation, coverage limits. The preceding requirements shall not apply to Participants that
are State agencies for which the State is self-insured.
13.
Termination.
13.1
Termination for Cause. The Department shall have the right to terminate this Agreement
for cause as provided in Section 3.10 of this Agreement. The Participant shall have the
right to terminate this Agreement in the event of a material breach of this Agreement by
the Department which is not cured within thirty (30) days of delivery of notice of the
breach; provided that, if the breach is capable of cure but not within thirty (30) days, this
Agreement shall not be terminated as long as the Department commences to cure the
breach within thirty (30) days, and diligently pursues the cure to completion.
13.2
Modification. The Department may change the terms under which the Services and
IHIN are provided to Participant (including terms set forth in this Agreement) by
providing Participant not less than ninety (90) days’ written notice. Upon receipt of such
notice, Participant may terminate this Agreement by giving written notice to the
Department on or before the effective date of the change. Participant agrees that
Participant’s failure to give notice of termination prior to the effective date of the change
constitutes acceptance of the change, which shall thereupon become part of this
Agreement.
13.3
Termination Due to Lack of Funds or Governmental Action. Notwithstanding anything in
this Agreement to the contrary, and subject to the limitations set forth below, the
Department shall have the right to terminate this Agreement without penalty as a result of
any of the following:
(a)
The legislature or governor fail, in the sole opinion of the Department, to appropriate
funds sufficient to allow the Department to either meet its obligations under this
Agreement or to operate as required and to fulfill its obligations under this
Agreement; or
(b)
The legislature or governor fails to authorize or permit the Department to charge or
collect the Service Fees; or
(c)
If funds (including federal funds or grant funds) are de-appropriated, reduced, not
allocated, unavailable, or receipt of funds is delayed, or if any funds or revenues
needed by the Department to build, manage or operate the IHIN are insufficient or
unavailable for any other reason as determined by the Department in its sole
discretion; or
(d)
If the Department’s authorization to conduct its business or engage in activities or
operations related to the subject matter of this Agreement is withdrawn or materially
altered or modified; or
(e)
If the Department’s duties, programs or responsibilities are modified or materially
altered; or
(f)
If there is a decision of any court, administrative law judge or an arbitration panel, or
if any law, rule, regulation or order is enacted, promulgated or issued that materially
or adversely affects the Department’s ability to fulfill any of its obligations under this
Agreement or to operate the IHIN.
The Department shall provide Participant with written notice of termination pursuant to
this Section. Participants that are State agencies shall also have the right to terminate
this Agreement for the reasons enumerated in this Section 13.3.
13.4
Judicial or Administrative Procedures. Either party may terminate this Agreement
immediately upon notice to the other if: (a) a finding or stipulation that the other party has
violated any standard or requirement of federal or state law relating to the privacy or
Page 20
September 15, 2014
security of health information is made in any administrative or civil proceeding; or (b) the
other party is excluded from participation in a federal or state health care program.
13.5
Obligations after Termination. Upon termination of this Agreement, Participant shall
cease to use the IHIN and the Department shall terminate Participant’s access to the
IHIN. Upon termination for any reason, Participant shall remove all software provided
under this Agreement from its computer systems, shall cease to have access to the IHIN,
and shall return to the Department or destroy all hardware, software and documentation
provided by or on behalf of the Department. If Participant elects to destroy such items
rather than return them, Participant shall provide an affidavit attesting to the removal and
destruction of a specific list of hardware, software and documentation within sixty (60)
days after the effective date of termination.
13.6
Effect of Termination. Except as otherwise provided in Sections 3.10 and 24 of this
Agreement, the parties agree that any early termination of this Agreement will relieve the
parties from any obligations set forth in Attachments A and B, including but not limited to
Participant’s obligations to pay the Service Fees set forth on Attachment B, except that
Participant shall be responsible for paying the Service Fees for all Services performed by
the Department through the effective date of termination.
13.7
Survival beyond Agreement Term. This Agreement shall remain in full force and effect to
the end of the Term or until earlier terminated pursuant to this Agreement. The
obligations under this Agreement which by their nature would continue beyond the
termination of this Agreement, including, by way of illustration and not by limitation, those
obligations set forth in Section 10, 11 and 13.5, shall survive termination or expiration of
this Agreement. To the extent the Department retains the Participant’s Shared
Information after termination of this Agreement, the obligations set forth in Paragraph 3.5
will survive beyond its termination. The obligations of the parties under the BAA which by
their nature would continue beyond the termination of this Agreement shall also survive
termination of this Agreement.
14.
Choice of Law and Forum. The laws of the State of Iowa shall govern and determine all matters
arising out of or in connection with this Agreement without regard to the conflict of law provisions
of Iowa law. Any and all litigation commenced in connection with this Agreement shall be brought
and maintained solely in Polk County District Court for the State of Iowa, Des Moines, Iowa, or in
the United States District Court for the Southern District of Iowa, Central Division, Des Moines,
Iowa, wherever jurisdiction is appropriate. This provision shall not be construed as waiving any
immunity to suit or liability including without limitation sovereign immunity in State or Federal
court, which may be available to the Department or the State of Iowa.
15.
Assignment. This Agreement may not be assigned or transferred by the Participant without the
prior written consent of the Department, such consent not to be unreasonably withheld or
delayed. The Department may assign, transfer or convey this Agreement, in whole or in part, to
any State agency or unit of State government, or to other such entity that succeeds the
Department’s duties hereunder, or otherwise assumes responsibility for functions or duties
currently assumed by the Department. This Agreement shall inure to the benefit of and bind
successors and permitted assigns of Participant and the Department.
16.
Force Majeure. Neither Participant nor the Department shall be liable to the other for any delay
or failure of performance of this Agreement and no delay or failure of performance shall constitute
a default or give rise to any liability for damages if, and only to the extent that, such delay or
failure is caused by a "force majeure" and not as a result of the fault or negligence of a party. As
used in this Agreement, "force majeure" includes acts of God, war, civil disturbance and any other
similar catastrophic events which are beyond the control and anticipation of the party effected and
which, by the exercise of reasonable diligence, the party was unable to anticipate or prevent.
Page 21
September 15, 2014
17.
Severability. Any provision of this Agreement that shall prove to be invalid, void, or illegal, shall
in no way affect, impair, or invalidate any other provision of this Agreement, and such other
provisions shall remain in full force and effect.
18.
Notices. All notices required or permitted under this Agreement shall be in writing and sent to
the other party at the address specified in Attachment D (or to such other address as either party
may substitute from time to time by written notice to the other) by certified U.S. Mail return receipt
requested with postage prepaid thereon, or by recognized overnight delivery service, such as
Federal Express or UPS. Any notice or communication sent by certified U.S. Mail under this
Agreement shall be deemed given upon receipt as evidenced by the U.S. Postal Service return
receipt card, or if sent by overnight delivery service, upon receipt as evidenced by the signature
attained by the carrier.
19.
Waiver. No term of this Agreement shall be deemed waived and no breach excused, unless
such waiver or consent shall be in writing and signed by the party claimed to have waived or
consented. Any consent by any party to, or waiver of a breach by the other, whether expressed
or implied, shall not constitute consent to, waiver of, or excuse for, any other different or
subsequent breach.
20.
Complete Understanding.
20.1
This Agreement contains the entire agreement and understanding of the parties with
respect to the subject matter of this Agreement, and there are no other written or oral
understandings or promises between the parties with respect to the subject matter of this
Agreement other than those contained or referenced in this Agreement.
20.2
All modifications or amendments to this Agreement shall be in writing and signed by
authorized representatives of the respective parties.
20.3
Participant acknowledges that it has thoroughly read this Agreement and all related
attachments and has had the opportunity to receive competent advice and counsel
necessary for it to form a complete understanding of all rights and obligations herein and
to accept same freely and without coercion of any kind. Accordingly, this Agreement
shall not be construed or interpreted against the Department on the basis of
draftsmanship or preparation thereof.
21.
No Third-Party Beneficiaries. Nothing express or implied in this Agreement is intended to
confer, nor shall anything herein confer, upon any person other than the parties and their
respective successors or assigns, any rights, remedies or obligations. This Agreement is only
intended to benefit the Department and Participant.
22.
Not a Joint Venture. Nothing in this Agreement shall be construed as creating or constituting
the relationship of the partnership, joint venture (or other association of any kind or
agent/principal relationship) between the parties hereto. No party, unless otherwise specifically
provided for herein, has the authority to enter into any agreement or create an obligation or
liability on behalf of, in the name of, or binding upon, the other party to this Agreement.
23.
Signature Authority. The individuals executing this represent and warrant that they are
competent and capable of entering into a binding contract, and that they are authorized to
execute this Agreement on behalf of the parties.
24.
No Medicare or Medicaid Exclusion. Participant hereby represents and warrants that it is not
and at no time has been excluded or terminated from participation in any federally-funded health
care program, including Medicare and Medicaid. Participant hereby agrees to immediately notify
the Department of any threatened, proposed, or actual exclusion or termination from any
federally-funded program, including Medicare or Medicaid. In the event that Participant is
Page 22
September 15, 2014
excluded or terminated from any federally-funded health care program during the term of this
Agreement, or if at any time after the Effective Date of this Agreement, it is determined that
Participant is in breach of this section, this Agreement shall, as of the effective date of such
exclusion or breach, automatically terminate. If this Agreement is terminated by Department
pursuant to this subsection 24, Participant shall not be entitled to a refund of Services Fees for
the unexpired term .
25.
Rules of Construction
25.1
The term "including" shall be deemed to mean "including without limitation."
25.2
Article and section headings used in this Agreement are for convenience of reference
only and shall not affect the interpretation of this Agreement.
25.3
The references in this Agreement to specific material breaches of this Agreement shall
not be construed as implying that other breaches of this Agreement are not material.
26.
Certification regarding Suspension and Debarment. Participant certifies pursuant to 31 CFR
Part 145 that neither it nor and of its principals are presently disbarred, suspended, proposed for
debarment, declared ineligible, or voluntarily excluded from participation in this Agreement by
any federal department or agency. Participant further agrees to comply with the regulations
implementing Executive Order 12549 regarding debarment and suspension.
27.
Supersedes Former Agreements. This Agreement supersedes all prior agreements between
the Department and Participant regarding the IHIN.
Page 23
September 15, 2014
ATTACHMENT D - IHIN Participant Agreement
Organization Verification Form
Main Organization Name
_____________________________________________________________________
Primary Contract Contact
Email: ____________________ Phone: ____________
Notices required or permitted under this agreement, as referenced in Attachment C section 18, shall be
sent to:
Notices will be sent to Department at:
Director
Iowa Department of Public Health
Lucas State Office Building
th
321 East 12 Street
Des Moines, IA 50319
Notices will be sent to Participant at:
With a copy to (optional):
Billing Contact ________________________________ Email: _____________________ Phone: ____________
If different than Primary (All invoices are sent via e-mail)
Technical Contact ______________________________ Email: _____________________ Phone: ____________
Privacy and Security Officer _____________________ Email: _____________________ Phone: ____________
Security Officer ________________________________ Email: _____________________ Phone: ____________
If different from Privacy Officer
The undersigned applicant warrants, represents, and attests that all facts and information provided are accurate,
current, complete and not misleading and that:

The applicant is who he or she represents himself or herself to be;

If signing on behalf of an organization, that the attached list of providers is accurate and contains only the
names of individuals whose identities and credentials have been verified by the organization; and

The applicant agrees, on behalf of himself, herself or his/her organization, to comply with the responsibilities
associated with being a Participant, including the terms and conditions found in this IHIN Direct Secure
Messaging Participant Agreement.
The applicant agrees, on behalf of himself, herself or his/her organization, to accurately represent himself, herself or
his/her organization in all communications using the IHIN Direct Secure Messaging system.
_______________________________
NAME OF ORGANIZATION’S SIGNING
AUTHORITY
SIGNATURE
Date
* Please note that if Direct Secure Messaging will be used via e-mail only or through the clinical portal, the
Direct Secure Messaging - User Listing form (Attachment E) must also be completed before Participant’s
documents can go to the IHIN onboarding specialist. A National Provider Identifier is required (where
applicable) for each provider listed.
Page 24
September 15, 2014
ATTACHMENT D (continued) - IHIN Participant Agreement
Please place a check mark next to the services you want to use immediately:
☐
Direct Secure Messaging
☐
IRIS Reporting
☐
Patient Look-up
☐
IDSS ELR Reporting
☐
Cancer Reporting
Please List all sites that will be connected under this Participation Agreement and use the most relevant
code from the last page. This information is used for national reporting as well as to assist adoption by
mapping all connected sites in the state.
Site: _____________________
Site type: _________________
Site EHR System: ___________
Address: __________________
City: _____________________
State:___ Zip:______
Site: _____________________
Site type: _________________
Site EHR System: ___________
Address: __________________
City: _____________________
State:___ Zip:______
Site: _____________________
Site type: _________________
Site EHR System: ___________
Address: __________________
City: _____________________
State:___ Zip:______
Site: _____________________
Site type: _________________
Site EHR System: ___________
Address: __________________
City: _____________________
State:___ Zip:______
Site: _____________________
Site type: _________________
Site EHR System: ___________
Address: __________________
City: _____________________
State:___ Zip:______
Site: _____________________
Site type: _________________
Site EHR System: ___________
Address: __________________
City: _____________________
State:___ Zip:______
Site: _____________________
Site type: _________________
Site EHR System: ___________
Address: __________________
City: _____________________
State:___ Zip:______
Site: _____________________
Site type: _________________
Site EHR System: ___________
Address: __________________
City: _____________________
State:___ Zip:______
Site: _____________________
Site type: _________________
Site EHR System: ___________
Address: __________________
City: _____________________
State:___ Zip:______
Site: _____________________
Site type: _________________
Site EHR System: ___________
Address: __________________
City: _____________________
State:___ Zip:______
Site: _____________________
Site type: _________________
Site EHR System: ___________
Address: __________________
City: _____________________
State:___ Zip:______
Site: _____________________
Site type: _________________
Site EHR System: ___________
Address: __________________
City: _____________________
State:___ Zip:______
Site: _____________________
Site type: _________________
Site EHR System: ___________
Address: __________________
City: _____________________
State:___ Zip:______
Site: _____________________
Site type: _________________
Site EHR System: ___________
Address: __________________
City: _____________________
State:___ Zip:______
Site: _____________________
Site type: _________________
Site EHR System: ___________
Address: __________________
City: _____________________
State:___ Zip:______
(Duplicate this page as needed or provide a separate Excel file)
Page 25
September 15, 2014
Attachment E: IHIN Direct Secure Messaging – User Listing for Participant: ______________________
(To be completed if Participant will use IHIN the clinical portal)
Person completing this form: ________________________
User First Name
User Last Name
Profession Code or
Other Role Code
(Use most relevant
code from page 2)
This User is
Authorized to
use Query
(X if Yes)
Title: __________________________________
NPI #
(For those professions
with NPI assigned)
Valid Work
Email Address for User
(Duplicate this page as needed or provide a separate Excel file)
September 15, 2014
Page 26
Site
Type
Codes
Licensed Medical
Profession Code:
September 15, 2014
Use the abbreviation:
ARNP = Advanced Registered Nurse Practitioner
AT = Athletic Trainer
AUD = Audiologist
BSW= Bachelor of Social Work
CMA(AAMA) = Certified Medical Assistant
CSP = Conscious Sedation Permit (Dental)
DA = Dental Assistant
DAT = Dental Assistant Trainee
DC = Doctor of Chiropractic
DDS = Dentist
DO = Doctor of Osteopathy
DPM = Doctor of Podiatric Medicine
DVM = Doctor of Veterinarian medicine
EMT = Emergency Medical Technician
FAC = Faculty (Dental)
GAP = General Anesthesia Permit (Dental)
HAD = Hearing Aid Dispenser
HSP = Health Service Provider
ISW = Independent Social Worker
LA = Local Anesthesia Permit (Dental)
LAC = Licensed Acupuncturist
LD = Licensed Dietician
LPN = Licensed Practical Nurse
MD = Doctor of Medicine
MFT = Marriage & Family Therapist
MHC = Mental Health Counselor
MSW = Master Social Worker
MT = Massage Therapist
OD = Optometrist
OT = Occupational Therapist
OTA = Occupational Therapy Assistant
PA = Physician Assistant
PH = Pharmacist
PHT = Pharmacy Technician
PSY = Psychologist
PT = Physical Therapist
PTA = Physical Therapy Assistant
Page 27
Licensed Medical
Profession Code:
(Continued)
QRDA = Qualified/Registered Dental Assistant
RADT = Radiology Technician
RC = Respiratory Care
RDA = Registered Dental Assistant
RDH = Registered Dental Hygienist
RESD = Resident Dental
RN = Registered Nurse
Rph = Pharmacist
SP = Speech Pathologist
TEMPD = Temporary Dental Permit
XDA = Qualified/Not-registered Dental Assistant
Other Role Code:
Use one of the following roles:
OFFC = Office support staff handling medical records
BILL = Billing office staff
CSS = Clinical Support Staff
OTHR= Other not listed
Site Type Code:
ADM = Administrative
AP = Ambulatory Practice
BS = Behavioral Health/Substance Abuse Center
CP = Chiropractor Practice
DP = Dentist Practice
GE = Government Entity
HH = Home Health/Hospice
HOS = Hospital
IC = Imaging Center
LAB = Independent Laboratory
LPHA = Local Public Health Agency
LTC = Long Term/Assisted Living/Nursing Home
PH = Pharmacy
PT = Physical Therapy Practice
SP = Specialty Practice
SC = Surgical Center
ATTACHMENT F - IHIN Participant Agreement
STATE HEALTH REGISTRY OF IOWA (SHRI)
To be completed if Participant will submit data to the State Health Registry of Iowa
Organization Name (as shown on the IHIN Participation Agreement)
____________________________________________________________________________________________
Cancer Registry Technical Contact
Email: _____________________ Phone: _______________
The undersigned warrants, represents, and attests that all facts and information provided are accurate,
current, complete and not misleading and that:
 The applicant is who he or she represents himself or herself to be;
 The applicant agrees, on behalf of himself, herself or his/her organization, to comply with the
responsibilities associated with being a Participant, including the terms and conditions found in
the IHIN Participant Agreement.
Certified EHR Version at time of registration:

We intend to use the State Health Registry of Iowa (SHRI) for Meaningful Use.
NAME AND TITLE
SIGNATURE
E-MAIL ADDRESS
Return this form to [email protected] when complete.
Department use only:
Received Date: ___________________________________________________________
Received By: _____________________________________________________________
September 15, 2014
Page 28
Date

Similar documents

×

Report this document