Indispensable Health Pharmacy Services
Integrated Pharmacy Management, Telepharmacy, Staffing, Retail, Analytics, and Ambulatory Surgery Center Pharmacy Services

TP Retail Remote Tech

Remote Pharmacy Technician Agreement

 

Terms and Conditions

This Agreement is made on and the date signed, effective for 90 days between Indispensable Health, LLC. located in Grass Lake, Michigan, (hereinafter referred to as the “Provider”) and Client signed below. This agreement is for telepharmacy services and related activity. Client is requesting telepharmacy services from Provider. Provider employs a variety of health care professionals whose services are required by Client.  Provider wishes to provide telepharmacy and related services to Client as requested by Client, according to the following terms and conditions:

Section A: Length of Agreement The initial term of this agreement will be for 90 days from date of signature and will renew automatically at the end of the term. Termination can be made in writing by either party. If terminated, services will conclude on the date of termination.

Section B: Responsibilities of Provider

  1. Provider will provide the telepharmacy services  listed in the attached Appendix A.  Provider will provide telepharmacy services for a minimum of 40 hours per week during the times identified in Appendix A.  

  2. All telepharmacy professionals supplied to Client by Provider will hold and maintain appropriate registration and in-date licensure pursuant to State Board of Pharmacy law, rules, and or regulations in the state where Client’s facility is located.  Written certification of registration, licensure, completed competencies will be provided to the Client upon request. Reasonable Client specific requirements will be completed upon request at client expense as noted in Appendix A.

  3. Provider shall obtain and maintain insurance, at its own costs and expense, during the term of this Agreement in coverage amounts no less than $1,000,000 per occurrence and $3,000,000 annual aggregate, covering, at a minimum, (i) general liability, (ii) professional liability,  and (iii) any other coverage reasonably necessary to protect Client, Provider and their agents and employees from any claims arising from its obligations under this Agreement.  Provider agrees to submit certificates of insurance, evidencing its insurance coverage, upon Client's request.

  4. Provider will validate its employee’s identity by requesting a driver’s license, professional license as required, and social security card or equivalent. Employees supplied by Provider will have passed an initial 9 or more panel drug screen and criminal background check upon hire.

  5. Rules and Regulations: Provider agrees to practice within the State and Federal laws governing the practice of the profession.  Provider’s professionals will be instructed to comply with those administrative policies adopted by the Client that protect the health and welfare of customers and employees of the Client, so long as they are not in conflict with the Provider’s policies. Should there be a conflict between policies of the Client and the Provider, Provider shall notify the Client in writing of the conflict.

  6. Provider staff will be equipped with equipment necessary to carry out responsibilities, which will minimally include: computer, internet access, fax service, telephone access.

  7. Provider agrees to conduct an annual competency program HIPAA Training and Fraud Waste and Abuse training for each employee. Other competency requirements, or an alternative to Provider provided training will be provided and paid for by Client. See Section C below.

Section C: Responsibilities of the Client

  1. Client accepts full responsibility for customer care supervision of Professional on its premises or under its direction.

  2. Proper training is essential to deliver high quality services. Client will provide comprehensive training to Provider staff in the same or otherwise agreed to manner as Client’s regular pharmacy staff. The initial remote training and preparation of training and reference materials are provided at no additional expense. Client agrees to the video recording of training sessions to enable future employees to efficiently train or review materials. Training and education may include, but not be limited to, computer order entry or verification, customer service expectations, policies and protocols.  

  3. Competency or post implementation training is the responsibility of the client when it exceeds 15 minutes. Client agrees to pay staff for completed competencies or required training at the hourly rate per Employee as outlined in Appendix A.

  4. During the term of this agreement, and for a period of 12 months thereafter, Client agrees not to directly or indirectly for itself or in conjunction with any other person, firm, partnership, corporation, or hospital, solicit, hire, contract with, or employ any staff member who has been scheduled to provide or administer remote pharmacy service to the Client’s hospital facility by Provider.  If, however, any of provider’s staff members breaches the above covenant, Provider may at its option: (a) apply to a Court of competent jurisdiction for an injunction to restrain Client from employing such staff member and for an order enforcing the terms of the covenants so breached, or (b) request Client to pay a placement fee as outlined below as liquidated damages not as a penalty, in order to offset the placement, administrative, and training costs incurred by Provider to replace said professional. The release amount is 15% of an employee’s full time annual salary at Client (2080 * Hourly Rate + Annual Incentives). Any transition requires the account to be current before release, and requires the buyout amount to have been paid in full and current on all invoices. Upon the receipt of funds described in the above bullet points, documents releasing the employee from his/her non-compete agreement and authorizing Client to employ the employee will be sent to Client. 

  5. Client shall obtain and maintain insurance, at its own costs and expense, during the term of this Agreement in coverage amounts no less than $1,000,000 per occurrence and $3,000,000 annual aggregate, covering, at a minimum, (i) general liability, (ii) professional liability,  and (iii) any other coverage reasonably necessary to protect Client, Provider and their agents and employees from any claims arising from its obligations under this Agreement.  Client agrees to submit certificates of insurance, evidencing its insurance coverage, upon Provider’s request.

  6. Client retains the responsibility for maintaining the Pharmacy, and ensuring proper equipment and computers on site. The on-site equipment and inventory are owned by Client.  Client also agrees to maintain and provide access to the electronic orders management system either electronically and/or by providing Provider with hardware/software necessary to access, process and communicate medication orders from one or more remote locations as mutually determined by Provider and Client.  Provider shall comply with, and shall require each of Provider’s employees to comply with, all policies, practices, and procedures that Client may from time to time, in its sole discretion, establish with regard to the access to, or use of, the equipment, computers and inventory.  Client may modify any such policies at any time.  Client shall remain the sole and exclusive owner of all data or information handled or stored by Provider on Client’s system.  Client and Provider will implement measures, consistent with the level and type of measures that it implements for its own data and information to ensure that the data is protected against security risks and vulnerabilities.  Notwithstanding that Client implements such measures, Client and Provider make no representation that the data could not be compromised through or by a third party despite customary security measures.  

  7. Normally, performance issues will be solved in a collaborative manner between Client hospital and Provider. Should either party believe the other is consistently under-performing, the complaining party will inform the other in writing of the specific issue(s) regarding underperformance. The receiving party shall then have 15 (fifteen) business days to respond in writing to the complaint. In the event the performance is not at a satisfactory level 30 days after the date of the initial notice, the complaining party may terminate the agreement without penalty or continuing obligation.

  8. Client is responsible to provide Telepharmacy staff with any security access or equipment that is required to complete the assigned work, i.e. key fobs, vpn set up, IP addresses, etc

  9. Client agrees to provide management reports (or access to reporting) for activities of Provider’s pharmacists. It should include activity (such as number of orders, changes, discontinues, interventions, renewals) by professional for the periods of 1-15 and 16 to EOM by the 20th and 5th of each month when activity occurs. Failure to provide timely reports will consider the associated invoice late under the terms of payment and subject to appropriate fees.

  10. Client agrees to provide access to a point person to review fulfillment of agreement details on a quarterly basis.

Section D: Compensation for Services Rendered

  1. Client will be invoiced bimonthly for all services rendered.  Unpaid bills will be assessed a late fee of 1.5% per month, (or fraction of a month). In the event a Collection Agency and/or the legal process is utilized to collect unpaid bills, Client will be charged any Collection Agency fee(s) and/or legal fees. All amounts due to Provider are payable to the address printed on the invoice. Payment may be made by either of the following methods:

    • Standard: Net 30 days.  

    • Discount: Prepayment (payment due at the beginning of the invoicing period) is discounted 1%.

    • Client will be assigned an initial credit limit of $5000, which will be reassessed monthly during the first 6 months of payment history.

  2. Client agrees to pay the fees listed in Appendix A. 

  3. There are no startup fees. However, if technology implementation costs exceed $1000, client agrees to pay for half of costs required over $1000.

  4. Client agrees to provide training for Provider to deliver services consistent with pharmacy staff and is free of charge for up to 4 hours of remote training recorded. Training on site (requiring travel) will be subject to billing as outlined in Appendix A.

  5. Holiday Rates: Holiday rates are charged to Client at 2 times the agreed upon rate(s) for hours worked on the following holidays: New Year’s Eve, New Year’s Day, Easter Sunday, Memorial Day, Independence Day, Labor Day, Thanksgiving Day, Christmas Eve, and Christmas Day.  There is no charge for hours not worked on these days.  All hours are considered to be Holiday hours if they fall in the calendar day of the holiday. 

  6. Checks will be made payable to Indispensable Health.

Section E: Confidentiality & Non-Disclosure

Provider and staff employed by Provider and supplied to Client agree not to disclose, without written permission of Client, any confidential, nonpublic or proprietary information, legal privilege, personnel, or business planning and financial information, and/or records, of which Provider or said Staff will become aware of during the course of this Agreement. This provision survives the termination of this Agreement. Client and personnel agree not to disclose, without written permission of Provider, any contractual, confidential, nonpublic or proprietary information, documentation, and/or records, including the invoices, names and address of Staff of which Client or said personnel will become aware of during the course of this Agreement. This provision survives the termination of this Agreement. Specifically, this provision is intended to limit revelation of business information to the employees of Provider except the President and Account Executive. This nondisclosure provision shall not prevent Client, Provider, or their employees and representatives from disclosing information to regulatory agencies, as required by state and federal law, or pursuant to order of a court of proper jurisdiction. Provider agrees to comply in all material respects with the health information privacy provisions of the Health Insurance Portability and Accountability Act of 1996 and all regulations promulgated thereunder ("HIPAA"), as well as all policies, procedures and practices of Client relating to HIPAA privacy, confidentiality and security of patient's health information.  Provider further acknowledges and agrees that from time to time HIPAA may require modification to this Agreement for compliance purposes.  Each party shall cooperate with, and assist, the other party to ensure full compliance with HIPAA by both parties based upon this Agreement.

Section F: Non-Discrimination Each party agrees to comply with applicable civil rights and other laws prohibiting discrimination in employment.

Section G: Non Exclusive Agreement: This Agreement is non-exclusive.

Section H: Miscellaneous Terms

Client will, at its expense, defend, indemnify and hold harmless Provider, its shareholders, directors, officers, employees, agents, successors and assigns, from and against any and all claims, demands, suits, or causes of action (collectively, “Claims”) and all damages, costs, fees and expenses (including reasonable attorneys’ fees and disbursements (collectively, “Damages”) arising therefrom, that result in whole or in part from Client’s breach of this agreement or any acts  or omissions of Client, its employees, agents or subcontractors. Provider will, at its expense, defend, indemnify and hold harmless Client, its shareholders, directors, officers, employees, agents, successors and assigns, from and against any and all Claims, demands, suits, or causes of action (collectively, “Claims”) and all damages, costs, fees, and expenses (including reasonable attorneys’ fees and disbursements (collectively “Damages”) arising therefrom, that result in whole or in part from Provider’s breach of this agreement or any acts or omissions of Provider, its employees, agents or subcontractors. This agreement and the business associate agreement signed by the parties constitutes the entire agreement and supersedes all prior written or oral agreements.  No amendments to this agreement will be effective unless made in writing and signed by both parties. This agreement shall be deemed made in Michigan and shall be governed by, construed and enforced in accordance with the laws of the State of Michigan. This agreement may terminate immediately for any of the following reasons: 1) Loss by the Client’s hospital of current licensure; 2) The dissolution or sale of the Client or Provider; 3) Any violation of the terms of this agreement not corrected within 30 days of being placed on notice of the violation; 4) Any loss of Client’s customers attributable to Provider; 5) Any loss of Provider’s customers attributable to Client; 6) The inability of the Client or Provider to obtain, or any change in terms or increase in cost of malpractice insurance attributable to other party; 6) Any violation by Provider of any fiduciary duty owed to Client or any other willful act or omission which injures the Client; 7) Any violation by Client of any fiduciary duty owed to Provider or any other willful act or omission which injures the Provider; 8) Any act of fraud or dishonesty by Client or Provider or failure to competently perform required duties and responsibilities; 9) Two month’s delinquency of invoiced monies owed to Provider. The parties agree and understand that Provider will at all times be acting and performing as an independent contractor.  Nothing in this agreement is intended to create an employer/employee relationship or a joint venture relationship between the parties. Provider will ensure that personnel providing services to Client will (a) comply with Client's then-current internal policies, procedures and rules applicable to Client's personnel and provided to Provider in writing, including, without limitation, any then-current policies, procedures and rules relating to quality assurance (QA), environmental protection, health, safety, work and security; and (b) comply with all terms governing the access of any information or communication systems of Client, including, without limitation, host and personal computers, internal or external information or communication networks (including voice mail, Internet/Intranet and e-mail systems), operating systems, database systems, or hardware and software directly or indirectly accessed from Client's systems. Provider agrees to this agreement and has provided this agreement for client approval. Client acknowledges his/her respective understanding of this agreement by executing below:

Appendix A: Technician Remote Entry Pricing for Retail / Long Term Care Pharmacies

Client will be charged $0.99 per prescription processed with a minimum charge of 15 prescriptions per hour. Prescriptions charged must be complete. Completed prescriptions are those profiled correctly or adjudicated and dispensed. Prescriptions left unprocessed are not subject to a fee.

Price Changes: Annual price increases take effect January 1 of each year, effective January 1, 2024. Price increase percentage will be equal to the most recent 12 month increase in the level of the Consumer Price Index for All Urban Consumers-Medical Services, Inpatient Hospital Services All Cities (“CPI-U”)*, as published by the Bureau of Labor Statistics, US, Department of Labor, but not less than 0%. If this CPI-U is no longer published, or no longer published on a monthly basis, the index shall be used which is generally considered as best reflecting changes in the cost-of-medical labor between the two specified dates.

Special Circumstances: The price per devoted technician time is $38.00 per hour. This applies to situations such as required training, or devoted service delivered on or off site, if exclusive for, and requested by, client in writing. On site service is outside the scope of this standard agreement, but if requested by Client it is subject to mileage at the U.S. General Services Administration mileage reimbursement rate. For trips exceeding 60 miles, overnight accommodations costs will be reimbursed at cost and a per diem meal rate of $28/day. Such services will be requested by and approved in advance by client and provider.

BUSINESS ASSOCIATE AGREEMENT (Addendum)

This Business Associate Addendum (“Addendum”) is made  date signed between Client and Indispensable Health, LLC (“Business Associate”).

RECITALS

  1. The purpose of this Addendum is to comply with the business associate requirements of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), its associated regulations (45 CFR Parts 142 and 160-164), and the 2009 Health Information Technology for Economic and Clinical Health (“HITECH”) Act.

  2. Client and Business Associate have entered into one or more agreements (collectively “Agreement”) under which Business Associate receives and uses Protected Health Information (“PHI”) and/or Electronic Protected Health Information ("EPHI") in the course of providing certain services (“Services”) to Client.

  3. Client is a “Covered Entity” under the HIPAA Privacy Rule.  The Agreement is therefore subject to the business associate requirements in the HIPAA Privacy Rule.

  4. The HIPAA Privacy and Security Rules require all business associates of Client to agree, in writing, to certain mandatory terms and conditions relating to the business associates’ use and disclosure of EPHI and PHI received from Client.

  5. The HITECH Act requires incorporation of additional privacy and security provisions into this Addendum.

NOW THEREFORE, in consideration of the mutual covenants and promises contained herein, the Parties, each intending to be legally bound hereby, agree as follows:

I.      DEFINITIONS

A.    Accounting. Accounting shall have the same meaning as set forth in 45 C.F.R. §164.528 and in §13405 of HITECH Act.

B.     Breach.  Breach means the unauthorized acquisition, access, use, or disclosure of protected health information which compromises the security or privacy of such information, except that the following do not constitute breachesL The unintentional acquisition, access or use of protected health information by a workforce member or person acting under the authority of a covered entity or a business associate, if such acquisition, access, or use was made in good faith and within the scope of authority and does not result in further use or disclosure in a manner not otherwise permitted; 2. The inadvertent disclosure of protected health information from one person authorized to access protected health information at a covered entity or business associate to another person authorized such access at the same covered entity or business associate, or organized health care arrangement in which the covered entity participates; and the information received is not further used or disclosed in a manner not otherwise permitted; 3. The disclosure of protected health information where an unauthorized person to whom such information is disclosed would not reasonably have been able to retain such information.

C.     Business Associate. Business Associate shall have the same meaning as set forth in 45 C.F.R. §160.103.

D.    Covered Entity.  Covered Entity shall have the same meaning as set forth in 45 C.F.R. §160.103.

E.     Disclose/Disclosure.  The release, transfer or provision of access to PHI or EPHI, whether oral or recorded in any form or medium.

F.     Electronic Health Record. Electronic Health Record shall have the same meaning as set forth in 42 U.S.C. § 17921 (an electronic record of health-related information on an individual that is created, gathered, managed, and consulted by authorized health care clinicians and staff).

G.    Electronic Protected Health Information.  Any protected health information that is transmitted or maintained by electronic media, as that term is defined by the HIPAA Security Rule (including, but not limited to electronic storage media such as computer hard drives, storage or memory disks/cards, and electronic transmission media such as the internet, extranet, leased lines, dial-up lines, and the physical movement or transport of electronic storage media).

H.    Protected Health Information.  Any information, whether transmitted by or maintained in electronic media or transmitted or maintained in any other form or medium, that relates to the past, present or future physical or mental health or condition of any individual, the provision of health care to an individual, or the past, present or future payment for the provision of health care to an individual.

I.      Security.  Security shall have the same meaning as set forth in 45 C.F.R. § 164.304.

J.      Unsecured Protected Health Information. Unsecured Protected Health Information is Protected Health Information that is not secured by a methodology specified by the Secretary of Health and Human Services (“Secretary”).  The Secretary has specified that encryption and the destruction of the media on which the Protected Health Information is stored or recorded are the only methods that render Protected Health Information unusable, unreadable, or indecipherable.

K.    Use.  The sharing, employment, application, utilization, examination, or analysis, in any form or medium, of Protected Health Information by Business Associate.

II.    GENERAL OBLIGATIONS: Business Associate shall comply fully with all obligations imposed on Business Associates under the HIPAA Privacy and Security Rules and the HITECH Act regarding the Business Associate’s use, disclosure or creation of PHI and EPHI received from, or created or received by Business Associate on behalf of Client. 

III.   SCOPE OF PERMITTED USES AND DISCLOSURES

         A.    Business Associate shall use and/or disclose PHI and EPHI only as permitted or required by this Addendum or as otherwise required by law.  Business Associate represents and warrants that PHI and EPHI will be used and disclosed solely as necessary to perform the Services established by the Agreement.

         B.     Business Associate may disclose PHI and EPHI to, and permit the use of PHI and EPHI by, its employees, contractors, agents, or other representatives only if and to the extent directly related to, and necessary for, the performance of the Services for or on behalf of Client.  Disclosures of PHI and EPHI to, and use of PHI and EPHI by subcontractors, agents and other representatives is also subject to Section VII below.

         C.     Business Associate represents and warrants that it shall request from Client no more than the minimum PHI and EPHI necessary to perform the Services.  Business Associate further represents and warrants that if it uses, discloses, releases, reveals, shows, sells, rents, leases, loans, publishes or otherwise grants access to PHI and EPHI, it will do so only in the minimum amount and to the minimum number of individuals necessary to achieve the purpose of the Services being rendered on behalf of Client.

         D.    Business Associate shall not use or disclose PHI and EPHI in a manner (1)  inconsistent with Client’s obligations under HIPAA or (2)  that would violate the HIPAA Privacy or Security Rules if disclosed or used in such a manner by Client.

         E.     Except as otherwise limited by this Addendum, Client authorizes Business Associate to use the PHI and EPHI in its possession for the proper management and administration of Business Associate’s business and to carry out its legal responsibilities.  Business Associate may disclose PHI and EPHI for its proper management and administration, provided that (i) such disclosures are required by law; or (ii) Business Associate obtains, in writing, prior to making any disclosure to a third party (a) reasonable assurances from such third party that PHI or EPHI will be held in confidence as provided under this Addendum and used or further disclosed only as required by law or for the purpose for which it was disclosed to such third party; and (b) an agreement from such third party to notify Business Associate immediately of any breaches of the confidentiality of PHI or EPHI, to the extent it has knowledge of such breach.

         F.     In the event that Business Associate is providing services to any Covered Entity that is an affiliate, subsidiary, or related corporate entity of Vibra, Business Associate shall abide by the terms of this Addendum with respect to PHI and EPHI received or created by Business Associate in connection with services provided to such Covered Entities.

IV.   SAFEGUARDS FOR THE PROTECTION OF PHI and EPHI

         Business Associate represents and warrants that it shall implement and maintain administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the PHI and EPHI that Business Associate creates, receives, maintains, or transmits on behalf of Client, and to ensure that PHI and EPHI are not used or disclosed by Business Associate in violation of this Addendum.  To the extent that Business Associate is to carry out one or more of Client’s obligation(s) under Subpart E of 45 C.F.R. Part 164, Business Associate shall comply with the requirements of Subpart E that apply to Client in the performance of such obligation(s).  

V.    REPORTING AND MITIGATING THE EFFECT OF UNAUTHORIZED

         DISCLOSURES

          A.    Business Associate shall report any use and/or disclosure of PHI and EPHI that violates this Addendum in writing to Client’s Privacy Officer, as soon as practicable and in all events no later than ten (10) days after Business Associate obtains knowledge of said violation.

          B.     Business Associate shall establish procedures for mitigating, to the greatest extent possible, any deleterious effects arising from any improper use and/or disclosure of PHI and EPHI, and shall implement all such procedures and all other reasonable mitigation steps requested by Client.

VI.   USE BY AND DISCLOSURE TO SUBCONTRACTORS, AGENTS AND

         REPRESENTATIVES

         Prior to disclosing any PHI and EPHI to any subcontractor, agent, or other representative that is authorized to create, receive, maintain, or transmit PHI and EPHI on behalf of Business Associate, Business Associate shall require such person to agree, in writing, to adhere to the same restrictions and conditions on the use and/or disclosure of PHI and EPHI that apply to Business Associate under this Addendum.  The agreement between such subcontractor and the Business Associate shall identify Client as a third-party beneficiary with rights of enforcement in the event of any violations.

 VII. INDIVIDUAL RIGHTS

         A.    Within fifteen (15) days of receiving a written request from Client, Business Associate shall provide to Client all applicable information necessary to comply with the requirements of 45 CFR § 164.528 regarding an individual’s right to an accounting of disclosures of PHI and EPHI.

          B.     Business Associate shall make available PHI and EPHI in a designated record set to Client or the individual to whom such PHI and EPHI relates, at reasonable times and in a manner reasonably directed by Client, in order to meet the individual access requirements under 45 CFR § 164.524.

         C.     Business Associate shall make any amendments to PHI and EPHI that Client directs in order to meet the amendment requirements under 45 CFR § 164.526.

VIII. AUDIT, INSPECTION AND ENFORCEMENT

         A.    From time to time upon reasonable notice, Client may inspect the internal practices, facilities, systems, books, records, and policies and procedures of Business Associate to monitor compliance with this Addendum.  Business Associate shall promptly remedy any violation of this Addendum found by Client and shall certify the same to Client in writing.  The fact that Client has the right to inspect Business Associate’s internal practices, facilities, systems, books, records, and policies and procedures, whether or not it exercises such right, shall not relieve Business Associate of its responsibility to comply fully with this Addendum.  In addition, Client’s failure to detect any unsatisfactory practice does not constitute acceptance of such practice or a waiver of Client’s enforcement rights.

         B.     Business Associate agrees to make its internal practices, books, records, and policies and procedures relating to the use and disclosure of PHI and EPHI available to the Federal Department of Health and Human Services (“HHS”), the Office of Civil Rights (“OCR”), or its agents for the purposes of enforcing the provisions of this Addendum and the HIPAA Privacy Rule.  Business Associate further agrees to cooperate with HHS, OCR, or any of its agents during any investigation and/or compliance review for the purpose of determining Client and/or Business Associate’s compliance with the HIPAA Privacy and/or Security Rules and this Addendum.  Business Associate shall notify Client immediately of any requests made by HHS, OCR or its agents pursuant to this provision. 

          C.     Upon request, Business Associate shall make available to Client for inspection any of Client’s PHI and EPHI that Business Associate, or any of its agents or subcontractors have in their possession.

IX.   TERM AND TERMINATION

          A.    Term.  This Addendum shall become effective on the date referenced above, and shall continue in effect while the Agreement remains in force and thereafter with respect to those obligations intended to survive the termination of this Addendum.  The Addendum shall terminate in accordance with the termination provisions of the Agreement and this Section IX.

          B.     Termination by Either Party.  Either party may immediately terminate the Agreement if such Party makes the determination that that the other Party has breached a material term of this Addendum.  Alternatively, in the non-breaching Party’s, sole discretion, the non-breaching Party shall provide the breaching Party with a written notice of the existence of a material breach and afford the breaching Party thirty (30) days to cure the material breach.  In the event the breaching Party fails to cure the material breach within such time period, the non-breaching Party may immediately terminate the Agreement.  Client also may report any material breach to the Secretary of HHS or OCR.

         C.     Effect of Termination.  Upon termination of the Agreement, Business Associate shall recover any PHI and EPHI in the possession of its subcontractors, agents or representatives.  Business Associate shall return to Client or destroy all such PHI and EPHI, plus all other PHI and EPHI in its possession, and shall retain no copies.  If Business Associate believes that it is not feasible to return or destroy the PHI and EPHI as described above, Business Associate shall notify Client in writing.  The notification shall include:  (1) a statement that Business Associate has determined that it is not feasible to return or destroy the PHI and EPHI in its possession, and (2) the specific reasons for such determination.  If Client agrees in its sole discretion that Business Associate cannot feasibly return or destroy the PHI and EPHI, Business Associate shall ensure that any and all protections, limitations and restrictions contained in this Addendum will be extended to any PHI and EPHI retained after the termination of the Agreement, and that any further uses and/or disclosures shall be limited to the purposes that make the return or destruction of the PHI and EPHI infeasible.  In any event, termination of this Agreement shall not relieve Business Associate of any of its duties concerning previously received PHI or EPHI, as mandated by law.

X.    COMPLIANCE WITH THE HITECH ACT

          A.    Minimum Necessary Information.  Business Associate agrees to use, disclose, and request only the minimum necessary amount of PHI from the Client in order to accomplish its duties under the Agreement.

          B.     Administrative Safeguards.  Business Associate shall comply with 45 C.F.R. §164.308, as periodically amended, which mandates, among other things, implementation of appropriate administrative safeguards of PHI held by the Business Associate relative to Client’s patients.  Business Associate shall adopt all relevant administrative standards, which include, but are not limited to, security management process, assigned security responsibility, workforce security, information access management, security awareness and training, security incident procedures, contingency plan, evaluation, business associate contract and other arrangements.

          C.     Physical Safeguards.  Business Associate shall comply with 45 C.F.R. §164.310, as periodically amended, which mandates, among other things, implementation of appropriate physical safeguards of PHI.  Business Associate shall adopt all relevant physical standards, which include, but are not limited to, access control, workstation use, workstation security, and device and media controls.

          D.    Technical Safeguards.  Business Associate shall comply with 45 C.F.R. §164.312, as periodically amended, which mandates, among other things, implementation of appropriate technical safeguards of PHI.  Business Associate shall adopt all relevant technical standards, which include, but are not limited to, access control, audit control, integrity, person or entity authentication, and transmission security.

         E.     Policies and Procedures and Documentation Requirements.  Business Associate shall comply with 45 C.F.R. §164.316, as periodically amended, which mandates, among other things, implementation of appropriate policies and procedures and documentation requirements of PHI.  Business Associate shall adopt all relevant policies and procedures and documentation standards, which include, but are not limited to, policies and procedures, and documentation. 

         F.     Privacy Requirements.  Business Associate shall comply with the privacy requirements of the HITECH Act, which are hereby incorporated into and made part of this Agreement.  By way of example and not limitation, Business Associate shall limit any necessary disclosures to the minimum necessary;  in the event that Business Associate maintains PHI in one or more designated record sets electronically, shall disclose PHI as necessary to comply with an individual’s request for an electronic copy of PHI; and shall comply with the prohibitions on sale of PHI.

          G.    Security and Notification Requirements.  Business Associate shall comply with the security requirements of the HITECH Act, which are hereby incorporated into and made part of this Agreement.  Business Associate shall notify Client of any security incident of which it becomes aware, including breaches of PHI.  Notice shall be made by the Business Associate to the Client’s HIPAA Officer within ten (10) days from the time the Business Associate is made aware of such breach by sending an email notice in a manner consistent with Section XII. F.  NOTICES below.  Such notice shall include the identification of each individual whose unsecured PHI has been, or is reasonably believed by the Business Associate to have been, accessed, acquired, or disclosed during such breach.  A breach shall be treated as discovered by the Business Associate as of the first day on which such breach is known to the Business Associate or, by exercising reasonable diligence, would have been known to the Business Associate.  The Business Associate shall be deemed to have knowledge of a breach if the breach is known, to any person, other than the person committing the breach, who is an employee, officer, or other agent of the Business Associate.

         H.    Retaliation.  Business Associate agrees that it shall refrain from engaging in any threatening, intimidating, and/or retaliatory action(s) against any person(s) making complaints to Business Associate, Client or HHS to enforce rights granted by HIPAA, as amended by the HITECH Act and/or to report acts or omissions that may violate said rights.

XI.   REMEDIES AND INDEMNIFICATION

A.    Business Associate acknowledges that the disclosure or use of PHI or EPHI in violation of this Agreement shall give rise to irreparable injury to Client which is inadequately compensable in monetary damages. Accordingly, Business Associate agrees that, in addition to any other legal or equitable remedies that may be available, Client shall be entitled to equitable relief, including an injunction and specific performance, in the event of any breach or threatened breach of this Agreement by the Business Associate or its employees or agents.

B.     In the event of litigation relating to this Agreement, if a court of competent jurisdiction determines that the Business Associates or any of its employees or agents has breached this Agreement, the Business Associate shall pay all reasonable attorney’s fees incurred by Client as a result of such breach.  In the event a judgment is secured by Client, all attorney’s fees, as determined by the court and not by a jury, shall be included in any such judgment.

C.     Limitation of Liability.  Client shall not be liable to Business Associate or any other person for any consequential, incidental, punitive or other damages arising from the PHI (including, but not limited to, errors or omissions in PHI) or from Client’s performance or failure to perform under this Agreement. 

D.    Indemnification. Business Associate agrees to defend, indemnify, and hold harmless Client from and against all costs, expenses, liabilities, losses, damages, injunctions, suits, fines, penalties, claims, and demands of every kind and nature, including reasonable attorneys’ fees and court costs, by or on behalf of any person, party, or governmental authority whatsoever arising out of Business Associate’s failure to comply with this Agreement or any applicable laws, requirements, rules or regulations for any federal, state, county or city governmental authority.

In the event of a Breach by Business Associate, its agents, employees, or subcontractors, Business Associate will reimburse and indemnify Client’s expenses and costs, including attorney’s fees, that are reasonably incurred due to the Breach, including costs associated with the notification of Individuals and the media, as well as credit monitoring and other mitigating actions if determined necessary by Client. 

XII. MISCELLANEOUS

         A.    Assignment.  No assignment of this Addendum or the rights and obligations hereunder shall be valid without the specific written consent of both parties hereto.

          B.     Governing Law.  This Addendum has been executed and delivered in, and shall be interpreted, construed, and enforced pursuant to and in accordance with the laws of the State of North Dakota.

         C.     Gender and Number.  Whenever the context hereof requires, the gender of all words shall include the masculine, feminine, and neuter, and the number of all words shall include the singular and plural.

          D.    Article and Other Headings.  The article and other headings contained in this Addendum are for reference purposes only and shall not affect in any way the meaning or interpretation of this Addendum.

          E.     Amendments and Addendum Execution.  This Addendum and amendments thereto shall be in writing and executed in duplicate originals.

          F.     Notices.  Any notices, demand, or communication required, permitted, or desired to be given hereunder shall be in writing and deemed effectively given when sent via email (and confirmation of the email is received within three (3) calendar days from the date of the notice), personally delivered, or mailed by prepaid certified mail, return receipt requested, addressed as follows:

                     To Business Associate:

Indispensable Health, LLC
114 E. Michigan Avenue, Suite 2
Grass Lake, MI 49240
Attn:  Todd Raehtz, CEO
Email: TRaehtz@indispensablehealth.com

                     To Client:  At Pharmacy Address Served

 or to such other address, and to the attention of such other person(s) or officer(s) as either party may designate by written notice to the other party.

         G.    Waiver of Breach.  The waiver by either party of a breach or violation of any provision of this Addendum shall not operate as, or be construed to be, a waiver of any subsequent breach of the same or other provision hereof.

         H.    Additional Assurance.  The provisions of this Addendum shall be self-operative and shall not require further agreement by the parties except as may be herein specifically provided to the contrary; provided, however, each party shall, at the request of the other, execute such additional instruments and take such additional acts as may be necessary to effectuate this Addendum.

         I.      Addendum Part of Agreement.  This Addendum is incorporated by reference and made a part of the Agreement.

         J.      Inconsistencies.  If any terms of this Addendum conflict with or are inconsistent with the terms of the Agreement, the terms of this Addendum shall prevail.

IN WITNESS WHEREOF, the parties, each intending to be legally bound, have duly executed this Addendum as of the day, month and year electronically acknowledged.

This document is attached to terms & conditions at sign up for https://hipaa.jotform.com/build/223476620782157