The URL can be used to link to this page

21-697ORDINANCE NO. 21-697 AN ORDINANCE OF THE CITY OF DENTON, AUTHORIZING THE CITY MANAGER, OR THER DESIGNEE, TO EXECUTE A CONFIDENTIALITY AND NON-DISCLOSURE AGREEMENT FOR EXTERNAL AUDITING SERVICES OF THE CITY’S HEALTH PLAN CLAMS BETWEEN THE CITY, UNITED HEALTHCARE SERVICES, INC., AND BMI AUDIT SERVICES, LLC; PROVIDING FOR A SEVERABILITY CLAUSE; AND PROVIDING FOR AN EFFECTIVE DATE. WHEREAS, BMI Audit Services, LLC (“BMI”) is an Indiana Limited Liability Company with offices in South Bend, Indiana; and WHEREAS, Denton requires a full audit of the City’s health plan to review medical and prescription claims and ensure compliance with the plan’s contracts and other applicable measures; and WHEREAS, to perform the audit, BMI must access information from United HealthCare Services, Inc. (“UHC”), including claims data containing Protected Health Information (“PHI”) and other information that UHC considers proprietary and confidential; and WHEREAS, BMI requires that Denton execute a confidentiality agreement prior to sharing and discussing detailed data and information to ensure that any information shared will be kept as confidential; and WHEREAS, the City Council finds it is in the public interest for the City Manager, or their designee, to execute the attached Confidentiality and Non-Disclosure Agreement after approval of the same by the City Attorney, or his designee; NOW, THEREFORE, THE CITY COUNCIL, OF THE CITY OF DENTON HEREBY ORDAINS: SECTION 1. The findings and recitations contained in the preamble of this Ordinance are incorporated herein by reference. SECTION 2. The City Manager, or their designee, is authorized to execute the attached Confidentiality and Non-Disclosure Agreement with BMI, after the same has been approved by the City Attorney, or their designee, without further authority, guidance, or direction from the City Council, and is further authorized to carry out the rights, duties, obligations and responsibilities of the City under the Agreement. SECTION 3. If any section, subsection, paragraph, sentence, clause, phrase or word in this ordinance, or application thereof to any person or circumstances is held invalid by any court of competent jurisdiction, such holding shall not affect the validity of the remaining portions of this ordinance, and the City Council of the City of Denton, Texas, hereby declares it would have enacted such remaining portions despite any such invalidity. SECTION 4. This Ordinance shall become effective immediately upon its passage and approval. ,.„.%gWVy"""'"”"’T'TEtH by the following vote n - L] : Aye \/ V, Vr V \/ Nay Abstain Absent Mayor Gerard Hudspeth: Birdia Johnson, District 1 : Connie Baker, District 2: Jesse Davis, District 3 : John Ryan, District 4: Deb Armintor, At Large Place 5 : Paul Meltzer, At Large Place 6: al % PASSED AND APPROVED this the aF day of .APc~ \, 2021. 4(Pa;4 O \\\111111/1 DEOF++••e••ATTEST: ROSA RIOS, CITY SECRETARY al %aH APPROVED AS TO LEGAL FORM: AARON LEAL, CITY ATTORNEY DigItally signed by Marcella Lunn DN: doom. dc=cttyofdenton. dc=ccxiad. Government. ou=Legal. cn=Marcella Lunn, DocuSign Transmittal Coversheet File Name Purchasing Contact Contract Expiration Legal Approval Dept Approval DocuSign Envelope ID: 56CE23D6-304A-474C-992B-421AD6CBACAF NA 7615 NDA Lori Hewell 1 NONDISCLOSURE AND DATA USE AGREEMENT (2/21) NONDISCLOSURE AND DATA USE AGREEMENT This Nondisclosure and Data Use Agreement (this “Agreement”) is entered into as of __________, 2021, (the “Effective Date”) by and among the following parties: ▪ United HealthCare Services, Inc. (“United”) ▪ City of Denton (“Customer”) and ▪ BMI Audit Services, LLC (“Vendor”) Customer, Vendor and United are referred to individually as a “Party” and collectively as the “Parties.” Any Party who receives Confidential Information, as defined below, is referred to as a “Receiving Party.” 1. Purpose of Data Release; Services. United and Customer have entered or intend to enter into an agreement under which United provides or will provide benefits administration and other related services to Customer or Customer’s employee welfare benefit plan (the “Plan”). On behalf of the Customer or the Plan, the Receiving Parties will provide the services set forth below (the “Services”): (a) Vendor will perform a transactional claims audit. Confidential Information disclosed to Vendor will solely be used for purposes of selection of a sample of claims and subsequent determination of the accuracy of those sample claims transactions selected for audit. United may release certain Confidential Information to the Receiving Parties to perform the Services. 2. Confidential Information. “Confidential Information” means all information that is disclosed or made available by United or its affiliates in connection with the Services under this Agreement, regardless of form or the manner in which it is furnished. The definition of Confidential Information includes, without limitation: (a) pricing, discounts, reimbursement terms, payment methodologies and payment processes, compensation arrangements and any similar commercial information and (b) data, information, statistics, trade secrets and any information about business, costs, operations, techniques, know-how or intellectual property. Any material that is derived from or developed from Confidential Information will be deemed Confidential Information for purposes of this Agreement, regardless of the person creating, disclosing or making available such material. Any Confidential Information included in preparations, proposals, scope documents, discussions, findings, summaries, reports and conclusions remains Confidential Information. Confidential Information does not include: (a) information that is or becomes generally available to the public other than as a result of a disclosure by a Receiving Party in violation of this Agreement or other agreement between the Receiving Party and United, (b) information either obtained from a third party other than United or already in a Receiving Party’s possession before receipt from United, if the Receiving Party can demonstrate such information was lawfully obtained and not subject to another obligation of confidentiality, and (c) information independently developed without reference to Confidential Information, if the Receiving Party can demonstrate such independence through contemporaneous written records. 3. Conditions for Release. United will require Customer authorization prior to the release of certain Confidential Information. Each Receiving Party agrees that it has entered into and shall maintain any agreements with Customer as required under applicable law and regulations, which may include, without limitation, a business associate agreement as contemplated by the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations, as amended (“HIPAA”). The content, means and frequency of disclosure of Confidential Information are at the sole discretion of United. United may stop its release of Confidential Information and may withdraw its consent for any Receiving Party to disclose, or its permission for any Receiving Party to use, Confidential Information at any time. 4. Nondisclosure. Unless specifically authorized in this Section 4 or permitted under Section 5, a Receiving Party shall not disclose Confidential Information to any other person or entity without United’s prior written consent. Only the following disclosures are permitted: (a) a Receiving Party may disclose Confidential Information to an Authorized Employee. An “Authorized Employee” means an employee of the Receiving Party who is required to have access in order to perform the Services and is bound by the strict confidentiality standards and related obligations in this Agreement. An Authorized Employee must only access Confidential Information to the extent necessary for his or her duties directly relating to the Services. An Authorized Employee may not be any individual who has responsibility for or is involved in (i) provider or network development or contracting activities or (ii) negotiating pricing or contract terms for products or services on behalf of any coalition or collective. (b) Any Receiving Party may release Confidential Information to Customer in connection with the Services, but only after any Confidential Information that directly or indirectly identifies Rate Information has been removed or Blinded. DocuSign Envelope ID: 56CE23D6-304A-474C-992B-421AD6CBACAF 04/20/2021 2 NONDISCLOSURE AND DATA USE AGREEMENT (2/21) “Rate Information” means pricing, discounts, reimbursement terms, payment methodologies, and payment processes, compensation arrangements and any similar commercial information, between or on behalf of United (including its affiliates) and a healthcare provider (including without limitation physicians, group practices, hospitals, ambulatory surgical centers or other facilities), drug manufacturer, drug wholesaler or pharmacy. “Blinded” means that information has been sufficiently de-identified and aggregated such that the resulting information cannot be used to identify, directly or indirectly, any Rate Information, or any healthcare provider or member. 5. Compelled Disclosure. If a Receiving Party is requested or required to disclose Confidential Information by subpoena, legal process or applicable law, including public records acts, the Receiving Party shall (to the extent permitted by law), provide United with immediate written notice of that request or requirement. Failure to provide this notice to United will constitute a material breach of this Agreement. The Receiving Party shall reasonably cooperate in any efforts by United to seek an appropriate protective order or other remedy or otherwise challenge or narrow the scope of that disclosure request or requirement. If a protective order or other remedy is not obtained, the Receiving Party shall furnish only that portion of the Confidential Information that is legally required. 6. Permitted Uses. A Receiving Party shall use Confidential Information solely to perform Services for Customer as identified in Section 1. 7. Restrictions on Use. A Receiving Party and its Authorized Employees shall not use Confidential Information for any purpose other than to perform the Services for Customer as identified in Section 1. Without limiting the generality of the preceding sentence, each Receiving Party and its Authorized Employees shall not, directly or indirectly, for itself or another person: (a) sell, license or grant any other rights to Confidential Information. (b) derive any Rate Information not provided by United. (c) use or contribute Confidential Information for the creation, operation or improvement of any product, service or database for external or commercial use. Notwithstanding anything to the contrary contained in this Agreement, Customer shall not be prohibited from: (1) providing provider-specific cost or quality of care information or data, through a consumer engagement tool or any other means, to referring providers, the plan sponsor, enrollees, or individuals eligible to become enrollees of the plan or coverage; (2) electronically accessing de-identified claims and encounter information or data for each enrollee in the plan or coverage, upon request and consistent with the privacy regulations promulgated pursuant to section 264(c) of HIPAA, the amendments made by the Genetic Information Nondiscrimination Act of 2008 (“GINA”), and the Americans with Disabilities Act of 1990 (“ADA”), including, on a per claim basis: (a) financial information, such as the allowed amount, or any other claim-related financial obligations included in the provider contract; (b) provider information, including name and clinical designation; (c) service codes; or (d) any other data element included in claim or encounter transactions; or (3) sharing information or data described in subparagraph (1) or (2), or directing that such data be shared, with a business associate as defined in section 160.103 of title 45, Code of Federal Regulations (or successor regulations), consistent with the privacy regulations promulgated pursuant to section 264(c) of HIPAA, the amendments made by GINA, and the ADA. Before Customer shares data with a business associate pursuant to this subsection, such business associate must sign a mutually agreed-upon confidentiality agreement with United. 8. Additional Agreements. (a) Each Receiving Party shall have in place sufficient administrative, physical and technical security safeguards and firewalls to prevent Confidential Information from unauthorized use, access or disclosure, and shall demonstrate such sufficiency if requested by United. If a Receiving Party becomes aware of any information indicating an actual or likely breach of any provision of this Agreement, the Receiving Party shall immediately, not to exceed 3 business days, inform United and cooperate with United to address the issue. Each Receiving Party shall comply with all applicable laws and regulations governing the use and disclosure of Confidential Information. (b) A Receiving Party may use a third party to host and store United’s Confidential Information (“Host Provider”). United may revoke this consent for any reason. In the event of such revocation, the Receiving Party will have fifteen days to effectuate the removal of United’s Confidential Information from Host Provider’s information systems and certify to United that it was removed. A Receiving Party is liable for the acts and omissions of the Host Provider. A DocuSign Envelope ID: 56CE23D6-304A-474C-992B-421AD6CBACAF 3 NONDISCLOSURE AND DATA USE AGREEMENT (2/21) Receiving Party shall bind Host Provider in writing to terms and conditions outlining the protections and security of United’s Confidential Information substantially similar to the terms and conditions in this Agreement. (c) A Receiving Party must promptly notify United after it is subject to a merger, change of control or sale of substantially all its assets so that United may assess the ongoing disclosure and use of Confidential Information. A Receiving Party shall not disclose, or grant access, to Confidential Information to any other entity or person in connection with a merger, change of control or sale of substantially all its assets without United’s prior written approval. (d) Confidential Information is made available as is. United makes no express or implied representation or warranty regarding fitness for any purpose. (e) To the extent permitted by law, Customer shall indemnify, release and hold harmless United and its affiliates and each of their officers, directors, employees and agents from and against any claim, cause of action, liability, damage, cost, or expense (including attorneys’ fees) arising out of or in connection with (i) the release and use of Confidential Information under this Agreement and (ii) a breach of this Agreement by the Receiving Party. 9. Termination of Rights. (a) A Receiving Party’s right to use Confidential Information will terminate on the earliest of (i) conclusion of the Services performed by the Receiving Party or termination of the relationship between a Receiving Party and Customer, (ii) termination of the services provided under the agreement(s) between United and Customer, or (iii) United withdrawing its consent to use Confidential Information. (b) Following the termination of rights set forth in Subsection 9(a), each Receiving Party will destroy or delete all Confidential Information in its possession and instruct its Authorized Employees to destroy or delete all Confidential Information in their possession. The Receiving Party will certify such destruction or deletion to United upon request. To the extent full destruction or deletion is infeasible, a Receiving Party may retain Confidential Information on a limited basis (i) to the extent required by applicable law, including public records act obligations, or the professional standards of the Receiving Party’s professional governing body, and (ii) to the extent Confidential Information has been electronically archived and cannot be reasonably extracted, and (iii) to defend its work product as it relates to the Services. Notwithstanding the foregoing, healthcare provider contracts or extracts from those documents may never be retained. Confidential Information retained pursuant to this Subsection 9(b) will remain subject to the terms of this Agreement. 10. General Provisions. (a) Remedies. A Party shall be responsible for a breach of the terms of this Agreement whether breached directly by such Party or through its affiliates, directors, officers, employees or agents. A Party shall have the right, in addition to any other rights and remedies it may have, at law, in equity or otherwise, to injunctive relief in any court of competent jurisdiction to restrain any breach of this Agreement or otherwise to specifically enforce any provision of this Agreement. No failure or delay by a Party in exercising any right hereunder will operate as a waiver thereof. (b) Assignment. A Receiving Party may not assign any of its rights or obligations under this Agreement without United’s prior written approval. (c) Entire Agreement. This Agreement contains the entire agreement between the Parties concerning the confidentiality and use of Confidential Information, and no modification of this Agreement or waiver of the terms and conditions hereof shall be binding upon a Party, unless approved in writing by such Party. (d) Governing Law. This Agreement shall be governed by, construed and enforced in accordance with the laws of the State of Texas, without regard to the conflict of laws, rules or principles thereof. (e) Counterparts; Electronic Signatures. This Agreement may be executed in any number of counterparts (including counterparts by any form of electronic communication) and all such counterparts taken together shall be deemed to constitute one and the same instrument. The Parties shall be entitled to rely upon delivery of an executed facsimile or similar executed electronic copy of this Agreement (including by means of an electronic signature), and such facsimile or similar executed electronic copy shall be legally effective to create a valid and binding agreement among the Parties. DocuSign Envelope ID: 56CE23D6-304A-474C-992B-421AD6CBACAF 4 NONDISCLOSURE AND DATA USE AGREEMENT (2/21) The Parties have entered into this Agreement effective as of the Effective Date. United HealthCare Services, Inc. By: __________________________________________ Name: Title: Date: BMI Audit Services, LLC City of Denton By __________________________________________ By __________________________________________ Name: Name: Title: Title: Date: Date: 00063610.0 (03/2021) DocuSign Envelope ID: 56CE23D6-304A-474C-992B-421AD6CBACAF 04/20/2021 Sara Hensley Interim City Manager Certificate Of Completion Envelope Id: 56CE23D6304A474C992B421AD6CBACAF Status: Completed Subject: Please DocuSign: NDA 7615 Source Envelope: Document Pages: 5 Signatures: 3 Envelope Originator: Certificate Pages: 2 Initials: 0 Lori Hewell AutoNav: Enabled EnvelopeId Stamping: Enabled Time Zone: (UTC-06:00) Central Time (US & Canada) 901B Texas Street Denton, TX 76209 lori.hewell@cityofdenton.com IP Address: 198.49.140.104 Record Tracking Status: Original 4/5/2021 11:47:06 AM Holder: Lori Hewell lori.hewell@cityofdenton.com Location: DocuSign Signer Events Signature Timestamp Lori Hewell lori.hewell@cityofdenton.com Purchasing Manager City of Denton Security Level: Email, Account Authentication (None) Completed Using IP Address: 198.49.140.104 Sent: 4/5/2021 11:50:58 AM Viewed: 4/5/2021 11:51:10 AM Signed: 4/5/2021 11:51:24 AM Electronic Record and Signature Disclosure: Not Offered via DocuSign Marcella Lunn marcella.lunn@cityofdenton.com Deputy City Attorney City of Denton Security Level: Email, Account Authentication (None) Signature Adoption: Pre-selected Style Using IP Address: 68.185.202.16 Signed using mobile Sent: 4/5/2021 11:51:26 AM Viewed: 4/5/2021 11:51:42 AM Signed: 4/5/2021 11:53:08 AM Electronic Record and Signature Disclosure: Not Offered via DocuSign tiffany thomson tiffany.thomson@cityofdenton.com Director of Human Resources City of Denton Security Level: Email, Account Authentication (None) Signature Adoption: Pre-selected Style Using IP Address: 47.4.22.147 Sent: 4/5/2021 11:53:09 AM Viewed: 4/5/2021 2:39:33 PM Signed: 4/5/2021 2:39:42 PM Electronic Record and Signature Disclosure: Not Offered via DocuSign Cheyenne Defee cheyenne.defee@cityofdenton.com Contract Administrator City of Denton Security Level: Email, Account Authentication (None) Completed Using IP Address: 198.49.140.104 Sent: 4/5/2021 2:39:44 PM Viewed: 4/21/2021 8:26:39 AM Signed: 4/21/2021 8:27:01 AM Electronic Record and Signature Disclosure: Not Offered via DocuSign Signer Events Signature Timestamp Sara Hensley sara.hensley@cityofdenton.com Interim City Manager City of Denton Security Level: Email, Account Authentication (None) Signature Adoption: Pre-selected Style Using IP Address: 198.49.140.10 Sent: 4/21/2021 8:27:02 AM Viewed: 4/21/2021 8:31:23 AM Signed: 4/21/2021 8:31:30 AM Electronic Record and Signature Disclosure: Not Offered via DocuSign In Person Signer Events Signature Timestamp Editor Delivery Events Status Timestamp Agent Delivery Events Status Timestamp Intermediary Delivery Events Status Timestamp Certified Delivery Events Status Timestamp Carbon Copy Events Status Timestamp Cheyenne Defee cheyenne.defee@cityofdenton.com Contract Administrator City of Denton Security Level: Email, Account Authentication (None) Sent: 4/5/2021 11:51:25 AM Electronic Record and Signature Disclosure: Not Offered via DocuSign Sherri Thurman sherri.thurman@cityofdenton.com City of Denton Security Level: Email, Account Authentication (None) Sent: 4/5/2021 2:39:44 PM Electronic Record and Signature Disclosure: Not Offered via DocuSign Gretna Jones gretna.jones@cityofdenton.com Legal Secretary City of Denton Security Level: Email, Account Authentication (None) Sent: 4/5/2021 2:39:44 PM Viewed: 4/5/2021 3:05:23 PM Electronic Record and Signature Disclosure: Not Offered via DocuSign Witness Events Signature Timestamp Notary Events Signature Timestamp Envelope Summary Events Status Timestamps Envelope Sent Hashed/Encrypted 4/5/2021 11:50:58 AM Certified Delivered Security Checked 4/21/2021 8:31:23 AM Signing Complete Security Checked 4/21/2021 8:31:30 AM Completed Security Checked 4/21/2021 8:31:30 AM Payment Events Status Timestamps