Provider Agreement

PROVIDER TRADING PARTNER AGREEMENT FOR DIRECT DATA ENTRY SERVICES

This Trading Partner Agreement For Direct Data Entry Services (hereinafter "Agreement") is made by and between United Concordia Companies, Inc. ("UCCI"), and "Provider," a licensed health care provider further identified on the form found at Appendix A attached.

WHEREAS, UCCI performs certain claims processing and administrative services; and,

WHEREAS, Provider renders certain professional health care services ("Services") to members of employer groups and individuals, and submits documentation of those Services to UCCI; and,

WHEREAS, Provider desires to transmit and UCCI desires to receive certain electronic communications (further defined below under the definition for Direct Data Entry), containing certain claims and billing information that may include identifiable financial and/or protected health information ("PHI") as defined under the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), 45 Code of Federal Regulations Parts 160-164, and applicable regulations that implement Title V of the Gramm-Leach-Bliley Act, 15 U.S.C. § 6801, et seq. (the "GLB Regulations") now or as later amended; and,

WHEREAS, UCCI agrees to safeguard any and all PHI or other Data received from Provider, and Provider agrees to safeguard any and all PHI or other Data transmitted to UCCI in accordance with any applicable HIPAA and the GLB Regulations; and,

WHEREAS, UCCI and Provider (the "Parties") desire to set forth in writing their understanding with respect to these communications and the covenant of confidentiality and non-disclosure of PHI or other Data.

NOW THEREFORE, in consideration of the mutual promises and covenants contained herein and other good and valuable consideration, the receipt of which is hereby acknowledged, the Parties hereto agree as follows:

I.          DEFINITIONS

Data.  Any information provided and/or made available by either of the Parties to the other, and includes, but is not limited to enrollment and eligibility data, claims data, and PHI.

Direct Data Entry.  Data that is input by the Provider into UCCI's computer systems without passing through any other party by means of a direct internet interface into those systems.

Health and Human Services ("HHS") Privacy Standard Regulation.  45 Code of Federal Regulations ("CFR") at Title 45, Parts 160 through 164.

HHS Transaction Standard Regulation. 45 CFR Parts 160 and 162.

Individual.  The person who is the subject of the Data, as defined by 45 CFR § 164.501.

Proprietary Data.  That information used in UCCI's business or business practices to which Provider would not otherwise have access but for its contractual relationship with UCCI, including but not limited to information systems technologies and practices, and operational processes.

II.         INTRODUCTION

This Agreement authorizes the Provider to electronically submit or access previously submitted Data, including PHI, through a public or private telecommunications network in an efficient and cost-effective manner without limiting the obligations of each party as set forth in this Agreement or imposed by applicable law, solely for the purposes set forth herein, in accordance with the terms "Standard" and "Transactions" as defined at 45 CFR § 160.103 (hereinafter aggregated and referred to as "Standard Transactions"), and the privacy standards described and referenced below. Any Data, Proprietary Data or PHI exchanged under this Agreement is to be used and exchanged solely as authorized by HIPAA, and is further subject to the terms and conditions set forth in this Agreement.

III.        TERM, TERMINATION and SUSPENSION

The term of this Agreement shall commence upon its execution.  Provider agrees that its ability to electronically transmit or access Data will cease if Provider or UCCI terminates this Agreement.

Either party may terminate this Agreement without cause upon sixty- (60) days written notice or immediately by either party for cause.  Cause shall include, but not be limited to, breach of any material term(s) of this Agreement, fraud, abuse, and/or failure to protect PHI.  The terminating party may rescind notice of termination if the other party successfully cures the breach complained of to the terminating party's satisfaction.  Each party may also temporarily suspend electronic communications under this Agreement to protect computer or data systems in cases of emergencies, or to perform maintenance.  Each party agrees to minimize the frequency and duration of these temporary suspensions.

IV.        UCCI OBLIGATIONS

A.         ID(s) and Password(s).  Upon execution of this Agreement, Provider will select logon ID(s) and password(s) to use to authenticate its identity when transmitting or accessing data electronically.  UCCI shall retain title to all logon ID(s) and password(s), and reserves the right to change, withdraw or suspend any logon ID or password at any time, for any reason, or if required to do so by law, regulation, or court order.  UCCI further retains, in its sole discretion, the right to approve, disapprove or withdraw Provider access to its system(s) or to certain or all of the Data contained within the system(s).
           
B.         Data.  The kinds or format of Data Provider may submit and UCCI may receive pursuant to this Agreement may change as a result of changes in law or regulation, or actions taken by an employer group in accordance with the terms and conditions of certain health care benefits contracts, or changes made to those contracts.  UCCI does not warrant the accuracy of the Data Provider accesses.  No electronic communication will give rise to any obligation until it is accessible by UCCI in UCCI's systems.  In addition, acceptance by UCCI of the Data Provider sends to UCCI electronically does not constitute guarantee of reimbursement.

V.        PROVIDER OBLIGATIONS and AUTHORIZATIONS

A.         Provision of/Access to Data.  Provider may provide UCCI with Data electronically, including minimum necessary PHI (see 45 CFR § 164.502(b)), in accordance with the terms of this Agreement.  Provider is solely responsible to ensure that the Data it provides UCCI is correct.  Provider may access only the Data it inputs into UCCI's systems.

B.         Logon ID and Password.  Provider agrees to protect logon ID(s) and password(s) from compromise, release or discovery by any unauthorized person, and shall not disclose logon ID(s) and password(s) to any third party in any manner.  If a breach of this provision occurs, Provider must notify UCCI immediately by calling Dental Electronic Services at (800) 633-5430.  Provider acknowledges and agrees that only Provider personnel it designates shall be permitted to use the logon ID(s) and password(s). Provider's use of logon ID(s) and password(s) constitutes an Electronic Signature that confirms Provider's willingness to: remain bound by these terms and conditions and ratify any transaction conducted electronically by UCCI.

C.            Provider's Costs.  Provider shall assume all its internal costs to transmit and access Data electronically including, but not limited to, the costs of computers, terminals, connections, modems, and browsers that, if necessary to comply with law or regulation, have the capability to use HIPAA-mandated code-set Standard Transactions; and the costs of providing sufficient security measures to safeguard receipt and transmission of PHI in electronic transactions that involve using the internet in accordance with 42 USC § 1320d-2(d), 45 CFR § 164.530 and the implementing regulations issued by HHS to preserve the integrity and confidentiality of, and to prevent non-permitted use or violations of disclosure of PHI.  Provider acknowledges that any changes made to Data may impact any reimbursement it may receive.

D.         Authorization to Use Data.  Provider's use of a UCCI system or process under this Agreement constitutes authorization and direction to UCCI to use PHI or other Data to adjudicate and process health care claims UCCI receives from Provider.   Provider may access and transmit only that Data related to services it provides for its patients.  Provider acknowledges that UCCI may disclose the PHI it makes available to UCCI concerning Individuals who are members of a plan to the plan sponsor consistent with HIPAA's requirements and the language set forth herein.

VI.        INDEMNIFICATION

Each party shall release, defend, indemnify and hold harmless the other party, its corporate subsidiaries, affiliates officers, directors, employees, agents, persons, firms, divisions, successors and assigns, against any and all: liability, losses or damages, whether direct or indirect, to person or property; claims; judgments; costs and reasonable attorney's fees; legal action or potential for the same which may result from that first party's improper use or unauthorized disclosure or use of Data or PHI in violation of this Agreement.  Each party assumes all liability for any damage, whether direct or indirect, to the Data or the other party's information systems caused by the unauthorized use of such Data or information systems by the first party, its employees or agents or any third party who gains access to the systems through their acts or omissions.  Neither party shall be liable to the other party for damages caused by circumstance beyond its control, including, without limitation: "hackers" who gain access to the system or Data in spite of a party's compliant security measures, a major disaster, epidemic, the complete or partial destruction of its facilities, riot, civil insurrection, war or similar causes.  Neither party shall be liable to the other party for any special, incidental, exemplary or  consequential damages.

VII.       COMPLIANCE WITH PRIVACY STANDARDS
                       
Each party will develop, implement, maintain and use appropriate administrative, technical and physical Data safeguards, in compliance with 42 U.S.C. § 1320d-2(d), 45 CFR § 164.530(c) and patient confidentiality provisions of applicable state statutes or regulations, and shall comply with any applicable GLB Regulations, or any amendments to any of these statutes or regulations.

Each party shall execute trading partner, and/or business associate agreements with subcontractors or agents that provide services involving maintenance, use or disclosure of PHI, ensuring that any subcontractors or agents to whom it provides PHI agree in writing to those restrictions that, with respect to such PHI, apply to that individual subcontractor or agent. Each party agrees that it will not maintain, use, make available or further disclose PHI other than as permitted or equired by this Agreement or as required by law.

If any activity under this Agreement would cause any Party to be considered a "Business Associate" of any other Party under 45 CFR. § 160.103, the following restrictions will apply to all uses and disclosures of PHI.  The Business Associate will: (i)  Not use or further disclose PHI other than as permitted or required by this Agreement, or to comply with judicial process or any applicable statute or regulation; (ii) Notify the other Party in advance of any disclosure of PHI that the Business Associate is required to make under any judicial or regulatory directive; (iii) Use appropriate safeguards to prevent use or disclosure of PHI other than for the purposes required in this Agreement; (iv) Report to the other parties any use or disclosure of PHI not provided for in this Agreement of which the Business Associate becomes aware; (v) Ensure that any agents or subcontractors to whom the Business Associate discloses PHI received from another party, or created on behalf of another party, agrees to the same restrictions and conditions that apply to the protection of information under this Agreement; (vi) Make PHI available to individuals as required by 45 CFR § 164.524; (vii) Make PHI available for amendment and incorporate any amendments to PHI in accordance with 45 CFR § 164.526; (viii) Make available the information required to provide an accounting of disclosures in accordance with 45 CFR § 164.528; (ix) Make its internal practices, books, and records relating to the use and disclosure of PHI received from, or created or collected by the Business Associate on behalf of another Party, available to the Secretary of HHS when called upon for purposes of determining the other Party's compliance with federal privacy standards; and (x) At termination of this Agreement, if feasible, return or destroy all PHI received from another Party, or created or collected by the Business Associate on behalf of the other Party, that the Business Associate still maintains in any form and retain no copies of such PHI or, if such return or destruction is not feasible, or if the PHI is still used to perform business functions, continue to treat all such PHI in accordance with the limits provided in this Agreement, and applicable law and regulation.

VIII.      SYSTEMS AND PERSONNEL SECURITY/UNAUTHORIZED DISCLOSURES.

The Parties shall comply with the final version of the data security standard promulgated by HHS (proposed version found at 45 CFR Part 142, published August 12, 1998, 63 Federal Register, Pages 43241-43280, the "Security Standard").  On or before the required compliance date of the final Security Standard, the Parties will adopt any necessary modifications to their practices for maintaining PHI or transmitting PHI electronically, and shall provide any written assurances required under the final Security Standard to prevent unauthorized access to Data.  If an unauthorized disclosure of PHI, or the discovery of unauthorized access to and/or tampering with the Data or UCCI's Proprietary Data is discovered, the disclosing party will immediately report to the other party, using the most expeditious medium available, no later than twenty-four (24) hours after such discovery/disclosure is made, the following information:  (i) the nature of the disclosure, (ii) PHI used or disclosed, (iii) the individual(s) who made and received the disclosure, (iv) any corrective action taken to prevent further disclosure(s) and mitigate the effect of the current disclosure(s), and (v) any such other information reasonably requested by the non-disclosing party.  The Parties will cooperate in the event of any litigation concerning unauthorized use, transfer or disclosure of such Data.

IX.        COMPLIANCE WITH STANDARD TRANSACTIONS

If required, the Parties shall comply with each applicable regulation if performing "Standard Transactions" including but not limited to the requirements and prohibitions found at 45 CFR § 162.915.

X.         NOTICES

Any notice relating to this Agreement shall be in writing and transmitted by Provider to either (i) U.S. Mail, first class, postage prepaid to Dental Electronic Services, 4401 Deer Path Road, P.O. Box 69408, Harrisburg, Pa 17106, or to such other address as is later supplied by UCCI; or (ii) facsimile transmission to (717) 260-7131, or to such other number as is later supplied by UCCI; and by UCCI to the address and number found at Appendix A.  Notices or communications shall be deemed given (a) in the case of transmittal by U.S. mail, on the date of receipt by the addressee and (b) in the case of or facsimile transmission, on the date the facsimile is sent.

XI.        RECORDS AND AUDIT

The Parties shall maintain, in accordance with their document retention policies and applicable law and regulation, and for a minimum of seven (7) years, true and correct copies of any source documents from which they reproduce Data.  UCCI reserves the right to audit those records and security methods of Provider necessary to ensure compliance with this Agreement or to ensure that adequate security precautions have been made to prevent unauthorized disclosure of any Data.

XII.       SURVIVAL OF PROVISIONS

Any provision of this Agreement that requires or reasonably contemplates the performance or existence of obligations by either party after the termination of the Agreement shall survive such termination.

XIII.      ASSIGNMENT

No right or interest in this Agreement shall be assigned by either party without the prior written permission of the other party.

XIV.      GOVERNING LAW

The construction, interpretation and performance of this Agreement and all transactions under it shall be governed by the laws of the Commonwealth of Pennsylvania, except to the extent federal law preempts them.

XV.       WAIVER OF RIGHTS

No course of dealing or failure of either party to strictly enforce any term, right or condition of the Agreement shall be construed as a waiver of such term, right or condition.

XVI.      SEVERABILITY

If any provisions of this Agreement shall be deemed invalid or unenforceable, such invalidity or unenforceability shall not invalidate or render unenforceable the entire Agreement, but rather the entire Agreement shall be construed as if not containing those invalid or unenforceable provision(s), and the rights and obligations of each party shall be construed and enforced accordingly.

XVII.     ENTIRE AGREEMENT

This Agreement and any Exhibits and Attachments thereto shall constitute the entire Agreement between the Parties with respect to the subject matter of this Agreement and shall not be altered, varied, revised or amended except in writing signed by both Parties.  The provisions of this Agreement supersede all prior oral or written quotations, communications, agreements and understandings of the Parties with respect to the subject matter of this Agreement.

BY CLICKING ON THE "I Agree" BUTTON FOUND BELOW, the individual with authority to bind Provider is representing that he/she has read the foregoing Agreement and agrees on behalf of the party it represents to be bound by it.  For purposes of this Agreement, an electronic signature shall have the full force and legal effect of an original signature.

United Concordia Companies, Inc.
PRODUCER PORTAL ELECTRONIC SERVICES AGREEMENT

This Producer Portal Electronic Services Agreement ("Agreement") is made by and between United Concordia Companies, Inc. ("United Concordia") and the user of Producer Portal electronic services identified below ("User").

USER'S REPRESENTATIONS
User represents that it is one of the following: a licensed insurance producer; an individual insurance agent/broker; a licensed individual principal of an insurance agency; or a licensed producer associated with and insurance agency.  User is not currently employed by another dental insurance company.  User further represents that it desires to use the electronic communications services provided by United Concordia in this producer portal web site ("Producer Portal Services") to evaluate or sell United Concordia insurance programs.
 
 
TERMS AND CONDITIONS
1. Coordination with Other Contracts. This Agreement supplements, and should be interpreted consistently with, the benefits contract, producer agreement, agency agreement or any other agreements adopted now or in the future by the Parties ("Other Contract").  If not terminated earlier in accordance with Paragraph 20 below, access to data under this Agreement will be discontinued concurrently with termination of such Other Contract.
 
2. Users of United Concordia Producer Portal Services.  
a) User has reasonable policies, procedures and safeguards in place to assure that all Protected Health Information is used and disclosed only in accordance with the HIPAA Privacy Rule.
b) If User is authorized to access data on behalf of multiple United Concordia Customers, User will furnish a broker-of-record letter or similar written authorization to United Concordia from each Customer should proposal result in sale.
 
3. Use of Logon IDs and Passwords.  The use of logon IDs and passwords to access United Concordia Producer Portal Services confirms the User's continuing agreement to be bound to the terms and conditions of this Agreement.  
 
4. Protection of IDs and Passwords.  Only Users approved by United Concordia shall be permitted to use logon IDs and passwords to access United Concordia Producer Portal Services.  Each User shall keep logon IDs and passwords confidential and protect them from compromise or disclosure to third parties.  If User suspects that a password has been compromised for any reason (e.g., the password has been disclosed to an unauthorized person, or an employee or agent having access to the password has been terminated from service or discloses his or her intent to resign), User shall notify United Concordia as soon as possible so that United Concordia can disable the applicable logon ID and/or password.  User is responsible for any breaches of security relating to use of any logon ID and password until United Concordia has disabled that logon ID and password.
 
5. Compliance with Minimum Necessary Standard.  The Parties will transmit through United Concordia Producer Portal Services only for plan administration functions in accordance with the "minimum necessary standard" established under 45 C.F.R. § 164.502(b).
 
6. Data Security.  Each Party shall maintain reasonable and appropriate security procedures to prevent unauthorized access to data in User's office(s) or information system(s).  Where applicable, such procedures will be consistent with the standards of the HIPAA Security Rule.  Each Party will notify the other promptly of any suspected breach of data security.
 
7. Confidential and Proprietary Information.  Any information disclosed by either Party through United Concordia Producer Portal Services that relates to the other Party's business practices, strategies, developments, products, services, trade secrets and know-how ("Proprietary Information") is strictly confidential and proprietary.  The Parties will handle and use the Proprietary Data in a manner that preserves and protects its confidential and proprietary nature.  Except as directly necessary to accomplish Plan administration functions, the Parties will not disclose, or make use of the Proprietary Information, and will take all reasonable steps to prevent all other persons from disclosing, passing on or making use of Proprietary Information for purposes other than those authorized in this Agreement.
 
8. Costs.  User shall be responsible for costs of accessing United Concordia Producer Portal Services, including the cost of computers, software, connections, modems and Internet service providers.
 
9. Liability.  User shall be responsible for any damage to United Concordia's information systems caused by unauthorized use or misuse of United Concordia Producer Portal Services.
 
10. Amendment.  United Concordia may require User to make further amendment to this Agreement as necessary to keep the delivery, use and disclosure of data compliant with applicable laws and regulations.  By acceptance of this Agreement, each User agrees to be bound by any such amendment.

11. Representation of United Concordia.  No User is authorized to represent or act on behalf of United Concordia, or solicit applications for issuance of United Concordia's group products, until the Terms and Conditions of this Agreement have been accepted.  Such authorization is effective on the date on which User accepts this Agreement through electronic communication.

12. Acceptance of Business.  No business will be accepted from any User unless User is appointed by the applicable United Concordia underwriting company, or completed appointment paperwork, including a signed producer agreement, is submitted by User to United Concordia.
 
13. Representations Regarding United Concordia Products.  User shall not make any representations regarding any United Concordia product, except as may be contained in the written materials available on this web site, or such materials as may otherwise be provided to User by United Concordia.  User shall not make any oral or written modification or waiver of any of the terms or conditions of any United Concordia product or rate quotation without the prior written authorization of United Concordia.

14. Compliance with Applicable Law.  User agrees to comply with all applicable state and federal laws, including laws requiring producer licensing and appointment.

15. Commissions.  United Concordia will pay commissions to User in accordance with the terms of a comprehensive written producer agreement entered between the Parties.  No commission will be paid by United Concordia unless the User is designated in writing by the group as the producer of record.
 
16. Representations of Producer.  User represents and warrants that it holds a current, valid producer license in the state(s) in which it will solicit applications for United Concordia group products.  User further represents and warrants that its producer license reflects the lines of authority necessary to solicit insurance in the applicable state.

17. Compliance with United Concordia Procedures and Policies.  User shall comply with all United Concordia guidelines, procedures and policies that are set forth in this Web site, or that may otherwise be provided to User, relating to the sale negotiation, solicitation or underwriting of group insurance business.
 
18. Independent Contractor.  The relationship between United Concordia and User is that of independent contractors.  Acceptance of these terms and conditions by User does not establish an employment relationship between United Concordia and User.

19. Trademarks.  The United Concordia trademarks, service marks, trade names, logos, domain names and icons appearing on this Web site, whether registered or not, are the property of United Concordia.  The User is not authorized to use these marks and other property of United Concordia without its prior written consent.
 
20. Termination.  Either Party may terminate this Agreement without cause upon sixty (60) days written notice, or immediately for cause.  Cause shall include, but not be limited to, breach of any material term of this Agreement, fraud or abuse.  United Concordia may also immediately terminate a User's access to United Concordia Producer Portal Services at any time if there are reasonable grounds to believe that the User has failed to properly manage logon IDs, passwords and/or data security as required by this Agreement, or if continuing the User's access threatens to cause a violation of applicable laws and regulations.  Each Party may also temporarily suspend electronic communications under this Agreement to protect computer or data systems in cases of emergencies, or to perform maintenance.  Each Party agrees to minimize the frequency and duration of these temporary suspensions.

21. Notices.  Any required notices under this Agreement may be given electronically through the same electronic medium used in accepting this Agreement, or by mail to the street address of United Concordia shown below.
 
22. Binding Agreement.  The parties intend to be legally bound by the terms of this Agreement.
 
Presentation and acceptance of this agreement through electronic communication will be effective to bind the Parties to the same extent as if the Parties affixed written signatures to a printed document.
 
 
UNITED CONCORDIA COMPANIES, INC.
UNITED CONCORDIA DENTAL PLANS OF CALIFORNIA
UNITED CONCORDIA INSURANCE COMPANY
UNITED CONCORDIA LIFE AND HEALTH INSURANCE COMPANY
Address: 4401 Deer Path Rd.

         Harrisburg, PA   17110