printer-friendly

Sample Business Contracts

Services Agreement [Amendment No. 4] - Exult Inc. and Prudential Insurance Co. of America

Sponsored Links


                      AMENDMENT NO. 4 TO SERVICES AGREEMENT
                       HIPAA BUSINESS ASSOCIATE AMENDMENT

This HIPAA Business Associate Amendment (the "AMENDMENT"), shall be effective as
of April 14, 2003 (the "EFFECTIVE DATE"), shall amend that certain Services
Agreement by and between Prudential and Company dated as of January 11, 2002, as
amended (the "SERVICES AGREEMENT"), and is entered into by and between The
Prudential Insurance Company of America ("PLAN SPONSOR"), with offices at 751
Broad Street, Newark, NJ 07102 and the Administrative Committee on behalf of The
Prudential Welfare Benefits Plan, The Prudential Flexible Benefits Plan, the
Prudential Medical Access Plan and the Prudential Executive Medical Access Plan
("PLAN ADMINISTRATOR") (together "PRUDENTIAL") and Exult, Inc. ("COMPANY").

Prudential and Company agree that the terms and conditions of this Amendment
shall supplement and govern uses and disclosures of Protected Health Information
("PHI") as defined in the federal health Privacy Rules (as defined below), and
shall be effective and apply notwithstanding any conflicting provisions of the
Services Agreement.

Company and Prudential acknowledge the provisions herein are set forth pursuant
to the requirements promulgated by the Secretary ("SECRETARY") of the Department
of Health & Human Services pursuant to the Health Insurance Portability and
Accountability Act of 1996 (Pub. L. 104-191), and promulgated in the Standards
for Privacy of Individually Identifiable Health Information at 45 CFR part 160
and part 164, subparts A and E (the "PRIVACY RULES").

Company and Prudential further acknowledge that (i) Company is, or may be deemed
to be, a "Business Associate" of Prudential, as the term is defined under the
Privacy Rules, and (ii) The Prudential Welfare Benefits Plan, The Prudential
Flexible Benefits Plan, the Prudential Medical Access Plan and the Prudential
Executive Medical Access Plan are "Covered Entities" as that term is defined
under the Privacy Rules. The terms used in this Amendment, but not otherwise
defined, shall have the same meanings as those terms in 45 CFR 160.103 and
164.501 or in the Services Agreement, as applicable. References to the Privacy
Rules shall mean as enacted and shall include any later amendments, deletions or
revisions.

A.    OBLIGATIONS OF COMPANY

1.    Company shall only use or disclose PHI as set forth in and in accordance
      with this Amendment or as required by law. Company shall not use or
      disclose PHI in any manner, for any other purpose, or disclose it to any
      third party, other than as authorized by this Amendment or as required by
      law. The term "REQUIRED BY LAW" shall have the same meaning as the term
      "required by law" in 45 CFR Section 164.501. "PHI" shall have the same
      meaning as it has in 45 CFR Section 164.501 of the Privacy Rules, limited
      to the information created or received by Company from or
<PAGE>
                      AMENDMENT NO. 4 TO SERVICES AGREEMENT
                       HIPAA BUSINESS ASSOCIATE AMENDMENT

on behalf of Prudential. The PHI subject to this Amendment shall be that
pertaining to any "INDIVIDUAL" (as that term is defined in 45 CFR Section
164.501 of the Privacy Rules, and shall include a person who qualifies as a
personal representative in accordance with 45 CFR 164.502(g)) who has made
application to be or is covered under: the Medical, Global Medical, Dental,
Global Dental, Vision, or Long Term Care Benefits provided under the Prudential
Welfare Benefits Plan; the Health Care Reimbursement Benefits provided under the
Prudential Flexible Benefits Plan; the Prudential Medical Access Plan; or the
Prudential Executive Medical Access Plan and whose PHI is subject to the Privacy
Rules. Company hereby represents that it will make reasonable efforts to limit
any PHI it shall require from Prudential to the minimum necessary, as defined in
45 CFR Section 164.502(b), for the Company's stated purposes under the Services
Agreement and acknowledges that Prudential shall rely upon such representation
with respect to any request for PHI from Company. Company shall not use or
disclose PHI in a manner that would violate the requirements of the Privacy
Rules if such use or disclosure were made by Prudential. In addition:

      (a)   Company may use or disclose PHI for the proper management and
            administration of Company, and to carry out the legal
            responsibilities of Company; provided that:

                        (i)   the disclosure is required by law; or

                        (ii)  Company obtains reasonable assurance from a third
                              person to whom the PHI is disclosed that such PHI
                              will remain confidential, be used or further
                              disclosed only as required by law or for the
                              reasons it was disclosed to the third person, and
                              the third person notifies Company of any instances
                              of which it is aware in which the confidentiality
                              of the PHI has been breached;

      (b)   Company may use or disclose PHI to provide data aggregation services
            relating to the "HEALTH CARE OPERATIONS," (as defined in the Privacy
            Rules) of Prudential if such services are provided for in the
            applicable arrangements or agreements between Prudential and
            Company.

2.    Company shall not use or further disclose PHI other than as permitted or
      required by this Amendment or as required by law.

3.    Company shall use appropriate safeguards to prevent use or disclosure of
      PHI other than as provided for by this Amendment or as required by law.

4.    Company shall report to Prudential any use or disclosure of PHI, not
      provided for by this Amendment or as required by law, of which Company
      becomes aware.

5.    Company shall ensure that any agents, including any subcontractors, to
      whom it provides PHI received from, or created or received by the Company
      on behalf of Prudential agrees to substantially the same restrictions and
      conditions that apply to it through this Amendment with respect to such
      PHI.

6.    Company shall, at the reasonable request of Prudential make available PHI
      to Prudential in accordance with Section 164.524 of the Privacy Rules.
<PAGE>
                      AMENDMENT NO. 4 TO SERVICES AGREEMENT
                       HIPAA BUSINESS ASSOCIATE AMENDMENT

7.    Company shall make available, at the reasonable request of Prudential, PHI
      for amendment by Prudential and shall incorporate any amendments to PHI in
      Company's designated record sets in accordance with Section 164.526 of the
      Privacy Rules. For all requested amendments under this Section 7, Company
      shall be entitled to rely entirely on such requests for all matters
      relating to the accuracy and completeness of such PHI.

8.    Company will reasonably assist Prudential in responding to any disclosure
      request made by a subject of PHI. Accordingly, Company will keep an
      accounting of all disclosures ("Disclosures") of PHI (the "DISCLOSURE
      ACCOUNTING") on an ongoing basis and maintain the Disclosure Accounting
      for a period of at least six (6) years from the date of each Disclosure.
      For the purposes of this Amendment, Disclosures shall not include any
      disclosure of PHI by Company (i) to carry out treatment, payment and
      health care operations solely as set forth in 45 CFR Section 164.506; (ii)
      pursuant to an instruction from Prudential as approved by an authorization
      received from a subject of PHI; (iii) directly to the subject of the PHI;
      or (iv) that occurred prior to the April 14, 2003. At a minimum, the
      Disclosure Accounting shall contain (w) the date of the Disclosure; (x)
      the name of the entity or person who received the PHI and, if known, the
      address of such entity or person; (y) a brief description of the PHI
      disclosed; and (z) a brief statement of the purpose of the Disclosure that
      reasonably informs the subject of the PHI of the basis for the Disclosure;
      or in lieu of such statement a copy of the subject's written authorization
      or request for Disclosure pursuant to the Privacy Rules. Company will
      provide the Disclosure Accounting to Prudential within forty-five (45)
      days after receipt of a written request from Prudential.

9.    Subject to Company's security requirements, confidentiality obligations
      and the audit rights set forth in the Services Agreement, Company shall
      make its internal practices, books, and records relating to the use and
      disclosure of PHI received from, or created or received by the Company on
      behalf of, Prudential available to Prudential or, at the request of
      Prudential, to the Secretary for purposes of the Secretary determining
      Prudential's compliance with the Privacy Rules.

10.   Company agrees to use commercially reasonable efforts to mitigate, to the
      extent practicable, any harmful effect that is known to Company of a use
      or disclosure of PHI in violation of the requirements of this Amendment.

11.   Company's obligations under this Amendment exist and occur solely to the
      extent required by the Privacy Rules.

B.    OBLIGATIONS OF PRUDENTIAL

1.    Prudential shall provide Company with a copy of the Notice of Privacy
      Practices Prudential produces in accordance with the Privacy Rules, as
      well as any changes to such Notice of Privacy Practices.

2.    Prudential shall provide Company with any changes in, or revocation of,
      permission by Individuals to use or disclose PHI, if such changes affect
      Company's permitted uses or disclosures.
<PAGE>
                      AMENDMENT NO. 4 TO SERVICES AGREEMENT
                       HIPAA BUSINESS ASSOCIATE AMENDMENT

3.    Prudential shall notify Company of any restriction to the use or
      disclosure of PHI Prudential agrees to in accordance with the Privacy
      Rules.

4.    Prudential shall not request Company to use or disclose PHI in any manner
      that would not be permissible under the Privacy Rules if done by
      Prudential.

5.    Company's obligations under this Amendment are conditioned upon
      Prudential's satisfactory performance of its obligations hereunder. Any
      failure of Prudential to perform its obligations hereunder shall excuse
      Company from performing its obligations hereunder to the extent such
      performance is hindered or prevented by such failure to perform by
      Prudential. Prudential and Company agree to discuss in good faith any
      modifications or changes to the Services provided pursuant to the Services
      Agreement and the fees paid thereunder that result from any changes in the
      use or disclosure of PHI.

C.    TERM AND TERMINATION

1.    Term. The term of this Amendment shall be effective as of the Effective
      Date of this Amendment and shall terminate upon the earlier of: (i) the
      Privacy Rules are repealed or no longer in effect; (ii) the termination of
      expiration of the Services Agreement pursuant to its terms; or (ii) all of
      the PHI provided by Prudential to Company, or created or received by
      Company on behalf of Prudential, is destroyed or returned to Prudential,
      or, if it is infeasible to return or destroy PHI, protections are extended
      to such information, in accordance with this Amendment.

2.    Termination for Cause. Upon Prudential's knowledge of a material breach of
      this Amendment by Company, Prudential shall either:

      (a)   terminate this Amendment if Company fails to cure such breach within
            thirty (30) days after receipt of written notice thereof; or

      (b)   immediately terminate this Amendment if Company has breached a
            material term of this Amendment and cure is not reasonably possible;
            or

      (c)   if neither termination nor cure is feasible, Prudential shall report
            the violation to the Secretary.

3.    Effect of Termination. (a) Upon termination of this Amendment for any
      reason, Company shall return or destroy all PHI received from Prudential,
      or created or received by Company on behalf of Prudential. This provision
      shall apply to PHI that is in the possession of subcontractors or agents
      of Company. Company shall retain no copies of the PHI; (b) in the event
      that Company determines that returning or destroying the PHI is
      infeasible, Company shall provide to Prudential notification of the
      conditions that make return or destruction infeasible. Company shall
      extend the protections of this Agreement to such PHI and limit further
      uses and disclosures of such PHI to those purposes that make return or
      destruction infeasible, for so long as Company maintains such PHI.
<PAGE>
                      AMENDMENT NO. 4 TO SERVICES AGREEMENT
                       HIPAA BUSINESS ASSOCIATE AMENDMENT

D.    MISCELLANEOUS.

1.    Regulatory References. A reference in this Amendment to a section in the
      Privacy Rules means the section as in effect or amended.

2.    Amendment. The Parties agree to take such reasonable action as is
      necessary to amend this Amendment from time to time as is necessary for
      Prudential to comply with the requirements of the Privacy Rules and the
      Health Insurance Portability and Accountability Act of 1996, Public Law
      104-191.

3.    Survival. The respective rights and obligations of Company under Section C
      (3) of this Amendment shall survive the termination of this Agreement
      and/or the other agreements or arrangements.

4.    Interpretation. Any ambiguity in this Amendment shall be resolved in favor
      of a meaning that permits Prudential to comply with the Privacy Rules.

5.    Limitation of Liability. IN NO EVENT SHALL COMPANY'S TOTAL AGGREGATE
      LIABILITY TO PRUDENTIAL ARISING FROM OR RELATING TO THIS AMENDMENT EXCEED
      [***]*, REGARDLESS OF THE FORM OF ACTION, WHETHER IN CONTRACT, TORT OR
      OTHERWISE; AND COMPANY SHALL NOT BE LIABLE TO PRUDENTIAL FOR ANY INDIRECT,
      INCIDENTAL, CONSEQUENTIAL, PUNITIVE, EXEMPLARY OR SPECIAL DAMAGES,
      INCLUDING WITHOUT LIMITATION LOST PROFITS OR REVENUE, EVEN IF COMPANY HAS
      BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

6.    No Warranties. COMPANY SPECIFICALLY DISCLAIMS ANY AND ALL WARRANTIES OF
      ANY KIND WITH REGARD TO ANY SUBJECT MATTER OF THIS AMENDMENT, INCLUDING
      WITHOUT LIMITATION ANY WARRANTY OF FITNESS FOR A PARTICULAR PURPOSE,
      FUNCTIONALITY OR MERCHANTABILITY, WHETHER EXPRESS OR IMPLIED.

7.    Effect on Services Agreement. Prudential and Company agree that any
      failure of Company to achieve any Service Levels under the Services
      Agreement or performance of any other obligations under the Services
      Agreement shall be excused to the extent such failures are caused by
      Company's performance of its obligations under this Amendment.

8.    No Third Party Beneficiaries. Nothing in this Amendment is intended to
      confer any rights, benefits, remedies, obligations or liabilities on any
      third party (including without limitation any employees or agents of
      either party) other than the parties or their respective successors and
      assigns.
<PAGE>
                      AMENDMENT NO. 4 TO SERVICES AGREEMENT
                       HIPAA BUSINESS ASSOCIATE AMENDMENT

Except as amended herein, all terms and conditions of the Services Agreement
between the Parties shall remain in full force and effect in accordance with
such agreement.

Agreed to and Accepted by:


NAME                                      DATE

----------------------------------------------------
The Prudential Insurance Company of America


NAME                                      DATE

----------------------------------------------------
The Administrative Committee on behalf of The Prudential Welfare Benefits Plan,
The Prudential Flexible Benefits Plan, the Prudential Medical Access Plan and
the Prudential Executive Medical Access Plan


NAME                                      DATE

----------------------------------------------------
Exult, Inc