The URL can be used to link to this page

23-R-90 Agreement Southwest Texas Regional Advisory Council (STRAC)RESOLUTION NO.23-R-90 A RESOLUTION BY THE CITY COUNCIL OF THE CITY OF SCHERTZ, TEXAS AUTHORIZING THE CITY MANAGER TO ENTER INTO AN I N T E R L O C A L AGREEMENT AND BUSINESS ASSOCIATE AGREEMENT WITH SOUTHWEST TEXAS REGIONAL ADVISORY COUNCIL (STRAC) FOR A DATA MANAGEMENT SYSTEM FOR ELECTRONIC PATIENT CARE RECORDS (EPCR) AND FIRE RECORDS MANAGEMENT SYSTEM (F I R E R M S) AND OTHER MATTERS IN CONNECTION THEREWITH WHEREAS, STRAC is the Regional EMS/Trauma Advisory Council designated by the Texas Department of State Health Services ("DSHS") in the STRAC region (Trauma Service Area — P, TSA-P); and WHEREAS, STRAC has licensed certain eRMS software from ImageTrend for providing electronic records management software services, including electronic Patient Care Records (ePCR) and/or Fire Record Management System (FireRMS); and WHEREAS, STRAC is designated by DSHS to design, implement and maintain the Regional EMS/Trauma, Disaster and Emergency Healthcare System for Trauma Service Area — P (TSA-P) and will provide overall coordination and management to the eRMS project and as such has an interest to provide cost effective software solutions to member agencies; and WHEREAS, STRAC is providing the eRMS solution to eligible EMS member agencies, Fire Departments and other public safety agencies on a software as a service basis in a co-operative fashion, leveraging economies of scale by having multiple public safety member agencies subscribe through STRAC to utilize STRAC's pricing with ImageTrend for the eRMS system; and WHEREAS, the City of Schertz has an interest in and need to have an electronic records management system to increase capability and performance for the jurisdiction or population it serves; therefore, BE IT RESOLVED BY THE CITY COUNCIL OF THE CITY OF SCHERTZ, TEXAS THAT: Section 1. The City Council hereby authorizes the City Manager to enter into an Interlocal Agreement and Business Associate Agreement with Southwest Texas Regional Advisory Council (STRAC) for a data management system for electronic patient care records (ePCR) and Fire records management system (FireRMS). Section 2. The recitals contained in the preamble hereof are hereby found to be true, and such recitals are hereby made a part of this Resolution for all purposes and are adopted as a part of the judgment and findings of the City Council. Section 3. All resolutions, or parts thereof, which are in conflict or inconsistent with any provision of this Resolution are hereby repealed to the extent of such conflict, and the provisions of this Resolution shall be and remain controlling as to the matters resolved herein. Section 4. This Resolution shall be construed and enforced in accordance with the laws of the State of Texas and the United States of America. Section 5. If any provision of this Resolution or the application thereof to any person or circumstance shall be held to be invalid, the remainder of this Resolution and the application of such provision to other persons and circumstances shall nevertheless be valid, and the City Council hereby declares that this Resolution would have been enacted without such invalid provision. Section 6. It is officially found, determined, and declared that the meeting at which this Resolution is adopted was open to the public and public notice of the time, place, and subject matter of the public business to be considered at such meeting, including this Resolution, was given, all as required by Chapter 551, Texas Government Code, as amended. Section 7. This Resolution shall be in force and effect from and after its final passage, and it is so resolved. PASSED AND ADOPTED this � day of M& 2023 oGuie Z, TEXAS yor A EST: S eila Edmo dson, City Secretary STRAC ELECTRONIC RECORDS MANAGEMENT SYSTEM (eRMS) PROJECT INTERLOCAL COOPERATION AGREEMENT This PROJECT AGREEMENT ("Agreement"), is entered into by the following parties: the Southwest Texas Regional Advisory Council ("STRAC"), a Texas non-profit corporation created by Texas law and regulations, and City of Schertz, Texas ("Agency"), a political subdivision of the State of Texas. Recitals It is the purpose of this Agreement to establish a cooperative and mutually beneficial relationship between the parties and to set forth the relative responsibilities of the parties as they relate to the provision of certain electronic records management software (eRMS) services, as further described in Schedule A, by STRAC to Agency. STRAC is the Regional EMS/Trauma Advisory Council designated by the Texas Department of State Health Services ("DSHS") in the STRAC region (Trauma Service Area — P, TSA-P). STRAC has licensed certain eRMS software from ImageTrend for providing electronic records management software services, including electronic Patient Care Records (ePCR) and/or Fire Record Management System (FireRMS). STRAC is designated by DSHS to design, implement and maintain the Regional EMS/Trauma, Disaster and Emergency Healthcare System for Trauma Service Area — P (TSA-P) and will provide overall coordination and management to the eRMS project and as such has an interest to provide cost effective software solutions to member agencies. STRAC is providing the eRMS solution to eligible EMS member agencies, Fire Departments and other public safety agencies on a software as a service basis in a co-operative fashion, leveraging economies of scale by having multiple public safety member agencies subscribe through STRAC to utilize STRAC's pricing with ImageTrend for the eRMS system. Agency has an interest in and need to have an electronic records management system to increase capability and performance for the jurisdiction or population it serves Agreement Accordingly, both Agency and STRAC agree as follows: I. LEGAL AUTHORITY STRAC represents and warrants that: 1. STRAC is a Texas non-profit corporation organized to provide one or more governmental functions and services described in Texas Administrative Code Title 25, Part 1, Chapter 157. 2. STRAC possesses adequate legal authority to enter into this Agreement. 3. The governing body of STRAC believes that this Agreement is beneficial to the public. 4. STRAC has valid and enforceable licenses and all other necessary legal authority to grant Agency the right to use the software services to be provided under this Agreement. The Agency represents and warrants that: 1. The Agency possesses adequate legal authority to enter into this Agreement. STRAC eRMS Agreement 2. The governing body of the Agency believes that this Agreement is beneficial to the public and that the Agency has the legal authority to provide the governmental function which is the subject of this Agreement. 3. The Agency is an active member in good standing and is licensed through the Texas DSHS. II. STATEMENT OF SERVICES TO BE PERFORMED: STRAC shall provide services as set forth in the attached "Schedule (A), eRMS Project." Services listed in Schedule (A) provided by STRAC under this Agreement or assigned to the Agency as eRMS Project -specific services are provided to the Agency by STRAC at the rates in Schedule (B), eRMS Project Pricing. The Agency is responsible for all costs associated with implementing and operating the eRMS Project as provided for in the attached Schedules, including all costs of wireless data, GPS and hardware equipment and any utility services required to enable the eRMS Project to function correctly. Schedules (A) and (B), are incorporated in this Agreement for all purposes. III. TERM OF AGREEMENT: This Agreement is effective as of the 06/08/2023 ("Effective Date.") The initial term of this Agreement continues for one (1) year from the Effective Date ("Term"). At the end of the Term, this Agreement automatically renews on each anniversary of the Effective Date for five (5) consecutive years, unless earlier terminated by the parties in accordance with paragraph IV. The maximum duration of this contract is six (6) years. IV. TERMINATION AND DISPUTE RESOLUTION: This Agreement may be terminated by either the Agency or STRAC if either party in its sole discretion requests termination in writing to the other party, with 60 days prior notice. When mediation is acceptable to both parties in resolving a dispute arising under this Agreement, the parties agree to use a mutually agreed upon mediator, or a person appointed by a court of competent jurisdiction, for mediation as described in section 154.023 of the Texas Civil Practice and Remedies Code. Unless both parties are satisfied with the result of the mediation, the mediation is not a final and binding resolution of the dispute. All communications within the scope of the mediation shall remain confidential as described in section 154.073 of the Texas Civil Practice and Remedies Code, unless both parties agree, in writing, to waive the confidentiality. This Agreement and all of the transactions described herein shall be governed by and construed in accordance with the laws of the State of Texas. All obligations under this Agreement are performable in Bexar County, Texas. VI. GENERAL PROVISIONS: 1. This Agreement is entered into by the duly authorized officials of each respective party. 2. Any notice required pursuant to this Agreement must be in writing and is properly given if hand delivered, or sent by certified or registered mail, or overnight courier service, to the STRAC_eRMS_20230001 Page 2 of 10 v.1/2023 STRAC eRMS Agreement parties either at the address below for or at such other address as the parties from time to time specify by written notice pursuant to this Section. Any such notice is considered delivered on the date of delivery if hand delivered, or upon confirmation if sent by certified or registered mail or an overnight courier service. If to STRAC: STRAC Attention: Executive Director 7500 Highway 90 West AT&T Building, Suite 200 San Antonio, Texas 78227 If to Agency: Schertz EMS Department 1400 Schertz Parkway Building 7 Schertz, TX 78154 3. To the extent authorized by the laws of the State of Texas, STRAC and the Agency are not liable for any lost profits, special, incidental, consequential, or punitive damages, for breach of any express or implied warranties or otherwise. STRAC and the Agency do not warrant, expressly or implied, and does not represent that the software or services provided under this Agreement are without defect, interruption, or suited for particular purposes or uses. 4. During the term of this Agreement and any extensions of it, the Agency, to the extent permitted by law assumes liability arising from the misuse or erroneous employment, deployment, redeployment, and reconstitution of the eRMS Project and supporting equipment in accordance with the provisions of law and regulations which govern its activities. This assumption of liability does not apply to claims of infringement of intellectual property rights for actions that are not in breach of this Agreement. 5. If any provision of this Agreement is held to be illegal, invalid or unenforceable in any respect, such illegality, invalidity or unenforceability shall not affect any other provision of this Agreement, and this Agreement shall be construed as if that invalid, illegal or unenforceable provision had never been included in this Agreement. In computing any period of time pursuant to this Agreement, the first day is excluded and the last day included except that if the last day falls on a Saturday, Sunday, or a day Agency has declared a holiday for its employees, these days shall be omitted. All hours stated in this Agreement are stated in Central Time as recognized in San Antonio, Texas. Words of any gender in this Agreement shall be construed to include any other genders and words in singular shall be construed to include plural and vice versa unless the context in the Agreement clearly requires otherwise. Headings and titles at the beginning of the various provisions of this Agreement have been included only to make it easier to locate the subject matter covered by that part, section or subsection and are not to be used in interpreting this Agreement. 6. Both parties understand that each will fulfill its responsibilities under this Agreement in accordance with the provisions of law and regulations which govern their activities. Nothing in this Agreement is intended to negate or otherwise render ineffective any such provisions or operating procedures. If at any time either party is unable to perform its functions under this Agreement consistent with such party's statutory and regulatory mandates or authority, the affected party shall immediately provide written notice to the other to establish a date for mutual resolution of the conflict. Resolution may include forfeiture of the use and return to STRAC of those assets described in the Schedule (A). 7. Assignment. The parties to this Agreement shall not assign any of the rights or obligation under this Agreement without the prior written consent of the other party. No official, STRAC_eRMS_20230001 Page 3 of 10 v.1/2023 STRAC eRMS Agreement employee, representative or agent of Agency has the authority to approve any assignment under this Agreement unless that specific authority is expressly granted by Agency. The terms, provisions, covenants, obligations and conditions of this Agreement are binding upon and inure to the benefit of the successors in interest and the assigns of the parties to this Agreement if the assignment or transfer is made in compliance with the provisions of this Agreement. Without the prior written approval or the prior written waiver of this right of approval from Agency, STRAC shall not enter into any subcontracts for any service or activity relating to the performance of this Agreement other than the contract with ImageTrend. STRAC acknowledges that no officer, agent, employee or representative of the Agency, has the authority to grant such approval or waiver unless expressly granted that specific authority by Agency 8. If a change of name is required, the Agency shall be notified immediately. No change in the obligation of or to STRAC will be recognized until it is approved by the Agency. 9. This Agreement constitutes the entire agreement of the parties with respect to the subject matter of it, and supersedes any prior understanding or written or oral agreements between the parties with respect to the subject matter of this Agreement. 10. No amendment, modification, or alteration of the terms of the Agreement is binding on either party unless the same is in writing, is dated subsequent to the date of this Agreement, and is duly executed by the party against whom enforcement is sought except that the Agency may, with consent of STRAC, at any time, by written document, make changes within the general scope of this Agreement in any aspect of Agreement to correct errors of a general administrative nature or other mistakes, the correction of which does not affect the scope of the Agreement and does not result in expense to the STRAC. 11. Each person signing this Agreement on behalf of a party confirms for the benefit of the other party that any requisite approvals from the governing body of the signing party have been obtained, and all prerequisites to the execution, delivery, and performance of this Agreement have been obtained by or on behalf of that party. 12. Force Majeure — Either party may be excused from performance under this Agreement for any period that the party is prevented from performing its obligations in whole or in part as a result of any act of God, war, civil disturbance, epidemic, court order, or other event outside the control of such party, provided the party seeking to be excused has prudently and promptly acted to take any and all reasonable corrective measures that are within that party's control. 13. Neither party has authority for or on behalf of the other as to the subject matter of this Agreement, except as provided in this Agreement. No other authority, power, partnership, use, or rights are granted or implied except as provided by Texas or federal laws and regulations, and as defined in the Agreement and Schedule (A) to it. 14. Neither party may incur any debt, obligation, expense, or liability of any kind on behalf of the other party without the other party's express written approval. 15. To the extent permitted by law, the Agency will defend and indemnify STRAC, its directors, employees, agents, and representatives (the "Indemnitees") and hold the Indemnitees harmless against any damage, claims, suits, actions, liabilities, loss, penalties, costs, and expenses including, without limitation, reasonable attorneys' fees arising out of or alleged to have arisen from or in any way connected to: i. The misuse by the Agency of the eRMS Project and issued equipment. ii. a breach of any of the representations, warranties, or obligations of this agreement by the Agency; and/or iii. any claim (whether founded or unfounded) of any nature or character, arising out of or alleged to have arisen from or in any way connected to any actual or alleged STRAC_eRMS_20230001 Page 4 of 10 v.1/2023 STRAC eRMS Agreement negligence or dishonesty of, or any actual or alleged act of commission or omission by the Agency or any of its employees, agents, representatives or contractors. 16. STRAC will defend and indemnify the Agency, its elected officials, directors, officers, employees, agents and representatives (the "Agency Indemnities") and hold the Agency Indemnities harmless against any damages, claims, suits, actions, liabilities, loss, penalties, costs, and expenses including without limitation reasonable attorneys' fees arising out of or alleged to have arisen from or in any way connected to: i. any infringement of any applicable copyrights, licenses or other intellectual property or proprietary rights which may exist on materials used in this Agreement and any rights granted to Agency shall apply for the duration of this Agreement. ii. a breach of any of the representations, warranties, or obligations of this Agreement by STRAC; and/or iii. any claim (whether founded or unfounded) of any nature or character arising out of or alleged to have arisen from or in any way connected to any actual or alleged negligence or dishonesty of, or any actual or alleged act of commission or omission by STRAC, or any of its employees, agents, representatives or contractors. 17. STRAC certifies that at the time of execution of this Agreement, it is not on the federal government's list of suspended, ineligible, or debarred contractors. If the STRAC is placed on the list during the term of this Agreement, STRAC shall notify the Agency. False certification or failure to notify may result in terminating this Agreement. AGREEMENT SIGNATURES: The undersigned parties bind themselves to the faithful performance of the Agreement. It is mutually understood that this Agreement shall be effective if signed by a person authorized to do so according to the normal operating procedures of that party. If the governing body of a party is required to approve this Agreement, it does not become effective until approved by the governing body of that party. In that event, when this Agreement is executed by the duly authorized official(s) of the party as expressed in an approving resolution or order of the governing body of that party, a copy of the resolution or order shall be attached to this Agreement. [Remainder of Page Intentionally Blank; Signature Page Attached] STRAC_eRMS_20230001 Page 5 of 10 v.1/2023 STRAC eRMS Agreement [Signature Page to STRAC eRMS Agreement] APPROVED AS TO FORM AND LEGALITY: APPROVED AS TO FORM AND LEGALITY: City of Schertz EMS Department an Steve Williams, City Manager Date of Signature Southwest Texas Regional Advisory Council LN Eric Epley, Executive Director Date of Signature STRAC_eRMS_20230001 Page 6 of 10 v.1/2023 STRAC eRMS Agreement SCHEDULE (A) eRMS PROJECT Project Description The eRMS Project shall include the provision of Fire and EMS records management service Agency on a Software as a Service basis. The system includes: • Patient Care Reporting • Fire Incident Reporting • Personnel Management • Continuous Quality Improvement Module • Community Health Records Management • Training Records Management • Activity Tracking • Inventory Management • Occupancies and Fire Inspections • Reporting, Dashboards, and Data Analysis • Integration with Agency CAD system • Integration with Agency monitor/defibrillator hardware • State compliant NEMSIS reporting • State compliant NFIRS reporting • STRAC technical support II. Purpose of the eRMS Project The eRMS Project supports day to day operations of agencies in TSA-P while also increasing efficiencies with regard to patient care documentation, patient billing, performance improvement, reporting and Fire and EMS operations. IIl. Compliance with Convriehts STRAC warrants that all applicable copyrights, licenses and other intellectual property and proprietary rights which may exist on materials used in this Agreement and any rights granted to Agency shall apply for the duration of this Agreement have been adhered to and further warrants that Agency shall not be liable for any infringement of these copyrights, licenses and other rights. ----- End of Schedule A ----- STRAC_eRMS_20230001 Page 7 of 10 v,1/2023 STRAC eRMS Agreement SCHEDULE (B) eRMS Project Pricing I. Rates STRAC shall invoice Agency based on the following rates: eRMS Software Service: Annual Fpec� Annual Agency Fee: $3,000/year (billed annually each September 1 for life of agreement) Per Run Fee: $3.00/run (plus 3% annual increase effective each September 1 for life of agreement) based on the actual number of total runs in the previous agreement period of September 1 thru August 31. Runs are defined as those with unique incident run numbers. For example, an incident with a unique run number that generates multiple patients or an incident with a unique run number that has a fire and EMS response is counted as a single run. Example Calculations for First Fiscal Year and Second Fiscal Year First Year price for Schertz EMS Department starting September 1, 2023: Actual Number of Runs in prior calendar year as provided in your initial quote: 13,886 Per Run Fee: $3.00 Fees Qty Unit Price TOTAL Annual Agency Fee 1 $3,000.00 $3,000.00 Annual Per Run Fee 13,886 $3.00 $41,658.00 TOTAL Fees $44,658.00 Agency Annual Fee: $3,000 Agency Run Volume Fee: 13,886 runs x $3.00= $15,336.00 Total: $44,658.00 Second Year price for Schertz EMS Department starting September 1, 2024: Actual Number of Runs in prior year agreement period (9/1/23 thru 8/31/24) Per Run Fee: $3.00 x 3% annual increase = $3.09/Run Fees Qty Unit Price TOTAL Annual Agency Fee 1 $3,000.00 $3,000.00 Annual Per Run Fee 13,900 (est). $3.09 $42,951.00 STRAC—eRMS 20230001 Page 8 of 10 v.1/2023 STRAC eRMS Agreement TOTAL Fees $45,951.00 Agency Annual Fee: $3,000 Agency Run Volume Fee: 13,900 estimated runs x $3.09= $42,951.00 Total: $45,951.00 (for example purposes only, not binding) II. INVOICING/PAYMENTS: STRAC shall provide Agency with an Internal Revenue Form W-9, Request for Taxpayer Identification Number and Certification, that is completed in compliance with the Internal Revenue Code and its rules and regulations before any funds are payable. Agency shall pay STRAC by check upon satisfactory deployment and annually thereafter. STRAC will submit an invoice to the address below: Schertz EMS Department 1400 Schertz Parkway Building 7 Schertz, TX 78154 Invoices shall include at least the following information: • name, address, and telephone number of STRAC • name, address, and telephone number of payment location if different from STRAC address; • Agency Contract number; • identification of department deployed, products or services as outlined in this Agreement; • quantity or quantities, applicable unit prices, total prices, and total amount; and • any additional payment information called for by this Agreement. Payment shall be deemed to have been made on the date of mailing of the check. Agency may choose to make payment through a withhold of their County 911 funds. Accrual and payment of interest on overdue payments shall be governed by TEX. GOV'T CODE ANN., ch. 2251. III. Business Records STRAC shall maintain and make available all books, documents, and other evidence pertinent to the costs and expenses of this Agreement for inspection, audit or reproduction by any authorized representative of Agency to the extent this detail will properly reflect these costs to Agency. All required records shall be maintained until an audit is completed and all required questions arising therefrom are resolved, or three (3) years after completion of the Agreement term, whichever occurs first; however, the records shall be retained beyond the third year if an audit is in progress or the findings of a completed audit have not been resolved satisfactorily. STRAC_eRMS_20230001 Page 9 of 10 v.1/2023 STRAC eRMS Agreement ----- End of Schedule (B) ----- STRAC_eRMS_20230001 Page 10 of 10 v.1/2023 Southwest Texas Regional Advisory Council Business Associate Agreement Provisions This Business Associate Agreement (the "Agreement"), is made as of the 81h day of June, 2023 (the "Effective Date"), by and between Business Associate and Covered Entity (collectively the "Parties") to comply with privacy standards adopted by the U.S. Department of Health and Human Services as they may be amended from time to time, 45 C.F.R. parts 160 and 164 ("the Privacy Rule") and security standards adopted by the U.S. Department of Health and Human Services as they may be amended from time to time, 45 C.F.R. parts 160, 162 and 164, subpart C ("the Security Rule"), and the Health Information Technology for Economic and Clinical Health (HITECH) Act, Title XIII of Division A and Title IV of Division B of the American Recovery and Reinvestment Act of 2009 and regulations promulgated there under and any applicable state confidentiality laws. RECITALS WHEREAS, Business Associate provides City of Schertz EMS Department electronic patient care record and management system and/or clinical registries to or on behalf of Covered Entity; WHEREAS, in connection with these services, Covered Entity discloses to Business Associate certain protected health information that is subject to protection under the HIPAA Rules; and WHEREAS, the HIPAA Rules require that Covered Entity receive adequate assurances that Business Associate will comply with certain obligations with respect to the PHI received in the course of providing services to or on behalf of Covered Entity. NOW THEREFORE, in consideration of the mutual promises and covenants herein, and for other good and valuable consideration, the receipt and sufficiency of which is hereby acknowledged, the Parties agree as follows: A. Definitions. Terms used herein, but not otherwise defined, shall have meaning ascribed by the Privacy Rule and the Security Rule. 1. Breach. A "breach" under the Privacy Rule § 164.402 means the acquisition, access, use, or disclosure of protected health information in a manner not permitted under Subpart E of this part which compromises the security or privacy of the protected health information. 2. Business Associate. "Business Associate" shall mean Southwest Texas Regional Advisory Council [STRAC]. 3. Covered Entity. "Covered Entity" shall mean AGENCY Business Associate Agreement v. 202202 STRAC-BAA continued 4. Designated Record Set. "Designated Record Set" under the HIPAA Privacy Rule 45 C.F.R. § 164.501 is a group of records maintained by or for a Covered Entity that is: (i) the medical records about Individuals maintained by or for a covered health care provider; (ii) The enrollment, payment, claims adjudication, and case or medical management record systems maintained by or for a health plan; or (iii) used, in whole or in part, by or for the covered entity to make decisions about individuals. For purposes of this definition, the term "record" means any item, collection, or grouping of information that includes protected health information and is maintained, collected, used, or disseminated by or for a covered entity. 5. HIPAA Rules. The Privacy Rule and the Security Rule and amendments codified and promulgated by the HITECH Act are referred to collectively herein as "HIPAA Rules." 6. Individual. "Individual" shall mean the person who is the subject of the protected health information. 7. Protected Health Information ("PHI"). "Protected Health Information" or PHI shall mean individually identifiable health information that is transmitted or maintained in any form of the STRAC Clinical registries and electronic patient care records. 8. Required by Law. "Required by Law" shall mean a mandate contained in law that compels a use or disclosure of PHI. 9. Secretary. "Secretary" shall mean the Secretary of the Department of Health and Human Services or his or her Designee. 10. Sensitive Personal Information. As defined in Texas Business and Commerce Code (TBCC) Chapter 521, "Sensitive Personal Information" shall mean an individual's first name or last name in combination with any one or more of the following items, if the name and the items are not encrypted: a) social security number; driver's license number or government -issued identification number; account number or credit or debit card number in combination with any required security code, access code, or password that would permit access to an individual's financial account; or b) information that identifies an individual and relates to (1) the physical or mental health or condition of the individual; (2) the provision of health care to the individual; or 3) payment for the provision of health care to the individual. 11. Unsecured PHI. "Unsecured PHI" shall mean PHI that is not rendered unusable, unreadable, or indecipherable to unauthorized individuals through the use of a technology or methodology specified by the Secretary in the Business Associate Agreement v. 202202 Page 2 STRAC-BAA continued guidance issued under section 13402(h)(2) of Public Law 111-5 on the HHS Web site. B. Purposes for which PHI May Be Disclosed to Business Associate. In connection with the services provided by Business Associate to or on behalf of Covered Entity described in this Agreement, Covered Entity may disclose PHI to Business Associate for the purposes of system management and administration, creation of data extracts, creation and management of reports, data aggregation, systems performance improvement, and research. C. Obligations of Covered Entity. The covered entity shall: provide Business Associate a copy of its Notice of Privacy Practices ("Notice") produced by Covered Entity in accordance with 45 C.F.R. 164.520 as well as any changes to such Notice; 2. provide Business Associate with any changes in, or revocation of, authorizations by Individuals relating to the use and/or disclosure of PHI, if such changes affect Business Associate's permitted or required uses and/or disclosures; 3. notify Business Associate of any restriction to the use and/or disclosure of PHI to which Covered Entity has agreed in accordance with 45 C.F.R. 164.522, to the extent that such restriction may affect Business Associate's use or disclosure of PHI; 4. not request Business Associate to use or disclose PHI in any manner that would not be permissible under the Privacy rule if done by the Covered entity; 5. notify Business Associate of any amendment to PHI to which Covered Entity has agreed that affects a Designated Record Set maintained by Business Associate; 6. Notify affected individuals of breaches in accordance with the breach notification provisions codified at 45 C.F.R. § 160.103 and section 13402 of the Health Information Technology for Economic and Clinical Health (HITECH) Act. D. Obligations of Business Associate. Business Associate agrees to comply with applicable federal and state confidentiality and security laws, specifically the provisions of the HIPAA Rules applicable to business associates, including: 1. Use and Disclosure of PHI. Except as otherwise permitted by this Agreement or applicable law, Business Associate shall not use or disclose PHI except as necessary to provide Services described above to or on behalf of Covered Entity, and shall not use or disclose PHI that would violate the HIPAA Rules if Business Associate Agreement v.202202 Page 3 STRAC-BAA continued used or disclosed by Covered Entity. Business Associate may use and disclose PHI as necessary for the proper management and administration of Business Associate, or to carry out its legal responsibilities. Business Associate shall in such cases: (a) provide information and training to members of its workforce using or disclosing PHI regarding the confidentiality requirements of the HIPAA Rules and this Agreement; (b) obtain reasonable assurances from the person or entity to whom the PHI is disclosed that: (a) the PHI will be held confidential and further used and disclosed only as Required by Law or for the purpose for which it was disclosed to the person or entity; and (b) the person or entity will notify Business Associate of any instances of which it is aware in which confidentiality of the PHI has been breached; and (c) agree to notify the designated Privacy Officer of Covered Entity of any instances of which it is aware in which the PHI is used or disclosed for a purpose that is not otherwise provided for in this Agreement or for a purpose not expressly permitted by the HIPAA Rules. Data Aggregation. In the event that Business Associate works for more than one Covered Entity, Business Associate is permitted to use and disclose PHI for data aggregation purposes, however, only in order to analyze data for permitted health care operations, and only to the extent that such use is permitted under the HIPAA Rules. 3. De -identified Information. Business Associate may use and disclose de - identified health information to include Limited Data Sets in compliance with the HIPAA Rules. Moreover, Business Associate shall review and comply with the requirements defined under Section E of this Agreement. 4. Safeguards. (a) Business Associate shall maintain appropriate safeguards to ensure that PHI is not used or disclosed other than as provided by this Agreement or as required by Law. Business Associate shall implement administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of any paper or electronic PHI it creates, receives, maintains, or transmits on behalf of Covered Entity. (b) Business Associate shall assure that all PHI be secured when accessed by Business Associate's employees, agents or subcontractor. Any access to PHI by Business Associate's employees, agents or Business Associate Agreement v. 202202 Page 4 STRAC-BAA continued subcontractors shall be limited to legitimate business needs while working with PHI. Minimum Necessary. Business Associate shall ensure that all uses and disclosures of PHI are subject to the principle of "minimum necessary use and disclosure," i.e., that only PHI that is the minimum necessary to accomplish the intended purpose of the use, disclosure, or request is used or disclosed; and, the use of limited data sets when possible. 6. Disclosure to Agents and Subcontractors. If Business Associate discloses PHI received from Covered Entity, or created or received by Business Associate on behalf of Covered Entity, to agents, including a subcontractor, Business Associate shall require the agent or subcontractor to agree to the same restrictions and conditions as apply to Business Associate under this Agreement. Business Associate shall ensure that any agent, including a subcontractor, agrees to implement reasonable and appropriate safeguards to protect the confidentiality, integrity, and availability of the paper or electronic PHI that it creates, receives, maintains, or transmits on behalf of the Covered Entity. [45 CFR 164.504(e)(2,3,4), 164.502(e)(1)(ii)] 7. Individual Rights Regarding Designated Record Sets. If Business Associate maintains a Designated Record Set on behalf of Covered Entity Business Associate agrees as follows: (a) Individual Right to Copy or Inspection. Business Associate agrees that if it maintains a Designated Record Set for Covered Entity that is not maintained by Covered Entity, it will permit an Individual to inspect or copy PHI about the Individual in that set as directed by Covered Entity to meet the requirements of 45 C.F.R. § 164.524. If the PHI is in electronic format, the Individual shall have a right to obtain a copy of such information in electronic format and, if the Individual chooses, to direct that an electronic copy be transmitted directly to an entity or person designated by the individual in accordance with HITECH section 13405 (c). Under the Privacy Rule, Covered Entity is required to take action on such requests as soon as possible, but not later than 30 days following receipt of the request. Business Associate agrees to make reasonable efforts to assist Covered Entity in meeting this deadline. The information shall be provided in the form or format requested if it is readily producible in such form or format; or in summary, if the Individual has agreed in advance to accept the information in summary form. A reasonable, cost -based fee for copying health information may be charged. If Covered Entity maintains the requested records, Covered Entity, rather than Business Associate shall permit access according to its policies and procedures implementing the Privacy Rule. Business Associate Agreement v. 202202 Page 5 STRAC-BAA continued (b) Individual Right to Amendment. Business Associate agrees, if it maintains PHI in a Designated Record Set, to make amendments to PHI at the request and direction of Covered Entity pursuant to 45 C.F.R. 164.526. If Business Associate maintains a record in a Designated Record Set that is not also maintained by Covered Entity, Business Associate agrees that it will accommodate an Individual's request to amend PHI only in conjunction with a determination by Covered Entity that the amendment is appropriate according to 45 C.F.R. § 164.526. (c) Accounting of Disclosures. Business Associate agrees to maintain documentation of the information required to provide an accounting of disclosures of PHI, whether PHI is paper or electronic format, in accordance with 45 C.F.R. § 164.528 and HITECH Sub Title D Title VI Section 13405 (c), and to make this information available to Covered Entity upon Covered Entity's request, in order to allow Covered Entity to respond to an Individual's request for accounting of disclosures. Under the Privacy Rule, Covered Entity is required to take action on such requests as soon as possible but not later than 60 days following receipt of the request. Business Associate agrees to use its best efforts to assist Covered Entity in meeting this deadline but not later than 45 days following receipt of the request. 8. Internal Practices. Policies and Procedures. Except as otherwise specified herein, Business Associate shall make available its internal practices, policies and procedures relating to the use and disclosure of PHI, received from or on behalf of Covered Entity to the Secretary or his or her agents for the purpose of determining Covered Entity's and/or Business Associate's compliance with the HIPAA Rules, or any other health oversight agency, or to Covered Entity. Records requested that are not protected by an applicable legal privilege will be made available in the time and manner specified by Covered Entity or the Secretary. 9. Notice of Privacy Practices. Business Associate shall abide by the limitations of Covered Entity's Notice of which it has knowledge. 10. Withdrawal of Authorization. If the use or disclosure of PHI in this Agreement is based upon an Individual's specific authorization for the use or disclosure of his or her PHI, and the Individual revokes such authorization, the effective date of such authorization has expired, or such authorization is found to be defective in any manner that renders it invalid, Business Associate shall, if it has notice of such revocation, expiration, or invalidity, cease the use and disclosure of the Individual's PHI except to the extent it has relied on such use or disclosure, or if an exception under the Privacy Rule expressly applies. Business Associate Agreement v. 202202 Page 6 STRAC-BAA continued 11. Knowledge of HIPAA Rules. Business Associate agrees to comply with the applicable requirements of the HIPAA Rule, as well as any applicable amendments. 12. Information Breach Notification for PHI. Business Associate expressly recognizes that Covered Entity has certain reporting and disclosure obligations to the Secretary and the Individual in case of a security breach of unsecured PHI. Where Business Associate accesses, maintains, retains, modifies, records, stores, destroys, or otherwise holds, uses or discloses unsecured paper or electronic PHI, Business Associate immediately following the discovery of a breach of such information, shall notify Covered Entity of such breach. Initial notification of the breach does not need to be in compliance with Sub Title D Title IV Section 13402 of the HITECH Act; however, Business Associate must provide Covered Entity with all information necessary for Covered Entity to comply with Sub Title D Title IV Section 13402 of the HITECH Act without reasonable delay, and in no case later than 30 days following the discovery of the breach. 13. Breach Notification to Individuals. Business Associate's duty to notify Covered Entity of any breach does not permit Business Associate to notify those individuals whose PHI has been breached by Business Associate without the express written permission of Covered Entity to do so. Any and all notification to those individuals whose PHI has been breached shall be made under the direction, review and control of Covered Entity. The Business Associate will notify the Privacy Officer via telephone with follow-up in writing to include; name of individuals whose PHI was breached, information breached, date of breach, form of breach, etc. 14. Information Breach Notification for Other Sensitive Personal Information. In addition to the reporting under Section D.11, Business Associate shall notify Covered Entity of any breach of computerized sensitive personal information to assure Covered Entity's compliance with the notification requirements of Title 11, Subtitle B, Chapter 521, Subchapter A, Section 521.053, and Texas Business & Commerce Code. E. Permitted Uses and Disclosures by Business Associates. Except as otherwise limited in this Agreement, Business Associate may use or disclose Protected Health Information to perform functions, activities, or services for, or on behalf of, Covered Entity as specified in this Business Associates Agreement, provided that such use or disclosure would not violate the HIPAA Rules if done by Covered Entity or the minimum necessary policies and procedures of the Covered Entity. Also, Business Associate may use PHI to report violations of law to appropriate Federal and State authorities, consistent with the HIPAA Rules. -Business Associate acknowledges and agrees that Covered Entity owns all right, title, and interest in and to all PHI, and that such right, title, and interest will be vested in OEM Business Associate Agreement v. 202202 Page 7 STRAC-BAA continued Covered Entity. Neither Business Associate nor any of its employees, agents, consultants or assigns will have any rights in any of the PHI, except as expressly set forth above. F. Application of Securit and Privacy Provisions to Business Associate. Security Measures. Sections 164.308, 164.310, 164.312 and 164.316 of Title 45 of the Code of Federal Regulations dealing with the administrative, physical and technical safeguards as well as policies, procedures and documentation requirements that apply to Covered Entity shall in the same manner apply to Business Associate. Any additional security requirements contained in Sub Title D of Title IV of the HITECH Act that apply to Covered Entity shall also apply to Business Associate. Pursuant to the foregoing requirements in this section, the Business Associate will implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the paper or electronic PHI that it creates, has access to, or transmits. Business Associate will also ensure that any agent, including a subcontractor, to whom it provides such information, agrees to implement reasonable and appropriate safeguards to protect such information. Privacy Provisions. The enhanced HIPAA privacy requirements including but not necessarily limited to accounting for certain PHI disclosures for treatment, restrictions on the sale of PHI, restrictions on marketing and fundraising communications, payment and health care operations contained Subtitle D of the HITECH Act that apply to the Covered entity shall apply to the Business Associate to the extent applicable to the Business Associate. 3. Application of Civil and Criminal Penalties. If Business Associate violates any security or privacy provision specified in subparagraphs (1) and (2) above, sections 1176 and 1177 of the Social Security Act (42 U,S.C, 1320d-5, 1320d-5) shall apply to Business Associate with respect to such violation in the same manner that such sections apply to Covered Entity if it violates such provisions. G. Term and Termination. 1. Term. This Agreement shall be effective as of the Effective Date and shall be terminated when all PHI provided to Business Associate by Covered Entity, or created or received by Business Associate on behalf of Covered Entity, is destroyed or returned to Covered Entity. 2. Termination for Cause. Upon Covered entity's knowledge of a material breach by Business Associate, Covered Entity shall provide an opportunity for Business Associate to cure the breach or end the violation and terminate this Agreement, Business Associate Agreement v. 202202 Page 8 STRAC-BAA continued if Business Associate does not cure the breach or end the violation within the time specified by Covered Entity. 3. Effect of Termination. Upon termination of this Agreement for any reason, Business Associate agrees to return or destroy all PHI received from Covered Entity or created or received by Business Associate on behalf of Covered Entity, maintained by Business Associate in any form. If Business Associate determines that the return or destruction of PHI is not feasible, Business Associate shall inform Covered Entity in writing of the reason thereof, and shall agree to extend the protections of this Agreement to such PHI and limit further uses and disclosures of the PHI to those purposes that make the return or destruction of the PHI not feasible for so long as Business Associate retains the PHI. H. Miscellaneous. 1. Rights of Proprietary Information. Covered Entity retains any and all rights to the proprietary information, confidential information, and PHI it releases to Business Associate. 2. Survival. The respective rights and obligations of Business Associate under Section E of this Agreement shall survive the termination of this Agreement. 3. Notices. Any notices pertaining to this Agreement shall be given in writing and shall be deemed duly given when personally delivered to a Party or a Party's authorized representative as listed below or sent by means of a reputable overnight carrier, or sent by means of certified mail, return receipt requested, postage prepaid. A notice sent by certified mail shall be deemed given on the date of receipt or refusal of receipt. All notices shall be addressed to the appropriate Party as follows: If to Covered Entity: Schertz EMS Department 1400 Schertz Parkway Building 7 Schertz, TX 78154 If to Business Associate: Southwest Texas Regional Advisory Council (STRAC) 7500 US Hwy 90 AT&T Building Suite 200 San Antonio, Texas 78227 Attn: EXECUTIVE DIRECTOR Phone Number: 210-233-5850 4. Amendments. This Agreement may not be changed or modified in any manner except by an instrument in writing signed by a duly authorized officer of each of Business Associate Agreement v. 202202 Page 9 STRAC-BAA continued the Parties hereto. The Parties, however, agree to amend this Agreement from time to time as necessary, in order to allow Covered Entity's to comply with the requirements of the HIPAA Rules. S. Choice of Law. This Agreement and the rights and the obligations of the Parties hereunder shall be governed by and construed under the laws of the State of Texas, without regard to applicable conflict of laws principles. 6. Assignment of Rights and Delegation of Duties. This Agreement is binding upon and inures to the benefit of the Parties hereto and their respective successors and permitted assigns. However, neither Party may assign any of its rights or delegate any of its obligations under this Agreement without the prior written consent of the other Party, which consent shall not be unreasonably withheld or delayed. Notwithstanding any provisions to the contrary, however, Covered Entity retains the right to assign or delegate any of its rights or obligations hereunder to any of its wholly owned subsidiaries, affiliates or successor companies. Assignments made in violation of this provision are null and void. 7. Nature of Agreement. Nothing in this Agreement shall be construed to create (i) a partnership, joint venture or other joint business relationship between the Parties or any of their affiliates, (ii) any fiduciary duty owed by one Party to another Party or any of its affiliates, or (iii) a relationship of employer and employee between the Parties. 8. No Waiver. Failure or delay on the part of either Party to exercise any right, power, privilege or remedy hereunder shall not constitute a waiver thereof. No provision of this Agreement may be waived by either Party except by a writing signed by an authorized representative of the Party making the waiver. 9. Severability. The provisions of this Agreement shall be severable, and if any provision of this Agreement shall be held or declared to be illegal, invalid or unenforceable, the remainder of this Agreement shall continue in full force and effect as though such illegal, invalid or unenforceable provision had not been contained herein. 10. No Third Party Beneficiaries. Nothing in this Agreement shall be considered or construed as conferring any right or benefit on a person not party to this Agreement nor imposing any obligations on either Party hereto to persons not a party to this Agreement. 11.INDEMNIFICATION. BA WILL INDEMNIFY, DEFEND AND HOLD COVERED ENTITY AND ITS OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, SUCCESSORS AND ASSIGNS HARMLESS, FROM AND AGAINST ANY AND ALL LOSSES, LIABILITIES, DAMAGES, COSTS AND EXPENSES ARISING OUT OF OR RELATED TO ANY THIRD -PARTY CLAIM BASED UPON ANY BREACH OF THIS AGREEMENT BYBA INACCORDANCE WITH Business Associate Agreement v. 202202 Page 10 STRAC-BAA continued THE INDEMNITY PROVISIONS IN THE SERVICECONTRACT, WHICH ARE HEREB Y INCORPORA TED BY REFERENCE FOR ALL PURPOSES. 12. Headings. The descriptive headings of the articles, sections, subsections, exhibits and schedules of this Agreement are inserted for convenience only, do not constitute a part of this Agreement and shall not affect in any way the meaning or interpretation of this Agreement. 13. Entire Agreement. This Agreement, together with all Exhibits, Riders and amendments, if applicable, which are fully completed and signed by authorized persons on behalf of both Parties from time to time while this Agreement is in effect, constitutes the entire Agreement between the Parties hereto with respect to the subject matter hereof and supersedes all previous written or oral understandings, agreements, negotiations, commitments, and any other writing and communication by or between the Parties with respect to the subject matter hereof. In the event of any inconsistencies between any provisions of this Agreement in any provisions of the Exhibits, Riders, or amendments, the provisions of this Agreement shall control. 14. Interpretation. Any ambiguity in this Agreement shall be resolved in favor of a meaning that permits Covered Entity to comply with the HIPAA Rules and any applicable state confidentiality laws. The provisions of this Agreement shall prevail over the provisions of any other agreement that exists between the Parties that may conflict with, or appear inconsistent with, any provision of this Agreement or the HIPAA Rules. 15. Re2ulatory References. A citation in this Agreement to the Code of Federal Regulations shall mean the cited section as that section may be amended from time to time. Business Associate Agreement v. 202202 Page 11 STRAC-BAA continued 16. Agreed to: BUSINESS ASSOCIATE COVERED ENTITY Southwest Texas Regional Advisory Council (STRAC) SCHERTZ EMS DEPARTMENT 7500 US Hwy 90 AT&T Building Suite 200 San Antonio, Texas 78227 1400 Schertz Parkway Building 7 Schertz, TX 78154 BY: (Authorized Signature) BY: (Authorized Signature) NAME: ERIC EPLEY NAME: STEVE WILLIAMS TITLE: EXECUTIVE DIRECTOR TITLE: CITY MANAGER DATE: DATE: Business Associate Agreement v. 202202 Page 12 NW-11 - G CE Southwest Texas Regional Advisory Council Business Associate Agreement Provisions This Business Associate Agreement (the "Agreement"), is made as of the 8th day of June, 2023 (the "Effective Date"), by and between Business Associate and Covered Entity (collectively the "Parties") to comply with privacy standards adopted by the U.S. Department of Health and Human Services as they may be amended from time to time, 45 C.F.R. parts 160 and 164 ("the Privacy Rule") and security standards adopted by the U.S. Department of Health and Human Services as they may be amended from time to time, 45 C.F.R. parts 160, 162 and 164, subpart C ("the Security Rule"), and the Health Information Technology for Economic and Clinical Health (HITECH) Act, Title XIII of Division A and Title IV of Division B of the American Recovery and Reinvestment Act of 2009 and regulations promulgated there under and any applicable state confidentiality laws. RECITALS WHEREAS, Business Associate provides City of Schertz Fire Department electronic patient care record and management system and/or clinical registries to or on behalf of Covered Entity; WHEREAS, in connection with these services, Covered Entity discloses to Business Associate certain protected health information that is subject to protection under the HIPAA Rules; and WHEREAS, the HIPAA Rules require that Covered Entity receive adequate assurances that Business Associate will comply with certain obligations with respect to the PHI received in the course of providing services to or on behalf of Covered Entity. NOW THEREFORE, in consideration of the mutual promises and covenants herein, and for other good and valuable consideration, the receipt and sufficiency of which is hereby acknowledged, the Parties agree as follows: A. Definitions. Terms used herein, but not otherwise defined, shall have meaning ascribed by the Privacy Rule and the Security Rule. 1. Breach. A "breach" under the Privacy Rule § 164.402 means the acquisition, access, use, or disclosure of protected health information in a manner not permitted under Subpart E of this part which compromises the security or privacy of the protected health information. 2. Business Associate. "Business Associate" shall mean Southwest Texas Regional Advisory Council [STRAC]. 3. Covered Entity. "Covered Entity" shall mean AGENCY Business Associate Agreement v. 202202 STRAC-BAA continued 4. Designated Record Set. "Designated Record Set" under the HIPAA Privacy Rule 45 C.F.R. § 164.501 is a group of records maintained by or for a Covered Entity that is: (i) the medical records about Individuals maintained by or for a covered health care provider; (ii) The enrollment, payment, claims adjudication, and case or medical management record systems maintained by or for a health plan; or (iii) used, in whole or in part, by or for the covered entity to make decisions about individuals. For purposes of this definition, the term "record" means any item, collection, or grouping of information that includes protected health information and is maintained, collected, used, or disseminated by or for a covered entity. S. HIPAA Rules. The Privacy Rule and the Security Rule and amendments codified and promulgated by the HITECH Act are referred to collectively herein as "HIPAA Rules." 6. Individual. "Individual" shall mean the person who is the subject of the protected health information. 7. Protected Health Information ("PHI"). "Protected Health Information" or PHI shall mean individually identifiable health information that is transmitted or maintained in any form of the STRAC Clinical registries and electronic patient care records. 8. Required by Law. "Required by Law" shall mean a mandate contained in law that compels a use or disclosure of PHI. 9. Secretary. "Secretary" shall mean the Secretary of the Department of Health and Human Services or his or her Designee. 10. Sensitive Personal Information. As defined in Texas Business and Commerce Code (TBCC) Chapter 521, "Sensitive Personal Information" shall mean an individual's first name or last name in combination with any one or more of the following items, if the name and the items are not encrypted: a) social security number; driver's license number or government -issued identification number; account number or credit or debit card number in combination with any required security code, access code, or password that would permit access to an individual's financial account; or b) information that identifies an individual and relates to (1) the physical or mental health or condition of the individual; (2) the provision of health care to the individual; or 3) payment for the provision of health care to the individual. 11. Unsecured PHI. "Unsecured PHI" shall mean PHI that is not rendered unusable, unreadable, or indecipherable to unauthorized individuals through the use of a technology or methodology specified by the Secretary in the Business Associate Agreement v. 202202 Page 2 STRAC-BAA continued guidance issued under section 13402(h)(2) of Public Law 111-5 on the HHS Web site. B. Purposes for which PHI May Be Disclosed to Business Associate. In connection with the services provided by Business Associate to or on behalf of Covered Entity described in this Agreement, Covered Entity may disclose PHI to Business Associate for the purposes of system management and administration, creation of data extracts, creation and management of reports, data aggregation, systems performance improvement, and research. C. Obligations of Covered Entity. The covered entity shall: provide Business Associate a copy of its Notice of Privacy Practices ("Notice") produced by Covered Entity in accordance with 45 C.F.R. 164.520 as well as any changes to such Notice; 2. provide Business Associate with any changes in, or revocation of, authorizations by Individuals relating to the use and/or disclosure of PHI, if such changes affect Business Associate's permitted or required uses and/or disclosures; 3. notify Business Associate of any restriction to the use and/or disclosure of PHI to which Covered Entity has agreed in accordance with 45 C.F.R. 164.522, to the extent that such restriction may affect Business Associate's use or disclosure of PHI; 4. not request Business Associate to use or disclose PHI in any manner that would not be permissible under the Privacy rule if done by the Covered entity; S. notify Business Associate of any amendment to PHI to which Covered Entity has agreed that affects a Designated Record Set maintained by Business Associate; 6. Notify affected individuals of breaches in accordance with the breach notification provisions codified at 45 C.F.R. § 160.103 and section 13402 of the Health Information Technology for Economic and Clinical Health (HITECH) Act. D. Obligations of Business Associate. Business Associate agrees to comply with applicable federal and state confidentiality and security laws, specifically the provisions of the HIPAA Rules applicable to business associates, including: 1. Use and Disclosure of PHI. Except as otherwise permitted by this Agreement or applicable law, Business Associate shall not use or disclose PHI except as necessary to provide Services described above to or on behalf of Covered Entity, and shall not use or disclose PHI that would violate the HIPAA Rules if Business Associate Agreement v. 202202 Page 3 STRAC-BAA continued used or disclosed by Covered Entity. Business Associate may use and disclose PHI as necessary for the proper management and administration of Business Associate, or to carry out its legal responsibilities. Business Associate shall in such cases: (a) provide information and training to members of its workforce using or disclosing PHI regarding the confidentiality requirements of the HIPAA Rules and this Agreement; (b) obtain reasonable assurances from the person or entity to whom the PHI is disclosed that: (a) the PHI will be held confidential and further used and disclosed only as Required by Law or for the purpose for which it was disclosed to the person or entity; and (b) the person or entity will notify Business Associate of any instances of which it is aware in which confidentiality of the PHI has been breached; and (c) agree to notify the designated Privacy Officer of Covered Entity of any instances of which it is aware in which the PHI is used or disclosed for a purpose that is not otherwise provided for in this Agreement or for a purpose not expressly permitted by the HIPAA Rules. 2. Data Aggregation. In the event that Business Associate works for more than one Covered Entity, Business Associate is permitted to use and disclose PHI for data aggregation purposes, however, only in order to analyze data for permitted health care operations, and only to the extent that such use is permitted under the HIPAA Rules. 3. De -identified Information. Business Associate may use and disclose de - identified health information to include Limited Data Sets in compliance with the HIPAA Rules. Moreover, Business Associate shall review and comply with the requirements defined under Section E of this Agreement. 4. Safeguards. (a) Business Associate shall maintain appropriate safeguards to ensure that PHI is not used or disclosed other than as provided by this Agreement or as required by Law. Business Associate shall implement administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of any paper or electronic PHI it creates, receives, maintains, or transmits on behalf of Covered Entity. (b) Business Associate shall assure that all PHI be secured when accessed by Business Associate's employees, agents or subcontractor. Any access to PHI by Business Associate's employees, agents or Business Associate Agreement v. 202202 Page 4 STRAC-BAA continued subcontractors shall be limited to legitimate business needs while working with PHI. 5. Minimum Necessary. Business Associate shall ensure that all uses and disclosures of PHI are subject to the principle of "minimum necessary use and disclosure," i.e., that only PHI that is the minimum necessary to accomplish the intended purpose of the use, disclosure, or request is used or disclosed; and, the use of limited data sets when possible. 6. Disclosure to Agents and Subcontractors. If Business Associate discloses PHI received from Covered Entity, or created or received by Business Associate on behalf of Covered Entity, to agents, including a subcontractor, Business Associate shall require the agent or subcontractor to agree to the same restrictions and conditions as apply to Business Associate under this Agreement. Business Associate shall ensure that any agent, including a subcontractor, agrees to implement reasonable and appropriate safeguards to protect the confidentiality, integrity, and availability of the paper or electronic PHI that it creates, receives, maintains, or transmits on behalf of the Covered Entity. [45 CFR 164.504(e)(2,3,4), 164.502(e)(1)(ii)] 7. Individual Rights Regarding Designated Record Sets. If Business Associate maintains a Designated Record Set on behalf of Covered Entity Business Associate agrees as follows: (a) Individual Right to Copy or Inspection. Business Associate agrees that if it maintains a Designated Record Set for Covered Entity that is not maintained by Covered Entity, it will permit an Individual to inspect or copy PHI about the Individual in that set as directed by Covered Entity to meet the requirements of 45 C.F.R. § 164.524. If the PHI is in electronic format, the Individual shall have a right to obtain a copy of such information in electronic format and, if the Individual chooses, to direct that an electronic copy be transmitted directly to an entity or person designated by the individual in accordance with HITECH section 13405 (c). Under the Privacy Rule, Covered Entity is required to take action on such requests as soon as possible, but not later than 30 days following receipt of the request. Business Associate agrees to make reasonable efforts to assist Covered Entity in meeting this deadline. The information shall be provided in the form or format requested if it is readily producible in such form or format; or in summary, if the Individual has agreed in advance to accept the information in summary form. A reasonable, cost -based fee for copying health information may be charged. If Covered Entity maintains the requested records, Covered Entity, rather than Business Associate shall permit access according to its policies and procedures implementing the Privacy Rule. Business Associate Agreement v. 202202 Page 5 STRAC-BAA continued (b) Individual Right to Amendment. Business Associate agrees, if it maintains PHI in a Designated Record Set, to make amendments to PHI at the request and direction of Covered Entity pursuant to 45 C.F.R. 164.526. If Business Associate maintains a record in a Designated Record Set that is not also maintained by Covered Entity, Business Associate agrees that it will accommodate an Individual's request to amend PHI only in conjunction with a determination by Covered Entity that the amendment is appropriate according to 45 C.F.R. § 164.526. (c) Accounting, of Disclosures. Business Associate agrees to maintain documentation of the information required to provide an accounting of disclosures of PHI, whether PHI is paper or electronic format, in accordance with 45 C.F.R. § 164.528 and HITECH Sub Title D Title VI Section 13405 (c), and to make this information available to Covered Entity upon Covered Entity's request, in order to allow Covered Entity to respond to an Individual's request for accounting of disclosures. Under the Privacy Rule, Covered Entity is required to take action on such requests as soon as possible but not later than 60 days following receipt of the request. Business Associate agrees to use its best efforts to assist Covered Entity in meeting this deadline but not later than 45 days following receipt of the request. 8. Internal Practices. Policies and Procedures. Except as otherwise specified herein, Business Associate shall make available its internal practices, policies and procedures relating to the use and disclosure of PHI, received from or on behalf of Covered Entity to the Secretary or his or her agents for the purpose of determining Covered Entity's and/or Business Associate's compliance with the HIPAA Rules, or any other health oversight agency, or to Covered Entity. Records requested that are not protected by an applicable legal privilege will be made available in the time and manner specified by Covered Entity or the Secretary. 9. Notice of Privacy Practices. Business Associate shall abide by the limitations of Covered Entity's Notice of which it has knowledge. 10. Withdrawal of Authorization. If the use or disclosure of PHI in this Agreement is based upon an Individual's specific authorization for the use or disclosure of his or her PHI, and the Individual revokes such authorization, the effective date of such authorization has expired, or such authorization is found to be defective in any manner that renders it invalid, Business Associate shall, if it has notice of such revocation, expiration, or invalidity, cease the use and disclosure of the Individual's PHI except to the extent it has relied on such use or disclosure, or if an exception under the Privacy Rule expressly applies. Business Associate Agreement v. 202202 Page 6 STRAC-BA.A continued 11. Knowledge of HIPAA Rules. Business Associate agrees to comply with the applicable requirements of the HIPAA Rule, as well as any applicable amendments. 12. Information Breach Notification for PHI. Business Associate expressly recognizes that Covered Entity has certain reporting and disclosure obligations to the Secretary and the Individual in case of a security breach of unsecured PHI. Where Business Associate accesses, maintains, retains, modifies, records, stores, destroys, or otherwise holds, uses or discloses unsecured paper or electronic PHI, Business Associate immediately following the discovery of a breach of such information, shall notify Covered Entity of such breach. Initial notification of the breach does not need to be in compliance with Sub Title D Title IV Section 13402 of the HITECH Act; however, Business Associate must provide Covered Entity with all information necessary for Covered Entity to comply with Sub Title D Title IV Section 13402 of the HITECH Act without reasonable delay, and in no case later than 30 days following the discovery of the breach. 13. Breach Notification to Individuals. Business Associate's duty to notify Covered Entity of any breach does not permit Business Associate to notify those individuals whose PHI has been breached by Business Associate without the express written permission of Covered Entity to do so. Any and all notification to those individuals whose PHI has been breached shall be made under the direction, review and control of Covered Entity. The Business Associate will notify the Privacy Officer via telephone with follow-up in writing to include; name of individuals whose PHI was breached, information breached, date of breach, form of breach, etc. 14. Information Breach Notification for Other Sensitive Personal Information. In addition to the reporting under Section D.11, Business Associate shall notify Covered Entity of any breach of computerized sensitive personal information to assure Covered Entity's compliance with the notification requirements of Title 11, Subtitle B, Chapter 521, Subchapter A, Section 521.053, and Texas Business & Commerce Code. E. Permitted Uses and Disclosures by Business Associates. Except as otherwise limited in this Agreement, Business Associate may use or disclose Protected Health Information to perform functions, activities, or services for, or on behalf of, Covered Entity as specified in this Business Associates Agreement, provided that such use or disclosure would not violate the HIPAA Rules if done by Covered Entity or the minimum necessary policies and procedures of the Covered Entity. Also, Business Associate may use PHI to report violations of law to appropriate Federal and State authorities, consistent with the HIPAA Rules _Business Associate acknowledges and agrees that Covered Entity owns all right, title, and interest in and to all PHI, and that such right, title, and interest will be vested in Business Associate Agreement v. 202202 Page 7 STRAC-BAA continued Covered Entity. Neither Business Associate nor any of its employees, agents, consultants or assigns will have any rights in any of the PHI, except as expressly set forth above. F. Application of Security and Privacy Provisions to Business Associate. 1. Security Measures. Sections 164.308, 164.310, 164.312 and 164.316 of Title 45 of the Code of Federal Regulations dealing with the administrative, physical and technical safeguards as well as policies, procedures and documentation requirements that apply to Covered Entity shall in the same manner apply to Business Associate. Any additional security requirements contained in Sub Title D of Title IV of the HITECH Act that apply to Covered Entity shall also apply to Business Associate. Pursuant to the foregoing requirements in this section, the Business Associate will implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the paper or electronic PHI that it creates, has access to, or transmits. Business Associate will also ensure that any agent, including a subcontractor, to whom it provides such information, agrees to implement reasonable and appropriate safeguards to protect such information. 2. Privacy Provisions. The enhanced HIPAA privacy requirements including but not necessarily limited to accounting for certain PHI disclosures for treatment, restrictions on the sale of PHI, restrictions on marketing and fundraising communications, payment and health care operations contained Subtitle D of the HITECH Act that apply to the Covered entity shall apply to the Business Associate to the extent applicable to the Business Associate. 3. Application of Civil and Criminal Penalties. If Business Associate violates any security or privacy provision specified in subparagraphs (1) and (2) above, sections 1176 and 1177 of the Social Security Act (42 U,S.C, 1320d-5, 1320d-5) shall apply to Business Associate with respect to such violation in the same manner that such sections apply to Covered Entity if it violates such provisions. G. Term and Termination. 1. Term. This Agreement shall be effective as of the Effective Date and shall be terminated when all PHI provided to Business Associate by Covered Entity, or created or received by Business Associate on behalf of Covered Entity, is destroyed or returned to Covered Entity. 2. Termination for Cause. Upon Covered entity's knowledge of a material breach by Business Associate, Covered Entity shall provide an opportunity for Business Associate to cure the breach or end the violation and terminate this Agreement, Business Associate Agreement v. 202202 Page 8 STRAC-BAA continued if Business Associate does not cure the breach or end the violation within the time specified by Covered Entity. 3. Effect of Termination. Upon termination of this Agreement for any reason, Business Associate agrees to return or destroy all PHI received from Covered Entity or created or received by Business Associate on behalf of Covered Entity, maintained by Business Associate in any form. If Business Associate determines that the return or destruction of PHI is not feasible, Business Associate shall inform Covered Entity in writing of the reason thereof, and shall agree to extend the protections of this Agreement to such PHI and limit further uses and disclosures of the PHI to those purposes that make the return or destruction of the PHI not feasible for so long as Business Associate retains the PHI. H. Miscellaneous. 1. Rights of Proprietary Information. Covered Entity retains any and all rights to the proprietary information, confidential information, and PHI it releases to Business Associate. 2. Survival. The respective rights and obligations of Business Associate under Section E of this Agreement shall survive the termination of this Agreement. 3. Notices. Any notices pertaining to this Agreement shall be given in writing and shall be deemed duly given when personally delivered to a Party or a Party's authorized representative as listed below or sent by means of a reputable overnight carrier, or sent by means of certified mail, return receipt requested, postage prepaid. A notice sent by certified mail shall be deemed given on the date of receipt or refusal of receipt. All notices shall be addressed to the appropriate Party as follows: If to Covered Enti . Schertz Fire Department 1400 Schertz Parkway Building 8 Schertz, TX 78154 If to Business Associate: Southwest Texas Regional Advisory Council (STRAC) 7500 US Hwy 90 AT&T Building Suite 200 San Antonio, Texas 78227 Attn: EXECUTIVE DIRECTOR Phone Number: 210-233-5850 4. Amendments. This Agreement may not be changed or modified in any manner except by an instrument in writing signed by a duly authorized officer of each of Business Associate Agreement v. 202202 Page 9 STRAC-BAA continued the Parties hereto. The Parties, however, agree to amend this Agreement from time to time as necessary, in order to allow Covered Entity's to comply with the requirements of the HIPAA Rules. 5. Choice of Law. This Agreement and the rights and the obligations of the Parties hereunder shall be governed by and construed under the laws of the State of Texas, without regard to applicable conflict of laws principles. 6. Assignment of Rights and Delegation of Duties. This Agreement is binding upon and inures to the benefit of the Parties hereto and their respective successors and permitted assigns. However, neither Party may assign any of its rights or delegate any of its obligations under this Agreement without the prior written consent of the other Party, which consent shall not be unreasonably withheld or delayed. Notwithstanding any provisions to the contrary, however, Covered Entity retains the right to assign or delegate any of its rights or obligations hereunder to any of its wholly owned subsidiaries, affiliates or successor companies. Assignments made in violation of this provision are null and void. 7. Nature of Agreement. Nothing in this Agreement shall be construed to create (i) a partnership, joint venture or other joint business relationship between the Parties or any of their affiliates, (ii) any fiduciary duty owed by one Party to another Party or any of its affiliates, or (iii) a relationship of employer and employee between the Parties. 8. No Waiver. Failure or delay on the part of either Party to exercise any right, power, privilege or remedy hereunder shall not constitute a waiver thereof. No provision of this Agreement may be waived by either Party except by a writing signed by an authorized representative of the Party making the waiver. 9. Severability. The provisions of this Agreement shall be severable, and if any provision of this Agreement shall be held or declared to be illegal, invalid or unenforceable, the remainder of this Agreement shall continue in full force and effect as though such illegal, invalid or unenforceable provision had not been contained herein. 10. No Third Party Beneficiaries. Nothing in this Agreement shall be considered or construed as conferring any right or benefit on a person not party to this Agreement nor imposing any obligations on either Party hereto to persons not a party to this Agreement. 11. INDEMNIFICA TION. BA WILL INDEMNIFY, DEFEND AND HOLD COVERED ENTITY AND ITS OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, SUCCESSORS AND ASSIGNS HARMLESS, FROM AND AGAINST ANY AND ALL LOSSES, LIABILITIES, DAMAGES, COSTS AND EXPENSES ARISING OUT OF OR RELATED TO ANY THIRD PARTY CLAIM BASED UPONANY BREACH OF THIS AGREEMENT BYBA INACCORDANCE WITH Business Associate Agreement v.202202 Page 10 STRAC-BAA continued THE INDEMNITY PROVISIONS IN THE SERVICECONTRACT, WHICH ARE HEREBYINCORPORATED BYREFERENCE FOR ALL PURPOSES. 12. Headings. The descriptive headings of the articles, sections, subsections, exhibits and schedules of this Agreement are inserted for convenience only, do not constitute a part of this Agreement and shall not affect in any way the meaning or interpretation of this Agreement. 13. Entire Agreement. This Agreement, together with all Exhibits, Riders and amendments, if applicable, which are fully completed and signed by authorized persons on behalf of both Parties from time to time while this Agreement is in effect, constitutes the entire Agreement between the Parties hereto with respect to the subject matter hereof and supersedes all previous written or oral understandings, agreements, negotiations, commitments, and any other writing and communication by or between the Parties with respect to the subject matter hereof. In the event of any inconsistencies between any provisions of this Agreement in any provisions of the Exhibits, Riders, or amendments, the provisions of this Agreement shall control. 14. Interpretation. Any ambiguity in this Agreement shall be resolved in favor of a meaning that permits Covered Entity to comply with the HIPAA Rules and any applicable state confidentiality laws. The provisions of this Agreement shall prevail over the provisions of any other agreement that exists between the Parties that may conflict with, or appear inconsistent with, any provision of this Agreement or the HIPAA Rules. 15. Regulatory References. A citation in this Agreement to the Code of Federal Regulations shall mean the cited section as that section may be amended from time to time. Business Associate Agreement v. 202202 Page 11 STRAC-BAA continued 16. Agreed to: BUSINESS ASSOCIATE COVERED ENTITY Southwest Texas Regional Advisory Council (STRAC) SCHERTZ FIRE DEPARTMENT 7500 US Hwy 90 AT&T Building Suite 200 San Antonio, Texas 78227 1400 Schertz Parkway Building 8 Schertz, TX 78154 BY: BY: (Authorized Signature) (Authorized Signature) NAME: ERIC EPLEY NAME: STEVE WILLIAMS TITLE: EXECUTIVE DIRECTOR TITLE: CITY MANAGER DATE: DATE: Business Associate Agreement v. 202202 Page 12 STRAC ELECTRONIC RECORDS MANAGEMENT SYSTEM (eRMS) PROJECT INTERLOCAL COOPERATION AGREEMENT This PROJECT AGREEMENT ("Agreement"), is entered into by the following parties: the Southwest Texas Regional Advisory Council ("STRAC"), a Texas non-profit corporation created by Texas law and regulations, and City of Schertz, Texas ("Agency"), a political subdivision of the State of Texas. Recitals It is the purpose of this Agreement to establish a cooperative and mutually beneficial relationship between the parties and to set forth the relative responsibilities of the parties as they relate to the provision of certain electronic records management software (eRMS) services, as further described in Schedule A, by STRAC to Agency. STRAC is the Regional EMS/Trauma Advisory Council designated by the Texas Department of State Health Services ("DSHS") in the STRAC region (Trauma Service Area — P, TSA-P). STRAC has licensed certain eRMS software from ImageTrend for providing electronic records management software services, including electronic Patient Care Records (ePCR) and/or Fire Record Management System (FireRMS). STRAC is designated by DSHS to design, implement and maintain the Regional EMS/Trauma, Disaster and Emergency Healthcare System for Trauma Service Area — P (TSA-P) and will provide overall coordination and management to the eRMS project and as such has an interest to provide cost effective software solutions to member agencies. STRAC is providing the eRMS solution to eligible EMS member agencies, Fire Departments and other public safety agencies on a software as a service basis in a co-operative fashion, leveraging economies of scale by having multiple public safety member agencies subscribe through STRAC to utilize STRAC's pricing with ImageTrend for the eRMS system. Agency has an interest in and need to have an electronic records management system to increase capability and performance for the jurisdiction or population it serves Agreement Accordingly, both Agency and STRAC agree as follows: I. LEGAL AUTHORITY STRAC represents and warrants that: 1. STRAC is a Texas non-profit corporation organized to provide one or more governmental functions and services described in Texas Administrative Code Title 25, Part 1, Chapter 157. 2. STRAC possesses adequate legal authority to enter into this Agreement. 3. The governing body of STRAC believes that this Agreement is beneficial to the public. 4. STRAC has valid and enforceable licenses and all other necessary legal authority to grant Agency the right to use the software services to be provided under this Agreement. The Agency represents and warrants that: 1. The Agency possesses adequate legal authority to enter into this Agreement. STRAC eRMS Agreement 2. The governing body of the Agency believes that this Agreement is beneficial to the public and that the Agency has the legal authority to provide the governmental function which is the subject of this Agreement. 3. The Agency is an active member in good standing and is licensed through the Texas DSHS. Il. STATEMENT OF SERVICES TO BE PERFORMED: STRAC shall provide services as set forth in the attached "Schedule (A), eRMS Project." Services listed in Schedule (A) provided by STRAC under this Agreement or assigned to the Agency as eRMS Project -specific services are provided to the Agency by STRAC at the rates in Schedule (B), eRMS Project Pricing. The Agency is responsible for all costs associated with implementing and operating the eRMS Project as provided for in the attached Schedules, including all costs of wireless data, GPS and hardware equipment and any utility services required to enable the eRMS Project to function correctly. Schedules (A) and (B), are incorporated in this Agreement for all purposes. III. TERM OF AGREEMENT: This Agreement is effective as of the 06/08/2023 ("Effective Date.") The initial term of this Agreement continues for one (1) year from the Effective Date ("Term"). At the end of the Term, this Agreement automatically renews on each anniversary of the Effective Date for five (5) consecutive years, unless earlier terminated by the parties in accordance with paragraph IV. The maximum duration of this contract is six (6) years. IV. TERMINATION AND DISPUTE RESOLUTION: This Agreement may be terminated by either the Agency or STRAC if either party in its sole discretion requests termination in writing to the other party, with 60 days prior notice. When mediation is acceptable to both parties in resolving a dispute arising under this Agreement, the parties agree to use a mutually agreed upon mediator, or a person appointed by a court of competent jurisdiction, for mediation as described in section 154.023 of the Texas Civil Practice and Remedies Code. Unless both parties are satisfied with the result of the mediation, the mediation is not a final and binding resolution of the dispute. All communications within the scope of the mediation shall remain confidential as described in section 154.073 of the Texas Civil Practice and Remedies Code, unless both parties agree, in writing, to waive the confidentiality. V. VENUE This Agreement and all of the transactions described herein shall be governed by and construed in accordance with the laws of the State of Texas. All obligations under this Agreement are performable in Bexar County, Texas. VI. GENERAL PROVISIONS: 1. This Agreement is entered into by the duly authorized officials of each respective party. 2. Any notice required pursuant to this Agreement must be in writing and is properly given if hand delivered, or sent by certified or registered mail, or overnight courier service, to the STRAC—eRMS 20230001 Page 2 of 10 v.1/2023 STRAC eRMS Agreement parties either at the address below for or at such other address as the parties from time to time specify by written notice pursuant to this Section. Any such notice is considered delivered on the date of delivery if hand delivered, or upon confirmation if sent by certified or registered mail or an overnight courier service. If to STRAC: STRAC Attention: Executive Director 7500 Highway 90 West AT&T Building, Suite 200 San Antonio, Texas 78227 If to Agency: Schertz Fire Department 1400 Schertz Parkway Building 8 Schertz, TX 78154 3. To the extent authorized by the laws of the State of Texas, STRAC and the Agency are not liable for any lost profits, special, incidental, consequential, or punitive damages, for breach of any express or implied warranties or otherwise. STRAC and the Agency do not warrant, expressly or implied, and does not represent that the software or services provided under this Agreement are without defect, interruption, or suited for particular purposes or uses. 4. During the term of this Agreement and any extensions of it, the Agency, to the extent permitted by law assumes liability arising from the misuse or erroneous employment, deployment, redeployment, and reconstitution of the eRMS Project and supporting equipment in accordance with the provisions of law and regulations which govern its activities. This assumption of liability does not apply to claims of infringement of intellectual property rights for actions that are not in breach of this Agreement. 5. If any provision of this Agreement is held to be illegal, invalid or unenforceable in any respect, such illegality, invalidity or unenforceability shall not affect any other provision of this Agreement, and this Agreement shall be construed as if that invalid, illegal or unenforceable provision had never been included in this Agreement. In computing any period of time pursuant to this Agreement, the first day is excluded and the last day included except that if the last day falls on a Saturday, Sunday, or a day Agency has declared a holiday for its employees, these days shall be omitted. All hours stated in this Agreement are stated in Central Time as recognized in San Antonio, Texas. Words of any gender in this Agreement shall be construed to include any other genders and words in singular shall be construed to include plural and vice versa unless the context in the Agreement clearly requires otherwise. Headings and titles at the beginning of the various provisions of this Agreement have been included only to make it easier to locate the subject matter covered by that part, section or subsection and are not to be used in interpreting this Agreement. 6. Both parties understand that each will fulfill its responsibilities under this Agreement in accordance with the provisions of law and regulations which govern their activities. Nothing in this Agreement is intended to negate or otherwise render ineffective any such provisions or operating procedures. If at any time either party is unable to perform its functions under this Agreement consistent with such parry's statutory and regulatory mandates or authority, the affected party shall immediately provide written notice to the other to establish a date for mutual resolution of the conflict. Resolution may include forfeiture of the use and return to STRAC of those assets described in the Schedule (A). 7. Assi,nment. The parties to this Agreement shall not assign any of the rights or obligation under this Agreement without the prior written consent of the other party. No official, STRAC_eRMS_20230001 Page 3 of 10 v.1/2023 STRAC eRMS Agreement employee, representative or agent of Agency has the authority to approve any assignment under this Agreement unless that specific authority is expressly granted by Agency. The terms, provisions, covenants, obligations and conditions of this Agreement are binding upon and inure to the benefit of the successors in interest and the assigns of the parties to this Agreement if the assignment or transfer is made in compliance with the provisions of this Agreement. Without the prior written approval or the prior written waiver of this right of approval from Agency, STRAC shall not enter into any subcontracts for any service or activity relating to the performance of this Agreement other than the contract with ImageTrend. STRAC acknowledges that no officer, agent, employee or representative of the Agency, has the authority to grant such approval or waiver unless expressly granted that specific authority by Agency 8. If a change of name is required, the Agency shall be notified immediately. No change in the obligation of or to STRAC will be recognized until it is approved by the Agency. 9. This Agreement constitutes the entire agreement of the parties with respect to the subject matter of it, and supersedes any prior understanding or written or oral agreements between the parties with respect to the subject matter of this Agreement. 10. No amendment, modification, or alteration of the terms of the Agreement is binding on either party unless the same is in writing, is dated subsequent to the date of this Agreement, and is duly executed by the party against whom enforcement is sought except that the Agency may, with consent of STRAC, at any time, by written document, make changes within the general scope of this Agreement in any aspect of Agreement to correct errors of a general administrative nature or other mistakes, the correction of which does not affect the scope of the Agreement and does not result in expense to the STRAC. 11. Each person signing this Agreement on behalf of a party confirms for the benefit of the other party that any requisite approvals from the governing body of the signing party have been obtained, and all prerequisites to the execution, delivery, and performance of this Agreement have been obtained by or on behalf of that party. 12. Force Majeure — Either party may be excused from performance under this Agreement for any period that the party is prevented from performing its obligations in whole or in part as a result of any act of God, war, civil disturbance, epidemic, court order, or other event outside the control of such party, provided the party seeking to be excused has prudently and promptly acted to take any and all reasonable corrective measures that are within that party's control. 13. Neither party has authority for or on behalf of the other as to the subject matter of this Agreement, except as provided in this Agreement. No other authority, power, partnership, use, or rights are granted or implied except as provided by Texas or federal laws and regulations, and as defined in the Agreement and Schedule (A) to it. 14. Neither party may incur any debt, obligation, expense, or liability of any kind on behalf of the other party without the other parry's express written approval. 15. To the extent permitted by law, the Agency will defend and indemnify STRAC, its directors, employees, agents, and representatives (the "Indemnitees") and hold the Indemnitees harmless against any damage, claims, suits, actions, liabilities, loss, penalties, costs, and expenses including, without limitation, reasonable attorneys' fees arising out of or alleged to have arisen from or in any way connected to: i. The misuse by the Agency of the eRMS Project and issued equipment, ii. a breach of any of the representations, warranties, or obligations of this agreement by the Agency; and/or iii. any claim (whether founded or unfounded) of any nature or character, arising out of or alleged to have arisen from or in any way connected to any actual or alleged STRAC_eRMS_20230001 Page 4 of 10 v.1/2023 STRAC eRMS Agreement negligence or dishonesty of, or any actual or alleged act of commission or omission by the Agency or any of its employees, agents, representatives or contractors. 16. STRAC will defend and indemnify the Agency, its elected officials, directors, officers, employees, agents and representatives (the "Agency Indemnities") and hold the Agency Indemnities harmless against any damages, claims, suits, actions, liabilities, loss, penalties, costs, and expenses including without limitation reasonable attorneys' fees arising out of or alleged to have arisen from or in any way connected to: i. any infringement of any applicable copyrights, licenses or other intellectual property or proprietary rights which may exist on materials used in this Agreement and any rights granted to Agency shall apply for the duration of this Agreement. ii. a breach of any of the representations, warranties, or obligations of this Agreement by STRAC; and/or iii. any claim (whether founded or unfounded) of any nature or character arising out of or alleged to have arisen from or in any way connected to any actual or alleged negligence or dishonesty of, or any actual or alleged act of commission or omission by STRAC, or any of its employees, agents, representatives or contractors. 17. STRAC certifies that at the time of execution of this Agreement, it is not on the federal government's list of suspended, ineligible, or debarred contractors. If the STRAC is placed on the list during the term of this Agreement, STRAC shall notify the Agency. False certification or failure to notify may result in terminating this Agreement. AGREEMENT SIGNATURES: The undersigned parties bind themselves to the faithful performance of the Agreement. It is mutually understood that this Agreement shall be effective if signed by a person authorized to do so according to the normal operating procedures of that party. If the governing body of a party is required to approve this Agreement, it does not become effective until approved by the governing body of that party. In that event, when this Agreement is executed by the duly authorized official(s) of the party as expressed in an approving resolution or order of the governing body of that party, a copy of the resolution or order shall be attached to this Agreement. [Remainder of Page Intentionally Blank; Signature Page Attached] STRAC_eRMS_20230001 Page 5 of 10 v.1/2023 STRAC eRMS Agreement [Signature Page to STRAC eRMS Agreement] APPROVED AS TO FORM AND LEGALITY: City of Schertz Fire Department By: Steve Williams, City Manager Date of Signature APPROVED AS TO FORM AND LEGALITY: Southwest Texas Regional Advisory Council By' - Eric Epley, Executive Director Date of Signature STRAC_eRMS_20230001 Page 6 of 10 v.1/2023 STRAC eRMS Agreement SCHEDULE (A) eRMS PROJECT I. Project Description The eRMS Project shall include the provision of Fire and EMS records management service Agency on a Software as a Service basis. The system includes: • Patient Care Reporting • Fire Incident Reporting • Personnel Management • Continuous Quality Improvement Module • Community Health Records Management • Training Records Management • Activity Tracking • Inventory Management • Occupancies and Fire Inspections • Reporting, Dashboards, and Data Analysis • Integration with Agency CAD system • Integration with Agency monitor/defibrillator hardware • State compliant NEMSIS reporting • State compliant NFIRS reporting • STRAC technical support II. Purpose of the eRMS Project The eRMS Project supports day to day operations of agencies in TSA-P while also increasing efficiencies with regard to patient care documentation, patient billing, performance improvement, reporting and Fire and EMS operations. III. Comvliance with Convrishts STRAC warrants that all applicable copyrights, licenses and other intellectual property and proprietary rights which may exist on materials used in this Agreement and any rights granted to Agency shall apply for the duration of this Agreement have been adhered to and further warrants that Agency shall not be liable for any infringement of these copyrights, licenses and other rights. ----- End of Schedule A ----- STRAC_eRMS 20230001 Page 7 of 10 v.1/2023 STRAC eRMS Agreement SCHEDULE (B) eRMS Project Pricin� I. Rates STRAC shall invoice Agency based on the following rates: eRMS Software Service: Annual Fees: Annual Agency Fee: $3,000/year (billed annually each September 1 for life of agreement) Per Run Fee: $3.00/run (plus 3% annual increase effective each September 1 for life of agreement) based on the actual number of total runs in the previous agreement period of September 1 thru August 31. Runs are defined as those with unique incident run numbers. For example, an incident with a unique run number that generates multiple patients or an incident with a unique run number that has a fire and EMS response is counted as a single run. Example Calculations for First Fiscal Year and Second Fiscal Year First Year price for Schertz Fire Department startino_ September 1 _2023: Actual Number of Runs in prior calendar year as provided in your initial quote: 5,112 Per Run Fee: $3.00 Fees Qty Unit Price TOTAL Annual Agency Fee 1 $3,000.00 $3,000.00 Annual Per Run Fee 5,112 $3.00 $15,336.00 TOTAL Fees $18,336.00 Agency Annual Fee: $3,000 Agency Run Volume Fee: 5,112 runs x $3.00= $15,336.00 Total: $18,336.00 Second Year price for Schertz Fire Department starting September 1, 2024: Actual Number of Runs in prior year agreement period (9/1/23 thru 8/31/24) Per Run Fee: $3.00 x 3% annual increase = $3.09/Run Fees Qty Unit Price TOTAL Annual Agency Fee 1 $3,000.00 $3,000.00 Annual Per Run Fee 5,150 (est). $3.09 $15,913.50 STRAC—eRMS 20230001 Page 8 of 10 v.1/2023 STRAC eRMS Agreement TOTAL Fees $18,913.00 Agency Annual Fee: $3,000 Agency Run Volume Fee: 5,150 estimated runs x $3.09= $15,913.50 Total: $18,913.00 (for example purposes only; not binding) IL INVOICING/PAYMENTS: STRAC shall provide Agency with an Internal Revenue Form W-9, Request for Taxpayer Identification Number and Certification, that is completed in compliance with the Internal Revenue Code and its rules and regulations before any funds are payable. Agency shall pay STRAC by check upon satisfactory deployment and annually thereafter. STRAC will submit an invoice to the address below: Schertz Fire Department 1400 Schertz Parkway Building 8 Schertz, TX 78154 Invoices shall include at least the following information: • name, address, and telephone number of STRAC • name, address, and telephone number of payment location if different from STRAC address; • Agency Contract number; • identification of department deployed, products or services as outlined in this Agreement; • quantity or quantities, applicable unit prices, total prices, and total amount; and • any additional payment information called for by this Agreement. Payment shall be deemed to have been made on the date of mailing of the check. Agency may choose to make payment through a withhold of their County 911 funds. Accrual and payment of interest on overdue payments shall be governed by TEx. GOV'T CODE ANN., ch. 2251. III. Business Records STRAC shall maintain and make available all books, documents, and other evidence pertinent to the costs and expenses of this Agreement for inspection, audit or reproduction by any authorized representative of Agency to the extent this detail will properly reflect these costs to Agency. All required records shall be maintained until an audit is completed and all required questions arising therefrom are resolved, or three (3) years after completion of the Agreement term, whichever occurs first; however, the records shall be retained beyond the third year if an audit is in progress or the findings of a completed audit have not been resolved satisfactorily. STRAC_eRMS_20230001 Page 9 of 10 v.1/2023 STRAC eRMS Agreement ----- End of Schedule (B) ----- STRAC_eRMS_20230001 Page 10 of 10 v.1/2023