The URL can be used to link to this page

Home My Public Portal About2018-53 Approving an agreement with Maestro Health IncRESOLUTION NO.2018-53 A RESOLUTION OF THE MAYOR AND VILLAGE COUNCIL OF THE VILLAGE OF KEY BISCAYNE, FLORIDA, APPROVING AN AGREEMENT BETWEEN THE VILLAGE AND MAESTRO HEALTHO INC' FOR HEALTH ADMINISTRATION SERVICES; PROVIDING FOR AUTHORIZATION; AND PROVIDING FOR AN EFFECTIVE DATE. \ryHEREAS, the Village of Key Biscayne (the "Village") selected Continental American Insurance Company, Inc. ("Aflac") to provide group health insurance plans for its employees; and \ryHEREAS, Aflac, through Maestro Health, Inc. ("Maestro"), offers to its group insurance plans comprehensive administrative services for the following plans: Health Flexible Spending Arrangements ("Health FSA"), Dependent Care Flexible Spending Arrangements ("Dependent Care FSA"), and Health Savings Accounts ("HSA"Xthe "Setvices"); and WHEREAS, the Village and Maestro desire to enter into an agreement, in substantially the form attached hereto as Exhibit "4" (the "Agreement"), for Maestro to provide the Services; and WHEREAS, the Village finds that this Resolution is in the best interest and welfare of the residents of the Village. NOW, THEREFOREO BE IT RESOLVED BY THE MAYOR AND VILLAGE COUNCIL OF THE VILLAGE OF KEY BISCAYNE, FLORIDA, AS FOLLOWS: Section 1. Recitals. Each of the above-stated recitals are hereby adopted, confirmed, and incorporated herein. Section 2. Anproval. The Village Council hereby approves the Agreement with Maestro for the Services in substantially the form attached hereto as Exhibit ooA." Page 1 of3 Section 3. Authorization. The Village Manager is hereby authorized to execute the Agreement, in substantially the form attached hereto as Exhibit "4," subject to the Village Attomey's approval as to form, content and legal sufficiency. The Village Manager is also hereby authorized to implement the intent and purpose of this Resolution including termination of the current provider. Section 4. Effective Date. This Resolution shall take effect immediately upon adoption. PASSED and ADOPTED this 4th day of December,2018. MICHAEL W.AVEY, MAYOR ATTES INA, VILLAGE CLERK APPROVED AS TO FORM AND LEGAL SUFFICIENCY t VILLAGE ATTORNEY Page 2 of3 EXHIBIT A AGREEMENT BETWEEN THE VILLAGE OF KEY BISCAYNE AND MAESTRO HEALTH,INC. Page 3 of3 EXHIBIT A Maestro Health Ad min istration Agreement This Maestro Health Administration Agreement ("Agreement") is made effective as of the'lst day of November, 2018 ("Effective Date") by and between Village of Key Biscayne (the "Customer"), in its capacity as the plan sponsor of the its group insurance plans (the "Plan(s)"), and Maestro Health, lnc. ("Maestro"). 1. GENERAL. This Agreement govern Maestro's performance of the Services as described in Exhibit A hereto which is incorporated by this reference. 2. FEES. All fees related to the Services will initially be the responsibility of Continental American lnsurance Company ("Aflac"). ln the event of nonpayment by Aflac, Customer acknowledges that it will assume any and all payment obligations related to Maestro's provision of the Services to Customer and shall indemnify and hold harmless Maestro from any claims related to such nonpayment. Maestro shall use commercially reasonable etforts to provide Customer advance written notice of such assumption of payment. Notwithstanding the foregoing, Customer may terminate this Agreement upon thirty (30) days prior written notice to Maestro upon assumption of any Aflac payment obligations; provided, Customer shall remain responsible for fees accrued but not yet paid for Services performed in the two (2) month period prior to Customer's assumption of payment. The fees for the Services shall be Maestro's then current shelf rates for the products and Services being administered. For any additional fees incurred by Customer (for example, fees for additional fees and/or customizations) that are not the responsibility of Aflac, Maestro shall invoice Customer directly. All invoiced fees are due to Maestro within thirty (30) days from the invoice date. 3. TERM: TERMINATION. 3.1 The initial term of this Agreement shall commence as of the Effective Date and, unless terminated earlier as provided for herein, will continue in effect for (3) three years from such date ("lnitial Term"). Thereatter, th¡s Agrement will automatically renew for successive one (1) year terms (each, "Renewal Term" and collectively, together with the lnitial Term, the "Term"), unless either pafi provides thirty (30) days prior written notice to the other party. 3.2 Either party may terminate this Agreement upon written notice at any time if the other party commits a non-remediable material breach of this Agreement or the Business Associate Agreement (the "BAA) which is entered into of even date herewith and attached as Exhibit B hereto, or if the other party fails to cure any remediable material breach or provide a written plan of cure acceptable to the non-breaching party within thirty (30) days of being notified in writing of such breach, except for a breach of payment obligations, which shall have a ten (1 0) day cure period. Upon termination, Maestro shall not be obligated to provide any of the Services, in whole or in part, to Customer. 3.3 Maestro will be entitled to suspend any or all the Services upon ten (1 0) days written notice to Customer in the event Customer is in breach of this Agreement or the BAA. Notwithstanding the foregoing, Maestro shall have the right to immediately suspend the Services andlor Customer's access to the Maestro Systems in the event of an actual or suspected Security lncident (defined in Section 5.3 below). 3.4 Any provision of this Agreement which contemplates performance or observance subsequent to any termination of this Agreement shall survive termination. 4. OWNERSHIP. 4.1 Maestro owns all right to Maestro Systems and Maestro lnformation. The Agreement does not grant, or othenruise give, Customer ownership in, or other rights with respect to, Maestro lnformation or Maestro Systems or customizations or derivative works thereof, any other Maestro intellectual property, or any equipment, infrastructure, websites and other materials provided by Maestro in performance of Maestro's obligations hereunder, except for the express license to Customer set forth in this Section 4.1. "Maestro lnformation" is defined as all information and materials (in whatever form or media), provided to Customer under or pursuant to the this Agreement by or on behalf of Maestro. "Maestro Systems" shall include any software, including underlying source and object code, systems, techniques, processes, know-how, tools and any other assets used to perform the Services. All right, title and interest in or to any copyright, trademark, service mark, trade secret, and othø proprietary right relating to the Services and the related logos, product names, etc. are reserved by Maestro. Maestro grants to Customer, a non-exclusive, non-sublicensable, non- transferable, royalty-free l¡cense to use the Maestro Systems and Maestro lnformation during the Term of this Agreement solely for Customer's use in accordance with the terms hereof. Such license will automatically terminate and expire upon the termination of this Agreement. 4.2 Customer owns all rights to Customer Data provided to or accessed by Maestro. "Customer Data" is defined as all information, data, and materials (in whatever form or media) provided to Maestro under or pursuant to this Agreement by or on behalf of Customer. Customer hereby grants to Maestro a limited, worldwide, non-exclusive, sublicensable right and license to use the Customer Data to perform the Services during the Term. ln addition, Customer hereby grants to Maestro a perpetual, non- cancelable, sublicensable, worldwide, non-exclusive right to utilize any Customer Data that arises from the use of the Services by Customer whether disclosed on or prior to the Effective Date for any legitimate business purpose, provided that such information is aggregated, anonymized, and does not identify Customer or any of Customer's employees or participants. 5. CONFIDENTIALINFORMATION. 5.1 As used herein, the term "Confidential lnformation" means: (a) the terms and conditions and the existence of this Agreement; (b) as relates to Customer, the Customer Data; (c) as relates to Maestro, Maestro lnformation and Maestro Systems; and (d) information disclosed to the other in connection with the performance of the Services or this Agreement, including but not limited to information learned from the disclosing pany's employees or agents or through inspection of the disclosing party's property. Each party will use reasonable efforts to, and will cause its employees to, minimize distribution and duplication internally and each party shall not use or disclose the Confidential lnformation of the other party other than as expressly pømitted by this Agreement. Each party agrees that only its employees who have a need to know the Confidential lnformation of the other party (and in the case of Maestro, including any affiliates, subcontractors and vendors providing related services) will have access to the Confidential lnformation. Except as othenivise provided herein, no party will disclose the other party's Confidential lnformation to a third party without the prior written consent of the other party. Further, to the extent allowed, any disclosure to a third party shall be governed by confidentiality terms at least as restrictive as the terms set forth in this Agreement. 5.2 Confidential lnformation does not include information that: (a) is now or subsequently becomes generally availaþle to the public through no fault or breach on the part of receiving party; (b) the receiving party can demonstrate to have had rightfully in its possession prior to disclosure by the disclosing party; (c) is independently developed by the receiving party without the use of any of the disclosing party's Confidential lnformation; or (d) the receiving party rightfully obtains from a third party who has the right to transfer or disclose it. The receiving party may disclose Confidentlal lnformation if required by any judicial or governmental order, provided that the receiving party takes reasonable steps to first give the disclosing party sufficient prior not¡ce to contest such ofder. 5.3 Customer agrees to implement and maintain commercially reasonable and appropriate security procedures designed to prevent unauthorized access to Maestro Systems. To the extent Customer becomes aware of a Security lncident regarding transmlssions to or from Maestro, Customer will promptly notify Maestro of such Security lncident. "Securitv lncident" means the attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in an informatlon system. Further, Customer shall provide prompt and reasonable cooperation for a Security lncident experienced by Maestro regarding any Customer Data transmitted to Maestro for the provision of the Services. Customer further agrees to ensure that any business associates, agents and/or subcontractors it permits to access the Services and/or Maestro Systems are bound by the terms and conditions of this Agreement. 5.4 The parties agree that a material breach of this section would cause irreparable injury for which monetary damages would not be an adequate remedy and each party shall be entitled to equitable relief in addition to any remedies it may have hereunder, at law, or in equity. 6. LIMITED WARRANW. 6.1 Each party represents and warrants that it 0 has the requisite power and authority to enter into this Agreement and to make the commitments set forth herein and (ii) is not a party to any other agreement which would hinder its ability to peform its obligations thereunder. Maestro shall employ commercially reasonable efforts to assist in protecting that Maestro Systems do not contain viruses, worms, trojan horses, spyware, adware and other malicious code. 6.2 EXCEPT FOR THE EXPRESS WARRANTIES SET FORTH HEREIN, MAESTRO EXPRESSLY DISCLAIMS TO THE MAXIMUM EXTENT PERMITTED BY LAW, ALL OTHER WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION: (i) ANY WARRANTY THAT THE SERVICES ARE FREE OF ERRORS, OR WILL OPERATE WITHOUT INTERRUPTION OR THAT ALL ERRORS WILL BE CORRECTED, (ii) ANY WARRANTTES W|TH RESPECT TO THE ACCURACY OR COMPLETENESS OF THE cusToMER DATA AND CALCULATTONS MADE BY THE SERV|CES, (iii) ANY tMPLTED WARRANTTES OF MERCHANTABTLTTY OR FITNESS FOR A PARTICUI.AR PURPOSE, NON-INFRINGEMENT, AND FREEDOM FROM ERRORS, VIRUSES OR ANY OTHER MALICIOUS CODE. MAESTRO FURTHER DISCI.AIMS ANY WARRANTY THAT THE RESULTS OBTAINED THROUGH THE USE OF THE SERVICES WILL MEET CUSTOMER'S NEEDS. CUSTOMER ACKNOWLEDGES THAT USE OF OR CONNECTION TO THE INTERNET PROVIDES THE OPPORTUNITY FOR UNAUTHORIZED THIRD PARTIES TO CIRCUMVENT SECURITY PRECAUTIONS AND ILLEGALLY GAIN ACCESS TO THE SERVICES AND THE CUSTOMER DATA. ACCORDINGLY, MAESTRO CANNOT AND DOES NOT GUARANTEE THE PRIVACY, SECURITY OR AUTHENTICIry OF ANY INFORMATION SO TRANSMITTED OVER OR STORED IN ANY SYSTEM CONNECTED TO THE INTERNET. 7. INDEMNIFICATION. 7.1 Maestro shall indemnify, defend and hold harmless Customer, its affiliates, its officers, directors, and permitted successors and assigns (each, an "Customer lndemnitee") from and against any and all third party claims, losses, damages, costs and expenses incurred by such Customer lndemnitee to the extent arising out of or in connection with a claim that Customer's use of the Services provided by Maestro hereunder infringes such third party's U.S. intellectual property rights. The foregoing obligation does not apply to any losses or claims arising out of or otherwise relating to (i) any modification to the Services other than: (1) by Maestro or (2) with Maestro's prior written approval; (ii) any act or omission of Customer or its employees or participants, or the failure of Customer to comply with the terms of the Agreement; or (iii) the information, data or other material provided by Customer. Maestro may at its option and at no cost to Customer (a) procure for Customer the right to continue to use the Services, (b) replace or modify the Services to make it non-infringing, compatible and functionally equivalent application or product, or (c) terminate the Agreement. The foregoing states Customer's sole and exclusive remedy as related to Maestro's indemnification obligations. 7.2 Customer shall indemnify, defend and hold harmless Maestro, its affiliates, its officers, directors, and permitted successors and assigns (each, a "Maestro lndemnitee") from and against any and all third party claims, losses, damages, costs and expenses incurred by such Maestro lndemnitee to the extent arising out of or in connection with: (i) Customer's (including its agents', employees' or business associates) has materially breached the terms of this Agreement; (ii) Customer's (or its employees' or participants') negligence or willful misconduct; (iii) a claim that the Customer Data inftinges or misappropriates a third party's intellectual property rights or trade secrets; (iv) any claims by employees regarding Maestro's recelpt of any information or mater¡als provided by Customer pursuant to this Agreement. 7.3 Each party shall promptly notify the other pady in writing of any loss or claim for which such party believes it is entitled to be indemnified pursuant to this section. The party seeking indemnificatlon (the "lndemnitee") shall cooperate with the other party (the "lndemnitor") at the lndemnitor's sole cost and expense. The lndemnitor shall immediately take control of the defense and investigation of such matter and shall employ counsel reasonably acceptable to the lndemnitee to handle and defend the same, at the lndemnitor's sole cost and expense. The lndemnitee's failure to perform any obligations under this section will not relieve the lndemnitor of its obligations under this section except to the extent that the lndemnitor can demonstrate lhat it has been materially prejudiced as a result of such failure. The lndemnitee may participate in and observe the proceedings at its own cost and expense with counsel of its own choosing. 8. LIMITATION OF LIABILITY. 8.1 UNDER NO CIRCUMSTANCES SHALL MAESTRO BE LIABLE FOR ANY SPECIAL, INCIDENTAL, CONSEQUENTIAL, OR INDIRECT DAMAGES ARISING IN ANY WAY OUT OF THE THIS AGREEMENT OR THE BAA, HOWEVER CAUSED, WHETHER ARISING UNDER A THEORY OF CONTRACT, TORT (INCLUDTNG NEGLTGENCE OR OTHERWTSE), TNCLUDTNG, WTTHOUT LTMTTATTON, DAMAGES FOR LOST PROFITS OR LOSS OF DATA. 8.2 IN NO EVENT SHALL MAESTRO'S TOTAL LIABILITY FOR DAMAGES ARISING OUT OF OR REI.ATING TO THE SERVICES OR THIS AGREEMENT OR THE BAA EXCEED THE FEES PAID BY CUSTOMER TO MAESTRO FOR THE SPECIFIC SERVICE GIVING RrsE TO THE ACTION lN THE TWELVE (12) MONTHS PRTOR TO THE DATE THE CAUSE OF ACTTON FIRST AROSE. THE LIMITATIONS ON LIABILITY SET FORTH HEREIN SHALL APPLY NOTWITHSTANDING THE FAILURE OF ESSENTIAL PURPOSE OF ANY OF THE LIMITED REMEDIES SET FORTH ABOVE. 9. CHOICE OF LAW. This Agreement will be governed by and construed in accordance with the laws of the State of lllinois. All litigation involving any claim (whether legal or equitable and whether sounding in contract, tort, or othenrvise), which relates to or arises from the subject matter of the Agreement shall be brought exclusively in the appropriate state or federal courts located in Cook County, lllinois. 10. CUSTOMER RESPONSIBILITIES;USE RESTRIGTIONS. 1 0.1 Customer Responsibilities: Customer agrees to: (a) Facilitate access by Maestro to contacts at any and all third party providers or service organizations that may be necessary to coordinate the configuration and performance of the Services. Customer shall perform such other duties and responsibilities that may arise out of or otherwise relate to the configuration, launch and performance of the Services, as may be agreed to by the parties from time to tlme. (b) Review, test, and approve all aspects of the Services, and promptly report any issues or concerns in writing to Maestro. (c) Promptly communicate all changes and updates that could impact the Services (including, without limitation, participant information). (d) Maintain and operate Customer's business, operatlons, security, and systems in accordance with industry standards and applicable legal requirements. (e) Designate an individual to be the main point of contact in connection with the Services.(Ð Be responsible for providing accurate and timely information and data required by Maestro to provide the Services selected by Customer. Customer shall afford Maestro access to any and all data required to perform the Services. (S) Customer shall cooperate with Maestro and make promptly available such information, assistance and cooperation as reasonably required by Maestro to enable Maestro to fulfill its obligations and responsibilities under this Agreement. ln performing its obligations and responsibilities under this Agreement, Maestro shall be entitled to rely on Customer decisions and data provided to Maestro. Such information shall be provided to Maestro in the time and in the manner agreed to by Customer and Maestro. Maestro shall have no responsibility with regard to errors in reporting due to Customer's failure to accurately report or timely update such information. (h) Customer agrees that if Customer provides Maestro with specific written instructions to provide the Services in a manner other than in accordance with Maestro's standard procedures or consultation, Maestro will comply with Customer's written instruction, provided that, if Maestro complies with such instruction, Customer agrees to indemnify, defend and hold Maestro harmless and expressly releases all claims aga¡nst Maestro in connection with any claim or cause of action which results from or in connection with Maestro's following Customer's written instructions.(i) lf applicable, Customer will identify one (1) designated support contact authorized by Customer to administer Customer' access to and use of the Services and Maestro Systems ("Authorized User"). Maestro may rely on such Authorized User's instructions and actions as being those authorized by Customer. Customer is solely responsible for (i) monitoring its Authorized User's access to and use of the Services and Maestro Systems and (ii) safeguarding its passwords and/or access codes to the Services and Maestro Systems. Customer is liable for any unauthorized access to the Services and/or Maestro's System stemming from misuse of passwords and/or access codes by the Authorized User or any third parties. Customer must immediately take all necessary steps, including providing notice to Maestro, to effect the termination of access for the Authorized User if there is any compromise in the security of that access or if unauthorized use is suspected or has occurred. Gustomer will comply with the user authentication requirements of Maestro for the Maestro Systems. 10.2 Use Restrictions; (a) Customer will not: (i) create derivative works of, modify, copy or translate the Maestro Systems, (ii) sell, assign, distribute, lease, market, rent, sublicense, transfer, or otherwise grant rights to the Maestro Systems in whole or in part to any third party, (iii) obfuscate, remove or alter any of the internet links or copyright or other proprietary legends that are in the Maestro Systems or that are displayed on pages served by the Maestro Systems, or (iv) reverse engineer, decompile or disassemble Maestro Systems or any part thereof or otherw¡se obtain or attempt to obtain the source code for the Maestro Systems. (b) Customer will not (i) breach or attempt to breach the security of Maestro Systems or any network, servers, data, computers or other hardware relating to or used in connection with the Services; or (ii) use or distribute through Maestro any software, files or other tools or devices designed to interfere wlth or comprom¡se the confidentiality, security or availability of Maestro or the operations or assets of any other Customer of Maestro or any third party using the Services.(c) Customer shall employ commercially reasonable efforts to ensure that all Customer Data transferred to Maestro is free from viruses, worms, Trojan horses, spyware, adware, and other malicious code. (d) Any failure by any Authorized User to comply with this Section 10.2 shall be deemed to be a material breach by Customer. Maestro shall not be liable for any damages incurred by Customer or any third party resulting ftom such breach. 11. ASSIGNMENT. Neither party may assign this Agreement without the prior wr¡tten consent of the other party, provided, however, no consent shall be required for an assignment by Maestro to a successor entity in the event of a sale of all or substantially all of Maestro's assets or stock or a merger, or a reorganization within Maestro's existing ownership structure. Except as expressly permitted in this Section 1'1 , any purported assignment without such consent will be void. Maestro may use subcontractors to complete the Services, provided that such subcontractors shall be bound by confidentiality obligations no less restrictive than those set forth in this Agreement. 12. FORCE MAJEURE. Maestro will incur no liability to Customer and will not be responsible for delivery or non-delivery or error in transmission of reports caused by a third party (who is not a Maestro subcontractorl. Maestro will also not be responsible for any delay in performance, or non-performance, of any obligation hereunder and for any loss to the extent that such delay in performance or non- performance or such loss is due to forces beyond Maestro's reasonable control including delays, errors, or interruptions caused by third parties (who is not a Maestro subcontractor), any industrial, judicial, governmental, civil or military action, utility or communication failures, acts of terrorism, insurrection, or revolution, nuclear fusion, nuclear fission or radiation, failure or fluctuation in electrical power, heat, light, air conditioning, or telecommunications equipment, or acts of God. 13. COMPLIANCE. 13.1 Each party agrees to comply wlth all applicable laws related to the Agreement and the Services. 13.2 ln addition to changes which are mutually agreed to by the parties in accordance with the terms hereof, Maestro may make modifications to the Services from time-to-time, in its sole discretion, in order to comply with regulatory requirements or to otherwise enhance the Services. 14. FEEDBACK. Maestro continually works to monitor and improve the quality of its services otfering. To this end, Customer permits Maestro to gain regular and candid feedback from Customer's employees, participants, member groups, members and providers who have interacted with the Services and related technology. Maestro shall not be obligated to disclose the results of such activity to Customer except upon Customer's written request. 15. ATTORNEYS' FEES. The prevailing party in any action to enforce the terms of this Agreement shall be entitled to recover costs and expenses including, without limitation, reasonable attorneys' fees. 16. INDEPENDENT CONTRACTORS. The relationship of Customer and Maestro established by thls Agreement is that of independent contractors, and nothing contained in this Agreement or the exhibits shall be construed (i) to give either party the power to direct or control the day{o-day activities of the other; (ii) to constitute the parties as partners, joint venturers, co-owners or otherwise as participants in a joint or common undertaking; (iii) to create an employment relationshiþ between Customer and Maestro's representatives or employees; (iv) to create an agency relationship between the parties; or (v) to authorize or permit any party to bind the other party, except as explicitly provided elsewhere in this Agreement. 17. NO WAIVER: GUMULATIVE REMEDY: SEVERABILITY. Failure to enforce any provision of the Agreement will not be deemed a waiver of future enforcement of that or any other provision. All remedies in the Agreement are cumulative and in addition to other remedies under the Agreement, at law, or in equity. lf for any reason a court of competent jurisdiction finds any provision of the Agreement, or portion thereof, to be unenforceable, that provision of the Agreement will be enforced to the maximum extent permissible so as to effect the intent of the parties, and the remainder of the Agreement will continue in full force and effect. 18. ENTIRE AGREEMENT: AMENDMENT. The Agreement, including Exhibits A and B, constitute the entire agreement between the parties with respect to the subject matter hereof, and supersedes all prior agreements or representations, oral or written, regarding such subject matter. Except as set forth in Section 13.2 above and in Section 7(b) of this Agreement, no alteration or modification may be made without a writing signed by a duly authorized representative of both parties. ln the event of a conflict between the Agreement and the BAA, the documents shall govern as follows: the Agreement, Exhibit A, and the BAA. 19. NO THIRD PARTY BENEFICIARY. Nothing expressed or implied in the Agreement is intended to confer, nor shall anything herein confer, upon any person other than the parties and the respective successors or assignees of the parties, any rights, remedies, obligations, or liabilities whatsoever. lf any provision of the Agreement is held illegal, invalid, prohibited or unenforceable by a court of competent jurisdiction, that provision shall be limited or eliminated in that jurisdiction to the minimum extent necessary so that this Agreement shall otherwise remain in full force and effect and enforceable. 20. SEVERABILITY. lf any provision of the Agreement is held illegal, invalid, prohibited or unenforceable by a court of competent jurisdiction, that provision shall be limited or eliminated in that jurisdiction to the minimum extent necessary so that this Agreement shall othemrise remain in full force and effect and enforceable. 21 . NOTICE. All notices given in connection with the Agreement must be in writing and delivered either pøsonally or via overnight delivery, delivered to the address set forth below: lf to Customer: V¡llage of Key Biscayne 88 West Mclntrye Street, Key Biscayne, FL.33149 Attn: lf to Maestro: Maestro Health, lnc. 500 West Madison Street, Suite 1250 Chicago,lllinois 60661 Attn: CFO with copy to: Attn: Stephanie Sharp McGrath North First National Tower Suite 3700 160'1 Dodge Street Omaha, NE 68102 or to such other address as a party may from time-to-time designate by notice to the other pursuant to this sect¡on. All notices will be deemed received when delivered in person or on the next business day when sent by overnight delivery. [Remainder of Page lntentionally Blank; Signature Page Follows] lN WITNESS WHEREOF, the parties have cuased this Agreement to be executed in their names by their undersigned officers, the same being duly authorized to do so. CUSTOMER By: Print Name: Title: Date: MAESTRO HEALTH, INC. By: Print Name: Title: Date: Exhibit A Services Relationship Manaqement. Assign a Relationship Manager to work with and assist each employer group in the delivery of Services.. Manageimplementation o Complete a Discovery Document to gather the Employer's Plan design, policies and administrative rules o Work with up to 5 Employer designated carriers and vendors to establish and document business processes to provide services. o Review carrier procedures for late payments, retroactive changes, processing enrollment exceptions, excepted benefits, etc. o Work with implementation team to define and implement Employer rules.o Provide training to Employer team on utilization of the system and procedures.. Conduct annual enrollmentso Manage ongoing administration Customer Service. Provide toll-free number with menu prompts that provide access to both customer advocates and automated account information for benefit accounts, if applicable. Provide access to live agents Monday through Friday from 8am to 8pm, Eastern Time, excluding holidays. Provide training to agents on client specific program information. Log all inbound employee interactions in the Maestro Health issue tracking system. Record and log all employee ¡nteractions Benefit Accounts Services (a) lmplementation and Data Manage implementation in accordance with Maestro Health standard approach to delivering the systems and services selected by Customer; Provide and maintain an "lmplementation Project Plan"; manage project plan including identification of both Maestro Health and Customer deliverables and milestones; Complete configuration of Maestro Health's systems to support the mutually agreed upon program rules as defined in the onboarding document(s); Provide training to appropriate Customer personnel on use of Maestro systems and policies as defined during the im plementation process; Provide a standard array of electronic enrollment communications materials including enrollment brochures, welcome letters, e-mail templates to ass¡st with communicating the benefit plans, available program features and rules. (b) Program & Services (i) Provide administrative services for the plans selected by Customer. o A Code Section 125 Health Flexible Spending Arrangement ("Health FSAs"). o A Code Section 129 Dependent Care Flexiþle Spending Arrangement ("Dependent Care FSA") (collectively, with Health FSAs, "FSA"). o A Code Section 223 Health Savings Account (HSA). (¡i) Provide ongoing support to Customer contacts as follows: o Research and respond to inquiries o Verify content and timing of enrollment and payroll data transmissions o Respond to eligibility or claim inquiries. (iii) Process requests for reimbursements in accordance with applicable law, Maestro's standard operating procedures, and the terms of the plans to the extent that such terms are provided to Maestro and are otherwise consistent with Maestro's standard operating procedures; o lf Maestro Health denies a request for reimbursement, Maestro Health will review the 1st level appeal if the plan provides for 2 levels of appeal. (iv) Customer will fund all claim reimbursements per mutually agreed upon terms by Customer and Maestro Health. (c) Self-Service Web & Mobile (i) Portalfor all EE Participants o General plan and benefit information a a a O a o Current and historical account activity.o Sign up for alerts. o Submit and track reimbursement requests.o Access program specific forms and documents. (ii) Provide access to a secure employer portal for Customer-designated personnel which provides the ability to:o Access plan information and standard reports. o Access employee census and account information. o Create ad-hoc reports. o Upload data files. (d) Electronic Debit Gards . Make an electronic payment card ("Card") available to covered individuals through which eligible expenses may be paid;. Require substantiation of expenses paid with the Card in accordance with the requirements set forth by the IRS Code, Maestro's standard operating procedures, and/or other applicable guidance;. De-activate Card(s) if the covered individual fails to use the Card in accordance with the "Cardholder Agreement" or as otherwise required by applicable law;. Make reasonable attempts to collect repayment of overpaid or unsubstantiated Card claims or offset the ineligible payment against any claims for future eligible expenses in accordance with applicable rules and regulations. (e) Gompliance Services (i) Upon request, prepare or amend the plan document and summary plan description. (iii) Upon request, conduct the following nondiscrimination testing required under the lnternal Revenue Code (collectively referred to as the "Nondiscrimination Tests"): o The "Eligibility Têst" required under lnternal Revenue Code Section 105. o The 55% "Avøage Benefits Test" required under lnternal Revenue Code Section 129. o The íYo "Owner Concentration Test" required under lnternal Revenue Code Section 129. Note: Customer will be responsible for providing information in required format and adjusting any required elections and scheduled deductions. EXHIBIT B BUSIN ESS ASSOCIATE AGREEM ENT This Business Associate Agreement (this "BAA) is made effective as of the 1st day of November, 20'18 among Village of Key Biscayne (the "Gustomer") in its capacity as the plan sponsor of the its group insurance plans (the "Plan(s)"), and Maestro Health, lnc. ("Business Associate"). This BAA is entered into in connection with the performance of certain services being performed by the Business Association for the benefit of the Customeras provided for in the Administration Agreement (the "Agreement"). This BAA is also intended to satisfy the business associate contract requirements in the regulations at 45 CFR 1 64.502(e), 1 64.504(e) and 1 64.314(a), issued under the Health lnsurance Portability and Accountability Act of '1996 ("HIPAA), as amended by the Health lnformation Technology for Economic and Clinical Health Act of 2009 ('HITECHI and regulations promulgated thereunder; and for further applicable HIPAA developments published after enactment of HITECH, including statutes, case law, regulations and other agency guidance. 1. Definitions. Terms used but not othen¡vise defined in this BAA shall have the same meaning as those terms in 45 CFR part 160 and part 164, including sections 160.'1 03, 164.'103, 164.304 and 'l 64.501 . Notwithstanding the above, "Covered Entity" shall mean the Plan, limited to only those component plans which are subject to HIPAA; "HIPAA Breach" means a "breach" of "unsecured Protected Health lnformation," as those terms are defined in 45 CFR 164.402 except that unsecured Protected Health lnformation shall be limited to the information created, received, maintained, or transmitted by Business Associate from or on behalf of Covered Entity. "lndividual" shall mean the person who is the subject of the Protected Health lnformation and shall include a person who qualifies as a personal representative in accordance with 45 CFR 164.502(9); Protected Health lnformation shall have the meaning defined in 45 CFR.160.'103, which also sets forth the definition of health information, including genetic informatlon as clarified by P.L. '1 10-233 and applicable regulations; "Secretary" shall mean the Secretary of the U.S. Department of Health and Human Services or her designee; "Privacy Rule" shall mean the Standards for Privacy of lndividually ldentifiable Health lnformation at 45 CFR part 160 and part 164, subparts A and E; and "Security Rule" shall mean the Standards for Security of Electronic Protected Health lnformation at 45 CFR part '160 and part '164, subparts A and C. 2. Obligations and activities of Business Associate. Business Associate agrees to not use or further disclose Protected Health lnformation other than as permitted or required by HIPAA, as amended from time to time, and Section 3 of this BAA, or as required by law. (a) Business Associate agrees to use appropriate safeguards to prevent use or disclosure of the Protected Health lnformation other than as provided for by this BAA.(b) Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of: (i) a use or disclosure of Protected Health lnformation by Business Associate in violation of the requirements of this BAA, or (ii) a Security lncident.(c) Business Associate agrees to promptly report to Covered Entity, in writing, any use or disclosure of the Protected Health lnformation not provided for by this BAA and any Security lncident of which it becomes aware. The parties acknowledge and agree that this constitutes notice by Business Associate to Customer of the ongoing existence and occurrence of attempted but Unsuccessful Security lncidents (as defined below) for which no additional notice to Customer shall be required. "Unsuccessful Security lncidents" shall mean pings and other broadcast attacks on Business Associate's firewall, port scans, unsuccessful log on attempts, unsuccessful denials of serv¡ce and any combination of the above, so long as no such incident ræults in unauthorized access, use or disclosure of PHl.(d) Business Associate agrees to ensure that any agent, including a subcontractor, to whom it provides Protected Health lnformation or electronic Protected Health lnformation received from, or created or received by Business Associate on behalf of, Covered Entity agrees to the same restrictions and conditions that apply through this BAA to Business Associate with respect to such information.(e) Business Associate agrees to provide access, at the request of Covered Entity, an lndividual, or an lndividual's designee and in a prompt and reasonable manner consistent with the HIPAA regulations, to Protected Health lnformation in a designated record set, to the Covered Entity or directly to an lndividual (or designee) in order to meet the requirements under 45 CFR 164.524. (f) Business Associate agrees to make any amendment(s) to Protected Health Information in a designated record set that the Covered Entity or an lndividual directs or agrees to pursuant to 45 CFR 164.526 at the request of Covered Entity or an lndividual, and in a prompt and reasonable manner consistent with the HIPAA regulations. (S) Business Associate agrees to make its internal practices, books, and records, including policies and procedures and Protected Health lnformation, relating to the use and disclosure of Protected Health lnformation received from, or created or received by Business Associate on behalf of, Covered Entity available to the Covered Entity, or at the request of the Covered Entity, to the Secretary in a time and manner designated by the Covered Entity or the Secretary, for purposes of the Secretary determining Covered Entity's compliance with HIPAA. (h) Business Associate agrees to make lts internal practices, books, and records, including policies and procedures and Protected Health lnformation, relating to the use and disclosure of Protected Health lnformation received from, or created or received by Business Associate on behalf ol Covered Entity available to the Covered Entity, or at the request of the Covered Entity, to the Secretary in a time and manner designated by the Covered Entity or the Secretary, for purposes of allowing Covered Entity to confirm Business Associate's compliance with HIPAA.(i) Business Associate agrees to document disclosures of Protected Health lnformation and information related to such disclosures as would be required for Covered Entity to respond to a request by an lndividual for an accounting of disclosures of Protected Health lnformation in accordance with 45 CFR 164.528.(j) Business Associate agrees to provide to Covered Entity or an lndividual an accounting of disclosures of Protected Health lnformation in accordance with 45 CFR 164.528, in a prompt and reasonable manner consistent with the HIPAA regulations.(k) Business Associate agrees to satisfy all applicable provisions of HIPAA standards for electronic transactions and code sets, also known as the Electronic Data lnterchange (EDl) Standards, at 45 CFR Part 162. Business Associate further agrees to ensure that any agent, including a subcontractor, that conducts standard transactions on its behalf will comply with the EDI Standards.(l) Business Associate agrees to determine the minimum necessary type and amount of Protected Health Information required to perform its services and will comply with 45 CFR 164.502(b) and 514(d). (m) Business Associate agrees to restrict the use or disclosure of Protected Health lnformation, and document those restrictions, at the request of Covered Entity pursuant to 45 CFR 164.522(a), in a prompt and reasonable manner consistent with the HIPAA regulations.(n) Business Associate agrees to accommodate alternative means or alternative locations to communicate Protected Health lnformation, and document those alternative means or alternative locations, at the request of Covered Entity or an lndividual, pursuant to 45 CFR 164.522(b), in a prompt and reasonable manner consistent with the HIPAA regulations.(o) Business Associate agrees to be the primary party responsible for receiving and resolving requests from an lndividual exercising his or her individual rights described in subsections (f), (i), 0, and (n) of this section 2.(p) Business Associate agrees to implement any and all administrative, technical and physical safeguards necessary to reasonably and appropriately protect the confidentiality, integrity and availability of electronic Protected Health lnformation that it creates, receives, maintains or transmits on behalf of the Covered Entity.(q) Business Associate agrees to ensure that access to electronic Protected Health lnformation related to the Covered Entity is limited to those workforce members who require such access because of their role or function.(r) Business Associate agrees to implement safeguards to prevent its workforce members who are not authorized to have access to such electronic Protected Health lnformation from obtaining access and to otherwise ensure compliance by its workforce with the Security Rule.(s) Business Associate acknowledges that HITECH amended certain provisions of HIPAA in ways that now directly regulate Business Associate's obligations and activities under HIPAA's Privacy Rule and Security Rule. Accordingly, Business Associate agrees to the following: lf Business Associate discovers that there has been a HIPAA Breach, then except when prohibited by law, Business Associate shall notify Covered Entity without unreasonable delay and in no event not later than thirty (30) business days of the discovøy. Such notice shall include identification of each lndividual whose Protected Health lnformation Business Associate reasonably believes to have been accessed, acquired, or disclosed during such HIPAA Breach. As soon as possible thereafter, and to the extent known, Business Associate shall also provide Covered Entity with a description of: (i) what happened, including the date of the HIPAA Breach and the date of the discovery, (ii) the types of unsecured Protected Health lnformation involved in the HIPAA Breach, (iii) any steps individuals should take to protect themselves from potential harm from the HIPAA Breach, and (iv) what Business Associate is doing to investigate the HIPAA Breach, to mitigate harm to individuals, and to protect against any further HIPAA Breaches. For purposes of this paragraph, a HIPAA Breach shall be treated as discovered as of the first day on which the HIPAA Breach is known or should reasonably have been known to Business Associate (including any person, other than the one committing the HIPAA Breach, that is an employee, officer, or other agent ofthe Business Associate). (ii) Pursuant to the Security Rule, made applicable to Business Associates by HITECH, Business Associate shall adopt, implement and follow security policies and procedures in the same manner and to the same extent as if it were a Covered Entity. (iii) Business Associate shall not receive remuneration, either directly or indirectly, in exchange for Protected Health lnformation, except as may be permitted by HITECH 45 CFR $$ 16a.502(a)(5) and 16a.508(a)(a) or as otherwise expressly referred to in this BAA. (iv) Business Associate shall not make any fundraising communication on behalf of Covered Entity or to Covered Entity's participants or beneficiaries. 3. Permitted or reouired uses and disclosures bv Business Associate (D (a) General use and disclosure. (i) Except as otherwlse limited in this BAA, Business Associate may use or disclose Protected Health lnformation to perform the functions, activities, and services (all as described on Exhibit A attached hereto and incorporated herein) for, or on behalf of, the Customer and the Covered Entity, all as specified in this BAA, provided that such use or disclosure of Protected Health lnformation is consistent with the Covered Entity's Notice of Privacy Practices, and provided that such use or disclosure would not violate the Privacy Rule, including the minimum necessary requirement, if done by Covered Entity. (ii) Business Associate shall share Protected Health lnformation as reasonably requested and authorized in writing by Covered Entity with Covered Entity and the Centers for Medicare and Medicaid Services (CMS), and with their agents and any other parties permitted by CMS guidance (including CMS's FAO #5482), where the Govered Entity is submitting to CMS the Protected Health lnformation required by 42 CFR 423.884 for Medicare's retiree drug subsidy program. (iiD Business Associate shall share Protected Health lnformation as reasonably requested by Customer to carry out its responsibilities as plan administrator of the Plan(s), including, without limitation, for purposes of auditing the performance of Business Associate." (b) Additional use and disclosure. (D Except as otherwise limited in this BAA, Business Associate may use Protected Health lnformation for the proper management and administration of the Business Associate or to carry out the legal responsibilities of the Business Associate. (ii) Except as otherwise limited in this BAA, Business Associate may disclose Protected Health lnformation for the proper management and administration of the Business Associate, provided that such disclosures are required by law, or Business Associate obtains reasonable assurances from the person to whom the information is disclosed that it will remain confidential and be used or further disclosed only as required by law or for the purpose for which it was disclosed to the person, and the person notifies the Buslness Associate of any instances of which it is aware in which the confidentiality of the information has been breached. (iii) Except as otherwise limited in this BAA, Business Associate may use Protected Health lnformation to provide data aggregation services to Covered Entity as perm¡tted by 45 CFR 16a.50a(eX2XiXB). (iv) Business Associate may use Protected Health lnformation to report violations of law to appropriate Federal and State authorities, consistent with 45 CFR 164.502(iX1). 4. Obliqation to inform Business Associate of Covered Entity's privacy practices and any authorization or restriction (a) Upon request, Covered Entity shall provide Business Associate with the notice of privacy practices that Covered Entity produces in accordance with 45 CFR 164.520, as well as any commercially reasonable changes to such notice. (b) Covered Entity shall provide Business Associate with any changes in, or revocation of, authorization by lndividual or his or her personal representative to use or disclose Protected Health lnformation, if such changes affect Business Associate's uses or disclosures of Protected Health lnformation. (c) Covered Entity shall provide commercially reasonable notice to Business Associate of any restriction to the use or disclosure of Protected Health lnformation that Covered Entity has agreed to in accordance with 45 CFR 164.522, if such changes affect Business Associate's uses or disclosures of Protected Health lnformation. 5. Permissible requests by Covered Entitv. Covered Entity shall not request Business Associate to use or disclose Protected Health lnformation in any manner that would not be permissible under the Privacy Rule if done by Covered Entity, and shall not request to communicate or disclose Protected Health lnformation with Business Associate in any manner inconsistent with HIPAA Safe Harbor encryption requirements found at 45 CFR 16a.312@)(2)(iv) and 164.312(eX2Xii). 6. Term and termlnation (a) Term. The term of this BAA shall be as set forth in Section 3 of Exhibit B attached hereto and incorporated herein by this reference (the "Term"). Upon termination of this BAA, all of the Protected Health lnformation provided by Covered Entity to Business Associate, or created or received by Business Associate on behalf of Covered EntiÇ, will be destroyed or returned to Covered Entity, or, if it is infeasible to return or destroy Protected Health lnformation, then protections shall þe extended to such information. (b) Effect of termination. The parties mutually agree that it is essential for Protected Health lnformation to be maintained afier the expiration of the BAA for regulatory and other business reasons. The parties further agree that it would be infeasible for Covered Entity to maintain such records because Covered Entity lacks the necessary system and expertise. Accordingly, Covered Entity hereby appoints Business Associate as its custodian for the safe keeping of any record containing Protected Health lnformation that Business Associate may determine it is appropriate to retain. Notwithstanding the expiration or termination of this BAA, Business Associate shall extend the protections of this BAA to such Protected Health lnformation, and limit further use or disclosure of the Protected Health lnformation to those purposes that make the return or destruction of the Protected Health lnformation infeasible. 7. Miscellaneous (a) Regulatory references. A reference in this BAA to a section in the Privacy Rule or Security Rule means the section as in effect or as amended, and for which compliance is required. (b) Amendment. Upon the enactment of any law or regulation atfecting the use, disclosure, or safeguarding of Protected Health lnformation or electronic Protected Health lnformation, or the publication of any decision of a court of the United States or any state relating to any such law or the publication of any interpretive policy or opinion of any governmental agency charged with the enforcement of any such law or regulation, either party may, by written notice to the other party, amend thls BAA in such manner as such party determines necessary to comply with such law or regulation. lf the other party disagrees with such amendment, it shall so notify the first party in writing within ninety (90) days of the notice. lf the parties are unable to agree on an amendment within ninety (90) days thereafter, then either of the parties may terminate this BAA on ninety (90) days written notice to the other party. (c) lnterpretation. Any ambiguity in this BAA shall be resolved in favor of a meaning that permits Covered Entity to comply with the Privacy and Security Rules. (d) Gounterparts. This BAA may þe executed in counterparts, each of which may be deemed an original. (e) lndemnification and performance guarantees. Subject to the limitations set forth in the Agreement, Business Associate agrees to indemnify and hold Covered Entity and Customer harmless from any and all liability, damages, costs (including reasonable attorneys' fees and costs) and expenses imposed upon or asserted against Covered Entity arising out of any claims, demands, awards, settlements, judgments, penalties, or fines relating to use or disclosure of PHI contrary to the provisions of this BAA or applicable law by Business Associate, or by Business Associate's directors, officers, employees, agents, contractors, business associates, or trading partners. Subject to the limitations set forth in the agreement, Business Associate agrees to pay all penalties and reasonable expenses, including those incurred for reasonable remediation, as a result of Business Associate's (or its agent's) acts or omissions related to its HIPAA obligations. CUSTOMEB By: MAESTRO HEALTH, INC. By: Print Name:Print Name: Title:Title: Date:Date: