HomeMy Public PortalAbout2018-53 Approving an agreement with Maestro Health IncRESOLUTION NO.2018-53
A RESOLUTION OF THE MAYOR AND VILLAGE
COUNCIL OF THE VILLAGE OF KEY BISCAYNE,
FLORIDA, APPROVING AN AGREEMENT BETWEEN
THE VILLAGE AND MAESTRO HEALTHO INC' FOR
HEALTH ADMINISTRATION SERVICES; PROVIDING
FOR AUTHORIZATION; AND PROVIDING FOR AN
EFFECTIVE DATE.
\ryHEREAS, the Village of Key Biscayne (the "Village") selected Continental American
Insurance Company, Inc. ("Aflac") to provide group health insurance plans for its employees;
and
\ryHEREAS, Aflac, through Maestro Health, Inc. ("Maestro"), offers to its group
insurance plans comprehensive administrative services for the following plans: Health Flexible
Spending Arrangements ("Health FSA"), Dependent Care Flexible Spending Arrangements
("Dependent Care FSA"), and Health Savings Accounts ("HSA"Xthe "Setvices"); and
WHEREAS, the Village and Maestro desire to enter into an agreement, in substantially
the form attached hereto as Exhibit "4" (the "Agreement"), for Maestro to provide the Services;
and
WHEREAS, the Village finds that this Resolution is in the best interest and welfare
of the residents of the Village.
NOW, THEREFOREO BE IT RESOLVED BY THE MAYOR AND VILLAGE
COUNCIL OF THE VILLAGE OF KEY BISCAYNE, FLORIDA, AS FOLLOWS:
Section 1. Recitals. Each of the above-stated recitals are hereby adopted, confirmed,
and incorporated herein.
Section 2. Anproval. The Village Council hereby approves the Agreement with
Maestro for the Services in substantially the form attached hereto as Exhibit ooA."
Page 1 of3
Section 3. Authorization. The Village Manager is hereby authorized to execute the
Agreement, in substantially the form attached hereto as Exhibit "4," subject to the Village
Attomey's approval as to form, content and legal sufficiency. The Village Manager is also
hereby authorized to implement the intent and purpose of this Resolution including termination
of the current provider.
Section 4. Effective Date. This Resolution shall take effect immediately upon
adoption.
PASSED and ADOPTED this 4th day of December,2018.
MICHAEL W.AVEY, MAYOR
ATTES
INA,
VILLAGE CLERK
APPROVED AS TO FORM AND LEGAL SUFFICIENCY
t
VILLAGE ATTORNEY
Page 2 of3
EXHIBIT A
AGREEMENT
BETWEEN
THE VILLAGE OF KEY BISCAYNE
AND
MAESTRO HEALTH,INC.
Page 3 of3
EXHIBIT A
Maestro Health
Ad min istration Agreement
This Maestro Health Administration Agreement ("Agreement") is made effective as of the'lst day of November, 2018 ("Effective Date")
by and between Village of Key Biscayne (the "Customer"), in its capacity as the plan sponsor of the its group insurance plans (the
"Plan(s)"), and Maestro Health, lnc. ("Maestro").
1. GENERAL. This Agreement govern Maestro's performance of the Services as described in Exhibit A hereto which is incorporated
by this reference.
2. FEES. All fees related to the Services will initially be the responsibility of Continental American lnsurance Company ("Aflac"). ln the
event of nonpayment by Aflac, Customer acknowledges that it will assume any and all payment obligations related to Maestro's provision
of the Services to Customer and shall indemnify and hold harmless Maestro from any claims related to such nonpayment. Maestro shall
use commercially reasonable etforts to provide Customer advance written notice of such assumption of payment. Notwithstanding the
foregoing, Customer may terminate this Agreement upon thirty (30) days prior written notice to Maestro upon assumption of any Aflac
payment obligations; provided, Customer shall remain responsible for fees accrued but not yet paid for Services performed in the two
(2) month period prior to Customer's assumption of payment. The fees for the Services shall be Maestro's then current shelf rates for
the products and Services being administered. For any additional fees incurred by Customer (for example, fees for additional fees
and/or customizations) that are not the responsibility of Aflac, Maestro shall invoice Customer directly. All invoiced fees are due to
Maestro within thirty (30) days from the invoice date.
3. TERM: TERMINATION.
3.1 The initial term of this Agreement shall commence as of the Effective Date and, unless terminated earlier as provided for herein, will
continue in effect for (3) three years from such date ("lnitial Term"). Thereatter, th¡s Agrement will automatically renew for successive
one (1) year terms (each, "Renewal Term" and collectively, together with the lnitial Term, the "Term"), unless either pafi provides
thirty (30) days prior written notice to the other party.
3.2 Either party may terminate this Agreement upon written notice at any time if the other party commits a non-remediable material
breach of this Agreement or the Business Associate Agreement (the "BAA) which is entered into of even date herewith and attached
as Exhibit B hereto, or if the other party fails to cure any remediable material breach or provide a written plan of cure acceptable to
the non-breaching party within thirty (30) days of being notified in writing of such breach, except for a breach of payment obligations,
which shall have a ten (1 0) day cure period. Upon termination, Maestro shall not be obligated to provide any of the Services, in
whole or in part, to Customer.
3.3 Maestro will be entitled to suspend any or all the Services upon ten (1 0) days written notice to Customer in the event Customer is
in breach of this Agreement or the BAA. Notwithstanding the foregoing, Maestro shall have the right to immediately suspend the
Services andlor Customer's access to the Maestro Systems in the event of an actual or suspected Security lncident (defined in
Section 5.3 below).
3.4 Any provision of this Agreement which contemplates performance or observance subsequent to any termination of this Agreement
shall survive termination.
4. OWNERSHIP.
4.1 Maestro owns all right to Maestro Systems and Maestro lnformation. The Agreement does not grant, or othenruise give, Customer
ownership in, or other rights with respect to, Maestro lnformation or Maestro Systems or customizations or derivative works thereof,
any other Maestro intellectual property, or any equipment, infrastructure, websites and other materials provided by Maestro in
performance of Maestro's obligations hereunder, except for the express license to Customer set forth in this Section 4.1. "Maestro
lnformation" is defined as all information and materials (in whatever form or media), provided to Customer under or pursuant to the
this Agreement by or on behalf of Maestro. "Maestro Systems" shall include any software, including underlying source and object
code, systems, techniques, processes, know-how, tools and any other assets used to perform the Services. All right, title and
interest in or to any copyright, trademark, service mark, trade secret, and othø proprietary right relating to the Services and the
related logos, product names, etc. are reserved by Maestro. Maestro grants to Customer, a non-exclusive, non-sublicensable, non-
transferable, royalty-free l¡cense to use the Maestro Systems and Maestro lnformation during the Term of this Agreement solely for
Customer's use in accordance with the terms hereof. Such license will automatically terminate and expire upon the termination of
this Agreement.
4.2 Customer owns all rights to Customer Data provided to or accessed by Maestro. "Customer Data" is defined as all information,
data, and materials (in whatever form or media) provided to Maestro under or pursuant to this Agreement by or on behalf of
Customer. Customer hereby grants to Maestro a limited, worldwide, non-exclusive, sublicensable right and license to use the
Customer Data to perform the Services during the Term. ln addition, Customer hereby grants to Maestro a perpetual, non-
cancelable, sublicensable, worldwide, non-exclusive right to utilize any Customer Data that arises from the use of the Services by
Customer whether disclosed on or prior to the Effective Date for any legitimate business purpose, provided that such information
is aggregated, anonymized, and does not identify Customer or any of Customer's employees or participants.
5. CONFIDENTIALINFORMATION.
5.1 As used herein, the term "Confidential lnformation" means: (a) the terms and conditions and the existence of this Agreement; (b) as
relates to Customer, the Customer Data; (c) as relates to Maestro, Maestro lnformation and Maestro Systems; and (d) information
disclosed to the other in connection with the performance of the Services or this Agreement, including but not limited to information
learned from the disclosing pany's employees or agents or through inspection of the disclosing party's property. Each party will
use reasonable efforts to, and will cause its employees to, minimize distribution and duplication internally and each party shall not
use or disclose the Confidential lnformation of the other party other than as expressly pømitted by this Agreement. Each party
agrees that only its employees who have a need to know the Confidential lnformation of the other party (and in the case of Maestro,
including any affiliates, subcontractors and vendors providing related services) will have access to the Confidential lnformation.
Except as othenivise provided herein, no party will disclose the other party's Confidential lnformation to a third party without the
prior written consent of the other party. Further, to the extent allowed, any disclosure to a third party shall be governed by
confidentiality terms at least as restrictive as the terms set forth in this Agreement.
5.2 Confidential lnformation does not include information that: (a) is now or subsequently becomes generally availaþle to the public
through no fault or breach on the part of receiving party; (b) the receiving party can demonstrate to have had rightfully in its
possession prior to disclosure by the disclosing party; (c) is independently developed by the receiving party without the use of any
of the disclosing party's Confidential lnformation; or (d) the receiving party rightfully obtains from a third party who has the right to
transfer or disclose it. The receiving party may disclose Confidentlal lnformation if required by any judicial or governmental order,
provided that the receiving party takes reasonable steps to first give the disclosing party sufficient prior not¡ce to contest such
ofder.
5.3 Customer agrees to implement and maintain commercially reasonable and appropriate security procedures designed to prevent
unauthorized access to Maestro Systems. To the extent Customer becomes aware of a Security lncident regarding transmlssions
to or from Maestro, Customer will promptly notify Maestro of such Security lncident. "Securitv lncident" means the attempted or
successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations
in an informatlon system. Further, Customer shall provide prompt and reasonable cooperation for a Security lncident experienced
by Maestro regarding any Customer Data transmitted to Maestro for the provision of the Services. Customer further agrees to
ensure that any business associates, agents and/or subcontractors it permits to access the Services and/or Maestro Systems are
bound by the terms and conditions of this Agreement.
5.4 The parties agree that a material breach of this section would cause irreparable injury for which monetary damages would not be
an adequate remedy and each party shall be entitled to equitable relief in addition to any remedies it may have hereunder, at law,
or in equity.
6. LIMITED WARRANW.
6.1 Each party represents and warrants that it 0 has the requisite power and authority to enter into this Agreement and to make the
commitments set forth herein and (ii) is not a party to any other agreement which would hinder its ability to peform its obligations
thereunder. Maestro shall employ commercially reasonable efforts to assist in protecting that Maestro Systems do not contain
viruses, worms, trojan horses, spyware, adware and other malicious code.
6.2 EXCEPT FOR THE EXPRESS WARRANTIES SET FORTH HEREIN, MAESTRO EXPRESSLY DISCLAIMS TO THE MAXIMUM
EXTENT PERMITTED BY LAW, ALL OTHER WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION:
(i) ANY WARRANTY THAT THE SERVICES ARE FREE OF ERRORS, OR WILL OPERATE WITHOUT INTERRUPTION OR THAT ALL
ERRORS WILL BE CORRECTED, (ii) ANY WARRANTTES W|TH RESPECT TO THE ACCURACY OR COMPLETENESS OF THE
cusToMER DATA AND CALCULATTONS MADE BY THE SERV|CES, (iii) ANY tMPLTED WARRANTTES OF MERCHANTABTLTTY OR
FITNESS FOR A PARTICUI.AR PURPOSE, NON-INFRINGEMENT, AND FREEDOM FROM ERRORS, VIRUSES OR ANY OTHER
MALICIOUS CODE. MAESTRO FURTHER DISCI.AIMS ANY WARRANTY THAT THE RESULTS OBTAINED THROUGH THE USE
OF THE SERVICES WILL MEET CUSTOMER'S NEEDS. CUSTOMER ACKNOWLEDGES THAT USE OF OR CONNECTION TO THE
INTERNET PROVIDES THE OPPORTUNITY FOR UNAUTHORIZED THIRD PARTIES TO CIRCUMVENT SECURITY PRECAUTIONS
AND ILLEGALLY GAIN ACCESS TO THE SERVICES AND THE CUSTOMER DATA. ACCORDINGLY, MAESTRO CANNOT AND
DOES NOT GUARANTEE THE PRIVACY, SECURITY OR AUTHENTICIry OF ANY INFORMATION SO TRANSMITTED OVER OR
STORED IN ANY SYSTEM CONNECTED TO THE INTERNET.
7. INDEMNIFICATION.
7.1 Maestro shall indemnify, defend and hold harmless Customer, its affiliates, its officers, directors, and permitted successors and
assigns (each, an "Customer lndemnitee") from and against any and all third party claims, losses, damages, costs and expenses
incurred by such Customer lndemnitee to the extent arising out of or in connection with a claim that Customer's use of the Services
provided by Maestro hereunder infringes such third party's U.S. intellectual property rights. The foregoing obligation does not apply
to any losses or claims arising out of or otherwise relating to (i) any modification to the Services other than: (1) by Maestro or (2)
with Maestro's prior written approval; (ii) any act or omission of Customer or its employees or participants, or the failure of Customer
to comply with the terms of the Agreement; or (iii) the information, data or other material provided by Customer. Maestro may at its
option and at no cost to Customer (a) procure for Customer the right to continue to use the Services, (b) replace or modify the
Services to make it non-infringing, compatible and functionally equivalent application or product, or (c) terminate the Agreement.
The foregoing states Customer's sole and exclusive remedy as related to Maestro's indemnification obligations.
7.2 Customer shall indemnify, defend and hold harmless Maestro, its affiliates, its officers, directors, and permitted successors and
assigns (each, a "Maestro lndemnitee") from and against any and all third party claims, losses, damages, costs and expenses
incurred by such Maestro lndemnitee to the extent arising out of or in connection with: (i) Customer's (including its agents',
employees' or business associates) has materially breached the terms of this Agreement; (ii) Customer's (or its employees' or
participants') negligence or willful misconduct; (iii) a claim that the Customer Data inftinges or misappropriates a third party's
intellectual property rights or trade secrets; (iv) any claims by employees regarding Maestro's recelpt of any information or mater¡als
provided by Customer pursuant to this Agreement.
7.3 Each party shall promptly notify the other pady in writing of any loss or claim for which such party believes it is entitled to be
indemnified pursuant to this section. The party seeking indemnificatlon (the "lndemnitee") shall cooperate with the other party (the
"lndemnitor") at the lndemnitor's sole cost and expense. The lndemnitor shall immediately take control of the defense and
investigation of such matter and shall employ counsel reasonably acceptable to the lndemnitee to handle and defend the same, at
the lndemnitor's sole cost and expense. The lndemnitee's failure to perform any obligations under this section will not relieve the
lndemnitor of its obligations under this section except to the extent that the lndemnitor can demonstrate lhat it has been materially
prejudiced as a result of such failure. The lndemnitee may participate in and observe the proceedings at its own cost and expense
with counsel of its own choosing.
8. LIMITATION OF LIABILITY.
8.1 UNDER NO CIRCUMSTANCES SHALL MAESTRO BE LIABLE FOR ANY SPECIAL, INCIDENTAL, CONSEQUENTIAL, OR INDIRECT
DAMAGES ARISING IN ANY WAY OUT OF THE THIS AGREEMENT OR THE BAA, HOWEVER CAUSED, WHETHER ARISING
UNDER A THEORY OF CONTRACT, TORT (INCLUDTNG NEGLTGENCE OR OTHERWTSE), TNCLUDTNG, WTTHOUT LTMTTATTON,
DAMAGES FOR LOST PROFITS OR LOSS OF DATA.
8.2 IN NO EVENT SHALL MAESTRO'S TOTAL LIABILITY FOR DAMAGES ARISING OUT OF OR REI.ATING TO THE SERVICES OR
THIS AGREEMENT OR THE BAA EXCEED THE FEES PAID BY CUSTOMER TO MAESTRO FOR THE SPECIFIC SERVICE GIVING
RrsE TO THE ACTION lN THE TWELVE (12) MONTHS PRTOR TO THE DATE THE CAUSE OF ACTTON FIRST AROSE. THE
LIMITATIONS ON LIABILITY SET FORTH HEREIN SHALL APPLY NOTWITHSTANDING THE FAILURE OF ESSENTIAL PURPOSE
OF ANY OF THE LIMITED REMEDIES SET FORTH ABOVE.
9. CHOICE OF LAW. This Agreement will be governed by and construed in accordance with the laws of the State of lllinois. All
litigation involving any claim (whether legal or equitable and whether sounding in contract, tort, or othenrvise), which relates to or
arises from the subject matter of the Agreement shall be brought exclusively in the appropriate state or federal courts located in
Cook County, lllinois.
10. CUSTOMER RESPONSIBILITIES;USE RESTRIGTIONS.
1 0.1 Customer Responsibilities: Customer agrees to:
(a) Facilitate access by Maestro to contacts at any and all third party providers or service organizations that may be necessary to
coordinate the configuration and performance of the Services. Customer shall perform such other duties and responsibilities that
may arise out of or otherwise relate to the configuration, launch and performance of the Services, as may be agreed to by the
parties from time to tlme.
(b) Review, test, and approve all aspects of the Services, and promptly report any issues or concerns in writing to Maestro.
(c) Promptly communicate all changes and updates that could impact the Services (including, without limitation, participant
information).
(d) Maintain and operate Customer's business, operatlons, security, and systems in accordance with industry standards and applicable
legal requirements.
(e) Designate an individual to be the main point of contact in connection with the Services.(Ð Be responsible for providing accurate and timely information and data required by Maestro to provide the Services selected by
Customer. Customer shall afford Maestro access to any and all data required to perform the Services.
(S) Customer shall cooperate with Maestro and make promptly available such information, assistance and cooperation as reasonably
required by Maestro to enable Maestro to fulfill its obligations and responsibilities under this Agreement. ln performing its
obligations and responsibilities under this Agreement, Maestro shall be entitled to rely on Customer decisions and data provided
to Maestro. Such information shall be provided to Maestro in the time and in the manner agreed to by Customer and Maestro.
Maestro shall have no responsibility with regard to errors in reporting due to Customer's failure to accurately report or timely update
such information.
(h) Customer agrees that if Customer provides Maestro with specific written instructions to provide the Services in a manner other
than in accordance with Maestro's standard procedures or consultation, Maestro will comply with Customer's written instruction,
provided that, if Maestro complies with such instruction, Customer agrees to indemnify, defend and hold Maestro harmless and
expressly releases all claims aga¡nst Maestro in connection with any claim or cause of action which results from or in connection
with Maestro's following Customer's written instructions.(i) lf applicable, Customer will identify one (1) designated support contact authorized by Customer to administer Customer' access to
and use of the Services and Maestro Systems ("Authorized User"). Maestro may rely on such Authorized User's instructions and
actions as being those authorized by Customer. Customer is solely responsible for (i) monitoring its Authorized User's access to
and use of the Services and Maestro Systems and (ii) safeguarding its passwords and/or access codes to the Services and Maestro
Systems. Customer is liable for any unauthorized access to the Services and/or Maestro's System stemming from misuse of
passwords and/or access codes by the Authorized User or any third parties. Customer must immediately take all necessary steps,
including providing notice to Maestro, to effect the termination of access for the Authorized User if there is any compromise in the
security of that access or if unauthorized use is suspected or has occurred. Gustomer will comply with the user authentication
requirements of Maestro for the Maestro Systems.
10.2 Use Restrictions;
(a) Customer will not: (i) create derivative works of, modify, copy or translate the Maestro Systems, (ii) sell, assign, distribute, lease,
market, rent, sublicense, transfer, or otherwise grant rights to the Maestro Systems in whole or in part to any third party, (iii)
obfuscate, remove or alter any of the internet links or copyright or other proprietary legends that are in the Maestro Systems or that
are displayed on pages served by the Maestro Systems, or (iv) reverse engineer, decompile or disassemble Maestro Systems or
any part thereof or otherw¡se obtain or attempt to obtain the source code for the Maestro Systems.
(b) Customer will not (i) breach or attempt to breach the security of Maestro Systems or any network, servers, data, computers or other
hardware relating to or used in connection with the Services; or (ii) use or distribute through Maestro any software, files or other
tools or devices designed to interfere wlth or comprom¡se the confidentiality, security or availability of Maestro or the operations or
assets of any other Customer of Maestro or any third party using the Services.(c) Customer shall employ commercially reasonable efforts to ensure that all Customer Data transferred to Maestro is free from viruses,
worms, Trojan horses, spyware, adware, and other malicious code.
(d) Any failure by any Authorized User to comply with this Section 10.2 shall be deemed to be a material breach by Customer. Maestro
shall not be liable for any damages incurred by Customer or any third party resulting ftom such breach.
11. ASSIGNMENT. Neither party may assign this Agreement without the prior wr¡tten consent of the other party, provided, however,
no consent shall be required for an assignment by Maestro to a successor entity in the event of a sale of all or substantially all of
Maestro's assets or stock or a merger, or a reorganization within Maestro's existing ownership structure. Except as expressly permitted
in this Section 1'1 , any purported assignment without such consent will be void. Maestro may use subcontractors to complete the
Services, provided that such subcontractors shall be bound by confidentiality obligations no less restrictive than those set forth in this
Agreement.
12. FORCE MAJEURE. Maestro will incur no liability to Customer and will not be responsible for delivery or non-delivery or error in
transmission of reports caused by a third party (who is not a Maestro subcontractorl. Maestro will also not be responsible for any delay
in performance, or non-performance, of any obligation hereunder and for any loss to the extent that such delay in performance or non-
performance or such loss is due to forces beyond Maestro's reasonable control including delays, errors, or interruptions caused by third
parties (who is not a Maestro subcontractor), any industrial, judicial, governmental, civil or military action, utility or communication
failures, acts of terrorism, insurrection, or revolution, nuclear fusion, nuclear fission or radiation, failure or fluctuation in electrical power,
heat, light, air conditioning, or telecommunications equipment, or acts of God.
13. COMPLIANCE.
13.1 Each party agrees to comply wlth all applicable laws related to the Agreement and the Services.
13.2 ln addition to changes which are mutually agreed to by the parties in accordance with the terms hereof, Maestro may make
modifications to the Services from time-to-time, in its sole discretion, in order to comply with regulatory requirements or to otherwise
enhance the Services.
14. FEEDBACK. Maestro continually works to monitor and improve the quality of its services otfering. To this end, Customer permits
Maestro to gain regular and candid feedback from Customer's employees, participants, member groups, members and providers who
have interacted with the Services and related technology. Maestro shall not be obligated to disclose the results of such activity to
Customer except upon Customer's written request.
15. ATTORNEYS' FEES. The prevailing party in any action to enforce the terms of this Agreement shall be entitled to recover costs
and expenses including, without limitation, reasonable attorneys' fees.
16. INDEPENDENT CONTRACTORS. The relationship of Customer and Maestro established by thls Agreement is that of
independent contractors, and nothing contained in this Agreement or the exhibits shall be construed (i) to give either party the power to
direct or control the day{o-day activities of the other; (ii) to constitute the parties as partners, joint venturers, co-owners or otherwise
as participants in a joint or common undertaking; (iii) to create an employment relationshiþ between Customer and Maestro's
representatives or employees; (iv) to create an agency relationship between the parties; or (v) to authorize or permit any party to bind
the other party, except as explicitly provided elsewhere in this Agreement.
17. NO WAIVER: GUMULATIVE REMEDY: SEVERABILITY. Failure to enforce any provision of the Agreement will not be deemed
a waiver of future enforcement of that or any other provision. All remedies in the Agreement are cumulative and in addition to other
remedies under the Agreement, at law, or in equity. lf for any reason a court of competent jurisdiction finds any provision of the
Agreement, or portion thereof, to be unenforceable, that provision of the Agreement will be enforced to the maximum extent permissible
so as to effect the intent of the parties, and the remainder of the Agreement will continue in full force and effect.
18. ENTIRE AGREEMENT: AMENDMENT. The Agreement, including Exhibits A and B, constitute the entire agreement between the
parties with respect to the subject matter hereof, and supersedes all prior agreements or representations, oral or written, regarding such
subject matter. Except as set forth in Section 13.2 above and in Section 7(b) of this Agreement, no alteration or modification may be
made without a writing signed by a duly authorized representative of both parties. ln the event of a conflict between the Agreement and
the BAA, the documents shall govern as follows: the Agreement, Exhibit A, and the BAA.
19. NO THIRD PARTY BENEFICIARY. Nothing expressed or implied in the Agreement is intended to confer, nor shall anything herein
confer, upon any person other than the parties and the respective successors or assignees of the parties, any rights, remedies,
obligations, or liabilities whatsoever. lf any provision of the Agreement is held illegal, invalid, prohibited or unenforceable by a court of
competent jurisdiction, that provision shall be limited or eliminated in that jurisdiction to the minimum extent necessary so that this
Agreement shall otherwise remain in full force and effect and enforceable.
20. SEVERABILITY. lf any provision of the Agreement is held illegal, invalid, prohibited or unenforceable by a court of competent
jurisdiction, that provision shall be limited or eliminated in that jurisdiction to the minimum extent necessary so that this Agreement shall
othemrise remain in full force and effect and enforceable.
21 . NOTICE. All notices given in connection with the Agreement must be in writing and delivered either pøsonally or via overnight
delivery, delivered to the address set forth below:
lf to Customer:
V¡llage of Key Biscayne
88 West Mclntrye Street,
Key Biscayne, FL.33149
Attn:
lf to Maestro:
Maestro Health, lnc.
500 West Madison Street, Suite 1250
Chicago,lllinois 60661
Attn: CFO
with copy to:
Attn: Stephanie Sharp
McGrath North
First National Tower
Suite 3700
160'1 Dodge Street
Omaha, NE 68102
or to such other address as a party may from time-to-time designate by notice to the other pursuant to this sect¡on. All notices will be
deemed received when delivered in person or on the next business day when sent by overnight delivery.
[Remainder of Page lntentionally Blank; Signature Page Follows]
lN WITNESS WHEREOF, the parties have cuased this Agreement to be executed in their names by their undersigned officers, the same
being duly authorized to do so.
CUSTOMER
By:
Print Name:
Title:
Date:
MAESTRO HEALTH, INC.
By:
Print Name:
Title:
Date:
Exhibit A
Services
Relationship Manaqement. Assign a Relationship Manager to work with and assist each employer group in the delivery of Services.. Manageimplementation
o Complete a Discovery Document to gather the Employer's Plan design, policies and administrative rules
o Work with up to 5 Employer designated carriers and vendors to establish and document business processes to provide
services.
o Review carrier procedures for late payments, retroactive changes, processing enrollment exceptions, excepted benefits,
etc.
o Work with implementation team to define and implement Employer rules.o Provide training to Employer team on utilization of the system and procedures.. Conduct annual enrollmentso Manage ongoing administration
Customer Service. Provide toll-free number with menu prompts that provide access to both customer advocates and automated account
information for benefit accounts, if applicable. Provide access to live agents Monday through Friday from 8am to 8pm, Eastern Time, excluding holidays. Provide training to agents on client specific program information. Log all inbound employee interactions in the Maestro Health issue tracking system. Record and log all employee ¡nteractions
Benefit Accounts Services
(a) lmplementation and Data
Manage implementation in accordance with Maestro Health standard approach to delivering the systems and services
selected by Customer;
Provide and maintain an "lmplementation Project Plan"; manage project plan including identification of both Maestro Health
and Customer deliverables and milestones;
Complete configuration of Maestro Health's systems to support the mutually agreed upon program rules as defined in the
onboarding document(s);
Provide training to appropriate Customer personnel on use of Maestro systems and policies as defined during the
im plementation process;
Provide a standard array of electronic enrollment communications materials including enrollment brochures, welcome letters,
e-mail templates to ass¡st with communicating the benefit plans, available program features and rules.
(b) Program & Services
(i) Provide administrative services for the plans selected by Customer.
o A Code Section 125 Health Flexible Spending Arrangement ("Health FSAs").
o A Code Section 129 Dependent Care Flexiþle Spending Arrangement ("Dependent Care FSA") (collectively, with Health
FSAs, "FSA").
o A Code Section 223 Health Savings Account (HSA).
(¡i) Provide ongoing support to Customer contacts as follows:
o Research and respond to inquiries
o Verify content and timing of enrollment and payroll data transmissions
o Respond to eligibility or claim inquiries.
(iii) Process requests for reimbursements in accordance with applicable law, Maestro's standard operating procedures, and
the terms of the plans to the extent that such terms are provided to Maestro and are otherwise consistent with Maestro's
standard operating procedures;
o lf Maestro Health denies a request for reimbursement, Maestro Health will review the 1st level appeal if the plan
provides for 2 levels of appeal.
(iv) Customer will fund all claim reimbursements per mutually agreed upon terms by Customer and Maestro Health.
(c) Self-Service Web & Mobile
(i) Portalfor all EE Participants
o General plan and benefit information
a
a
a
O
a
o Current and historical account activity.o Sign up for alerts.
o Submit and track reimbursement requests.o Access program specific forms and documents.
(ii) Provide access to a secure employer portal for Customer-designated personnel which provides the ability to:o Access plan information and standard reports.
o Access employee census and account information.
o Create ad-hoc reports.
o Upload data files.
(d) Electronic Debit Gards
. Make an electronic payment card ("Card") available to covered individuals through which eligible expenses may be paid;. Require substantiation of expenses paid with the Card in accordance with the requirements set forth by the IRS Code,
Maestro's standard operating procedures, and/or other applicable guidance;. De-activate Card(s) if the covered individual fails to use the Card in accordance with the "Cardholder Agreement" or as
otherwise required by applicable law;. Make reasonable attempts to collect repayment of overpaid or unsubstantiated Card claims or offset the ineligible payment
against any claims for future eligible expenses in accordance with applicable rules and regulations.
(e) Gompliance Services
(i) Upon request, prepare or amend the plan document and summary plan description.
(iii) Upon request, conduct the following nondiscrimination testing required under the lnternal Revenue Code (collectively referred
to as the "Nondiscrimination Tests"):
o The "Eligibility Têst" required under lnternal Revenue Code Section 105.
o The 55% "Avøage Benefits Test" required under lnternal Revenue Code Section 129.
o The íYo "Owner Concentration Test" required under lnternal Revenue Code Section 129.
Note: Customer will be responsible for providing information in required format and adjusting any required elections and scheduled
deductions.
EXHIBIT B
BUSIN ESS ASSOCIATE AGREEM ENT
This Business Associate Agreement (this "BAA) is made effective as of the 1st day of November, 20'18 among Village of Key Biscayne
(the "Gustomer") in its capacity as the plan sponsor of the its group insurance plans (the "Plan(s)"), and Maestro Health, lnc. ("Business
Associate"). This BAA is entered into in connection with the performance of certain services being performed by the Business
Association for the benefit of the Customeras provided for in the Administration Agreement (the "Agreement"). This BAA is also intended
to satisfy the business associate contract requirements in the regulations at 45 CFR 1 64.502(e), 1 64.504(e) and 1 64.314(a), issued under
the Health lnsurance Portability and Accountability Act of '1996 ("HIPAA), as amended by the Health lnformation Technology for
Economic and Clinical Health Act of 2009 ('HITECHI and regulations promulgated thereunder; and for further applicable HIPAA
developments published after enactment of HITECH, including statutes, case law, regulations and other agency guidance.
1. Definitions. Terms used but not othen¡vise defined in this BAA shall have the same meaning as those terms in 45 CFR part 160
and part 164, including sections 160.'1 03, 164.'103, 164.304 and 'l 64.501 . Notwithstanding the above, "Covered Entity" shall mean the
Plan, limited to only those component plans which are subject to HIPAA; "HIPAA Breach" means a "breach" of "unsecured Protected
Health lnformation," as those terms are defined in 45 CFR 164.402 except that unsecured Protected Health lnformation shall be limited to
the information created, received, maintained, or transmitted by Business Associate from or on behalf of Covered Entity. "lndividual" shall
mean the person who is the subject of the Protected Health lnformation and shall include a person who qualifies as a personal
representative in accordance with 45 CFR 164.502(9); Protected Health lnformation shall have the meaning defined in 45 CFR.160.'103,
which also sets forth the definition of health information, including genetic informatlon as clarified by P.L. '1 10-233 and applicable
regulations; "Secretary" shall mean the Secretary of the U.S. Department of Health and Human Services or her designee; "Privacy Rule"
shall mean the Standards for Privacy of lndividually ldentifiable Health lnformation at 45 CFR part 160 and part 164, subparts A and E;
and "Security Rule" shall mean the Standards for Security of Electronic Protected Health lnformation at 45 CFR part '160 and part '164,
subparts A and C.
2. Obligations and activities of Business Associate. Business Associate agrees to not use or further disclose Protected Health
lnformation other than as permitted or required by HIPAA, as amended from time to time, and Section 3 of this BAA, or as required by
law.
(a) Business Associate agrees to use appropriate safeguards to prevent use or disclosure of the Protected Health lnformation
other than as provided for by this BAA.(b) Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of:
(i) a use or disclosure of Protected Health lnformation by Business Associate in violation of the requirements of this BAA, or
(ii) a Security lncident.(c) Business Associate agrees to promptly report to Covered Entity, in writing, any use or disclosure of the Protected Health
lnformation not provided for by this BAA and any Security lncident of which it becomes aware. The parties acknowledge
and agree that this constitutes notice by Business Associate to Customer of the ongoing existence and occurrence of
attempted but Unsuccessful Security lncidents (as defined below) for which no additional notice to Customer shall be
required. "Unsuccessful Security lncidents" shall mean pings and other broadcast attacks on Business Associate's firewall,
port scans, unsuccessful log on attempts, unsuccessful denials of serv¡ce and any combination of the above, so long as no
such incident ræults in unauthorized access, use or disclosure of PHl.(d) Business Associate agrees to ensure that any agent, including a subcontractor, to whom it provides Protected Health
lnformation or electronic Protected Health lnformation received from, or created or received by Business Associate on
behalf of, Covered Entity agrees to the same restrictions and conditions that apply through this BAA to Business Associate
with respect to such information.(e) Business Associate agrees to provide access, at the request of Covered Entity, an lndividual, or an lndividual's designee
and in a prompt and reasonable manner consistent with the HIPAA regulations, to Protected Health lnformation in a
designated record set, to the Covered Entity or directly to an lndividual (or designee) in order to meet the requirements
under 45 CFR 164.524.
(f) Business Associate agrees to make any amendment(s) to Protected Health Information in a designated record set that the
Covered Entity or an lndividual directs or agrees to pursuant to 45 CFR 164.526 at the request of Covered Entity or an
lndividual, and in a prompt and reasonable manner consistent with the HIPAA regulations.
(S) Business Associate agrees to make its internal practices, books, and records, including policies and procedures and
Protected Health lnformation, relating to the use and disclosure of Protected Health lnformation received from, or created
or received by Business Associate on behalf of, Covered Entity available to the Covered Entity, or at the request of the
Covered Entity, to the Secretary in a time and manner designated by the Covered Entity or the Secretary, for purposes of
the Secretary determining Covered Entity's compliance with HIPAA.
(h) Business Associate agrees to make lts internal practices, books, and records, including policies and procedures and
Protected Health lnformation, relating to the use and disclosure of Protected Health lnformation received from, or created
or received by Business Associate on behalf ol Covered Entity available to the Covered Entity, or at the request of the
Covered Entity, to the Secretary in a time and manner designated by the Covered Entity or the Secretary, for purposes of
allowing Covered Entity to confirm Business Associate's compliance with HIPAA.(i) Business Associate agrees to document disclosures of Protected Health lnformation and information related to such
disclosures as would be required for Covered Entity to respond to a request by an lndividual for an accounting of
disclosures of Protected Health lnformation in accordance with 45 CFR 164.528.(j) Business Associate agrees to provide to Covered Entity or an lndividual an accounting of disclosures of Protected Health
lnformation in accordance with 45 CFR 164.528, in a prompt and reasonable manner consistent with the HIPAA
regulations.(k) Business Associate agrees to satisfy all applicable provisions of HIPAA standards for electronic transactions and code sets,
also known as the Electronic Data lnterchange (EDl) Standards, at 45 CFR Part 162. Business Associate further agrees to
ensure that any agent, including a subcontractor, that conducts standard transactions on its behalf will comply with the EDI
Standards.(l) Business Associate agrees to determine the minimum necessary type and amount of Protected Health Information required
to perform its services and will comply with 45 CFR 164.502(b) and 514(d).
(m) Business Associate agrees to restrict the use or disclosure of Protected Health lnformation, and document those
restrictions, at the request of Covered Entity pursuant to 45 CFR 164.522(a), in a prompt and reasonable manner consistent
with the HIPAA regulations.(n) Business Associate agrees to accommodate alternative means or alternative locations to communicate Protected Health
lnformation, and document those alternative means or alternative locations, at the request of Covered Entity or an
lndividual, pursuant to 45 CFR 164.522(b), in a prompt and reasonable manner consistent with the HIPAA regulations.(o) Business Associate agrees to be the primary party responsible for receiving and resolving requests from an lndividual
exercising his or her individual rights described in subsections (f), (i), 0, and (n) of this section 2.(p) Business Associate agrees to implement any and all administrative, technical and physical safeguards necessary to
reasonably and appropriately protect the confidentiality, integrity and availability of electronic Protected Health lnformation
that it creates, receives, maintains or transmits on behalf of the Covered Entity.(q) Business Associate agrees to ensure that access to electronic Protected Health lnformation related to the Covered Entity is
limited to those workforce members who require such access because of their role or function.(r) Business Associate agrees to implement safeguards to prevent its workforce members who are not authorized to have
access to such electronic Protected Health lnformation from obtaining access and to otherwise ensure compliance by its
workforce with the Security Rule.(s) Business Associate acknowledges that HITECH amended certain provisions of HIPAA in ways that now directly regulate
Business Associate's obligations and activities under HIPAA's Privacy Rule and Security Rule. Accordingly, Business
Associate agrees to the following:
lf Business Associate discovers that there has been a HIPAA Breach, then except when prohibited by law,
Business Associate shall notify Covered Entity without unreasonable delay and in no event not later than thirty
(30) business days of the discovøy. Such notice shall include identification of each lndividual whose Protected
Health lnformation Business Associate reasonably believes to have been accessed, acquired, or disclosed during
such HIPAA Breach. As soon as possible thereafter, and to the extent known, Business Associate shall also
provide Covered Entity with a description of: (i) what happened, including the date of the HIPAA Breach and the
date of the discovery, (ii) the types of unsecured Protected Health lnformation involved in the HIPAA Breach, (iii)
any steps individuals should take to protect themselves from potential harm from the HIPAA Breach, and (iv)
what Business Associate is doing to investigate the HIPAA Breach, to mitigate harm to individuals, and to protect
against any further HIPAA Breaches. For purposes of this paragraph, a HIPAA Breach shall be treated as
discovered as of the first day on which the HIPAA Breach is known or should reasonably have been known to
Business Associate (including any person, other than the one committing the HIPAA Breach, that is an employee,
officer, or other agent ofthe Business Associate).
(ii) Pursuant to the Security Rule, made applicable to Business Associates by HITECH, Business Associate shall adopt,
implement and follow security policies and procedures in the same manner and to the same extent as if it were a Covered Entity.
(iii) Business Associate shall not receive remuneration, either directly or indirectly, in exchange for Protected Health lnformation,
except as may be permitted by HITECH 45 CFR $$ 16a.502(a)(5) and 16a.508(a)(a) or as otherwise expressly referred to in this BAA.
(iv) Business Associate shall not make any fundraising communication on behalf of Covered Entity or to Covered Entity's
participants or beneficiaries.
3. Permitted or reouired uses and disclosures bv Business Associate
(D
(a) General use and disclosure.
(i) Except as otherwlse limited in this BAA, Business Associate may use or disclose Protected Health lnformation to perform the
functions, activities, and services (all as described on Exhibit A attached hereto and incorporated herein) for, or on behalf of, the
Customer and the Covered Entity, all as specified in this BAA, provided that such use or disclosure of Protected Health lnformation is
consistent with the Covered Entity's Notice of Privacy Practices, and provided that such use or disclosure would not violate the Privacy
Rule, including the minimum necessary requirement, if done by Covered Entity.
(ii) Business Associate shall share Protected Health lnformation as reasonably requested and authorized in writing by Covered
Entity with Covered Entity and the Centers for Medicare and Medicaid Services (CMS), and with their agents and any other parties
permitted by CMS guidance (including CMS's FAO #5482), where the Govered Entity is submitting to CMS the Protected Health
lnformation required by 42 CFR 423.884 for Medicare's retiree drug subsidy program.
(iiD Business Associate shall share Protected Health lnformation as reasonably requested by Customer to carry out its
responsibilities as plan administrator of the Plan(s), including, without limitation, for purposes of auditing the performance of Business
Associate."
(b) Additional use and disclosure.
(D Except as otherwise limited in this BAA, Business Associate may use Protected Health lnformation for the proper management
and administration of the Business Associate or to carry out the legal responsibilities of the Business Associate.
(ii) Except as otherwise limited in this BAA, Business Associate may disclose Protected Health lnformation for the proper
management and administration of the Business Associate, provided that such disclosures are required by law, or Business Associate
obtains reasonable assurances from the person to whom the information is disclosed that it will remain confidential and be used or further
disclosed only as required by law or for the purpose for which it was disclosed to the person, and the person notifies the Buslness
Associate of any instances of which it is aware in which the confidentiality of the information has been breached.
(iii) Except as otherwise limited in this BAA, Business Associate may use Protected Health lnformation to provide data aggregation
services to Covered Entity as perm¡tted by 45 CFR 16a.50a(eX2XiXB).
(iv) Business Associate may use Protected Health lnformation to report violations of law to appropriate Federal and State authorities,
consistent with 45 CFR 164.502(iX1).
4. Obliqation to inform Business Associate of Covered Entity's privacy practices and any authorization or restriction
(a) Upon request, Covered Entity shall provide Business Associate with the notice of privacy practices that Covered Entity produces in
accordance with 45 CFR 164.520, as well as any commercially reasonable changes to such notice.
(b) Covered Entity shall provide Business Associate with any changes in, or revocation of, authorization by lndividual or his or her
personal representative to use or disclose Protected Health lnformation, if such changes affect Business Associate's uses or
disclosures of Protected Health lnformation.
(c) Covered Entity shall provide commercially reasonable notice to Business Associate of any restriction to the use or disclosure of
Protected Health lnformation that Covered Entity has agreed to in accordance with 45 CFR 164.522, if such changes affect Business
Associate's uses or disclosures of Protected Health lnformation.
5. Permissible requests by Covered Entitv. Covered Entity shall not request Business Associate to use or disclose Protected
Health lnformation in any manner that would not be permissible under the Privacy Rule if done by Covered Entity, and shall not request to
communicate or disclose Protected Health lnformation with Business Associate in any manner inconsistent with HIPAA Safe Harbor
encryption requirements found at 45 CFR 16a.312@)(2)(iv) and 164.312(eX2Xii).
6. Term and termlnation
(a) Term. The term of this BAA shall be as set forth in Section 3 of Exhibit B attached hereto and incorporated herein by this reference
(the "Term"). Upon termination of this BAA, all of the Protected Health lnformation provided by Covered Entity to Business
Associate, or created or received by Business Associate on behalf of Covered EntiÇ, will be destroyed or returned to Covered Entity,
or, if it is infeasible to return or destroy Protected Health lnformation, then protections shall þe extended to such information.
(b) Effect of termination. The parties mutually agree that it is essential for Protected Health lnformation to be maintained afier the
expiration of the BAA for regulatory and other business reasons. The parties further agree that it would be infeasible for Covered
Entity to maintain such records because Covered Entity lacks the necessary system and expertise. Accordingly, Covered Entity
hereby appoints Business Associate as its custodian for the safe keeping of any record containing Protected Health lnformation that
Business Associate may determine it is appropriate to retain. Notwithstanding the expiration or termination of this BAA, Business
Associate shall extend the protections of this BAA to such Protected Health lnformation, and limit further use or disclosure of the
Protected Health lnformation to those purposes that make the return or destruction of the Protected Health lnformation infeasible.
7. Miscellaneous
(a) Regulatory references. A reference in this BAA to a section in the Privacy Rule or Security Rule means the section as in effect or as
amended, and for which compliance is required.
(b) Amendment. Upon the enactment of any law or regulation atfecting the use, disclosure, or safeguarding of Protected Health
lnformation or electronic Protected Health lnformation, or the publication of any decision of a court of the United States or any state
relating to any such law or the publication of any interpretive policy or opinion of any governmental agency charged with the
enforcement of any such law or regulation, either party may, by written notice to the other party, amend thls BAA in such manner as
such party determines necessary to comply with such law or regulation. lf the other party disagrees with such amendment, it shall so
notify the first party in writing within ninety (90) days of the notice. lf the parties are unable to agree on an amendment within ninety
(90) days thereafter, then either of the parties may terminate this BAA on ninety (90) days written notice to the other party.
(c) lnterpretation. Any ambiguity in this BAA shall be resolved in favor of a meaning that permits Covered Entity to comply with the
Privacy and Security Rules.
(d) Gounterparts. This BAA may þe executed in counterparts, each of which may be deemed an original.
(e) lndemnification and performance guarantees. Subject to the limitations set forth in the Agreement, Business Associate agrees to
indemnify and hold Covered Entity and Customer harmless from any and all liability, damages, costs (including reasonable attorneys'
fees and costs) and expenses imposed upon or asserted against Covered Entity arising out of any claims, demands, awards,
settlements, judgments, penalties, or fines relating to use or disclosure of PHI contrary to the provisions of this BAA or applicable law
by Business Associate, or by Business Associate's directors, officers, employees, agents, contractors, business associates, or
trading partners. Subject to the limitations set forth in the agreement, Business Associate agrees to pay all penalties and reasonable
expenses, including those incurred for reasonable remediation, as a result of Business Associate's (or its agent's) acts or omissions
related to its HIPAA obligations.
CUSTOMEB
By:
MAESTRO HEALTH, INC.
By:
Print Name:Print Name:
Title:Title:
Date:Date: