Backup Documents 05/09/2023 Item #16E1 ORIGINAL DOCUMENTS CHECKLIST & ROUTING SLIP 1 6 c
TO ACCOMPANY ALL ORIGINAL DOCUMENTS SENT TO
THE BOARD OF COUNTY COMMISSIONERS OFFICE FOR SIGNATURE
Print on pink paper. Attach to original document. The completed routing slip and original documents are to be forwarded to the County Attorney Office
at the time the item is placed on the agenda. All completed routing slips and original documents must be received in the County Attorney Office no later
than Monday preceding the Board meeting.
**NEW** ROUTING SLIP
Complete routing lines#1 through#2 as appropriate for additional signatures,dates,and/or information needed. If the document is already complete with the
exception of the Chairman's signature,draw a line through routing lines#1 through#2,complete the checklist,and forward to the County Attorney Office.
Route to Addressee(s) (List in routing order) Office Initials Date
1.
2.
3. County Attorney Office County Attorney Office S 1
11.E
4. BCC Office Board of County / / /
Commissioners RI,i y ii / Sfc ,/2
3
5. Minutes and Records Clerk of Court's Office r 7
41/of •
PRIMARY CONTACT INFORMATION
Normally the primary contact is the person who created/prepared the Executive Summary. Primary contact information is needed in the event one of the addressees
- above,may need to contact staff for additional or missing information.
Name of Primary Staff Cherie DuBock Phone Number 239-252-3756
Contact/ Department
Agenda Date Item was 5/9/2023 Agenda Item Number - 64 I
Approved by the BCC
Type of Document Confidentiality Agreement with NCH Number of Original 1
Attached (EpicCare) Documents Attached
PO number or account
number if document is
to be recorded
INSTRUCTIONS & CHECKLIST
Initial the Yes column or mark"N/A"in the Not Applicable column,whichever is Yes N/A(Not
appropriate. _ (Initial) Applicable)
1. Does the document require the chairman's original signature? CD
2. Does the document need to be sent to another agency for additional signatures? If yes, CD
provide the Contact Information(Name;Agency;Address;Phone)on an attached sheet.
3. Original document has been signed/initialed for legal sufficiency. (All documents to be CD
signed by the Chairman,with the exception of most letters,must be reviewed and signed
by the Office of the County Attorney.
4. All handwritten strike-through and revisions have been initialed by the County Attorney's CD
Office and all other parties except the BCC Chairman and the Clerk to the Board
5. The Chainnan's signature line date has been entered as the date of BCC approval of the CD
document or the final negotiated contract date whichever is applicable.
6. "Sign here"tabs are placed on the appropriate pages indicating where the Chairman's CD
signature and initials are required.
7. In most cases(some contracts are an exception),the original document and this routing slip CD
should be provided to the County Attorney Office at the time the item is input into SIRE.
Some documents are time sensitive and require forwarding to Tallahassee within a certain
time frame or the BCC's actions are nullified. Be aware of your deadlines!
8. The document was approved by the BCC on 5/9/23(enter date)and all changes made CD N/A is not
during the meeting have been incorporated in the attached document. The County an option for
Attorney's Office has reviewed the changes,if applicable. this line.
9. Initials of attorney verifying that the attached document is the version approved by the N/A is no`
BCC,all changes directed by the BCC have been made,and the document is ready for the an option for
Chairman's signature. this line.
I:Forms/County Forms/BCC Forms/Original Documents Routing Slip WWS Original 9.03.04,Revised 1.26.05,Revised 2.24.05;Revised 11/30/12
16E1
NC
Healthcare
System
NCH Healthcare System
EpicCare Link User Agreement
This NCH Healthcare System, Inc. EpicCare Link User Agreement ("Agreement") is made and entered into as of
this it'll day of May, 2023, by Collier EMS, Collier County Florida, a subdivision of the State of Florida, an
emergency medical service providing care to mutually shared patients("CCEMS")and the NCH Healthcare System,
Inc. ("NCH")who renders care to patients at two hospitals and two free standing emergency rooms.
WITNESSETH:
WHEREAS,CCEMS provides care to the patient on the date of transport;
WHEREAS, the parties wish to state the terms and conditions under which CCEMS will be given
access to a secure electronic database of NCH owned patient information by which CCEMS may
obtain information for those patients CCEMS rendered care to on a specific date the patient was
transported,to evaluate the patient's post transport care for their accreditation and quality of care
purposes.
NOW,THEREFORE, in consideration of the mutual promises herein contained, NCH and CCEMS agree
as follows:
ARTICLE I
Section 1.1. The Electronic Health Record. NCH maintains a secure electronic database of
confidential patient information owned by NCH, including but not limited to clinical and hospital
treatment records, physician notes, laboratory and imaging records, patient demographic
information, insurance and third-party payor information and other information regarding NCH
patients and proprietary information. This aforementioned information and the EpicCare Link
software shall be collectively referred to as the "EHR". NCH reserves the right to modify or
discontinue the EHR or CCEMS'access to the EHR,or terminate this Agreement at any time for any
reason.
Section 1.2. Grant of Limited Use. CCEMS is granted the right to access the EHR for the following
sole and limited purpose:CCEMS may obtain health information about the subsequent hospital care
and treatment of CCEMS patients for the CCEMS accreditation and quality of care purposes.CCEMS
will only access the patient encounter for the services rendered related to a transport. No prior or
subsequent hospital or other patient encounters may be accessed. All other use of the EHR is
strictly prohibited. The EHR information may not be used for clinical trials or any other research
purpose. Any other patient information sought by CCEMS shall be obtained upon the patient's
written authorization utilizing NCH's standard patient information release form, and complies with
CAO
16E1
Florida law. This authorization form will be provided to the NCH Privacy Officer,who will coordinate
the release of information. CCEMS' access to the EHR is subject to audit and review at any time by
NCH.
Section 1.3 Designation of Access Administrator. CCEMS shall designate an Access Administrator
("Administrator")who will be responsible for managing the Users of CCEMS.The Administrator assures NCH
that the User for which the CCEMS is requesting access for is a bona fide employee of CCEMS and that the
User has a legitimate need for access to the NCH EHR. The Administrator is responsible for promptly notifying
NCH to remove access when a User has left the CCEMS or has changed roles and no longer needs access. If
the Administrator leaves the employment of CCEMS,CCEMS will notify NCH within 5 days.
Access Administrator Name: Ot.rn r Ca r'C r q
Access Administrator Email: nc �+►� _ q lC , ( Co (r ('iCot+/)+y
Access Administrator direct line or cell#: �311- 2 1 2 - (.P (Qcf U
Section 1.4. No Maintenance or Support to EHR. No technical or administrative support shall be
provided to CCEMS relative to its use of the EHR. However, NCH will assist in directing CCEMS to EPIC
training if appropriate.
ARTICLE II
Section 2.1. CCEMS Access. EHR access is managed by the NCH IT Department and the NCH Privacy
Officer. CCEMS shall identify users whom it shall authorize to access the EHR on its behalf ("User")
under this Agreement and the Access Administrator shall submit to NCH. A confidential User ID and
temporary password shall then be assigned to each User, by which such User may access the EHR for
the limited purposes stated in Section 1.2 herein.
Section 2.2. Sharing of Passwords Prohibited. CCEMS shall protect the confidentiality of User IDs
and passwords consistent with the requirements detailed in the NCH EpicCare Link terms and
conditions, Florida law,the Health Insurance Portability and Accountability Act as amended (HIPAA
HITECH Act) and shall not divulge such confidential IDs and/or passwords to any other persons.
CCEMS shall be responsible for use of the password issued to its designated Users. If any
inappropriate access occurs, the access will be suspended for a minimum of 30 days and
reactivation will be determined by the Privacy Officer.
Section 2.3.Notification of Compromised Password. In the event that a password assigned to a User is
compromised or disclosed to a person other than the User, CCEMS shall upon learning of the
compromised password, immediately notify the NCH IT Help Desk (as set forth in Article VI, Section
6.2) so actions can be taken to limit access by that password and to issue a new password to the
CCEMS User.
Section 2.4.CCEMS Notification of Termination of Employment and Other Events Ending an Employee's
Need to Access the EHR. CCEMS shall immediately notify the NCH IT Service Center (as set forth
2
CAO
t6Et
in Article VI, Section 6.2) in the event any CCEMS User ceases to be employed by or associated with
the CCEMS, experiences a change in job function no longer requiring access to the EHR, or for any
other reason that the CCEMS choses to no longer provide such person access to the EHR on its behalf.
Unless and until the NCH IT Service Center receives such notification, CCEMS shall remain responsible
for such User's actions in accessing the EHR and using the information obtained thereunder.
Section 2.5. CCEMS Training Requirement. CCEMS shall provide annual training to its Users on
issues related to information security and patient confidentiality. CCEMS shall maintain written
records evidencing such annual training and provide copies upon request to NCH.
ARTICLE III
Section 3.1. Ownership. No rights to the EHR or patient information contained therein are
transferred to the CCEMS under this Agreement.
Section 3.2. Accessing, Using,and Disclosing PHI.
a. If CCEMS has need to print EHR documents, CCEMS may only do so of medical records which
are necessary and essential for the sole purpose of the CCEMS' quality of care. Such
documents shall be maintained, protected and destroyed in the same manner as the CCEMS
maintains, protects and destroys the medical records of CCEMS' patients.
b. CCEMS shall not use or disclose or release any medical records obtained from the EHR for
any purpose other than otherwise permitted in this Agreement and as set forth in Article IV,
Section 4.1 of this Agreement. Information contained in the EHR may not be used for clinical
trials or any other research purpose.
c. CCEMS may not make electronic copies of medical records or other documents contained in
the EHR.
d. CCEMS shall not rewrite or otherwise alter, destroy, circumvent or sabotage the EHR or
the electronic medical records and documents stored and maintained in the EHR.
e. CCEMS shall not access, use or disclose any information contained in the EHR for any
purpose with the intent to negatively impact the competitive advantage of NCH in the
marketplace.
ARTICLE IV
Section 4.1. Medical Records Confidentiality. The parties recognize that the medical records
maintained in the EHR are subject to various state and federal privacy laws and regulations including
but not limited to HIPAA, the Health Information Technology for Economic and Clinical Health Act
(HITECH) and that NCH and CCEMS are under an obligation to maintain the confidentiality of such
records. CCEMS shall not disclose information from such records except for:
a) CCEMS accreditation purposes
Section 4.2. Indemnification.To the extent permitted by law, CCEMS shall indemnify and defend and
3
CAO
Z 6E1
hold NCH harmless from and against all claims, demands, suits, judgments, costs and expenses
(including reasonable attorney's fees and court costs), if any, that may be made or taken against
NCH incurred by it as a result of any unauthorized access, use or disclosure of any EHR information
(which includes protected patient health information as defined in HIPAA ("PHI")) undertaken on
behalf of the CCEMS by its designated Users or utilized through passwords issued to their Users.
The foregoing indemnification by the CCEMS shall not constitute a waiver of sovereign immunity
beyond the limits set forth in Florida Statues, Section 768.28.
Section 4.3. Unauthorized Access,Use or Disclosure. If the CCEMS discovers an unauthorized access,
use or disclosure of PHI by CCEMS,any CCEMS User or as a result of a compromised ID&password issued
to a User, CCEMS shall as soon as possible but not later than two (2) calendar days following the
discovery of such unauthorized acquisition, access, use or disclosure of PHI notify NCH by telephone
and in writing at the telephone numbers and addresses set forth in Article VI, Section 6.2. CCEMS
shall be considered to have discovered such unauthorized activity as of the first day on which the
unauthorized activity is known or, by exercising reasonable diligence, would have been known to
the CCEMS.Such notice shall include identification of each individual whose unsecured PHI has been
or is reasonably believed by the CCEMS to have been accessed, acquired, or disclosed during such
unauthorized activity. If NCH determines the unauthorized activity by CCEMS or its agent or employee
qualifies as a Breach (hereinafter defined) that triggers the HITECH breach notification requirements,
then CCEMS will reimburse NCH, respectively, for all costs incurred by each related to notifying
individuals affected by such Breach, subject to the indemnification limitation stated in Article IV,
Section 4.2 NCH, at their sole discretion, shall make the determination of whether the definition
of "Breach" as set forth in the HITECH Act, 45 CFR §164.402, has been met. In addition, it shall be
incumbent upon CCEMS to institute appropriate disciplinary actions against the agent(s) and or
employee(s) responsible for the Breach. Upon request from NCH,CCEMS shall provide evidence to NCH
of any disciplinary actions taken. In addition to disciplinary actions taken by CCEMS, NCH may, at
its sole discretion, and without prejudice to any of its rights against CCEMS as a result thereof,
terminate this Agreement and terminate the access of CCEMS. CCEMS agrees to cooperate with
NCH promptly and fully in any investigation of suspected breach of patient confidentiality.
Section 4.4.Additional Legal Remedies for Prohibited Acts.Should CCEMS or any contractor, agent,
employee or CCEMS User access, use or disclose any data, patient information or other information
stored or maintained in the EHR for any purpose not authorized in this Agreement, NCH may
unilaterally and immediately terminate the access to the ERR by CCEMS and seek such legal and/or
equitable relief as each party deems appropriate.
ARTICLE V
Disclaimer of Warranties. NCH MAKES NO REPRESENTATION, WARRANTY OR GUARANTY, EXPRESS OR
IMPLIED, INCLUDING (WITHOUT LIMITATION) ANY WARRANTY OF MERCHANTABILITY OR FITNESS FOR
PARTICULAR PURPOSE WITH REGARD TO THE EHR SUPPLIED TO CCEMS PURSUANT TO THIS AGREEMENT.
SHOULD THE EHR FAIL OR BE INACCURATE,UNDER NO CIRCUMSTANCES SHALL NCH BE LIABLE FOR ANY LOSS
4
CAO
I 6 E
OF PROFITS TO CCEMS OR FOR SPECIAL, CONSEQUENTIAL, EXEMPLARY OR ANY OTHER DAMAGES (ALL OF
WHICH ARE HEREBY EXPRESSLY WAIVED BY CCEMS AS PART OR THE CONSIDERATION FOR THIS AGREEMENT),
EVEN IF NCH HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
ARTICLE VI
Section 6.1.No Assignment. CCEMS may not assign this Agreement.
Section 6.2. Notice
Notice referenced under this agreement shall be as follows:
To report a User or others may have breached a patient's privacy,was unauthorized to
access,or accessed the EHR inappropriately:
Call the NCH Privacy Office—(239) 624-9375 or(239)624-4017
After hours or weekends call the IT Service Center—(239)624-2200
To terminate a User's access as they left your employment,or are now in a role where they
do not need access to the EHR:
Call the IT Service Center—(239) 624-2200
Section 6.3. Termination. All privacy and confidentiality obligations established under this
Agreement shall survive termination of this Agreement or access permitted under it. Either party
may terminate this agreement for convenience upon thirty (30) days written notice to the other
party. In the event of a breach by CCEMS, a HIPAA violation such as accessing the medical record of
a patient not transported by CCEMS, or a HIPAA security concern such as the sharing of Usernames
and Passwords, NCH reserves the right to immediately terminate this agreement.
Section 6.4. Entire Agreement, Governing Law, Jurisdiction, and Venue. This Agreement
constitutes the complete understanding among the parties and incorporates all prior
understandings among the parties on the subject of access to the EHR.There are no promises or
agreements, either oral or written,among the parties on this subject other than as set forth herein.
No modification of this Agreement shall be binding unless the same is in writing and signed by the
respective parties hereto. This Agreement shall be governed by and construed in accordance with
the laws of the State of Florida,without regard to conflict of law principles. Each party consents to
submit to the exclusive jurisdiction and venue of the federal and state courts within the State of
Florida, in and for Collier County, Florida and each party hereby consents to personal jurisdiction
in such forum,for any action,suits or proceedings arising out of or relating to this Agreement.
5
CAO
16E1
NCH EpicCare Link User Agreement
CCEMS:
By: (T/24'
Signature/Authorized Representative
Printed Name and Title: Rick Lo Castro.Chairman
Date: 5/1/23
Attest: C st i K. zel,Clerk of Courts&Comptroller
By: ll/v
Signat thorized Representative
Printed Name and Teitl : (Li
W�cejt
Attest as to hairni.. •
^^� signature only
Date: (d. .
NCH Healthcare System, Inc.
By. _
Signature/Authorized Representative
Printed Name and Title: Nathan Oliver,Compliance and Privac‘i Officer
Date: It / c t
Apprlisr and leality/
V
Scott R.Teach,Deputy ounty Attorney
6
AO