The URL can be used to link to this page

Home My WebLink AboutVIII-03 Approve Access Agreement for Business Associate between Expert T Billing and EpicCare Link City Council Memorandum To: Mayor Fasbender & City Council Members From: John Townsend, Fire Chief Date: December 20, 2021 Item: Access Agreement for Business Associate Between Expert T Billing and EpicCare Link Council Action Requested: Approve the attached agreement for professional service with EpicCare Link System for business associate acting on behalf of external care provider. Background Information: Our outside billing office, Expert T Billing, approached us to establish an agreement with EpicCare Link to aid in their obtaining updated ambulance patient home addresses and/or health insurance information. By Expert T Billing utilizing this EpicCare Link program, it enables them to determine the much-needed updated information for mailing purposes as well as submitting to insurance companies in a timelier manner. The billing specialist, with Expert T Billing, will have a user ID and password specifically used for City of Hastings ambulance patients and will be conducted on a secure computer. There is no cost associated with this agreement for either the City of Hastings or Expert T Billing. Financial Impact: N/A Advisory Commission Discussion: N/A Council Committee Discussion: N/A Attachments: • Agreement for EpicCare Link System VIII-03 781221_2 1 EPICCARE LINK SYSTEM ACCESS AGREEMENT FOR BUSINESS ASSOCIATE ACTING ON BEHALF OF EXTERNAL CARE PROVIDER THIS AGREEMENT (the “Agreement”) is made effective as of November 24, 2021 (“Effective Date”), by and among HealthPartners, Inc., a Minnesota non-profit corporation, with its principal place of business at 8170 33rd Ave So., Bloomington, MN (“HealthPartners”), and City of Hastings, a Minnesota Municipality Corporation, with its principal place of business at 115 W. 5th Street, Hastings, MN 55033(“Provider”), and Expert T. Billing, a billing company, with its principal place of business at 216 Myrtle Street W. #231, Stillwater, MN 55082 (“Contractor”) (collectively, the “Parties” or separately, a “Party”). BACKGROUND A. HealthPartners’ Epic electronic health record system (the “EHR”) is used to create and maintain certain records of HealthPartners health care services and other patient information (the “EHR Records”). B. HealthPartners and Provider serve patients in the same community, and many patients are patients of both HealthPartners and Provider. C. Contractor is a “Business Associate” of Provider, as that term is defined at 45 C.F.R. 160.103, providing payment or healthcare operations related services to Provider. D. With the goal of improving the coordination of services related to these shared patients, HealthPartners will make available to Contractor limited access to the EHR, subject to the terms and conditions of this Agreement. In consideration of the above and the following mutual covenants, and for other good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged, the Parties agree as follows: AGREEMENT Section 1. EHR Access 1.1 Grant and Scope of Access. Subject to the terms of and as limited by this Agreement, HealthPartners hereby grants Contractor non-transferable and non-exclusive access to the EHR to permit Authorized Users (as defined in Section 1.6) to electronically access and use the EHR solely for viewing EHR Records necessary for the purposes described in Schedule 1.1. Provider and Contractor represent and warrant that these purposes fall within the categories of payment and/or healthcare operations activities (as those terms are defined in HIPAA, at 45 C.F.R. Pts. 160 – 164), that these activities are within the scope of Provider’s Business Associate Agreement with Contractor. The permitted purposes are more specifically described in Schedule 1.1. Access, use or disclosure for any other purposes (including but not limited to research, fundraising, and marketing) are expressly prohibited. The scope of an Authorized User’s access to the EHR is limited to “read only” access (i.e., an Authorized User will be able to view and print, but not modify, EHR Records). Provider and Contractor are jointly and severally liable for ensuring that Authorized Users do not access the EHR for any purpose or in any manner not specifically authorized by this Agreement. No EHR access is granted to Provider under this Agreement. 1.1.1 Revocation of Prior Agreements. Except as expressly provided in this Agreement, as of the Effective Date, this Agreement supersedes and replaces any existing agreements (whether oral VIII-03 781221_2 2 or written) related to Contractor’s access to, or the terms and conditions of Contractor’s access to, the EHR with respect to its services on behalf of Provider. 1.2 No License Granted. HealthPartners licenses certain software products from Epic to maintain and operate the EHR. The grant of EHR access under this Agreement is limited by HealthPartners’ underlying licensing agreement with Epic and does not grant and will not be construed as granting to Provider or Contractor a license for the use of any software products. This Agreement does not transfer to Provider or Contractor any title or ownership rights to EHR, EHR Records, or any rights in patents, copyrights, trademarks, or trade secrets encompassed in the EHR or any other HealthPartners system, software or data. Provider and Contractor agree that they will not and will not attempt to reverse engineer or otherwise obtain copies of the software programs contained in the EHR or other HealthPartners systems. 1.3 EpicCare Link; Manner of Access. HealthPartners, in its sole discretion, will determine the tools it will provide to Contractor for Contractor to access EHR Records, and will determine what EHR Record data is made available to Contractor. 1.4 System Requirements for Access. Contractor acknowledges and agrees that any hardware, software, network access or other system components necessary for Contractor to access and use the EHR will be procured, installed and maintained by Contractor at its sole expense. 1.5 Security Obligations. Contractor will implement safeguards that are reasonable and appropriate to prohibit and prevent Authorized Users from accessing, using, or disclosing EHR Records not specifically permitted by this Agreement. Contractor will also implement reasonable and appropriate administrative, physical and technical safeguards that protect the confidentiality, integrity and availability of the EHR Records. HealthPartners assumes no obligation to, but reserves the right to, audit Contractor’s security practices relevant to this Agreement. Contractor and Provider agree to cooperate with HealthPartners’ conduct of such audits and to promptly address any concerns reasonably identified by HealthPartners. 1.6 Authorized Users. It is the responsibility of Contractor to select and qualify one or more persons that Contractor wishes to be granted access to the EHR System and to use the EHR System on behalf of Contractor, in its role of Business Associate to Provider (once approved, the “Authorized Users”). All Authorized Users must be members of the Workforce of Contractor. “Workforce,” as used herein, shall have the meaning set forth at 45 C.F.R. 160.103. Contractor’s request that an individual be authorized as an Authorized User constitutes Contractor’s representation that the individual is (a) a member of Contractor’s Workforce (and not a business associate of Contractor) who (b) needs EHR access to perform assigned job functions for Contractor. 1.7 Security Request Process. Contractor will designate a Site Administrator. The Site Administrator will submit the requests to add Authorized Users to HealthPartners in writing on a form or by a process provided by HealthPartners. The Authorized Requester must promptly deactivate Authorized Users in the event of any change of circumstances requiring termination of an Authorized User’s EHR access (for example, termination of employment, disqualification as an Authorized User, or change in job function). Furthermore, HealthPartners reserves the right to suspend or terminate the EHR access of any Authorized User at any time for any reason. Site Administrator will ensure that only appropriate persons are granted access to the EHR, will periodically audit the roster of Authorized Users to ensure that the terms of this Agreement are being met, and will promptly respond to all reasonable inquiries from HealthPartners. 1.8 Authentication. Contractor and each Authorized User are jointly responsible for keeping and maintaining the security of the passwords or other assigned authentication mechanisms. An Authorized User may VIII-03 781221_2 3 not share an assigned password with any other person, or use the assigned password of any other person, whether for one-time access or ongoing access. All Authorized Users will be required to execute a User Agreement. 1.9 Training. HealthPartners will provide one-time training in EHR functionality to Site Administrator (or other person mutually agreed by the Parties) who will then be responsible for training all other Authorized Users. Contractor will ensure that, prior to accessing the EHR, each Authorized User is trained, consistent with the HealthPartners training and with this Agreement, regarding Contractor’s and Authorized User’s obligations under this Agreement and applicable laws. Contractor will further ensure that ongoing training of Authorized Users is conducted, as needed. HealthPartners reserves the right to require Contractor to provide additional training that HealthPartners deems reasonably necessary and appropriate. 1.10 Policies and Procedures. Contractor will comply with all applicable provisions of HealthPartners’ Information Services policies governing EHR access and use, including but not limited to policies governing password controls. HealthPartners will provide copies of these Information Services policies to Contractor. 1.11 Auditing and Monitoring by Contractor. Contractor must audit and monitor access to and usage of the EHR to the full extent required to satisfy its legal responsibilities (as a HIPAA Business Associate and otherwise), comply with this Agreement, and ensure that Authorized Users access, use, and disclose EHR Records only as authorized by this Agreement. HealthPartners assumes no obligation to audit or monitor Contractor behavior with respect to the EHR, but may require Contractor to follow a reasonable auditing and/or monitoring protocol if HealthPartners determines that it would be appropriate to address its obligations under HIPAA. In addition, HealthPartners reserves the right to independently monitor and audit Authorized Users’ behavior and usage of the EHR and to immediately suspend an Authorized User’s access to the EHR, if HealthPartners reasonably suspects or believes that Contractor or Authorized User has violated the terms of this Agreement or is otherwise the cause of harm or interference with HealthPartners’ rights or property related to the EHR or the rights or property of others related to the EHR. Contractor and Provider will cooperate with HealthPartners in any additional monitoring or auditing deemed necessary by HealthPartners and conducted by HealthPartners or Contractor. Contractor and Provider will fully and promptly cooperate with HealthPartners in resolving any privacy or security issues identified by such monitoring or auditing. 1.12 Unauthorized Use or Disclosure; Complaints. Contractor and Provider will immediately notify HealthPartners in writing when either becomes aware of any of the following: (a) any Security Incident (as defined by HIPAA at 45 CFR Pts 160 - 164); (b) any actual or suspected unauthorized access, use or disclosure of EHR Records; or (c) any complaint from a patient or other person involving alleged inappropriate use, access or disclosure of EHR Records or other confidential information of HealthPartners. Each Party will cooperate with the others, as necessary and appropriate, to investigate any complaints, any actual or suspected unauthorized access, use or disclosure of the EHR Records, any Security Incident, or any actual or suspected violation of this Agreement. Contractor, in consultation with HealthPartners, will take prompt corrective action at Contractor’s own expense to mitigate and cure any harmful effect that is known to Contractor of any unauthorized access, use, disclosure of EHR Records or any Security Incident related to the EHR that is caused by or attributable to Contractor or Authorized Users. Contractor shall reimburse HealthPartners for all reasonable costs incurred by HealthPartners in investigating an unauthorized use or disclosure or a complaint, and all reasonable costs incurred by HealthPartners to provide breach notifications or to mitigate or cure any harmful effects resulting from an unauthorized use or disclosure or a Security Incident. Contractor further agrees to reimburse HealthPartners for any and all fines and/or administrative penalties imposed for such unauthorized access, use or disclosure, Security Incident, or for delayed reporting. The provisions of this Section 1.12 will survive the termination of this Agreement. VIII-03 781221_2 4 Section 2. Additional Terms and Conditions 2.1 Disclaimer of Warranty; Limitation of Liability. HEALTHPARTNERS NEITHER MAKES, NOR WILL BE DEEMED TO HAVE MADE, ANY WARRANTY OR REPRESENTATION OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, AS TO THE DESIGN, CONDITION, QUALITY, CAPACITY, OR OTHER ASPECT OF ANY OF THE SERVICES PROVIDED HEREUNDER OR ANY COMPONENT THEREOF, INCLUDING, BUT NOT LIMITED TO, ANY DATA, SYSTEM, SOFTWARE, PERSONNEL, PROGRAMMING ASSISTANCE, OR CONSULTATION PROVIDED AS A PART OF SUCH SERVICES, OR WARRANTIES ARISING FROM STATUTE, COURSE OF DEALING, COURSE OF PERFORMANCE OR USAGE OF TRADE. ALL SUCH WARRANTIES ARE HEREBY EXCLUDED. UNDER NO CIRCUMSTANCES WILL HEALTHPARTNERS BE LIABLE TO PROVIDER OR CONTRACTOR FOR ANY DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, EXEMPLARY, PUNITIVE OR SPECIAL DAMAGES OF ANY NATURE OR KIND WHATSOEVER (INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR SAVINGS, LOST DATA, LOST BUSINESS, LOSS OF USE, OR LOST REVENUES) EVEN IF HEALTHPARTNERS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES OR KNEW OF OR SHOULD HAVE KNOWN OF THE LIKELIHOOD OF SUCH DAMAGES, AND NOT WITHSTANDING THE FORM (E.G., CONTRACT, NEGLIGENCE, STRICT LIABILITY, OR OTHERWISE) IN WHICH ANY LEGAL OR EQUITABLE ACTION MAY BE BROUGHT AGAINST IT. 2.2 Clinical Practice. Provider assumes sole responsibility for all clinical decision-making and services provided by Provider, Contractor and Authorized Users arising from, related to or in connection with the access, use, or disclosure of EHR Records. Provider and Contractor agree to use the EHR only in accordance with applicable standards of good clinical practice, as applicable. 2.3 Assumption of Liability. Provider and Contractor will ensure that Authorized User access to the EHR Records is only for legitimate business purposes and as permitted this Agreement and applicable law. Provider and Contractor are jointly and severally liable for each Authorized User fully complying with this Agreement and applicable law. Provider and Contractor jointly and severally assume full responsibility and liability for actions or omissions related to the access to and use of the EHR by Contractor’s Authorized Users or any other person Contractor permits (intentionally or unintentionally) to have access to the EHR, including but not limited to unauthorized access to, use of or disclosure of EHR Records that results from Contractor’s or an Authorized User’s failure to keep the assigned passwords secure. 2.4 Indemnification by Provider. Provider agrees to indemnify, defend, and hold harmless HealthPartners and its affiliates and their respective officers, directors, employees, agents, successors and assigns from any and all claims, liabilities, judgments, fines, assessments, penalties, awards or other expenses, of any kind or nature whatsoever, including, without limitation, attorneys’ fees, expert witness fees, and costs of investigation, litigation or dispute resolution, relating to or arising out of Contractor’s use of the EHR, or Contractor’s acts or omissions or willful misconduct under this Agreement, including but not limited to Contractor’s impermissible access to, use or disclosure of EHR Records or other HealthPartners data, or the introduction of viruses or other harmful contaminant into the EHR or other HealthPartners system by virtue of Contractor’s access. 2.5 Indemnification by Contractor. Contractor agrees to indemnify, defend, and hold harmless HealthPartners and its affiliates and their respective officers, directors, employees, agents, successors and assigns from any and all claims, liabilities, judgments, fines, assessments, penalties, awards or other expenses, of any kind or nature whatsoever, including, without limitation, attorneys’ fees, expert witness fees, and costs of investigation, litigation or dispute resolution, relating to or arising out of Contractor’s use of the EHR, or Contractor’s acts or omissions or willful misconduct under this Agreement, including but not limited to Contractor’s impermissible access to, use or disclosure of EHR Records or other HealthPartners data, or the introduction of viruses or other harmful contaminant into the EHR or other HealthPartners system by virtue of Contractor’s access. VIII-03 781221_2 5 2.6 Representations and Warranties of Contractor and Provider. Contractor represents and warrants that it will, at all times during the term of the Agreement ensure that each Authorized User complies with the terms and conditions of this Agreement, applicable law, and applicable HealthPartners, Provider, and Contractor policies and procedures as may be amended from time to time, and to ensure that no Authorized User takes any action that adversely affects or damages the EHR, EHR data or any other system or data file of HealthPartners. Contractor further represents and warrants that it has in place and will appropriately implement disciplinary measures and sanctions against Authorized Users known to have violated the terms of this Agreement, applicable law or applicable HealthPartners, Provider or Contractor policies or procedures, or to have taken any action adversely affecting or damaging the EHR, EHR data or any other system or data file of HealthPartners. Provider and Contractor each represents and warrants that it will at all times during the term of this Agreement have in place a qualified Privacy Officer and Security Officer, as required by HIPAA for covered entities, notwithstanding whether or not Contractor is a covered entity under HIPAA. Provider and Contractor will promptly notify HealthPartners of any change to the persons appointed to these positions. 2.7 Survival. This Section 2 will survive termination of this Agreement. Section 3. Confidentiality. 3.1 Confidentiality of Patient Records; Consent. The Parties will protect the confidentiality and security of the EHR Records to the full extent required by applicable law. If HealthPartners determines it to be necessary, the Parties will cooperate to obtain the patient’s consent, which may include, for example, Provider or Contractor obtaining the patient’s written consent. If Provider or Contractor represents to HealthPartners that it has obtained a legally valid consent from the patient (or patient’s authorized representative), the Parties agree that HealthPartners may rely on that representation but may also request a copy from Provider or Contractor. 3.2 Requests for EHR Records. If Provider or Contractor receives any request for copies of or access to EHR Records from any third party, including requests from patients, neither Provider nor Contractor will provide such copies or access but will promptly direct the requester to HealthPartners. 3.3 Other Confidential Information. During the course of the performance of this Agreement, the Parties may have access to or become acquainted with confidential information relating to each other’s business, including, without limitation, patient lists, proprietary information, trade secrets and other intellectual property, non-public information, clinical, marketing, personnel and administrative policies, procedures, manuals and reports, and written agreements, including this Agreement. The Parties acknowledge and understand the importance of keeping such information, including the terms of this Agreement, confidential and agree never to use, except in performing their respective duties under this Agreement, or to disclose such information to any third party except as may be required by a court or administrative order or except, with respect to HealthPartners, to an entity that controls, is controlled by or is under common control with, directly or indirectly, HealthPartners. If disclosure is ordered by a court or administrative order, the Party subject to the order will immediately notify the other Party. Upon termination of this Agreement, each Party will immediately return to the other Party all records or other tangible documents that contain, embody or disclose, in whole or in part any confidential information. 3.4 Survival. This Section 3 will survive termination of this Agreement. Section 4. Term and Termination. 4.1 Term. This Agreement will commence on the Effective Date and continue until terminated as provided below. VIII-03 781221_2 6 4.2 Termination. This Agreement may be terminated for any reason or no reason at any time by a Party, upon written notice to the other Parties. Notwithstanding the termination of this Agreement, the Parties will be required to perform under those provisions hereof which contemplate performance subsequent to termination. Termination of this Agreement will not affect any liabilities or obligations that exist prior to or occur by reason of such termination, including but not limited to liability for damages for breach of this Agreement. Section 5. Miscellaneous. 5.1 Contact Persons. The Parties will use their best efforts to support an effective working relationship with each other as it relates to the terms and conditions of this Agreement and any other concerns that may arise between the Parties. Each Party will designate a primary contact person and certain additional contact persons for specific communications, as listed in Schedule 5.1 of this Agreement. The “Primary Contacts” listed in Schedule 5.1 will serve as the primary administrative contacts that the Parties will go through to address issues of concern that may arise between the Parties relating to matters addressed in this Agreement and will also serve as the backup contact to any of the other contacts listed in Schedule 5.1. 5.2 Assignment. Neither Provider nor Contractor may assign, delegate, or otherwise transfer any right or obligation under this Agreement without the prior written consent of HealthPartners. Any attempted assignment or transfer without HealthPartners’ consent is ineffective. 5.3 Amendment. The Agreement may be amended only by a writing signed by the Parties. 5.4 Governing Law, Jurisdiction and Venue. The Agreement will be governed by and interpreted under Minnesota law without regard to choice of law principles. Any lawsuit arising directly or indirectly out of the Agreement will be brought in a court of competent jurisdiction located in the State of Minnesota. 5.5 Non-Waiver. The rights and remedies of the Parties are cumulative and not alternative. Neither the failure nor any delay by any Party in exercising any right under this Agreement or the documents referred to in this Agreement will operate as a waiver of such right, and no single or partial exercise of any such right will preclude any other or further exercise of such right or the exercise of any other right. 5.6 Entire Agreement; Severability. This Agreement constitutes the entire agreement between the Parties with respect to the matters contemplated herein and supersedes all previous and contemporaneous oral and written negotiations, commitments, and understandings relating thereto. The Agreement will be interpreted in a way that if any provision is held invalid, the rest of the Agreement will remain in full affect unless the invalid provision would materially alter a Party’s interests or materially affect its ability to perform under the Agreement. 5.7 Legal Notices. Except as otherwise provided, any notice or other communication provided for by this Agreement must be in writing and will be deemed given or delivered when personally delivered or when deposited in the United States mail, certified or registered, return receipt requested, postage prepaid and properly addressed, or by recognized overnight courier, next day delivery, charges prepaid, or if given by facsimile, upon evidence of transmission of facsimile, followed by registered or certified mail, addressed to the intended recipients as identified in the Legal Notices section of Schedule 5.1, or to such other person or address as may be designated by written notice by one Party to the other Parties given from time to time during the term of this Agreement. 5.8 Construction. Unless otherwise expressly provided, the word “including” does not limit the proceeding words or terms. Any reference to a statute or regulation means that statute or regulation as amended or supplemented from time to time and any corresponding provisions of successor statutes or regulations unless context requires otherwise. The section headings contained in the Agreement are for reference purposes only and VIII-03 781221_2 7 will not in any way affect the meaning or interpretation of the Agreement. The Agreement will be construed in accordance with the plain meaning of its terms, and no presumption or inference will be made against a Party responsible for drafting any provision. 5.9 Signatures and Counterparts. The Agreement may be executed by any form of signature authorized by law. Each counterpart will be deemed an original copy of the Agreement and, when taken together, will be deemed to constitute one and the same agreement. 5.10 Exhibits; Schedules. All exhibits, schedules and attachments, attached hereto, and HealthPartners Information Services policies, as each may be amended from time to time, shall be and hereby are incorporated into this Agreement by this reference. IN WITNESS WHEREOF, HealthPartners, Provider and Contractor have each caused this Agreement to be executed in their respective names by their duly authorized representatives, as of the day and year first above written. SIGNATURE PAGE FOLLOWS VIII-03 781221_2 8 HEALTHPARTNERS, INC. [PROVIDER] ______________________________________ _______________________________________ Signature Signature ___Kari Toft_ _______________________________ _______________________________________ Printed name Printed name V.P. IS & T Care Delivery ________________________ _______________________________________ Title Title ______________________________________ _______________________________________ Date Date [CONTRACTOR] _____________________________________ Signature _______Brian Brosdahl____________________ Printed name _____President___________________________ Title _________12-27-21________________________ Date VIII-03 781221_2 9 Schedule 1.1 Description of Permitted Purposes DRAFTER’S NOTES: Describe the specific purposes for which Contractor will be accessing the EHR. E.g., explain which categories of users at Contractor get access, what types of records will they access, which patients’ records will they access, and why? Describe the relationship between Provider and Contractor, as appropriate. All of these purposes must fall within the general categories of payment or healthcare operations, AND within the scope of Contractor’s Business Associate Agreement with Provider, AND must be either (1) permitted by state & federal law without patient consent; or (2) within the scope of HealthPartners standard patient consent form. User Category Type of Record Which Patients Purpose Billing Staff Patient Demographics and Insurance Information Patients with a shared relationship with HealthPartners family of care and City of Hastings To bill for ambulance services VIII-03 781221_2 10 Schedule 5.1 Contact Persons As of the Effective Date, the contact persons for each Party are as follows: PROVIDER CONTRACTOR HEALTHPARTNERS Primary Contact: Name/Title: Penne Schuldt, Office Manager Address: City of Hastings Fire and Emergency Medical Services 115 W. 5th St., Hastings, MN 55033 Phone: 651-480-6152 Email: pschuldt@hastingsmn.gov For all contacts except as noted below. Name/Title: Kim Dralle, Billing Specialist Address: Expert T Billing 216 Myrtle Street W. #231, Stillwater, MN 55082 Phone: 651-463-3867 Email: kim@experttbilling.com For all contacts except as noted below. Linda Beverson, Manager Health Information Management Regions Hospital Mailstop 11501E 640 Jackson St. St. Paul, MN 55101 651-254-3827 Linda.I.Beverson@HealthPartners.Com For all contacts except as noted below Security Administration: Site Administrator: Name/Title Address Phone Email Privacy Officer: Name/Title Address Phone Email Name/Title Address Phone Email Tobi Tanzer, VP Integrity and Compliance HealthPartners MS 21110X PO Box 1309 Minneapolis, MN 55440-1309 Phone: 952.883.5195 Email: Tobi.X.Tanzer@HealthPartners.com Notify of any privacy incidents or complaints Security Officer: Name/Title Address Phone Email Name/Title Address Phone Email Dennis Zuzek SVP and CIO HealthPartners MS 21110A PO Box 1309 Minneapolis, MN 55440-1309 Phone: 952.883.7883 Email: Dennis.M.Zuzek@HealthPartners.com Notify of any security incidents Legal Notices Name/Title Address Phone Name/Title Address Phone Kari Toft VP Care Delivery Systems IS HealthPartners VIII-03 781221_2 11 Email Email MS 21110G PO Box 1309 Minneapolis, MN 55440-1309 With a copy to: HealthPartners, Inc. Attn: General Counsel 8170 33rd Avenue South Bloomington, MN 55425 Each Party will promptly communicate any changes to this contact information to the other Parties. VIII-03