Request for Proposal Learning Management System ... - ResCare [PDF]

Aug 28, 2015 - ResCare is currently accepting proposals to purchase new training content for our Residential and HomeCar

5 downloads 10 Views 172KB Size

Recommend Stories


REQUEST FOR PROPOSAL Learning Management System RFP Posted
Respond to every call that excites your spirit. Rumi

Request for Proposal in PDF
Don't fear change. The surprise is the only way to new discoveries. Be playful! Gordana Biernat

Request For Proposal for
And you? When will you begin that long journey into yourself? Rumi

request for proposal integrated forest management plan
If your life's work can be accomplished in your lifetime, you're not thinking big enough. Wes Jacks

request for proposal investment management services 2017
I want to sing like the birds sing, not worrying about who hears or what they think. Rumi

Toll Collection System – Request for Proposal
Learn to light a candle in the darkest moments of someone’s life. Be the light that helps others see; i

Request for Proposal
If your life's work can be accomplished in your lifetime, you're not thinking big enough. Wes Jacks

Request for Proposal
Sorrow prepares you for joy. It violently sweeps everything out of your house, so that new joy can find

Request for Proposal
Do not seek to follow in the footsteps of the wise. Seek what they sought. Matsuo Basho

request for proposal
Don’t grieve. Anything you lose comes round in another form. Rumi

Idea Transcript


Request for Proposal Learning Management System Training Course(s) Content Purchase

9901 LINN STATION RD LOUISVILLE, KY 40223

AUGUST 28, 2015

RFP for Training Content Purchase

Request for Proposal Res-Care, Inc. (hereafter referred to as “ResCare”), a Louisville, Kentucky based corporation, on its own behalf is interested in your response for off-the-shelf “ready” LMS Training course content purchase.

About ResCare ResCare is the largest company of people serving people. Founded in 1974 and headquartered in Louisville, Kentucky, ResCare is a one-of-a-kind human services company that is dedicated to our mission of helping people from every walk of life reach their highest level of independence. At the center of ResCare’s culture is a person who receives our services. Whether it’s sitting across the desk with a single mom who needs a job, or helping a man with dementia stay in his own familiar surroundings, or working with a veteran who’s suffered a brain injury so he can return home to loved ones or watching a person with developmental disabilities brush her own teeth for the first time — that individual is our company’s focus. Today, ResCare is the country’s largest provider of services to people with intellectual and developmental disabilities, the largest privately-held home care provider to seniors and largest provider of education, vocational training and job placement for people of all ages and skill levels. Our leading youth services provide education, training and foster care services to children and young adults. Our revenues are in excess of $1.5 billion and growing. ResCare employees work in thousands of locations across the United States, in Canada and Puerto Rico serving the diverse needs of over 50,000 people every single day and over a million people every year. We're as proudly committed to the success of our 46,000+ employees as the customers we serve. People who join the ResCare family stay with us. On average, ResCare’s leadership members have been with the company more than a decade. Several have risen through the ranks, joining us as direct caregivers and advancing to senior level positions. ResCare employees say they love their jobs because they help transform peoples’ lives and their communities. We believe ResCare is where care meets career!

Scope Overview/Business Objectives ResCare is currently accepting proposals to purchase new training content for our Residential and HomeCare Direct Support Providers (DSPs) as well as all HomeCare Skilled and Residential. Our current eLearning system provides easily accessible on-line development for every one of our 46,000+ ResCare employee as well as every one of our 35,000+ customers who relies on our Workforce Services. In an effort to establish and replicate a consistent training experience for DSPs, ResCare has determined that new eLearning training content is needed to provide “Best in Class” training content for improved care and interaction with clients. The purpose of this Request for Proposal (RFP) is to solicit proposals from various candidate organizations, conduct a fair and extensive evaluation based on criteria listed herein, and select the candidate who best represents the direction ResCare wishes to go.

Our Provider Criteria ResCare will evaluate provider RFP responses according to specific criteria. Our criteria cover four areas: (1) service capability/excellence; (2) implementation/governance; (3) financial and commercial; and (4) common evaluation categories:

ResCare

Confidential and Proprietary

Page 2 of 21

RFP for Training Content Purchase

Service Capability/Excellence      



Capability and desire to provide all needed services and support for learning Company strength (e.g., track record, financials, transactions, partners/alliances, recent R&D spends, etc.). Question to answer – how many clients have you lost in the last three years? Why? Clearly stated service (SLA) level commitments Solution technical approach (e.g., security, scalability, configurability, workflow, synergies, ease of integrations, ease of transition from current systems) Intuitiveness and ease of navigation of system Strength of ongoing team resources (account executive/leader and manager (regular point of contact), support team, help desk, etc.) Service approach, model, and culture; service awards

Implementation/Governance       

Clarity on implementation resources/approach and needed ResCare resources Completeness and realism of implementation plans for learning; understanding of potential issues, clearly defined tasks, activities, milestones, roles and responsibilities Clarity on change management considerations and support Strength and experience of implementation team resources (implementation leader, implementation team, etc.) Prior experience for learning in similar organization with similar needs Ability to achieve timeline and risk profile Governance plan including proposed governance staff, policies and contract change management process

Financial Evaluation   

 

Considerations/potential impact for our ResCare business as well as share other company relevant business cases (impact seen for a company for similar situations/needs) Price – Overall price for course ready content including loading content into ResCare’s eLearning system Clear pricing considerations, clarity on costs for eLearning by course and by course package (e.g., what is included; what is not included; per employee, per subscription model, etc.), and price predictability Contracting flexibility All proposals must include proposed costs to complete the tasks described in the project scope. Costs should be stated as one-time or non-recurring costs (NRC) or monthly recurring costs (MRC). Pricing should be listed for each of the following items in accordance with the format below: By each course

NRC

MRC

By course package

NRC

MRC

NOTE: All costs and fees must be clearly described in each proposal.

ResCare

Confidential and Proprietary

Page 3 of 21

RFP for Training Content Purchase

Common Evaluation Categories       

Your company profile, sense of stability, relevant financials, market presence, and sharable growth plans An innovator and visionary in this space. Strong future considerations thought/technical orientation (e.g., wireless, further innovations, functional enhancements, other) Comparable to ResCare consulting experience and references Clear understanding of our needs and businesses Cultural fit for those that we meet and for those that we will work most closely with Personnel turnover (leadership level turnover) Scalability of systems with ResCare



Capability and passion to provide all needed services and support for learning

Our Process This RFP is submitted to multiple providers selected by ResCare based on prior contact or known capability. Each provider to whom this RFP is submitted is referred to as “Participant”. Responses must be returned to ResCare by no later than Thursday, September 10, 2015. If the Participant does not provide a complete written response by this date, the Participant will be eliminated from our process. It is your responsibility to seek clarification on any inconsistencies, ambiguities, errors, or other issues in this RFP. Existing providers should not assume that the ResCare team has any knowledge of their business, capabilities, or operations. In order to ensure consistent treatment, communications should only be with the person named in the subsequent section. Substantive questions from RFP Participants and the corresponding ResCare response will be shared with all service providers via e-mail.

General Information Our Resource Center is located at 9901 Linn Station Road in Louisville, Kentucky 40223. Here are key dates. Please know that this timeline is subject to change:     

 

Release of RFP – Friday, August 28, 2015 Your intention to participate (by e-mail; no form to complete) – Wednesday, September 2, 2015 RFP Participant questions due to ResCare – Friday, September 4, 2015 Submission deadline for proposal (close of business EST) – Thursday, September 10, 2015 Included in your proposal must be a Letter or Authorization (LOA), Letter of Indemnification (LOI), HIPAA Business Associate Agreement, and Customer References. These forms are provided in the back of this RFP. Included in your proposal must be Service Level Agreements/Matrix, your Hosting Services Agreement and a pricing summary/template. No forms are provided for the SLA and pricing. Onsite presentation sessions – week of September 14, 2015. Some Participants will be invited by ResCare to these sessions. These will be scheduled directly with the Participant. Please know that these will be in-depth discussions aligned to our criteria. Invited Participants will receive a detailed agenda and ResCare expects you to involve the team that will ultimately support ResCare.

ResCare

Confidential and Proprietary

Page 4 of 21

RFP for Training Content Purchase

ResCare has authorized the following individual to serve as ResCare’s contact (the “Contact”) with regard to all notices, questions and communications concerning the RFP or Project: Natalie Fabian, Associate General Counsel. Natalie’s work address is ResCare, Inc., 9901 Linn Station Road, Louisville, Kentucky 40223. Email: [email protected]; Note: ResCare is not using a neutral third party or advisor for this Project. Any Participant electing not to participate in or respond to this RFP is requested to notify the authorized contact by e-mail within 24 hours of receipt of this RFP. We request that you destroy this RFP and all copies. Questions to our Contact may not be submitted by telephone. During this process, any questions or comments regarding this RFP must be sent by e-mail and include: Participant name and company name; reference to the specific section of the RFP in question. Please know that contact with any other ResCare people regarding this RFP may disqualify your company from further consideration. ResCare reserves the right to communicate with Participants, individually or collectively, formally or informally. ResCare reserves the right to require that questions and other communications concerning this RFP or Project be submitted to ResCare only in writing. Unless otherwise agreed to by ResCare in advance, ResCare reserves the right to discuss with any Participant any aspect of any other Participants’ interest or position. We will not be providing herein any further information about our current state and approach, current third party providers, technology and interfaces (other than ADP EV-5 is our HRIS system of record), volumes related to recruitment data, volumes related to employee learning usage, or volumes related to Workforce Services learning usage, and other HR technology information. Document Guidelines: We are not providing specific RFP format/appearance guidelines. Your proposal shall include all information requested in this document, all applicable pricing for services outlined, a notice of any conflicts and/or errors in documents, and a list of all assumptions/exceptions/clarifications to the documents. Delivery of Proposal: In addition to an electronic e-mail submission, the Participant firm should submit eight (8) hardcopies of the proposal materials. Period Valid Contingencies Changes: The prices quoted, as well as other material terms in each Proposal, shall be valid and binding, and not subject to change without ResCare consent if accepted by ResCare (subject only to changes agreed to by both parties) within two (2) business days after the Submission Deadline. Proposals shall not be made contingent upon uncertain events or development activity that is not within the scope of the Project. Any change made to the Proposal by mutual agreement of the parties shall be documented in writing and signed or initialed by representatives of both parties. Proposal Expenses: All expenses for each Participant’s development of their Proposal and participation in the RFP, including site visits, document preparation, communications, and demonstrations, are entirely the responsibility of the Participant and will not be chargeable to ResCare. The rejection of any or all Proposals, or the termination of the RFP at any time, shall not render ResCare liable for any reason. Modification/Termination of RFP: ResCare reserves the right, in its discretion and without incurring any liability to any Participant, to modify or terminate this RFP at any time prior to the execution of a definitive contract, and to accept or reject any proposal for any reason. ResCare also reserves the right, in its sole discretion, to select and negotiate with those service providers it judges qualified, based on the criteria developed solely by ResCare, for competitive bidding and to terminate negotiations without incurring any liability. ResCare so reserves the right to reject any or all proposals without explanation.

ResCare

Confidential and Proprietary

Page 5 of 21

RFP for Training Content Purchase

Confidentiality: Information contained in this RFP is considered confidential and proprietary to ResCare. If any recipient is not willing to maintain such information in confidence, the recipient is required to notify ResCare immediately and return all hard copies hereof. Copies of this RFP made by any Participant must be accounted for upon ResCare’s request. Without the written consent of ResCare, each Participant may use the information contained herein only for the purposes of responding to the RFP, and such information may be disclosed only to employees of Participant who have a “need to know” such information in order to enable the Participant to respond to this RFP. By signing this agreement, and initialing the line below, you acknowledge that you have read and understood this information and understand ResCare will use any and all legal means available to it to enforce this provision. You also understand that if chosen, you will be required to sign a Non-Disclosure Agreement (NDA) before official award is made. __________________ (Initial here) Contract Documentation: Information contained in this RFP and the basic terms of the Proposal accepted by ResCare will be incorporated in definitive contract (“Contract”) following final selection of a Participant for this Project. Business Associate Agreement: In order to be included in the RFP phase of this process, provider finalist will be required to comply with and execute without change ResCare’s HIPAA compliance employee agreement. Cost Summary: Participant shall provide a detailed summary of all costs including: module/subscription details (and how the cost was determined), implementation costs, training, change management, maintenance and support, training, and post implementation ongoing support. If you are the selected provider, we will work with you on the desired contract template.

ResCare

Confidential and Proprietary

Page 6 of 21

RFP for Training Content Purchase

Training Requirements The scope of this project includes specific off-the-shelf content ready courses and licensing. The following criteria must be met to achieve a successful project:

Number

Training Requirement

Vendor Response

L-1

Course content must be native.

L-2

Course content must be responsive design. Content must be visually and aesthetically pleasing. Content must be user-friendly and easy to navigate within course(s). Consistency of design across all pages/sections of the content in a design theme that fits targeted market segment(s). All software and licensing requirements should be included as part of this project. Course content should be searchable with on key word searches based on training content. Provider will test the courses and verify that they will work in ResCare’s LMS, and if it does not, then the provider will work directly with the Cornerstone OnDemand. (Rescare’s LMS provider) to get any issues resolved without charging any additional fees to ResCare.

L-3 L-4 L-5

L-6

L-7

L-10

L-11

The navigation should be:  Easy to learn  Follow a consistent structure  Offer freedom of choice  Be adjusted to the users most common behavior

L-12

Course structure should have sitemap function. Course content should have situation adjusted help function. Course content must provide learning objectives. Course content must include assessment of competency.

L-13 L-14 L-15

ResCare

Confidential and Proprietary

Page 7 of 21

RFP for Training Content Purchase

Number

Training Requirement

L-16

Are courses mobile friendly? Please include what % of courses are mobile friendly in the field of training specified above with scope of project. What devices have mobile friendly courses been tested on? Content must be validated and proven to be effective for specified business needs. Must be evidenced-based training: Applied research and science to represent most progressive thinking. Content must meet healthcare industry standards and competency. Ongoing maintenance for content must be provided based on any regulatory or industry competency changes. Do you have expert advisory boards: to ensure libraries meet current standards and future needs

L-17 L-18

L-19

L-20 L-21

L-22

L-23

L-24

ResCare

Vendor Response

Must be outcome-focused courses: to affect positive behavior change in employees. Do you have research-based learning strategies? (Improves comprehension using story-based learning, visual/emotional impact, personabased content)

Confidential and Proprietary

Page 8 of 21

RFP for Training Content Purchase

Number

Requirement

Compliance

Vendor Response

System Requirements L-18

Must be IE9 or higher.

L-19

Content must be Windows 7 compatible. Content must be compatible on Adobe Flash Version 7 and higher.

L-20 L-21

Content must be compatible on Adobe Reader Version 9 and higher.

:L-22

Courses must be able to be book marked.

L-23

Please explain how scores are passed back into ResCare’s LMS and/or specify whether content is built in.

ResCare

Confidential and Proprietary

Page 9 of 21

RFP for Training Content Purchase

Letter of Authorization (LOA) This form must be completed, signed, and returned with your RFP responses in order for your proposal to be considered. Your signed response should be the first page inserted after the cover page. I, ___________________________________, an authorized representative of the firm (company name) ___________________________________ agree to the terms of this RFP and to prices quoted herein. I further acknowledge that this RFP shall not be deemed an offer by ResCare. ResCare reserves the right to accept or reject, at its sole discretion, any and all proposals furnished to my company in response this RFP. Furthermore, ResCare may negotiate separately with any source whatsoever in any manner deemed necessary to serve its best interest, and may terminate negotiations at any time without incurring any liability. Accordingly, ResCare is under no obligation to award a contract on the basis of this RFP. Furthermore, ResCare reserves the right to include any or all of the RFP responses in the final agreement. The Service Provider also agrees that all of its cost in preparing its response to this RFP and in providing any additional information to ResCare shall be at the service provider’s own cost.

___________________________________ (Name)

___________________________________ (Signature)

___________________________________ (Title)

___________________________________ (Date)

Confidential

ResCare

Confidential and Proprietary

Page 10 of 21

RFP for Training Content Purchase

Letter of Indemnification (LOI) This form must be completed, signed, and returned with your RFP responses in order for your proposal to be considered. The undersigned is an authorized representative of _____________________________(“Service Provider”). Service Provider agrees to defend, indemnify and hold harmless ResCare and its lines of business (collectively “ResCare”) from and against any and all liabilities, costs, damages and expenses (including reasonable attorneys’ fees) incurred by ResCare in responding to or defending any demand, assessment, action, cause of action, suit, claim (including infringement claim), or investigation resulting from or relating to any negligent or intentional acts by Service Provider during the RFP process, or any allegation that the RFP materials of Service Provider infringe on any copyrights, trademarks, patents, or other intellectual property rights. In the event that Service Provider’s RFP materials are determined to be infringing, Service Providers’ responsibility to ResCare during the RFP process, in addition to any indemnification obligation set forth above, and at Service Provider’s option, shall be to (1) obtain for ResCare the right to use the infringing materials, (2) replace the allegedly infringing materials with a non-infringing alternative that meets all of the requirements set forth by ResCare, (3) modify the allegedly infringing materials so that it becomes non-infringing and meets all of the requirements set forth by ResCare, or (4) if each of the foregoing are commercially unreasonable, immediately withdraw from the RFP process. The foregoing constitutes the entire agreement and understanding between the parties as to this indemnification and supersedes all prior or contemporaneous communications, negotiations, representations or agreements between the parties with respect thereto. In the event a definitive agreement is entered into by the parties following the RFP process, such definitive agreement is expected to contain indemnification provisions that will supersede the indemnity provisions contained in this letter. SERVICE PROVIDER: ___________________________________

___________________________________ (Name) ___________________________________ (Authorized Signature) ___________________________________ (Title) ___________________________________ (Date)

ResCare

Confidential and Proprietary

Page 11 of 21

RFP for Training Content Purchase

BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT (“Agreement”) is made and entered into between RES-CARE, INC. (“Covered Entity”) and _____________________________ (“Business Associate”) effective ____________, 2015. WHEREAS, business associates must comply with certain requirements pursuant to the Health Insurance Portability and Accountability Act, Public Law 104-191 (“HIPAA”), the Health Information Technology for Economic and Clinical Health Care Act (“HITECH Act”) passed as part of the American Recovery and Reinvestment Act of 2009 (“ARRA”), and the U.S. Department of Health and Human Services regulations entitled “Standards for Privacy of Individually Identifiable Health Information” (“Privacy Rule”), Security Standards for the Protection of Electronic Protected Health Information, (“Security Rule”), and the Breach Notification for Unsecured Protection Health Information (“Breach Notification Rule”); and WHEREAS, the Privacy Rule requires certain entities to have their business associates with whom the entities may share Protected Health Information (as defined in the Privacy Rule) to agree to certain provisions related to use and disclosure of such Protected Health Information; and WHEREAS, the Security Rule and the Breach Notification Rule impose additional obligations on covered entities and their business associates; and WHEREAS, the Business Associate will have access to, create and/or receive certain Protected Health Information in conjunction with the services being provided by Business Associate to Covered Entity, thus necessitating a written agreement that meets the applicable requirements of the Rules, and the parties desire to satisfy the foregoing regulatory requirements through this Agreement. NOW THEREFORE, the parties agree as follows: Definitions. Breach. “Breach” shall have the same meaning as the term “breach” in 45 CFR § 164.402. Business Associate. “Business Associate” shall mean ______________________________. Covered Entity. “Covered Entity” shall mean RES-CARE, INC. Electronic Health Record. “Electronic Health Record” shall have the same meaning as the term “electronic protected health information” in the American Recovery and Reinvestment Act of 2009, § 13400(5). Electronic Protected Health Information. “Electronic Protected Health Information” shall have the same meaning as the term “electronic protected health information” in 45 CFR § 160.103.

ResCare

Confidential and Proprietary

Page 12 of 21

RFP for Training Content Purchase

Electronic Transactions Rule. “Electronic Transactions Rule” shall mean the final regulations issued by HHS concerning standard transactions and code sets under 45 CFR Parts 160 and 162. HHS. “HHS” shall mean the Department of Health and Human Services. Privacy Rule. “Privacy Rule” shall mean the Standards for Privacy of Individually Identifiable Health Information at 45 CFR Parts 160 and 164, subparts A and E. Protected Health Information. “Protected Health Information” shall have the same meaning as the term “protected health information” in 45 CFR § 160.103, limited to the information created or received by Business Associate from or on behalf of Covered Entity. Required By Law. “Required by Law” shall have the same meaning as the term “required by law” in 45 CFR § 160.103. Security Incident. “Security Incident” shall have the same meaning as the term “security incident” in 45 CFR § 160.103. Security Rule. “Security Rule” shall mean the Security Standards and Implementation Specifications at 45 CFR Parts 160 and 164, subpart C. Transaction. “Transaction” shall have the meaning given the term “transaction” in 45 CFR § 160.103. Unsecured Protected Health Information. “Unsecured Protected Health Information” shall have the meaning given the term “unsecured protected health information” in 45 CFR § 164.402. Safeguarding Privacy and Security of Protected Health Information. Permitted Uses and Disclosures. Business Associate is permitted to use and disclose Protected Health Information that it creates or receives on Covered Entity’s behalf or receives from Covered Entity (or another business associate of Covered Entity) and to request Protected Health Information on Covered Entity’s behalf (collectively, “Covered Entity’s Protected Health Information”) only: Functions and Activities on Covered Entity’s Behalf. To carry out its duties and responsibilities pursuant to the services agreement entered into between the parties as of [insert date to the underlying contract/agreement with BA] Business Associate’s Operations. For Business Associate’s proper management and administration or to carry out Business Associate’s legal responsibilities, provided that, with respect to disclosure of Covered Entity’s Protected Health Information, either:

ResCare

Confidential and Proprietary

Page 13 of 21

RFP for Training Content Purchase

The disclosure is Required by Law; or Business Associate will disclose Covered Entity’s Protected Health Information that the person or entity will: Hold Covered Entity’s Protected Health Information in confidence and use or further disclose Covered Entity’s Protected Health Information only for the purpose for which Business Associate disclosed Covered Entity’s Protected Health Information to the person or entity or as Required by Law; and Promptly notify Business Associate (who will in turn notify Covered Entity in accordance with the breach notification provisions) of any instance of which the person or entity becomes aware in which the confidentiality of Covered Entity’s Protected Health Information was breached. Minimum Necessary. Business Associate will, in its performance of the functions, activities, services, and operations specified above, make reasonable efforts to use, to disclose, and to request only the minimum amount of Covered Entity’s Protected Health Information reasonably necessary to accomplish the intended purpose of the use, disclosure or request, except that Business Associate will not be obligated to comply with this minimum-necessary limitation if neither Business Associate nor Covered Entity is required to limit its use, disclosure or request to the minimum necessary. Business Associate and Covered Entity acknowledge that the phrase “minimum necessary” shall be interpreted in accordance with the HITECH Act and government guidance on the definition. Prohibition on Unauthorized Use or Disclosure. Business Associate will neither use nor disclose Covered Entity’s Protected Health Information, except as permitted or required by this Agreement or in writing by Covered Entity or as Required by Law. This Agreement does not authorize Business Associate to use or disclose Covered Entity’s Protected Health Information in a manner that will violate the Privacy Rule if done by Covered Entity. Information Safeguards. Privacy of Covered Entity’s Protected Health Information. Business Associate will develop, implement, maintain, and use appropriate administrative, technical, and physical safeguards to protect the privacy of Covered Entity’s Protected Health Information. The safeguards must reasonably protect Covered Entity’s Protected Health Information from any intentional or unintentional use or disclosure in violation of the Privacy Rule and limit incidental uses or disclosures made pursuant to a use or disclosure otherwise permitted by this Agreement.

ResCare

Confidential and Proprietary

Page 14 of 21

RFP for Training Content Purchase

Security of Covered Entity’s Electronic Protected Health Information. Business Associate will develop, implement, maintain, and use administrative, technical, and physical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of Electronic Protected Health Information that Business Associate creates, receives, maintains, or transmits on Covered Entity’s behalf as required by the Security Rule, including adopting policies and procedures regarding the regarding the safeguarding of Electronic Protected Health Information, including a security plan that takes into account each of the Security Rule standards, as appropriate, and providing training, as appropriate, to relevant employees and subcontractors on such policies and procedures to prevent the improper use or disclosure of Protected Health Information. Subcontractors and Agents. Business Associate will require any of its subcontractors and agents, to which Business Associate is permitted by this Agreement or in writing by Covered Entity to disclose Covered Entity’s Protected Health Information and/or Electronic Protected Health Information, to provide reasonable assurance that such subcontractor or agent will comply with the same privacy and security safeguard obligations with respect to Covered Entity’s Protected Health Information and/or Electronic Protected Health Information that are applicable to Business Associate under this Agreement. Prohibition on Sale of Records. As of the effective date specified by HHS in final regulations to be issued on this topic, Business Associate shall not directly or indirectly receive remuneration in exchange for any Protected Health Information of an individual unless the Covered Entity or Business Associate obtained from the individual, in accordance with 45 CFR § 164.508, a valid authorization that includes a specification of whether the Protected Health Information can be further exchanged for remuneration by the entity receiving Protected Health Information of that individual, except as otherwise allowed under the HITECH Act. Penalties For Noncompliance. Business Associate acknowledges that it is subject to civil and criminal enforcement for failure to comply with the Privacy Rule and Security Rule and the Breach Notification Rule, as amended by the HITECH Act, as applicable.

ResCare

Confidential and Proprietary

Page 15 of 21

RFP for Training Content Purchase

Compliance with Electronic Transactions Rule. If Business Associate conducts in whole or part electronic Transactions on behalf of Covered Entity for which HHS has established standards, Business Associate will comply, and will require any subcontractor or agent it involves with the conduct of such Transactions to comply, with each applicable requirement of the Electronic Transactions Rule. Business Associate shall also comply with the National Provider Identifier requirements, if and to the extent applicable. Individual Rights. Access. Business Associate will, within twenty [20] calendar days follow Covered Entity’s request, make available to Covered Entity or, at Covered Entity’s direction, to an individual (or the individual’s personal representative) for inspection and obtaining copies Covered Entity’s Protected Health Information about the individual that is in Business Associate’s custody or control, so that Covered Entity may meet its access obligations under 45 CFR § 164.524. Effective as of the date specified by HHS, if the Protected Health Information is held in an Electronic Health Record, then the individual shall have a right to obtain from Business Associate a copy of such information in an electronic format. Business Associate shall provide such a copy to Covered Entity or, alternatively, to the individual directly, if such alternative choice is clearly, conspicuously, and specifically made by the individual or Covered Entity. Amendment. Business Associate will, upon receipt of written notice from Covered Entity, promptly amend or permit Covered Entity access to amend any portion of Covered Entity’s Protected Health Information, so that Covered Entity may meet its amendment obligations under 45 CFR § 164.526. Disclosure Accounting. To allow Covered Entity to meet its disclosure accounting obligations under 45 CFR § 164.528: Disclosures Subject to Accounting. Business Associate will record the information specified below (“Disclosure Information”) for each disclosure of Covered Entity’s Protected Health Information, not excepted from disclosure accounting as specified below, that Business Associate makes to Covered Entity or to a third party. Disclosures Not Subject to Accounting. Business Associate will not be obligated to record Disclosure Information or otherwise account for disclosures of Covered Entity’s Protected Health Information if Covered Entity need not account for such disclosures. Disclosure Information. With respect to any disclosure by Business Associate of Covered Entity’s Protected Health Information that is not excepted from disclosure accounting, Business Associate will record the following Disclosure Information as applicable to the type of accountable disclosure made:

ResCare

Confidential and Proprietary

Page 16 of 21

RFP for Training Content Purchase

Disclosure Information Generally. Except for repetitive disclosures of Covered Entity’s Protected Health Information as specified below, the Disclosure Information that Business Associate must record for each accountable disclosure is (i) the disclosure date, (ii) the name and (if known) address of the entity to which Business Associate made the disclosure, (iii) a brief description of Covered Entity’s Protected Health Information disclosed, and (iv) a brief statement of the purpose of the disclosure. Disclosure Information for Repetitive Disclosures. For repetitive disclosures of Covered Entity’s Protected Health Information that Business Associate makes for a single purpose to the same person or entity (including Covered Entity), the Disclosure Information that Business Associate must record is either the Disclosure Information specified above for each accountable disclosure, or (i) the Disclosure Information specified above for the first of the repetitive accountable disclosures; (ii) the frequency, periodicity, or number of the repetitive accountable disclosures; and (iii) the date of the last of the repetitive accountable disclosures. Availability of Disclosure Information. Business Associate will maintain the Disclosure Information for at least 6 years following the date of the accountable disclosure to which the Disclosure Information relates (3 years for disclosures related to an Electronic Health Record, starting with the date specified by HHS). Business Associate will make the Disclosure Information available to Covered Entity within thirty [30] calendar days following Covered Entity’s request for such Disclosure Information to comply with an individual’s request for disclosure accounting. Effective as of the date specified by HHS, with respect to disclosures related to an Electronic Health Record, Business Associate shall provide the accounting directly to an individual making such a disclosure request, if a direct response is requested by the individual. Restriction Agreements and Confidential Communications. Business Associate will comply with any agreement that Covered Entity makes that either (i) restricts use or disclosure of Covered Entity’s Protected Health Information pursuant to 45 CFR § 164.522(a), or (ii) requires confidential communication about Covered Entity’s Protected Health Information pursuant to 45 CFR § 164.522(b), provided that Covered Entity notifies Business Associate in writing of the restriction or confidential communication obligations that Business Associate must follow. Covered Entity will promptly notify Business Associate in writing of the termination of any such restriction agreement or confidential communication requirement and, with respect to termination of any such restriction agreement, instruct Business Associate whether any of Covered Entity’s Protected Health Information will remain subject to the terms of the restriction agreement. Effective February 17, 2010 (or such other date specified as the effective date by HHS), Business Associate will comply with any restriction request if: (i) except as otherwise required by

ResCare

Confidential and Proprietary

Page 17 of 21

RFP for Training Content Purchase

law, the disclosure is to a health plan for purposes of carrying out payment or health care operations (and is not for purposes of carrying out treatment); and (ii) the Protected Health Information pertains solely to a health care item or service for which the health care provider involved has been paid out-of-pocket in full. Breaches and Security Incidents. Reporting. Privacy or Security Breach. Business Associate will report to Covered Entity any use or disclosure of Covered Entity’s Protected Health Information not permitted by this Agreement along with any Breach of Covered Entity’s Unsecured Protected Health Information. Business Associate will treat the Breach as being discovered in accordance with 45 CFR § 164.410. Business Associate will make the report to Covered Entity’s Privacy Official not more than ten [10] calendar days after Business Associate learns of such non-permitted use or disclosure. If a delay is requested by a law-enforcement official in accordance with 45 CFR § 164.412, Business Associate may delay notifying Covered Entity for the applicable time period. Business Associate’s report will at least: Identify the nature of the Breach or other non-permitted use or disclosure, which will include a brief description of what happened, including the date of any Breach and the date of the discovery of any Breach; Identify Covered Entity’s Protected Health Information that was subject to the non-permitted use or disclosure or Breach (such as whether full name, social security number, date of birth, home address, account number or other information were involved) on an individual basis; Identify who made the non-permitted use or disclosure [job classification] and who received the non-permitted disclosure; Identify what corrective or investigational action Business Associate took or will take to prevent further non-permitted uses or disclosures, to mitigate harmful effects and to protect against any further Breaches; Identify what steps the individuals who were subject to a Breach should take to protect themselves; Provide such other information, including a written report, as Covered Entity may reasonably request. Security Incidents. Business Associate will report to Covered Entity any attempt or successful (A) unauthorized access, use, disclosure, modification, or destruction of Covered Entity’s Electronic Protected Health Information or (B) interference

ResCare

Confidential and Proprietary

Page 18 of 21

RFP for Training Content Purchase

with Business Associate’s system operations in Business Associate’s information systems, of which Business Associate becomes aware. Business Associate will make this report once per month, except if any such security incident resulted in a disclosure not permitted by this Agreement or Breach of Covered Entity’s Unsecured Protected Health Information, Business Associate will make the report in accordance with the provisions set forth in the paragraph above. Term and Termination. Term. The term of this Agreement shall be effective as of ____________, 2015, and shall terminate when all Protected Health Information provided by Covered Entity to Business Associate, or created or received by Business Associate on behalf of Covered Entity, is destroyed or returned to Covered Entity, or, if it is not feasible to return or destroy Protected Health Information, protections are extended to such information, in accordance with the termination provisions in this section. Right to Terminate for Cause. Covered Entity may terminate Agreement if it determines, in its sole discretion, that Business Associate has breached any provision of this Agreement, and upon written notice of Business Associate of the breach, Business Associate fails to cure the breach within ten (10) calendar days after receipt of the notice. Any such termination will be effective immediately or at such other date specified in Covered Entity’s notice of termination. Return or Destruction of Covered Entity’s Protected Health Information as Feasible. Upon termination or other conclusion of Agreement, Business Associate will, if feasible, return to Covered Entity or destroy all of Covered Entity’s Protected Health Information in whatever form or medium, including all copies thereof and all data, compilations, and other works derived therefrom that allow identification of any individual who is a subject of Covered Entity’s Protected Health Information. This provision shall apply to Protected Health Information that is in the possession of subcontractors or agents of the Business Associate. Further, Business Associate shall require any such subcontractor or agent to certify to Business Associate that it returned to Business Associate (so that Business Associate may return it to the Covered Entity) or destroyed all such information which could be returned or destroyed. Business Associate will complete these obligations as promptly as possible, but not later than thirty (30) calendar days following the effective date of the termination or other conclusion of Agreement. Procedure When Return or Destruction Is Not Feasible. Business Associate will identify any of Covered Entity’s Protected Health Information, including any that Business Associate has disclosed to subcontractors or agents as permitted under this Agreement, that cannot feasibly be returned to Covered Entity or destroyed and explain why return or destruction is not feasible. Business Associate will

ResCare

Confidential and Proprietary

Page 19 of 21

RFP for Training Content Purchase

limit its further use or disclosure of such information to those purposes that made return or destruction of such information infeasible. Continuing Privacy and Security Obligation. Business Associate’s obligation to protect the privacy and safeguard the security of Covered Entity’s Protected Health Information as specified in this Agreement will be continuous and survive termination or other conclusion of this Agreement. General Provisions. Definitions. All terms that are used but not otherwise defined in this Agreement shall have the meaning specified under HIPAA, including its statute, regulations and other official government guidance. Inspection of Internal Practices, Books, and Records. Business Associate will make its internal practices, books, and records relating to its use and disclosure of Covered Entity’s Protected Health Information available to Covered Entity and to HHS to determine compliance with the Privacy Rule. Amendment to Agreement. The parties acknowledge that the HIPAA Rules may be modified from time to time. The parties specifically agree to take such action as necessary to implement the standards and requirements of HIPAA, the HIPAA Rules and other applicable laws relating to the security and confidentiality of PHI. Upon Covered Entity’s request, Business Associate agrees to promptly enter into negotiations with Covered Entity concerning the terms of an amendment to this Business Associate Agreement embodying written assurances consistent with the standards and requirements of HIPAA, the HIPAA Rules or other applicable laws relating to the security and confidentiality of PHI. Covered Entity may terminate the Agreement and any other agreements between the parties upon 30 days written notice in the event (i) Business Associate does not promptly enter into negotiations to amend this Business Associate Agreement when requested by Covered Entity pursuant to this Section, or (ii) Business Associate does not enter into an amendment to this Business Associate Agreement providing assurances regarding the safeguarding of PHI that Covered Entity, in its sole discretion, deems sufficient to satisfy the standards and requirements of HIPAA or the HIPAA Rules. Nothing herein shall be deemed to extend the term of any other agreement between the parties. No Third-Party Beneficiaries. Nothing in this Agreement shall be construed as creating any rights or benefits to any third parties. Interpretation. Any ambiguity in the Agreement shall be resolved to permit Covered Entity and Business Associate to comply with the applicable requirements under HIPAA. (f)

ResCare

Indemnification. Business Associate hereby saves and holds Covered Entity harmless of and from, and indemnifies and agrees to defend it against any and all losses, liability, Confidential and Proprietary

Page 20 of 21

RFP for Training Content Purchase

damages and expenses (including, without limitation, reasonable attorney’s fees and expenses) which Covered Entity may incur or be compelled to pay, or for which Covered Entity may become liable or compelled to pay in any action, claim, or proceeding against Covered Entity, its officers, directors, employees, agents, or servants, for or by reason of any acts, whether of omission or commission, that may be committed or suffered by Covered Entity or any of its officers, directors, employees, agents, or servants in connection with Business Associate’s performance of, or failure to perform, its obligations under this Business Associate Agreement. This Section shall survive the termination of this Business Associate Agreement and any underlying services agreement. (g)

Binding Nature and Assignment. This Business Associate Agreement shall be binding on the parties and their successors and assigns, but neither party may assign this Business Associate Agreement without the prior written consent of the other, which consent shall not be unreasonably withheld, provided that any party hereto may assign all or a portion of its rights and responsibilities under this Business Associate Agreement to an entity under common ownership or control of in connection with a corporate merger or reorganization.

IN WITNESS WHEREOF, the parties have caused this Agreement to be executed by its authorized representatives as of the date first above written.

RES-CARE, INC.

BUSINESS ASSOCIATE

By: __________________________________

By: ________________________________

Title: _________________________________

Title: ______________________________

ResCare

Confidential and Proprietary

Page 21 of 21

Smile Life

When life gives you a hundred reasons to cry, show life that you have a thousand reasons to smile

Get in touch

© Copyright 2015 - 2024 PDFFOX.COM - All rights reserved.