THIRD PARTY REQUIREMENTS ADDENDUM

Revised: April 19, 2018

By submitting Insurance Eligibility transactions to TransUnion or any of its subsidiaries, including but not limited to TransUnion Healthcare, Inc., Auditz, LLC, or RTech Healthcare Revenue Technologies, Inc. (hereinafter, “TransUnion”), for processing, or by obtaining applicable Services or Services Information (both as defined in the applicable services agreement entered into by the parties), Customer acknowledges and agrees to be bound, to the same extent as TransUnion, by all applicable third party-imposed contractual obligations and regulatory program requirements. If applicable, Vendor agrees to comply with these terms and conditions and to enter into a written agreement with Vendor’s Customers that complies with all applicable third party and regulatory program requirements. Specifically, Customer and/or Vendor agrees to the following regulatory program requirements and third-party flowdown terms, which are subject to revision and/or expansion from time to time:

  1. Definitions
    1. “Customer” means either a Direct Customer or any end-user Customer of a Vendor (as defined below).
    2. “Direct Customer” means any entity that has entered into an agreement for services directly with TransUnion or any of its subsidiaries or affiliates.
    3. “Vendor” means any entity that has entered into a contract with TransUnion or any of its subsidiaries or affiliates for purposes of contracting with Customers to provide TransUnion services.
  2. State Medicaid Contract Provisions
    1. Arizona, Idaho, Montana, South Dakota, Hawaii Medicaid
      1. Customer shall to adhere to, rules and regulations as required by governmental agencies having jurisdiction including the department of Health and Human Services (“HHS”). Customer shall provide all supporting documents requested by either TransUnion or Vendor necessary to comply with said rules and regulations including the Electronic Funds Transfer Act, Regulation Z, Regulation E and the Federal Truth-in-Lending Act. In furtherance hereof, Customer shall also agree to the following:
        1. Access to eligibility information shall be restricted to the sole purpose of verification of Medicaid eligibility where the recipient has requested Medicaid payment for medical services;
        2. Verification of eligibility under the system is not a guarantee of payment and the records as to the recipient’s eligibility status shall be final authority;
        3. Customer indemnifies and holds harmless each State, its agents and employees, from any and all claims by such Customer or any recipient who is aggrieved by the actions of any party hereunder; and
        4. Customer agrees to abide by the Federal and State regulations regarding confidentiality of information
    2. Florida Medicaid
      1. Customer shall agree to the following:
        1. That access to eligibility information shall be restricted to the sole purpose of verification of Medicaid eligibility pursuant to a request by an individual recipient (or by recipient’s authorized representative) that Medicaid payment be rendered for medical services provided;
        2. That an indication of eligibility by the verification system is not a guarantee of payment by the state, and that the records of the state as to the recipient’s eligibility status shall be the final authority; and,
        3. That Customer indemnifies and holds harmless the state, its agents and employees, from any and all claims by such Customer or any recipient who is aggrieved by the actions of any party herein.
    3. Ohio Medicaid
      1. Customer shall agree to the following:
        1. Access to eligibility information will be for the sole purpose of Medicaid eligibility verification when a Medicaid Provider requests payment for medical services.
        2. Verification of eligibility under the system is not an assurance of payment by the Ohio Department of Job and Family Services (“ODJFS”) and that the ODJFS’s determination of the recipient’s eligible status will be the final authority.
      2. Customer must be an ODJFS approved Medicaid Provider and must include its currently effective ODJFS Medicaid Provider number in its written agreement.
    4. Texas Medicaid
      1. Customers shall agree to the following:
        1. Access to eligibility information is restricted to verification of medical assistance eligibility when a medical assistance recipient is receiving or requesting payment for medical service.
        2. Verification of eligibility under the system is not an assurance of payment.
        3. Customer must be an approved Medicaid Provider and must include a current Medicaid Provider number in each eligibility request.
      2. In addition, Vendors shall agree to the following:
        1. Vendor must enter into written contracts with each end-user who will or may receive information. The standard or model end-user contract must be submitted to HHSC for review within 15 business days following the execution of this agreement. HHSC has the right to reject any end-user contract, which does not meet the requirements of this Agreement. Vendor must submit revisions to the standard or model end-user contract to HHSC for review 15 days prior to the proposed effective date of the contract. Vendor hereby certifies that it will adhere to the terms of this section.
        2. Any fees charged to Customers must be reasonable.
        3. Information provided to Customers will be limited to the following: recipient name, recipient number, social security number, date of birth, indication that the individual is eligible for the date queried or a range of dates queried, Medicare health insurance claim number, third party insurers including policy number and type of coverage, recipient lock-in information, and HMO coverage information.
    5. North Carolina Medicaid
      1. Vendor shall agree to the following:
        1. Vendor warrants and represents that it has a legally binding contract between itself and all providers for whom it is submitting data or that the Vendor is itself a provider authorized to submit claims and receive healthcare information for beneficiaries who have coverage for services by the North Carolina Division of Medical Assistance and/or the Division of Mental Health/Developmental Disabilities/Substance Abuse Services. The Vendor shall indemnify and hold CSC, as the fiscal agent for the North Carolina Medicaid program, harmless from any claim, actions, or costs that result from a breach or threatened breach of this warranty and representations.
    6. North Dakota Medicaid
      1. Customer shall agree to the following:
        1. Not copy, reverse engineer, disclose, publish, distribute, alter or use Data, Data Transmission or Envelope for any purpose not specifically authorized by the North Dakota Department of Human Services (“DHS”).
        2. Not obtain access by any means to Data, Data Transmission, Envelope, or DHS’s Operating System for any purpose other than as specifically granted by DHS. In the event that Customer receives Data or Data Transmissions not intended for Customer, Customer will immediately notify DHS and destroy the data.
        3. At its own expense, obtain and maintain its own Operating System necessary for timely, complete, accurate and secure transmission of data. Furthermore, Customer shall pay its own costs for any and all charges related to Data Transmission and specifically including, without limitation, charges for Operating System equipment, software and services, charges for maintaining an electric mailbox, connection time, terminals, connections, telephones, modems, internet service providers and any applicable minimum use charges. Customer will also use the claims transmission method dictated by DHS. Customer will maintain its mailbox by deleting or downloading messages on a timely basis (messages or data 90 days old will be deleted by DHS).
        4. Protect and maintain the confidentiality of Security Access Codes issued by DHS.
        5. Require any Business Associate to abide by the obligations set forth above, even though Business Associate is not a signatory to this Agreement. The requirements in this section must comply with the requirements of the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations (45 C.F.R. Parts 160-164).
    7. South Carolina Medicaid
      1. Customer shall agree to the following:
        1. Access to eligibility information is restricted to persons, agencies, and entities which by their own rules or by contract are subject to confidentiality standards which are comparable to those set forth herein. In addition, the information released must be subject to the following by agreement or by attaching the NOTICE directly to the information provided:
          1. NOTICE: THIS IS CONFIDENTIAL INFORMATION FROM THE RECORDS OF THE SOUTH CAROLINA STATE HEALTH AND HUMAN SERVICES FINANCE COMMISSION. OUR AUTHORIZATION TO RELEASE THIS INFORMATION TO YOU DOES NOT IMPLY PERMISSION TO FURTHER DISCLOSE THIS INFORMATION EVEN WITHIN YOUR OWN ORGANIZATION/AGENCY. RERELEASE OF THIS
          2. INFORMATION SHOULD BE GOVERNED BY YOUR OWN CONFIDENTIALITY STANDARDS, CONTRACTUAL RELATIONSHIPS, AND ANY APPLICABLE STATUTES AND REGULATIONS.
    8. Alabama
      1. Customer shall agree to the following:
        1. The access to eligibility information shall be restricted to the sole purpose of verification of medical assistance eligibility where a medical assistance recipient is requesting payment for medical services.
        2. That verification of eligibility under the system is not an assurance of payment of state and that the records of state as to a recipient’s eligible status shall be the final authority.
        3. That Customer indemnifies and holds harmless state, its agents and employees, from any and all claims by Customer or any recipient who is aggrieved by the actions of any party under this agreement.
        4. That the Customer must be an approved Medicaid Provider and must include its valid Medicaid Provider number in its written agreement.
      2. In addition, Vendors shall agree to the following:
        1. The fees charged Customers must be reasonable.
        2. If applicable, Vendor will maintain record for one (1) year showing Customer’s provider I.D. number, the number of inquiries for each Customer, the dates of the queries, and the dates the services were rendered. Vendor will submit to random auditing by the state.
        3. Vendor agrees to maintain a list of its Customers and upon written request by the state or TransUnion shall furnish a copy of its agreement with each Customers to state within thirty (30) business days of each such request.
    9. Tennessee Medicaid (TennCare)
      1. It shall be the responsibility of the Vendor to ensure satisfaction of all its responsibilities as specified hereunder. No Customer contract terminates or reduces the legal responsibility of the Vendor to TennCare to ensure that all activities hereunder are carried out.

        The Vendor shall not execute contracts with Customers who have been excluded from participation in the Medicare, Medicaid, CHIP program, and/or any other federal health care program and/or who are otherwise not in good standing with the TennCare program.

        Vendor agrees that all contracts with Customers shall, at a minimum, be in writing and contain the following requirements:
        1. That access to eligibility information shall be restricted to the specific purposes of verification and reporting of eligibility for Medicaid benefits specific to members and dates of service where a member is requesting payment for medical services and a treatment relationship exists to support and justify the Customer’s request.
        2. That verification of eligibility under the system is not an assurance of payment by the State and that the records of the State as to a recipient’s eligibility status shall be the final authority.
        3. That Customer indemnifies and holds harmless the State, its agents and employees, from any and all claims by such subscriber or any recipient who is aggrieved by the actions of any party herein.
        4. That Customer must be an approved Medicaid Provider and must include its valid TennCare Provider number and National Provider Identifier (NPI) in the Vendor’s contract.
        5. That fees charged Customers must be consistent with the market rate for similar subscription services.
        6. The Vendor shall maintain records for three (3) years showing Vendor’s Customer’s name, member name and I.D. number. The Vendor shall submit to random auditing by the State, and shall, if requested, provide a service auditor’s report attesting to the condition of the Vendor’s activities, including controls over information technology and related processes, as well as privacy, security, and confidentiality safeguards.
        7. All proprietary information, including but not limited to, Customer’s reimbursement information provided to TennCare, shall be deemed confidential and not subject to disclosure under the Tennessee Public Records Act, Tenn. Code Ann. § 10-7-501, et seq..
        8. The private, confidential, and individually identifying data collected, maintained, or used in the course of performance shall neither be disseminated, used nor disclosed in violation of any federal and/or State laws, including, but not limited to, the Medicaid Safeguarding Information on Individuals regulations, 42 CFR 431.300 et seq; the Privacy Act of 1974, 5 U.S.C. § 552a; the Tennessee Public Records Act, Tenn. Code Ann. § 10-7-501, et seq; the Health Insurance Portability and Accountability Act of 1996 (HIPAA), 42 U.S.C.A. §1320d et seq., 45 C.F.R. §§ 164.508, 510, 512(e); the Identity Theft Victims’ Rights Act of 2004, Tenn. Code Ann. § 39-14-150; Tennessee Identity Theft Deterrence Act of 1999, Tenn. Code Ann. § 47-18-2101 et seq.; the Financial Privacy and the Safeguards Rules located in Title V of the Gramm-Leach Bliley Act of 1999 (GLB). PL 106-102, 113 Stat 1338 (November 12, 1999) (when in the course of performance the Procuring Party causes data to have GLB Financial Privacy Rule or Safeguard Rule implication); American Recovery and Reinvestment Act of 2009 (ARRA), Health Information Technology for Economic and Clinical Health Act (HITECH Act), (Pub. L. 111-5), § 13001, et seq. (Feb. 17, 2009); Identity Theft Red Flags and Address Discrepancies under the Fair and Accurate Credit Transactions Act of 2003, 72 FR 63718-01 (November 9. 2007) (the “Red Flag Rules”); and the Substance Abuse and Mental Health Services confidentiality regulations.
        9. For training of and information to Customer’s employees about the Customer’s obligations to the TennCare Program; accountability for the actions of employees; and acceptance of the requirements of the TennCare Program.
        10. That information made available hereunder is confidential in nature and is protected as such pursuant to State and Federal laws, rules, regulations, and policies. Therefore, it is expressly agreed by all that information relating to members and providers obtained shall be treated as confidential information by all agents, employees, representatives or others acting on behalf of the parties, to the extent and manner that confidential treatment is provided under State or Federal Laws, and the information shall not be used in any manner except as necessary for the proper discharge of the parties rights and obligations hereunder.
        11. It is expressly agreed by all parties that the State does not warrant that the information is complete, accurate, or current and the State expressly disclaims any liability as a result of reliance by any party on the contents of the information. The parties further agree to hold the State harmless from any claims arising, directly or indirectly, out of reliance on the completeness, accuracy, or timeliness of the information provided by the State.
        12. All of Customer’s contracts shall include the effective date of the contract, a signature page which contains the Vendor and Customer names which are types or legibly written, Customer’s business name with titles, if applicable, contract information, and dated signatures of all appropriate parties.
    10. Iowa and New Mexico Medicaid
      1. Customer agrees to comply with, and, if applicable, Vendor agrees to include in contracts with its Customers, all applicable requirements established by Section 2080.18 of the state Medicaid Manual published by the Centers for Medicare and Medicaid Services.
    11. New Hampshire Medicaid
      1. Vendor hereby agrees to the following:
        1. Vendor shall maintain a list of its Customers and upon written request by TransUnion or the New Hampshire Department of Health and Human Services (“NH DHHS”) shall furnish a copy of its agreement and business associate agreement with each subscriber/provider to NH DHHS or TransUnion within ten (10) business days of such request.
        2. Vendor’s services must be available to any New Hampshire Medicaid provider who is interested.
        3. Vendor will maintain records for one (1) year showing each Customer’s name, member name and ID number, provider ID number, the number of inquiries for each provider, the dates of the provider inquires and the dates the services were rendered.
        4. Vendor will submit to random auditing by the NH DHHS. Upon confirmation of any violations of this agreement, NH DHHS may require appropriate corrective action and/or termination of access to the data, depending on the nature and degree of the violation.
        5. Vendor will have a signed Business Associate Agreement with each Customer to whom they are providing/receiving protected health information to and from.
        6. Vendor shall be in compliance with all HIPAA regulations and any applicable HITECH Act regulations.
        7. Vender shall only transmit the information listed below to Customers:
          1. Member Medicaid ID
          2. Name of Medicaid Member
          3. Member Date of Birth
          4. TPL indicator; policy number and type of coverage
          5. Period of Member Medicaid Eligibility (not to exceed one year prior to date of inquiry)
          6. Member Social Security Number
        8. The fees charged to Customers must be reasonable.
        9. Vendor agrees to comply with all applicable requirements established by Section 2080.18 of the State Medicaid Manual published by the Centers for Medicare & Medicaid Services, as applicable.
        10. Vendor agrees to include in contracts with its Customers all applicable requirements established by Section 2080.18 of the State Medicaid Manual published by the Centers for Medicare & Medicaid Services.
      2. Customers hereby agree to the following, and Vendors hereby agree that all contracts and agreements with its Customers shall include the following:
        1. Verification of eligibility is not a guarantee of payment by NH DHHS and the records of NH DHHS as to a member’s eligibility status shall be the final authority.
        2. The Customer indemnifies and hold harmless the State of New Hampshire, its agents and employees, from any and all claims by such Customer or any member who is aggrieved by the actions of any party under this Agreement, including NH DHHS, TransUnion, and Vendor (if applicable).
        3. The Customer must be enrolled with New Hampshire Medicaid and must include a valid New Hampshire Medicaid provider number in its contract with TransUnion or Vendor.
        4. The Customer shall safeguard the NH Title XIX program against abuse in the use of electronic transaction submission.  

        5. The Customer shall correctly enter the claims data, monitor the data, and certify that the date entered is correct.

        6. The Customer shall assure that the transmission of transaction data is restricted to authorized personnel to prevent erroneous payments by the Department's fiscal agent, which might result from carelessness or fraud.

        7. The Customer shall have on file the applicable documentation to substantiate any transactions submitted to the NH Title XIX Program.  

        8. The Customer shall allow the Department or any of its designees and representatives of the Attorney General to review and copy all records, including source documents and data related to information entered through electronic transaction submission.

        9. The Customer shall abide by all Federal and State statutes, rules, regulations, and manuals governing the NH Title XIX Programs.  

  3. Additional Terms and Conditions
    1. Conflict of Terms. In the event of a conflict between the terms of the underlying service agreement(s) and the terms of this Addendum, the terms of this Addendum shall control.