B.1.d DDIC - Texas

B.1.d DDIC

Status Case Number PlaintiffDefendant - Enterprise Entity Regulatory Body Case Type Dispute Resolution / Status Year Filed

Settled MGCV1508498 Polite, Joseph Delta Dental Insurance Company (DDIC)

Superior Court Small Claims - Enrollee

Unpaid Claims Settled with Plaintiff 2015

Closed 15 004247 El Khourey, Jean Phillippe

Delta Dental Insurance Company (DDIC)


Claims non-payment led to dissolution with provider

Judgement for plaintiff 2015

Dismissed MVS1600005 Noroozkhani, Ardeshir Delta Dental Insurance Company (DDIC)

Superior Court Small Claims-Enrollee

Unpaid Claims Judgement for DDIC 2016

Settled 168691051 Jackson, Mike Delta Dental Insurance Company (DDIC)


Unpaid Claims Settled with Plaintiff 2016

Settled 2016SC7778-0 Short, David Delta Dental Insurance Company (DDIC)


Refund of premiums Settled with Plaintiff 2016

Settled 1 JC-17-0962 Dixon, John Delta Dental Insurance Company (DDIC)


Unpaid Claims, when takeover from Dell Computers

Settled with Plaintiff 2017

Response to B.1.a.i and E.1.a.i

Status Case Number PlaintiffDefendant - Enterprise Entity

Regulatory Body Case Type Dispute

Resolution / Status Year Filed

Settlement Negotiations

CGC-14-538849 California Dental Association (CDA)

Delta Dental of California (DDC)

Superior Court Provider court case

Breach of Covenant of good faith / fair dealing

Settlement Negotiations

2014

Settled SMCFS1509863 Adomitis, Frank L. Delta Dental of California (DDC)

Superior Court Small Claims-Enrollee

Breach of Covenant of good faith / fair dealing

Settled with Plaintiff

2015

Dismissed CgC-12-523350 Chan, Susan DDS Delta Dental of California (DDC)

Superior Court Civil Action Breach of Contract; Breach of Good Faith; Unfair Business Practices

Dismissed 2016

Open CGC-18-565581 Maneim, Bailon Delta Dental of California (DDC)

Superior Court Civil Action Class Action - claiming violation of 365 day recoupment limitation

Negotiations 2018

Open CGC-218-563813 Cave, Norine Delta Dental of California (DDC)

United States District Court

Civil Action Bad Faith and HIPAA Violation

Motion to Dismiss Granted; Cave to amend

2018

APPENDIX N

LEGAL REQUIREMENTS AND REGULTORY COMPLIANCE

DEVIATIONS AND INTERROGATORIES

Appendix N. Legal Requirements and Regulatory Compliance Deviations and Interrogatories 1

Legal Requirements and Regulatory Compliance Deviations and Interrogatories

Respondent shall review the Deviation and Interrogatory instructions referenced at RFP Sections I.D.2. and I.D.3. Respondent shall review and complete the Interrogatories listed below by providing Respondent’s answer following each question. Respondent shall complete both PPO and DHMO sections if Respondent will be providing both plans. If Respondent is not providing services for both plans, then Respondent only needs to provide its Responses to either the PPO or DHMO sections. PPO RESPONSES A. Deviations – Contractual Matters - PPO

Review the Deviation instructions referenced below.

A.1. Respondent shall provide its Deviations to the Contractual Agreement, BAA, and DSBNA by providing redlined changes within the forms provided in Appendices B, C, and D and in accordance with the specifications provided within the RFP Section VI.A.3.

Please refer to the attachments entitled Appendix B Contractual Agreement - PPO, Appendix C Business Associate Agreement - PPO and Appendix D Data Security and Breach Notification Agreement - PPO, under Tabs 8, 9 and 10.

A.2. Respondent shall provide its Deviations to the Performance Guarantees by providing

redlined changes within Appendix G and in accordance with the specifications provided within RFP Sections VI.A.8. – VI.A.8.c.

Please refer to the attachment entitled Appendix G Performance Guarantees - PPO, under

Tab 11. B. Interrogatories - Legal Services and Litigation - PPO

Deviations to this Section are not permitted. B.1. Respondent shall provide legal services and litigation support. Legal services and

litigation support include, but are not limited to, Respondent assisting and supporting ERS in administrative hearings, appeals, and court proceedings by providing records, affidavits, and may include witness testimony. Respondent shall provide its own legal representation in administrative hearings, lawsuits, and subrogation-related suits when appropriate. Respondent shall coordinate its legal services and legal support with ERS’ Office of General Counsel.

Confirm


B.1.a. For the past five (5) years, describe:

Any completed and/or pending state or federal litigation, whether civil or criminal, including all suits, actions, or prosecutions, and any state or federal regulatory or other proceedings, investigations, disciplinary actions, violations of the rules of any self-regulatory organization, license revocations and/or governmental inquiries against Respondent that resulted in a felony conviction and/or included any allegations of criminal conduct, fraud, corrupt practices, violations of fiduciary duties, and/or intentional torts involving any allegations of moral turpitude by providing the information requested below, as applicable, for each such matter. Delta Dental does not have legal actions to report in the last five years. Delta Dental Insurance Company does not have any completed and/or pending state or federal litigation that resulted in a felony conviction and/or included any allegations of criminal conduct, fraud, corrupt practices, violations of fiduciary duties, and/or intentional torts involving any allegations of moral turpitude to report over the last five years.

B.1.a.i. Any completed and/or pending state or federal litigation, whether civil or criminal,

including all suits, actions, or prosecutions, and any state or federal regulatory or other proceedings, investigations, disciplinary actions, violations of the rules of any self-regulatory organization, license revocations and/or governmental inquiries against Respondent’s officers, directors, parent companies, affiliates, subcontractors and any persons identified by Respondent who will be performing any services required under the RFP and Contract that resulted in a felony conviction and/or included any allegations of criminal conduct, fraud, corrupt practices, violations of fiduciary duties, and/or intentional torts involving any allegations of moral turpitude by providing the information requested below, as applicable, for each such matter. Provide the following information for each matter identified in interrogatory B.1.a. and B.1.a.i. above: Case number: * Date filed: * Full style of matter: * Court: * County, District and State: * State or Federal Regulatory Body, Attorney General or other law enforcement or applicable governmental body: * Brief summary of the dispute: * Current status: * Resolution: * Respondent shall not refer ERS to any third-party websites or other sources in order for ERS to obtain this information.

*Please refer to the attachment entitled Delta Dental Litigation History - PPO, under Tab C.


B.1.b. If Respondent did not provide any information for the preceding question, confirm that

Respondent (including its officers, directors, parent companies, affiliates, subcontractors and any persons identified by Respondent who will be performing any services required under the RFP and Contract) has not been the subject of any completed and/or pending or threatened state or federal litigation, whether civil or criminal, including any suit, action, or prosecution, or any state or federal regulatory or other proceeding, investigation, disciplinary action, violations of the rules of any self-regulatory organization, license revocations and/or governmental inquiry) that resulted in a felony conviction and/or included any allegations of criminal conduct, fraud, corrupt practices, violations of fiduciary duties, and/or intentional torts involving any allegations of moral turpitude for the past five (5) years.

Confirm*

*Please refer to the attachment entitled Delta Dental Litigation History - PPO, under Tab C.

B.1.c. Confirm that Respondent shall notify ERS whenever Respondent is involved in litigation

that directly involves the plans and/or services associated with the Dental PPO plan and/or Participants.

Confirm B.1.d. Provide a schedule and describe in detail previous contract implementation

breakdowns, performance assessments, contract disputes resulting in suit or settlement and/or contract breaches for the past five (5) years (if any) by Respondent and discuss all measures Respondent took to rectify the situation or remedy the breach. Please separate by governmental and non-governmental clients indicating the reason for the assessment and the amount paid. List in most recent chronological order.

Governmental: * Non-governmental: * Action taken to resolve issue: * Assessment amount paid: *

Please refer to attachment entitled Delta Dental Contract Disputes, under Tab C.

B.1.e. If the Respondent did not provide a schedule of contract implementation breakdowns,

performance assessments or contract disputes as outlined in interrogatory B.1.d. above, confirm that Respondent has not been involved in any contract implementation breakdowns, performance assessments or contract disputes described in interrogatory B.1.d. above.

Confirm*

*Please refer to attachment entitled Delta Dental Contract Disputes, under Tab C.


B.1.f. Provide a schedule and describe in detail successfully completed agreements, negotiations, mergers, acquisitions or sale of Respondent’s organization from the past five (5) years (if applicable). This should include any joint ventures or other financial arrangements regarding a change in ownership of Respondent’s organization.

Delta Dental Insurance Company’s parent company, Delta Dental of California, acquired Allied Administrators, Inc., a third-party administration (TPA) firm based in San Francisco, in December 2016. The third-party administration firm’s primary business is meeting the benefits-administration needs of other businesses.

B.1.g. Does Respondent have any pending agreements, negotiations, and/or offers to merge

or sell Respondent’s organization? This should include any joint ventures or other financial arrangements regarding a pending change in ownership of Respondent’s organization that could affect the services described in Respondent’s Proposal or affect Respondent’s organizational financial liability to meet its obligations under a Contract with ERS.

Yes No If the answer to this question is “Yes,” describe.

Not applicable

B.1.h. Does Respondent have any obligation or arrangement to purchase another entity that

would involve substantial commitment of assets or capital? Yes No

If the answer to this question is “Yes,” describe, including an outline of the anticipated timelines.

Not applicable

C. Interrogatories - Regulatory Compliance - PPO

Deviations to this Section are not permitted. C.1. As a business associate of ERS, Respondent shall comply with all privacy and security

protections as provided in Tex. Health & Safety Code Ann. Chapter 181 (West Supp. 2015) and in HIPAA.

Confirm C.2. Respondent is and shall stay in compliance with the requirements of all state and federal

privacy rules and regulations. Confirm


C.3. Respondent is not presently debarred, suspended, proposed for debarment, declared ineligible or voluntarily excluded from contracting with any federal, state or local department or agency.

Confirm

C.4. Describe in detail Respondent’s policies, procedures and/or systems used to ensure compliance with HIPAA and state privacy laws.

Delta Dental is fully compliant with all applicable HIPAA requirements. Our compliance efforts include, but are not limited to, the following measures which are designed to ensure current and future compliance with HIPAA:

• Implementation of comprehensive HIPAA policies and procedures that address: o Protection of PHI through all work processes o Administrative, technical, and physical safeguards o Requests for PHI by various individuals or agencies – procedures for

authentication, verification, authorization, access, amendment, restrictions, and accounting of disclosure of PHI

o Use of PHI by business associates o Training

• Maintaining security measures that include controlled building access, computer passwords, and signed confidentiality statements by employees upon hire

• Thorough training of new employees and ongoing refresher training of all employees • Internal contacts and Legal department reviews of new laws and regulations to ensure

all procedures and documents are in compliance • Distribution of Business Associate agreements to all of our business partners (signed

agreements are tracked through our internally developed compliance database) • Notice of Privacy Practices for enrollees • Secure servers, website and telephone security prompts; entity authentication

capabilities; and, data-encryption technology • Standardized transactions and code sets • Tracking of non-routine uses of PHI through our HIPAA database

Delta Dental has an extensive legislative implementation program and fully formed privacy and security policies and procedures to ensure compliance with all applicable federal and state laws and regulations. This includes a robust privacy and security program that addresses contractual as well as state and federal regulatory requirements that apply to our business operations. Our ongoing annual assessment process encompasses HIPAA/ HITECH/ Omnibus and other federal and state privacy and security rules.


C.4.a. Provide a full description of any HIPAA violations (such as unauthorized disclosures)

alleged against Respondent during the past five (5) years. For each HIPAA violation, Respondent’s description shall include, but not be limited to: The following violations involve breach events during the past five years and include Texas members under a Delta Dental Insurance Company-administered plan. The identity of the entity that made the complaint:

Discovered during an internal quality assurance process.

The date the complaint was made: January 18, 2018

A description of the complaint: A customer service representative failed to authorize a member who called about an adult dependent claim.

The date the complaint was resolved: February 5, 2018 Any fines or penalties assessed against Respondent:

No

The regulatory body that assessed any such claim:

Not applicable

How the complaint was resolved: The representative was coached on January 18, 2018. Delta Dental mailed the breach notification letter February 5, 2018, including an authorization form.

The identity of the entity that made the complaint:


The date the complaint was made: November 13, 2017 The date the complaint was resolved: December 7, 2017

A description of the complaint: A customer service representative failed to authenticate a caller.

Any fines or penalties assessed against Respondent:

No


Not applicable

How the complaint was resolved:

The representative was coached on November 15, 2017. Delta Dental mailed the breach notification letter on December 7, 2017, including an authorization form.


Reported by a non-member.

The date the complaint was made: April 5, 2016 The date the complaint was resolved: May 6, 2016

A description of the complaint: A member’s EOB was sent to the incorrect address on file.


No


Not applicable

How the complaint was resolved: The group was contacted to update their records. A breach notification letter was mailed on April 13, 2016, including an authorization form.




The date the complaint was made: February 4, 2016 The date the complaint was resolved: February 12, 2016

A description of the complaint: A member’s ID card was sent to the wrong member.


No


Not applicable


The group updated their file with the correct member information and address. ID cards were reordered upon request. A breach notification letter was mailed on February 12, 2016.


Reported by a Delta Dental employee.

The date the complaint was made: January 15, 2014 The date the complaint was resolved: February 12, 2014

A description of the complaint: A briefcase containing a laptop and case information for one Texas Delta Dental member was stolen.


No


Not applicable


The laptop was encrypted, the case file was not recovered and a police report was filed. Delta Dental offered credit monitoring and identity theft insurance services. A breach notification letter was mailed on February 21, 2014.



The date the complaint was made: December 12, 2013 The date the complaint was resolved: January 30, 2014 A description of the complaint: A provider EOB was faxed to a member Any fines or penalties assessed against Respondent:

No


Not applicable

How the complaint was resolved: The recipient notified Delta Dental and the paper documents were shredded.




The date the complaint was made: July 22, 2013 The date the complaint was resolved: August 20, 2013

A description of the complaint: A member received another member’s EOB.


No


Not applicable

How the complaint was resolved: The affected member’s claim history was corrected and the claims were reprocessed.



The date the complaint was made: May 22, 2013 The date the complaint was resolved: July 5, 2013 A description of the complaint: An EOB was sent to the wrong address. Any fines or penalties assessed against Respondent:

No


Not applicable


C.4.b. Provide a description of any HIPAA breach involving notification to the affected

individual during the past five (5) years. These may be summarized, but should give ERS a clear understanding of the number of breaches, the number or affected Participants per breach, the types of actions that led to the breaches, and any mitigation completed by Respondent to prevent such breaches in the future.

In the past five years (January 2013 through December 2017), Delta Dental members in Texas have experienced eight privacy breaches. There have been no security breaches. The majority of privacy breaches were instances where Explanation of Benefits (EOB) were mailed to the wrong recipient. Many of these were the result of incorrect enrollee address information provided by the group or employer. Other causes include human error resulting in the mismatching of envelope contents with the correct addressed envelope. To correct each instance and prevent it from occurring again, the employees are coached on their errors. All impacted members are notified within the requirements of the federal law.

C.4.c. For the five (5) year period preceding the Proposal, provide a brief description of any

violations alleged against Respondent with regard to any state or federal privacy laws and/or regulations (for example, Tex. Bus. and Com. Code Chapter 521).

In the past five years (January 2013 through December 2017), Delta Dental members in Texas have experienced eight privacy breaches. There have been no security breaches. The majority of privacy breaches were instances where Explanation of Benefits (EOB) were mailed to the wrong recipient. Many of these were the result of incorrect enrollee address


information provided by the group or employer. Other causes include human error resulting in the mismatching of envelope contents with the correct addressed envelope. To correct each instance and prevent it from occurring again, the employees are coached on their errors. All impacted members are notified within the requirements of the federal law.

C.4.d. Describe and confirm the validity of any license(s) that Respondent or its employees,

independent contractors, or subcontractors are required to maintain.

Delta Dental Insurance Company is a licensed insurer in the State of Texas and a member of the Texas Life, Accident, Health and Hospital Insurance Guaranty Association. Delta Dental does not delegate the core functions of the dental benefit administration to non-affiliated third parties. Delta Dental Insurance Company is part of a holding company system that operates under a single management structure and uses some services of affiliates through intra-enterprise agreements. For example, an affiliate may assist Delta Dental during an emergency caused by a natural event. Delta Dental may contract with vendors to perform some ancillary services such as printing enrollee materials or with vendors who provide tools (software, telecommunications systems) used in the administration of plan benefits. These vendor contracts require vendors to comply with Delta Dental requirements and with applicable laws.

C.4.e. Provide the following information for the organization(s) that will be contracting with ERS. This must include the entity holding any license required to provide the services.

1. Provide a copy of each entity’s Certificate of Formation (including any amendments).

Please refer to the attachment entitled Delta Dental Certificate of Incorporation - PPO under Tab 12.

2. If not formed in Texas, provide a corporate charter or other equivalent formation document (including any amendments) from the jurisdiction of formation. Please refer to the attachments entitled Delta Dental Certificate of Incorporation - PPO Delta Dental Certificate of Incorporation - PPO and Amended Texas DOI COA under Tab 13.

3. Provide a copy of any assumed name certificates filed in Texas.

Not applicable; Delta Dental does not operate as a dba.

Organization full legal name: Delta Dental Insurance Company

Physical address of principal place of business:

1130 Sanctuary Parkway Alpharetta, GA 30009 888-858-5252

Mailing address (if different): N/A Telephone number: 888-858-5252 Website Address: deltadentalins.com


C.4.f. Authorized Representatives. Provide the following information for Respondent’s

Authorized Representatives. This shall include, at a minimum, the individuals listed on the Incumbency Certificate discussed at RFP Section VI.A.2.

Name: Melissa Fullerton Mohammadreza Navid Title: Vice President, Sales Group Vice President, Sales Mailing address: 1701 Shoal Creek, Suite 240

Highland Village, TX 75077 560 Mission Street, Suite 1300 San Francisco, CA 94105

Email address: [email protected] [email protected] Telephone number: 469-948-1111 415-972-8301

C.4.g. Provide Respondent’s evidence of good standing in its jurisdiction of incorporation or

formation. (For example, a Certificate of Good Standing from the State of Delaware.)

Please refer to the attachment entitled Delta Dental Certificate of Good Standing - PPO, under Tab 15.

C.4.h. Respondent must be authorized to do business in Texas and be in good standing in the

state in which it was incorporated or formed.

Confirm C.4.i. If Respondent was not formed in Texas, provide evidence of Respondent’s Certificate

of Authority to conduct business in Texas.

Please refer to the attachment entitled Delta Dental Certificate of Incorporation - PPO Delta Dental Certificate of Incorporation - PPO and Amended Texas DOI COA, under Tab 16.

C.4.j. Provide Respondent’s Texas Franchise Tax Account Status Report.

Not applicable. Insurance companies are not subject to the Franchise Tax. C.4.k. Respondent will provide the following information:

State in which Respondent incorporated or formed: Delaware Year in which Respondent incorporated or formed: 1970 Year in which Respondent became authorized to do business in Texas, if Texas is not its jurisdiction of incorporation or formation:

1976

Federal Identification Number: 94-2761537 Texas Identification Number: 17424475121

Respondent will be required to submit an application for Texas Identification Number should it be awarded the Contract if it does not already have one. That application may be obtained at:

https://comptroller.texas.gov/taxes/permits



C.4.l. Has Respondent ever had its authority to conduct business in any state revoked, cancelled, suspended or forfeited?

Yes No

If yes, explain.

C.4.m. As stated at RFP Section VI.A.6., ERS retains the right to have its data excluded from any type of data sharing arrangement. In order for ERS to better understand Respondent’s background and business structure, Respondent shall provide the following information if it sells or reports any data from its current clients to others, either specifically or in aggregate:

The arrangements for the data sharing;

Not applicable; Delta Dental does not sell nor report data from current clients to others

The details of what data was shared, including how it is masked; and


The measures taken to ensure the information is not identifiable.


C.4.m.i. Respondent shall confirm, unless specifically authorized in writing by ERS, it shall not

share ERS data or include ERS data in any data sharing arrangement. Confirm C.4.n. Ratings. Provide copies of ratings and reports on Respondent issued by independent

rating organizations or similar entities, such as those issued by A.M. Best’s, Moody’s, Standard and Poor’s. If any such reports are not provided, please explain why not.

Delta Dental is rated A (Excellent) with a “stable” outlook by A.M. Best. The most recent rating was issued May 23, 2018. Please refer to the attachment entitled 2017 A.M. Best Rating Press Release - PPO, under Tab 18.

C.4.o Previous State Employment. Pursuant to Tex. Gov’t Code Sec. 572.069, if any of the

individuals who will perform the services specified in the RFP or in the Contract have been employed by ERS at any time during the two (2) years preceding Proposal submission date or, in the case of a former Executive Director of ERS during the preceding four (4) years of the Proposal submission date, state the following:

Name of individual: Not applicable Nature of previous employment: Not applicable Date of termination: Not applicable


DHMO RESPONSES D. Deviations – Contractual Matters - DHMO

Review the Deviation instructions referenced below.

D.1. Respondent shall provide its Deviations to the Contractual Agreement, BAA, and DSBNA by providing redlined changes within the forms provided in Appendices B, C, and D and in accordance with the specifications provided within the RFP Section VI.A.3.

Please refer to the attachments entitled Appendix B Contractual Agreement – DHMO,

Appendix C Business Associate Agreement - DHMO and Appendix D Data Security and Breach Notification Agreement – DHMO, under Tabs 19, 20 and 21, respectively.

D.2. Respondent shall provide its Deviations to the Performance Guarantees by providing

redlined changes within Appendix G and in accordance with the specifications provided within RFP Sections VI.A.8. – VI.A.8.c.

Please refer to the attachment entitled Appendix G-1 Performance Guarantees – DHMO, under Tab 22.

E. Interrogatories - Legal Services and Litigation - DHMO

Deviations to this Section are not permitted. E.1. Respondent shall provide legal services and litigation support. Legal services and

litigation support include, but are not limited to, Respondent assisting and supporting ERS in court proceedings by providing records, affidavits, and witness testimony. Upon the request of ERS, Respondent may have to provide its own legal representation in lawsuits when appropriate. Respondent shall coordinate its legal services and legal support with ERS’ Office of General Counsel.

Confirm

E.1.a. For the past five (5) years, describe:

Any completed and/or pending state or federal litigation, whether civil or criminal, including all suits, actions, or prosecutions, and any state or federal regulatory or other proceedings, investigations, disciplinary actions, violations of the rules of any self-regulatory organization, license revocations and/or governmental inquiries against Respondent that resulted in a felony conviction and/or included any allegations of criminal conduct, fraud, corrupt practices, violations of fiduciary duties, and/or intentional torts involving any allegations of moral turpitude by providing the information requested below, as applicable, for each such matter.

Please refer to attachment entitled Litigation History (Alpha Dental – Texas) under Tab C.


E.1.a.i. Any completed and/or pending state or federal litigation, whether civil or criminal, including all suits, actions, or prosecutions, and any state or federal regulatory or other proceedings, investigations, disciplinary actions, violations of the rules of any self-regulatory organization, license revocations and/or governmental inquiries against Respondent’s officers, directors, parent companies, affiliates, subcontractors and any persons identified by Respondent who will be performing any services required under the RFP and Contract that resulted in a felony conviction and/or included any allegations of criminal conduct, fraud, corrupt practices, violations of fiduciary duties, and/or intentional torts involving any allegations of moral turpitude by providing the information requested below, as applicable, for each such matter. Provide the following information for each matter identified in interrogatory E.1.a. and E.1.a.i. above: Case number: * Date filed: * Full style of matter: * Court: * County, District and State: * State or Federal Regulatory Body, Attorney General or other law enforcement or applicable governmental body: * Brief summary of the dispute: * Current status: * Resolution: *

Respondent shall not refer ERS to any third-party websites or other sources in order for ERS to obtain this information.

*Please refer to attachment entitled Litigation History (Alpha Dental – Texas), under Tab C.

E.1.b. If Respondent did not provide any information for the preceding question, confirm that Respondent (including its officers, directors, parent companies, affiliates, subcontractors and any persons identified by Respondent who will be performing any services required under the RFP and Contract) has not been the subject of any completed and/or pending state or federal litigation, whether civil or criminal, including any suit, action, or prosecution, or any state or federal regulatory or other proceeding, investigation, disciplinary action, violations of the rules of any self-regulatory organization, license revocations and/or governmental inquiry) that resulted in a felony conviction and/or included any allegations of criminal conduct, fraud, corrupt practices, violations of fiduciary duties, and/or intentional torts involving any allegations of moral turpitude for the past five (5) years.

Confirm*

*Please refer to attachment entitled Litigation History (Alpha Dental – Texas), under Tab C. E.1.c. Confirm that Respondent shall notify ERS whenever Respondent is involved in litigation

that directly involves the plans and/or services associated with the DHMO plan and/or Participants.

Confirm


E.1.d. Provide a schedule and describe in detail previous contract implementation breakdowns, performance assessments, contract disputes resulting in suit or settlement and/or contract breaches for the past five (5) years (if any) by Respondent and discuss all measures Respondent took to rectify the situation or remedy the breach. Please separate by governmental and non-governmental clients indicating the reason for the assessment and the amount paid. List in most recent chronological order.

Governmental: * Non-governmental: * Action taken to resolve issue: * Assessment amount paid: *

*Delta Dental has no such legal actions to report in the last five years.

E.1.e. If the Respondent did not provide a schedule of contract implementation breakdowns,

performance assessments or contract disputes as outlined in interrogatory E.1.d. above, confirm that Respondent has not been involved in any contract implementation breakdowns, performance assessments or contract disputes described in interrogatory E.1.d. above.

Confirm E.1.f. Provide a schedule and describe in detail successfully completed agreements,

negotiations, mergers, acquisitions or sale of Respondent’s organization from the past five (5) years (if applicable). This should include any joint ventures or other financial arrangements regarding a change in ownership of Respondent’s organization.

Delta Dental Insurance Company’s parent company, Delta Dental of California, acquired Allied Administrators, Inc., a third-party administration (TPA) firm based in San Francisco, in December 2016. The third-party administration firm’s primary business is meeting the benefits-administration needs of other businesses.

E.1.g. Does Respondent have any pending agreements, negotiations, and/or offers to merge

or sell Respondent’s organization? This should include any joint ventures or other financial arrangements regarding a pending change in ownership of Respondent’s organization that could affect the services described in Respondent’s Proposal or affect Respondent’s organizational financial liability to meet its obligations under a Contract with ERS.

Yes No

If the answer to this question is “Yes,” describe. Not applicable


E.1.h. Does Respondent have any obligation or arrangement to purchase another entity that

would involve substantial commitment of assets or capital? Yes No

If the answer to this question is “Yes,” describe, including an outline of the anticipated timelines.

Not applicable

F. Interrogatories - Regulatory Compliance - DHMO

Deviations to this Section are not permitted. F.1. As a business associate of ERS, Respondent shall comply with all privacy and security

protections as provided in Tex. Health & Safety Code Ann. Chapter 181 (West Supp. 2015) and in HIPAA.

Confirm F.2. Respondent is and shall stay in compliance with the requirements of all state and federal

privacy rules and regulations. Confirm F.3. Respondent is not presently debarred, suspended, proposed for debarment, declared

ineligible or voluntarily excluded from contracting with any federal, state or local department or agency.

Confirm

F.4. Describe in detail Respondent’s policies, procedures and/or systems used to ensure

compliance with HIPAA and state privacy laws.

Delta Dental is fully compliant with all applicable HIPAA requirements. Our compliance efforts include, but are not limited to, the following measures which are designed to ensure current and future compliance with HIPAA:

• Implementation of comprehensive HIPAA policies and procedures that address: o Protection of PHI through all work processes o Administrative, technical, and physical safeguards o Requests for PHI by various individuals or agencies – procedures for

authentication, verification, authorization, access, amendment, restrictions, and accounting of disclosure of PHI

o Use of PHI by business associates o Training

• Maintaining security measures that include controlled building access, computer passwords, and signed confidentiality statements by employees upon hire

• Thorough training of new employees and ongoing refresher training of all employees


• Internal contacts and Legal department reviews of new laws and regulations to ensure all procedures and documents are in compliance

• Distribution of Business Associate agreements to all of our business partners (signed agreements are tracked through our internally developed compliance database)

• Notice of Privacy Practices for enrollees • Secure servers, website and telephone security prompts; entity authentication

capabilities; and, data-encryption technology • Standardized transactions and code sets • Tracking of non-routine uses of PHI through our HIPAA database

Delta Dental has an extensive legislative implementation program and fully formed privacy and security policies and procedures to ensure compliance with all applicable federal and state laws and regulations. This includes a robust Privacy and Security program that addresses contractual as well as state and federal regulatory requirements that apply to our business operations. Our ongoing annual assessment process encompasses HIPAA/ HITECH/ Omnibus and other federal and state privacy and security rules.

F.4.a. Provide a full description of any HIPAA violations (such as unauthorized disclosures)

alleged against Respondent during the past five (5) years. For each HIPAA violation, Respondent’s description shall include, but not be limited to: The following violations involve breach events during the past five years and include Texas members under a Delta Dental Insurance Company-administered plan. The identity of the entity that made the complaint:


The date the complaint was made: January 18, 2018

A description of the complaint: A customer service representative failed to authorize a member who called about an adult dependent claim.

The date the complaint was resolved: February 5, 2018 Any fines or penalties assessed against Respondent:

No


Not applicable

How the complaint was resolved: The representative was coached on January 18, 2018. Delta Dental mailed the breach notification letter February 5, 2018, including an authorization form.




The date the complaint was made: November 13, 2017 The date the complaint was resolved: December 7, 2017

A description of the complaint: A customer service representative failed to authenticate a caller.


No


Not applicable


The representative was coached on November 15, 2017. Delta Dental mailed the breach notification letter on December 7, 2017, including an authorization form.



The date the complaint was made: April 5, 2016 The date the complaint was resolved: May 6, 2016

A description of the complaint: A member’s EOB was sent to the incorrect address on file.


No


Not applicable

How the complaint was resolved: The group was contacted to update their records. A breach notification letter was mailed on April 13, 2016, including an authorization form.



The date the complaint was made: February 4, 2016 The date the complaint was resolved: February 12, 2016

A description of the complaint: A member’s ID card was sent to the wrong member.


No


Not applicable


The group updated their file with the correct member information and address. ID cards were reordered upon request. A breach notification letter was mailed on February 12, 2016.




The date the complaint was made: January 15, 2014 The date the complaint was resolved: February 12, 2014

A description of the complaint: A briefcase containing a laptop and case information for one Texas Delta Dental member was stolen.


No


Not applicable


The laptop was encrypted, the case file was not recovered and a police report was filed. Delta Dental offered credit monitoring and identity theft insurance services. A breach notification letter was mailed on February 21, 2014.



The date the complaint was made: December 12, 2013 The date the complaint was resolved: January 30, 2014 A description of the complaint: A provider EOB was faxed to a member Any fines or penalties assessed against Respondent:

No


Not applicable

How the complaint was resolved: The recipient notified Delta Dental and the paper documents were shredded.



The date the complaint was made: July 22, 2013 The date the complaint was resolved: August 20, 2013

A description of the complaint: A member received another member’s EOB.


No


Not applicable





The date the complaint was made: May 22, 2013 The date the complaint was resolved: July 5, 2013 A description of the complaint: An EOB was sent to the wrong address. Any fines or penalties assessed against Respondent:

No


Not applicable


F.4.b. Provide a description of any HIPAA breach involving notification to the affected

individual during the past five (5) years. These may be summarized, but should give ERS a clear understanding of the number of breaches, the number or affected Participants per breach, the types of actions that led to the breaches, and any mitigation completed by Respondent to prevent such breaches in the future.


F.4.c. For the five (5) year period preceding the Proposal, provide a brief description of any

violations alleged against Respondent with regard to any state or federal privacy laws and/or regulations (for example, Tex. Bus. and Com. Code Chapter 521).


F.4.d. Describe and confirm the validity of any license(s) that Respondent or its employees,

independent contractors, or subcontractors are required to maintain.

DeltaCare® USA is our dental HMO product that is offered in all 50 states plus the District of Columbia. In Texas, DeltaCare USA is underwritten by Alpha Dental Programs, Inc., which is a Delta Dental-affiliated company. Delta Dental Insurance Company acts as the DeltaCare USA administrator in all these states.


Alpha Dental Programs, Inc. is a licensed Single Service Health Maintenance Organization in Texas. Pursuant to Texas Insurance Code, Texas HMOs do not participate as member insurers in the Texas Life, Accident, Health and Hospital Insurance Guaranty Association. Alpha Dental maintains a valid license. Alpha Dental does not delegate the core functions of the dental benefit administration to non-affiliated third parties. Delta Dental is part of a holding company system that operates under a single management structure and uses some services of affiliates through intra-enterprise agreements. For example, an affiliate may assist Delta Dental during an emergency caused by a natural event. Delta Dental may contract with vendors to perform some ancillary services such as printing enrollee materials or with vendors who provide tools (software, telecommunications systems) used in the administration of plan benefits. These vendor contracts require vendors to comply with Delta Dental requirements and with applicable laws.

F.4.e. Provide the following information for the organization(s) that will be contracting with

ERS. This must include the entity holding any license required to provide the services.

1. Provide a copy of each entity’s Certificate of Formation (including any amendments). Please refer to the attachment entitled Certificate of Incorporation (Alpha Dental - Texas) under Tab 23.

2. If not formed in Texas, provide a corporate charter or other equivalent formation document (including any amendments) from the jurisdiction of formation. Please refer to the attachments entitled Certificate of Authority (Alpha Dental - Texas) and Certificate of Incorporation (Alpha Dental - Texas) under Tab 24.

3. Provide a copy of any assumed name certificates filed in Texas.

Not applicable. Delta Dental does not operate as a dba.

Organization full legal name: Delta Dental Insurance Company

Physical address of principal place of business:

1130 Sanctuary Parkway Alpharetta, GA 30009 888-858-5252

Mailing address (if different): Not applicable Telephone number: 888-858-5252 Website Address: deltadentalins.com

F.4.f. Authorized Representatives. Provide the following information for Respondent’s Authorized Representatives. This shall include, at a minimum, the individuals listed on the Incumbency Certificate discussed at RFP Section VI.A.2.

Name: Melissa Fullerton Mohammadreza Navid Title: Vice President, Sales Group Vice President, Sales Mailing address: 1701 Shoal Creek, Suite 240

Highland Village, TX 75077 560 Mission Street, Suite 1300 San Francisco, CA 94105

Email address: [email protected] [email protected] Telephone number: 469-948-1111 415-972-8301


F.4.g. Provide Respondent’s evidence of good standing in its jurisdiction of incorporation or formation. (For example, a Certificate of Good Standing from the State of Delaware.)

Please refer to the attachment entitled Certificate of Compliance - DHMO, under Tab 26.

F.4.h. Respondent must be authorized to do business in Texas and be in good standing in the

state in which it was incorporated or formed.

Confirm F.4.i. If Respondent was not formed in Texas, provide evidence of Respondent’s Certificate

of Authority to conduct business in Texas. Please refer to the attachment entitled Certificate of Incorporation (Alpha Dental - Texas), under Tab 27.

F.4.j. Provide Respondent’s Texas Franchise Tax Account Status Report.

Not applicable. Insurance companies are exempt from the Franchise Tax. F.4.k. Respondent will provide the following information:

State in which Respondent incorporated or formed: Texas Year in which Respondent incorporated or formed: 1985 Year in which Respondent became authorized to do business in Texas, if Texas is not its jurisdiction of incorporation or formation:

1985

Federal Identification Number: 74-2447512 Texas Identification Number: 17424475121

Respondent will be required to submit an application for Texas Identification Number should it be awarded the Contract if it does not already have one. That application may be obtained at:


F.4.l. Has Respondent ever had its authority to conduct business in any state revoked, cancelled, suspended or forfeited?

Yes No

If yes, explain.

Not applicable



F.4.m. As stated at RFP Section VI.A.6., ERS retains the right to have its data excluded from

any type of data sharing arrangement. In order for ERS to better understand Respondent’s background and business structure, Respondent shall provide the following information if it sells or reports any data from its current clients to others, either specifically or in aggregate:

Not applicable; Delta Dental does not sell nor report data from current clients to others.

The arrangements for the data sharing;


The details of what data was shared, including how it is masked; and


The measures taken to ensure the information is not identifiable.


F.4.m.i. Respondent shall confirm, unless specifically authorized in writing by ERS, it shall not

share ERS data or include ERS data in any data sharing arrangement. Confirm F.4.n. Ratings. Provide copies of ratings and reports on Respondent issued by independent

rating organizations or similar entities, such as those issued by A.M. Best’s, Moody’s, Standard and Poor’s. If any such reports are not provided, please explain why not.

Delta Dental is rated A (Excellent) with a “stable” outlook by A.M. Best. The most recent rating was issued May 23, 2018. Please refer to the attachment entitled 2017 A.M. Best Rating Press Release – DHMO, under Tab 29.

F.4.o Previous State Employment. Pursuant to Tex. Gov’t Code Sec. 572.069, if any of the individuals who will perform the services specified in the RFP or in the Contract have been employed by ERS at any time during the two (2) years preceding Proposal submission date or, in the case of a former Executive Director of ERS during the preceding four (4) years of the Proposal submission date, state the following:

Name of individual: Not applicable Nature of previous employment: Not applicable Date of termination: Not applicable

E.1.a - ADP

Status Case Number PlaintiffDefendant - Enterprise Entity Regulatory Body Case Type Dispute

Resolution / Status Year Filed

Settled 17CV3-001604 Leslie, Richard Alpha Dental Programs Inc. (ADP)

Justice Court Small Claims - Enrollee

Deducted premiums and Unfair Settlement Practices

Settled with Plaintiff

2017

APPENDIX P

DENTAL PPO AND DHMO STRUCTURE AND ADMINISTRATION REQUIREMENTS DEVIATIONS AND

INTERROGATORIES

Appendix P. Dental PPO and DHMO Structure and Administration Requirements Deviations 1

Dental PPO and DHMO Structure and Administration Requirements Deviations and Interrogatories

Respondent shall review the Deviation and Interrogatory instructions referenced at RFP Sections I.D.2. and I.D.3. Respondent shall complete the Interrogatories listed below by providing Respondent’s answer following each question. Respondent shall complete both PPO and DHMO sections if Respondent will be providing both plans. If Respondent is not providing services for both plans, then Respondent only needs to provide its Responses to either the PPO or DHMO sections. A. Deviations – Dental PPO Plan Benefits Requirements

A.1. Affirm that Respondent shall comply with all of the Dental PPO Plan Benefits

Requirements described in RFP Section VII.A.

Affirm Affirm with the proposed Deviation If applicable, enumerate and provide a detailed description of each Deviation between Respondent’s response and these requirements: Respondent’s Requested Deviation Detail:

B. Interrogatories – Dental PPO Plan Benefits Requirements B.1. In response to the RFP, the Dental PPO Respondent shall submit its self-funded

Proposal in accordance with the Dental PPO plan benefit package as outlined in the current Dental PPO Schedule of Benefits referenced at: http://apps.humana.com/marketing/documents.asp?file=1384422, with expected changes effective September 1, 2018, see Appendix H.

Agreed and acknowledged.

C. Deviations – DHMO Plan Benefits Requirements C.1. Affirm that Respondent shall comply with all of the DHMO Benefits Requirements

described in RFP Section VII.B.

Affirm Affirm with the proposed Deviation

If applicable, enumerate and provide a detailed description of each Deviation between Respondent’s response and these requirements:

Respondent’s Requested Deviation Detail:

http://apps.humana.com/marketing/documents.asp?file=1384422


D. Interrogatories – DHMO Plan Benefits Requirements D.1. In response to the RFP, the DHMO Respondent shall submit rates in accordance with

the DHMO Schedule of Benefits located at: http://apps.humana.com/marketing/documents.asp?file=1384318.

Agreed and acknowledged.

E. Deviations – COBRA Administration Requirements – PPO E.1. Affirm that Respondent shall comply with all of the COBRA Administration

Requirements described in RFP Section VII.C.




F. Deviations – COBRA Administration Requirements - DHMO F.1. Affirm that Respondent shall comply with all of the COBRA Administration

Requirements described in RFP Section VII.C.




G. Deviations – Coordination with Other GBP Contracted Vendors

Requirements - PPO G.1. Affirm that Respondent shall comply with all of the Coordination with Other GBP

Contracted Vendors Requirements described in RFP Section VII.D.


It is our understanding that our main contact will be the ERS system as it relates to Delta Dental directly. Should the need arise to coordinate with other GBP contracted vendors, we will comply with the ERS requirements through our Compliance division. If applicable, enumerate and provide a detailed description of each Deviation between Respondent’s response and these requirements:


http://apps.humana.com/marketing/documents.asp?file=1384318


H. Deviations – Coordination with Other GBP Contracted Vendors Requirements - DHMO

H.1. Affirm that Respondent shall comply with all of the Coordination with Other GBP

Contracted Vendors Requirements described in RFP Section VII.D.


It is our understanding that our main contact will be the ERS system as it relates to Delta Dental directly. Should the need arise to coordinate with other GBP contracted vendors, we will comply with the ERS requirements through our Compliance division. If applicable, enumerate and provide a detailed description of each Deviation between Respondent’s response and these requirements:


APPENDIX Q

PROVIDER NETWORK AND SERVICE AREA REQUIREMENTS


Appendix Q. Provider Network and Service Area Requirements Deviations and Interrogatories 1

Provider Network and Service Area Requirements Deviations and Interrogatories

Respondent shall review the Deviation and Interrogatory instructions referenced at RFP Sections I.D.2. and I.D.3. Respondent shall complete the Interrogatories listed below by providing Respondent’s answer following each question. Respondent shall complete both PPO and DHMO sections if Respondent will be providing both plans. If Respondent is not providing services for both plans, then Respondent only needs to provide its Responses to either the PPO or DHMO sections. A. Deviations – DHMO Provider Network Requirements

A.1. Affirm that Respondent shall comply with all of the Provider Network and Service Area

Requirements – DHMO Provider Network Requirements described in RFP Sections VIII.A.1. – VIII.A.7.c.


If applicable, enumerate and provide a detailed description of each deviation between Respondent’s response and these requirements:


B. Deviations – Dental PPO Provider Network Requirements B.1. Affirm that Respondent shall comply with all of the Provider Network and Service Area

Requirements – Dental PPO Provider Network Requirements described in RFP Sections VIII.B.1. – VIII.B.8.b.





C. Deviations – Network Management Requirements - PPO C.1. Affirm that Respondent shall comply with all of the Provider Network and Service Area

Requirements – Network Management Requirements described in RFP Sections VIII.C.1. – VIII.C.5.




D. Interrogatories – Network Management Requirements – PPO D.1. Does Respondent own all of its contracts with participating providers, groups and

DSO’s?

Yes No Our networks are proprietary networks. We contract directly with individual dentists and specialists who meet our credentialing criteria. Unlike the networks of other carriers, no part of Delta Dental’s networks is leased from anyone or leased to anyone. Clients can feel confident knowing our dentist contracting, credentialing and quality-control standards are consistent. Because we contract directly with individual dentists and specialists who meet our credentialing criteria, we are able to foster long-term relationships with dentists that provide stability and predictable costs. Our approach also ensures no savings is passed on to other carriers through network access fees, and that our discounted fees are applied consistently to all participating providers. Unlike Delta Dental, many carriers do subcontract other payers’ networks to wrap around or supplement a network. When portions of the network are leased, credentialing and quality issues may not be under the control of the primary carrier. Typically, the primary carrier has no direct contract with dentists in a leased network. Contract and fee disputes and quality control are managed by the secondary carrier. There may be long delays in resolving any disputes, creating administrative challenges and enrollee dissatisfaction. The leased network arrangements often involve the cost of network access fees being passed on to clients and enrollees; clients or enrollees may be billed directly or a portion of the claims savings may be withheld as a network access fee. Additionally, the leased portion of a carriers’ network may have different contract terms, with dentists in different networks subject to inconsistent cost controls. Lease agreements are open to renegotiation on a regular basis. Higher costs can be passed on to the client at any point in the client’s contract term if lease rates are renegotiated and increase.

D.1.a. If no, what percentage of state of Texas network is through leased networks?

Not applicable


D.1.b. In what areas are the leased networks located? Please identify the contract owner for each area.

Not applicable D.2. Does Respondent have more than one provider network available?

Yes No If Respondent marked yes, what are the different network options and how do the network options impact the proposed rates? We are offering our Delta Dental PPOTM plus Premier program for ERS’ consideration. PPO plus Premier is a combination of the Delta Dental PPO and Delta Dental Premier® programs and their networks. Our proposed administration fee includes access to both networks. Delta Dental PPO is a discounted open-network plan that offers employees the lowest out-of-pocket expense when they visit any of the more than 269,000 PPO dental offices nationwide. Delta Dental Premier is Delta Dental’s open-network program with the largest proprietary network of dentists – more than 339,000 locations – in the U.S. PPO plus Premier gives employees outstanding access to both of Delta Dental’s networks nationally while PPO dentists and Premier dentists are paid their respective allowances. Our networks work in tandem to give enrollees more options for dentist access and cost savings. Enrollees likely receive the greatest savings when they visit a Delta Dental PPO dentist. Enrollees also have access to the Delta Dental Premier network – the largest proprietary network of dentists in the U.S. In fact, four out of five dentists in the U.S. are Delta Dental dentists, who guarantee a limit to out-of-pocket costs to enrollees covered by Delta Dental. This means a greater frequency of in-network claims, dramatically reducing the plan’s costs. The result is a better experience for enrollees with tangible savings for clients and their employees. The strength of our network is the foundation of our cost savings programs to our clients and our enrollees. An independent, third-party actuarial firm has confirmed this. Ruark Consulting LLC determined that Delta Dental’s PPO plans deliver the industry’s best effective discount – 25.3% nationally – resulting in more than $5.2 billion in annual savings compared to dentists’ average charges. Overall, the effective discount represents the total percentage savings on claims from all dentists. It is the best indicator of how often network discounts are being used and the overall savings the network provides.

“Delta Dental provides our valued employees with easy access to a robust network of dentists. This is especially important to us as we have employees working across the nation.” - Kimberly Jones, Vice President of Human Resources, Medical Staffing Network


D.3. If Respondent provides more than one provider network, identify the network(s) that

Respondent proposes be used by GBP Participants. Delta Dental is proposing both our Delta Dental PPO and Delta Dental Premier networks under

our Delta Dental PPO plus Premier plan.

With our proposed PPO plus Premier plan, GBP Participants would benefit from a true dual network solution. Enrollees have two simple options to save: They can receive greater potential savings through the Delta Dental PPO network, but they’ll also benefit from cost protections with a Delta Dental Premier® dentist. These protections include no unbundling of services or billing above the contracted fee. Only with a non-Delta Dental dentist is there no contracted fee limit of any kind.

D.3.a. How long has each network been in place? Delta Dental PPO: 32 years Delta Dental Premier: 64 years D.3.b. Describe Respondent’s network arrangements for national dental PPO coverage outside

the State. Our proposed networks are national networks, available in all 50 U.S. states, plus the District

of Columbia and Puerto Rico. D.4. If Respondent contracts with a management company, Respondent shall describe the

details of the arrangement. Not applicable. Delta Dental does not contract with a management company. D.5. Does Respondent have contracts with PCD groups, which require that specialty care

referrals be made to a specified subset of the network’s specialists, if applicable?

Yes No Under our PPO plans, enrollees are not required to obtain a referral before visiting a dental

specialist and are free to visit any licensed dentist at any time and receive applicable benefits under the terms of their group contract.

Delta Dental contracts directly with individual dentists and specialists who meet our

credentialing criteria; we do not contract with physician groups.

If yes, provide details. Not applicable


D.6. Does Respondent’s organization operate provider networks in other areas of the United

States that would be available to GBP Participants working, living (retired), or visiting out-of-state?

Yes No

If yes, list all areas served by the out-of-state network(s). Delta Dental has the largest proprietary networks in the U.S. with contracted dentists at more than 339,000 dentist locations. Our networks are available in all 50 U.S. states plus the District of Columbia and Puerto Rico. Under our PPO program, enrollees are free to see any licensed dentist in the world and receive applicable benefits under the terms of their group service contract.

D.6.a. Is Respondent licensed in other states for reciprocity arrangements?

Yes No If yes, where? Delta Dental Insurance Company is part of national holding company formed in 2000 composed of Delta Dental of California, Delta Dental of New York, Inc., Delta Dental of Pennsylvania, Delta Dental Insurance Company, Delta Dental of Puerto Rico and their affiliates. These companies form an enterprise that covers more than 35 million enrollees in Texas, Alabama, California, District of Columbia, Delaware, Florida, Georgia, Louisiana, Maryland, Mississippi, Montana, Nevada, New York, Pennsylvania, Puerto Rico, Utah and West Virginia. This enterprise system of Dental Dental-affiliated companies is part of the nationwide Delta Dental Plans Association (DDPA), whose member companies cover more than 75 million people through Delta Dental member companies. Reciprocity arrangements with DDPA member companies apply in all U.S. states. Enrollees in any Delta Dental Premier or PPO plan can use any of the dentists in the nationwide network. This reciprocity ensures that national accounts benefit from locally managed network access.

D.6.b. Respondent shall describe its specific reciprocity arrangements.

Delta Dental Insurance Company is part of a network of 39 independent dental service organizations that conduct business in all 50 states, the District of Columbia and Puerto Rico. These service organizations are all members of the Delta Dental Plans Association (DDPA); whose mission is to help improve the overall oral health of the nation by making dental care more available and affordable to the public through the expansion of dental benefits programs. Individual member companies are licensed by their applicable state regulators and the Delta Dental Plans Association to sell Delta Dental plans to group and individual purchasers within their state of operation. Delta Dental member companies do not compete with each other and only sell to individual residents or companies headquartered in their state of operation. Enrollees in any Delta Dental Premier or PPO plan can use any of the dentists in the nationwide network. This reciprocity ensures that national accounts benefit from locally managed network access. Our member companies also share a data warehouse of individual dentists' contracted fees.


D.6.c. Is there a limit to the number of Participants living outside of the State that Respondent

would be able to cover in a reciprocity arrangement?

Yes No D.7. Discuss the network’s methodology in evaluating patient access to dental care

providers?

Accessibility of services is a key indicator of the need to add offices to a service area. This criterion can fluctuate depending upon the level of enrollment, office accessibility and dentists’ appointment availability. Delta Dental prepares GeoAccess reports based on the client’s actual enrollment and dentist availability to determine the level of access against client-specific criteria. Delta Dental has the largest proprietary network in the U.S. with contracted dentists at more than 339,000 dentist locations.

Delta Dental's GeoAccess analysis of its networks indicates: • 98.9% of ERS’s employees have access to a Delta Dental Premier general dentists

within a 30-mile radius of each employee’s home • 98.5% of ERS’s employees have access to a Delta Dental PPO dentists within a 30-mile

radius of each employee's home

D.8. What is the availability of appointments for scheduling office visits within the dental

networks?

The dental office of every Delta Dental participating dentist is required to meet the following access and appointment availability standards:

• Emergency care – 24 hours a day, seven days per week. An active after-hours

mechanism, such as an answering machine, answering service, a cell phone, or a pager, is available for 24/7 contact or instructions.

• Urgent care – provided within 72 hours when consistent with the patient’s individual needs and required by generally accepted standards for dentistry.

• Non-urgent appointments for initial visits or for routine care – available within 36 business days of the enrollee’s request.

• Preventive dental care appointments, such as hygiene appointments – available within 40 business days of the enrollee’s request.


D.9. What are the professional liability coverage requirements for each type of dental care

provider in Respondent network, if applicable?

Dentists are required to meet the requirements of the state(s) in which they practice. In Texas, all network dentists must carry a minimum of $500,000 malpractice insurance (for individual occurrences) and $1 million public liability (for coverage of the entire practice.)

D.10. How often does Respondent add dental care providers to its network, if applicable?

Provide a detailed explanation for the need to add dental care providers, the timeframe and frequency of the updates to Respondent’s dental care provider network.

As a leader in the dental benefits industry, Delta Dental specializes in dentist recruitment. Even with the largest proprietary dentist network in the U.S., Delta Dental feels it is important to continue to build its networks and to retain dentists so enrollees have access to the largest dentist networks nationwide and can enjoy continuity of care and provider choice. Delta Dental continues to recruit non-participating dentists routinely on behalf of clients. Delta Dental can collaborate with the client to target specific dentists in any location who currently do not participate with Delta Dental, but who provide treatment to the client’s employees. Targeted recruitment is designed wherever and whenever necessary as indicated by Geo Analysis showing limited access to enrollees, or requested by a client. Our Professional Relations representatives recruit dentists for our networks through direct outreach and dental association events. We also invite enrollees to nominate dentists for network participation and we invite dentists to apply for network participation. We typically require 60 days for the recruitment process.

D.11. What is the most frequent reason that a dental care provider leaves Respondent’s

network, if applicable? The top three reasons for dentist resignations are:

• Dissatisfaction with Delta Dental’s Maximum Plan Allowances. • Dissatisfaction with Delta Dental’s processing policies (Exclusions & Limitations). • The dentist elects to discontinue accepting insurance.

Annually, our network provider turnover remains low, averaging under 2% over the past four years for both our PPO and Premier networks.


D.12. What is Respondent’s credentialing and re-credentialing process for all dental care

providers?

Delta Dental credentials dentists as part of our internal contracting process before they can be admitted into our networks. All dentists are credentialed to NCQA standards. All Delta Dental companies share common networks. In our enterprise of Delta Dental-affiliated companies, Delta Dental Insurance Company manages network credentialing for all Delta Dental networks, and received NCQA Accreditation in Credentialing. “Achieving credentialing accreditation from NCQA demonstrates that Delta Dental has the systems, process and personnel in place to conduct credentialing in accordance with the strictest quality standards,” said Margaret E. O’Kane, NCQA President. NCQA has reviewed and accredited Delta Dental Insurance Company’s Credentialing functions only. For complete details on the scope of this review, visit www.ncqa.org. The initial credentialing process includes review of the applicant’s training, education and professional history such as current dental credentials including state license, evidence of malpractice coverage, DEA certificate and specialty training verification. Delta Dental reviews malpractice history and state board actions. Dentists are required to complete an application that includes practice history and indicates compliance with current Centers for Disease Control Infection Control Guidelines. The recredentialing process omits elements that are not subject to change, such as graduation from dental school and adds elements related to the dentist’s performance (e.g., utilization reviews and grievances).

D.12.a. How often does Respondent conduct the re-credentialing process?

Contracted dentists are recredentialed at least once every three years. Network dentists must submit a credentialing form, current dentist’s license, and a copy of their malpractice insurance policy in order to maintain their status. Licensure and good standing are verified annually through the State Board and National Provider Data Bank. A complete recredentialing process and re-verification occurs every three years for all network dentists using the same sources used during initial credentialing. Recredentialing also includes review of any applicable chart audit results, enrollee satisfaction survey responses and enrollee grievances.

D.13. What is the fee and risk sharing arrangements that Respondent has with dental care providers in each network for which Respondent is submitting a Proposal response? To assist in communication of this information, complete GBP Utilization of CDT Codes located in Appendix I. The fee schedules information needs to be by Texas three (3) digit zips.

Delta Dental does not maintain fee and risk sharing agreements with our network providers. Our contracted dentists accept Delta Dental's contracted allowances as the full payment for services, an important fee protection for program enrollees and cost restraint for purchasers. Delta Dental reimburses PPO and Premier dentists for each covered service, paying the contracted allowance less copayments, deductibles, amounts over contractual limitations and other maximums, directly to the contracted dentist.


We do not utilize pay-for-performance provider reimbursement, or pay any supplemental compensation above the contracted fee. Our consideration of these types of reimbursement models has included an evaluation of the risk of encouraging dentists to treat patients based on an artificial standard of care that reflects incentive criteria rather than the individual needs of the patient. Please refer to the attachment entitled Appendix I – PPO GBP Utilization of CDT Codes, under Tab 40.

D.13.a. Is any provider compensation for providers related to utilization levels?

Yes No

If so, explain the methodology. Delta Dental reimburses PPO and Premier dentists for each covered service performed. We do not utilize pay-for-performance provider reimbursement, or pay any supplemental compensation above the contracted fee for each covered service. Our consideration of these types of reimbursement models has included an evaluation of the risk of encouraging dentists to treat patients based on an artificial standard of care that reflects incentive criteria rather than the individual needs of the patient.

D.14. What minimum periods are included in Respondent’s dental care provider contracts

concerning the following: D.14.a. Provider’s notice to not accept new patients;

Network dentists are required to notify Delta Dental within five business days when they close or open their practice to new patients. Contracted dentists can close their practices to new patients but cannot close their practice exclusively to new Delta Dental patients. Under a PPO plan, enrollees are free to see any licensed dentist and receive benefits under the terms of their group service contract.

D.14.b. Provider’s intent to terminate; Contracted dentists agree to provide Delta Dental with a 30-day written notice of intent to

resign. Our dentist contracts specifically require network dentists to advise their Delta Dental patients that they are no longer a participating dentist and to complete any treatment in progress at the contracted allowance in effect at the inception of the course of treatment.

D.14.c. Respondent’s intent to terminate; and

Delta Dental is required to give providers 30 days’ written notice of termination, unless a serious licensing, safety or legal concern warrants immediate termination.


D.14.d. Provider’s required continuation of care to existing network Participants following

provider’s termination from the network, if applicable.

Delta Dental's dentist contracts specifically require Delta Dental participating dentists to advise patients when they are no longer participating dentists and to complete any treatment in progress at the contracted allowance in effect at the inception of the course of treatment. Benefit payment for treatment incurred after termination will be reimbursed to the patient directly based on non-participating payment guidelines as outlined in the group’s contract.

D.15. Respondent shall provide a detailed explanation of how it is in compliance with

continuation of coverage and conversion policies.

We comply with all applicable COBRA (the Consolidated Omnibus Budget Reconciliation Act of 1985) laws regarding continuation of coverage.

A primary enrollee’s eligibility ends on the last day of the month in which his or her full-time employment ends, unless otherwise agreed-upon by us and the client, or unless he or she chooses to continue coverage under COBRA.

A dependent’s eligibility ends along with the primary enrollee’s, or sooner if the dependent loses his or her dependent status, unless continued coverage is chosen in a timely fashion by or on behalf of the dependent(s) under COBRA.

D.16. What does Respondent offer, an individual conversion policy or a group conversion

policy?

Individual Conversion Policy Group Conversion Policy Describe the policy offered. Delta Dental can provide a conversion policy that mirrors coverage under the current plan. We also offer a wide variety of additional individual plans that can be tailored to an enrollee’s specific needs and budget. If a policy is not offered, Respondent shall provide reasoning as to why it is not offered. Not applicable

D.17. What percentage of each network’s dentists are Board certified, if applicable? Delta Dental requires board certification where it is required by state law. There is no generally accepted or recognized board for certification of general dentists.

Delta Dental credentials all of its contracted dentists in the same manner, whether they are board-eligible or board-certified. All specialty certification is fully verified. 33% of PPO and Premier specialists are board-certified.


D.18. What is the training/orientation process for Respondent’s network providers, if

applicable?

Each dentist participating in the network has access to a provider handbook, available on the Provider Tools section of Delta Dental’s website. Providers may also request a hardcopy handbook. The handbook describes the covered benefits package, enrollee eligibility and provider obligations for compliance with all administrative, legal and regulatory requirements. Included in the handbook is a provider grievance process to address and resolve provider concerns. The agreement between Delta Dental and each network dentist contains a provision that obligates the provider to comply with all handbook provisions and any subsequent updates. The handbook is distributed to providers at the conclusion of the contracting process. Delta Dental also mails newsletters to all network dentists periodically throughout the year to supplement the handbook and reinforce the dentist’s awareness of the program and status as a participating provider. Newsletters announce program changes, discuss current dental care topics and address emerging issues that may be identified through Member Services or other sources and have broad application to all participating dentists. In addition, our Professional Relations department regularly conducts outreach to foster good relations with the dental community to ensure that dentists are abiding by the contractual guidelines of their participation agreements. Delta Dental also issues a quarterly newsletter to all network dental offices that covers Delta Dental policy, industry news, seminars, new Delta Dental clients, tips on submitting claims and other useful information. Professional Relations representatives visit network dental offices by appointment and on a drop-in basis to ensure open communication with Delta Dental. Visiting representatives answer questions about claims processing and distribute materials designed to aid with claim submission. All Delta Dental dentists and their employees are invited to training seminars that are held in key locations throughout the year. Delta Dental offers courses through the state's dental schools to help network dentists meet continuing education requirements for licensure. To help make dental plan administration even easier for our network dentists, Delta Dental offers online Provider Tools – a suite of helpful services that enables real-time processing of certain claims and pre-treatment estimates (those that don’t require clinical review, for example) and the ability to confirm eligibility. With real-time processing, dentists and patients can see the patient’s payment portion and the amount Delta Dental will pay within moments. Provider Tools also give dental offices other useful features, including a list of their Delta Dental patients and eligibility and benefits details, access to the status of submitted claims, a reference library, a list of Delta Dental’s payments and more. Provider Tools are fast, friendly, free – and an easy way to reduce paper use, too.


Address the specific training/orientation items below and provide a specific explanation to: D.18.a. Participant eligibility;

Providers are informed they should check patient eligibility prior to service. Dental offices can use our secure, password-protected website to verify enrollee eligibility and benefits online or call Customer Service.

D.18.b. Utilization review procedures;

Our provider agreements and handbooks state that dentists are subject to Dental Dental’s utilization review process in order to ensure that services are provided at a level of care that meets professionally recognized standards of practice. Our Professional Relations department communicates with network dentists in the event utilization patterns outside peer group norms are detected and the need for corrective action is determined.

D.18.c. Billing; and

Our provider agreements state that network dentists must agree to accept Delta Dental's contracted fees as payment in full for covered dental services and agree not to balance bill the patient (excluding deductibles, coinsurance and amounts in excess of plan maximums) up to the dentist’s submitted charge. Contracted dentists may not bill an eligible patient for any difference between the accepted fee and the submitted fee. This requirement is clearly stated in our provider contracts and handbooks.

In the event a member is balance billed, the member should notify Delta Dental. The member will need to submit any receipts and bills from the dentist. Delta Dental will contact the dentist on the member's behalf and resolve the issue within 30 days. If a dentist refuses to abide by the contract, the dentist is subject to termination from the network. Accurate fees are also monitored through enrollee complaints and office audits.

D.18.d. Quality improvement responsibilities.

Our Professional Relations department conducts outreach to foster good relations with the dental community to ensure that dentists are abiding by the contractual guidelines of their participation agreements. Professional Relations is also responsible for ensuring the appropriate corrective action is taken when patient inquiries or claims submission patterns indicate that further investigation is warranted. Concerns related to quality of care and other treatment-related issues are investigated by the dental consultant who chairs our Quality Assessment committee. Suspicions that the dentist may be billing Delta Dental for more expensive procedures than he or she actually performed (upcoding) or billing for services that were not rendered as well as other violations of contractual agreements are handled by the Network Oversight committee. For identified issues, we notify the dentist of the complaint and request additional information. If our investigation reveals that quality improvement is warranted, we notify the dentist of the corrective action they are required to implement.


Most dentists comply with our policies and our requests for a change in conduct. When a dentist fails to perform at an acceptable level, our Quality Review committee sends written notification that participation will be terminated 15 days from the date of the letter. If the committee determines the health and safety of enrollees may be at risk, the termination is immediate. Dentists have the right to appeal the termination by requesting a review by a hearing panel, which consists of three disinterested dentists. Delta Dental files all terminations with the appropriate regulatory agencies and databases, such as the National Practitioners Data Bank.

D.19. What was the turnover rate of dentists and Respondent’s network, in 2014, 2015, 2016,

and 2017 year-to-date, if applicable? Respondent shall differentiate between voluntary and involuntary turnover.

Delta Dental PPO Turnover

2014 2015 2016 2017 Voluntary 0.98% 1.36% 1.09% 1.29% Involuntary 0.47% 0.17% 0.23% 0.40% Total 1.44% 1.53% 1.32% 1.68%

Delta Dental Premier Turnover

2014 2015 2016 2017 Voluntary 0.38% 0.81% 0.66% 0.83% Involuntary 0.29% 0.15% 0.28% 0.42% Total 0.67% 0.96% 0.94% 1.26%

D.20. Describe Respondent’s financial arrangements with contracted dentists. If

Respondent’s financial arrangements include different reimbursement methodologies, specify these arrangements, if applicable. (i.e., fixed fee schedules, percentage of usual and customary, variable by provider, area, specialty, etc.)

Delta Dental's contracted dentists are compensated based on fixed fee schedules. They agree to accept Delta Dental's Maximum Contract Allowances or their charged fees, whichever is less (Allowed Amount), as the full payment for services, an important fee protection for program enrollees and cost restraint for purchasers. Delta Dental pays the Delta Dental Payment, i.e., the Allowed Amount less copayments, deductibles, amounts over contractual limitations and other maximums, directly to the contracted dentist. The patient is only responsible to the contracted dentist for the Patient Payment, i.e., the difference between the Allowed Amount and the Delta Dental Payment. Maximum Contract Allowances are determined by Delta Dental based on a review of a variety of factors, including claim charges submitted on a regional basis for a given service by dentists of similar training within the same geographical area. Delta Dental examines dentist fee information from a number of other sources, including submitted charges, using various factors, subject to regulatory limitations and adjustment for extreme difficulty or unusual circumstances. This information is compared to third-party benchmark data. Delta Dental recognizes the additional training that is required of specialists and considers this in their reimbursement. Periodontists, oral surgeons and endodontists may receive a higher fee for covered procedures that are associated with their specialty. Our extensive experience with dental networks has shown that providing reimbursement specific to specialty training provides greater access to enrollees who require specialty care.


Delta Dental does not pay any special incentives or utilize pay-for-performance provider reimbursement. Our dentist contracts do not provide incentives for quality because quality of service is expected from all Delta Dental network dentists. Our consideration of this reimbursement model has included an evaluation of the risk of encouraging dentists to treat patients based on an artificial standard of care that reflects incentive criteria rather than the individual needs of the patient.

D.20.a. Texas statute does not allow a benefit differentiation in payment between contracted

and non-contracted providers for PPO plans. Respondent shall describe what method Respondent uses to encourage in-network usage, if applicable.

Delta Dental has the largest proprietary network in the U.S. with contracted dentists at more

than 339,000 dentist locations. With four out of five dentists contracted with Delta Dental, chances are many GBP Participants already see a Delta Dental dentist. In 2017, Delta Dental’s network utilization in Texas for our PPO and Premier plans combined was 86.2%. Delta Dental’s national PPO plan gives enrollees freedom to see the dentists of their choice while offering cost protection through networks of dentists who agree to accept reduced fees. Enrollees likely receive the greatest savings when they visit a Delta Dental PPO dentist. Enrollees also have access to the Delta Dental Premier network – together, PPO and Premier dentists create the largest proprietary network of dentists in the U.S. In fact, four out of five dentists in the U.S. are Delta Dental dentists, who guarantee a limit to out-of-pocket costs to enrollees covered by Delta Dental. This means a greater frequency of in-network claims, dramatically reducing the plan’s costs. The result is a better experience for enrollees with tangible savings for clients and their employees. We have developed communication materials to ensure enrollees understand the benefits of using Delta Dental dentists. Our plan documents for enrollees emphasize the advantages – including cost savings -- of visiting network dentists: “Visit a dentist in the PPO network to maximize your savings. These dentists have agreed to reduced fees, and you won’t get charged more than your expected share of the bill. Find a PPO dentist at deltadentalins.com.” These benefits include:

• Greater savings. Delta Dental dentists have agreed to accept reduced fees, which leaves

more money in enrollees’ pockets.

• Quality assurance. We monitor our network dentists to ensure that proper licensing, cleanliness and safety procedures are followed.

• No balance billing. Delta Dental dentists can’t charge more than their set fees. In contrast, out-of-network dentists may bill the difference between their usual fee and the client’s specified out-of-network benefits level.

• No unbundling. Delta Dental dentists agree not to “unbundle” services that are part of a treatment, like tooth preparation or local anesthesia. Out-of-network dentists may charge for these services separately, making their overall charges higher.

• Less paperwork. Delta Dental dentists handle all claim forms and other paperwork for the enrollee. If an enrollee chooses an out-of-network dentist, they may need to submit a claim form themselves.


• No prepayment required. With a Delta Dental dentist, enrollees are responsible only for their portion of the bill. We pay our share directly to the dentist. Out-of-network dentists may require enrollees to pay the full cost of treatment up front.

The breadth of our networks, along with our easy-to-use online directory, ensure it’s convenient for enrollees to find a local Delta Dental dentist. Our website, deltadentalins.com, features an online dentist directory for enrollees to locate Delta Dental participating dentists by name, location, specialty and network type. Directions and maps to dentists’ offices are also available online. The “Find a Dentist” feature at deltadentalins.com offers:

• Easy navigation and a clean display • The ability to conduct a search using key words, such as the name of a practice (as

well as by the dentist's name) • Fast narrowing of search results by specialty, language and gender • Easy toggling between Delta Dental PPO, Delta Dental Premier and DeltaCare USA

network results • Yelp reviews of dentist offices • Access to our provider directory through our secure Online Services that pre-filters

dentists to the network associated with the enrollee’s plan Online directories are updated daily. Our Cost Estimator tool provides PPO enrollees with an estimate of how much they’ll pay for specific procedures they receive on their next dentist visit. The tool provides a personalized estimate based on the dentist a member sees. With this tool, the member selects the Delta Dental dentist whom she/he intends to visit. The tool then provides the dentist fees for selected procedures and calculates the member’s cost by taking into account her/his applicable benefits, including any maximums and remaining deductible. Members can even compare fees from multiple dental offices at the same time. We are happy to discuss offering a plan with a lower out-of-network benefits level in order encourage network utilization. Delta Dental is able to process out-of-network claims at reimbursement levels (e.g., 70th, 75th, 85th, 90th, 95th) other than our standard fee levels.

We also have a standard set of maximum allowed non-participating fees that we developed using our own proprietary database of all dentists’ submitted fees. Clients can often control their dental plan costs further by electing to apply Delta Dental’s standard processing to out-of-network claims.

D.20.b. Please describe Respondent’s calculation of usual and customary as applicable to out-

of-network charges? Does ERS have the flexibility to establish usual and customary?

For both contracted and non-contracted PPO and other open-network general dentists and specialists, Delta Dental calculates Maximum Contract Allowances for use in payment by it and by its enrollees.

Maximum Contract Allowances are determined by Delta Dental based on a review of a variety of factors, including claim charges submitted on a regional basis for a given service by dentists of similar training within the same geographical area. Delta Dental examines dentist fee information from a number of other sources, including submitted charges, using various factors, subject to regulatory limitations and adjustment for extreme difficulty or unusual circumstances. This information is compared to third-party benchmark data.


Delta Dental will pay out-of-network claims up to the 80th percentile for ERS as requested. We establish out-of-network charges by accessing our internal database. This database, which was developed by our enterprise of Delta Dental-affiliated companies, underwrites and administers approximately $8 billion in dental benefits programs each year to enrollees located in all 50 states, the District of Columbia and Puerto Rico. This database includes the most accurate and objective information available due to its size and comprehensive nature. Delta Dental is able to process out-of-network claims at other reimbursement levels (e.g., 70th, 75th, 85th, 90th, 95th). We also have a standard set of maximum allowed non-participating fees that we developed using our own proprietary database of all dentists’ submitted fees. Clients can often control their dental plan costs further by electing to apply Delta Dental’s standard processing to out-of-network claims.

D.21. Describe the growth (or reduction) of Respondent’s network in 2014, 2015, 2016, and

2017 year-to-date and if there are plans for future development of the network, if applicable.

Network Growth

2014 2015 2016 2017 Delta Dental PPO 4.9% 3.9% 3.4% 3.5% Delta Dental Premier 1.4% 1.0% 1.1% 1.1%

As a leader in the dental benefits industry, Delta Dental specializes in dentist recruitment and continues to build our national proprietary networks and to retain dentists so enrollees can maintain continuity of care. Our primary objective is to ensure the ongoing growth and stability of dentist networks that meet the access needs of our clients and enrollees. We anticipate our networks will continue to grow in the future. We also expect the turnover of participating dentists (e.g., resignations and terminations) to remain low. We routinely recruit dentists on behalf of clients and would be happy to do so for ERS. Delta Dental can work with ERS to target specific dentists in any location who are currently not contracted with Delta Dental, but who provide treatment to GBP Participants. Our dentist networks are national, but our recruiters and liaisons are local, based in each state to recruit and service contracted dentists. Delta Dental recruiters and liaisons have a dental background and a strong local presence in the communities they serve. Once a dentist is recruited, a Delta Dental liaison works closely with the office management to provide ongoing instruction on our online tools, assist with escalated claims and educate the office about Delta Dental-sponsored events and seminars designed to enhance our dental partnerships.

D.22. In the event lab work is needed for dental care, can Respondent’s providers use any lab

or their own lab, or are patients directed to network labs? Delta Dental does not require network dentists to use any specific laboratories. We do not have

contractual relationships with any laboratories.


D.22.a. Please explain how Respondent’s system adjudicates lab services. Depending on the client’s plan design, and the specific service performed, lab services, when

covered, are adjudicated either as stand-alone procedures, or are included in the fee for another completed service.

Network dentists and their contracted fees as well as the enrollee’s benefit levels are identified in the claim system. Most claims are auto-adjudicated by the system. Complex claims that require clinical judgement are reviewed by a consulting dentist.

D.23. Please describe how Respondent transitions orthodontic treatment in process. All coverage is provided on a no-loss/no-gain basis. Expenses incurred in connection with any

single dental procedure started prior to the enrollee's eligibility are the responsibility of the previous carrier.

For orthodontic treatment in progress prior to the effective date of coverage with Delta Dental,

we will pay the difference up to the lifetime maximum between what the previous carrier paid and our liability. The orthodontist should submit a claim with the treatment plan, start date, total fee and proof of the amount paid-to-date by the enrollee and/or the prior insurance carrier(s).

Delta Dental uses a two-payment schedule. We pay 50% of the lifetime maximum when the claim is initially processed for payment; the second payment will be issued 12 months after the initial banding date based on confirmed eligibility.

D.24. Disclose any dental group, facility or DSO in which Respondent’s organization owns an

interest (majority or otherwise).

Delta Dental of California, the parent company of Delta Dental Insurance Company, owns dental offices in central Florida. Dentists maintain their own practice at this Delta Dental-owned facility. Delta Dental does not hold financial interest in any of the providers in our networks.

D.25. When considering the total number of providers in Respondent’s network, please

disclose the percentage of each shown below.

Provider contract type Percentage of provider network Individual provider contract 100% Group practice contract 0% DSO contracts 0%

We contract directly with individual dentists and specialists who meet our credentialing criteria.


D.26 Is Respondent’s organization NCQA accredited or certified? Yes No If so, provide proof of such certification. All Delta Dental companies share common networks. In our enterprise of Delta Dental-affiliated

companies, Delta Dental Insurance Company manages network credentialing for all Delta Dental networks, and received NCQA Accreditation in Credentialing.

“Achieving credentialing accreditation from NCQA demonstrates that Delta Dental has the

systems, process and personnel in place to conduct credentialing in accordance with the strictest quality standards,” said Margaret E. O’Kane, NCQA President.

NCQA has reviewed and accredited Delta Dental Insurance Company’s Credentialing functions

only. For complete details on the scope of this review, visit www.ncqa.org. Please refer to the attachment entitled NCQA Certification, under Tab 41.

E. Deviations – Network Management Requirements - DHMO E.1. Affirm that Respondent shall comply with all of the Provider Network and Service Area

Requirements – Network Management Requirements described in RFP Sections VIII.C.1. – VIII.C.5.




F. Interrogatories – Network Management Requirements - DHMO F.1. Does Respondent own all of its contracts with participating providers, groups and

DSO’s?

Yes No Our DeltaCare USA network is a proprietary network. Delta Dental does not rent or lease its dental networks; we contract directly with individual dentists, group facilities and specialists who meet our credentialing criteria. Dentist contracts are not exclusive arrangements. Dentists may participate in any carrier’s networks.

F.1.a. If no, what percentage of state of Texas network is through leased networks?

Not applicable

http://www.ncqa.org/


F.1.b. In what areas are the leased networks located? Please identify the contract owner for each area.

Not applicable

F.2. Does Respondent have more than one provider network available?

Yes No Delta Dental is proposing our DeltaCare USA network.

If Respondent marked yes, what are the different network options and how do the network options impact the proposed rates? Not applicable

F.3. If Respondent provides more than one provider network, identify the network(s) that

Respondent proposes be used by GBP Participants.

Not applicable F.3.a. How long has each network been in place?

Our DHMO network has been in place for 29 years in Texas. State. Our DHMO was first available in Texas in 1989.

F.4. If Respondent contracts with a management company, Respondent shall describe the

details of the arrangement. Delta Dental does not contract with a management company.

F.5. Does Respondent have contracts with PCD groups, which require that specialty care referrals be made to a specified subset of the network’s specialists, if applicable?

Yes No

Delta Dental contracts directly with individual dentists, group facilities and specialists who meet

our credentialing criteria. We require only that referrals for specialty care be made to a contracted DeltaCare USA specialist of the enrollee’s choice.

If yes, provide details. Not applicable


F.6. Discuss the network’s methodology in evaluating patient access to dental care providers?

Accessibility of services is a key indicator of the need to add offices to a service area. This criterion can fluctuate depending upon the level of enrollment, office accessibility and dentists’ appointment availability. Delta Dental prepares GeoAccess reports based on the client’s actual enrollment and dentist availability to determine the level of access against client-specific criteria.

DeltaCare USA specialists are added on an ongoing basis. The criteria for network expansion

are based on the demographics of the area and availability of each line of specialty – periodontics, endodontics, oral surgery and pediatric dentistry – within the service areas of general practice dentists.

F.7. What is the availability of appointments for scheduling office visits within the dental

networks?

DeltaCare USA network dentists are contractually required to adhere to the accessibility standards shown below: • Emergency services – 24 hours a day, seven days per week • Initial appointment – first available, not to exceed four weeks • Routine care appointment – first available, not to exceed four weeks • Child hygiene appointment – first available, not to exceed eight weeks • Adult hygiene appointment – first available, not to exceed 12 weeks A summary of DeltaCare USA’s appointment standard compliance in Texas is provided below:

2017 Texas Appointment Standard Compliance Report

Appointment type Compliance Average

Wait (Weeks)

Initial – 4 weeks or less 100.0% 1.2 Hygiene (Child and Adult) – 8 weeks or less 100.0% 1.4

Routine – 4 weeks or less 100.0% 1.2 Emergency 24/7 100.0% N/A

F.8. What are the professional liability coverage requirements for each type of dental care

provider in Respondent network, if applicable?

Dentists are required to meet the requirements of the state(s) in which they practice. In Texas, all network dentists must carry a minimum of $500,000 malpractice insurance (for individual occurrences) and $1 million public liability (for coverage of the entire practice.)


F.9 How often does Respondent add dental care providers to its network, if applicable?

Provide a detailed explanation for the need to add dental care providers, the timeframe and frequency of the updates to Respondent’s dental care provider network.

Targeted network recruitment is conducted wherever and whenever necessary or requested by a client. We continuously add providers to our network. Our Professional Relations representatives recruit dentists for our networks through direct outreach and dental association events. We also invite enrollees to nominate dentists for network participation and we invite dentists to apply for network participation. We typically require 60 days for the recruitment process.

F.10. What is the most frequent reason that a dental care provider leaves Respondent’s

network, if applicable?

The top three reasons for dentist resignations are:

• Insufficient enrollment to produce favorable compensation • Unwillingness to maintain DeltaCare USA access or quality-assurance standards • No longer accepts prepaid enrollees

F.11. What is Respondent’s credentialing and re-credentialing process for all dental care

providers?

Delta Dental credentials dentists as part of our internal contracting process before they can be admitted into our networks. For inclusion in our prepaid, fixed-copayment dental network, dentists must be established within the community and experienced in the delivery of managed care services. All dentists are credentialed to NCQA standards. All Delta Dental companies share common networks. In our enterprise of Delta Dental-affiliated companies, Delta Dental Insurance Company manages network credentialing for all Delta Dental networks, and received NCQA Accreditation in Credentialing. “Achieving credentialing accreditation from NCQA demonstrates that Delta Dental has the systems, process and personnel in place to conduct credentialing in accordance with the strictest quality standards,” said Margaret E. O’Kane, NCQA President. NCQA has reviewed and accredited Delta Dental Insurance Company’s Credentialing functions only. For complete details on the scope of this review, visit www.ncqa.org. The initial process includes review of the applicant’s training, education and professional history such as current dental credentials including state license, evidence of malpractice coverage, DEA certificate and specialty training verification. Delta Dental reviews malpractice history and state board actions. Dentists are required to complete an application that includes practice history and indicates compliance with current Centers for Disease Control Infection Control Guidelines. The recredentialing process omits elements that are not subject to change, such as graduation from dental school and adds elements related to the dentist’s performance (e.g., utilization reviews and grievances).


F.11.a. How often does Respondent conduct the re-credentialing process?

Contracted dentists are recredentialed at least once every three years. Network dentists must submit a credentialing form, current dentist’s license, and a copy of their malpractice insurance policy in order to maintain their status. Licensure and good standing are verified annually through the State Board and National Practitioner Data Bank. A complete recredentialing process and re-verification occurs every three years for all network dentists using the same sources used during initial credentialing. Recredentialing also includes review of any applicable chart audit results, enrollee satisfaction survey responses and enrollee grievances.

F.12. What is the fee and risk sharing arrangements that Respondent has with dental care providers in each network for which Respondent is submitting a Proposal response? To assist in communication of this information, complete GBP Utilization of CDT Codes located in Appendix I. The fee schedules information needs to be by Texas three (3) digit zips.

Network general dentists are paid on a guaranteed capitation basis. They receive a designated

amount per month for each member assigned to their office. Dentists also receive an encounter fee for each patient visit reported on the monthly utilization report as well as procedure-driven payments for select, highly utilized procedures. Our encounter policy allows us to maintain a comprehensive database and to produce unique and detailed utilization reports.

Network specialists are reimbursed on a per claim basis according to a contracted fee

schedule.

For specialists, our proposed plan achieves a discount of 25% off the specialists’ usual fees as required. The patient’s liability is always limited to the plan’s scheduled copayment. Applicable copayment information has been provided under the attachment entitled Appendix I – DHMO GBP Utilizations CDT Codes, under Tab 42.


F.12.a. Is any provider compensation for providers related to utilization levels?

Yes No

If so, explain the methodology. Network general dentists receive encounter fees from Delta Dental for each patient visit reported on the utilization report. The average encounter fee ranges from $5 - $7 per report. Supplemental payments are tied to select procedures. Network specialists are reimbursed on a per claim basis according to a contracted fee schedule.

For specialists, our objective is to achieve an average discount of 20% to 45% savings over the specialists’ usual fees. Delta Dental does not utilize pay-for-performance provider reimbursement. Our consideration of this reimbursement model has included an evaluation of the risk of encouraging dentists to treat patients based on an artificial standard of care that reflects incentive criteria rather than the individual needs of the patient.

F.13. What minimum periods are included in Respondent’s dental care provider contracts

concerning the following: F.13.a. Provider’s notice to not accept new patients;

Network dentists can close their practice when they believe they are no longer able to accommodate additional patients. We request a 45-day notice when network providers believe they are no longer able to accommodate additional patients. Delta Dental can also close DeltaCare USA network facilities to new enrollees when the dentists are unable to meet our enrollee access requirements (e.g., appointment times).

F.13.b. Provider’s intent to terminate;

Contract dentists who opt to voluntarily terminate from the network must provide 90-days’ notice. Immediately upon termination, enrollees affected by a change in the provider network are notified by letter that their dentist is no longer available. Assignment to another network dentist is included. If preferred, the enrollee may select another network dentist by contacting DeltaCare USA’s Customer Service department. Network dentists are required by contract to complete all dental work started prior to the termination date. The dentist must also forward copies of all patient records, within 30 days, to the enrollee’s new network dentist.


F.13.c. Respondent’s intent to terminate; and

Our contracts mandate we give providers 30 days’ written notice of termination, except in the case of imminent harm to patient health, action against license to practice, or fraud, in which case termination may be immediate.

F.13.d. Provider’s required continuation of care to existing network Participants following

provider’s termination from the network, if applicable. If a contracted DeltaCare USA network dentist terminates, either voluntarily or by Delta Dental,

the dentist must complete any work started prior to the termination date. Copies of all patient records are forwarded to the enrollee’s new network dentist within 30 days, upon request. Contracted dentists are required to maintain records for at least five years following termination of their contracts with Delta Dental.

Claims for preauthorized specialty care submitted by dentists prior to termination for services received after the termination date are paid by Delta Dental provided the enrollee continues to be eligible to receive benefits; enrollees are responsible only for applicable copayments and any non-covered services.

If the member chooses to seek additional services other than as outlined above from the terminated dentist, the member will be responsible for all charges related to incurred treatment.

F.14. Respondent shall provide a detailed explanation of how it is in compliance with

continuation of coverage and conversion policies.

We comply with all applicable COBRA (the Consolidated Omnibus Budget Reconciliation Act of 1985) laws regarding continuation of coverage.

A primary enrollee’s eligibility ends on the last day of the month in which his or her full-time employment ends, unless otherwise agreed-upon by us and the client, or unless he or she chooses to continue coverage under COBRA.

A dependent’s eligibility ends along with the primary enrollee’s, or sooner if the dependent loses his or her dependent status, unless continued coverage is chosen in a timely fashion by or on behalf of the dependent(s) under COBRA.

F.15. What does Respondent offer, an individual conversion policy or a group conversion

policy?

Individual Conversion Policy Group Conversion Policy Describe the policy offered. Delta Dental will be happy to determine whether we can match the current DHMO plans for conversion plans upon receipt of additional information about the current plans that is required to conduct such an assessment. Delta Dental also offers a variety of individual DHMO plans that can be tailored to an enrollee’s specific needs and budget.


If a policy is not offered, Respondent shall provide reasoning as to why it is not offered. Not applicable.

F.16. What percentage of each network’s dentists are Board certified, if applicable? There is no generally accepted or recognized board for certification of general dentists.

Delta Dental requires all DeltaCare USA network specialists to be board-qualified and to have completed a specialty training program that satisfies the requirements of a recognized board for that specialty. 35% of specialists are board-certified.

F.17. What is the training/orientation process for Respondent’s network providers, if

applicable?

Delta Dental provides on-site training to all DeltaCare USA network dentists and their dental office staff prior to their first enrollee assignments. Network facilities receive a variety of written materials that include specialty referral forms, administrative guidelines, utilization-reporting forms and a DeltaCare USA Dentist Handbook. The handbook has been prepared to assist dentists in treatment planning and provide the administrative procedures required to deliver dental care to DeltaCare USA enrollees. Instructions are provided for eligibility verification, appointment scheduling criteria, dental care guidelines, procedures for specialty referral, benefit definitions, patient relations guidelines and quality assurance protocols. Network dentists also receive oral instruction during on-site training regarding the use of eligibility and capitation reports. Delta Dental conducts webinars for dental offices on how to make their businesses more environmentally friendly, while promoting our online services and electronic claims submission that can reduce their paper use. Network dentists and their staffs also receive ongoing education through regularly scheduled on-site and on demand service calls by DeltaCare USA Professional Relations representatives. Regional dental meetings held throughout the year provide an opportunity for quality management and Professional Relations representatives to reinforce company policies and criteria as well as provide a forum for dentists to present their comments, concerns or questions. Professional Relations representatives are available to respond to specific administrative issues. Our Customer Service representatives provide assistance with inquiries relating to coverage and eligibility.

Address the specific training/orientation items below and provide a specific explanation to: F.17.a. Participant eligibility; Network dentists receive eligibility lists at the beginning of each month. Dental offices can also

use Delta Dental’s secure, password-protected website to verify enrollee eligibility and benefits online or call Customer Service.


F.17.b. Utilization review procedures;

Our provider contracts and handbooks state that dentists are subject to Dental Dental’s utilization review process in order to ensure that services are provided at a level of care that meets professionally recognized standards of practice. Our Professional Relations department is responsible for communicating with network dentists in the event utilization patterns outside peer group norms are detected and the need for corrective action is determined.

F.17.c. Billing; and

All network dentists contractually agree to accept set plan copayments as payment in full for covered dental services and not to seek additional fees. Enrollees are not required to pay more than their specified copayment for covered procedures. Accurate fees are monitored through enrollee complaints and office audits.

F.17.d. Quality improvement responsibilities.

In compliance with applicable regulations, Delta Dental maintains an effective DeltaCare USA Quality Improvement Program (QIP). The ongoing objectives of the QIP are to:

• Monitor and evaluate the care rendered by panel providers to the population served • Participate in quality of care reviews and other applicable activities of regulatory agencies • Develop quality indicators that are objective, measurable and based on current standards

of care and clinical experience • Utilize clinical care standards or practice guidelines from recognized authorities and

scientific evidence • Identify, document, evaluate and resolve known or suspected systemic problems through

the development and implementation of corrective action plans • Ensure follow-up to document problem resolution, improvement in care systems and/or

need for further improvement • Provide feedback, education and grievance-resolution assistance to enrollees and

providers on a continuing basis and in compliance with applicable regulations • Review scope, content and effectiveness of the QIP on an annual basis and updating it as

needed • Develop, approve and implement annual Quality Improvement (QI) Workplans, which

include the major quality improvement goals, programs, studies and activities planned for the year

QIP policies and processes, as documented in the Quality Improvement Program Manual, provide a systematic means for meeting the above quality assurance and improvement objectives. QIP activities accurately identify internal and external areas for improvement and promote meaningful change to ensure that, within the scope of their dental benefits, enrollees receive dental care that is consistent with generally accepted standards for dentistry and meets their individual needs.


The Quality Management Review Committee (QMRC) was established to provide external peer review, quality assurance oversight and input from practicing dentists who are not employees of Delta Dental. Potential quality issues of a persistent or egregious nature are referred to the Potential Quality Issues Committee (PQIC). After a thorough investigation, the committee may recommend limiting or terminating panel privileges based upon a provider’s persistent inability to meet standards, failure to meet generally accepted professional standards and/or violation of regulations applicable to the practice of dentistry. Such findings represent breach of contract related to quality of care and may constitute medical disciplinary cause or reason for a proposed adverse action, which would be reportable to state and/or federal agencies.

DeltaCare USA provider agreements also detail procedures for the contractual termination of providers who breach that agreement. Both quality and non-quality provider terminations are coordinated with the Legal department to ensure respect for the rights of providers to appeal an adverse decision.

For identified issues, we notify the dentist of the complaint and request additional information. If our investigation reveals that quality improvement is warranted, we notify the dentist of the corrective action they are required to implement.

F.18. What was the turnover rate of dentists and Respondent’s network, in 2014, 2015, 2016,

and 2017 year-to-date, if applicable? Respondent shall differentiate between voluntary and involuntary turnover.

Network Turnover

2014 2015 2016 2017 DeltaCare USA* 4.9% 3.2% 2.1% 5.5%

*Delta Dental is unable to report DeltaCare USA network turnover on a voluntary vs. involuntary

basis. Our DeltaCare USA provider contracting system does not record the reasons that providers terminate from the DeltaCare USA network.

F.19. Describe Respondent’s financial arrangements with contracted dentists. If

Respondent’s financial arrangements include different reimbursement methodologies, specify these arrangements, if applicable. (i.e., fixed fee schedules, percentage of usual and customary, variable by provider, area, specialty, etc.)

Network general dentists are paid on a guaranteed capitation basis. They receive a designated amount per month for each member assigned to their office. Dentists also receive an encounter fee for each patient visit reported on the monthly utilization report as well as procedure-driven payments for select, highly utilized procedures. Our encounter policy allows us to maintain a comprehensive database and to produce unique and detailed utilization reports.

Network specialists are reimbursed on a per claim basis according to a contracted fee schedule.

For specialists, our proposed plan achieves a discount of 25% off the specialists’ usual fees as

required.


F.20. Describe the growth (or reduction) of Respondent’s network in 2014, 2015, 2016, and

2017 year-to-date and if there are plans for future development of the network, if applicable.

Network Growth

2014 2015 2016 2017 DeltaCare USA 6.3% 4.8% 9.9% 4.68%

As a leader in the dental benefits industry, Delta Dental specializes in dentist recruitment and continues to build our national proprietary networks and to retain dentists so enrollees can maintain continuity of care. Our primary objective is to ensure the ongoing growth and stability of dentist networks that meet the access needs of our clients and enrollees. We anticipate our networks will continue to grow in the future. We also expect the turnover of participating dentists (e.g., resignations and terminations) to remain low. We routinely recruit dentists on behalf of clients and would be happy to do so for ERS. Delta Dental can work with ERS to target specific dentists in any location who are currently not contracted with Delta Dental, but who provide treatment to GBP Participants. Our dentist networks are national, but our recruiters and liaisons are local, based in each state to recruit and service contracted dentists. Delta Dental recruiters and liaisons have a dental background and a strong local presence in the communities they serve. Once a dentist is recruited, a Delta Dental liaison works closely with the office management to provide ongoing instruction on our online tools, assist with escalated claims and educate the office about Delta Dental-sponsored events and seminars designed to enhance our dental partnerships. Delta Dental monitors enrollee access on an ongoing basis to determine enrollee access needs and ensure the adequate availability of dentists. Delta Dental’s standard for our DeltaCare USA network calls for an established 25-mile radius between dentists in suburban areas and a 35-mile radius in rural areas. Access is reviewed and analyzed with each new enrollment for existing clients and with the enrollment of new clients. DeltaCare USA, specialists are added on an ongoing basis. The criteria for network expansion are based on the demographics of the area and availability of each line of specialty – periodontics, endodontics, oral surgery and pediatric dentistry – within the service areas of general practice dentists. Compensation arrangements in rural areas may also be higher than in urban areas.

F.21. In the event lab work is needed for dental care, can Respondent’s providers use any lab

or their own lab, or are patients directed to network labs? Delta Dental does not have any contractual relationships with laboratories.

DeltaCare USA enrollees are not responsible for lab costs associated with covered services. Copayments for listed procedures include the cost of precious metal.


F.21.a. Please explain how Respondent’s system adjudicates lab services. Our DeltaCare USA plan, which mirrors the current plan, uses a fixed-copayment schedule for

all covered services. Our plans are all inclusive, with no hidden fees for the additional cost of lab services or metal that can result in unexpected charges at the time of service.

General dentists are paid on a monthly capitation basis for all eligible enrollees assigned to

their office. Claims are required only for specialty services. Network general dentists determine if an enrollee requires dental care beyond their scope and, if necessary, submit a preauthorization request along with all necessary x-rays and records for the recommended specialty procedures. A claims processor enters the referral, verifies the accuracy of the information and forwards it to a consulting dentist for review.

F.22 Please describe how Respondent transitions orthodontic treatment in process. All coverage is provided on a no-loss/no-gain basis. Expenses incurred in connection with any

single dental procedure started prior to the enrollee's eligibility are the responsibility of the previous carrier.

The DeltaCare USA plan allows enrollees who are in orthodontic treatment to continue seeing

the same orthodontist who was treating them prior to the effective date. This takeover provision applies to enrollees in active treatment under a previous employer-sponsored dental plan as well as new hires.

Enrollees who qualify for the orthodontic treatment-in-progress provision are subject to the copayments, fee and contract language of their previous employer-sponsored DHMO or PPO dental plan. We accept financial responsibility only for the amount owed by the previous dental carrier for orthodontic treatment in progress, and only while an enrollee maintains continuous coverage under the DeltaCare USA plan. If only records and models have been taken and paid for, it is the enrollee’s responsibility to select a network orthodontist for remaining treatment.

F.23. Disclose any dental group, facility or DSO in which Respondent’s organization owns an

interest (majority or otherwise). Delta Dental of California, the parent company of Delta Dental Insurance Company, owns

dental offices in central Florida. Dentists maintain their own practice at this Delta Dental-owned facility. Delta Dental does not hold financial interest in any of the providers in our networks.

F.24. When considering the total number of providers in Respondent’s network, please

disclose the percentage of each shown below.

Provider contract type Percentage of provider network Individual provider contract N/A* Group practice contract N/A* DSO contracts N/A*

*Delta Dental contracts exclusively with individual DHMO dental facilities, which may include

one or more practicing dentists.


F.25. Is Respondent’s organization NCQA accredited or certified? Yes No

If so, provide proof of such certification.

All Delta Dental companies share common networks. In our enterprise of Delta Dental-affiliated companies, Delta Dental Insurance Company manages network credentialing for all Delta Dental networks, and received NCQA Accreditation in Credentialing.

“Achieving credentialing accreditation from NCQA demonstrates that Delta Dental has the

systems, process and personnel in place to conduct credentialing in accordance with the strictest quality standards,” said Margaret E. O’Kane, NCQA President.

NCQA has reviewed and accredited Delta Dental Insurance Company’s Credentialing functions

only. For complete details on the scope of this review, visit www.ncqa.org. Please refer to the attachment entitled NCQA Certification, under Tab 43.

APPENDIX R

COMMUNICATION REQUIREMENTS DEVIATIONS AND

INTERROGATORIES

Appendix R. Communication Requirements Deviations and Interrogatories 1

Communication Requirements Deviations and Interrogatories Respondent shall review the Deviation and Interrogatory instructions referenced at RFP Sections I.D.2. and I.D.3. Respondent shall complete the Interrogatories listed below by providing Respondent’s answer following each question. Respondent shall complete both PPO and DHMO sections if Respondent will be providing both plans. If Respondent is not providing services for both plans, then Respondent only needs to provide its Responses to either the PPO or DHMO sections. PPO RESPONSES A. Deviations – Program Specific Overview Requirements - PPO A.1. Affirm that Respondent shall comply with all of the Scope of Work – Communication

Requirements – Program Specific Overview Requirements described in RFP Sections IX.A.1.a. – IX.A.20.



Respondent’s Requested Deviation Detail: A.1.b. Delta Dental can co-brand ERS communication materials. Compliance with Delta Dental Plans Association branding guidelines may apply.

B. Interrogatories – Program Specific Overview Requirements- PPO

B.1. Respondent shall provide samples and/or copies of the enrollment marketing packets it will provide to Participants. This response should include, but not be limited to, the items discussed at RFP Section IX.A.17., which are as follows:

• An enrollment presentation to be recorded and posted on the ERS website and

delivered upon request at enrollment events; • Targeted enrollment communication brochures; • Welcome Letter to new Participants; • Brochures explaining Plan changes and updates; • Explanation of Benefits – Fact Sheet; • General Plan information; and • Enrollment information on Respondent’s website.

Please refer to the attachments provided as part of Delta Dental’s Enrollment Marketing Packet – PPO, under Tab 50.

B.2. Describe Respondent’s ability to produce Participant-specific communications.

Delta Dental can provide customized highlight sheets, electronic Evidence of Coverage booklets and electronic enrollee ID cards for ERS at open enrollments that will include the client’s name, Delta Dental group number and a description of the plan benefits. Our proposed rates include these standard materials.


Electronic Evidence of Coverage booklets and enrollee ID cards can also be customized to include the client’s name and/or black and white logo at no charge.

Delta Dental can provide a customized video for a client’s enrollees that explains their benefits

information, similar to our Benefits Highlights sheets, and includes information about our website and dental wellness. Videos are provided at no additional cost. We also provide a custom URL for the video that clients can post on their intranet site or share with their employees.

B.3. How does the Participant-specific customizations impact the cost or quality of

communications for ERS?

Delta Dental will provide communication material customization with ERS’ name and/or black and white logo at no charge. We will provide electronic materials at no additional cost.

B.4. Describe Respondent’s capabilities for staffing benefit fairs, wellness fairs, and other

presentation and events. Delta Dental provides support at open enrollment meetings at no additional cost. Delta Dental has open enrollment staff that works with our account management team to coordinate staffing and the distribution of materials during open enrollment meetings. We produce a variety of standard enrollment and communication materials at no additional cost that allow us to tailor a communication program to ERS’ needs. To assist during open enrollment, Delta Dental offers the following enrollment materials: Benefit highlight sheets. Customized with ERS’ name, group number and benefits summary, along with quick tips to getting the most from the dental plan. Informational flyers. Provide information about a variety of topics including online services, an overview of preventive care, our SmileWay® Wellness Program and other dental health care topics. A customized video is also available free of charge that explains ERS’ specific benefits and can be played at open enrollments or new-hire orientations or posted on ERS’ intranet.

B.5. Respondent shall confirm that it will assign a dedicated communications specialist(s) to meet and work with ERS staff to produce the communication materials.

Confirm

B.5.a. If Respondent cannot confirm the above interrogatory B.5., Respondent shall enumerate

and provide a detailed description as to why not.

Not applicable B.6. Respondent shall describe its methods for a Participant to access information about the

Plans, (i.e., mobile application, innovative methods, etc.).

Delta Dental’s mobile web functionality makes it easy for enrollees to access dental information from a smartphone. The online tools used most often have been streamlined so enrollees can get the information they need faster and easier.


Enrollees can log on to:

• Search Delta Dental’s online dentist directory • Check benefits and eligibility • Check deductibles and maximums • Search for benefits by keyword or procedure code • Check claims status and history • View ID card (access while at the dentist's office)* • Go paperless by opting to “Receive Statements Online” under “My Account”

Enrollees may download and print ID cards from a password-protected section of our website. Members may also use Delta Dental’s mobile app to view their ID card. As an added convenience, the mobile app allows members to email their ID card to their dental office in advance of their appointment.

B.7. Respondent shall provide copies of its generic communications used for plans similar

to the Plans. Respondent’s response should include, but not be limited to, enrollment marketing packets.

Acknowledged and confirmed. Please refer to attachments provided as part of Delta Dental’s Communications – PPO, under Tab 51.

C. Deviations – Ongoing Member Communications Requirements –

PPO C.1. Affirm that Respondent shall comply with all of the Scope of Work – Communication

Requirements – Ongoing Member Communication Requirements described in RFP Sections IX.B.1. – IX.B.12.




D. Interrogatories – Ongoing Member Communications

Requirements - PPO

D.1. Respondent shall refer to RFP Section IX.B.9 for ERS’ requirements regarding Fact Sheets. Respondent shall provide its sample Fact Sheets.

Please refer to the attachment entitled Fact Sheets – PPO, under Tab 52.

D.2. Respondent shall provide with its Proposal the Master Benefit Plan Document (MBPD)

for FY20.

Provided

Please refer to the attachment entitled MBPD - PPO, under Tab 53.


D.3. Respondent shall provide with its Proposal a draft of the Member Handbook.

Provided

Please refer to the attachment entitled Member Handbook - PPO, under Tab 44. D.4. Respondent shall submit with its Proposal a proposed MBPD on a separate CD-ROM or

USB Thumb Drive for ERS’ review and approval.

Provided D.5. Respondent shall provide with its Dental PPO Proposal a sample of a Dental PPO packet

used to identify the Dental PPO to the GBP Dental Program Participants.

Provided

Please refer to the attachment entitled Sample Welcome Packet - PPO, under Tab 45. D.6. Respondent shall submit with its Proposal an electronic mock-up of a proposed GBP-

specific ID card.

Provided

Please refer to attachment entitled ID Card Mock-up - PPO, under Tab 46. E. Deviations – Website Specifications Requirements - PPO E.1. Affirm that Respondent shall comply with all of the Scope of Work – Communication

Requirements – Website Specifications Requirements described in RFP Sections IX.D.1. – IX.D.8.c.



Respondent’s Requested Deviation Detail: Delta Dental will provide a report by September 1, 2019 from an independent provider, evidencing Section 508 compliance.

F. Interrogatories – Website Specifications Requirements - PPO F.1. If Respondent currently maintains an internet website, provide the URL address.

Delta Dental’s corporate website is deltadentalins.com.


F.2. Respondent shall provide a report from an independent provider evidencing its organization’s Section 508 compliance.

Provided

Please refer to the attachment entitled Section 508 – Accessibility Conformance Report – PPO, under Tab 54. Delta Dental is providing its self-reported conformance report. We are currently working with a third-party vendor to provide an independent compliance report. We are committed to meeting 508, Level 1 compliance by September 1, 2019.

F.3. Is Respondent currently using the WCAG 2.0 or does Respondent have plans to use these guidelines in the future?

Yes No

F.3.a. If not currently using WCAG 2.0, provide a date when Respondent would be able to

implement the WCAG standards in the future.

Not applicable

F.4. Respondent shall confirm that its customizable plan website will be functioning in accordance with the implementation schedule.

Confirm

F.4.a. If Respondent cannot confirm the above interrogatory F.4., Respondent shall enumerate

and provide a detailed description as to why not. Not applicable F.5. Respondent shall confirm that its configurable claims website will be functioning in

accordance with the implementation schedule.

Confirm F.5.a. If Respondent cannot confirm the above interrogatory F.5., Respondent shall enumerate

and provide a detailed description as to why not.

Not applicable


G. Deviations – Respondent Website Content Requirements -

PPO G.1. Affirm that Respondent shall comply with all of the Scope of Work – Communication

Requirements – Respondent Website Content Requirements described in RFP Sections IX.E.1. – IX.E.8.b.




DHMO RESPONSES H. Deviations – Program Specific Overview Requirements - DHMO H.1. Affirm that Respondent shall comply with all of the Scope of Work – Communication

Requirements – Program Specific Overview Requirements described in RFP Sections IX.A.1.a. – IX.A.20.



Respondent’s Requested Deviation Detail: A.1.b. Delta Dental can co-brand ERS communication materials. Compliance with Delta Dental Plans Association branding guidelines may apply.

I. Interrogatories – Program Specific Overview Requirements- DHMO

I.1. Respondent shall provide samples and/or copies of the enrollment marketing packets it will provide to Participants. This response should include, but not be limited to, the items discussed at RFP Section IX.A.17., which are as follows:

• An enrollment presentation to be recorded and posted on the ERS website and

delivered upon request at enrollment events; • Targeted enrollment communication brochures; • Welcome Letter to new Participants; • Brochures explaining Plan changes and updates; • Explanation of Benefits – Fact Sheet; • General Plan information; and • Enrollment information on Respondent’s website.

Please refer to the attachments provided as part of Delta Dental’s Enrollment Marketing Packets - DHMO under Tab 55.


I.2. Describe Respondent’s ability to produce Participant-specific communications.

We can customize our standard DeltaCare USA benefit summary booklet and by including ERS’ name and/or a black-and-white logo at no additional charge. Delta Dental can also provide a customized video for a client’s enrollees that explains their benefits information, similar to our Benefits Highlights sheets, and includes information about our website and dental wellness. Videos are provided at no additional cost. We also provide a custom URL for the video that clients can post on their intranet site or share with their employees.

I.3. How does the Participant-specific customizations impact the cost or quality of

communications for ERS?

Delta Dental will provide communication material customization with ERS’ name and/or black and white logo at no charge.

I.4. Describe Respondent’s capabilities for staffing benefit fairs, wellness fairs, and other

presentation and events. Delta Dental provides support at open enrollment meetings and standard enrollment and communication materials at no additional cost. We provide a solicitation package for all eligible members that may include: • DeltaCare® USA plan benefits • Network directory* • Enrollment card* • Enrollee flyers - Delta Dental can also provide enrollee flyers that cover a wide variety of

topics including online services, an overview of preventive care, our SmileWay® Wellness Program and other dental health care topics.

Delta Dental is striving to reduce our environmental impact and works with our clients to fulfill their enrollment and communication needs by encouraging the use of these documents in an electronic format, which benefits managers can post to their organization’s intranet or distribute by email. Our core open enrollment documents are available in an electronically optimized format. A customized video is also available free of charge that explains ERS’ specific benefits and can be played at open enrollments or new-hire orientations or posted on ERS’ intranet. *Delta Dental is striving to reduce our environmental impact and works with our clients to fulfill their enrollees’ needs for dentist directories by encouraging the use of our searchable online dentist directory. We also offer an online enrollee ID card.

I.5. Respondent shall confirm that it will assign a dedicated communications specialist(s) to meet and work with ERS staff to produce the communication materials.

Confirm

I.5.a. If Respondent cannot confirm the above interrogatory I.5., Respondent shall enumerate

and provide a detailed description as to why not. Not applicable


I.6. Respondent shall describe its methods for a Participant to access information about the Plans, (i.e., mobile application, innovative methods, etc.).

Delta Dental’s mobile web functionality makes it easy for enrollees to access dental information from a smartphone. The online tools used most often have been streamlined so enrollees can get the information they need faster and easier.

Enrollees can log on to:

• Search Delta Dental’s online dentist directory • Check benefits and eligibility • Search for benefits by keyword or procedure code • Check emergency and specialty care claims status and history • View ID card (access while at the dentist's office)* • Go paperless by opting to “Receive Statements Online” under “My Account”

Enrollees may download and print ID cards from a password-protected section of our website. Members may also use Delta Dental’s mobile app to view their ID card. As an added convenience, the mobile app allows members to email their ID card to their dental office in advance of their appointment.

Eligibility and plan information for DeltaCare USA enrollees can be accessed using a smartphone but enrollees will have full-site view.

I.7. Respondent shall provide copies of its generic communications used for plans similar

to the Plans. Respondent’s response should include, but not be limited to, enrollment marketing packets.

Provided

Acknowledged and confirmed. Please refer to the attachments provided as part of Delta Dental’s Communications – DHMO, under Tab 56.

J. Deviations – Ongoing Member Communications Requirements

- DHMO J.1. Affirm that Respondent shall comply with all of the Scope of Work – Communication

Requirements – Ongoing Member Communication Requirements described in RFP Sections IX.C.1. – IX.C.12.



Respondent’s Requested Deviation Detail: B.6. The timeframe for EOC delivery is subject to receipt of revisions by ERS and the time required for TDI to approve all documents. Filings can take from 30 (thirty) to 90 (ninety) days.


K. Interrogatories – Ongoing Member Communication Requirements - DHMO

K.1. Respondent shall refer to RFP Section IX.C.9 for ERS’ requirements regarding Fact Sheets. Respondent shall provide its sample Fact Sheets.

Please refer to the attachment entitled Fact Sheets – DHMO, under Tab 57.

K.2. Respondent shall provide with its DHMO Proposal a proposed EOC on a separate CD-

ROM or USB Thumb Drive (in Word or Excel document, no PDF documents will be accepted) and a sample ID card.

Provided

Please refer to the attachment entitled Proposed EOC – DHMO, provided on a separate CD-ROM. Proposed EOC does not reflect exact benefits being quoted.

K.3. Respondent shall provide to the Assistant Director of Benefit Contracts or designee a

draft of the Member Handbook with its DHMO Proposal.

Provided

Please refer to attachment entitled Member Handbook - DHMO, under Tab 47. K.4. Respondent shall submit with its DHMO Proposal an electronic mock-up of a proposed

GBP-specific ID card.

Provided

Please refer to attachment entitled ID Card Mock-up - DHMO, under Tab 49. L. Deviations – Website Specifications Requirements - DHMO L.1. Affirm that Respondent shall comply with all of the Scope of Work – Communication

Requirements – Website Specifications Requirements described in RFP Sections IX.D.1. – IX.D.8.c.



Respondent’s Requested Deviation Detail: D.7.a Delta Dental will provide a report by September 1, 2019 from an independent provider, evidencing Section 508 compliance.


M. Interrogatories – Website Specifications Requirements - DHMO M.1. If Respondent currently maintains an internet website, provide the URL address.

Delta Dental’s corporate website is deltadentalins.com.

M.2. Respondent shall provide a report from an independent provider evidencing its

organization’s Section 508 compliance.

Provided

Please refer to the attachment entitled Section 508 – Accessibility Conformance Report – DHMO, under Tab 58. Delta Dental is providing its self-reported conformance reports. We are currently working with a third-party vendor to provide an independent compliance report. We are committed meeting 508, Level 1 compliance by September 1, 2019.

M.3. Is Respondent currently using the WCAG 2.0 or does Respondent have plans to use

these guidelines in the future?

Yes No M.3.a. If not currently using WCAG 2.0, provide a date when Respondent would be able to

implement the WCAG standards in the future. Not applicable M.4. Respondent shall confirm that its customizable plan website will be functioning in


Confirm M.4.a. If Respondent cannot confirm the above interrogatory M.4., Respondent shall enumerate

and provide a detailed description as to why not. Not applicable M.5. Respondent shall confirm that its configurable claims website will be functioning in


Confirm M.5.a. If Respondent cannot confirm the above interrogatory M.5., Respondent shall enumerate



N. Deviations – Respondent Website Content Requirements - DHMO

N.1. Affirm that Respondent shall comply with all of the Scope of Work – Communication

Requirements – Respondent Website Content Requirements described in RFP Sections IX.E.1. – IX.E.8.b.




APPENDIX U

INFORMATION SYSTEMS REQUIREMENTS DEVIATIONS AND

INTERROGATORIES

Appendix U. Information Systems Requirements Deviations and Interrogatories 1

Information Systems Requirements Deviations and Interrogatories

Respondent shall review the Deviation and Interrogatory instructions referenced at RFP Sections I.D.2. and I.D.3. Respondent shall complete the Interrogatories listed below by providing Respondent’s answer following each question. Respondent shall complete both PPO and DHMO sections if Respondent will be providing both plans. If Respondent is not providing services for both plans, then Respondent only needs to provide its Responses to either the PPO or DHMO sections. PPO RESPONSES A. Deviations – Operations Requirements - PPO A.1. Affirm that Respondent shall comply with all of the Scope of Work – Information

Systems Requirements – Operations Requirements described in RFP Sections X.A.1. – X.A.21.




A.2. Respondent shall provide its Deviations to the requirements at RFP Section X.A.4. If applicable, Respondent shall provide the following information:

A.2.a. Provide a description of the services Respondent performs offshore.

None of Delta Dental’s services are performed offshore.

A.2.b. Provide the following information with regard to offshore data transmission: A.2.b.i. If data is transmitted offshore, indicate the countries.

Not applicable. None of Delta Dental’s services are performed offshore. A.2.b.ii. Describe the type of data that is transmitted offshore.

Not applicable. None of Delta Dental’s services are performed offshore.

A.2.b.iii. Identify (by name and physical address) the entity(ies) this data is transmitted to.

Not applicable. None of Delta Dental’s services are performed offshore. A.2.c. Provide the following information with regard to accessibility of offshore data: A.2.c.i. If data is accessible offshore, indicate the countries.

Not applicable. None of Delta Dental’s services are performed offshore. A.2.c.ii. How is it accessible?



A.2.c.iii. Describe the type of data that is viewable offshore. Not applicable. None of Delta Dental’s services are performed offshore.

A.2.c.iv. Describe who has access to any offshore data. Not applicable. None of Delta Dental’s services are performed offshore.

A.2.c.v. Describe how this data is viewable. Not applicable. None of Delta Dental’s services are performed offshore.

A.2.c.vi. Describe the function of any data that is accessible offshore. Not applicable. None of Delta Dental’s services are performed offshore.

A.3. Respondent shall provide its Deviations to the requirement at RFP Section X.A.5., if applicable. Respondent’s Requested Deviation Detail: Delta Dental has no deviations. Delta Dental’s services are not performed offshore.

B. Interrogatories – Operations Requirements - PPO

B.1. What type of background checks are performed on all company hires, particularly those that will have access to PII and HIPAA data?

Delta Dental conducts background checks of all prospective employees including a criminal background check, educational degree verification (BA and higher), employment verification, license verification (e.g., DDS, JD), social security number trace, motor vehicle record (if legally permitted by state) and credit check for employment purposes (if appropriate based on the job function). Criminal background check includes, but is not limited to, criminal history checks (including a minimum of seven-year felony and misdemeanor multi-county and national criminal record search) as determined by the social security trace and including aliases. Delta Dental conducts an individualized assessment for convictions deemed job related when making employment decisions in compliance with federal laws and to the extent allowable by state and local laws. Furthermore, we are in compliance with the laws governing individuals’ rights under the Fair Credit and Reporting Act and protection of privacy information.

B.2. What are the normal staffing hours (in CT) for the following?

Respondent’s technical support team to respond to data and reporting questions:

Delta Dental’s Account Management team is available to assist ERS Monday through Friday between 8 am and 6 pm (CT). Delta Dental’s interactive voice response (IVR) system offers speech recognition, caller authentication in English and Spanish-language options. Enrollees can obtain automated information regarding eligibility, benefits, and claims status and


can request materials such as ID cards, plan documents or local dentist directories. The IVR system also provides fax-on-demand capabilities for dentists. The IVR system is available 24 hours a day, Monday through Sunday, except for periodic maintenance performed on Sundays. We have updated our IVR system to deliver quality service faster. Callers can expect improved call routing and easier navigation, plus our enhanced system automatically routes callers through the system – no matter which number they dial – based on their unique member ID. For instance, if an enrollee calls the number for a product she/he is not enrolled under, the system will reroute her/him to the correct queue.

Respondent’s data center: Our data center is available during normal business hours from 8 am to 4:45 pm Monday through Friday (CT)) Delta Dental uses an internal Support Center for any internal issues, employing analysts based on the East and West Coasts to provide 12 or more hours of support (primary business hours) Monday through Friday. After-hours calls are received by IT Operations staff (available 24/7), which can open support tickets and contact support personnel as needed. Alerting is done internally. If warranted, ERS could be contacted by Sales support staff.

B.3. Describe Respondent’s standardized methodology for resolving issues and

implementing measurable action plans to resolve them. Delta Dental maintains a problem management team who utilize JIRA, a software tracking, assignment and reporting tool, to trend and track incidents based on pre-established criteria. Impacted users can report their problems in real-time using a template in the JIRA system or call Support Center. This template collects details on the nature of the problem and its business impact. The priority is assessed based on the data collected and the appropriate resources are immediately assigned depending on the nature of the problem. The JIRA system and problem teams automatically tracks the progress of each incident through resolution and root cause analysis.


B.4. Respondent shall provide the following:

The historical periodic scheduled maintenance schedule for 2017:

System support teams have monthly patching/maintenance schedules for both production and pre-production.

The non-periodic maintenance which happened outside the scheduled period for 2017:

Any unplanned changes are vetted and approved through ITIL Change Management process (enterprise CAB).

A detailed report of all unscheduled outages, slowdowns, impairments, and other system events for 2017 which exceeded 5 minutes duration:

Delta Dental had a total of 17 Sev1-critical outages for 2017.

B.4.a. Complete the schedule of hardware (system) and software changes.

Column 1: Briefly outline recent system changes and describe any planned or scheduled system changes and/or upgrades to Respondent’s hardware, infrastructure and data centers that will be hosting ERS data and services being used between now and August 31, 2019. Column 2: Detail all planned upgrades to Respondent’s software affecting ERS data and services between now and August 31, 2019.

Description of System Changes & Upgrades*

Description of Software Changes*

Projected Implementation Date

Hardware and software are continually reviewed and updated to reflect the changes in the industry and the needs of our clients.

Lifecycle management exist in order to maintain hardware/software maintenance and support.

As required.

*Scheduled from now through August 31, 2019

B.4.b. What quality assurance processes are provided in Respondent’s system to ensure

accurate claims administration?

Claims system quality assurance Delta Dental uses the Hewlett Packard claims-processing system, MetaVance, to administer dental benefits and to process enrollment, group billing, claims and encounters. Benefit data is reviewed prior to auto-load into the claims-processing system as well as post-load. Our Group Records’ Quality Assurance unit is responsible for performing quality checks to ensure accuracy prior to implementation. In addition, our Onboarding department does a complete review and sign-off prior to the client’s go-live date. Claims processing quality assurance Our Quality Assurance department has three main programs in place – global post-payment, client-level post-payment and system-level pre-payment. Additional focused pre-payment audits are also performed on high-dollar claims and manual pay/overridden claims. The Claims Processing department has a performance management program in place. Daily performance management audits are performed on approximately 5% of all claims that are handled by claims processors. During the performance-management audit process, claims are sampled by claims examiner ID after the adjudication process but prior to Delta Dental’s


issuing benefit payment. Delta Dental uses a daily random-sampling methodology during this process. Audits are conducted daily with weekly interim reports to monitor accuracy and final cumulative monthly results. Performance management audits measure examiner processing accuracy, identify processing trends/training issues and highlight potential problems. The audit report provides a summary at the processor level and unit level. Any errors detected for an individual examiner are referred to the appropriate claims supervisor for review, correction and training. Global post-payment audits are based upon sound, statistical principles and provide a formal measure of performance accuracy levels for the quality goals of the Claims department. The monthly sample size of our audits is determined based on valid statistical formulas using random-sampling methodology from all claims processed after post-disbursement. Weekly audits are performed during the post-payment audit process and final results published monthly. Errors detected along with performance accuracy results are reported to the Claims department for review, correction and analysis. Client-level post-payment audits are conducted for groups that have purchased client-specific, claims-accuracy performance guarantee. Errors detected along with performance accuracy results are reported to the Claims department for review, correction and analysis. Daily pre-payment audits are performed on approximately 0.05% of all system-level claims that drop-to-process on a pre-disbursement basis. These audits are performed to support and monitor system accuracies due to the increased drop-to-process percentage of our current claims processing system. Errors detected are referred to the appropriate area for review, correction and analysis. Daily pre-payment audits are performed on a sample of high-dollar and manual pay/overridden claims. Errors detected are referred to the appropriate area for review, correction and analysis.

• Audits are performed on all claims greater than or equal to $1,000 paid to members. • Audits are performed on a random sample of high-dollar claims greater than or equal

to $1,000 paid to providers. • Audits are performed on a random sample of denied claims with submitted amounts

greater than or equal to $1,000 paid to members and providers. • Audits are performed on a random sample of manually paid/overridden claims paid to

members or providers. B.4.c. Describe how Respondent evaluates various aspects of a project to ensure that

standards of quality are being met.

Delta Dental has multiple approaches for ensuring the accuracy of our benefits programming. Our teams work closely to integrate our Software Development Life Cycle (SDLC) methodology to assure the optimum quality of the group’s benefit packages.

Our SDLC includes the numerous phases; however, it is our testing activities that are critical to assure that benefit packages have been developed to meet the group’s directives. Our testing includes the following activities.

a) Testing – perform, monitor, report and track the test phases which include unit, model office, end to end, and performance. Also, permits the documenting, tracking, prioritizing and triaging defects identified during testing.

b) Walkthroughs – are held to review and correct any defects discovered during any testing phase. Reports are provided and reviewed with our senior staff continually.

c) Deployment – provides for release management oversight and coordination of all activities across the enterprise to move the software from test to production through


post-implementation handoff. During deployment, IT and business representatives conduct an assessment of any changes introduced in the release to assure that benefits are being administered correctly. This is called the Business Check-Out and it is a keep component of the deployment phase.

d) Maintenance – allows for future changes to the software to address redesign or feature upgrades.

After post-implementation, Delta Dental’s business experts continue to perform quality checks to ensure accuracy. Benefit data is reviewed prior to auto-load into the claims processing system as well as post-load. The Quality Assurance department then reviews the updates for accuracy and facilitates activities to correct any issues.

B.5. Describe how Respondent’s organization’s processes and systems (including test

and/or production files) can accommodate the following three scenarios:

• Terminations by absence of records in the enrollment file; • Retroactive enrollment dates (i.e., employee’s start date is Oct. 7th and benefits are

active to Oct. 1st); and • Future effective dates on eligibility files. Respondent shall describe the impact the above has on claims processing. Delta Dental recommends clients submit full eligibility files rather than change-only files. Full-file receipt allows us to apply Delta Dental processing rules in the Electronic Eligibility Process. Delta Dental offers an online eligibility maintenance system that allows a client to add or change enrollee information directly online. Client’s changes are added to Delta Dental’s system immediately. All other enrollment and eligibility changes are processed with an average turnaround time of three business days from receipt of complete information. Changes are routed to the Enrollment department for processing if received by the Account Receivables and Billing teams. Additions and terminations will be reflected on the next month’s statement if the information provided is complete. Retroactive additions and terminations are applied based on the effective date provided by the client. All eligibility adjustments are completed within five business days and are reflected on the next billing cycle. Billing adjustments are limited to the three-month period prior to the current month for which the group has provided eligibility data. Enrollment changes made by the client using our online eligibility system are made to the system in real time.

B.6. What quality assurance processes are provided in Respondent’s system to ensure accuracy in programming of benefits?

Delta Dental’s Group Records department is responsible for loading benefit packages created based on the approved group application into the claims-processing system. Quality checks are performed to ensure accuracy. Benefit data is reviewed prior to auto-load into the claims-processing system as well as post-load. The Group Records’ Quality Assurance unit then reviews updates for accuracy. In addition, the Onboarding department does a complete review and sign-off during implementation and prior to the client’s go-live date


B.7. Describe Respondent’s process for implementing plan design changes.

All benefit changes not included in the original plan design must first be reviewed and approved by Delta Dental’s Underwriting department prior to system modification. Benefit data is reviewed prior to auto-load into the claims-processing system as well as post-load. Quality checks are performed to ensure accuracy The Group Records’ Quality Assurance unit reviews updates for accuracy. In addition, our Onboarding department performs a complete review and sign-off prior to the new plan design’s effective date. Delta Dental strives to ensure new programs are implemented smoothly and seamlessly. Delta Dental uses a team approach to implementation. Delta Dental’s Sales team partners with an onboarding project manager who is assigned to serve as a liaison between the client and the internal departments. The onboarding project manager assists the sales account executive with the initial implementation meeting, leads the ongoing conference calls and/or meetings and oversees all deliverables associated with the implementation process. This onboarding project manager provides a point of contact throughout the implementation process.

B.8. How much advance notice is required for a change in the system?

System updates to standard benefit and administration are completed within 10 business days once the requirements have been received.

C. Deviations – Data Interfaces Requirements - PPO

C.1. Affirm that Respondent shall comply with all of the Scope of Work – Information Systems Requirements – Data Interfaces Requirements described in RFP Sections X.B.1. – X.B.9.




D. Interrogatories – Data Interfaces Requirements - PPO D.1. Respondent shall provide a full description regarding business processes that shall

include, but not be limited to, the following key elements:

Support of a point to point VPN with ERS;

VPN is not applicable. Clients do not connect to our network and we do not connect to client network. Our Dental Benefits Administration service is conducted through the exchange of an enrollment file sent via sFTP.

Explanation of how Respondent will utilize the interface files/data that ERS will provide;

Eligibility files are processed through Delta Dental’s eligibility system to capture all changes that have occurred since the last file load.

Protocols that Respondent will utilize when there is a file transmission problem or a corrupted bad interface file (or like scenario) with ERS; and

If a file is not received due to a file transmission problem or a sFTP issue, Delta Dental will reach out to the assigned ERS eligibility contact, alerting them of the issue to work through a resolution.

Explanation of how information reported to ERS is to be derived from the source data file.

Delta Dental and ERS will agree on a pre-formatted extract file. The file will be extracted and


sent to ERS in a mutually agreed upon layout and security protocol

D.2. If Respondent supplies an interface to ERS, then Respondent shall provide a full description of the interface file that shall include, but not be limited to, complete definitions of each field of the interface file.

Delta Dental and ERS will agree on a pre-formatted extract file. The file will be extracted and sent to ERS in a mutually agreed upon layout and security protocol.

D.3. Respondent shall provide documentation of its business policies and procedures

related to the business process.

Please refer to attachments entitled Business Processes – PPO and Employees Retirement System of Texas Onboarding Timeline, under Tab 59.

D.4. Respondent shall describe its standard web interface protocol.

Delta Dental's website offers enrollees the option to view-only their eligibility, benefits and claim information, and to access other dental health information and web tools such as Find a Dentist.

D.4.a. What flexibility does Respondent have with regard to its standard web interface protocol

approach?

On the secured portion of the website (behind login), some customization is possible with ERS-specific information and must be assessed on a specific, case-by-case basis.

D.5. What measures does Respondent take to ensure the security of interfaces, which would

include, but not be limited to, data files, emails, print screens and email attachments that Respondent is sending/receiving to/from external sources (whether ERS or a third party)?

Enrollment files are sent from the group via sFTP. For emails, we use three levels of controls to scan the message prior to its reaching a Delta Dental user’s inbox, including network heuristic and signature-based IDS systems, SPAM gateways and anti-virus protections. Data in transit is encrypted

D.5.a. If ERS discontinues Respondent’s services during the Contract Term, how would ERS’

data be extracted? Respondent shall provide a detailed description of the format or structure of the extracted data. Please refer to the attachment entitled Delta Dental Standard Layout, under Tab G, for the file layout used when providing claims data to a new carrier.

• Would it be structured fields, XML, Bitmap?

Not applicable

• Would a data dictionary be provided for the extracted data? Not applicable


D.6. Respondent shall confirm that it will only transmit and receive confidential and sensitive information via encrypted transmission protocols including site to site VPN, SFTP, TLS, or other industry accepted encryption methodology.

Confirm D.6.a. If Respondent cannot confirm Interrogatory D.6. above, Respondent shall provide a

detailed description as to why not.

Not applicable

D.7. Respondent shall provide its standard data and claims files for ERS’ review. This file should include specifications that are required when ERS transfers Participant information.

Acknowledged and confirmed. Please refer to the attachments provided as part of Delta Dental’s Standard Data and Claims Files - PPO, under Tab 60.

D.8. What is Respondent’s standard interface protocol? Provide a detailed description.

Delta Dental's website offers enrollees the option to view-only their eligibility, benefits and claim information and access other dental health information and web tools such as Find a Dentist.

D.8.a. What flexibility does Respondent have with Respondent’s standard approach? Provide

a detailed description.


D.9. Please list and describe all PHI and security breaches Respondent’s organization has

experienced with external reporting requirements, including, but not limited to, loss of equipment that contained client information, loss of files, unauthorized access to Respondent’s networks within the last seven (7) years, and reporting of HIPAA breaches as required under the provisions of HIPAA.

In the past seven years (May 2012 through May 2018), Delta Dental has experienced 988 privacy breaches. There have been no security breaches. The majority of privacy breaches were instances where Explanation of Benefits (EOB) were mailed to the wrong recipient. Many of these were the result of incorrect enrollee address information provided by the group or employer. Other causes include human error resulting in the mismatching of envelope contents with the correct addressed envelope. To correct each instance and prevent it from occurring again, the employees are coached on their errors. All impacted members are notified within the requirements of the federal law.

D.9.a. What investments has Respondent made over the past three (3) years in its technology

to mitigate security breaches?

Delta Dental spent between $8 million to $12 million over the past three years on various IT security initiatives.

D.10. Briefly describe Respondent’s backup procedures for the system(s) to be used in the services proposed to ERS.

All data is systematically protected from data loss by a scheduled backup system. Virtually all data is replicated and stored at our backup data center in Mechanicsburg, PA, in near real time.


A small amount of data follows a daily tape backup process, in which case backup media is encrypted, labeled, tracked and stored off-site. Retention is determined by local and federal laws and/or contractual requirements. Delta Dental has disaster recovery and business continuity plans in place that are tested regularly to ensure continuity of operations. We maintain a comprehensive Business Continuity and Disaster Recovery program that is designed to ensure the continuation of all vital corporate and business functions in the event of a disaster. Recovery of the infrastructure that comprises our data-processing systems is programmed to recover applications based on their priority to our customers. Customer-facing systems such as telephony, web and email are recovered in as little as 12 hours, our core claims processing system is recovered in 24 hours and peripheral work and reporting systems are recovered within 72 hours such that all critical systems are recovered within 72 hours of a disaster being declared. This program is fully documented and tested at least annually. Our enterprise of Delta Dental-affiliated companies operates three regional contact centers – in Alpharetta, GA, Mechanicsburg, PA; and Rancho Cordova, CA – all of which are interconnected. We have 3,000 telephone lines that service the customer service centers across our enterprise and can distribute call traffic based on business needs. This any-to-any structure allows a customer service representative to handle a call that comes in to any of these three locations. In the event a call center is unable to handle its calls, those calls can easily be transferred to a different location. This approach is used if a call center is closed due to severe weather or other emergency condition.

E. Deviations – Security Practices Requirements - PPO E.1. Affirm that Respondent shall comply with all of the Scope of Work – Information

Systems Requirements –Security Practices Requirements described in RFP Sections X.C.1. – X.C.12.




F. Interrogatories – Security Practices Requirements - PPO F.1. Does Respondent have a full-time Information Security Officer or Chief Security Officer?

Yes No

If Respondent marked “Yes”, Respondent shall describe how this role fits into Respondent’s organizational chart. Thomas Baltis is vice president and chief information security officer. Mr. Baltis reports directly to Kirsten Garen, Delta Dental’s senior vice president and chief information officer. Ms. Garen reports directly to Tony Barth, Delta Dental’s president and chief executive officer.

F.1.a. If Respondent marked “No” for Interrogatory F.1. above, Respondent shall provide a

detailed description as to why not. Not applicable


F.2. Does Respondent have dedicated resources for information security efforts?

Yes No F.2.a. If Respondent marked “No” for Interrogatory F.2. above, Respondent shall provide a


Not applicable

F.3. What are Respondent’s minimum and maximum User ID lengths?

Minimum User ID Length Delta Dental follows industry standard password policy best practices. However, the details are confidential to Delta Dental.

Maximum User ID Length Delta Dental follows industry standard password policy best practices. However, the details are confidential to Delta Dental.

F.4. Would Respondent support any kind of SSO solution for users of the ERS-based

product?

Yes No

If yes, Respondent shall describe. Clients have the option to implement SSO, which connects enrollees to our website where they can view-only their benefits, eligibility and claims information.

F.5. What technology in the data center (servers, storage, and network infrastructure) which

provides services to ERS is shared with other data center customers?

All data is secured and logically segregated by group and division IDs. Only those with the proper authority can access the data of a specific business customer. The applications also support logical data segregation with strong password criteria that restrict possible data exposure to other groups or enrollees.

F.6. What kind of network security devices are running in Respondent’s data center(s) (e.g.,

data loss prevention tools, intrusion detection systems, intrusion prevention systems)?

Data is stored in Delta Dental-owned data centers located in Rancho Cordova, CA, and Mechanicsburg, PA. Data centers housing personal health information are located in restricted-access areas and are protected by several layers of physical security. All buildings have comprehensive fire- and intrusion-detection systems that alert the appropriate authorities if unexpected events are identified. Access to buildings is by badge access providing an audit trail. All entrances have video surveillance providing an additional record of who enters Delta Dental’s buildings. Data centers are protected by a further level of badge access with a separate access list for entry and a separate video surveillance system used at all doors. All video surveillance is retained for a minimum of 30 days. To obtain access to secured areas, authorization must be approved by the vice president of Information Technology. All Internet ingress/egress points are protected by firewalls and Intrusion Detection Systems (IDS) sensors. Externally facing web services are located in a network DMZ protected by firewalls. Delta Dental also uses firewalls and/or Access Control Lists (ACLs) to separate internal environments (e.g., production from pre-production) and IDS sensors internally to


monitor critical systems for malicious activity. Anti-virus software is loaded on all systems (client and server). Anti-virus software is centrally managed with signature updates automatically distributed. All Delta Dental confidential information in transit or at rest outside of Delta Dental’s secure network/facilities is encrypted.

F.7. Describe in detail Respondent’s practices and controls utilized to limit access and

protect confidential and sensitive data in storage and in transit.

Delta Dental’s policy is that all transmission of confidential information must be encrypted. Protocols include: TLS and sFTP/FTPs. All of Delta Dental’s eligibility transmission systems and online eligibility maintenance system are password protected and encrypted outside the firewall. Delta Dental’s current information security processes and procedures meet the compliance requirements of HIPAA’s Security Rule. All Delta Dental confidential information in transit or at rest outside of Delta Dental’s secure network/facilities is encrypted.

F.8. Are network firewalls and other security equipment checked by independent third parties for vulnerabilities and possible exploits?

Yes No F.8.a. If yes, how often?

Delta Dental conducts periodic security reviews, vulnerability scanning, and/or penetration testing on its network and server infrastructure. For most systems, scans are performed on a quarterly basis though some systems are done more frequently. New and significantly modified web applications are subject to web-application vulnerability testing. This testing is performed by Security Engineering using a commercial web-application vulnerability testing tool and manual review. Any vulnerability found is tracked and addressed.

F.8.b. If Respondent marked “No” to Interrogatory F.8. above, Respondent shall provide a


Not applicable

F.9. In the event of a security breach, describe the process to notify ERS of the breach of

ERS data, Respondent facilities or other types of Information Technology infrastructure breaches. Delta Dental has procedures in place to handle breaches on a case-by-case basis. We comply with applicable state and federal requirements regarding notification of privacy and data security breaches. Delta Dental investigates reported potential unauthorized disclosures using the following process: a. Identification: Workforce members are expected to identify unauthorized disclosures of

personal information and, as appropriate, limit the potential for further disclosures. Delta Dental has established training for employees and contractors (workforce members) explaining how to recognize potential unauthorized disclosures and what steps to take.

b. Reporting to Delta Dental’s Department of Risk, Ethics and Compliance (REC): Workforce members who discover or are notified of an incident are required to submit a report detailing the complete facts of the incident including what happened, whose information was potentially disclosed and to whom, who owns the information and what steps have been taken to contain or control the incident.


c. Incident Triage: Based on initial information reported, REC immediately begins incident tracking, conducts an initial assessment, and notifies the executive team as appropriate.

d. Incident Investigation: A member of REC investigates each reported privacy incident and a member of IT Security investigates reported security incidents, coordinating between departments as appropriate. The investigation confirms what occurred, works with appropriate operational departments to understand underlying operational issues and determines applicable state laws.

e. Incident Response: Incidents are forwarded to the appropriate operational departments to identify and remedy the specific case as well as identify root cause.

f. Compromise Assessment/Decision: An incident review team comprised of Legal, Compliance and IT Security (when appropriate) reviews the reported incident, evaluates whether the individual’s information has been compromised and all applicable state laws. Based on this assessment, the review team determines whether a breach has occurred and whether notification is required.

g. Notification to Impacted Member in the Event of a Breach: If appropriate, notification letters are drafted to describe what occurred, the type of information disclosed, steps that affected individuals should take to protect themselves from potential harm, and an explanation of what Delta Dental is doing to mitigate the harm.

h. Trends and Corrective Action Plans: The REC compiles, analyzes and reports on all incident patterns. As appropriate, Delta Dental develops corrective action plans to address underlying systematic root causes, including business process refinements, system changes and/or additional work force training.

i. Reporting: Delta Dental reports all confirmed breaches to appropriate governmental agencies and media outlets when necessary.

F.10. Respondent shall describe how often its firewall and router configuration standards are

reviewed. Respondent shall provide the last date its firewall and router configuration standards were reviewed.

Delta Dental reviews these annually, with the last router configuration standard reviewed on June 25, 2018. A revision will be completed in July 2018.

F.11. Respondent shall describe its processes and procedures for managing and patching

known vulnerabilities. Is there a patch management solution in place, so that all system components and software are protected from known vulnerabilities by having the latest vendor supplied security patches installed? How often are systems checked? What was the last date Respondent’s data center systems and user workstations were checked?

Delta Dental conducts periodic security reviews, vulnerability scanning, and/or penetration testing on its network and server infrastructure. For most systems, scans are performed on a quarterly basis though some systems are done more frequently. New and significantly modified web applications are subject to web application vulnerability testing. This testing is performed by Security Engineering using a commercial web-application vulnerability testing tool and manual review. Any vulnerability found is tracked and addressed. Payment Card Industry (PCI) network penetration scans are conducted by a third party on a quarterly basis against all Internet-facing IP addresses. All medium and high vulnerabilities are reviewed and remediated as required. Delta Dental has an established process for reviewing and installing system security patches. Delta Dental monitors for system/application security patches and applies them where applicable. Additionally, Delta Dental also regularly scans systems for patch/software version compliance. In general, all Delta Dental-determined critical patches are targeted for testing and installation within one week of release. However, in some cases the process may be accelerated based on the vulnerability risks of some or all systems.


All critical patches are generally applied and validated in non-production environments prior to their application in production systems. Validation is performed by test teams for non-production systems and by business areas for production systems.

F.12. Respondent shall describe its processes and procedures in place for responding to low, medium and high severity information security incidents. What is Respondent’s process to rank such incidents? Does Respondent’s company have forensic security experts on staff or is a third party contracted in the case of a breach?

Delta Dental investigates potential incidents using an eight-step process:

1. Identification: Workforce members are trained to identify and report all types of compliance issues, including unauthorized disclosures of information.

2. Reporting: Workforce members who discover or are notified of an incident are required to submit a report detailing the incident.

3. Triage: Incidents are tracked, assessed for severity and if applicable, notification to executives of significant incidents or breaches.

4. Investigation: Delta Dental’s Department of Risk, Ethics and Compliance (REC) investigates each reported privacy incident and a member of IT Security investigates reported security incidents, coordinating between departments as appropriate.

5. Incident Response: Incidents are forwarded to the appropriate operational departments to identify and remedy the specific case as well as identify root cause.

6. Compromise Assessment/Decision: An incident is evaluated to determine if information has been compromised, and what laws are applicable. Based on this assessment a determination is made whether a breach has occurred and whether notification is required.

7. Notification: Notifications include a description of the event, the information disclosed, steps affected individuals should take to protect themselves from potential harm, a description of what Delta Dental is doing to mitigate the harm and offer credit monitoring to impacted individuals when critical identifying elements are disclosed.

8. Trends and Corrective Action Plans: all events are assessed and analyzed. Corrective action plans are made to address underlying systematic root causes.

Delta Dental has engaged an external third party to assist in the event of a large scale cyber-security incident. Notifications include a description of the event; the information disclosed; steps that affected individuals should take to protect themselves from potential harm; description of what Delta Dental is doing to mitigate the harm; and offer credit monitoring to impacted individuals when critical identifying elements are disclosed.

F.13. What anti-virus protection/programs does Respondent use? Is AV software deployed

on all Respondent’s and Respondent’s contractor systems (such as servers, workstations, laptops) commonly affected by malicious software? Are all anti-virus programs capable of detecting, removing and protecting against all known types of malicious software (i.e., viruses, worms, spyware, Trojans, adware and rootkits)? How often are the .DAT files updated and are automatic AV scans enabled?

Anti-virus software is loaded on all systems (client and server). Anti-virus software is centrally managed with signature updates automatically distributed. Other security controls include:

• Full-disk encryption on all laptops • Forced encryption on PDAs • Password protection - includes requirements for minimum length, failure lockout

(requires manual reset) and generation control


• Locking screen savers • Two-factor authentication for remote access • Centrally managed anti-virus/anti-spyware with automatic updates • Personal firewalls built into VPN software

Delta Dental has in place policies and procedures regarding the security of computerized data within our control. This includes processes for the notification and investigation of breach activity and analysis of any non-compliance activities required by law and/or contractual requirements as a result of a breach. Delta Dental reduces the volume of collected and retained information to the minimum necessary; limits access to only those individuals who must have such access; and uses encryption, strong authentication procedures and other security controls to make information unusable by unauthorized individuals. All Internet ingress/egress points are protected by firewalls and Intrusion Detection Systems (IDS) sensors. Externally facing web services are located in a network DMZ protected by firewalls. Delta Dental also uses firewalls and/or Access Control Lists (ACLs) to separate internal environments (e.g. production from pre-production) and IDS sensors internally to monitor critical systems for malicious activity. All Delta Dental confidential information in transit or at rest outside of Delta Dental’s secure network/facilities is encrypted.

F.14. Describe Respondent’s Security Incident Management policies and procedures for the

application as well as internal systems.

Delta Dental investigates reported potential, unauthorized disclosures using a nine-step process that is documented:

• Identification of potential incidents • Reporting to Delta Dental’s department of Risk, Ethics and Compliance (REC) • Incident triage • Incident investigation • Incident response • Compromise assessment/decision • Notification to impacted member in the event of a breach • Trends and corrective action plans • Reporting of confirmed breaches to governmental agencies and media outlets when

necessary Delta Dental’s incident-management process is in continual use, making periodic testing unnecessary. Process gaps are addressed as they are identified.

F.14.a. Respondent shall provide a copy of this documentation.

Please refer to attachment entitled Security Incident Management Process - PPO, under Tab 61.

F.15. Respondent shall confirm it will follow highly restricted access policies behind any ERS-

related point-to-point VPN setup in support of this Contract. Confirm


F.15.a. If Respondent cannot confirm Interrogatory F.15. above, Respondent shall provide a detailed description as to why not.

VPN is not applicable. Clients do not connect to our network and we do not connect to client networks.

F.16. Are Respondent’s portable devices encrypted to protect the data in case of theft or loss?

Yes No

F.16.a. If Respondent did not mark “Yes” to Interrogatory F.16. above, Respondent shall provide

a detailed description as to why not. Not applicable F.17. How does Respondent manage physical security of its data center? Who gets access,

what are the hours of operation?

Data is stored in Delta Dental-owned data centers located in Rancho Cordova, CA and Mechanicsburg, PA. Data centers housing personal health information are located in restricted-access areas and are protected by several layers of physical security. All buildings have comprehensive fire- and intrusion-detection systems that alert the appropriate authorities if unexpected events are identified. Access to buildings is by badge access providing an audit trail. All entrances have video surveillance providing an additional record of who enters Delta Dental’s buildings. Data centers are protected by a further level of badge access with a separate access list for entry and a separate video surveillance system used at all doors. All video surveillance is retained for a minimum of 30 days. To obtain access to secured areas, authorization must be approved by the Vice President of Information Technology. Normal business hours are 8 am to 4:45 pm (CT).

F.18. What technology is in place to manage network and server security? Provide the name

and the version of the technology used to manage the network and server security and describe the effectiveness of the technology. Multiple tools are used to ensure network and server security, including Cisco FirePower IDS/IPS (Network security), Forcepoint Proxy, McAfee Anti-Virus, Firewalls/Network segments and periodic scanning and patching

F.19. Describe how Respondent controls access to ERS’ confidential data?

Delta Dental uses the Hewlett Packard claims-processing system, MetaVance, to administer dental benefits and to process enrollment, group billing, claims and encounters. Windows, Unix/LINUX and/or Mainframe systems are also used. The specifics are confidential to Delta Dental.

F.20. How does Respondent secure backup tapes? Who has access to them onsite and offsite? Are they encrypted? All data is systematically protected from data loss by a scheduled backup system. Virtually all data is replicated and stored at our backup data center in Mechanicsburg, PA, in near real time. A small amount of data follows a daily tape backup process, in which case backup media is encrypted, labeled, tracked and stored off-site. Retention is determined by local and federal laws and/or contractual requirements. Delta Dental has disaster recovery and business continuity plans in place that are tested regularly to ensure continuity of operations.

Any removable media that contains electronic personal health information is required by policy to be encrypted.


All backup tapes use AES 256 hardware encryption and are transported, tracked and stored using Iron Mountain’s services.

F.20.a. Respondent shall confirm that they have the ability to encrypt ERS data using PGP

compatible encryption. Confirm F.20.a.i. If Respondent cannot confirm Interrogatory F.20.a. above, Respondent shall provide a

detailed description as to why not. Not applicable F.20.b. Describe the encryption technology that is being used.

Delta Dental complies with industry best practices for Cryptographic Algorithms and Protocols. Where available, Delta Dental uses FIPS 140-2 compliant algorithms.

F.21. How is Respondent’s application security managed and how is client data secured?

Delta Dental confidential information is protected through a combination of administrative, physical and technical security processes and controls. This includes, but is not limited to, the following:

1. Access based on "need to know" and "least privilege" principles with regular management reviews (at least twice annually).

2. Strong account management processes, e.g., default accounts/passwords removed; strong passwords; password expiration (90 days or less); failed login lockout; password history; locking screen savers; immediate disabling of accounts upon termination of employment.

3. Encryption of sensitive information transmitted across untrusted networks (e.g., the Internet, wireless) and stored outside Delta Dental's secure facilities with the following additions: authentication credentials (e.g., passwords) are encrypted across all networks and encrypted (or hashed) in storage on all systems; full disk encryption of all laptops/PCs/blackberries; table level encryption of personal Information within the main claims processing system.

4. A “defense in depth” approach to protecting confidential information on our internal networks, which includes the use of layer 4/7 firewalls, IDS/IPS, strong access control procedures and 802.1x device authentication.

5. Restricted remote access that requires two-factor authentication. 6. Restricted/controlled physical access to Delta Dental facilities. This includes electronic

badge access to buildings and restricted areas; 24-hour guards in the datacenter and CCTV.

F.22. Does Respondent have a formal information security program in place?

Yes No

F.22.a. Does Respondent have formal information security policies, procedures and standards?

Yes No


F.22.a.i. If yes, Respondent shall provide copies of their formal information security policies, procedures and standards. If Respondent considers this document confidential and proprietary, place this on Respondent’s separate schedule as required at RFP Section I.F.1.b. However, Respondent shall provide this document for appropriate evaluation of Respondent’s Proposal.

Please refer to the attachments provided as part of Delta Dental’s Formal Security Compliance Policies – DHMO, under Tab 72.

F.22.b. Are employees required to periodically confirm their compliance with Respondent’s

information security policies, procedures and standards?

Yes No F.22.b.i. If no, Respondent shall validate if their employees ever confirm compliance with

Respondent’s information security policies, procedures and standards and how often compliance is confirmed.

Not applicable

F.22.c. Does Respondent have a user awareness campaign related to information security?

Yes No

F.22.c.i. If Respondent did not mark “Yes” to Interrogatory F.22.c. above, Respondent shall

enumerate and provide a detailed description as to why not.

Not applicable

F.22.d. Respondent shall provide a full description of how Respondent monitors compliance.

Delta Dental’s Department of Risk, Ethics and Compliance operates on our commitment to business integrity, ethical behavior and high levels of business standards. Our compliance program implements federal and state laws and regulations that govern company business, establishes boundaries and personal obligations, and guides day-to-day performance and how the business operates. Delta Dental recognizes that an effective compliance program is predicated on an ongoing evaluation of risks and compliance. Therefore, Delta Dental’s program includes:

• Audits by the Internal Audit department for areas identified by it or Senior Management as high risk

• Routine compliance metrics and internal monitoring • Full cooperation and participation with, and providing appropriate access for,

regulatory agencies and groups conducting external audits to evaluate the organization and the overall effectiveness of the compliance program

• Organized process for developing and implementing corrective actions plans when necessary

• Delta Dental screens its workforce and providers before hiring or contracting and monthly against the Excluded Parties lists published by the federal government

• Robust legislative process to identify and monitor new and updated laws and regulations that are applicable to Delta Dental business


F.23. Are Respondent’s desktop and laptop computers encrypted to protect data in case of theft or loss?

Yes No

F.23.a. If Respondent cannot confirm Interrogatory F.23. above, Respondent shall enumerate

and provide a detailed description as to why not. Not applicable F.23.b. Describe the ability to use portable drives. If so, how are they protected?

Any removable media that contains electronic personal health information is required by policy to be encrypted. All backup tapes use AES 256 hardware encryption and are transported, tracked and stored using Iron Mountain’s services.

F.24. How does Respondent protect the privacy of GBP Participants? Respondent shall

provide a detailed description.

Data is stored in Delta Dental-owned data centers located in Rancho Cordova, CA and Mechanicsburg, PA. Data centers housing personal health information are located in restricted-access areas and are protected by several layers of physical security. All buildings have comprehensive fire- and intrusion-detection systems that alert the appropriate authorities if unexpected events are identified. Access to buildings is by badge access providing an audit trail. All entrances have video surveillance providing an additional record of who enters Delta Dental’s buildings. Data centers are protected by a further level of badge access with a separate access list for entry and a separate video surveillance system used at all doors. All video surveillance is retained for a minimum of 30 days. To obtain access to secured areas, authorization must be approved by the Vice President of Information Technology. All Internet ingress/egress points are protected by firewalls and Intrusion Detection Systems (IDS) sensors. Externally facing web services are located in a network DMZ protected by firewalls. Delta Dental also uses firewalls and/or Access Control Lists (ACLs) to separate internal environments (e.g. production from pre-production) and IDS sensors internally to monitor critical systems for malicious activity. Anti-virus software is loaded on all systems (client and server). Anti-virus software is centrally managed with signature updates automatically distributed. All Delta Dental confidential information in transit or at rest outside of Delta Dental’s secure network/facilities is encrypted.


G. Deviations – Business Resumption and Data Center Facilities

Requirements - PPO G.1. Affirm that Respondent shall comply with all of the Scope of Work – Information

Systems Requirements –Business Resumption and Data Center Facilities Requirements described in RFP Sections X.D.1. – X.D.9.




H. Interrogatories - Business Resumption and Data Center Facilities Requirements - PPO

H.1. Describe Respondent’s contingency plans and procedures for providing business

continuity due to any event that might interrupt, delay or shut-down service that is related to Respondent’s services or products under this proposal, including that of any subcontractor upon whom Respondent relies in performing or providing services or products to or on behalf of ERS.

We maintain a comprehensive Business Continuity and Disaster Recovery program that is designed to ensure the continuation of all vital corporate and business functions in the event of a disaster. Recovery of the infrastructure that comprises our data-processing systems is programmed to recover applications based on their priority to our customers. Customer-facing systems such as telephony, web and email are recovered in as little as 12 hours, our core claims processing system is recovered in 24 hours and peripheral work and reporting systems are recovered within 72 hours such that all critical systems are recovered within 72 hours of a disaster being declared. This program is fully documented and tested at least annually. Our enterprise of Delta Dental-affiliated companies operates three regional contact centers – in Alpharetta, GA, Mechanicsburg, PA; and Rancho Cordova, CA – all of which are interconnected. We have 3,000 telephone lines that service the customer service centers across our enterprise and can distribute call traffic based on business needs. This any-to-any structure allows a customer service representative to handle a call that comes in to any of these three locations. In the event a call center is unable to handle its calls, those calls can easily be transferred to a different location. This approach is used if a call center is closed due to severe weather or other emergency condition.

H.2. Describe who has physical access to Respondent’s data center facility and how the

access is monitored.

Delta Dental employees have access to Delta Dental facilities where data centers are housed. Access to buildings is by badge access providing an audit trail. All entrances have video surveillance providing an additional record of who enters Delta Dental’s buildings. Data centers are protected by a further level of badge access with a separate access list for entry and a separate video surveillance system used at all doors. All video surveillance is retained for a minimum of 30 days. The data centers are housed behind secured areas. To obtain access to secured areas, authorization must be approved by the Vice President of Information Technology.


H.3. Does the Respondent’s data center have formal Uptime Institute certification?

Yes No H.3.a. If yes, which certifications were granted? What year were they granted? Are the

certifications still current? Yes No Not applicable H.3.b. If no, how does Respondent confirm that its data center conforms to the Uptime Tier III

or Tier IV standards?

Delta Dental is not certified at any tier level. However, we do meet the required 99.982% uptime standards for over five years. We have a solid, well-engineered infrastructure that can support the data center without any impact or downtime.

H.3.c. If Respondent’s data center does not have formal Uptime Institute certification,

Respondent shall provide a detailed description as to why not.

Delta Dental has a reliable data center that continues to meet very high availability standards without certification

H.4. How does Respondent confirm that its data center conforms to the Uptime Tier III or Tier

IV standards; if the Respondent does not have a formal Uptime certification, how does the Respondent ensure that all critical data center systems associated with providing power and cooling to IT equipment can maintain uptime of at least 99.982% during any 12 month period? Delta Dental has maintained a 99.982% level of availability for over five years by performing industry best practices, preventive maintenance and service across our power and cooling infrastructure to ensure it is always performing at the highest level.

H.5. What was the data center uptime for the previous 12 months (specify time period)?

Delta Dental had 100% uptime for the past 12 months.

H.6. Provide details regarding the redundant links for internet access that Respondent has

in place for its data center, including redundant last-mile connectivity and diverse physical data-center network penetrations.

Delta Dental has two internet links going to two different buildings. One internet access is provided by AT&T. The second internet access is provided by Consolidated Communications. Both buildings are connected to one another via Delta Dental controlled dark fiber.

H.7. Who is Respondent’s data center provider(s)?

Data centers are owned by Delta Dental.


H.8. Briefly describe Respondent’s data backup and recovery procedures for the system(s) to be used in the services proposed to ERS. We maintain a comprehensive Business Continuity and Disaster Recovery program that is designed to ensure the continuation of all vital corporate and business functions in the event of a disaster. Recovery of the infrastructure that comprises our data-processing systems is programmed to recover applications based on their priority to our customers. Customer-facing systems such as telephony, web and email are recovered in as little as 12 hours, our core claims processing system is recovered in 24 hours and peripheral work and reporting systems are recovered within 72 hours such that all critical systems are recovered within 72 hours of a disaster being declared. This program is fully documented and tested at least annually.

Provide the names and a description of the hardware and software systems that

Respondent will use to fulfill ERS’ contract.

Hardware: MetaVance - Unix-based on a mixture of X86-based Linux, Sun Solaris and HP-UX Software:

• MetaVance - HP-UX and Sun Solaris • B2B: Unix Solaris and Linux • Provider Tools: Linux • Enterprise Business Desktop (EBD): Unix Solaris and Linux • EIVR: Unix Solaris • Macess: Windows • FormWorks: Windows

H.10. For each hardware and software system, provide the following information: H.10.a. When was this system implemented?

Hardware, MetaVance: First deployed in 2007. Software: Our strategic vendor partners initially installed their products at Delta Dental as follows:

• MetaVance: 2007 • B2B: 2007 • EBD: 2010 • EIVR: 2010 • FormWorks: 2008 • Macess: 2004

The B2B application was installed by Delta Dental in 2007. EBD application was installed by Delta Dental in 2010. Both have been continually updated to reflect the changes in the industry and the needs of our clients.

H.10.b. When was the system last updated?

The last system update was June 23, 2018 H.10.c. Is there a future update being considered?

Yes No


H.10.d. If so, provide the date and description of the anticipated update.

Hardware and software are continually updated to reflect the changes in the industry and the needs of our clients.

H.11. Respondent shall provide a copy of the disaster recovery plan and the disaster recovery

test results to ERS. These should include, but not be limited to: (a) the Disaster Recovery plans plus a description of the changes from the previous year’s plans, if any; and (b) the exercise test results conducted within the last twelve months of the disaster recovery and business continuity tests referencing the adequacy of these plans. The test results must include the RTO and RPO of the systems and applications which provide service to ERS. If these are a part of a SOC II Type 2 report, Respondent shall provide the portions of the report that refer to the normal, annual disaster recovery and business and continuity tests, plus copies of the service auditor’s report. Respondent further agrees to be available for reasonable inquiry by ERS of the disaster recovery plan and tests. Please refer to the attachments entitled Delta Dental Business Continuity Program – PPO and Delta Dental Business Continuity Program Exercise Results - PPO, under Tab 63.

H.12. Respondent shall provide a summary of the latest disaster recovery test results to ERS

and a summary of the disaster recovery programs. The test results should include the RTO and RPO of the systems and applications which provide service to ERS. The Respondent must attest annually, by signature, that the disaster recovery tests will ensure that systems which the Respondent uses to provide services to ERS will be available within X hours of outage and will experience a maximum Y hours of data loss (where X is the RTO and Y is the RPO). Respondent further agrees to be available for reasonable inquiry by ERS of the disaster recovery plan and tests.

Please refer to the attachment entitled Delta Dental Business Continuity Program Exercise Results - PPO, under Tab 64. Delta Dental agrees to attest annually, by signature, that the disaster recovery tests will ensure that Delta Dental’s systems will be available within 24 hours of outage and will experience a maximum 24 hours of data loss.

I. Deviations – SOC-2 Report Requirements - PPO I.1. Affirm that Respondent shall comply with all of the Scope of Work – Technology

Services Requirements – SOC-2 Report Requirements described in Sections X.E.1. – X.E.3.





J. Interrogatories – SOC-2 Report Requirements - PPO

J.1. SOC reports. Provide a full, un-redacted copy of the most recent SOC-2 type II report and results performed under the SSAE16 or SSAE18 SOC-2 Type II report or any other independent auditor report on the effectiveness of internal controls over operations and compliance of service to be provided under this RFP, including disaster recovery planning and testing, and data center facilities. This should include results of an independent, certified external security audit. Respondent shall also acknowledge and agree that ERS is entitled to review all such audit results on a yearly basis. If there is not a service organization control engagement performed, then provide a detailed explanation of how both information technology and operational control activities are assessed/evaluated to meet the services to be provided under this RFP. Please refer to attachment entitled Delta Dental SOC 2 Report, under Tab 65. This document is proprietary and confidential. .

J.1.a. If applicable, provide a copy of Respondent’s sponsoring or parent company’s most recent SOC-2 report under SSAE 16 or SSAE18 SOC-2 Type II report or any other independent auditor report on the effectiveness of internal controls over operations, security, and compliance of service to be provided under the RFP.

Please refer to attachment entitled Delta Dental SOC 2 Report, under Tab 66. This document is proprietary and confidential.

J.1.b. Respondent shall also acknowledge and agree that ERS is entitled to review all such audit results on a yearly basis.

Acknowledged and agreed.

J.2. If Respondent conducts its SOC-2 Type II control audits with an external firm, please

identify the following:

Name of external firm: Armanino LLP Address of external firm: 44 Montgomery Street, Suite 900

San Francisco, CA 94104 Dates when firm performed the audits:

The last audit was performed for period January 1, 2017 to December 31, 2017.

J.3. If any data centers, development, or data services are outsourced or subcontracted,

Respondent shall provide copies of outsourcers’ or subcontractors’ SOC-2 under SSAE16 or SSAE18 SOC-2 Type II report or equivalent reports.

Not applicable. These services are not outsourced or subcontracted.

J.3.a. Respondent shall also confirm that ERS is entitled to review outsourcers’ or

subcontractors’ SOC-2 under SSAE18 SOC-2 Type II report or equivalent reports annually.

Confirm

Not applicable. These services are not outsourced or subcontracted.


DHMO RESPONSES

K. Deviations – Operations Requirements – DHMO K.1. Affirm that Respondent shall comply with all of the Scope of Work – Information

Systems Requirements – Operations Requirements described in RFP Sections X.A.1. – X.A.21.




K.2. Respondent shall provide its Deviations to the requirements at RFP Section X.A.4. If applicable, Respondent shall provide the following information:

K.2.a. Provide a description of the services Respondent performs offshore.

Not applicable. None of Delta Dental’s services are performed offshore. K.2.b. Provide the following information with regard to offshore data transmission: K.2.b.i. If data is transmitted offshore, indicate the countries.


K.2.b.ii. Describe the type of data that is transmitted offshore.

Not applicable. None of Delta Dental’s services are performed offshore. K.2.b.iii. Identify (by name and physical address) the entity(ies) this data is transmitted to.

Not applicable. None of Delta Dental’s services are performed offshore. K.2.c. Provide the following information with regard to accessibility of offshore data: K.2.c.i. If data is accessible offshore, indicate the countries.


K.2.c.ii. How is it accessible?

Not applicable. None of Delta Dental’s services are performed offshore. K.2.c.iii. Describe the type of data that is viewable offshore.

Not applicable. None of Delta Dental’s services are performed offshore. K.2.c.iv. Describe who has access to any offshore data



K.2.c.v. Describe how this data is viewable. Not applicable. None of Delta Dental’s services are performed offshore.

K.2.c.vi. Describe the function of any data that is accessible offshore. Not applicable. None of Delta Dental’s services are performed offshore.

K.3. Respondent shall provide its Deviations to the requirement at RFP Section X.A.5., if applicable. Respondent’s Requested Deviation Detail: Delta Dental has no deviations. Delta Dental’s services are not performed offshore.

K.4. What quality assurance processes are provided in Respondent’s system to ensure accuracy in programming of benefits?

Delta Dental’s Group Records department is responsible for loading benefit packages created based on the approved group application into the claims-processing system. Quality checks are performed to ensure accuracy. Benefit data is reviewed prior to auto-load into the claims-processing system as well as post-load. The Group Records’ Quality Assurance unit then reviews updates for accuracy. In addition, the Onboarding department does a complete review and sign-off during implementation and prior to the client’s go-live date

K.5. Describe Respondent’s process for implementing plan design changes.

All benefit changes not included in the original plan design must first be reviewed and approved by Delta Dental’s Underwriting department prior to system modification. Benefit data is reviewed prior to auto-load into the claims-processing system as well as post-load. Quality checks are performed to ensure accuracy The Group Records’ Quality Assurance unit reviews updates for accuracy. In addition, our Onboarding department performs a complete review and sign-off prior to the new plan design’s effective date.

K.5.a. How much advance notice is required for a change in the system?

System updates to standard benefit and administration are completed within 10 business days once the requirements have been received.

L. Interrogatories – Operations Requirements - DHMO

L.1. What type of background checks are performed on all company hires, particularly those

that will have access to PII and HIPAA data?

Delta Dental conducts background checks of all prospective employees including a criminal background check, educational degree verification (BA and higher), employment verification, license verification (e.g., DDS, JD), social security number trace, motor vehicle record (if legally permitted by state) and credit check for employment purposes (if appropriate based on the job function). Criminal background check includes, but is not limited to, criminal history checks (including a minimum of seven-year felony and misdemeanor multi-county and national criminal record search) as determined by the social security trace and including aliases. Delta Dental conducts an individualized assessment for convictions deemed job related when making employment decisions in compliance with federal laws and to the extent allowable by state and local laws.


Furthermore, we are in compliance with the laws governing individuals’ rights under the Fair Credit and Reporting Act and protection of privacy information.

L.2. What are the normal staffing hours (in CT) for the following?

Respondent’s technical support team to respond to data and reporting questions:

Delta Dental’s Account Management team is available to assist ERS Monday through Friday between 8 am and 6 pm (CT). Delta Dental’s interactive voice response (IVR) system offers speech recognition, caller authentication in English and Spanish-language options. Enrollees can obtain automated information regarding eligibility, benefits, and claims status and can request materials such as ID cards, plan documents or local dentist directories. The IVR system also provides fax-on-demand capabilities for dentists. The IVR system is available 24 hours a day, Monday through Sunday, except for periodic maintenance performed on Sundays. We have updated our IVR system to deliver quality service faster. Callers can expect improved call routing and easier navigation, plus our enhanced system automatically routes callers through the system – no matter which number they dial – based on their unique member ID. For instance, if an enrollee calls the number for a product she/he is not enrolled under, the system will reroute her/him to the correct queue.

Respondent’s data center: Delta Dental’s normal business hours are 8 am to 4:45 pm Monday through Friday (CT) Delta Dental uses an internal Support Center for any internal issues, employing analysts based on the East and West Coasts to provide 12 or more hours of support (primary business hours) Monday through Friday. After-hours calls are received by IT Operations staff (available 24/7), which can open support tickets and contact support personnel as needed. Alerting is done internally. If warranted, ERS could be contacted by Sales support staff.

L.3. Describe Respondent’s standardized methodology for resolving issues and

implementing measurable action plans to resolve them.

Delta Dental maintains a problem management team who utilize JIRA, a software tracking, assignment and reporting tool, to trend and track incidents based on pre-established criteria. Impacted users can report their problems in real-time using a template in the JIRA system or call Support Center. This template collects details on the nature of the problem and its business impact. The priority is assessed based on the data collected and the appropriate resources are immediately assigned depending on the nature of the problem. The JIRA system and problem teams automatically tracks the progress of each incident through resolution and root cause analysis.


L.4. Respondent shall provide the following:

The historical periodic scheduled maintenance schedule for 2017:

System support teams have monthly patching/maintenance schedules for both production and pre-production.

The non-periodic maintenance which happened outside the scheduled period for 2017:

Any unplanned changes are vetted and approved through ITIL Change Management process (enterprise CAB).

A detailed report of all unscheduled outages, slowdowns, impairments, and other system events for 2017 which exceeded 5 minutes duration:

Delta Dental had a total of 17 Sev1-critical outages for 2017.

L.4.a. Complete the schedule of hardware (system) and software changes.

Column 1: Briefly outline recent system changes and describe any planned or scheduled system changes and/or upgrades to Respondent’s hardware, infrastructure and data centers that will be hosting ERS data and services being used between now and August 31, 2019. Column 2: Detail all planned upgrades to Respondent’s software affecting ERS data and services between now and August 31, 2019.

Description of System Changes & Upgrades*

Description of Software Changes*

Projected Implementation Date

Hardware and software are continually reviewed and updated to reflect the changes in the industry and the needs of our clients.

Lifecycle management exist in order to maintain hardware/software maintenance and support.

As required.

*Scheduled from now through August 31, 2019 L.4.b. What quality assurance processes are provided in Respondent’s system to ensure

accurate claims administration?

Claims system quality assurance Delta Dental uses the Hewlett Packard claims-processing system, MetaVance, to administer dental benefits and to process enrollment, group billing, claims and encounters. Benefit data is reviewed prior to auto-load into the claims-processing system as well as post-load. Our Group Records’ Quality Assurance unit is responsible for performing quality checks to ensure accuracy prior to implementation. In addition, our Onboarding department does a complete review and sign-off prior to the client’s go-live date. Claims processing quality assurance Our Quality Assurance department has three main programs in place – global post-payment, client-level post-payment and system-level pre-payment. Additional focused pre-payment audits are also performed on high-dollar claims and manual pay/overridden claims. The Claims Processing department has a performance management program in place. Daily performance management audits are performed on approximately 5% of all claims that are handled by claims processors. During the performance-management audit process, claims are sampled by claims examiner ID after the adjudication process but prior to Delta Dental’s issuing benefit payment. Delta Dental uses a daily random-sampling methodology during this process. Audits are conducted daily with weekly interim reports to monitor accuracy and final


cumulative monthly results. Performance management audits measure examiner processing accuracy, identify processing trends/training issues and highlight potential problems. The audit report provides a summary at the processor level and unit level. Any errors detected for an individual examiner are referred to the appropriate claims supervisor for review, correction and training. Global post-payment audits are based upon sound, statistical principles and provide a formal measure of performance accuracy levels for the quality goals of the Claims department. The monthly sample size of our audits is determined based on valid statistical formulas using random-sampling methodology from all claims processed after post-disbursement. Weekly audits are performed during the post-payment audit process and final results published monthly. Errors detected along with performance accuracy results are reported to the Claims department for review, correction and analysis. Client-level post-payment audits are conducted for groups that have purchased client-specific, claims-accuracy performance guarantee. Errors detected along with performance accuracy results are reported to the Claims department for review, correction and analysis. Daily pre-payment audits are performed on approximately 0.05% of all system-level claims that drop-to-process on a pre-disbursement basis. These audits are performed to support and monitor system accuracies due to the increased drop-to-process percentage of our current claims processing system. Errors detected are referred to the appropriate area for review, correction and analysis. Daily pre-payment audits are performed on a sample of high-dollar and manual pay/overridden claims. Errors detected are referred to the appropriate area for review, correction and analysis.

• Audits are performed on all claims greater than or equal to $1,000 paid to members. • Audits are performed on a random sample of high-dollar claims greater than or equal

to $1,000 paid to providers. • Audits are performed on a random sample of denied claims with submitted amounts

greater than or equal to $1,000 paid to members and providers. • Audits are performed on a random sample of manually paid/overridden claims paid to

members or providers. L.4.c. Describe how Respondent evaluates various aspects of a project to ensure that

standards of quality are being met.

Delta Dental has multiple approaches for ensuring the accuracy of our benefits programming. Our teams work closely to integrate our Software Development Life Cycle (SDLC) methodology to assure the optimum quality of the group’s benefit packages.

Our SDLC includes the numerous phases; however, it is our testing activities that are critical to assure that benefit packages have been developed to meet the group’s directives. Our testing includes the following activities.

a) Testing – perform, monitor, report and track the test phases which include unit, model office, end to end, and performance. Also, permits the documenting, tracking, prioritizing and triaging defects identified during testing.

b) Walkthroughs – are held to review and correct any defects discovered during any testing phase. Reports are provided and reviewed with our senior staff continually.

c) Deployment – provides for release management oversight and coordination of all activities across the enterprise to move the software from test to production through post-implementation handoff. During deployment, IT and business representatives conduct an assessment of any changes introduced in the release to assure that


benefits are being administered correctly. This is called the Business Check-Out and it is a keep component of the deployment phase.

d) Maintenance – allows for future changes to the software to address redesign or feature upgrades.

After post-implementation, Delta Dental’s business experts continue to perform quality checks to ensure accuracy. Benefit data is reviewed prior to auto-load into the claims processing system as well as post-load. The Quality Assurance department then reviews the updates for accuracy and facilitates activities to correct any issues.

L.5. Describe how Respondent’s organization’s processes and systems (including test

and/or production files) can accommodate the following three scenarios:

• Terminations by absence of records in the enrollment file; • Retroactive enrollment dates (i.e., employee’s start date is Oct. 7th and benefits are

active to Oct. 1st); and • Future effective dates on eligibility files. Respondent shall describe the impact the above has on claims processing. Delta Dental recommends clients submit full eligibility files rather than change-only files. Full-file receipt allows us to apply Delta Dental processing rules in the Electronic Eligibility Process. Delta Dental offers an online eligibility maintenance system that allows a client to add or change enrollee information directly online. Client’s changes are added to Delta Dental’s system immediately. All other enrollment and eligibility changes are processed with an average turnaround time of three business days from receipt of complete information. Changes are routed to the Enrollment department for processing if received by the Account Receivables and Billing teams. Additions and terminations will be reflected on the next month’s statement if the information provided is complete. Retroactive additions and terminations are applied based on the effective date provided by the client. All eligibility adjustments are completed within five business days and are reflected on the next billing cycle. Billing adjustments are limited to the three-month period prior to the current month for which the group has provided eligibility data. Enrollment changes made by the client using our online eligibility system are made to the system in real time.


M. Deviations – Data Interfaces Requirements - DHMO

M.1. Affirm that Respondent shall comply with all of the Scope of Work – Information Systems Requirements – Data Interfaces Requirements described in RFP Sections X.B.1. – X.B.9.




N. Interrogatories – Data Interfaces Requirements - DHMO N.1. Respondent shall provide a full description regarding business processes that shall

include, but not be limited to, the following key elements:

Support of a point to point VPN with ERS;

VPN is not applicable. Clients do not connect to our network and we do not connect to client network. Our Dental Benefits Administration service is conducted through the exchange of an enrollment file sent via sFTP.

Explanation of how Respondent will utilize the interface files/data that ERS will provide;

Eligibility files are processed through Delta Dental’s eligibility system to capture all changes that have occurred since the last file load.

Protocols that Respondent will utilize when there is a file transmission problem or a corrupted bad interface file (or like scenario) with ERS; and

If a file is not received due to a file transmission problem or a sFTP issue, Delta Dental will reach out to the assigned ERS eligibility contact, alerting them of the issue to work through a resolution.

Explanation of how information reported to ERS is to be derived from the source data file.


N.2. If Respondent supplies an interface to ERS, then Respondent shall provide a full description of the interface file that shall include, but not be limited to, complete definitions of each field of the interface file.


N.3. Respondent shall provide documentation of its business policies and procedures

related to the business process.

Please refer to attachments entitled Business Processes – DHMO and Employees Retirement System of Texas Onboarding Timeline, under Tab 68.

N.4. Respondent shall describe its standard web interface protocol.



N.4.a. What flexibility does Respondent have with regard to its standard web interface protocol approach?


N.5. What measures does Respondent take to ensure the security of interfaces, which would

include, but not be limited to, data files, emails, print screens and email attachments that Respondent is sending/receiving to/from external sources (whether ERS or a third party)?

Enrollment files are sent from the group via sFTP. For emails, we use three levels of controls to scan the message prior to its reaching a Delta Dental user’s inbox, including network heuristic and signature-based IDS systems, SPAM gateways and anti-virus protections. Data in transit is encrypted

N.5.a. If ERS discontinues Respondent’s services during the Contract Term, how would ERS’

data be extracted? Respondent shall provide a detailed description of the format or structure of the extracted data.

Please refer to the attachment entitled Delta Dental Standard Layout, under Tab G, for the file layout used when providing claims data to a new carrier.

• Would it be structured fields, XML, Bitmap?

Not applicable

• Would a data dictionary be provided for the extracted data? Not applicable

N.6. Respondent shall confirm that it will only transmit and receive confidential and sensitive

information via encrypted transmission protocols including site to site VPN, SFTP, TLS, or other industry accepted encryption methodology.

Confirm N.6.a. If Respondent cannot confirm Interrogatory N.6. above, Respondent shall provide a


Not applicable N.7. Respondent shall provide its standard data and claims files for ERS’ review. This file

should include specifications that are required when ERS transfers Participant information.

Acknowledged and confirmed. Please refer to the attachments provided as part of Delta Dental’s Standard Data and Claims Files - DHMO, under Tab 69.

N.8. What is Respondent’s standard interface protocol? Provide a detailed description.



N.8.a. What flexibility does Respondent have with Respondent’s standard approach? Provide

a detailed description.


N.9. Please list and describe all PHI and security breaches Respondent’s organization has

experienced with external reporting requirements, including, but not limited to, loss of equipment that contained client information, loss of files, unauthorized access to Respondent’s networks within the last seven (7) years, and reporting of HIPAA breaches as required under the provisions of HIPAA.

In the past seven years (May 2012 through May 2018), Delta Dental has experienced 988 privacy breaches. There have been no security breaches. The majority of privacy breaches were instances where Explanation of Benefits (EOB) were mailed to the wrong recipient. Many of these were the result of incorrect enrollee address information provided by the group or employer. Other causes include human error resulting in the mismatching of envelope contents with the correct addressed envelope. To correct each instance and prevent it from occurring again, the employees are coached on their errors. All impacted members are notified within the requirements of the federal law.

N.9.a. What investments has Respondent made over the past three (3) years in its technology

to mitigate security breaches?

Delta Dental spent between $8 million to $12 million over the past three years on various IT security initiatives.

N.10. Briefly describe Respondent’s backup procedures for the system(s) to be used in the

services proposed to ERS.

All data is systematically protected from data loss by a scheduled backup system. Virtually all data is replicated and stored at our backup data center in Mechanicsburg, PA, in near real time. A small amount of data follows a daily tape backup process, in which case backup media is encrypted, labeled, tracked and stored off-site. Retention is determined by local and federal laws and/or contractual requirements. Delta Dental has disaster recovery and business continuity plans in place that are tested regularly to ensure continuity of operations. We maintain a comprehensive Business Continuity and Disaster Recovery program that is designed to ensure the continuation of all vital corporate and business functions in the event of a disaster. Recovery of the infrastructure that comprises our data-processing systems is programmed to recover applications based on their priority to our customers. Customer-facing systems such as telephony, web and email are recovered in as little as 12 hours, our core claims processing system is recovered in 24 hours and peripheral work and reporting systems are recovered within 72 hours such that all critical systems are recovered within 72 hours of a disaster being declared. This program is fully documented and tested at least annually. Our enterprise of Delta Dental-affiliated companies operates three regional contact centers – in Alpharetta, GA, Mechanicsburg, PA; and Rancho Cordova, CA – all of which are interconnected. We have 3,000 telephone lines that service the customer service centers across our enterprise and can distribute call traffic based on business needs. This any-to-any structure allows a customer service representative to handle a call that comes in to any of these three locations. In the event a call center is unable to handle its calls, those calls can easily be transferred to a different location. This approach is used if a call center is closed due to severe weather or other emergency condition.


O. Deviations – Security Practices Requirements - DHMO O.1. Affirm that Respondent shall comply with all of the Scope of Work – Information

Systems Requirements –Security Practices Requirements described in RFP Sections X.C.1. – X.C.12.




P. Interrogatories – Security Practices Requirements - DHMO P.1. Does Respondent have a full-time Information Security Officer or Chief Security Officer?

Yes No

If Respondent marked “Yes”, Respondent shall describe how this role fits into Respondent’s organizational chart. Thomas Baltis is vice president and chief information security officer. Mr. Baltis reports directly to Kirsten Garen, Delta Dental’s senior vice president and chief information officer. Ms. Garen reports directly to Tony Barth, Delta Dental’s president and chief executive officer.

P.1.a. If Respondent marked “No” for Interrogatory P.1. above, Respondent shall provide a

detailed description as to why not. Not applicable P.2. Does Respondent have dedicated resources for information security efforts?

Yes No

P.2.a. If Respondent marked “No” for Interrogatory P.2. above, Respondent shall provide a


Not applicable P.3. What are Respondent’s minimum and maximum User ID lengths?

Minimum User ID Length Delta Dental follows industry standard password policy best practices. However, the details are confidential to Delta Dental.

Maximum User ID Length Delta Dental follows industry standard password policy best practices. However, the details are confidential to Delta Dental.


P.4. Would Respondent support any kind of SSO solution for users of the ERS-based product?

Yes No

If yes, Respondent shall describe. Clients have the option to implement SSO which connects enrollees to our website where they can view-only their eligibility, benefits and claims information.

P.5. What technology in the data center (servers, storage, and network infrastructure) which

provides services to ERS is shared with other data center customers?

All data is secured and logically segregated by group and division IDs. Only those with the proper authority can access the data of a specific business customer. The applications also support logical data segregation with strong password criteria that restrict possible data exposure to other groups or enrollees.

P.6. What kind of network security devices are running in Respondent’s data center(s) (e.g., data loss prevention tools, intrusion detection systems, intrusion prevention systems)?

Data is stored in Delta Dental-owned data centers located in Rancho Cordova, CA and Mechanicsburg, PA. Data centers housing personal health information are located in restricted-access areas and are protected by several layers of physical security. All buildings have comprehensive fire- and intrusion-detection systems that alert the appropriate authorities if unexpected events are identified. Access to buildings is by badge access providing an audit trail. All entrances have video surveillance providing an additional record of who enters Delta Dental’s buildings. Data centers are protected by a further level of badge access with a separate access list for entry and a separate video surveillance system used at all doors. All video surveillance is retained for a minimum of 30 days. To obtain access to secured areas, authorization must be approved by the vice president of Information Technology. All Internet ingress/egress points are protected by firewalls and Intrusion Detection Systems (IDS) sensors. Externally facing web services are located in a network DMZ protected by firewalls. Delta Dental also uses firewalls and/or Access Control Lists (ACLs) to separate internal environments (e.g. production from pre-production) and IDS sensors internally to monitor critical systems for malicious activity. Anti-virus software is loaded on all systems (client and server). Anti-virus software is centrally managed with signature updates automatically distributed. All Delta Dental confidential information in transit or at rest outside of Delta Dental’s secure network/facilities is encrypted.

P.7. Describe in detail Respondent’s practices and controls utilized to limit access and

protect confidential and sensitive data in storage and in transit.

Delta Dental’s policy is that all transmission of confidential information must be encrypted. Protocols include: TLS and sFTP/FTPs. All of Delta Dental’s eligibility transmission systems and online eligibility maintenance system are password protected and encrypted outside the firewall. Delta Dental’s current information security processes and procedures meet the compliance requirements of HIPAA’s Security Rule. All Delta Dental confidential information in transit or at rest outside of Delta Dental’s secure network/facilities is encrypted.


P.8. Are network firewalls and other security equipment checked by independent third parties for vulnerabilities and possible exploits?

Yes No P.8.a. If yes, how often?

Delta Dental conducts periodic security reviews, vulnerability scanning, and/or penetration testing on its network and server infrastructure. For most systems, scans are performed on a quarterly basis though some systems are done more frequently. New and significantly modified web applications are subject to web-application vulnerability testing. This testing is performed by Security Engineering using a commercial web-application vulnerability testing tool and manual review. Any vulnerability found is tracked and addressed.

P.8.b. If Respondent marked “No” to Interrogatory P.8. above, Respondent shall provide a


Not applicable. P.9. In the event of a security breach, describe the process to notify ERS of the breach of

ERS data, Respondent facilities or other types of Information Technology infrastructure breaches.

Delta Dental has procedures in place to handle breaches on a case-by-case basis. We comply with applicable state and federal requirements regarding notification of privacy and data security breaches. Delta Dental investigates reported potential unauthorized disclosures using the following process: a. Identification: Workforce members are expected to identify unauthorized disclosures of

personal information and, as appropriate, limit the potential for further disclosures. Delta Dental has established training for employees and contractors (workforce members) explaining how to recognize potential unauthorized disclosures and what steps to take.

b. Reporting to Delta Dental’s Department of Risk, Ethics and Compliance (REC): Workforce members who discover or are notified of an incident are required to submit a report detailing the complete facts of the incident including: what happened, whose information was potentially disclosed and to whom, who owns the information and what steps have been taken to contain or control the incident.

c. Incident Triage: Based on initial information reported, REC immediately begins incident tracking, conducts an initial assessment, and notifies the executive team as appropriate.

d. Incident Investigation: A member of REC investigates each reported privacy incident and a member of IT Security investigates reported security incidents, coordinating between departments as appropriate. The investigation confirms what occurred, works with appropriate operational departments to understand underlying operational issues and determines applicable state laws.

e. Incident Response: Incidents are forwarded to the appropriate operational departments to identify and remedy the specific case as well as identify root cause.

f. Compromise Assessment/Decision: An incident review team comprised of Legal, Compliance and IT Security (when appropriate) reviews the reported incident, evaluates whether the individual’s information has been compromised and all applicable state laws. Based on this assessment, the review team determines whether a breach has occurred and whether notification is required.

g. Notification to Impacted Member in the Event of a Breach: If appropriate, notification letters are drafted to describe what occurred, the type of information disclosed, steps that affected individuals should take to protect themselves from potential harm, and an explanation of what Delta Dental is doing to mitigate the harm.

h. Trends and Corrective Action Plans: The REC compiles, analyzes and reports on all incident patterns. As appropriate, Delta Dental develops corrective action plans to address underlying systematic root causes, including business process refinements, system changes and/or additional work force training.


i. Reporting: Delta Dental reports all confirmed breaches to appropriate governmental agencies and media outlets when necessary.

P.10. Respondent shall describe how often its firewall and router configuration standards are

reviewed. Respondent shall provide the last date its firewall and router configuration standards were reviewed.

Delta Dental reviews these annually, with the last router configuration standard reviewed on June 25, 2018. A revision will be completed in July 2018.

P.11. Respondent shall describe its processes and procedures for managing and patching

known vulnerabilities. Is there a patch management solution in place, so that all system components and software are protected from known vulnerabilities by having the latest vendor supplied security patches installed? How often are systems checked? What was the last date Respondent’s data center systems and user workstations were checked?

Delta Dental conducts periodic security reviews, vulnerability scanning, and/or penetration testing on its network and server infrastructure. For most systems, scans are performed on a quarterly basis though some systems are done more frequently. New and significantly modified web applications are subject to web application vulnerability testing. This testing is performed by Security Engineering using a commercial web-application vulnerability testing tool and manual review. Any vulnerability found is tracked and addressed. Payment Card Industry (PCI) network penetration scans are conducted by a third party on a quarterly basis against all Internet-facing IP addresses. All medium and high vulnerabilities are reviewed and remediated as required. Delta Dental has an established process for reviewing and installing system security patches. Delta Dental monitors for system/application security patches and applies them where applicable. Additionally, Delta Dental also regularly scans systems for patch/software version compliance. In general, all Delta Dental-determined critical patches are targeted for testing and installation within one week of release. However, in some cases the process may be accelerated based on the vulnerability risks of some or all systems. All critical patches are generally applied and validated in non-production environments prior to their application in production systems. Validation is performed by test teams for non-production systems and by business areas for production systems. Details are confidential to Delta Dental.

P.12. Respondent shall describe its processes and procedures in place for responding to low,

medium and high severity information security incidents. What is Respondent’s process to rank such incidents? Does Respondent’s company have forensic security experts on staff or is a third party contracted in the case of a breach?

Delta Dental investigates potential incidents using an eight-step process:

1. Identification: Workforce members are trained to identify and report all types of compliance issues, including unauthorized disclosures of information.

2. Reporting: Workforce members who discover or are notified of an incident are required to submit a report detailing the incident.

3. Triage: Incidents are tracked, assessed for severity and if applicable, notification to executives of significant incidents or breaches.


4. Investigation: Delta Dental’s Department of Risk, Ethics and Compliance (REC) investigates each reported privacy incident and a member of IT Security investigates reported security incidents, coordinating between departments as appropriate.

5. Incident Response: Incidents are forwarded to the appropriate operational departments to identify and remedy the specific case as well as identify root cause.

6. Compromise Assessment/Decision: An incident is evaluated to determine if information has been compromised, and what laws are applicable. Based on this assessment a determination is made whether a breach has occurred and whether notification is required.

7. Notification: Notifications include a description of the event, the information disclosed, steps affected individuals should take to protect themselves from potential harm, a description of what Delta Dental is doing to mitigate the harm and offer credit monitoring to impacted individuals when critical identifying elements are disclosed.

8. Trends and Corrective Action Plans: all events are assessed and analyzed. Corrective action plans are made to address underlying systematic root causes.

Delta Dental has engaged an external third party to assist in the event of a large scale cyber-security incident. Notifications include a description of the event; the information disclosed; steps that affected individuals should take to protect themselves from potential harm; description of what Delta Dental is doing to mitigate the harm; and offer credit monitoring to impacted individuals when critical identifying elements are disclosed.

P.13. What anti-virus protection/programs does Respondent use? Is AV software deployed

on all Respondent’s and Respondent’s contractor systems (such as servers, workstations, laptops) commonly affected by malicious software? Are all anti-virus programs capable of detecting, removing and protecting against all known types of malicious software (i.e., viruses, worms, spyware, Trojans, adware and rootkits)? How often are the .DAT files updated and are automatic AV scans enabled?

Anti-virus software is loaded on all systems (client and server). Anti-virus software is centrally managed with signature updates automatically distributed. Other security controls include:

• Full-disk encryption on all laptops • Forced encryption on PDAs • Password protection - includes requirements for: minimum length, failure lockout

(requires manual reset) and generation control • Locking screen savers • Two-factor authentication for remote access • Centrally managed anti-virus/anti-spyware with automatic updates • Personal firewalls built into VPN software

Delta Dental has in place policies and procedures regarding the security of computerized data within our control. This includes processes for the notification and investigation of breach activity and analysis of any non-compliance activities required by law and/or contractual requirements as a result of a breach. Delta Dental reduces the volume of collected and retained information to the minimum necessary; limits access to only those individuals who must have such access; and uses encryption, strong authentication procedures and other security controls to make information unusable by unauthorized individuals. All Internet ingress/egress points are protected by firewalls and Intrusion Detection Systems (IDS) sensors. Externally facing web services are located in a network DMZ protected by firewalls. Delta Dental also uses firewalls and/or Access Control Lists (ACLs)


to separate internal environments (e.g. production from pre-production) and IDS sensors internally to monitor critical systems for malicious activity. All Delta Dental confidential information in transit or at rest outside of Delta Dental’s secure network/facilities is encrypted.

P.14. Describe Respondent’s Security Incident Management policies and procedures for the

application as well as internal systems.

Delta Dental investigates reported potential, unauthorized disclosures using a nine-step process that is documented:

• Identification of potential incidents • Reporting to Delta Dental’s department of Risk, Ethics and Compliance (REC) • Incident triage • Incident investigation • Incident response • Compromise assessment/decision • Notification to impacted member in the event of a breach • Trends and corrective action plans • Reporting of confirmed breaches to governmental agencies and media outlets when

necessary Delta Dental’s incident-management process is in continual use, making periodic testing unnecessary. Process gaps are addressed as they are identified.

P.14.a. Respondent shall provide a copy of this documentation.

Please refer to attachment entitled Security Incident Management Process - DHMO, under Tab 70.

P.15. Respondent shall confirm it will follow highly restricted access policies behind any ERS-

related point-to-point VPN setup in support of this Contract. Confirm P.15.a. If Respondent cannot confirm Interrogatory P.15. above, Respondent shall provide a


VPN is not applicable. Clients do not connect to our network and we do not connect to client network.

P.16. Are Respondent’s portable devices encrypted to protect the data in case of theft or loss?

Yes No

P.16.a. If Respondent did not mark “Yes” to Interrogatory P.16. above, Respondent shall

provide a detailed description as to why not. Not applicable


P.17. How does Respondent manage physical security of its data center? Who gets access, what are the hours of operation?

Data is stored in Delta Dental-owned data centers located in Rancho Cordova, CA and Mechanicsburg, PA. Data centers housing personal health information are located in restricted-access areas and are protected by several layers of physical security. All buildings have comprehensive fire- and intrusion-detection systems that alert the appropriate authorities if unexpected events are identified. Access to buildings is by badge access providing an audit trail. All entrances have video surveillance providing an additional record of who enters Delta Dental’s buildings. Data centers are protected by a further level of badge access with a separate access list for entry and a separate video surveillance system used at all doors. All video surveillance is retained for a minimum of 30 days. To obtain access to secured areas, authorization must be approved by the Vice President of Information Technology. Normal business hours are 8 am to 4:45 pm (CT).

P.18. What technology is in place to manage network and server security? Provide the name

and the version of the technology used to manage the network and server security and describe the effectiveness of the technology.

Multiple tools are used to ensure network and server security, including Cisco FirePower IDS/IPS (Network security), Forcepoint Proxy, McAfee Anti-Virus, Firewalls/Network segments and periodic scanning and patching

P.19. Describe how Respondent controls access to ERS’ confidential data?

Delta Dental uses the Hewlett Packard claims-processing system, MetaVance, to administer dental benefits and to process enrollment, group billing, claims and encounters. Windows, Unix/LINUX and/or Mainframe systems are also used. The specifics are confidential to Delta Dental.

P.20. How does Respondent secure backup tapes? Who has access to them onsite and

offsite? Are they encrypted?

All data is systematically protected from data loss by a scheduled backup system. Virtually all data is replicated and stored at our backup data center in Mechanicsburg, PA, in near real time. A small amount of data follows a daily tape backup process, in which case backup media is encrypted, labeled, tracked and stored off-site. Retention is determined by local and federal laws and/or contractual requirements. Delta Dental has disaster recovery and business continuity plans in place that are tested regularly to ensure continuity of operations.

Any removable media that contains electronic personal health information is required by policy to be encrypted. All backup tapes use AES 256 hardware encryption and are transported, tracked and stored using Iron Mountain’s services.

P.20.a. Respondent shall confirm that they have the ability to encrypt ERS data using PGP

compatible encryption. Confirm P.20.a.i. If Respondent cannot confirm Interrogatory P.20.a. above, Respondent shall provide a


Not applicable


P.20.b. Describe the encryption technology that is being used.

Delta Dental complies with industry best practices for Cryptographic Algorithms and Protocols. Where available, Delta Dental uses FIPS 140-2 compliant algorithms.

P.21. How is Respondent’s application security managed and how is client data secured?

Delta Dental confidential information is protected through a combination of administrative, physical and technical security processes and controls. This includes, but is not limited to, the following.

1. Access based on "need to know" and "least privilege" principles with regular management reviews (at least twice annually).

2. Strong account management processes, e.g., default accounts/passwords removed; strong passwords; password expiration (90 days or less); failed login lockout; password history; locking screen savers and; immediate disabling of accounts upon termination of employment.

3. Encryption of sensitive information transmitted across untrusted networks (e.g. the Internet, wireless) and stored outside Delta Dental's secure facilities with the following additions: authentication credentials (e.g. passwords) are encrypted across all networks and encrypted (or hashed) in storage on all systems; full disk encryption of all laptops/PCs/blackberries; table level encryption of personal Information within the main claims processing system.

4. A “defense in depth” approach to protecting confidential information on our internal networks which includes the use of layer 4/7 firewalls, IDS/IPS, strong access control procedures and 802.1x device authentication.

5. Restricted remote access that requires two-factor authentication. 6. Restricted/controlled physical access to Delta Dental facilities. This includes electronic

badge access to buildings and restricted areas; 24-hour guards in the datacenter and CCTV.

P.22. Does Respondent have a formal information security program in place?

Yes No

P.22.a. Does Respondent have formal information security policies, procedures and standards?

Yes No

P.22.a.i. If yes, Respondent shall provide copies of their formal information security policies, procedures and standards. If Respondent considers this document confidential and proprietary, place this on Respondent’s separate schedule as required at RFP Section I.F.1.b. However, Respondent shall provide this document for appropriate evaluation of Respondent’s Proposal.

Please refer to the attachments provided as part of Delta Dental’s Formal Security Compliance Policies – PPO, under Tab 62.

P.22.b. Are employees required to periodically confirm their compliance with Respondent’s

information security policies, procedures and standards?

Yes No


P.22.b.i. If no, Respondent shall validate if their employees ever confirm compliance with

Respondent’s information security policies, procedures and standards and how often compliance is confirmed.

Not applicable P.22.c. Does Respondent have a user awareness campaign related to information security?

Yes No

P.22.c.i. If Respondent did not mark “Yes” to Interrogatory P.22.c. above, Respondent shall

enumerate and provide a detailed description as to why not. Not applicable

P.22.d. Respondent shall provide a full description of how Respondent monitors compliance.

Delta Dental’s Department of Risk, Ethics and Compliance operates on our commitment to business integrity, ethical behavior and high levels of business standards. Our compliance program implements federal and state laws and regulations that govern company business, establishes boundaries and personal obligations, and guides day-to-day performance and how the business operates. Delta Dental recognizes that an effective compliance program is predicated on an ongoing evaluation of risks and compliance. Therefore, Delta Dental’s program includes:

• Audits by the Internal Audit department for areas identified by it or Senior Management as high risk

• Routine compliance metrics and internal monitoring • Full cooperation and participation with, and providing appropriate access for,

regulatory agencies and groups conducting external audits to evaluate the organization and the overall effectiveness of the compliance program

• Organized process for developing and implementing corrective actions plans when necessary

• Delta Dental screens its workforce and providers before hiring or contracting and monthly against the Excluded Parties lists published by the federal government

• Robust legislative process to identify and monitor new and updated laws and regulations that are applicable to Delta Dental business

P.23. Are Respondent’s desktop and laptop computers encrypted to protect data in case of

theft or loss?

Yes No P.23.a. If Respondent cannot confirm Interrogatory P.23. above, Respondent shall enumerate


P.23.b. Describe the ability to use portable drives. If so, how are they protected?

Any removable media that contains electronic personal health information is required by policy to be encrypted.


All backup tapes use AES 256 hardware encryption and are transported, tracked and stored using Iron Mountain’s services.

P.24. How does Respondent protect the privacy of GBP Participants? Respondent shall

provide a detailed description.

Data is stored in Delta Dental-owned data centers located in Rancho Cordova, CA and Mechanicsburg, PA. Data centers housing personal health information are located in restricted-access areas and are protected by several layers of physical security. All buildings have comprehensive fire- and intrusion-detection systems that alert the appropriate authorities if unexpected events are identified. Access to buildings is by badge access providing an audit trail. All entrances have video surveillance providing an additional record of who enters Delta Dental’s buildings. Data centers are protected by a further level of badge access with a separate access list for entry and a separate video surveillance system used at all doors. All video surveillance is retained for a minimum of 30 days. To obtain access to secured areas, authorization must be approved by the Vice President of Information Technology. All Internet ingress/egress points are protected by firewalls and Intrusion Detection Systems (IDS) sensors. Externally facing web services are located in a network DMZ protected by firewalls. Delta Dental also uses firewalls and/or Access Control Lists (ACLs) to separate internal environments (e.g. production from pre-production) and IDS sensors internally to monitor critical systems for malicious activity. Anti-virus software is loaded on all systems (client and server). Anti-virus software is centrally managed with signature updates automatically distributed. All Delta Dental confidential information in transit or at rest outside of Delta Dental’s secure network/facilities is encrypted.

Q. Deviations – Business Resumption and Data Center Facilities

Requirements - DHMO Q.1. Affirm that Respondent shall comply with all of the Scope of Work – Information

Systems Requirements –Business Resumption and Data Center Facilities Requirements described in RFP Sections X.D.1. – X.D.9.





R. Interrogatories - Business Resumption and Data Center

Facilities Requirements - DHMO R.1. Describe Respondent’s contingency plans and procedures for providing business

continuity due to any event that might interrupt, delay or shut-down service that is related to Respondent’s services or products under this proposal, including that of any subcontractor upon whom Respondent relies in performing or providing services or products to or on behalf of ERS.

We maintain a comprehensive Business Continuity and Disaster Recovery program that is designed to ensure the continuation of all vital corporate and business functions in the event of a disaster. Recovery of the infrastructure that comprises our data-processing systems is programmed to recover applications based on their priority to our customers. Customer-facing systems such as telephony, web and email are recovered in as little as 12 hours, our core claims processing system is recovered in 24 hours and peripheral work and reporting systems are recovered within 72 hours such that all critical systems are recovered within 72 hours of a disaster being declared. This program is fully documented and tested at least annually. Our enterprise of Delta Dental-affiliated companies operates three regional contact centers – in Alpharetta, GA, Mechanicsburg, PA; and Rancho Cordova, CA – all of which are interconnected. We have 3,000 telephone lines that service the customer service centers across our enterprise and can distribute call traffic based on business needs. This any-to-any structure allows a customer service representative to handle a call that comes in to any of these three locations. In the event a call center is unable to handle its calls, those calls can easily be transferred to a different location. This approach is used if a call center is closed due to severe weather or other emergency condition.

R.2. Describe who has physical access to Respondent’s data center facility and how the

access is monitored.

Delta Dental employees have access to Delta Dental facilities where data centers are housed. Access to buildings is by badge access providing an audit trail. All entrances have video surveillance providing an additional record of who enters Delta Dental’s buildings. Data centers are protected by a further level of badge access with a separate access list for entry and a separate video surveillance system used at all doors. All video surveillance is retained for a minimum of 30 days. The data centers are housed behind secured areas. To obtain access to secured areas, authorization must be approved by the Vice President of Information Technology.

R.3. Does the Respondent’s data center have formal Uptime Institute certification?

Yes No

R.3.a. If yes, which certifications were granted? What year were they granted? Are the certifications still current?

Not applicable R.3.b. If no, how does Respondent confirm that its data center conforms to the Uptime Tier III

or Tier IV standards?

Delta Dental is not certified at any tier level. However, we do meet the required 99.982% uptime standard for over five years. We have a solid, well-engineered infrastructure that can support the data center without any impact or downtime.


R.3.c. If Respondent’s data center does not have formal Uptime Institute certification,

Respondent shall provide a detailed description as to why not.

Delta Dental has a reliable data center that continues to meet very high availability standards without certification

R.4. How does Respondent confirm that its data center conforms to the Uptime Tier III or Tier

IV standards; if the Respondent does not have a formal Uptime certification, how does the Respondent ensure that all critical data center systems associated with providing power and cooling to IT equipment can maintain uptime of at least 99.982% during any 12 month period?

Delta Dental has maintained a 99.982% level of availability for over five years by performing industry best practices, preventive maintenance and service across our power and cooling infrastructure to ensure it is always performing at the highest level.

R.5. What was the data center uptime for the previous 12 months (specify time period)?

Delta Dental had 100% uptime for the past 12 months. R.6. Provide details regarding the redundant links for internet access that Respondent has

in place for its data center, including redundant last-mile connectivity and diverse physical data-center network penetrations. Delta Dental has two internet links going to two different buildings. One internet access is provided by AT&T. The second internet access is provided by Consolidated Communications. Both buildings are connected to one another via Delta Dental controlled dark fiber.

R.7. Who is Respondent’s data center provider(s)?

Data centers are owned by Delta Dental. R.8. Briefly describe Respondent’s data backup and recovery procedures for the system(s)

to be used in the services proposed to ERS.

We maintain a comprehensive Business Continuity and Disaster Recovery program that is designed to ensure the continuation of all vital corporate and business functions in the event of a disaster. Recovery of the infrastructure that comprises our data-processing systems is programmed to recover applications based on their priority to our customers. Customer-facing systems such as telephony, web and email are recovered in as little as 12 hours, our core claims processing system is recovered in 24 hours and peripheral work and reporting systems are recovered within 72 hours such that all critical systems are recovered within 72 hours of a disaster being declared. This program is fully documented and tested at least annually.

R.9. Provide the names and a description of the hardware and software systems that

Respondent will use to fulfill ERS’ contract.

Hardware: MetaVance - Unix-based on a mixture of X86-based Linux, Sun Solaris and HP-UX Software:

• MetaVance - HP-UX and Sun Solaris • B2B: Unix Solaris and Linux • Provider Tools: Linux • Enterprise Business Desktop (EBD): Unix Solaris and Linux


• EIVR: Unix Solaris • Macess: Windows • FormWorks: Windows

R.10. For each hardware and software system, provide the following information: R.10.a. When was this system implemented?

Hardware, MetaVance: First deployed in 2007. Software: Our strategic vendor partners initially installed their products at Delta Dental as follows:

• MetaVance: 2007 • B2B: 2007 • EBD: 2010 • EIVR: 2010 • FormWorks: 2008 • Macess: 2004

The B2B application was installed by Delta Dental in 2007. EBD application was installed by Delta Dental in 2010. Both have been continually updated to reflect the changes in the industry and the needs of our clients.

R.10.b. When was the system last updated?

The last system update was June 23, 2018 R.10.c. Is there a future update being considered?

Yes No R.10.d. If so, provide the date and description of the anticipated update.

Hardware and software are continually updated to reflect the changes in the industry and the needs of our clients.

R.11. Respondent shall provide a copy of the disaster recovery plan and the disaster recovery

test results to ERS. These should include, but not be limited to: (a) the Disaster Recovery plans plus a description of the changes from the previous year’s plans, if any; and (b) the exercise test results conducted within the last twelve months of the disaster recovery and business continuity tests referencing the adequacy of these plans. The test results must include the RTO and RPO of the systems and applications which provide service to ERS. If these are a part of a SOC II Type 2 report, Respondent shall provide the portions of the report that refer to the normal, annual disaster recovery and business and continuity tests, plus copies of the service auditor’s report. Respondent further agrees to be available for reasonable inquiry by ERS of the disaster recovery plan and tests.

Please refer to the attachments entitled Delta Dental Business Continuity Program - DHMO, and Delta Dental Business Continuity Program Exercise Results - DHMO, under Tab 72.


R.12. A summary of the latest disaster recovery test results to ERS and a summary of the disaster recovery programs. The test results should include the RTO and RPO of the systems and applications which provide service to ERS. The Respondent must attest annually, by signature, that the disaster recovery tests will ensure that systems which the Respondent uses to provide services to ERS will be available within X hours of outage and will experience a maximum Y hours of data loss (where X is the RTO and Y is the RPO). Respondent further agrees to be available for reasonable inquiry by ERS of the disaster recovery plan and tests.

Please refer to the attachment entitled Delta Dental Delta Dental Business Continuity Program Exercise Results - DHMO, under Tab 73. Delta Dental agrees to attest annually, by signature, that the disaster recovery tests will ensure that Delta Dental’s systems will be available within 24 hours of outage and will experience a maximum 24 hours of data loss.

S. Deviations – SOC-2 Report Requirements - DHMO S.1. Affirm that Respondent shall comply with all of the Scope of Work – Technology

Services Requirements – SOC-2 Report Requirements described in Sections X.E.1. – X.E.3.




T. Interrogatories – SOC-2 Report Requirements - DHMO

T.1. SOC reports. Provide a full, un-redacted copy of the most recent SOC-2 type II report and results performed under the SSAE16 or SSAE18 SOC-2 Type II report or any other independent auditor report on the effectiveness of internal controls over operations and compliance of service to be provided under this RFP, including disaster recovery planning and testing, and data center facilities. This should include results of an independent, certified external security audit. Respondent shall also acknowledge and agree that ERS is entitled to review all such audit results on a yearly basis. If there is not a service organization control engagement performed, then provide a detailed explanation of how both information technology and operational control activities are assessed/evaluated to meet the services to be provided under this RFP. Please refer to attachment entitled Delta Dental SOC 2 Report, under Tab 74. This document is proprietary and confidential.

T.1.a. If applicable, provide a copy of Respondent’s sponsoring or parent company’s most recent SOC-2 report under SSAE 16 or SSAE18 SOC-2 Type II report or any other independent auditor report on the effectiveness of internal controls over operations, security, and compliance of service to be provided under the RFP.

Please refer to attachment entitled Delta Dental SOC 2 Report, under Tab 75. This document is proprietary and confidential.

T.1.b. Respondent shall also acknowledge and agree that ERS is entitled to review all such

audit results on a yearly basis.

Acknowledged and agreed.


T.2. If Respondent conducts its SOC-2 control audits with an external firm, please identify

the following:

Name of external firm: Armanino LLP Address of external firm: 44 Montgomery Street, Suite 900

San Francisco, CA 94104 Dates when firm performed the audits:

The last audit was performed for period January 1, 2017 to December 31, 2017.

T.3. If any data centers, development, or data services are outsourced or subcontracted,

Respondent shall provide copies of outsourcers’ or subcontractors’ SOC-2 under SSAE16 or SSAE18 SOC-2 Type II report or equivalent reports.

Not applicable. These services are not outsourced or subcontracted

T.3.a. Respondent shall also confirm that ERS is entitled to review outsourcers’ or

subcontractors’ SOC-2 under SSAE18 SOC-2 Type II report or equivalent reports annually.

Confirm

Not applicable. These services are not outsourced or subcontracted

APPENDIX V

IMPLEMENTATION AND PROJECT MANAGEMENT REQUIREMENTS


Appendix V. Implementation and Project Management Requirements Deviations and Interrogatories 1

Implementation and Project Management Requirements Deviations and Interrogatories

Respondent shall review the Deviation and Interrogatories instructions referenced at RFP Sections I.D.2. and I.D.3. Respondent shall complete the Interrogatories listed below by providing Respondent’s answer following each question. Respondent shall complete both PPO and DHMO sections if Respondent will be providing both plans. If Respondent is not providing services for both plans, then Respondent only needs to provide its Responses to either the PPO or DHMO sections. PPO RESPONSES A. Deviations – Implementation Requirements - PPO A.1. Affirm that Respondent shall comply with all of the Scope of Work – Implementation and

Project Management Requirements described in RFP Sections XI.A.1. – XI.A.5.




B. Interrogatories – Implementation Requirements - PPO If provided by the Respondent, an implementation credit will be used by ERS to help

offset ERS’ internal costs including, but not limited to, communications, data set-up, member education and the costs of dental plan enrollment set-up.

B.1. Confirm that Respondent is willing to provide implementation credit.

Confirm B.1.a. Confirm the amount of implementation credit Respondent will provide if awarded the

Contract. Delta Dental is offering a $25,000 implementation credit for our dual-choice program. C. Deviations – Project Management Requirements - PPO C.1. Affirm that Respondent shall comply with all of the Scope of Work –Implementation and

Project Management Requirements - Project Management Requirements described in RFP Sections XI.B.1. – XI.B.2.





D. Interrogatories – Project Management Requirements - PPO D.1. Describe how Respondent’s Implementation Project Manager proposes to work with the

ERS Project Manager and Implementation Team. How will the individuals on the team work together? What functional areas will be represented? If Respondent uses a specific approach or methodology, please describe it.

As a stand-alone dental carrier, Delta Dental specializes in the implementation and administration of dental benefits plans. We have extensive experience implementing and administering benefits for clients of all sizes, from large national groups to small local groups, both private and public, commercial and not-for-profit entities. Our implementation structure and processes provide reporting and consistency with local management, task prioritization, teamwork and communication. Delta Dental utilizes a team approach to implementation. The Delta Dental Sales team partners with an onboarding project manager who is assigned to serve as a liaison between external contacts and internal departments. This onboarding project manager provides a point of contact to clients, brokers and consultants throughout implementation. The onboarding project manager assists the sales account executive with the initial implementation meeting, leads the ongoing conference calls and/or meetings and oversees all deliverables associated with the implementation process to ensure that all deadlines are met and the customer is well served. Prior to enrollment, the client is provided with plan and benefits information in an electronic format to distribute to employees or members regarding plan features, covered services, eligibility requirements and information about using the program. Delta Dental has a specialized open-enrollment management staff that works with our account management team to provide information about the client’s dental plans and general dental health care.

Delta Dental’s approach to managing program implementation is based on our experience and expertise in using best business practices to implement and manage contracts with integrity. Delta Dental has always subscribed to the importance of management principles that include setting clearly defined goals and objectives and translating them into assigned tasks with specific schedules. We develop a detailed work plan to meet each contract requirement and then assign adequate staff and resources to complete each work plan task on schedule and to the customer’s satisfaction.

D.2. What type of logistical issues or concerns from a project management perspective does

Respondent believe this project will face? (i.e., location of Respondent’s Implementation Project Manager (offsite/onsite), resource team locations, communications, and subcontractors for printing or other outsourced services). Provide an explanation, including how these are mitigated.

Delta Dental has reviewed the requirements and deliverables of the ERS RFP extensively and do not foresee any logistical issues from a project management perspective. This is due in large part to our comprehensive onboarding process and experienced team. It is vital that we partner with ERS immediately after the award to ensure that task deadlines are set, consistent onboarding/implementation meetings are scheduled and agreement of the implementation schedule is confirmed. We measure the success of a client’s implementation on our ability to meet the deadlines established in our proposed implementation plan. A group is considered to be implemented when enrollment and benefit information is loaded, claims can be processed, the information is accessible through web tools, and invoices can be prepared.


Delta Dental has extensive experience implementing new benefit programs. Our Account Management team approach along with clearly documented milestones and frequent communication facilitates a smooth transition. Delta Dental’s receipt of complete enrollment and final plan-design detail three weeks prior to the effective date can help ensure a successful implementation. Implementing each customer’s dental plan accurately and on schedule is a fundamental prerequisite for building a long-term relationship and one Delta Dental takes seriously and takes pride in doing well. Our strategy for successful program implementations is grounded in our commitment to:

• Establishing continuity of leadership from the beginning of the start-up period and throughout the contract term;

• Assigning a start-up team manager and staff with relevant program experience and • Applying our well-established continuous quality improvement principles and

processes to monitor the start-up period schedule and supporting activities. Delta Dental’s approach to managing program implementation is based on our experience and expertise in using best business practices to implement and manage contracts with integrity. Delta Dental has always subscribed to the importance of management principles that include setting clearly defined goals and objectives and translating them into assigned tasks with specific schedules. We develop a detailed work plan to meet each contract requirement and then assign adequate staff and resources to complete each work plan task on schedule and to the customer’s satisfaction.

D.3. Based upon Respondent’s understanding of the project scope, does Respondent anticipate needing to make any system and/or process changes to accommodate ERS? What are Respondent’s internal processes and timelines associated with making any changes during implementation, both anticipated based on scope understanding or identified during implementation? No, there is no need to make any system/process changes to accommodate ERS. Delta Dental will assign an implementation team to ensure that appropriate transition timelines are met.

Delta Dental takes an aggressive management approach to implementation – emphasizing timely and accurate submission of all deliverables, achievement of all contractual milestones and thorough contingency planning. Delta Dental has the experience, resources and staff to complete all contract transition and implementation tasks within required time frames. For a group of ERS’ size, Delta Dental recommends 4-6 months for implementation. We provide a variety of dental benefits for large and prestigious organizations throughout country. We are part of an enterprise of Delta Dental-affiliated companies that administer benefits for more than 7,000 clients. Many of these clients are large and geographically diverse, requiring complex plan administration, including numerous employer sub-groups, diverse geographic locations, multiple product offerings and plan designs, and the flexibility to support specific client service requirements.

D.4. Describe how Respondent’s organization proposes to coordinate the activities and

transference of information between the implementation team and the account management team following the project launch.

Delta Dental strives to ensure new programs are implemented smoothly and seamlessly. Delta Dental uses a team approach to implementation. Delta Dental’s Sales team partners with an onboarding project manager who is assigned to serve as a liaison between the client and the


internal departments. The onboarding project manager assists the sales account executive with the initial implementation meeting, leads the ongoing conference calls and/or meetings and oversees all deliverables associated with the implementation process. This onboarding project manager provides a point of contact throughout the implementation process. The onboarding project manager begins to phase out once all information and data required to implement the group has been received and loaded into Delta Dental’s system. Implementation resources will remain available to the client and account manager for as long as necessary after the go-live date to ensure continuity and a smooth transition to Delta Dental's services.

The account manager is fully involved in the onboarding process by attending all implementation meetings. The account manager then serves as the client’s primary contact with overall responsibility for servicing the account and is dedicated to the client’s account for as much time as required. The client’s benefits administrator can support and assist in the successful implementation of their client’s benefits programs by providing consistent and complete guidelines, testing files and scenarios and providing the necessary follow-up for ongoing customer maintenance.

D.5. Provide a description of the proposed project team structure and internal controls to be

used during the course of the project, including any subcontractors.

To ensure clients receive a high level of service, Delta Dental uses an Account Management team approach to provide rapid response and resolution to client inquiries. The ERS team includes Sales Account Executive Kirk Lavallee, Account Manager Kim Price, Account Services Coordinator Candice Gaines and their support staff. As the account manager, Ms. Price will serve as ERS’ primary contact with overall responsibility for servicing the account. Ms. Price will be dedicated to the ERS account for as much time as required. Mr. Lavallee is the key contact during the proposal process and participates in service support after the sale. Both are supported by additional account services staff as well as other key Delta Dental personnel in such areas as eligibility, billing, claims and customer service as needed. The Account Management team is a “one-stop shop” for ERS, available by telephone, email or standard mail to address any and all inquiries concerning the account, including eligibility, billing, benefits and participant communications. All inquiries receive responses within 24 hours. The Account Management team for ERS is assisted by a support team of internal staff to provide information and solutions to client inquiries. The account manager serves as the liaison between ERS and all units of Delta Dental’s operations. Ms. Kristie Webster, Manager, Onboarding, will assign an onboarding project manager from her staff to manage implementation of ERS’ dental plan. The implementation team would be available to ERS as needed. As manager of Onboarding, Ms. Webster’s responsibilities include:

• Overseeing the team of onboarding project managers and support staff that implements Delta Dental benefits plans for new clients.

• Assigning onboarding project managers responsible for providing regional leadership and managing the implementation process for new clients. Onboarding project managers serve as liaisons between external contacts and internal departments, providing a point of contact to clients, brokers and consultants throughout implementation.


• Ms. Webster joined Delta Dental in 2003 as a customer service representative and soon after was promoted to customer service supervisor. She also served in the roles of Sales assistant, account management associate and Implementation specialist.

Delta Dental is a stand-alone dental administrator; its staff specializes in dental benefits. Unlike other carriers where staff coordinates the business of several lines of coverage, such as medical, vision, life and dental, Delta Dental’s staff – from the Account Management team to the customer service representatives in the call center – deals only with dental plans, making them dental benefits experts. No subcontractors are used in Delta Dental’s implementation of new clients.

D.6. What is Respondent’s proposed plan to achieve an Annual Enrollment readiness by May

1, 2019?

Upon notice of a contract award, a new group implementation meeting is held to ensure a smooth transition. Once we receive the client’s new group application, group information is entered into the system enabling customer service representatives to immediately access system information to answer enrollee questions. Prior to a new client’s effective date, an informational implementation meeting is held for all customer service supervisors and managers. Information on all new and soon-to-be implemented clients is available to all customer service representatives through:

• Department intranet updates • Online system access • Monthly team meetings • Special emails • Specialized ongoing training

Once a client’s plan is set up in our claims processing system, customer service representatives can access the necessary information to handle questions that are specific to the client’s coverage and benefits. Eligibility files must be provided and uploaded to the system before a customer service representative can answer or confirm an enrollee’s eligibility. Please refer to the attachment entitled Employees Retirement System of Texas Onboarding Timeline, under Tab H. For a group of ERS’ size, Delta Dental recommends 4-6 months for implementation.

D.7. What project approach/methodology does Respondent follow when working with

customers on projects?

Delta Dental’s team approach to account management enables us to dedicate as much time to ERS’ account as necessary. Implementation of ERS’ plan would be a top priority for Delta Dental. The account management team would be available to ERS as needed. Delta Dental’s Sales team partners with an onboarding project manager who is assigned to serve as a liaison between the client and the internal departments. The onboarding project manager assists the sales account executive with the initial implementation meeting, leads the ongoing conference calls and/or meetings and oversees all deliverables associated with the implementation process. This onboarding project manager provides a point of contact throughout the implementation process. Delta Dental’s approach to managing program implementation is based on our experience and expertise in using best business practices to implement and manage contracts with integrity.


Delta Dental has always subscribed to the importance of management principles that include setting clearly defined goals and objectives and translating them into assigned tasks with specific schedules. We develop a detailed work plan to meet each contract requirement and then assign adequate staff and resources to complete each work plan task on schedule and to the client’s satisfaction. The client’s benefits administrator can support and assist in the successful implementation of their client’s benefits programs by providing consistent and complete guidelines, testing files and scenarios and providing the necessary follow-up for ongoing customer maintenance. Post-implementation, Delta Dental asks new clients to complete a survey about our performance. Responses are evaluated and shared in Lessons Learned meetings to improve our implementation process.

D.8. Does Respondent have a formalized PMO practice? If not, then what is its structure?

Delta Dental practices a controlling PMO structure.

D.9. Does Respondent have a Project Management Institute certified PM that will work in

conjunction with the ERS PMO? If not, then what type of resource do they assign? Will they have a backup to the primary resource?

Yes. Our project manager is PMP-certified. The project manager is qualified in Delta Dental logistics, with the ability to gather requirements and onboard the project from end to end. There will also be a back-up project manager and an additional manager to support the ERS PMO if the Delta Dental project manager is unavailable.

D.10. Does Respondent use Microsoft (“MS”) Project and, if so, what version? If not, does

Respondent’s assigned PM know how to use MS Project?

Delta Dental’s project managers use SmartSheet.

D.11. Respondent shall explain the difference between a work breakdown structure (“WBS”)

and a project schedule.

The project schedule drives the project tasks and timelines, while outlining owners, dependencies and dates. The WBS focuses on deliverables without attached timelines, while grouping them into packages.

D.12. How does Respondent work with customer PMOs in communicating project activities,

(i.e., collaboration sites, meeting events, escalations, joint project monitoring tools, etc.)?

Smartsheet’s project timeline is a collaborative project management tool to drive activities and provide visibility for all stakeholders. Delta Dental’s project manager will host a daily check-in with the ERS PMO, while hosting subject matter expert meetings as required.

D.13. How does Respondent coordinate project risk/issues with their customers, (i.e.,

identification, communication, mitigation, tools, etc.)?

Delta Dental completes risk assessments by brainstorming potential risks and categorizing probability versus the impact. We then complete the risk matrix to prioritize risks for a mitigation plan. Delta Dental project managers monitor risks during our daily check-ins. We track risks that become issues via an issues log.


D.14. Does Respondent have historical PM artifacts from previous similar implementations, (i.e., WBS, Project Plans, Project Schedules, success measurements, etc.)?

Yes. Delta Dental project managers use previous project plans and timelines, as well as a lessons-learned register.

DHMO RESPONSES E. Deviations – Implementation Requirements - DHMO E.1. Affirm that Respondent shall comply with all of the Scope of Work – Implementation and

Project Management Requirements described in RFP Sections XI.A.1. – XI.A.5.




F. Interrogatories – Implementation Requirements - DHMO

If provided by the Respondent, an implementation credit will be used by ERS to help offset ERS’ internal costs including, but not limited to, communications, data set-up, member education and the costs of dental plan enrollment set-up.

F.1. Confirm that Respondent is willing to provide implementation credit.

Confirm F.1.a. Confirm the amount of implementation credit Respondent will provide if awarded the

Contract.

Delta Dental is offering a $25,000 implementation credit for our dual-choice program. G. Deviations – Project Management Requirements - DHMO G.1. Affirm that Respondent shall comply with all of the Scope of Work –Implementation and

Project Management Requirements - Project Management Requirements described in RFP Sections XI.B.1. – XI.B.2.




H. Interrogatories – Project Management Requirements - DHMO H.1. Describe how Respondent’s Implementation Project Manager proposes to work with the

ERS Project Manager and Implementation Team. How will the individuals on the team work together? What functional areas will be represented? If Respondent uses a specific approach or methodology, please describe it.

As a stand-alone dental carrier, Delta Dental specializes in the implementation and administration of dental benefits plans. We have extensive experience implementing and


administering benefits for clients of all sizes, from large national groups to small local groups, both private and public, commercial and not-for-profit entities.

Our implementation structure and processes provide reporting and consistency with local management, task prioritization, teamwork and communication. Delta Dental utilizes a team approach to implementation. The Delta Dental Sales team partners with an onboarding project manager who is assigned to serve as a liaison between external contacts and internal departments. This onboarding project manager provides a point of contact to clients, brokers and consultants throughout implementation. The onboarding project manager assists the sales account executive with the initial implementation meeting, leads the ongoing conference calls and/or meetings and oversees all deliverables associated with the implementation process to ensure that all deadlines are met and the customer is well served. Prior to enrollment, the client is provided with plan and benefits information in an electronic format to distribute to employees or members regarding plan features, covered services, eligibility requirements and information about using the program. Delta Dental has a specialized open-enrollment management staff that works with our account management team to provide information about the client’s dental plans and general dental health care.

Delta Dental’s approach to managing program implementation is based on our experience and expertise in using best business practices to implement and manage contracts with integrity. Delta Dental has always subscribed to the importance of management principles that include setting clearly defined goals and objectives and translating them into assigned tasks with specific schedules. We develop a detailed work plan to meet each contract requirement and then assign adequate staff and resources to complete each work plan task on schedule and to the customer’s satisfaction.

H.2. What type of logistical issues or concerns from a project management perspective does

Respondent believe this project will face? (i.e., location of Respondent’s Implementation Project Manager (offsite/onsite), resource team locations, communications, and subcontractors for printing or other outsourced services). Provide an explanation, including how these are mitigated.

Delta Dental has reviewed the requirements and deliverables of the ERS RFP extensively and do not foresee any logistical issues from a project management perspective. This is due in large part to our comprehensive onboarding process and experienced team. It is vital that we partner with ERS immediately after the award to ensure that task deadlines are set, consistent onboarding/implementation meetings are scheduled and agreement of the implementation schedule is confirmed. We measure the success of a client’s implementation on our ability to meet the deadlines established in our proposed implementation plan. A group is considered to be implemented when enrollment and benefit information is loaded, claims can be processed, the information is accessible through web tools, and invoices can be prepared. Delta Dental has extensive experience implementing new benefit programs. Our Account Management team approach along with clearly documented milestones and frequent communication facilitates a smooth transition. Delta Dental’s receipt of complete enrollment and final plan-design detail three weeks prior to the effective date can help ensure a successful implementation. Implementing each customer’s dental plan accurately and on schedule is a fundamental prerequisite for building a long-term relationship and one Delta Dental takes seriously and takes pride in doing well. Our strategy for successful program implementations is grounded in our commitment to:


• Establishing continuity of leadership from the beginning of the start-up period and

throughout the contract term; • Assigning a start-up team manager and staff with relevant program experience and • Applying our well-established continuous quality improvement principles and

processes to monitor the start-up period schedule and supporting activities. Delta Dental’s approach to managing program implementation is based on our experience and expertise in using best business practices to implement and manage contracts with integrity. Delta Dental has always subscribed to the importance of management principles that include setting clearly defined goals and objectives and translating them into assigned tasks with specific schedules. We develop a detailed work plan to meet each contract requirement and then assign adequate staff and resources to complete each work plan task on schedule and to the customer’s satisfaction.

H.3. Based upon Respondent’s understanding of the project scope, does Respondent

anticipate needing to make any system and/or process changes to accommodate ERS? What are Respondent’s internal processes and timelines associated with making any changes during implementation, both anticipated based on scope understanding or identified during implementation?

No, there is no need to make any system/process changes to accommodate ERS. Delta Dental will assign an implementation team to ensure that appropriate transition timelines are met.

Delta Dental takes an aggressive management approach to implementation – emphasizing timely and accurate submission of all deliverables, achievement of all contractual milestones and thorough contingency planning. Delta Dental has the experience, resources and staff to complete all contract transition and implementation tasks within required time frames. For a group of ERS’ size, Delta Dental recommends 4-6 months for implementation. We provide a variety of dental benefits for large and prestigious organizations throughout country. We are part of an enterprise of Delta Dental-affiliated companies that administer benefits for more than 7,000 clients. Many of these clients are large and geographically diverse, requiring complex plan administration, including numerous employer sub-groups, diverse geographic locations, multiple product offerings and plan designs, and the flexibility to support specific client service requirements.

H.4. Describe how Respondent’s organization proposes to coordinate the activities and

transference of information between the implementation team and the account management team following the project launch.

Delta Dental strives to ensure new programs are implemented smoothly and seamlessly. Delta Dental uses a team approach to implementation. Delta Dental’s Sales team partners with an onboarding project manager who is assigned to serve as a liaison between the client and the internal departments. The onboarding project manager assists the sales account executive with the initial implementation meeting, leads the ongoing conference calls and/or meetings and oversees all deliverables associated with the implementation process. This onboarding project manager provides a point of contact throughout the implementation process. The onboarding project manager begins to phase out once all information and data required to implement the group has been received and loaded into Delta Dental’s system. Implementation resources will remain available to the client and account manager for as long as necessary after the go-live date to ensure continuity and a smooth transition to Delta Dental's services.


The account manager is fully involved in the onboarding process by attending all implementation meetings. The account manager then serves as the client’s primary contact with overall responsibility for servicing the account and is dedicated to the client’s account for as much time as required. The client’s benefits administrator can support and assist in the successful implementation of their client’s benefits programs by providing consistent and complete guidelines, testing files and scenarios and providing the necessary follow-up for ongoing customer maintenance.

H.5. Provide a description of the proposed project team structure and internal controls to be

used during the course of the project, including any subcontractors.

To ensure clients receive a high level of service, Delta Dental uses an Account Management team approach to provide rapid response and resolution to client inquiries. The ERS team includes Sales Account Executive Kirk Lavallee, Account Manager Kim Price, Account Services Coordinator Candice Gaines and their support staff. As the account manager, Ms. Price will serve as the ERS’ primary contact with overall responsibility for servicing the account. Ms. Price will be dedicated to the ERS account for as much time as required. Mr. Lavallee is the key contact during the proposal process and participates in service support after the sale. Both are supported by additional account services staff as well as other key Delta Dental personnel in such areas as eligibility, billing, claims and customer service as needed. The Account Management team is a “one-stop shop” for ERS, available by telephone, email or standard mail to address any and all inquiries concerning the account, including eligibility, billing, benefits and participant communications. All inquiries receive responses within 24 hours. The Account Management team for ERS is assisted by a support team of internal staff to provide information and solutions to client inquiries. The account manager serves as the liaison between ERS and all units of Delta Dental’s operations. Ms. Kristie Webster, Manager, Onboarding, will assign an onboarding project manager from her staff to manage implementation of ERS’ dental plan. The implementation team would be available to ERS as needed. As manager of Onboarding, Ms. Webster’s responsibilities include:

• Overseeing the team of onboarding project managers and support staff that implements Delta Dental benefits plans for new clients.

• Assigning onboarding project managers responsible for providing regional leadership and managing the implementation process for new clients. Onboarding project managers serve as liaisons between external contacts and internal departments, providing a point of contact to clients, brokers and consultants throughout implementation.

• Ms. Webster joined Delta Dental in 2003 as a customer service representative and soon after was promoted to customer service supervisor. She also served in the roles of Sales assistant, account management associate and Implementation specialist.

Delta Dental is a stand-alone dental administrator; its staff specializes in dental benefits. Unlike other carriers where staff coordinates the business of several lines of coverage, such as medical, vision, life and dental, Delta Dental’s staff – from the Account Management team to the customer service representatives in the call center – deals only with dental plans, making them dental benefits experts. No subcontractors are used in Delta Dental’s implementation of new clients.


H.6. What is Respondent’s proposed plan to achieve an Annual Enrollment readiness by May 1, 2019?

Upon notice of a contract award, a new group implementation meeting is held to ensure a smooth transition. Once we receive the client’s new group application, group information is entered into the system enabling customer service representatives to immediately access system information to answer enrollee questions. Prior to a new client’s effective date, an informational implementation meeting is held for all customer service supervisors and managers. Information on all new and soon-to-be implemented clients is available to all customer service representatives through:

• Department intranet updates • Online system access • Monthly team meetings • Special emails • Specialized ongoing training

Once a client’s plan is set up in our claims processing system, customer service representatives can access the necessary information to handle questions that are specific to the client’s coverage and benefits. Eligibility files must be provided and uploaded to the system before a customer service representative can answer or confirm an enrollee’s eligibility. Please refer to the attachment entitled Employees Retirement System of Texas Onboarding Timeline, under Tab H. For a group of ERS’ size, Delta Dental recommends 4-6 months for implementation.

H.7. What project approach/methodology does Respondent follow when working with

customers on projects?

Delta Dental’s team approach to account management enables us to dedicate as much time to ERS’ account as necessary. Implementation of ERS’ plan would be a top priority for Delta Dental. The account management team would be available to ERS as needed. Delta Dental uses a team approach to implementation. Delta Dental’s Sales team partners with an onboarding project manager who is assigned to serve as a liaison between the client and the internal departments. The onboarding project manager assists the sales account executive with the initial implementation meeting, leads the ongoing conference calls and/or meetings and oversees all deliverables associated with the implementation process. This onboarding project manager provides a point of contact throughout the implementation process. Delta Dental’s approach to managing program implementation is based on our experience and expertise in using best business practices to implement and manage contracts with integrity. Delta Dental has always subscribed to the importance of management principles that include setting clearly defined goals and objectives and translating them into assigned tasks with specific schedules. We develop a detailed work plan to meet each contract requirement and then assign adequate staff and resources to complete each work plan task on schedule and to the client’s satisfaction. The client’s benefits administrator can support and assist in the successful implementation of their client’s benefits programs by providing consistent and complete guidelines, testing files and scenarios and providing the necessary follow-up for ongoing customer maintenance.


Post-implementation, Delta Dental asks new clients to complete a survey about our performance. Responses are evaluated and shared in Lessons Learned meetings to improve our implementation process.

H.8. Does Respondent have a formalized PMO practice? If not, then what is its structure?

Yes. Delta Dental practices a controlling PMO structure.

H.9. Does Respondent have a Project Management Institute certified PM that will work in

conjunction with the ERS PMO? If not, then what type of resource do they assign? Will they have a backup to the primary resource?

Yes. Our project manager is PMP-certified. The project manager is qualified in Delta Dental logistics, with the ability to gather requirements and onboard the project from end to end. There will also be a back-up project manager and an additional manager to support the ERS PMO if the Delta Dental project manager is unavailable.

H.10. Does Respondent use Microsoft (“MS”) Project and, if so, what version? If not, does

Respondent’s assigned PM know how to use MS Project?

Delta Dental’s project managers use SmartSheet. H.11. Respondent shall explain the difference between a work breakdown structure (“WBS”)

and a project schedule.

The project schedule drives the project tasks and timelines, while outlining owners, dependencies and dates. The WBS focuses on deliverables without attached timelines, while grouping them into packages.

H.12. How does Respondent work with customer PMOs in communicating project activities,

(i.e., collaboration sites, meeting events, escalations, joint project monitoring tools, etc.)?

Smartsheet’s project timeline is a collaborative project management tool to drive activities and provide visibility for all stakeholders. Delta Dental’s project manager will host a daily check-in with the ERS PMO, while hosting subject matter expert meetings as required.

H.13. How does Respondent coordinate project risk/issues with their customers, (i.e.,

identification, communication, mitigation, tools, etc.)?

Delta Dental completes risk assessments by brainstorming potential risks and categorizing probability versus the impact. We then complete the risk matrix to prioritize risks for a mitigation plan. Delta Dental project managers monitor risks during our daily check-ins. We track risks that become issues via an issues log.

H.14. Does Respondent have historical PM artifacts from previous similar implementations,

(i.e., WBS, Project Plans, Project Schedules, success measurements, etc.)?

Yes. Delta Dental project managers use previous project plans and timelines, as well as a lessons-learned register.

Timeline Employees Retirement System of TXTask Name Owner Duration Start Finish Predecessors Assigned To % Complete Status

1 Delta Dental Employees Retirement System of Texas Project 138d 03/06/19 09/13/19

2 Planning and Schedule Development 138d 03/06/19 09/13/19

3 Effective Date 0 09/01/19 09/01/194 Award Notification 4d 03/06/19 03/11/195 Hold Kick-off Onboarding Meeting Delta Dental 5d 03/11/19 03/15/196 Charter Delta Dental 5d 04/01/19 04/05/197 Scope Delta Dental 5d 04/08/19 04/12/19 68 Define and Document Requirements Delta Dental 30d 04/15/19 05/24/19 79 Develop Work Breakdown Structure Delta Dental 11d 05/27/19 06/10/19 8

10 Develop Test Plan Delta Dental 11d 05/27/19 06/10/19 811 Detailed Project Plan Delta Dental 11d 05/27/19 06/10/19 812 Define Deliverables Delta Dental 11d 05/27/19 06/10/19 813 Review Expectations and Requirements ERS & Delta Dental 11d 05/27/19 06/10/19 814 Setup Workgroup Meetings Delta Dental 11d 03/11/19 03/25/1915 Schedule Transition Call from Onboarding to Account Manager ERS & Delta Dental 7d 09/05/19 09/13/19

16 Contractual 85d 03/11/19 07/05/19

17 Negotiate Final Contract Terms ERS & Delta Dental 10d 04/01/19 04/12/19 8SF18 Send New Group Paperwork to Review Delta Dental 10d 03/11/19 03/22/1919 Return Signed Group Applications & DeltaCare State Forms ERS 10d 03/25/19 04/05/1920 Return Signed Group Business Associate Addendum ERS 10d 03/25/19 04/05/1921 Obtain ERS Contract Approval and Signature ERS 60d 04/15/19 07/05/19 1722 Delta Contract Finalized ERS & Delta Dental 0

23 System Configuration 134d 03/11/19 09/12/19

24 Analyze Benefits ERS & Delta Dental 10d 03/11/19 03/22/1925 Review Work In Progress Delta Dental 10d 03/11/19 03/22/1926 Review Orthodontia New Cases Delta Dental 10d 03/11/19 03/22/1927 Review Orthodontia Work in Progress Delta Dental 10d 03/11/19 03/22/1928 Discuss Transition of Care Delta Dental 10d 03/11/19 03/22/1929 Configure Benefits Delta Dental 22d 04/01/19 04/30/1930 QA Benefits Delta Dental 11d 05/01/19 05/15/19 2931 Send History File ERS 6d 09/01/19 09/06/1932 Load History File Delta Dental 10d 09/01/19 09/12/1933 Test Claim Scenarios Delta Dental 30d 06/14/19 07/25/1934 Move Benefits to Production Delta Dental 5d 07/26/19 08/01/19 3335 Begin Processing of Claims Delta Dental 1d 09/01/19 09/01/1936 Provide Billing Contact ERS & Delta Dental 7d 05/01/19 05/09/1937 Schedule Separate Billing Call Delta Dental 4d 05/13/19 05/16/1938 Agree on Billing Recon File Layout ERS & Delta Dental 5d 05/17/19 05/23/19 3739 Configure Billing Recon File Layout and Test ERS 34d 05/24/19 07/10/19 3840 Send Billing Recon File Test to Delta ERS 1d 07/11/19 07/11/19 3941 Delta Approves Billing Recon File Delta Dental 1d 07/12/19 07/12/19 4042 Request Online Billing & Reconciliation (OBR) Access Delta Dental 4d 08/16/19 08/21/1943 Invite OBR Users to Join Training Sessions Delta Dental 6d 08/16/19 08/23/1944 Confirm OBR Access Granted Delta Dental 6d 08/16/19 08/23/1945 Determine Employee Populations - Active, Retiree, Hourly, Salary, Etc. Delta Dental 10d 03/11/19 03/22/1946 Consider Billing and Reporting Needs for Structure Delta Dental 10d 03/11/19 03/22/1947 Send Proposed Structure Delta Dental 5d 03/25/19 03/29/19 45, 4648 Approve Structure ERS 1d 04/01/19 04/01/19 4749 Group Configuration Set Up Delta Dental 22d 04/01/19 04/30/19

50 Enrollment/Eligibility 119d 03/11/19 08/22/19

51 Determine Open Enrollment Period ERS 10d 03/11/19 03/22/1952 Determine Method of Enrollment ERS & Delta Dental 10d 03/11/19 03/22/1953 Schedule EDI Call Delta Dental 10d 03/25/19 04/05/19 5254 Provide Zip Codes for DeltaCare Enrollment if Requested Delta Dental 10d 03/25/19 04/05/1955 Confirm if Primary Provider Dentists Will Be Included on File ERS 10d 03/25/19 04/05/1956 Configure Enrollment Layout ERS 45d 04/08/19 06/07/19 5357 Send Test File ERS 11d 04/01/19 04/15/19

Page 1 of 2Exported on June 25, 2018 5:01:43 PM EDT

Task Name Owner Duration Start Finish Predecessors Assigned To % Complete Status58 Provide Test Results Delta Dental 3d 04/16/19 04/18/19 5759 Send Production File ERS 1d 05/01/19 05/01/1960 Load Production File Delta Dental 3d 05/02/19 05/06/19 5961 Send Production Stat Report Delta Dental 1d 05/07/19 05/07/19 6062 Request Eligibility Maintenance Application (EMA) Access Delta Dental 1d 08/18/19 08/18/1963 Invite EMA Users to Join Training Sessions Delta Dental 5d 08/18/19 08/22/1964 Confirm EMA Access Granted Delta Dental 5d 08/18/19 08/22/19

65 Claims File Interface 79d 04/01/19 07/18/19

66 Agree on Claims File Layout Delta Dental 23d 04/01/19 05/01/1967 Discuss File Layout Specifications and Enrollment Data to Test ERS & Delta Dental 11d 05/02/19 05/16/19 6668 Configure Layout and Test Claims Scenarios Delta Dental 34d 05/17/19 07/03/19 6769 Send Claims File Test to ERS Delta Dental 2d 07/04/19 07/05/19 6870 ERS Approves Claims File ERS 9d 07/08/19 07/18/19 6971 Claims File Approval ERS & Delta Dental 0 07/18/19 07/18/19 70

72 Pre-delegation Audit 44d 07/01/19 08/29/19

73 Review Delta UM Policies ERS 22d 07/01/19 07/30/1974 ERS Approves UM Policies ERS 22d 07/31/19 08/29/19 7375 Review Delta Customer Service Policies ERS 22d 07/01/19 07/30/1976 ERS Approves Customer Service Policies ERS 22d 07/31/19 08/29/19 7577 Review Delta Claims Policies ERS 22d 07/01/19 07/30/1978 ERS Approves Claims Policies ERS 22d 07/31/19 08/29/19 7779 Review Delta Fraud Waste and Abuse Policies ERS 22d 07/01/19 07/30/1980 ERS Approves Fraud Waste and Abuse Policies ERS 22d 07/31/19 08/29/19 7981 Review Delta Security Policies ERS 22d 07/01/19 07/30/1982 ERS Approves Security Policies ERS 22d 07/31/19 08/29/19 8183 Review Delta Quality Management Policies ERS 22d 07/01/19 07/30/1984 ERS Approves Quality Management Policies ERS 22d 07/31/19 08/29/19 83

85 Member Communications 70d 03/11/19 06/14/19

86 Develop Communication Plan Delta Dental 11d 03/11/19 03/25/1987 Draft & Send Sample Correspondence Delta Dental 11d 03/25/19 04/08/1988 ERS Reviews/Approves Member Communication ERS 11d 03/29/19 04/12/1989 IT Configure Approved Member Communication Delta Dental 45d 04/15/19 06/14/19 8890 Develop Training Plan Delta Dental 23d 03/11/19 04/10/1991 Define Member Website Requirements ERS 6d 03/11/19 03/18/1992 Configure Website Delta Dental 7d 04/01/19 04/09/1993 Approve Website ERS 9d 04/10/19 04/22/19 9294 Push Website to Production Delta Dental 34d 04/23/19 06/07/19 93

95 Network Development 110d 04/01/19 08/30/19

96 Develop Network ERS Dental 110d 04/01/19 08/30/1997 Finalize Provider Directory Template Delta Dental 23d 04/01/19 05/01/1998 ERS Approves Provider Directory Template ERS 11d 05/02/19 05/16/19 9799 Provider Directory Configured Delta Dental 21d 05/03/19 05/31/19

100 Provider Directory Produced Delta Dental 14d 06/03/19 06/20/19 99

Page 2 of 2Exported on June 25, 2018 5:01:43 PM EDT

APPENDIX X

ACCOUNTING AND FUNDING REQUIREMENTS DEVIATIONS AND

INTERROGATORIES

Appendix X. Accounting and Funding Requirements Deviations and Interrogatories 1

Accounting and Funding Requirements Deviations and Interrogatories

Respondent shall review the Deviation and Interrogatory instructions referenced at RFP Sections I.D.2. and I.D.3. Respondent shall complete the Interrogatories listed below by providing Respondent’s answer following each question. Respondent shall complete both PPO and DHMO sections if Respondent will be providing both plans. If Respondent is not providing services for both plans, then Respondent only needs to provide its Responses to either the PPO or DHMO sections. PPO RESPONSES A. Deviations – Funding Methodology Requirements - PPO A.1. Affirm that Respondent shall comply with all of the Scope of Work – Accounting and

Funding Requirements – Funding Methodology Requirements described in RFP Section XIII.A.1



Respondent’s Requested Deviation Detail: B. Deviations – Funding and Claims Reimbursement

Methodology – PPO B.1. Affirm that Respondent shall comply with all of the Scope of Work – Accounting and

Funding Requirements – Funding and Claims Reimbursement Methodology – PPO Only described in RFP Sections XIII.B.1. – X III.B.8.



Respondent’s Requested Deviation Detail: Delta Dental recommends reimbursement be administered on a checks-issued versus checks-

cashed basis. C. Interrogatories – Funding and Claims Reimbursement

Methodology – PPO C.1. RFP Sections XIII.B.3. – XIII.B.3.b. describe ERS’ current and preferred payment and

claims reimbursement methodology. Respondent shall describe its proposed processes for the self-funded arrangement requirements.

Self-funded invoices can be generated on weekly or monthly cycles as selected by the client. Under weekly invoicing, payments are requested within three days. Under monthly invoicing, payments are requested by the 10th of the month. Standard payment terms for a monthly billing cycle provide for net 10-day or net 30-day payments.


For monthly billing, Delta Dental requests that a prefund balance be established to cover claims paid prior to invoicing. Delta Dental recommends clients set up ACH funds transfer weekly – in which case no prefund is needed.

D. Deviations – W-2 and W-9 Submissions - PPO D.1. Affirm that Respondent shall comply with all of the Scope of Work – Accounting and

Funding Requirements – W-2 and W-9 Submissions described in RFP Sections XIII.D.1. – XIII.D.2.



Respondent’s Requested Deviation Detail: E. Interrogatories – W-2 and W-9 Submissions - PPO E.1. What will be the entity name on the W-2, Wage and Tax Statement and W-9 Request for

Taxpayer identification Number and Certification forms?

Delta Dental Insurance Company E.2. What will be the entity name on the DDA and the bank where ERS will submit the

Administrative Fee?

Delta Dental Insurance Company E.3. Confirm that Respondent agrees to cooperate with the State, as necessary, in order for

the State to properly prepare Form W-2s.

Confirm

F. Deviations – Financial Stability - PPO F.1. Affirm that Respondent shall comply with all of the Scope of Work – Accounting and

Funding Requirements - Financial Standing described in RFP Sections XIII.E.1. – XIII.E.2.



Respondent’s Requested Deviation Detail: E.1.b. Delta Dental can provide audited financial statements upon request. Delta Dental

requires a signed NDA before releasing any financial statements.


G. Interrogatories – Financial Stability - PPO G.1. Respondent shall provide a copy of its most recent audited or reviewed financial

statements. The financial statements should include, but not be limited to, Balance Sheet, Income Statement, Statement of Retained Earnings or Statement of Stockholders’ Equity, Statement of Cash Flows, and Notes to the Financial Statements.

Please refer to the attachment entitled Delta Dental Financial Statement - PPO, under Tab 87.

G.1.a. If applicable, specify the name and address of any sponsoring or parent corporation or

others who provide financial support to Respondent. Describe any understandings, legal relationships or financial agreements with respect to sponsorship or other financial support of Respondent with any other entity, i.e., guarantees, letters of credit, etc. What are maximum limits of additional financial support?

In 2000, Delta Dental of California (DDC) and Delta Dental of Pennsylvania (DDP) established a nonprofit holding company, Dentegra Group Inc. (Dentegra), to create a joint enterprise between DDC and their subsidiaries, along with DDP and their affiliated companies (the “enterprise”). The creation of the holding company resulted in fully integrated management teams and systems (claims processing, eligibility, underwriting, etc.) which created business efficiencies and seamless operations for the entities within the holding company system. Each of the companies in the holding company system share a common management team. The President and CEO of DDC is also President and CEO of DDIC and Alpha Dental Programs, Inc. The same for the CFO, COO, CLO, and every other officer position. This common management team enables DDIC and Alpha Dental Programs, Inc. to enjoy the same high-quality stewardship, strategic planning and financial acumen as the enterprise’s flagship company, DDC. The Dentegra holding company system brings the strength of a $9.2 billion (in revenues) a year (and growing) enterprise to a geographic area covering one-half of the U.S. population.

This level of interdependence manifests DDC’s resolute commitment to the financial success of the enterprise as a whole, and to the individual companies that comprise it. As the flagship company in the enterprise, DDC serves as the financial anchor, and the common enterprise executive leadership would not allow DDIC or Alpha Dental Programs, Inc. to be anything other than strong insurance companies that contribute to the further burnishing of the Delta Dental brand on which they all depend.

G.1.a.i. Provide a copy of the sponsoring organization's most recent audited financial statement

if any such entity provides financial support to Respondent. The financial statements should include, but not be limited to, Balance Sheet, Income Statement, Statement of Retained Earnings or Statement of Stockholders’ Equity, Statement of Cash Flows, and Notes to the Financial Statements.

Please refer to the attachment entitled Delta Dental Financial Statement - PPO, under Tab 88.

G.1.b. Identify Respondent’s independent auditor and, if applicable, the independent auditor for Respondent’s sponsoring organization. All program operations of Delta Dental and its affiliates are annually audited by its external audit firm, Armanino LLP.


G.1.c. If Respondent’s company is a subsidiary or affiliate of another company, provide a full disclosure of all direct or indirect ownership.

Delta Dental Insurance Company is a majority-owned for-profit subsidiary of Delta Dental of California. Delta Dental of California owns 91.12% common stock and 100% preferred stock in Delta Dental Insurance Company. Delta Dental Insurance Company is part of a holding company of Delta Dental-affiliated companies that was formed in 2000 composed of Delta Dental of California, Delta Dental of New York, Inc., Delta Dental of Pennsylvania, Delta Dental Insurance Company, Delta Dental of Puerto Rico and their affiliates. These companies form an enterprise that covers more than 35 million enrollees in 15 states plus the District of Columbia and Puerto Rico. The holding company also has affiliate operations in Mexico, serving an additional 1 million enrollees. Delta Dental Insurance Company affiliates include:

• Delta Dental of California • Delta Dental of Pennsylvania • Delta Dental of New York • Alpha Dental Programs, Inc. • Dentegra Insurance Company • Dentegra Insurance Company of New England

G.1.d. Can Respondent accompany the daily funding request with a detailed payroll register

including taxes?

Yes No If yes, provide a copy of the report.

Please refer to the attachments entitled Delta Dental Sample ASC Invoice - PPO and Delta Dental Sample Claim Activity Report - PPO, under Tab 89.

G.1.e. Describe how Respondent handles the following:

Stale dated checks; The following procedure outlines Delta Dental's process of resolving unclaimed property (UCP) checks. Most states' unclaimed property laws require that due diligence be performed for outstanding/stale-dated checks by mailing a notice letter to the payee. The payee may respond to the letter by verifying that the payment was valid but the funds were not received. If the valid funds were not received, then a replacement check is processed. In general, if no response has been received by the due date set by law, the monies are to be escheated to the owner's respective state of residence. Due diligence is required to be performed within four to 12 months of the escheatment due date (most due dates are 11/1/YY or 5/1/YY). Although only one letter is required to meet this


minimum notification period, multiple letters are mailed within 24 months of the escheatment due date. Currently, Delta Dental's standard procedure is to mail the initial contact letter for any check that is stale-dated two years (for 2017, checks dated 2015). The final letter is mailed within four to 12 months of the escheatment due date. Letters are mailed to the last known address on file. Checks are stale after 365 days from the issue date. This process is followed for any outstanding checks in any Delta Dental bank account.

Tracking; and Delta Dental tracks unclaimed benefit

payments. Annually, Delta Dental reviews its tracking and will mail a letter that contains an affidavit to the payee (signed at risk of penalty or perjury) of any unclaimed benefit payment that is two years old. The letter is sent to the payee's last known address. Information is tracked through Delta Dental's claims processing system and compared against our bank statements though an external database.

Reporting, etc. Delta Dental’s Accounting department

tracks all unclaimed benefits payments as part of its ongoing reconciliation of our finances. Escheatment procedures and timeframes vary for each state. Our Accounting department keeps an aged list of unclaimed proceeds and reports them based on each state’s individual requirements. Delta Dental does not retain funds from unclaimed payments.


DHMO RESPONSES H. Deviations – Funding Methodology Requirements - DHMO H.1. Affirm that Respondent shall comply with all of the Scope of Work – Accounting and

Funding Requirements – Funding Methodology Requirements described in RFP Section XIII.A.1.



Respondent’s Requested Deviation Detail: I. Deviations – Funding and Claims Reimbursement

Methodology – DHMO I.1. Affirm that Respondent shall comply with all of the Scope of Work – Accounting and

Funding Requirements – Funding and Claims Reimbursement Methodology – DHMO Only described in RFP Sections XIII.C.1. – XIII.C.9.



Respondent’s Requested Deviation Detail: J. Deviations – W-2 and W-9 Submissions - DHMO J.1. Affirm that Respondent shall comply with all of the Scope of Work – Accounting and

Funding Requirements – W-2 and W-9 Submissions described in RFP Sections XIII.D.1. – XIII.D.2.





K. Interrogatories – W-2 and W-9 Submissions - DHMO K.1. What will be the entity name on the W-2, Wage and Tax Statement and W-9 Request for

Taxpayer identification Number and Certification forms?

In Texas, the entity name on the W-9s issued by Alpha will be Alpha Dental Programs, Inc. As the plan administrator W-2s are issued under Delta Dental Insurance Company. Alpha Dental Programs, Inc. is a Delta Dental-affiliated company that underwrites DeltaCare® USA DHMO or other prepaid, fixed-copayment dental plans in Texas, Hawaii, Indiana, Illinois, Kentucky, Maryland, Missouri, New Jersey and Ohio. DeltaCare® USA is underwritten in these states by these Delta Dental-affiliated entities: AL — Alpha Dental of Alabama, Inc.; AZ — Alpha Dental of Arizona, Inc.; CA — Delta Dental of California; AR, CO, IA, MA, ME, MI, MN, NC, ND, NE, NH, OK, OR, RI, SC, SD, VT, WA, WI, WY — Dentegra Insurance Company; AK, CT, DC, DE, FL, GA, KS, LA, MS, MT, TN, WV — Delta Dental Insurance Company; HI, ID, IL, IN, KY, MD, MO, NJ, OH, TX — Alpha Dental Programs, Inc.; NV — Alpha Dental of Nevada, Inc.; UT — Alpha Dental of Utah, Inc.; NM — Alpha Dental of New Mexico, Inc.; NY — Delta Dental of New York, Inc.; PA — Delta Dental of Pennsylvania; VA – Delta Dental of Virginia. Delta Dental Insurance Company serves as the DeltaCare USA administrator in all these states. These companies are financially responsible for their own products.

K.2. What will be the entity name on the DDA and the bank where ERS will submit the

Administrative Fee?

Delta Dental Insurance Company K.3. Confirm that Respondent agrees to cooperate with the State, as necessary, in order for

the State to properly prepare Form W-2s.

Confirm L. Deviations – Financial Stability - DHMO L.1. Affirm that Respondent shall comply with all of the Scope of Work – Accounting and

Funding Requirements - Financial Standing described in RFP Sections XIII.E.1. – XIII.E.2.





M. Interrogatories – Financial Stability - DHMO M.1. Respondent shall provide a copy of its most recent audited or reviewed financial

statements. The financial statements should include, but not be limited to, Balance Sheet, Income Statement, Statement of Retained Earnings or Statement of Stockholders’ Equity, Statement of Cash Flows, and Notes to the Financial Statements.

Please refer to the attachment entitled Delta Dental Financial Statement – DHMO, under Tab 90.

M.1.a. If applicable, specify the name and address of any sponsoring or parent corporation or

others who provide financial support to Respondent. Describe any understandings, legal relationships or financial agreements with respect to sponsorship or other financial support of Respondent with any other entity, i.e., guarantees, letters of credit, etc. What are maximum limits of additional financial support?

In 2000, Delta Dental of California (DDC) and Delta Dental of Pennsylvania (DDP) established a nonprofit holding company, Dentegra Group Inc. (Dentegra), to create a joint enterprise between DDC and their subsidiaries, along with DDP and their affiliated companies (the “enterprise”). The creation of the holding company resulted in fully integrated management teams and systems (claims processing, eligibility, underwriting, etc.) which created business efficiencies and seamless operations for the entities within the holding company system. Each of the companies in the holding company system share a common management team. The President and CEO of DDC is also President and CEO of DDIC and Alpha Dental Programs, Inc. The same for the CFO, COO, CLO, and every other officer position. This common management team enables DDIC and Alpha Dental Programs, Inc. to enjoy the same high-quality stewardship, strategic planning and financial acumen as the enterprise’s flagship company, DDC. The Dentegra holding company system brings the strength of a $9.2 billion (in revenues) a year (and growing) enterprise to a geographic area covering one-half of the U.S. population.

This level of interdependence manifests DDC’s resolute commitment to the financial success of the enterprise as a whole, and to the individual companies that comprise it. As the flagship company in the enterprise, DDC serves as the financial anchor, and the common enterprise executive leadership would not allow DDIC or Alpha Dental Programs, Inc. to be anything other than strong insurance companies that contribute to the further burnishing of the Delta Dental brand on which they all depend.

M.1.a.i. Provide a copy of the sponsoring organization's most recent audited financial statement

if any such entity provides financial support to Respondent. The financial statements should include, but not be limited to, Balance Sheet, Income Statement, Statement of Retained Earnings or Statement of Stockholders’ Equity, Statement of Cash Flows, and Notes to the Financial Statements.

Please refer to the attachment entitled Delta Dental Financial Statements – DHMO, under Tab 91.

M.1.b. Identify Respondent’s independent auditor and, if applicable, the independent auditor

for Respondent’s sponsoring organization.

All program operations of Delta Dental and its subsidiaries are annually audited by its external audit firm, Armanino LLP.


M.1.c. If Respondent’s company is a subsidiary or affiliate of another company, provide a full disclosure of all direct or indirect ownership.

Delta Dental Insurance Company is a majority-owned for-profit subsidiary of Delta Dental of California. Delta Dental of California owns 91.12% common stock and 100% preferred stock in Delta Dental Insurance Company. Delta Dental Insurance Company is part of a holding company of Delta Dental-affiliated companies that was formed in 2000 composed of Delta Dental of California, Delta Dental of New York, Inc., Delta Dental of Pennsylvania, Delta Dental Insurance Company, Delta Dental of Puerto Rico and their affiliates. These companies form an enterprise that covers more than 35 million enrollees in 15 states plus the District of Columbia and Puerto Rico. The holding company also has affiliate operations in Mexico, serving an additional 1 million enrollees. Delta Dental Insurance Company affiliates include:

• Delta Dental of California • Delta Dental of Pennsylvania • Delta Dental of New York • Dentegra Insurance Company • Dentegra Insurance Company of New England

M.1.d. Can Respondent accompany the daily funding request with a detailed payroll register

including taxes?

Yes No If yes, provide a copy of the report.

Please refer to the attachment entitled Sample Fully Insured Invoice - DHMO, under Tab 92.

M.1.e. Describe Respondent’s reserving methodology for determination of each of the

following reserves for each Dental Plan:

Reserve for future payments on approved claims;

Not applicable to DeltaCare USA

Reserve for pending claims; Not applicable to DeltaCare USA

Reserve for accrued but unpaid payments; and

Under the DeltaCare USA program, Delta Dental pays for all preauthorized specialty care claims for services performed while the enrollee was eligible regardless of when the claim is received.

Reserve for incurred but unreported claims. Incurred but unreported reserves (IBNR)

for claims are based on group-specific utilization and Delta Dental’s payment patterns.

M.1.f. Describe how Respondent handles the following:


Stale dated checks; The following procedure outlines Delta

Dental's process of resolving unclaimed property (UCP) checks. Most of the states' unclaimed property laws require that due diligence be performed for outstanding/stale-dated checks by mailing a notice letter to the payee. The payee may respond to the letter by verifying that the payment was valid but the funds were not received. If the valid funds were not received, then a replacement check is processed. In general, if no response has been received by the due date set by law, the monies are to be escheated to the owner's respective state of residence. Due diligence is required to be performed within four to 12 months of the escheatment due date (most due dates are 11/1/YY or 5/1/YY). Although only one letter is required to meet this minimum notification period, multiple letters are mailed within 24 months of the escheatment due date. Currently, Delta Dental's standard procedure is to mail the initial contact letter for any check that is stale-dated two years (for 2015, checks dated 2013). The final letter is mailed within four to 12 months of the escheatment due date. Letters are mailed to the last known address on file. Checks are stale after 365 days from the issue date. This process is followed for any outstanding checks in any Delta Dental bank account

Tracking; and Delta Dental tracks unclaimed benefit

payments. Annually, Delta Dental reviews its tracking and will mail a letter that contains an affidavit to the payee (signed at risk of penalty or perjury) of any unclaimed benefit payment that is two years old. The letter is sent to the payee's last known address. Information is tracked through Delta Dental's claims processing system and compared against our bank statements though an external database.

Reporting, etc. Delta Dental’s Accounting department tracks

all unclaimed benefits payments as part of its


ongoing reconciliation of our finances. Escheatment procedures and timeframes vary for each state. Our Accounting department keeps an aged list of unclaimed proceeds and reports them based on each state’s individual requirements. Delta Dental does not retain funds from unclaimed payments.

Date post:	18-Dec-2021
Category:	Documents
Upload:	others
View:	1 times
Download:	0 times

B.1.d DDIC - Texas

Documents