- Technology Solutions - Member Engagement - Patient Advocacy - Wellness Culture We place high importance on the experience that our customers have during our interactions, while also stressing the importance of giving back, especially where it matters most; close to home. This is reflected by Meridian’s core values and principles: discipline, diligence, honesty and commitment to community. Legal/Compliance B. Legal/Compliance 1. Over the past five years, has your firm or any officer or principal been involved in any business litigation or other legal proceedings related to your services? If yes, please describe nature and outcome 2. Are there any current or pending litigation or administrative actions against your firm? If yes, please describe them. 3. Describe in detail any potential conflicts of interest your firm, affiliates, or parent, may have in management of this account. 4. Describe the coverage levels and insurance carrier of Errors and Omission insurance and/or fiduciary or professional liability insurance carried by your firm. 5. Describe your data security policy, how you handle a data breach and how you ensure that Personally Identifiable Information (PII) is secured within your firm and when sharing between clients and your firm. At Meridian, not only our internal compliance procedures, but the ones we provide to our clients are of the upmost importance. This is demonstrated by the fact that neither Meridian nor our owners have been or are currently involved in any business litigation or legal proceedings related to our services. In the event of a future claim, Westport Insurance Corporation provides us with E&O insurance in the amounts of $10,000,000 per claim and $15,000,000 in aggregate. Internally, Meridian maintains full control over our compliance protocols, policies and service offerings as there are no conflicts, affiliates or parent companies involved that would impede our management of the Iroquois account. Meridian takes HIPAA compliance very seriously and ensures that all business associate agreements are up to date with all clients and vendors that we conduct business with or share PII. We have taken significant steps to ensure that our clients data security measures are best in class. This includes but is not limited to; secure email portals, encryption technology, multi-factor authentication, read-only specific to email addresses etc. In addition, no employees except of those designated to our client’s service team have access to sensitive client information, such as, census data, ben-admin portals etc. In our enclosures is a copy of our standard business associate agreement that outlines how Meridian would handle a data breach in the event one occurred. 10