FOR SAFE HARBOR PARTICIPANTS

If you have selected the Safe Harbor Option you are hereby agreeing to the following additional terms and conditions.

1. ELECTRONIC INFORMATION TRANSMISSION PREREQUISITES

1. All Transmissions shall be made in accordance with the standards set forth in the Phase II CORE 270: Connectivity Rule version 2.2.0.
2. Third Party Service Providers.
   1. Transmissions may involve use of any third party service provider ("Third Party Service Provider") with which either party may contract. Either party may modify its election to use, not use, or change a Third Party Service Provider upon thirty (30) days' prior written notice to the other party.
   2. Each party shall be responsible for the costs of any Third Party Service Provider with which it contracts.
   3. Each party shall be liable for the acts or omissions of its Third Party Service Provider while sending, receiving, storing or handling Transmissions, or performing related activities for such party; provided that if both the parties use the same Third Party Service Provider to effect the sending and receipt of a Transmission, the originating party shall be liable for the acts or omissions of such Third Party Service Provider as to such Transmission.
3. System Operations. Each party, at its own expense, shall provide and maintain the equipment, software, services (including but not limited to auditing and archiving) and testing necessary to send and receive Transmissions effectively and reliably.
4. Security Procedures. Each party shall use commercially reasonable security procedures to ensure that all Transmissions are authorized and to protect its business records and data from improper access. The parties agree that commercially reasonable security for Internet-based Transmissions shall include no less than 128-bit encryption.
5. Authentication.
   1. Each party shall adopt as its signature an electronic identification consisting of symbol(s) or code(s) which are to be affixed to or contained in each non-Internet Transmission made by such party ("Signatures"). Each party agrees that any Signature of such party affixed to or contained in any non-Internet Transmission shall be sufficient to verify such party originated such non-Internet Transmission.
   2. Both parties agree that any digital signature (i.e., electronic key issued by a certification authority for the purpose of authenticating the sender and ensuring the message contents are not altered prior to receipt) affixed to or contained in any Transmission shall be sufficient to verify such person originated such Transmission.
   3. Neither party shall disclose to any unauthorized person the Signatures of the other party.

2. FILE RETRIEVAL

ERA (835) files are available for retrieval via the Safe Harbor Method of Retrieval for 90 days from the date they are created. Each file retrieval request will result in a single file response if a file is available for the sender of the request for the date requested. If no file is available for the date requested, the response will contain an Error Code of "No File Found" and an Error Message of "No File for date requested available".

Files are named with the following naming convention. The first component of the file name is your receiver ID, the second component is the date of the file you are requesting, and the third component is State Farm's identifier followed by the type of file it is.

DEG 7, Preference for Aggregation of Remittance Data is where obtain your preference for your receiver ID.

1112223334_20130510_SFCORE.835

The following request would retrieve the above file.

<soapenv:Body>
<ns1:COREEnvelopeBatchResultsRetrievalRequest
xmlns:ns1="http://www.caqh.org/SOAP/WSDL/CORERule2.2.0.xsd">
<PayloadType>X12_005010_Request_Batch_Results_835</PayloadType>
<ProcessingMode>Batch</ProcessingMode>
<PayloadID>f81d4fae-7dec-11d0-a765-00a0c91e6bf6</PayloadID>
<TimeStamp>2013-05-10T10:20:34Z</TimeStamp>
<SenderID>1112223334</SenderID>
<ReceiverID>SFCORE</ReceiverID>
<CORERuleVersion>2.2.0</CORERuleVersion>
</ns1:COREEnvelopeBatchResultsRetrievalRequest>
</soapenv:Body>

3. ERROR HANDLING

If the username and/or password included in the request are not valid an HTTP 403 error response will be returned.

Envelope Processing Status and Error Codes are handled per section 4.3.3.2 of CORE Phase II 270 rule.