HomeMy WebLinkAbout20241628.tiffRESOLUTION
RE: ACCEPT PURCHASE ORDER FUNDS FOR CASE MANAGEMENT AGENCY (CMA)
HOME CARE ALLOWANCE PROGRAM AND AUTHORIZE DEPARTMENT OF
HUMAN SERVICES TO DISBURSE FUNDS
WHEREAS, the Board of County Commissioners of Weld County, Colorado, pursuant to
Colorado statute and the Weld County Home Rule Charter, is vested with the authority of
administering the affairs of Weld County, Colorado, and
WHEREAS, the Board has been presented with a Purchase Order for the Case
Management Agency (CMA) Home Care Allowance Program between the County of Weld, State
of Colorado, by and through the Board of County Commissioners of Weld County, on behalf of
the Department of Human Services, and the Colorado Department of Human Services,
commencing July 1, 2024, and ending June 30, 2025, with further terms and conditions being as
stated in said purchase order, and
WHEREAS, after review, the Board deems it advisable to accept said purchase order, a
copy of which is attached hereto and incorporated herein by reference.
NOW, THEREFORE, BE IT RESOLVED by the Board of County Commissioners of
Weld County, Colorado, that the Purchase Order for the Case Management Agency (CMA) Home
Care Allowance Program between the County of Weld, State of Colorado, by and through the
Board of County Commissioners of Weld County, on behalf of the Department of Human Services,
and the Colorado Department of Human Services, be, and hereby is, accepted.
BE IT FURTHER RESOLVED by the Board that the Department of Human Services, be,
and hereby is, authorized to disburse said funds.
The above and foregoing Resolution was, on motion duly made and seconded, adopted
by the following vote on the 19th day of June, A.D., 2024.
BOARD OF COUNTY COMMISSIONERS
WELD COUNTY . a •RADO
ATTEST:
Weld County Clerk to the Board
7L 0
K '• Ross, Chair
BY:
Oecta-nd . (, l �r _ L/t Perry Buu r, Pro-Tem
I
Deputy Clerk to the Board
Mike Fr-eman
APVED
County Attorney \
Date of signature: �l , Iz
of . James
Lori Saine
Cc: HSD
0 $/o9 /.Zy
2024-1628
HR0096
Corr actl g2n I
BOARD OF COUNTY COMMISSIONERS
PASS -AROUND REVIEW
PASS -AROUND TITLE: Case Management Agency Home Care Allowance Contract Purchase Order for State
Fiscal Year (SFY) 2024-2025
DEPARTMENT: Human Services DATE: June 4, 2024
PERSON REQUESTING: Jamie Ulrich, Director, Human Services
Brief description of the problem/issue: On January 17, 2024, the Department entered into an
Intergovernmental Agreement with Colorado Department of Health Care Policy and Financing (HCPF) to serve
as a Case Management Agency, know to the Board as Tyler# 2024-0121. The Department's Area Agency on
Aging AAA receives funding annually from HCPF to provide long-term care information, initial intake,
screening, referral, assessment of need, determination of functional eligibility, care planning, case
management, reassessment, and case closure for disabled and older adults in Weld County. These services
provide individuals the opportunity to remain in the community as an alternative to entering an institutional
setting such as a nursing home.
For SFY 2024-2025, the Weld County Area Agency on Aging (AAA) has received $33,123.98 in funds per the
Purchase order IHGA 202500000329 issued from the Colorado Department of Human Services (CDHS). The
Department is requesting Board approval to disburse the funds. There is no Signature required on this
Purchase Order.
What options exist for the Board?
• Approval of the State Fiscal Year (SFY) 2024-2025 Case Management Agency Home Care Allowance
Contract Purchase Order.
• Deny approval of the State Fiscal Year (SFY) 2024-2025 Case Management Agency Home Care Allowance
Contract Purchase Order.
Consequences: WCDHS AAA will not be able to accept the funds from CDHS.
Impacts: WCDHS AAA will not be able to provide these services to disabled and older adults in Weld
County.
Costs (Current Fiscal Year / Ongoing or Subsequent Fiscal Years):
• Total allocated = $33,123.98 (Paid in monthly installments of $2,760.33)
• Funded through Colorado Department of Human Services (CDHS)
Pass -Around Memorandum; June 4, 2024 - CMS ID 8271
2024-1628
U/19 H 12 ocR o
Recommendation:
• Approval for the Department to dispense the funds from the Contract Purchase Order. No signature is
required.
Support Recommendation Schedule
Place on BOCC Agenda Work Session Other/Comments:
Perry L. Buck, Pro-Tem
Mike Freeman
Scott K. James
Kevin D. Ross, Chair
Lori Saine
.GQ _
rv\F _
4-
Hi -
Pass -Around Memorandum; June 4, 2024 - CMS ID 8271
Number:
Date:
STATE OF COLORADO
Department of Human Services
PO,IHGA,202500000329
5/10/24
Description:
Case Management Agency (CMA), Home Care
Allowance (HCA)
Effective Date: 07/01/24
Ex s iration Date: 06/30/25
Page 1 of 1
*****IMPORTANT*****
The order number and line number must appear on all
invoices, packing slips, cartons, and correspondence.
BILL TO
ACCOUNTING
1575 SHERMAN STREET, 6TH FLOOR
DENVER, CO 80203-1714
BUYER
SHIP TO
Buyer:
Email:
Toby Erxleben
toby.erxleben@state.co.us
WELD COUNTY
Human Services
P O BOX 1805
GREELEY, CO 80632-1805
Contact:
Phone:
9703521551
SELF SUFFICIENCY--COLO WORKS
1575 SHERMAN STREET, 3RD FLOOR
DENVER, CO 80203-1714
HIPPING INSTRUCTIONS
Delivery/Install Date:
FOB:
VENDOR INSTRUCTIONS
EXTENDED DESCRIPTION
Vendor will be paid 1/12 of their total allocation ($33,123.98) each month ($2,760.33) for performing CMA
functions as outlined in the Statement of Work
Line Item
1
Commodity/Item Code UOM QTY Unit Cost Total Cost MSDS Req.
0 0.00 $33,123.98 i
Description: SFY25 Weld CMAHCA; CFMS non-encumb
Service From: 07/01/24
Service To: 06/30/25
TERMS AND CONDITIONS
https://www.colorado.gov/osc/purchase-order-terms-conditions
DOCUMENT TOTAL = $31123.98
State of Colorado Purchase Order Terms and Conditions
1. Offer/Acceptance. This Purchase Order, together with these terms and conditions (including,
if applicable, Addendum 1: Additional Terms and Conditions for Information Technology, and
Addendum 2: Additional Terms and Conditions for Federal Provisions, below), and any other
attachments, exhibits, specifications, or appendices, whether attached or incorporated by reference
(collectively the "PO") shall represent the entire and exclusive agreement between the State and the
Vendor. If this PO refers to Vendor's bid or proposal, this PO is an ACCEPTANCE of Vendor's
OFFER TO SELL in accordance with the terms and conditions of this PO. If a bid or proposal is not
referenced, this PO is an OFFER TO BUY, subject to Vendor's acceptance, demonstrated by
Vendor's performance or written acceptance of this PO. Any COUNTER-OFFER TO SELL
automatically CANCELS this PO, unless a change order accepting the counter-offer is issued in
accordance with §4 accepting a counter-offer. The State shall not be responsible or liable for goods or
services delivered or performed prior to issuance of this PO.
2. Order of Precedence. In the event of a conflict or inconsistency within this PO, such conflict
or inconsistency shall be resolved by giving preference to the documents in the following order of
priority: (a) If applicable, Addendum 2: Additional Terms and Conditions for Federal Provisions, below;
(b) the Purchase Order document; (c) these Terms and Conditions (including, if applicable,
Addendum 1: Additional Terms and Conditions for Information Technology below); and (d) any
attachments, exhibits, specifications, or appendices, whether attached or incorporated by reference.
Any terms and conditions included on Vendor's forms or invoices not included in this PO are void.
3. Safety Information. All chemicals, equipment, and materials proposed or used in the
performance of this PO shall conform to the requirements of the Occupational Safety and Health Act
of 1970. Vendor shall furnish all Material Safety Data Sheets (MSDS) for any regulated chemicals,
equipment, or hazardous materials at the time of delivery.
4. Changes. Vendor shall furnish goods or services in strict accordance with the specifications
and price set forth for each item. This PO shall not be modified, superseded or otherwise altered,
except in writing signed by the State and accepted by Vendor. If this PO is for goods only and Vendor
has not delivered the goods prior to the expiration of this PO, but Vendor delivers all of the goods to
the State only after expiration of this PO, then the State, in its sole discretion, may accept the goods
under this PO by extending this PO and delivering the modification to Vendor; however, regardless of
anything to the contrary, if the State does not extend this PO for any reason then the goods delivered
after expiration of this PO shall be deemed rejected, Vendor shall arrange the return of all delivered
goods at Vendor's sole expense, and the State shall have no liability for any such goods.
5. Delivery. Unless otherwise specified in this PO, delivery shall be FOB destination, freight
prepaid and allowed. The State is relying on the promised delivery date and any installation or service
performance set forth in this PO as material and basic to the State's acceptance. If Vendor fails to
deliver or perform as and when promised, the State, in its sole discretion, may cancel its order, or any
part thereof, without prejudice to its other rights, return all or part of any shipment so made, and
charge Vendor with any loss or expense sustained as a result of such failure to deliver or perform as
promised. Time is of the essence.
6. Rights to Materials. [Not Applicable to POs issued either in whole or in part for
Information Technology, as defined in CRS § 24-37.5-102(2); which shall be governed by
Addendum 1 §B.] Unless specifically stated otherwise in this PO, all materials, including without
limitation supplies, equipment, documents, content, information, or other material of any type,
whether tangible or intangible (collectively "Materials"), furnished by the State to Vendor or delivered
by Vendor to the State in performance of its obligations under this PO shall be the exclusive property
of the State. Vendor shall return or deliver all Materials to the State upon completion or termination of
this PO.
Page 1 of 19
Effective 12/26/2023
7. Reporting. If Vendor is served with a pleading or other document in connection with an action
before a court or other administrative decision making body, and such pleading or document relates
to this PO or may affect Vendor's ability to perform its obligations under this PO, Vendor shall, within
10 days after being served, notify the State of such action and deliver copies of such pleading or
document to the State. Vendor shall disclose, in a timely manner, in writing to the State all violations
of federal or state criminal law involving fraud, bribery, or gratuity violations potentially affecting this
PO. The State may impose any remedies available, which may include, without limitation, suspension
or debarment.
8. Conflicts of Interest. Vendor acknowledges that with respect to this PO, even the
appearance of a conflict of interest is harmful to the State's interests. Absent the State's prior written
approval, Vendor shall refrain from any practices, activities, or relationships that reasonably may
appear to be in conflict with the full performance of Vendor's obligations to the State hereunder. If a
conflict or appearance of a conflict of interest exists, or if Vendor is uncertain as to such, Vendor shall
submit to the State a disclosure statement setting forth the relevant details for the State's
consideration. Failure to promptly submit a disclosure statement or to follow the State's direction with
respect to the actual or apparent conflict constitutes a breach of this PO. Vendor acknowledges that
all State employees are subject to the ethical principles described in §24-18-105, C.R.S. Vendor
further acknowledges that State employees may be subject to the requirements of §24-18-105,
C.R.S. with regard to this PO.
9. Warranties. All provisions and remedies of the Colorado Uniform Commercial Code, CRS,
Title 4 ("UCC"), relating to implied or express warranties for goods are incorporated herein, in addition
to any warranties contained in this PO.
10. Inspection and Acceptance. The State's final acceptance of goods or services is contingent
upon completion of all applicable inspection procedures. All goods delivered shall be newly
manufactured and the current model, unless otherwise specified. The State shall have the right to
inspect goods or services provided under this PO at all reasonable times and places. The State shall
be the sole judge in determining "equals" with regard to conformance with the specifications outlined
in this PO for quality, price, and performance. If any of the goods or services do not conform to this
PO, the State, at its sole discretion, may require Vendor to either (a) replace the goods specified by
the State or (b) perform the services again, without additional payment from the State. When defects
in the quality or quantity of goods or services cannot be corrected by replacement or re -performance,
the State may (c) require Vendor to take necessary action to ensure that future performance
conforms to this PO and (d) equitably reduce the payment due Vendor to reflect the reduced value of
the goods or services performed. These remedies do not limit the remedies otherwise available in this
PO, at law, or in equity.
11. Taxes. The State is exempt from federal excise taxes and from State and local sales and use
taxes.
12. Payment. The State shall not pay Vendor any amount for performance under this PO in
excess of the Document Total set forth on the Purchase Order document. The State shall pay Vendor
for all amounts due within 45 days after the State's receipt of goods or services and acceptance of a
correct invoice of amount due. Amounts not paid by the State within 45 days of the State's
acceptance of the invoice shall bear interest on the unpaid balance beginning on the 45th day at the
rate set forth in CRS §24-30-202(24) until paid in full. Interest shall not accrue if a good faith dispute
exists as to the State's obligation to pay all or a portion of the amount due. Vendor shall invoice the
State separately for interest on delinquent amounts due, referencing the delinquent payment, number
of day's interest to be paid, and applicable interest rate. The State may benefit from any early
payment discount offered by Vendor by making payment within the timeframes required by Vendor to
be eligible for such discount. If Vendor offers an early payment discount, then the discount shall be
shown on Vendor's invoices to the State, and if the State makes payment on the invoice within the
time frame for the discount, Vendor shall either (a) accept the payment amount less the appropriate
Page 2of19
Effective 12/26/2023
discount or (b) refund the discount back to the State. Except as specifically agreed in this PO, Vendor
shall be solely responsible for all costs, expenses, and other charges it incurs in connection with its
performance under this PO.
13. Assignment. Vendor's rights and obligations under this PO shall not be transferred or
assigned without the prior, written consent of the State and execution of a new PO. Any attempt at
assignment or transfer without such consent and new PO shall be void. Any new PO approved by the
State shall be subject to the same terms and conditions as those set forth in this PO.
14. Subcontracts. Unless otherwise specified in this PO, Vendor shall not enter into any
subcontract in connection with its obligations under this PO without the prior, written approval of the
State. Vendor shall submit to the State a copy of each such subcontract upon request by the State.
All subcontracts entered into by Vendor in connection with this PO shall comply with all applicable
federal and state laws and regulations, shall provide that they are governed by the laws of the State
of Colorado, and shall be subject to all provisions of this PO.
15. Severability. The invalidity or unenforceability of any provision of this PO shall not affect the
validity or enforceability of any other provision of this PO, which shall remain in full force and effect,
provided, that the parties can continue to perform their obligations in accordance with the intent of this
PO.
16. Survival of Certain PO Terms. Any provision of this PO that imposes an obligation on a party
after termination or expiration of this PO shall survive the termination or expiration of this PO and
shall be enforceable by the other party.
17. Third Party Beneficiaries. Except for the parties' respective successors and assigns, this PO
does not and is not intended to confer any rights or remedies upon any person or entity other than the
parties. Enforcement of this PO and all rights and obligations hereunder is reserved solely to the
parties. Any services or benefits which third parties receive as a result of this PO are incidental to this
PO, and do not create any rights for such third parties.
18. Waiver. A party's failure or delay in exercising any right, power, or privilege under this PO,
whether explicit or by lack of enforcement, shall not operate as a waiver, nor shall any single or partial
exercise of any right, power, or privilege preclude any other or further exercise of such right, power, or
privilege.
19. Indemnification. [Not Applicable to Inter -governmental POs] Vendor shall indemnify, save,
and hold harmless the State, its employees, agents and assignees (the "Indemnified Parties"),
against any and all costs, expenses, claims, damages, liabilities, court awards and other amounts
(including attorneys' fees and related costs) incurred by any of the Indemnified Parties in relation to
any act or omission by Vendor, or its employees, agents, subcontractors, or assignees in connection
with this PO. This shall include, without limitation, any and all costs, expenses, claims, damages,
liabilities, court awards and other amounts incurred by the Indemnified Parties in relation to any claim
that any work infringes a patent, copyright, trademark, trade secret, or any other intellectual property
right or any claim for loss or improper disclosure of any confidential information or personally
identifiable information.
20. Notice. All notices given under this PO shall be in writing, and shall be delivered to the
contacts for each party listed on the Purchase Order document. Either party may change its contact
or contact information by notice submitted in writing to the other party without a formal modification to
this PO.
21. Insurance. Except as otherwise specifically stated in this PO, Vendor shall obtain and
maintain insurance as specified in this section at all times during the term of this PO: (a) workers'
compensation insurance as required by state statute, and employers' liability insurance covering all
Vendor employees acting within the course and scope of their employment; (b) Commercial general
liability insurance written on an Insurance Services Office occurrence form, covering premises
operations, fire damage, independent contractors, products and completed operations, blanket
Page 3 of 19
Effective 12/26/2023
contractual liability, personal injury, and advertising liability with minimum limits as follows: $1,000,000
each occurrence; $1,000,000 general aggregate; $1,000,000 products and completed operations
aggregate; and $50,000 any one fire; and (c) Automobile liability insurance covering any auto
(including owned, hired and non -owned autos) with a minimum limit of $1,000,000 each accident
combined single limit. If Vendor will or may have access to any protected information, then Vendor
shall also obtain and maintain insurance covering loss and disclosure of protected information and
claims based on alleged violations of privacy right through improper use and disclosure of protected
information with limits of $1,000,000 each occurrence and $1,000,000 general aggregate at all times
during the term of this PO. Additional insurance may be required as provided elsewhere in this PO.
All insurance policies required by this PO shall be issued by insurance companies with an AM Best
rating of A -VIII or better. This insurance requirement shall not apply if this PO is solely for goods, as
determined by the State, unless specifically stated otherwise in this PO or any attachment or exhibit
to this PO. If Vendor is a public agency within the meaning of the Colorado Governmental Immunity
Act, then this section shall not apply and Vendor shall instead comply with the Colorado
Governmental Immunity Act. The State shall be named as additional insured on all commercial
general liability policies required of Vendor. All insurance policies secured or maintained by Vendor in
relation to this Purchase Order shall include clauses stating that each carrier shall waive all rights of
recovery under subrogation or otherwise against Vendor or the State, its agencies, institutions,
organizations, officers, agents, employees, and volunteers.
22. Termination Prior to Vendor Acceptance. If Vendor has not begun performance under this
PO, the State may cancel this PO by providing written notice to the Vendor.
23. Termination for Cause. (a) If Vendor refuses or fails to timely and properly perform any of its
obligations under this PO with such diligence as will ensure its completion within the time specified in
this PO, the State may notify Vendor in writing of non-performance and, if not corrected by Vendor
within the time specified in the notice, terminate Vendor's right to proceed with this PO or such part
thereof as to which there has been delay or a failure. Vendor shall continue performance of this PO to
the extent not terminated. (b) Vendor shall be liable for excess costs incurred by the State in
procuring similar goods or services and the State may withhold such amounts as the State deems
necessary. (c) If after rejection, revocation, or other termination of Vendor's right to proceed under the
UCC or this clause, the State determines for any reason that Vendor was not in default or the delay
was excusable, the rights and obligations of the State and Vendor shall be the same as if the notice of
termination had been issued pursuant to termination under §24.
24. Termination in Public Interest. The State is entering into this PO for the purpose of carrying
out the public interest of the State, as determined by its Governor, General Assembly, or Courts. If
this PO ceases to further the public interest of the State as determined by its Governor, General
Assembly, or Courts, the State, in its sole discretion, may terminate this PO in whole or in part and
such termination shall not be deemed to be a breach of the State's obligations hereunder. This
section shall not apply to a termination for cause, which shall be governed by §23. A determination
that this PO should be terminated in the public interest shall not be equivalent to a State right to
terminate for convenience. The State shall give written notice of termination to Vendor specifying the
part of this PO terminated and when termination becomes effective. Upon receipt of notice of
termination, Vendor shall not incur further obligations except as necessary to mitigate costs of
performance. For services or specially manufactured goods, the State shall pay (a) reasonable
settlement expenses, (b) this PO price or rate for supplies and services delivered and accepted, (c)
reasonable costs of performance on unaccepted supplies and services, and (d) a reasonable profit
for the unaccepted work. For existing goods, the State shall pay (e) reasonable settlement expenses,
(f) the PO price for goods delivered and accepted, (g) reasonable costs incurred in preparation for
delivery of the undelivered goods, and (h) a reasonable profit for the preparatory work. The State's
termination liability under this section shall not exceed the total PO price. As a condition for payment
Page 4 of 19
Effective 12/26/2023
under this section, Vendor shall submit a termination proposal and reasonable supporting
documentation, and cost and pricing data as requested by the State.
25. Funds Availability. Financial obligations of the State payable after the State's current fiscal
year are contingent upon funds for that purpose being appropriated, budgeted, and otherwise made
available. If this PO is funded in whole or in part with federal funds, this PO is subject to and
contingent upon the continuing availability of federal funds for the purposes hereof. The State
represents that it has set aside sufficient funds to make payment for goods delivered in a single
installment, in accordance with the terms of this PO.
26. Governmental Immunity. Liability for claims for injuries to persons or property arising from
the negligence of the State, its departments, boards, commissions committees, bureaus, offices,
employees and officials shall be controlled and limited by the provisions of the Colorado
Governmental Immunity Act, CRS §24-10-101, et seq., the Federal Tort Claims Act, 28 U.S.C. Pt. VI,
Ch. 171 and 28 U.S.C. 1346(b), and the State's risk management statutes, CRS §§24-30-1501, et
seq. No term or condition of this PO shall be construed or interpreted as a waiver, express or implied,
of any of the immunities, rights, benefits, protections, or other provisions, contained in these statutes.
27. Independent Contractor. Vendor shall perform its duties under this PO as an independent
contractor and not as an employee. Neither Vendor nor any agent or employee of Vendor shall be
deemed to be an agent or employee of the State. Vendor shall not have authorization, express or
implied, to bind the State to any agreement, liability or understanding, except as expressly set forth
herein. Vendor and its employees and agents are not entitled to unemployment insurance or
workers compensation benefits through the State and the State shall not pay for or otherwise
provide such coverage for Vendor or any of its agents or employees. Vendor shall pay when
due all applicable employment taxes, income taxes and local head taxes incurred pursuant to
this PO. Vendor shall (a) provide and keep in force workers' compensation and unemployment
compensation insurance in the amounts required by law, (b) provide proof thereof when
requested by the State, and (c) be solely responsible for its acts and those of its employees
and agents.
28. Compliance with Law. Vendor shall comply with all applicable federal and state laws, rules,
and regulations in effect or hereafter established, including, without limitation, laws applicable to
discrimination and unfair employment practices.
29. Choice of Law, Jurisdiction and Venue. [Not Applicable to Inter -governmental POs]
Colorado law, and rules and regulations issued pursuant thereto, shall be applied in the interpretation,
execution, and enforcement of this PO. The UCC shall govern this PO in the case of goods unless
otherwise agreed in this PO. Any provision included or incorporated herein by reference, which
conflicts with said laws, rules, and regulations shall be null and void. All suits or actions related to this
PO shall be filed and proceedings held in the State of Colorado and exclusive venue shall be in the
City and County of Denver. Any provision incorporated herein by reference which purports to negate
this or any other provision in this PO in whole or in part shall not be valid or enforceable or available
in any action at law, whether by way of complaint, defense, or otherwise. Vendor shall exhaust
administrative remedies in CRS §24-109-106, prior to commencing any judicial action against the
State.
30. Prohibited Terms. Nothing in this PO shall be construed as a waiver of any provision of CRS
§24-106-109. Any term included in this PO that requires the State to indemnify or hold Vendor
harmless; requires the State to agree to binding arbitration; limits Vendor's liability for damages
resulting from death, bodily injury, or damage to tangible property; or that conflicts with that statute in
any way shall be void ab initio.
31. Vendor Offset and Erroneous Payments. [Not Applicable to Inter -governmental POs or
to POs issued solely for goods] The State Controller may withhold payment under the State's
Vendor offset intercept system for debts owed to State agencies for: (a) unpaid child support debts or
Page 5of19
Effective 12/26/2023
child support arrearages; (b) unpaid balances of tax, accrued interest, or other charges specified in
CRS §39-21-101, et seq.; (c) unpaid loans due to the Student Loan Division of the Department of
Higher Education; (d) amounts required to be paid to the Unemployment Compensation Fund; and
(e) other unpaid debts owing to the State as a result of final agency determination or judicial action.
The State may also recover, at the State's discretion, payments made to Vendor in error for any
reason, including, but not limited to, overpayments or improper payments, and unexpended or excess
funds received by Vendor by deduction from subsequent payments under this PO, deduction from
any payment due under any other contracts, grants or agreements between the State and Vendor, or
by any other appropriate method for collecting debts owed to the State.
Page 6 of 19
Effective 12/26/2023
ADDENDUM 1:
Additional Terms & Conditions for Information Technology
IF ANY PART OF THE SUBJECT MATTER OF THIS PO IS INFORMATION TECHNOLOGY, AS DEFINED IN
CRS § 24-37.5-102 (2), THE FOLLOWING PROVISIONS ALSO APPLY TO THIS PO.
A. Definitions. The following terms shall be construed and interpreted as follows: (a) "Business
Day" means any day in which the State is open and conducting business, but shall not include
Saturday, Sunday or any day on which the State observes one of the holidays listed in CRS
§24-11-101(1); (b) "CJI" means criminal justice information collected by criminal justice agencies
needed for the performance of their authorized functions, including, without limitation, all
information defined as criminal justice information by the U.S. Department of Justice, Federal
Bureau of Investigation, Criminal Justice Information Services Security Policy, as amended, and
all Criminal Justice Records as defined under CRS §24-72-302; (c) "HIPAA" means the federal
Health Information Portability and Accountability Act; (d) "Incident" means any accidental or
deliberate event that results in or constitutes an imminent threat of the unauthorized access, loss,
disclosure, modification, disruption, or destruction of any communications or information resources
of the State, pursuant to CRS §§24-37.5-401 et seq.; (e) "PCI" means payment card information
including any data related to credit card holders' names, credit card numbers, or the other credit
card information as may be protected by state or federal law; (f) "PHI" means any protected health
information, including, without limitation any information whether oral or recorded in any form or
medium that relates to the past, present or future physical or mental condition of an individual; the
provision of health care to an individual; or the past, present or future payment for the provision of
health care to an individual; and that identifies the individual or with respect to which there is a
reasonable basis to believe the information can be used to identify the individual including, without
limitation, any information defined as Individually Identifiable Health Information by HIPAA; (g)
"PII" means personally identifiable information including, without limitation, any information
maintained by the State about an individual that can be used to distinguish or trace an individual's
identity, such as name, social security number, date and place of birth, mother's maiden name, or
biometric records, including, without limitation, all information defined as personally identifiable
information in CRS §24-72-501. "PII" shall also mean "personal identifying information" as set forth
at § 24-74-102, et. seq., C.R.S. ; (h) "State Confidential Information" means any and all State
Records not subject to disclosure under the Colorado Open Records Act, CRS §§24-72-200.1, et
seq. ("CORA"), and includes, without limitation, PII, PHI, PCI, Tax Information, CJI, and State
personnel records not subject to disclosure under CORA; (i) "State Records" means any and all
State data, information, and records, regardless of physical form; (j) "Tax Information" means
federal and State of Colorado tax information including, without limitation, federal and State tax
returns, return information, and such other tax -related information as may be protected by federal
and State law and regulation, including, without limitation all information defined as federal tax
information in Internal Revenue Service Publication 1075; and (k) "Work Product" means the
tangible and intangible results of the delivery of goods and performance of services, whether
finished or unfinished, including drafts.
B. Intellectual Property. Except to the extent specifically provided elsewhere in this PO, any
State information, including without limitation pre-existing State software, research, reports,
studies, data, photographs, negatives or other documents, drawings, models, materials; or Work
Product prepared by Vendor in the performance of its obligations under this PO shall be the
exclusive property of the State (collectively, "State Materials"). Vendor shall deliver all State
Materials to the State upon completion or termination of this PO. The State's exclusive rights in
any Work Product prepared by Vendor shall include, but not be limited to, the right to copy,
publish, display, transfer, and prepare derivative works. Vendor shall not use, willingly allow, cause
or permit any State Materials to be used for any purpose other than the performance of Vendor's
Page 7 of 19
Effective 12/26/2023
obligations hereunder without the prior written consent of the State. The State shall maintain
complete and accurate records relating to (a) its use of all Vendor and third party software
licenses and rights to use any Vendor or third party software granted under this PO and its
attachments to which the State is a party and (b) all amounts payable to Vendor pursuant to this
PO and its attachments and the State's obligations under this PO or to any amounts payable to
Vendor in relation to this PO, which records shall contain sufficient information to permit Vendor to
confirm the State's compliance with the use restrictions and payment obligations under this PO or
to any third -party use restrictions to which the State is a party. Vendor retains the exclusive rights,
title and ownership to any and all pre-existing materials owned by or licensed to Vendor including,
but not limited to all pre-existing software, licensed products, associated source code, machine
code, text images, audio, video, and third -party materials, delivered by Vendor under this PO,
whether incorporated in a deliverable or necessary to use a deliverable (collectively, "Vendor
Property"). Vendor Property shall be licensed to the State as set forth in a State -approved license
agreement: (c) entered into as exhibits or attachments to this PO, (d) obtained by the State from
the applicable third -party Vendor, or (e) in the case of open source software, the license terms set
forth in the applicable open source license agreement. Notwithstanding anything to the contrary
herein, the State shall not be subject to any provision incorporated in any exhibit or attachment
attached hereto, any provision incorporated in any terms and conditions appearing on any
website, any provision incorporated into any click through or online agreements, or any provision
incorporated into any other document or agreement between the parties that (i) requires the State
to indemnify Vendor or any other party, (ii) is in violation of State laws, regulations, rules, fiscal
rules, policies, or other State requirements as deemed solely by the State, or (iii) is contrary to
this PO.
C. License or Use Audit Rights. If this PO includes any license or other right to use Vendor's
intellectual property, Vendor shall have the right, at any time during and throughout the term of this
PO, but not more than once during any State fiscal year, to request via written notice in
accordance with the notice provisions of this PO that the State audit its use of Vendor's intellectual
property and certify as to its compliance with any applicable license or use restrictions and
limitations contained in this PO (an "Audit Request"). The Audit Request shall specify the time
period to be covered by the audit, which shall not include any time periods covered by a previous
audit. The State shall complete the audit and provide certification of its compliance to Vendor
("Audit Certification") within 120 days following the State's receipt of the Audit Request. If upon
receipt of the State's Audit Certification, the parties reasonably determine that: (a) the State's use
of licenses, use of software, use of programs, or any other use of intellectual property during the
audit period exceeded the use restrictions and limitations contained in this PO ("Overuse") and (b)
the State would have been or is then required to purchase additional rights to use Vendor's
intellectual property ("Additional Rights"), Vendor shall provide written notice to the State in
accordance with the notice provisions of this PO identifying any Overuse or required Additional
Rights and request that the State bring its use into compliance with such use restrictions and
limitations. Notwithstanding anything to the contrary in this PO, or incorporated as a part of
Vendor's or any subcontractor's website, click -through or online agreements, third -party
agreements, or any other documents or agreements between the parties, the State shall not be
liable for the costs associated with any Overuse or Additional Rights, during the audit period
regardless of whether the State may have been notified in advance of such costs.
D. Vendor Records. Vendor shall maintain a file of all documents, records, communications,
notes, and other materials relating to the work (the "Vendor Records"). Vendor Records shall
include all documents, records, communications, notes and other materials maintained by Vendor
that relate to any work performed by Subcontractors, and Vendor shall maintain all records related
to the work performed by Subcontractors required to ensure proper performance of that work.
Unless a longer period is required in this PO or any attachment or exhibit to this PO, Vendor shall
maintain Vendor Records until the last to occur of: (a) the date 3 years after the date this
Page 8 of 19
Effective 12/26/2023
Purchase Order expires or is terminated, (b) final payment under this Purchase Order is made, (c)
the resolution of any pending Purchase Order matters, or (d) if an audit is occurring, or Vendor
has received notice that an audit is pending, the date such audit is completed and its findings
have been resolved (the "Record Retention Period"). Vendor shall permit the State, the federal
government, and any other duly authorized agent of a governmental agency to audit, inspect,
examine, excerpt, copy, and transcribe Vendor Records during the Record Retention Period.
Vendor shall make Vendor Records available during normal business hours at Vendor's office or
place of business, or at other mutually agreed upon times or locations, upon no fewer than 2
Business Days' notice from the State, unless the State determines that a shorter period of notice,
or no notice, is necessary to protect the interests of the State. The State, in its discretion, may
monitor Vendor's performance of its obligations under this Purchase Order using procedures as
determined by the State. The State shall monitor Vendor's performance in a manner that does not
unduly interfere with Vendor's performance of the work. Vendor shall promptly submit to the State
a copy of any final audit report of an audit performed on Vendor's records that relates to or affects
this Purchase Order or the work, whether the audit is conducted by Vendor or a third party.
E. Information Confidentiality. Vendor shall keep confidential, and cause all subcontractors to
keep confidential, all State Records, unless those State Records are publicly available. Vendor
shall not, without prior written approval of the State, use, publish, copy, disclose to any third party,
or permit the use by any third party of any State Records, except as otherwise stated in this PO,
permitted by law, or approved in writing by the State. Vendor shall provide for the security of all
State Confidential Information in accordance with all applicable laws, rules, policies, publications,
and guidelines. If Vendor or any of its subcontractors will or may have access to any State
Confidential Information or any other protected information, Vendor shall comply with all Colorado
Office of Information Security (OIS) policies and procedures which OIS has issued pursuant to
CRS §§24-37.5-401 through 406, and 8 CCR §1501-5 and posted at
https://oit.colorado.gov/standards-policies-guides/technical-standards-policies, all information
security and privacy obligations imposed by any federal, state, or local statute or regulation, or by
any industry standards or guidelines, as applicable based on the classification of the data relevant
to Vendor's performance under this PO. Such obligations may arise from HIPAA; IRS Publication
1075; Payment Card Industry Data Security Standard (PCI-DSS); Federal Bureau of Investigation
Criminal Justice Information Service Security Addendum; Centers for Medicare & Medicaid
Services (CMS) Minimum Acceptable Risk Standards for Exchanges; and Electronic Information
Exchange Security Requirements and Procedures for State and Local Agencies Exchanging
Electronic Information With The Social Security Administration. Vendor shall immediately forward
any request or demand for State Records to the State's purchasing agent.
F. Other Entity Access and Nondisclosure Agreements. Vendor may provide State Records
to its agents, employees, assigns and subcontractors as necessary to perform the work, but shall
restrict access to State Confidential Information to those agents, employees, assigns, and
subcontractors who require access to perform their obligations under this PO. Vendor shall ensure
all such agents, employees, assigns, and subcontractors sign agreements containing
nondisclosure provisions at least as protective as those in this PO, and that the nondisclosure
provisions are in force at all times the agent, employee, assign or subcontractor has access to any
State Confidential Information. Vendor shall provide copies of those signed nondisclosure
provisions to the State upon execution of the nondisclosure provisions if requested by the State.
G. Use, Security, and Retention. Vendor shall use, hold, and maintain State Confidential
Information in compliance with all applicable laws and regulations only in facilities located within
the United States, and shall maintain a secure environment that ensures confidentiality of all State
Confidential Information. Vendor shall provide the State with access, subject to Vendor's
reasonable security requirements, for purposes of inspecting and monitoring access and use of
State Confidential Information and evaluating security control effectiveness. Upon the expiration or
Page 9of19
Effective 12/26/2023
termination of this PO, Vendor shall return State Records provided to Vendor or destroy such
State Records and certify to the State that it has done so, as directed by the State. If Vendor is
prevented by law or regulation from returning or destroying State Confidential Information, Vendor
warrants it will guarantee the confidentiality of, and cease to use, such State Confidential
Information.
H. Incident Notice and Remediation. If Vendor becomes aware of any Incident, it shall notify
the State immediately and cooperate with the State regarding recovery, remediation, and the
necessity to involve law enforcement, as determined by the State. Unless Vendor can establish
none of Vendor or any of its agents, employees, assigns, or subcontractors are the cause or
source of the Incident, Vendor shall be responsible for the cost of notifying each person who may
have been impacted by the Incident. After an Incident, Vendor shall take steps to reduce the risk
of incurring a similar type of Incident in the future as directed by the State, which may include, but
is not limited to, developing and implementing a remediation plan that is approved by the State at
no additional cost to the State. The State may adjust or direct modifications to this plan, in its sole
discretion and Vendor shall make all modifications as directed by the State. If Vendor cannot
produce its analysis and plan within the allotted time, the State, in its sole discretion, may perform
such analysis and produce a remediation plan, and Vendor shall reimburse the State for the
reasonable actual costs thereof.
I. Data Protection and Handling. Vendor shall ensure that all State Records and Work Product
in the possession of Vendor or any subcontractors are protected and handled in accordance with
the requirements of this PO at all times. Upon request by the State made any time prior to 60 days
following the termination of this PO for any reason, whether or not this PO is expiring or
terminating, Vendor shall make available to the State a complete and secure download file of all
data that is encrypted and appropriately authenticated. This download file shall be made available
to the State within 10 Business Days following the State's request, and shall contain, without
limitation, all State Records, Work Product, and system schema and transformation definitions, or
delimited text files with documents, detailed schema definitions, and attachments in its native
format. Upon the termination of Vendor's services under this PO, Vendor shall, as directed by the
State, return all State Records provided by the State to Vendor, and the copies thereof, to the
State or destroy all such State Records and certify to the State that it has done so. If legal
obligations imposed upon Vendor prevent Vendor from returning or destroying all or part of the
State Records provided by the State, Vendor shall guarantee the confidentiality of all State
Records in Vendor's possession and will not actively process such data. The State retains the
right to use the established operational services to access and retrieve State Records stored on
Vendor's infrastructure at its sole discretion and at any time.
J. Compliance with OIS Policies and Procedure. Vendor shall review, on a semi-annual basis,
all Colorado Office of Information Security ("OIS") policies and procedures which OIS has
promulgated pursuant to CRS §§ 24-37.5-401 through 406 and 8 CCR § 1501-5 and posted at
https://oit.colorado.gov/standards-policies-guides/technical-standards-policies, to ensure
compliance with the standards and guidelines published therein. Vendor shall cooperate, and shall
cause its subcontractors to cooperate, with the performance of security audit and penetration tests
by OIS or its designee.
K. Safeguarding PII. If Vendor or any of its subcontractors will or may receive PII under this PO,
Vendor shall provide for the security of such PII, in a manner and form acceptable to the State,
including, without limitation, all State requirements relating to non -disclosure, use of appropriate
technology, security practices, computer access security, data access security, data storage
encryption, data transmission encryption, security inspections, and audits. Vendor shall be a
"Third -Party Service Provider" as defined in CRS §24-73-103(1)(i) and shall maintain security
procedures and practices consistent with CRS §§24-73-101. In addition, as set forth in §
24-74-102, et. seq., C.R.S., Contractor, including, but not limited to, Contractor's employees,
Page 10 of 19
Effective 12/26/2023
agents and Subcontractors, agrees not to share any PII with any third parties for the purpose of
investigating for, participating in, cooperating with, or assisting with Federal immigration
enforcement. If Contractor is given direct access to any State databases containing P11, Contractor
shall execute, on behalf of itself and its employees, the certification PII Individual Certification
Form or PII Entity Certification Form [Download form from Hyperlink] on an annual basis and
Contractor's duty and obligation to certify shall continue as long as Contractor has direct access to
any State databases containing PII. If Contractor uses any Subcontractors to perform services
requiring direct access to State databases containing PII, the Contractor shall require such
Subcontractors to execute and deliver the certification to the State on an annual basis, so long as
the Subcontractor has access to State databases containing PII.
L. Software Piracy Prohibition. State or other public funds payable under this PO shall not be
used for the acquisition, operation, or maintenance of computer software in violation of federal
copyright laws or applicable licensing restrictions. Vendor hereby certifies and warrants that,
during the term of this PO and any extensions, Vendor has and shall maintain in place appropriate
systems and controls to prevent such improper use of public funds. If the State determines that
Vendor is in violation of this provision, the State may exercise any remedy available at law or in
equity or under this PO, including, without limitation, immediate termination of this PO and any
remedy consistent with federal copyright laws or applicable licensing restrictions.
M. Information Technology. To the extent that Vendor provides physical or logical storage of
State Records; Vendor creates, uses, processes, discloses, transmits, or disposes of State
Records; or Vendor is otherwise given physical or logical access to State Records in order to
perform Vendor's obligations under this PO, Vendor shall, and shall cause its subcontractors, to:
(a) provide physical and logical protection for all hardware, software, applications, and data that
meets or exceeds industry standards and the requirements of this PO; (b) maintain network,
system, and application security, which includes, but is not limited to, network firewalls, intrusion
detection (host and network), annual security testing, and improvements or enhancements
consistent with evolving industry standards; (c) comply with State and federal rules and
regulations related to overall security, privacy, confidentiality, integrity, availability, and auditing; (d)
provide that security is not compromised by unauthorized access to workspaces, computers,
networks, software, databases, or other physical or electronic environments; (e) promptly report all
Incidents, including Incidents that do not result in unauthorized disclosure or loss of data integrity,
to a designated representative of the OIS; and (f) comply with all rules, policies, procedures, and
standards issued by the Governor's Office of Information Technology (OIT), including project
lifecycle methodology and governance, technical standards, documentation, and other
requirements posted at
httos://oit.colorado.gov/standards-policies-guides/technical-standards-policies. Vendor shall not
allow remote access to State Records from outside the United States, including access by
Vendor's employees or agents, without the prior express written consent of OIS. Vendor shall
communicate any request regarding non-U.S. access to State Records to the State. The State,
acting by and through OIS, shall have sole discretion to grant or deny any such request.
N. Accessibility. Vendor shall comply with and the Work Product provided under this PO shall
be in compliance with all applicable provisions of §§24-85-101, et seq., C.R.S., and
the Accessibility Standards for Individuals with a Disability, as established by OIT pursuant to
Section §24-85-103 (2.5), C.R.S. Vendor shall also comply with all State of Colorado technology
standards related to technology accessibility and with Level AA of the most current version of the
Web Content Accessibility Guidelines (WCAG), incorporated in the State of Colorado technology
standards. Vendor shall indemnify, save, and hold harmless the Indemnified Parties against any
and all costs, expenses, claims, damages, liabilities, court awards and other amounts (including
attorneys' fees and related costs) incurred by any of the Indemnified Parties in relation to Vendor's
failure to comply with §§24-85-101, et seq., C.R.S., or the Accessibility Standards for Individuals
Page 11 of 19
Effective 12/26/2023
with a Disability as established by OIT pursuant to Section §24-85-103 (2.5), C.R.S. The State
may require Vendor's compliance to the State's Accessibility Standards to be determined by a
third party selected by the State to attest to Vendor's Work Product and software is in compliance
with §§24-85-101, et seq., C.R.S., and the Accessibility Standards for Individuals with a Disability
as established by OIT pursuant to Section §24-85-103 (2.5), C.R.S.
Page 12 of 19
Effective 12/26/2023
ADDENDUM 2:
Additional Terms & Conditions for Federal Provisions
IF ANY PART OF THIS PO HAS BEEN FUNDED, IN WHOLE OR IN PART, WITH FEDERAL
FUNDS, THE FOLLOWING PROVISIONS SHALL ALSO APPLY TO THIS PO.
1. APPLICABILITY OF PROVISIONS.
1.1. The Contract or Purchase Order to which these Federal
Provisions are attached has been funded, in whole or in part,
with an Award of Federal funds. In the event of a conflict
between the provisions of these Federal Provisions, the
Special Provisions, the body of the Contract or Purchase
Order, or any attachments or exhibits incorporated into and
made a part of the Contract or Purchase Order, the provisions
of these Federal Provisions shall control.
2. COMPLIANCE.
2.1. Contractor shall comply with all applicable provisions of
the Transparency Act, all applicable provisions of the Uniform
Guidance, and the regulations issued pursuant thereto,
including but not limited to these federal Provisions. Any
revisions to such provisions or regulations shall automatically
become a part of these Federal Provisions, without the
necessity of either party executing any further instrument.
The State of Colorado may provide written notification to
Contractor of such revisions, but such notice shall not be a
condition precedent to the effectiveness of such revisions.
3. SYSTEM FOR AWARD MANAGEMENT (SAM) AND UNIQUE ENTITY ID REQUIREMENTS.
3.1. SAM. Contractor shall maintain the currency of its
information in SAM until the Contractor submits the final
financial report required under the Award or receives final
payment, whichever is later. Contractor shall review and
update SAM information at least annually after the initial
registration, and more frequently if required by changes in its
information.
3.2. Unique Entity ID. Contractor shall provide its Unique Entity
ID to its Recipient, and shall update Contractor's information
at http://www.sam.gov at least annually after the initial
registration, and more frequently if required by changes in
Contractor's information.
4. CONTRACT PROVISIONS REQUIRED BY UNIFORM GUIDANCE APPENDIX II TO PART 200.
Page 13 of 19
Effective 12/26/2023
4.1. Contracts for more than the simplified acquisition
threshold, which is the inflation adjusted amount determined
by the Civilian Agency Acquisition Council and the Defense
Acquisition Regulations Council (Councils) as authorized by
41 U.S.C. 1908, must address administrative, contractual, or
legal remedies in instances where contractors violate or
breach contract terms, and provide for such sanctions and
penalties as appropriate. The simplified acquisitions threshold
is $250,000
4.2. All contracts in excess of $10,000 must address
termination for cause and for convenience by the
non -Federal entity including the manner by which it will be
effected and the basis for settlement.
4.3. Equal Employment Opportunity. Except as otherwise
provided under 41 CFR Part 60, all contracts that meet the
definition of "federally assisted construction contract" in 41
CFR Part 60-1.3 must include the equal opportunity clause
provided under 41 CFR 60-1.4(b), in accordance with
Executive Order 11246, "Equal Employment Opportunity" (30
FR 12319, 12935, 3 CFR Part, 1964-1965 Comp., p. 339), as
amended by Executive Order 11375, "Amending Executive
Order 11246 relating to Equal Employment Opportunity," and
implementing regulations at 41 CFR Part 60, "Office of
federal Contract Compliance Programs, Equal Employment
Opportunity, Department of Labor."
Page 14 of 19
Effective 12/26/2023
4.4. Davis -Bacon Act, as amended (40 U.S.C. 3141-3148).
When required by Federal program legislation, all prime
construction contracts in excess of $2,000 awarded by
non -Federal entities must include a provision for compliance
with the Davis -Bacon Act (40 U.S.C. 3141-3144, and
3146-3148) as supplemented by Department of Labor
regulations (29 CFR Part 5, "Labor Standards Provisions
Applicable to Contracts Covering Federally Financed and
Assisted Construction"). In accordance with the statute,
contractors must be required to pay wages to laborers and
mechanics at a rate not less than the prevailing wages
specified in a wage determination made by the Secretary of
Labor. In addition, contractors must be required to pay wages
not less than once a week. The non -Federal entity must place
a copy of the current prevailing wage determination issued by
the Department of Labor in each solicitation. The decision to
award a contract or subcontract must be conditioned upon
the acceptance of the wage determination. The non -Federal
entity must report all suspected or reported violations to the
Federal awarding agency. The contracts must also include a
provision for compliance with the Copeland "Anti -Kickback"
Act (40 U.S.C. 3145), as supplemented by Department of
Labor regulations (29 CFR Part 3, "Contractors and
Subcontractors on Public Building or Public Work Financed in
Whole or in Part by Loans or Grants from the United States").
The Act provides that each contractor or subrecipient must be
prohibited from inducing, by any means, any person
employed in the construction, completion, or repair of public
work, to give up any part of the compensation to which he or
she is otherwise entitled. The non -Federal entity must report
all suspected or reported violations to the Federal awarding
agency.
Page 15 of 19
Effective 12/26/2023
4.5. Contract Work Hours and Safety Standards Act (40
U.S.C. 3701-3708). Where applicable, all contracts awarded
by the non -Federal entity in excess of $100,000 that involve
the employment of mechanics or laborers must include a
provision for compliance with 40 U.S.C. 3702 and 3704, as
supplemented by Department of Labor regulations (29 CFR
Part 5). Under 40 U.S.C. 3702 of the Act, each contractor
must be required to compute the wages of every mechanic
and laborer on the basis of a standard work week of 40
hours. Work in excess of the standard work week is
permissible provided that the worker is compensated at a rate
of not less than one and a half times the basic rate of pay for
all hours worked in excess of 40 hours in the work week. The
requirements of 40 U.S.C. 3704 are applicable to construction
work and provide that no laborer or mechanic must be
required to work in surroundings or under working conditions
which are unsanitary, hazardous or dangerous. These
requirements do not apply to the purchases of supplies or
materials or articles ordinarily available on the open market,
or contracts for transportation or transmission of intelligence.
4.6. Rights to Inventions Made Under a Contract or
Agreement. If the Federal award meets the definition of
"funding agreement" under 37 CFR § 401.2 (a) and the
recipient or subrecipient wishes to enter into a contract with a
small business firm or nonprofit organization regarding the
substitution of parties, assignment or performance of
experimental, developmental, or research work under that
"funding agreement," the recipient or subrecipient must
comply with the requirements of 37 CFR Part 401, "Rights to
Inventions Made by Nonprofit Organizations and Small
Business Firms Under Government Grants, Contracts and
Cooperative Agreements," and any implementing regulations
issued by the awarding agency.
4.7. Clean Air Act (42 U.S.C. 7401-7671q.) and the federal
Water Pollution Control Act (33 U.S.C. 1251-1387), as
amended - Contracts and subgrants of amounts in excess of
$150,000 must contain a provision that requires the
non -Federal award to agree to comply with all applicable
standards, orders or regulations issued pursuant to the Clean
Air Act (42 U.S.C. 7401-7671q) and the Federal Water
Pollution Control Act as amended (33 U.S.C. 1251-1387).
Violations must be reported to the Federal awarding agency
and the Regional Office of the Environmental Protection
Agency (EPA).
Page 16 of 19
Effective 12/26/2023
4.8. Debarment and Suspension (Executive Orders 12549
and 12689) - A contract award (see 2 CFR 180.220) must not
be made to parties listed on the government wide exclusions
in the System for Award Management (SAM), in accordance
with the OMB guidelines at 2 CFR 180 that implement
Executive Orders 12549 (3 CFR part 1986 Comp., p. 189)
and 12689 (3 CFR part 1989 Comp., p. 235), "Debarment
and Suspension." SAM Exclusions contains the names of
parties debarred, suspended, or otherwise excluded by
agencies, as well as parties declared ineligible under
statutory or regulatory authority other than Executive Order
12549.
4.9. Byrd Anti -Lobbying Amendment (31 U.S.C. 1352) -
Contractors that apply or bid for an award exceeding
$100,000 must file the required certification. Each tier certifies
to the tier above that it will not and has not used Federal
appropriated funds to pay any person or organization for
influencing or attempting to influence an officer or employee
of any agency, a member of Congress, officer or employee of
Congress, or an employee- of a member of Congress in
connection with obtaining any Federal contract, grant or any
other award covered by 31 U.S.C. 1352. Each tier must also
disclose any lobbying with non -Federal funds that takes place
in connection with obtaining any Federal award. Such
disclosures are forwarded from tier to tier up to the
non -Federal award.
4.10. Prohibition on certain telecommunications and video
surveillance services or equipment §2 CFR 200.216
4.10.1. Recipients and sub recipients are prohibited from obligating or expending loan or
grant funds to:
4.10.1.1. Procure or obtain;
4.10.1.2. Extend or renew a contract to procure or obtain; or
4.10.1.3. Enter into a contract (or extend a contract) to procure or obtain equipment,
services, or systems that uses covered telecommunications equipment or services as a
substantial or essential component of any system, or as critical technology as part of
any system. As described in Public Law 115-232, section 889, covered
telecommunications equipment is telecommunications equipment produced by Huawei
Technologies Company or ZTE Corporation (or any subsidiary or affiliate of such
entities).
4.11. Contracts with small and minority businesses,
women's business enterprises, and labor surplus area
firms. (2 CFR §200.321). The non -Federal entity must take
all necessary affirmative steps to assure that minority
businesses, women's business enterprises, and labor surplus
area firms are used when possible.
4.12. Domestic preferences for procurements. (2 CFR
§200.322) As appropriate and to the extent consistent with
law, the non -Federal entity should, to the greatest extent
Page 17 of 19
Effective 12/26/2023
practicable under a Federal award, provide a preference for
the purchase, acquisition, or use of goods, products, or
materials produced in the United States (including but not
limited to iron, aluminum, steel, cement, and other
manufactured products). The requirements of this section
must be included in all subawards including all contracts and
purchase orders for work or products under this award.
4.13. Procurement of recovered materials. (2 CFR §200.323)
A non -Federal entity that is a state agency or agency of a
political subdivision of a state and its contractors must comply
with section 6002 of the Solid Waste Disposal Act, as
amended by the Resource Conservation and Recovery Act.
The requirements of Section 6002 include procuring only
items designated in guidelines of the Environmental
Protection Agency (EPA) at 40 CFR part 247 that contain the
highest percentage of recovered materials practicable,
consistent with maintaining a satisfactory level of competition,
where the purchase price of the item exceeds $10,000 or the
value of the quantity acquired during the preceding fiscal year
exceeded $10,000; procuring solid waste management
services in a manner that maximizes energy and resource
recovery; and establishing an affirmative procurement
program for procurement of recovered materials identified in
the EPA guidelines.
5. TERMINATION FOR CONVENIENCE OF THE GOVERNMENT
5.1. Pursuant to §4.2 of these Federal Provisions, the State of
Colorado may terminate this contract, in whole or in part,
when it is in the Government's interest. Solicitations and
contracts shall include clauses as required by FAR 49.502
(2023). Termination for convenience of the government shall
comply with the following provisions of the Federal
Acquisition Regulations:
5.1.1. For Fixed Price Contracts: FAR 52.249-2 (2023)
5.1.2. For Contracts for Personal Services: FAR 52.249-12 (2023)
5.1.3. For Construction Contracts for Dismantling, Demolition, or Removal of Improvements:
FAR 52.249-3 (2023)
5.1.4. For Educational and Other Nonprofit Institutions: FAR 52.249-5 (2023)
6. EVENT OF DEFAULT.
6.1. Failure to comply with these Federal Provisions shall
constitute an event of default under the Contract and the
State of Colorado may terminate the Contract upon 30 days
prior written notice if the default remains uncured five
calendar days following the termination of the 30 day notice
period. This remedy will be in addition to any other remedy
available to the State of Colorado under the Contract, at law
or in equity.
Page 18 of 19
Effective 12/26/2023
EXHIBIT A
STATEMENT OF WORK
SFY 2025 - July 1, 2024 - June 30, 2025
Weld County
A. The Contractor shall perform its obligations and the functions of a Case Management
Agency (CMA) as defined by Colorado Revised Statute at Title 25.5 Article 6 and Title 26
Article 2 and by regulations applicable to the CMA system at 10 CCR 2505-10 and 9 CCR
2503-5.
B. The Contractor shall perform its obligations within all provisions of state law and
regulations promulgated pursuant thereto and including without limitation those
promulgated by the Colorado Department of Human Services (the Department).
C. The Contractor shall perform its obligations and the functions of a CMA agency for the
following counties:
1. Weld County
D. The Contractor shall perform the functions required of the CMA for determination of
functional eligibility for the Home Care Allowance (HCA) program as outlined in state
statute (§26-2-122.3 and §26-2-122.4 C.R.S.) and regulations (9 CCR 2503-5, Volume 3,
Sections 3.570.1), including but not limited to:
1. Initial intake/screening/referral;
2. Assessment;
3. Determination of functional eligibility;
4. Care planning;
5. Case management;
6. Reassessment; and,
7. Case closure.
E.
The Contractor, in accordance with the State statutes and regulations, shall submit to and
be available for performance review related to the Contract, Statement of Work, and
implementation of the HCA program, which may include but is not limited to:
1. State -prescribed information management system reviews and/or audits; on -site
visits, evaluations, and/or audits; self -evaluation and reporting to determine
compliance with program and administrative requirements; and/or client surveys.
a. The Contractor shall comply with the State Department's HCA CMA Monitoring
process, which may include, but is not limited to: communicating with the
Department, submitting the required number of self -reviews assigned by the
Department by the due date each month, participating in training conducted by the
Exhibit A Statement of Work Page 1 of 6 07/01/2024
State Department, providing documentation as requested by the State office, and
will comply with other monitoring requirements as required by the State office.
2. Evaluation of agency performance related to:
a. Quality of service provided;
b. Compliance with program requirements;
c. Case management;
d. Timeliness;
e. Performance of administrative functions;
f. Cost per client;
g. Communication with clients;
h. Client monitoring; and,
i. Financial accountability.
F. The Contractor shall perform all necessary administrative and oversight functions for the
operation of a CMA as defined in the State statutes and regulations identified in "A", above.
These functions include but are not limited to:
1. Administering a personnel system for recruiting, hiring, evaluating, and terminating
employees.
2. Providing qualified staff to perform all duties of the CMA, including but not limited
to administrative, supervisory, and case management functions.
3. Maintaining staffing levels to operate the CMA at least forty (40) hours per week
during regular business office hours to applicants, clients, service providers, and
others at an accessible office. Regular business office hours of operation shall be
posted and made available to the public and accommodations shall be made
available for clients who need assistance or consultation outside regular business
office hours.
4. Ensuring staff has sufficient training and experience to complete all portions of the
work assigned to them as defined in this Contract and rule.
5. Providing a telephone system and trained staff to ensure timely response to
messages, access to telecommunication devices and/or interpreters for the hearing
and vocally impaired, and access to foreign language interpreters, as needed.
6. Performing accounting tasks in compliance with all rules and regulations for
accounting practices.
7. Ensuring the authorization and administration of services through the HCA
program, which are publicly funded programs, shall be in accordance with the
Exhibit A Statement of Work
Page 2 of 6 07/01/2024
program's eligibility criteria as defined by applicable state statutes and regulations,
as they exist on the date this Contract is executed and as they may later be amended.
8. Attending county level and/or Administrative Law Judge (ALJ) hearings when the
CMA denies approval or implements other adverse action against an
applicant/client and the applicant/client appeals. The Contractor shall defend their
decision as described in 9 CCR 2503-5 and 10 CCR 2505-10, to include
presentation of supporting evidence and filing exceptions if necessary.
9. The Contractor shall have a plan to overcome any geographic barriers within the
district, including distance from the agency office to provide timely assessment and
case management services to clients, as outlined in 9 CCR 2503-5.
10. Following the standards set by the Department. These standards include Agency
Letters/Memos and written documents from Department -approved training.
11. The Contractor shall submit monthly reporting, using the format in Exhibit E, HCA
Counts, of the client counts/case activities for the implementation of the HCA
program to the Department based on information documented in the State -
prescribed information management system. This information will be submitted to
the Department by the 20th day of the following month for which data has been
collected. This information will be submitted via email to
cdhs dews contracts@state.co.us.
12. The Contractor shall obtain access to the Colorado Benefits Management System
(CBMS) through their county department for all personnel conducting HCA
functional assessments and other case management activities related to HCA, those
personnel must complete all required CBMS access training, and the CMA must
ensure personnel is trained on use.
G. The Contractor shall perform all necessary applicant/client functions related to intake,
assessment, case management, and other client -related functions for the implementation of
the HCA program, as defined in the State statutes and regulations (identified in "A",
above). These functions include but are not limited to:
1. Protecting applicant/client's rights.
2. Facilitating the application process for applicants, responding in a timely manner
to all referrals, and providing appropriate and timely access to services, as outlined
in 9 CCR 2503-5.
3. If the client is not functionally eligible for Home and Community Based Services
(HCBS) through Medicaid, the Contractor shall conduct a thorough assessment of
care needs and determine functional eligibility and the need for paid care score
using the functional assessment in CBMS.
Exhibit A Statement of Work
Page 3 of 6 07/01/2024
4. Identifying resources to assure the most appropriate public and private resources to
serve the applicant/client's needs. The determination of appropriate resources shall
not supplant but support self -care, family care, and other informal community based
resources.
5. Establishing a care plan with input from the applicant/client. Services identified in
the care plan shall not exceed the type and amount of services medically and/or
functionally required for the applicant/client.
6. Providing case management services as outlined in 9 CCR 2503-5.
7. Assuring that a client who receives case management services receives the type and
amount of HCA services listed in the care plan and client/provider agreement.
8. A review of the client's assessment and care plan will take place with the client six
(6) months following the assessment completion date. Reviews of assessments and
care plans must also take place with the client six (6) months after any re-
assessment is completed. The client shall be re-evaluated for functional eligibility
for HCBS prior to completing an HCA assessment at each functional assessment.
If the client is not functionally eligible for HCBS, they may be eligible for HCA.
As Public Health Orders allow, face-to-face functional reassessment shall be
completed within twelve (12) months of the initial functional assessment and every
twelve (12) months thereafter. A reassessment shall be completed sooner if the
client's condition changes.
9. Revising the care plan and need for paid care score or closing the HCA case, as
appropriate depending on the client's changing needs.
H. The Contractor shall perform all necessary general functions related to administration of
the HCA program, as defined in the State statutes and regulations (identified in "A",
above). These functions include but are not limited to:
1. Following the standards set by the Department, including policy directives and
other guidelines and training provided by the Department.
2. Providing accurate and timely processing of new applicants.
3. Documenting agency and case -related activities timely, as outlined in 9 CCR 2503-
5, including but not limited to:
a. Documenting complaints from clients in the case file.
b. Referring complaints regarding quality of care issues against a provider to
the Colorado Department of Public Health and Environment and/or Adult
Protective Services.
Exhibit A Statement of Work
Page 4 of 6 07/01/2024
c. Effectively utilizing CBMS and any other State -prescribed form or system.
Information to be documented when not available in CBMS includes, but is
not limited to:
1) Collection and reporting of client specific data pertaining to
information and referral services;
2) Program eligibility determination;
3) Care planning;
4) Case management and case activities, including service delivery and
effectiveness;
5) Service authorization; and
6) Resource development.
4. Documenting client functional assessment eligibility in CBMS and providing other
required documentation to the County departments of human/social services and/or
Department necessary for eligibility determination purposes, all within the
prescribed timeframes.
5. Cooperating with the Department, the Community Center Boards (CCBs), mental
health facilities, and other community organizations for the admission of clients
with/to the HCA program.
6. Providing a referral to other resources to appropriately manage care needs if the
applicant/client is ineligible or would be inappropriate for the HCA program.
7. Contacting each CMA and County department when transferring a client from one
county to another county or from one CMA district to . another to make
arrangements to coordinate the transfer of a case in CBMS to avoid service
disruption to the recipient.
I. Performance Standards
1. The Contractor shall maintain a performance score of 90 or higher on the semi-
annual Administrative Monitoring Tool for HCA Program Implementation,
attached as Exhibit D. Failure to maintain this standard may result in an order for
corrective action and immediate remedy. This Tool is to be submitted no later than
October 15th and March 15°. This Administrative Monitoring Tool should be
submitted via email to cdhs_DEWS contracts(aystate.co.us.
2. The Contractor shall fully document all attempts to conduct assessments within the
timeframes specified in Adult Financial rule and must share documentation within
Exhibit A Statement of Work
Page 5 of 6 07/01 /2024
30 days of the Department's request. Failure to conduct assessments within
timeframes without adequate documentation to support delays may result in an
order for corrective action and immediate remedy.
J. Payment
1. The Contractor will receive one twelfth (1/12th) of their full allocation monthly. The
full allocation can be found on the Contract or Purchase Order cover sheet. This
payment is to be processed by the Department no later than the tenth (10th) of the
month following the month which services occurred. County Vendors will utilize
CFMS as a payment system and must enter data into CFMS to receive their payment.
The Department will enter and remit payments through CORE for all other Vendors
that are not County entities.
a. Supporting Documentation
i. The Contractor shall keep on site for State review, for the Contract
term, plus 4 years, the following supporting documentation for each
invoice:
1. Non -personnel reimbursements must be supported by a general
ledger or subledger detail generated from an accounting system.
2. The ledger detail should include payee, description, date, and
amount.
3. For participant services, participant name and purpose must be
maintained on file (when appropriate release forms are signed by
participant).
4. Documentation shall include all receipts and/or other original
supporting documents.
5. Travel expenditures shall include a travel expense report.
b. For personnel requests, an excerpt of the payroll register from the paying system
is acceptable. The payroll register should identify staff, period paid, salary, and
itemized taxes and benefits.
c. All funds must be expended within the Contract/Purchase Order period.
d. If monthly reporting is not submitted in accordance with the schedule outlined
above, or if deliverables are not met, the State reserves the right to withhold future
payments until all reporting is received and deliverables are met.
Exhibit A Statement of Work Page 6 of 6 07/01/2024
EXHIBIT B
Weld County
BUDGET - SFY 2025
July 1, 2024 THROUGH June 30, 2025
List of Counties that above named Vendor will perform Case
Management Agency (CMA) functions and obligations for:
Weld County
BUDGET DETAIL
Intake, Assessment, and Case Management
Services for the Home Care Allowance Program
Monthly
GRAND TOTAL
TOTAL
$ 2,760.33
$ 33,123.98
Vendor will be paid 1/12 of their total allocation (above) each
month for performing CMA functions as outlined in the Statement
of Work
The parties understand and agree that the Contract fixed price for any given year of the Contract term is
determined by calculating the monthly average percentage of HCA clients served by the Contractor in
the year prior to any such given year out of the total monthly average number of HCA clients in the State
in such prior year.
COLORADO
Financial Service:
Qewsament d Human Serous
RtvisIon of Contracts and Nocurensent
EXHIBIT C - HIPAA BUSINESS ASSOCIATE AGREEMENT
This HIPAA Business Associate Agreement ("Agreement") between the State and Contractor is agreed to in
connection with, and as an exhibit to, the Contract. For purposes of this Agreement, the State is referred to as
"Covered Entity" and the Contractor is referred to as "Business Associate". Unless the context clearly requires a
distinction between the Contract and this Agreement, all references to "Contract" shall include this Agreement.
1. PURPOSE
Covered Entity wishes to disclose information to Business Associate, which may include Protected Health
Information ("PHI"). The Parties intend to protect the privacy and security of the disclosed PHI in compliance with
the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), Pub. L. No. 104-191 (1996) as
amended by the Health Information Technology for Economic and Clinical Health Act ("HITECH Act") enacted
under the American Recovery and Reinvestment Act of 2009 ("ARRA") Pub. L. No. 111-5 (2009), implementing
regulations promulgated by the U.S. Department of Health and Human Services at 45 C.F.R. Parts 160, 162 and
164 (the "HIPAA Rules") and other applicable laws, as amended. Prior to the disclosure of PHI, Covered Entity is
required to enter into an agreement with Business Associate containing specific requirements as set forth in, but not
limited to, Title 45, Sections 160.103, 164.502(e) and 164.504(e) of the Code of Federal Regulations ("C.F.R.")
and all other applicable laws and regulations, all as maybe amended.
2. DEFINITIONS
The following terms used in this Agreement shall have the same meanings as in the HIPAA Rules: Breach, Data
Aggregation, Designated Record Set, Disclosure, Health Care Operations, Individual, Minimum Necessary, Notice
of Privacy Practices, Protected Health Information, Required by Law, Secretary, Security Incident, Subcontractor,
Unsecured Protected Health Information, and Use.
The following terms used in this Agreement shall have the meanings set forth below:
a. Business Associate. "Business Associate" shall have the same meaning as the term "business associate"
at 45 C.F.R. 160.103, and shall refer to Contractor.
b. Covered Entity. "Covered Entity" shall have the same meaning as the term "covered entity" at 45 C.F.R.
160.103, and shall refer to the State.
c. Information Technology and Information Security. "Information Technology" and "Information
Security" shall have the same meanings as the terms "information technology" and "information
security", respectively, in §24-37.5-102, C.R.S.
Capitalized terms used herein and not otherwise defined herein or in the HIPAA Rules shall have the meanings
ascribed to them in the Contract.
Page 1 of 10
HIPAA BAA
Revised August 2018
ASO
Financial
COLORADO
Services „ Department or arm
Dietsion of Contracts and Procurement
3. OBLIGATIONS AND ACTIVITIES OF BUSINESS ASSOCIATE
a. Permitted Uses and Disclosures.
i. Business Associate shall use and disclose PHI only to accomplish Business Associate's
obligations under the Contract.
To the extent Business Associate carries out one or more of Covered Entity's obligations under
Subpart E of 45 C.F.R. Part 164, Business Associate shall comply with any and all requirements
of Subpart E that apply to Covered Entity in the performance of such obligation.
iii. Business Associate may disclose PHI to carry out the legal responsibilities of Business
Associate, provided, that the disclosure is Required by Law or Business Associate obtains
reasonable assurances from the person to whom the information is disclosed that:
A. the information will remain confidential and will be used or disclosed only as Required
by Law or for the purpose for which Business Associate originally disclosed the
information to that person, and;
B. the person notifies Business Associate of any Breach involving PHI of which it is
aware.
iv. Business Associate may provide Data Aggregation services relating to the Health Care
Operations of Covered Entity. Business Associate may de -identify any or all PHI created or
received by Business Associate under this Agreement, provided the de -identification conforms
to the requirements of the HIPAA Rules.
b. Minimum Necessary. Business Associate, its Subcontractors and agents, shall access, use, and disclose
only the minimum amount of PHI necessary to accomplish the objectives of the Contract, in accordance
with the Minimum Necessary Requirements of the HIPAA Rules including, but not limited to, 45
C.F.R. 164.502(b) and 164.514(d).
c. Impermissible Uses and Disclosures.
i. Business Associate shall not disclose the PHI of Covered Entity to another covered entity
without the written authorization of Covered Entity.
ii. Business Associate shall not share, use, disclose or make available any Covered Entity PHI in
any form via any medium with or to any person or entity beyond the boundaries or jurisdiction
of the United States without express written authorization from Covered Entity.
d. Business Associate's Subcontractors.
Business Associate shall, in accordance with 45 C.F.R. 164.502(e)(1)(ii) and 164.308(b)(2),
ensure that any Subcontractors who create, receive, maintain, or transmit PHI on behalf of
Page 2 of 10
HIPAA BAA
Revised August 2018
a
e.
f.
g.
COLORADO
Financial Services
Department of
D vt.art of Contracts a. Procurement
Business Associate agree in writing to the same restrictions, conditions, and requirements that
apply to Business Associate with respect to safeguarding PHI.
ii. Business Associate shall provide to Covered Entity, on Covered Entity's request, a list of
Subcontractors who have entered into any such agreement with Business Associate.
iii. Business Associate shall provide to Covered Entity, on Covered Entity's request, copies of any
such agreements Business Associate has entered into with Subcontractors.
Access to System. If Business Associate needs access to a Covered Entity Information Technology
system to comply with its obligations under the Contract or this Agreement, Business Associate shall
request, review, and comply with any and all policies applicable to Covered Entity regarding such
system including, but not limited to, any policies promulgated by the Office of Information Technology
and available at http://oit.state.co.us/about/policies.
Access to PHI. Business Associate shall, within ten days of receiving a written request from Covered
Entity, make available PHI in a Designated Record Set to Covered Entity as necessary to satisfy
Covered Entity's obligations under 45 C.F.R. 164.524.
Amendment of PHI.
Business Associate shall within ten days of receiving a written request from Covered Entity
make any amendment to PHI in a Designated Record Set as directed by or agreed to by Covered
Entity pursuant to 45 C.F.R. 164.526, or take other measures as necessary to satisfy Covered
Entity's obligations under 45 C.F.R. 164.526.
ii. Business Associate shall promptly forward to Covered Entity any request for amendment of
PHI that Business Associate receives directly from an Individual.
h. Accounting Rights. Business Associate shall, within ten days of receiving a written request from
Covered Entity, maintain and make available to Covered Entity the information necessary for Covered
Entity to satisfy its obligations to provide an accounting of Disclosure under 45 C.F.R. 164.528.
Restrictions and Confidential Communications.
i. Business Associate shall restrict the Use or Disclosure of an Individual's PHI within ten days
of notice from Covered Entity of:
A. a restriction on Use or Disclosure of PHI pursuant to 45 C.F.R. 164.522; or
B. a request for confidential communication of PHI pursuant to 45 C.F.R. 164.522.
ii. Business Associate shall not respond directly to an Individual's requests to restrict the Use or
Disclosure of PHI or to send all communication of PHI to an alternate address.
Page 3 of 10
HIPAA BAA
Revised August 2018
COLORADO
Financial Services
Deportment ar Hum. Soy.%
Uivivat of Contracts and Procurement
iii. Business Associate shall refer such requests to Covered Entity so that Covered Entity can
coordinate and prepare a timely response to the requesting Individual and provide direction to
Business Associate.
J•
Governmental Access to Records. Business Associate shall make its facilities, internal practices, books,
records, and other sources of information, including PHI, available to the Secretary for purposes of
determining compliance with the HIPAA Rules in accordance with 45 C.F.R. 160.310.
k. Audit, Inspection and Enforcement.
Business Associate shall obtain and update at least annually a written assessment performed by
an independent third party reasonably acceptable to Covered Entity, which evaluates the
Information Security of the applications, infrastructure, and processes that interact with the
Covered Entity data Business Associate receives, manipulates, stores and distributes. Upon
request by Covered Entity, Business Associate shall provide to Covered Entity the executive
summary of the assessment.
ii. Business Associate, upon the request of Covered Entity, shall fully cooperate with Covered
Entity's efforts to audit Business Associate's compliance with applicable HIPAA Rules. If,
through audit or inspection, Covered Entity determines that Business Associate's conduct
would result in violation of the HIPAA Rules or is in violation of the Contract or this
Agreement, Business Associate shall promptly remedy any such violation and shall certify
completion of its remedy in writing to Covered Entity.
1. Appropriate Safeguards.
i. Business Associate shall use appropriate safeguards and comply with Subpart C of 45 C.F.R.
Part 164 with respect to electronic PHI to prevent use or disclosure of PHI other than as
provided in this Agreement.
ii. Business Associate shall safeguard the PHI from tampering and unauthorized disclosures.
iii. Business Associate shall maintain the confidentiality of passwords and other data required for
accessing this information.
iv. Business Associate shall extend protection beyond the initial information obtained from
Covered Entity to any databases or collections of PHI containing information derived from the
PHI. The provisions of this section shall be in force unless PHI is de -identified in conformance
to the requirements of the HIPAA Rules.
m. Safeguard During Transmission.
Business Associate shall use reasonable and appropriate safeguards including, without
limitation, Information Security measures to ensure that all transmissions of PHI are authorized
and to prevent use or disclosure of PHI other than as provided for by this Agreement.
Page 4 of 10
HIPAA BAA
Revised August 2018
a
COLORADO
I>timeW sue«,
Deputment d Hunan Services
Division of Contracts and Procurement
. Business Associate shall not transmit PHI over the internet or any other insecure or open
communication channel unless the PHI is encrypted or otherwise safeguarded with a FIPS-
compliant encryption algorithm.
n. Reporting of Improper Use or Disclosure and Notification of Breach.
Business Associate shall, as soon as reasonably possible, but immediately after discovery of a
Breach, notify Covered Entity of any use or disclosure of PHI not provided for by this
Agreement, including a Breach of Unsecured Protected Health Information as such notice is
required by 45 C.F.R. 164.410 or a breach for which notice is required under §24-73-103,
C.R.S.
ii. Such notice shall include the identification of each Individual whose Unsecured Protected
Health Information has been, or is reasonably believed by Business Associate to have been,
accessed, acquired, or disclosed during such Breach.
iii. Business Associate shall, as soon as reasonably possible, but immediately after discovery of
any Security Incident that does not constitute a Breach, notify Covered Entity of such incident.
iv. Business Associate shall have the burden of demonstrating that all notifications were made as
required, including evidence demonstrating the necessity of any delay.
Business Associate's Insurance and Notification Costs.
i. Business Associate shall bear all costs of a Breach response including, without limitation,
notifications, and shall maintain insurance to cover:
A. loss of PHI data;
B. Breach notification requirements specified in HIPAA Rules and in §24-73-103, C.R.S.;
and
C. claims based upon alleged violations of privacy rights through improper use or
disclosure of PHI.
ii. All such policies shall meet or exceed the minimum insurance requirements of the Contract or
otherwise as may be approved by Covered Entity (e.g., occurrence basis, combined single
dollar limits, annual aggregate dollar limits, additional insured status, and notice of
cancellation).
iii. Business Associate shall provide Covered Entity a point of contact who possesses relevant
Information Security knowledge and is accessible 24 hours per day, 7 days per week to assist
with incident handling.
Page 5 of 10
HIPAA BAA
Revised August 2018
COLORADO
Hnanclal Services
cep.... or Human Semns
Division of Contracts and Procurement
iv. Business Associate, to the extent practicable, shall mitigate any harmful effect known to
Business Associate of a Use or Disclosure of PHI by Business Associate in violation of this
Agreement.
P.
q.
Subcontractors and Breaches.
Business Associate shall enter into a written agreement with each of its Subcontractors and
agents, who create, receive, maintain, or transmit PHI on behalf of Business Associate. The
agreements shall require such Subcontractors and agents to report to Business Associate any
use or disclosure of PHI not provided for by this Agreement, including Security Incidents and
Breaches of Unsecured Protected Health Information, on the first day such Subcontractor or
agent knows or should have known of the Breach as required by 45 C.F.R. 164.410.
ii. Business Associate shall notify Covered Entity of any such report and shall provide copies of
any such agreements to Covered Entity on request.
Data Ownership.
i. Business Associate acknowledges that Business Associate has no ownership rights with respect
to the PHI.
ii. Upon request by Covered Entity, Business Associate immediately shall provide Covered Entity
with any keys to decrypt information that the Business Association has encrypted and maintains
in encrypted form, or shall provide such information in unencrypted usable form.
r. Retention of PHI. Except upon termination of this Agreement as provided in Section 5, below, Business
Associate and its Subcontractors or agents shall retain all PHI throughout the term of this Agreement,
and shall continue to maintain the accounting of disclosures required under Section 3.h, above, for a
period of six years.
4. OBLIGATIONS OF COVERED ENTITY
a. Safeguards During Transmission. Covered Entity shall be responsible for using appropriate safeguards
including encryption of PHI, to maintain and ensure the confidentiality, integrity, and security of PHI
transmitted pursuant to this Agreement, in accordance with the standards and requirements of the
HIPAA Rules.
b. Notice of Changes.
Covered Entity maintains a copy of its Notice of Privacy Practices on its website. Covered
Entity shall provide Business Associate with any changes in, or revocation of, permission to
use or disclose PHI, to the extent that it may affect Business Associate's permitted or required
uses or disclosures.
Page 6 of 10
HIPAA BAA
Revised August 2018
a
COLORADO
Financial Services
oep.....4 IX Woun Sernms
Division of Contracts and Procurement
ii. Covered Entity shall notify Business Associate of any restriction on the use or disclosure of
PHI to which Covered Entity has agreed in accordance with 45 C.F.R. 164.522, to the extent
that it may affect Business Associate's permitted use or disclosure of PHI.
5. TERMINATION
Breach.
i. In addition to any Contract provision regarding remedies for breach, Covered Entity shall have
the right, in the event of a breach by Business Associate of any provision of this Agreement, to
terminate immediately the Contract, or this Agreement, or both.
ii. Subject to any directions from Covered Entity, upon termination of the Contract, this
Agreement, or both, Business Associate shall take timely, reasonable, and necessary action to
protect and preserve property in the possession of Business Associate in which Covered Entity
has an interest.
b. Effect of Termination.
i. Upon termination of this Agreement for any reason, Business Associate, at the option of
Covered Entity, shall return or destroy all PHI that Business Associate, its agents, or its
Subcontractors maintain in any form, and shall not retain any copies of such PHI.
ii. If Covered Entity directs Business Associate to destroy the PHI, Business Associate shall
certify in writing to Covered Entity that such PHI has been destroyed.
iii. If Business Associate believes that returning or destroying the PHI is not feasible, Business
Associate shall promptly provide Covered Entity with notice of the conditions making return
or destruction infeasible. Business Associate shall continue to extend the protections of Section
3 of this Agreement to such PHI, and shall limit further use of such PHI to those purposes that
make the return or destruction of such PHI infeasible.
6. INJUNCTIVE RELIEF
Covered Entity and Business Associate agree that irreparable damage would occur in the event Business Associate
or any of its Subcontractors or agents use or disclosure of PHI in violation of this Agreement, the HIPAA Rules or
any applicable law. Covered Entity and Business Associate further agree that money damages would not provide
an adequate remedy for such Breach. Accordingly, Covered Entity and Business Associate agree that Covered
Entity shall be entitled to injunctive relief, specific performance, and other equitable relief to prevent or restrain any
Breach or threatened Breach of and to enforce specifically the terms and provisions of this Agreement.
7. LIMITATION OF LIABILITY
Any provision in the Contract limiting Contractor's liability shall not apply to Business Associate's liability under
this Agreement, which shall not be limited.
Page 7 of 10
HIPAA BAA
Revised August 2018
441)
COLORADO
Financial Services
De,Imenf of Hwnan Ser.ces
Dtvismn of Contracts and Procurement
8. DISCLAIMER
Covered Entity makes no warranty or representation that compliance by Business Associate with this Agreement
or the HIPAA Rules will be adequate or satisfactory for Business Associate's own purposes. Business Associate is
solely responsible for all decisions made and actions taken by Business Associate regarding the safeguarding of
PHI.
9. CERTIFICATION
Covered Entity has a legal obligation under HIPAA Rules to certify as to Business Associate's Information Security
practices. Covered Entity or its authorized agent or contractor shall have the right to examine Business Associate's
facilities, systems, procedures, and records, at Covered Entity's expense, if Covered Entity determines that
examination is necessary to certify that Business Associate's Information Security safeguards comply with the
HIPAA Rules or this Agreement.
10. AMENDMENT
a. Amendment to Comply with Law. The Parties acknowledge that state and federal laws and regulations
relating to data security and privacy are rapidly evolving and that amendment of this Agreement may
be required to provide procedures to ensure compliance with such developments.
i. In the event of any change to state or federal laws and regulations relating to data security and
privacy affecting this Agreement, the Parties shall take such action as is necessary to implement
the changes to the standards and requirements of HIPAA, the HIPAA Rules and other
applicable rules relating to the confidentiality, integrity, availability and security of PHI with
respect to this Agreement.
ii. Business Associate shall provide to Covered Entity written assurance satisfactory to Covered
Entity that Business Associate shall adequately safeguard all PHI, and obtain written assurance
satisfactory to Covered Entity from Business Associate's Subcontractors and agents that they
shall adequately safeguard all PHI.
iii. Upon the request of either Party, the other Party promptly shall negotiate in good faith the terms
of an amendment to the Contract embodying written assurances consistent with the standards
and requirements of HIPAA, the HIPAA Rules, or other applicable rules.
iv. Covered Entity may terminate this Agreement upon 30 days' prior written notice in the event
that:
A. Business Associate does not promptly enter into negotiations to amend the Contract
and this Agreement when requested by Covered Entity pursuant to this Section; or
B. Business Associate does not enter into an amendment to the Contract and this
Agreement, which provides assurances regarding the safeguarding of PHI sufficient,
Page 8 of 10
HIPAA BAA
Revised August 2018
a
COLORADO
*Islands' Semites
4epartm .s of tip rn.e Sserv¢.c,
phis+on of Contrasts and Procoremes+.x.
in Covered Entity's sole discretion, to satisfy the standards and requirements of the
HIPAA, the HIPAA Rules and applicable law.
b. Amendment of Appendix. The Appendix to this Agreement may be modified or amended by the mutual
written agreement of the Parties, without amendment of this Agreement. Any modified or amended
Appendix agreed to in writing by the Parties shall supersede and replace any prior version of the
Appendix.
11. ASSISTANCE IN LITIGATION OR ADMINISTRATIVE PROCEEDINGS
Covered Entity shall provide written notice to Business Associate if litigation or administrative proceeding is
commenced against Covered Entity, its directors, officers, or employees, based on a claimed violation by Business
Associate of HIPAA, the HIPAA Rules or other laws relating to security and privacy or PHI. Upon receipt of such
notice and to the extent requested by Covered Entity, Business Associate shall, and shall cause its employees,
Subcontractors, or agents assisting Business Associate in the performance of its obligations under the Contract to,
assist Covered Entity in the defense of such litigation or proceedings. Business Associate shall, and shall cause its
employees, Subcontractor's and agents to, provide assistance, to Covered Entity, which may include testifying as a
witness at such proceedings. Business Associate or any of its employees, Subcontractors or agents shall not be
required to provide such assistance if Business Associate is a named adverse party.
12. INTERPRETATION AND ORDER OF PRECEDENCE
Any ambiguity in this Agreement shall be resolved in favor of a meaning that complies and is consistent with the
HIPAA Rules. In the event of an inconsistency between the Contract and this Agreement, this Agreement shall
control. This Agreement supersedes and replaces any previous, separately executed HIPAA business associate
agreement between the Parties.
13. SURVIVAL
Provisions of this Agreement requiring continued performance, compliance, or effect after termination shall survive
termination of this contract or this agreement and shall be enforceable by Covered Entity.
Page 9 of 10
HIPAA BAA
Revised August 2018
a
COLORADO
Financial Services
Depuvnem of' Hum.54/`R(Y5
Divivon of Contracts and Procutemer t
APPENDIX TO HIPAA BUSINESS ASSOCIATE AGREEMENT
This Appendix ("Appendix") to the HIPAA Business Associate Agreement ("Agreement") is s an appendix to the
Contract and the Agreement. For the purposes of this Appendix, defined terms shall have the meanings ascribed to
them in the Agreement and the Contract. Unless the context clearly requires a distinction between the Contract, the
Agreement, and this Appendix, all references to "Contract" or "Agreement" shall include this Appendix.
1. PURPOSE
This Appendix sets forth additional terms to the Agreement. Any sub -section of this Appendix marked as
"Reserved" shall be construed as setting forth no additional terms.
2. ADDITIONAL TERMS
a. Additional Permitted Uses. In addition to those purposes set forth in the Agreement, Business
Associate may use PHI for the following additional purposes:
i. Reserved.
b. Additional Permitted Disclosures. In addition to those purposes set forth in the Agreement, Business
Associate may disclose PHI for the following additional purposes:
i. Reserved.
c. Approved Subcontractors. Covered Entity agrees that the following Subcontractors or agents of
Business Associate may receive PHI under the Agreement:
i. Reserved.
d. Definition of Receipt of PHI. Business Associate's receipt of PHI under this Contract shall be deemed
to occur, and Business Associate's obligations under the Agreement shall commence, as follows:
i. Reserved.
e. Additional Restrictions on Business Associate. Business Associate agrees to comply with the following
additional restrictions on Business Associate's use and disclosure of PHI under the Contract:
i. Reserved.
f. Additional Terms. Business Associate agrees to comply with the following additional terms under the
Agreement:
i. Reserved.
Page 10 of 10
HIPAA BAA
Revised August 2018
EXHIBIT D
EXHIBIT D - ADMINISTRATIVE MONITORING TOOL FOR HCA PROGRAM IMPLEMENTATION
Agency Name:
Reviewed By:
Review Date:
Performance Standard Related to Administrative Authority
Measure/Expectation
1. Case Managers meet the qualifications as outlined in State regulations
2. Case Managers have been screened (e.g. drug screening, background checks) and are appropriate for employment
as defined by the agency
3. Agency administers a personnel system for recruiting, hiring, evaluating, and terminating employees
4. Agency staff have sufficient training and experience to complete all portions of the work assigned to them as
defined in this contract and rule
5. The agency follows standards as set forth by the Department through rules, Agency Letters/Memos and written
documents from Department sanctioned trainings _
6. Agency completed the mandated sample review of cases within required timeframes
7. Agency has a method to determine that clients are receiving specified services at least monthly
8. Agency maintains client records in accordance with program requirements, including documentation of all case
activities, the monitoring of service delivery, and service effectiveness
9. The agency uses the State -prescribed information management system for the purpose of client information
management
10. Clients rights are protected as it pertains to the terms of the contract
11. Clients have access to the office during regular business hours
12. Agency provides a telephone system and trained staff to:
a. Timely respond to messages
b. Provide access to telecommunication devices and/or interpreters for the hearing/vocally impaired
Yes/No/NA PTS
c. Provide access to foreign language interpreters as needed
13. Case management functions are performed according to the contract and rule
14. The agency timely provided required documentation to the county departments of human/social services and/or
Department necessary for eligibility determination purposes within the prescribed timeframes
15. The agency submits Department required information electronically as scheduled or upon the Department's
request
16. Insurance is maintained as specified in the contract
17. Certificates showing insurance coverage were submitted to the Department within 7 business days of the
effective date of the contract
18. Agency complied with the reporting requirements as specified in the contract
19. The agency complies with HIPAA
20. The agency attended county level and/or Administrative Law Judge (AU) hearings when the agency denies
approval or implemented other adverse action against an applicant/client and the applicant/client appeals to include
presentation of supporting evidence and filing exceptions if necessary
Grading: Each question is worth 4.55 points. "Yes" or "NA" (when applicable) is worth 4.55 points, "No" is worth 0
points
Total Score:
Exhibit D, page 1 of 1
k . _
, t: °r
FY 2024-2025
(DUE
BY
THE
15TH
OF THE
FOLLOWING
MONTH)
July
Aug
Sept
Oct
Nov
Dec
Jan
Feb
1
Mar
1 Apr
May
Jun
HOME CARE ALLOWANCE
HCA CASELOAD STARTING
s
1
I
ASSESSMENT
APPROVALS
HCA
APPROVALS
I
I
I
ASSESSMENT
DENIALS
HCA
DENIALS
TOTAL INTAKE ASSESSMENTS
TOTAL HCA ,
I I
1
l
Contract Form
Entity Information
Entity Name* Entity ID*
COLORADO DEPARTMENT OF @00003650
HUMAN SERVICES
Contract Name*
CASE MANAGEMENT AGENCY (2024-25 PURCHASE
ORDER FOR HOME CARE ALLOWANCE)
Contract Status
CTB REVIEW
Contract ID
8271
Contract Lead *
SADAMS
❑ New Entity?
Parent Contract ID
20240121
Requires Board Approval
YES
Contract Lead Email Department Project #
sadams@weld.gov;cobbx
xlk@weld.gov
Contract Description*
FISCAL YEAR 24/25 CASE MANAGEMENT AGENCY (CMA) HOME CARE ALLOWANCE PURCHASE ORDER. TERM
07/01 /24 THROUGH 06/30/25. NO SIGNATURE REQUIRED.
Contract Description 2
PA ROUTING THROUGH NORMAL PROCESS. ETA TO CTB 6/5/24
Contract Type * Department
CHANGE ORDER HUMAN SERVICES
Amount*
$33,123.98
Renewable"
NO
Automatic Renewal
Grant
IGA
Department Email
CM-
HumanServices@weldgov.
com
Department Head Email
CM-HumanServices-
DeptHead@weldgov.com
County Attorney
GENERAL COUNTY
ATTORNEY EMAIL
County Attorney Email
CM-
COUNTYATTORNEY@WEL
DGOV.COM
Requested BOCC Agenda
Date *
06/12/2024
Due Date
06/08/2024
Will a work session with BOCC be required?*
NO
Does Contract require Purchasing Dept. to be
included?
If this is a renewal enter previous Contract ID
If this is part of a MSA enter MSA Contract ID
Note: the Previous Contract Number and Master Services Agreement Number should be left blank if those contracts
are not in OnBase
Contract Dates
Effective Date
Termination Notice Period
Contact Information
Review Date*
04/30/2025
Committed Delivery Date
Renewal Date
Expiration Date*
06/30/2025
Contact Info
Contact Name Contact Type Contact Email Contact Phone 1 Contact Phone 2
Purchasing
Purchasing Approver Purchasing Approved Date
Approval Process
Department Head Finance Approver Legal Counsel
JAMIE ULRICH CHERYL PATTELLI BYRON HOWELL
DH Approved Date Finance Approved Date Legal Counsel Approved Date
06/10/2024 06/10/2024 06/10/2024
Final Approval
BOCC Approved Tyler Ref #
AG 061924
BOCC Signed Date Originator
SADAMS
BOCC Agenda Date
06/19/2024
Hello