HomeMy WebLinkAbout20231855.tiffRESOLUTION
RE: APPROVE ACCEPTANCE OF PURCHASE ORDER FUNDS FOR CONSTRUCTION OF
NEW HILL N PARK SENIOR CENTER, AND AUTHORIZE DEPARTMENT OF HUMAN
SERVICES TO DISBURSE FUNDS
WHEREAS, the Board of County Commissioners of Weld County, Colorado, pursuant to
Colorado statute and the Weld County Home Rule Charter, is vested with the authority of
administering the affairs of Weld County, Colorado, and
WHEREAS, the Board has been presented with a Purchase Order for the Construction of
the New Hill N Park Senior Center between the County of Weld, State of Colorado, by and through
the Board of County Commissioners of Weld County, on behalf of the Department of Human
Services, and the Colorado Department of Human Services, commencing April 22, 2022, and
ending December 31, 2022, with further terms and conditions being as stated in said purchase
order, and
WHEREAS, after review, the Board deems it advisable to approve said purchase order, a
copy of which is attached hereto and incorporated herein by reference.
NOW, THEREFORE, BE IT RESOLVED by the Board of County Commissioners of
Weld County, Colorado, that the Purchase Order for the Construction of the New Hill N Park
Senior Center between the County of Weld, State of Colorado, by and through the Board of
County Commissioners of Weld County, on behalf of the Department of Human Services, and the
Colorado Department of Human Services, be, and hereby is, approved.
BE IT FURTHER RESOLVED by the Board that the Purchase Orders be, and hereby are,
accepted, and the Department of Human Services, be, and hereby, is authorized to disburse said
funds.
The above and foregoing Resolution was, on motion duly made and seconded, adopted
by the following vote on the 5th day of July, A.D., 2023, nunc pro tunc April 22, 2022.
BOARD OF COUNTY COMMISSIONERS
WELD COUNTY, COLORADO
ATTEST: ditif„v "L%el
Weld County Clerk to the Board
ounty Attorney
Date of signature: 07/I /2.3
EXCUSED
man Chair
Perr, L. ck, Pro-Tem
CC: HSD
07/20/23
2023-1855
HR0095
Co
aciirh, coz
PRIVILEGED AND CONFIDENTIAL
MEMORANDUM
DATE: June 27, 2023
TO: Board of County Commissioners — Pass -Around
FR: Jamie Ulrich, Director, Human Services
RE: Colorado Department of Human Services (CDHS)
Area Agency on Aging (AAA) Region 2B Grant
Program Purchase Order
Please review and indicate if you would like a work session prior to placing this item on the
Board's agenda.
Request Board Approval of the Department's Colorado Department of Human Services
(CDHS) Area Agency on Aging (AAA) Region 2B Grant Program Purchase Order. The
Weld County Area Agency on Aging (AAA) has received $877,700.00 in funds in the form of
Purchase Order IHEA 202200003241, from the Colorado Department of Human Services
(CDHS). This funding was a result of a AAA Older Americans Senate Bill 21-290 Grant
Program application and subsequent award, identified as Tyler ID#2021-3415 and #2022-0979.
As outlined in the awarded grant application, this funding will be used to build a new Hill N Park
Senior Center located in Greeley, in partnership with Habitat for Humanity and Roche Construction.
I do not recommend a Work Session. I recommend approval of this Purchase Order and
authorize the WCDHS to dispense the purchase order funds as appropriate.
Perry L. Buck, Pro-Tem
Mike Freeman, Chair
Scott K. James
Kevin D. Ross
Lori Saine
Approve
Recommendation
-(15-
Schedule
Work Session
Other/Comments:
Pass -Around Memorandum; June 27, 2023 — CMS ID 7162 Page 1
2023-1855
1/5 4Y�00a5
Karla Ford
From:
Sent:
To:
Subject:
Approve
Mike Freeman
Wednesday, June 28, 2023 9:37 AM
Karla Ford
Re: Please Review - PA FOR ROUTING: AAA Grant Program Hill N Park Build PO (CMS
7162)
Sent from my iPhone
On Jun 28, 2023, at 5:06 PM, Karla Ford <kford@weld.gov>wrote:
Please advise if you approve recommendation. Thank you.
Karla Ford ,
Office Manager, Board of Weld County Commissioners
1150 0 Street, P.O. Box 758, Greeley, Colorado 80632
:: 970.336-7204 :: kford@weldgov.com :: www.weldgov.com
**Please note my working hours are Monday -Thursday 7:00a.m.-5:00p.m.**
<image002. jpg>
Confidentiality Notice: This electronic transmission and any attached documents or other writings are intended only for the person or entity to
which it is addressed and may contain information that is privileged, confidential or otherwise protected from disclosure. If you have received
this communication in error, please immediately notify sender by return e-mail and destroy the communication. Any disclosure, copying,
distribution or the taking of any action concerning the contents of this communication or any attachments by anyone other than the named
recipient is strictly prohibited.
From: Lesley Cobb <cobbxxik@weld.gov>
Sent: Wednesday, June 28, 2023 9:02 AM
To: Karla Ford <kford@weld.gov>
Cc: Bruce Barker <bbarker@weld.gov>; Cheryl Pattelli <cpattelli@weld.gov>; Chris D'Ovidio
<cdovidio@weld.gov>; Esther Gesick <egesick@weld.gov>; Lennie Bottorff <bottorll@weld.gov>; HS -
Contract Management <HS-ContractManagement@co.weld.co.us>
Subject: PA FOR ROUTING: AAA Grant Program Hill N Park Build PO (CMS 7162)
Good morning,
We have been notified that the Commissioner Coordinator meeting for this week was
cancelled. Attached please find the PA for the AAA Grant Program Hill N Park Build PO (CMS 7162) that
was approved for routing to all five Commissioners.
Thank you!
Lesley Cobb
Contract Management and Compliance Supervisor
Weld County Dept. of Human Services
315 N. 11th Ave., Bldg A
PO Box A
z
STATE OF COLORADO
Department of Human Services
RDER
Number: POGGI,IHEA,2O22OO003241
Date: 5/4/22
Description:
Area Agency on Aging (AAA) Grant Program
Effective Date:
Ex s iration Date:
BUYER
Buyer:
Email:
VENDOR
04/22/22
12/31/22
Raven Lopez
raven.lopez@state.co.us
WELD COUNTY
Human Services
P O BOX 1805
GREELEY, CO 80632-1805
Contact:
Phone:
Kelly Morrison
9703521551
VENDOR INSTRUCTIONS
Page 1 of 2
*****IMPORTANT*****
The order number and line number must appear on all
invoices, packing slips, cartons, and correspondence.
BILL TO
AGING AND ADULT SERVICES
1575 SHERMAN STREET
10th Floor
DENVER, CO 80203
SHIP TO
AGING AND ADULT SERVICES
1575 SHERMAN STREET
10th Floor
DENVER, CO 80203
HIPPING INSTRUCTIONS
Delivery/Install Date:
FOB:
XTENDED DESCRIPTION
The purpose of this PO is to provide grants to the Weld County Area Agency on Aging (AAA) (Region 2B) in
order for them to finance various projects across the state that promote the health, well-being, and security of
older Coloradans per the attached documentation.
Reference solicitation # RFP IHEA EA 2022000084.
Line Item
Commodity/Item Code UOM QTY
Unit Cost Total Cost MSDS Req.
1
G1000
Description: Grant Commodity
()
0.00 $877,700.00
■
Service From: 04/22/22
Service To: 12/31/22
TERMS AND CONDITIONS
https://www.colorado.gov/osc/purchase-order-terms-conditions
REASON FOR MODIFICATION
Change Order Number: 1
a
STATE OF COLORADO
Department of Human Services
v.2 Modified to extend the expiration date of the PO as requested.
Page 2 of 2
DOCUMENT TOTAL = $877,700.00
Statement of Work (SOW) for SB 21-290
Region 2B Weld County Area Agency on Aging
BACKGROUND
Senate Bill 21-290 (S B 21-290) created the Area Agency on Aging grant program through the
Colorado Department of Human Services The State Unit on Aging (SUA) is administering and
monitoring the grant program The bill allocated $15,000,000 to finance various projects across
the state that are intended to assist and support older Coloradans
Grant proposals were only accepted from the 16 Area Agencies on Aging (AAA) There were
restrictions on the amount of funding a AAA can request or the number of projects AAAs were
able to submit a proposal individually or in collaboration with one or more other AAAs Grant
requests from direct service providers were not accepted, however, a direct service provider
was able to work with the AAA in their area for a project to be part of that AAAs grant
submission
The grant program supports projects that promote the health, well-being, and security of older
Coloradans across the state, including
• Community services for older Coloradans
o Infrastructure improvements
® Health promotion, congregate meals, and socialization activities
Transportation service
Home modification programs
Implementation of evidence -based fall prevention and chronic disease management
programs
SCOPE
Weld County Area Agency on Aging (Region 2B) has been funded $877,700 00 for the following
project
", Project' _
-Estimated Cost
1
Hill N Park Senior center in Greely new build
$877,700 00
FUNDS TRANSFERRED
A fiscal waiver was obtained to provide purchase orders above $150,000, waiving fiscal rule 3-1
section 5 The waiver was granted as the AAA's have been identified as "low -risk" contracts due
to the length of the relationship between the Department and the AAA, as well as the fact that
these agencies are law -specified in both the Older Americans Act and the Colorado Revised
Statutes
Funds will be distributed through Purchase Orders in one payment Funds will be transferred to
the AAAs by 6/30/2022
Page 1 of 2
MONITORING AND DELIVERABLES
The SUA will monitor the AAA to ensure all grant funds are spent appropriately within the
awarded project's requirements
The AAA will submit the documentation below to the SUA, until all projects are completed
Documents will' be reviewed monthly following the distribution of award and approved by the
SUA
1 Updated project plan as needed
2 Monthly expenditure report
3 Invoices supporting expenditures
4 Updated budget -to -actual spreadsheet
AAAs will submit official bid(s) to the SUA for capital construction projects AAA's will also
establish a payment review process demonstrating AAA Director (or designated staff) approval
of payment of expenditure towards the project(s)
Page 2 of 2
EXHIBIT B - HIPAA BUSINESS ASSOCIATE AGREEMENT
This HIPAA Business Associate Agreement ("Agreement") between the State of Colorado, Department of
Human Services, Division of Aging and Adult Services and Contractor, University of Colorado is agreed to in
connection with, and as an exhibit to, the Contract. For purposes of this Agreement, the State is referred to as
"Covered Entity" and the Contractor is referred to as "Business Associate". Unless the context clearly requires a
distinction between the Contract and this Agreement, all references to "Contract" shall include this Agreement.
1. PURPOSE
Covered Entity wishes to disclose information to Business Associate, which may include Protected Health
Information ("PHI"). The Parties intend to protect the privacy and security of the disclosed PHI in compliance
with the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), Pub. L. No. 104-191 (1996) as
amended by the Health Information Technology for Economic and Clinical Health Act ("HITECH Act") enacted
under the American Recovery and Reinvestment Act of 2009 ("ARRA") Pub. L. No. 111-5
(2009), implementing regulations promulgated by the U.S. Department of Health and Human Services at 45
C.F.R. Parts 160, 162 and 164 (the "HIPAA Rules") and other applicable laws, as amended. Prior to the
disclosure of PHI, Covered Entity is required to enter into an agreement with Business Associate containing
specific requirements as set forth in, but not limited to, Title 45, Sections 160.103, 164.502(e) and 164.504(e) of
the Code of Federal Regulations ("C.F.R.") and all other applicable laws and regulations, all as may be amended.
2. DEFINITIONS
The following terms used in this Agreement shall have the same meanings as in the HIPAA Rules: Breach, Data
Aggregation, Designated Record Set, Disclosure, Health Care Operations, Individual, Minimum Necessary,
Notice of Privacy Practices, Protected Health Information, Required by Law, Secretary, Security Incident,
Subcontractor, Unsecured Protected Health Information, and Use.
The following terms used in this Agreement shall have the meanings set forth below:
a. Business Associate. "Business Associate" shall have the same meaning as the term "business
associate" at 45 C.F.R. 160.103, and shall refer to Contractor.
b. Covered Entity. "Covered Entity" shall have the same meaning as the term "covered entity" at 45
C.F.R. 160.103, and shall refer to the State.
c. Information Technology and Information Security. "Information Technology" and "Information
Security" shall have the same meanings as the terms "information technology" and "information
security", respectively, in §24-37.5-102, C.R.S.
Capitalized terms used herein and not otherwise defined herein or in the HIPAA Rules shall have the meanings
ascribed to them in the Contract.
3. OBLIGATIONS AND ACTIVITIES OF BUSINESS ASSOCIATE
a. Permitted Uses and Disclosures.
Page 1 of 9
HIPAA BAA
Revised August 2018
i. Business Associate shall use and disclose PHI only to accomplish Business Associate's
obligations under the Contract.
i. To the extent Business Associate carries out one or more of Covered Entity's obligations
under Subpart E of 45 C.F.R. Part 164, Business Associate shall comply with any and all
requirements of Subpart E that apply to Covered Entity in the performance of such obligation.
Business Associate may disclose PHI to carry out the legal responsibilities of Business
Associate, provided, that the disclosure is Required by Law or Business Associate obtains
reasonable assurances from the person to whom the information is disclosed that:
A. the information will remain confidential and will be used or disclosed only as
Required by Law or for the purpose for which Business Associate originally
disclosed the information to that person, and;
B. the person notifies Business Associate of any Breach involving PHI of which it is
aware.
iii. Business Associate may provide Data Aggregation services relating to the Health Care
Operations of Covered Entity. Business Associate may de -identify any or all PHI created or
received by Business Associate under this Agreement, provided the de -identification
conforms to the requirements of the HIPAA Rules.
b. Minimum Necessary. Business Associate, its Subcontractors and agents, shall access, use, and
disclose only the minimum amount of PHI necessary to accomplish the objectives of the Contract, in
accordance with the Minimum Necessary Requirements of the HIPAA Rules including, but not
limited to, 45 C.F.R. 164.502(b) and 164.514(d).
c. Impermissible Uses and Disclosures.
i. Business Associate shall not disclose the PHI of Covered Entity to another covered entity
without the written authorization of Covered Entity.
ii. Business Associate shall not share, use, disclose or make available any Covered Entity PHI in
any form via any medium with or to any person or entity beyond the boundaries or
jurisdiction of the United States without express written authorization from Covered Entity.
d. Business Associate's Subcontractors.
Business Associate shall, in accordance with 45 C.F.R. 164.502(e)(1)(ii) and 164.308(b)(2),
ensure that any Subcontractors who create, receive, maintain, or transmit PHI on behalf of
Business Associate agree in writing to the same restrictions, conditions, and requirements that
apply to Business Associate with respect to safeguarding PHI.
ii. Business Associate shall provide to Covered Entity, on Covered Entity's request, a list of
Subcontractors who have entered into any such agreement with Business Associate.
iii. Business Associate shall provide to Covered Entity, on Covered Entity's request, copies of
any such agreements Business Associate has entered into with Subcontractors.
Page 2 of 9
HIPAA BAA
Revised August 2018
e. Access to System. If Business Associate needs access to a Covered Entity Information Technology
system to comply with its obligations under the Contract or this Agreement, Business Associate shall
request, review, and comply with any and all policies applicable to Covered Entity regarding such
system including, but not limited to, any policies promulgated by the Office of Information
Technology and available at http://oit.state.co.us/about/policies.
f. Access to PHI. Business Associate shall, within ten days of receiving a written request from Covered
Entity, make available PHI in a Designated Record Set to Covered Entity as necessary to satisfy
Covered Entity's obligations under 45 C.F.R. 164.524.
g.
Amendment of PHI.
Business Associate shall within ten days of receiving a written request from Covered Entity
make any amendment to PHI in a Designated Record Set as directed by or agreed to by
Covered Entity pursuant to 45 C.F.R. 164.526, or take other measures as necessary to satisfy
Covered Entity's obligations under 45 C.F.R. 164.526.
ii. Business Associate shall promptly forward to Covered Entity any request for amendment of
PHI that Business Associate receives directly from an Individual.
h. Accounting Rights. Business Associate shall, within ten days of receiving a written request from
Covered Entity, maintain and make available to Covered Entity the information necessary for
Covered Entity to satisfy its obligations to provide an accounting of Disclosure under 45 C.F.R.
164.528.
J•
Restrictions and Confidential Communications.
i. Business Associate shall restrict the Use or Disclosure of an Individual's PHI within ten days
of notice from Covered Entity of:
A. a restriction on Use or Disclosure of PHI pursuant to 45 C.F.R. 164.522; or
B. a request for confidential communication of PHI pursuant to 45 C.F.R. 164.522.
ii. Business Associate shall not respond directly to an Individual's requests to restrict the Use or
Disclosure of PHI or to send all communication of PHI to an alternate address.
iii. Business Associate shall refer such requests to Covered Entity so that Covered Entity can
coordinate and prepare a timely response to the requesting Individual and provide direction to
Business Associate.
Governmental Access to Records. Business Associate shall make its facilities, internal practices,
books, records, and other sources of information, including PHI, available to the Secretary for
purposes of determining compliance with the HIPAA Rules in accordance with 45 C.F.R. 160.310.
k. Audit, Inspection and Enforcement.
Business Associate shall obtain and update at least annually a written assessment performed
by an independent third party reasonably acceptable to Covered Entity, which evaluates the
Information Security of the applications, infrastructure, and processes that interact with the
Page 3 of 9
HIPAA BAA
Revised August 2018
Covered Entity data Business Associate receives, manipulates, stores and distributes. Upon
request by Covered Entity, Business Associate shall provide to Covered Entity the executive
summary of the assessment.
ii. Business Associate, upon the request of Covered Entity, shall fully cooperate with Covered
Entity's efforts to audit Business Associate's compliance with applicable HIPAA Rules. If,
through audit or inspection, Covered Entity determines that Business Associate's conduct
would result in violation of the HIPAA Rules or is in violation of the Contract or this
Agreement, Business Associate shall promptly remedy any such violation and shall certify
completion of its remedy in writing to Covered Entity.
1. Appropriate Safeguards.
i. Business Associate shall use appropriate safeguards and comply with Subpart C of 45 C.F.R.
Part 164 with respect to electronic PHI to prevent use or disclosure of PHI other than as
provided in this Agreement.
ii. Business Associate shall safeguard the PHI from tampering and unauthorized disclosures.
iii. Business Associate shall maintain the confidentiality of passwords and other data.required for
accessing this information.
iv. Business Associate shall extend protection beyond the initial information obtained from
Covered Entity to any databases or collections of PHI containing information derived from
the PHI. The provisions of this section shall be in force unless PHI is de -identified in
conformance to the requirements of the HIPAA Rules.
Safeguard During Transmission.
i. Business Associate shall use reasonable and appropriate safeguards including, without
limitation, Information Security measures to ensure that all transmissions of PHI are
authorized and to prevent use or disclosure of PHI other than as provided for by this
Agreement.
ii. Business Associate shall not transmit PHI over the internet or any other insecure or open
communication channel unless the PHI is encrypted or otherwise safeguarded with a FIPS-
compliant encryption algorithm.
Reporting of Improper Use or Disclosure and Notification of Breach.
Business Associate shall, as soon as reasonably possible, but immediately after discovery of a
Breach, notify Covered Entity of any use or disclosure of PHI not provided for by this
Agreement, including a Breach of Unsecured Protected Health Information as such notice is
required by 45 C.F.R. 164.410 or a breach for which notice is required under §24-73-103,
C.R.S.
ii. Such notice shall include the identification of each Individual whose Unsecured Protected
Health Information has been, or is reasonably believed by Business Associate to have been,
accessed, acquired, or disclosed during such Breach.
Page 4 of 9
HIPAA BAA
Revised August 2018
iii. Business Associate shall, as soon as reasonably possible, but immediately after discovery of
any Security Incident that does not constitute a Breach, notify Covered Entity of such
incident.
iv. Business Associate shall have the burden of demonstrating that all notifications were made as
required, including evidence demonstrating the necessity of any delay.
Business Associate's Insurance and Notification Costs.
i. Business Associate shall bear all costs of a Breach response including, without limitation,
notifications, and shall maintain insurance to cover:
A. loss of PHI data;
B. Breach notification requirements specified in HIPAA Rules and in §24-73-103,
C.R.S.; and
C. claims based upon alleged violations of privacy rights through improper use or
disclosure of PHI.
ii. All such policies shall meet or exceed the minimum insurance requirements of the Contract
or otherwise as may be approved by Covered Entity (e.g., occurrence basis, combined single
dollar limits, annual aggregate dollar limits, additional insured status, and notice of
cancellation).
iii. Business Associate shall provide Covered Entity a point of contact who possesses relevant
Information Security knowledge and is accessible 24 hours per day, 7 days per week to assist
with incident handling.
iv. Business Associate, to the extent practicable, shall mitigate any harmful effect known to
Business Associate of a Use or Disclosure of PHI by Business Associate in violation of this
Agreement.
Subcontractors and Breaches.
Business Associate shall enter into a written agreement with each of its Subcontractors and
agents, who create, receive, maintain, or transmit PHI on behalf of Business Associate. The
agreements shall require such Subcontractors and agents to report to Business Associate any
use or disclosure of PHI not provided for by this Agreement, including Security Incidents and
Breaches of Unsecured Protected Health Information, on the first day such Subcontractor or
agent knows or should have known of the Breach as required by 45 C.F.R. 164.410.
ii. Business Associate shall notify Covered Entity of any such report and shall provide copies of
any such agreements to Covered Entity on request.
Data Ownership.
i. Business Associate acknowledges that Business Associate has no ownership rights with
respect to the PI -II.
Page 5 of 9
HIPAA BAA
Revised August 2018
ii. Upon request by Covered Entity, Business Associate immediately shall provide Covered
Entity with any keys to decrypt information that the Business Association has encrypted and
maintains in encrypted form, or shall provide such information in unencrypted usable form.
r. Retention of PHI. Except upon termination of this Agreement as provided in Section 5, below,
Business Associate and its Subcontractors or agents shall retain all PHI throughout the term of this
Agreement, and shall continue to maintain the accounting of disclosures required under Section 3.h,
above, for a period of six years.
4. OBLIGATIONS OF COVERED ENTITY
a. Safeguards During Transmission. Covered Entity shall be responsible for using appropriate
safeguards including encryption of PHI, to maintain and ensure the confidentiality, integrity, and
security of PHI transmitted pursuant to this Agreement, in accordance with the standards and
requirements of the HIPAA Rules.
b. Notice of Changes.
Covered Entity maintains a copy of its Notice of Privacy Practices on its website. Covered
Entity shall provide Business Associate with any changes in, or revocation of, permission to use
or disclose PHI, to the extent that it may affect Business Associate's permitted or required uses
or disclosures.
ii. Covered Entity shall notify Business Associate of any restriction on the use or disclosure of
PHI to which Covered Entity has agreed in accordance with 45 C.F.R. 164.522, to the extent
that it may affect Business Associate's permitted use or disclosure of PHI.
5. TERMINATION
a. Breach.
i. In addition to any Contract provision regarding remedies for breach, Covered Entity shall
have the right, in the event of a breach by Business Associate of any provision of this
Agreement, to terminate immediately the Contract, or this Agreement, or both.
ii. Subject to any directions from Covered Entity, upon termination of the Contract, this
Agreement, or both, Business Associate shall take timely, reasonable, and necessary action to
protect and preserve property in the possession of Business Associate in which Covered
Entity has an interest.
b. Effect of Termination.
i. Upon termination of this Agreement for any reason, Business Associate, at the option of
Covered Entity, shall return or destroy all PHI that Business Associate, its agents, or its
Subcontractors maintain in any form, and shall not retain any copies of such PHI.
ii. If Covered Entity directs Business Associate to destroy the PHI, Business Associate shall
certify in writing to Covered Entity that such PHI has been destroyed.
Page 6 of 9
HIPAA BAA
Revised August 2018
iii. If Business Associate believes that returning or destroying the PHI is not feasible, Business
Associate shall promptly provide Covered Entity with notice of the conditions making return
or destruction infeasible. Business Associate shall continue to extend the protections of
Section 3 of this Agreement to such PHI, and shall limit further use of such PHI to those
purposes that make the return or destruction of such PHI infeasible.
6. INJUNCTIVE RELIEF
Covered Entity and Business Associate agree that irreparable damage would occur in the event Business
Associate or any of its Subcontractors or agents use or disclosure of PHI in violation of this Agreement, the
HIPAA Rules or any applicable law. Covered Entity and Business Associate further agree that money damages
would not provide an adequate remedy for such Breach. Accordingly, Covered Entity and Business Associate
agree that Covered Entity shall be entitled to injunctive relief, specific performance, and other equitable relief to
prevent or restrain any Breach or threatened Breach of and to enforce specifically the terms and provisions of this
Agreement.
7. LIMITATION OF LIABILITY
Any provision in the Contract limiting Contractor's liability shall not apply to Business Associate's liability under
this Agreement, which shall not be limited.
8. DISCLAIMER
Covered Entity makes no warranty or representation that compliance by Business Associate with this Agreement
or the HIPAA Rules will be adequate or satisfactory for Business Associate's own purposes. Business Associate
is solely responsible for all decisions made and actions taken by Business Associate regarding the safeguarding of
PHI.
9. CERTIFICATION
Covered Entity has a legal obligation under HIPAA Rules to certify as to Business Associate's Information
Security practices. Covered Entity or its authorized agent or contractor shall have the right to examine Business
Associate's facilities, systems, procedures, and records, at Covered Entity's expense, if Covered Entity
determines that examination is necessary to certify that Business Associate's Information Security safeguards
comply with the HIPAA Rules or this Agreement.
10. AMENDMENT
a. Amendment to Comply with Law. The Parties acknowledge that state and federal laws and
regulations relating to data security and privacy are rapidly evolving and that amendment of this
Agreement may be required to provide procedures to ensure compliance with such developments.
i. In the event of any change to state or federal laws and regulations relating to data security
and privacy affecting this Agreement, the Parties shall take such action as is necessary to
implement the changes to the standards and requirements of HIPAA, the HIPAA Rules
and other applicable rules relating to the confidentiality, integrity, availability and
security of PHI with respect to this Agreement.
Page 7 of 9
HIPAA BAA
Revised August 2018
ii. Business Associate shall provide to Covered Entity written assurance satisfactory to
Covered Entity that Business Associate shall adequately safeguard all PHI, and obtain
written assurance satisfactory to Covered Entity from Business Associate's
Subcontractors and agents that they shall adequately safeguard all PHI.
iii. Upon the request of either Party, the other Party promptly shall negotiate in good faith the
terms of an amendment to the Contract embodying written assurances consistent with the
standards and requirements of HIPAA, the HIPAA Rules, or other applicable rules.
iv. Covered Entity may terminate this Agreement upon 30 days' prior written notice in the event
that:
A. Business Associate does not promptly enter into negotiations to amend the Contract
and this Agreement when requested by Covered Entity pursuant to this Section; or
B. Business Associate does not enter into an amendment to the Contract and this
Agreement, which provides assurances regarding the safeguarding of PHI sufficient,
in Covered Entity's sole discretion, to satisfy the standards and requirements of the
HIPAA, the HIPAA Rules and applicable law.
b. Amendment of Appendix. The Appendix to this Agreement may be modified or amended by the
mutual written agreement of the Parties, without amendment of this Agreement. Any modified or
amended Appendix agreed to in writing by the Parties shall supersede and replace any prior version
of the Appendix.
11. ASSISTANCE IN LITIGATION OR ADMINISTRATIVE PROCEEDINGS
Covered Entity shall provide written notice to Business Associate if litigation or administrative proceeding is
commenced against Covered Entity, its directors, officers, or employees, based on a claimed violation by
Business Associate of HIPAA, the HIPAA Rules or other laws relating to security and privacy or PHI. Upon
receipt of such notice and to the extent requested by Covered Entity, Business Associate shall, and shall cause its
employees, Subcontractors, or agents assisting Business Associate in the performance of its obligations under the
Contract to, assist Covered Entity in the defense of such litigation or proceedings. Business Associate shall, and
shall cause its employees, Subcontractor's and agents to, provide assistance, to Covered Entity, which may
include testifying as a witness at such proceedings. Business Associate or any of its employees, Subcontractors or
agents shall not be required to provide such assistance if Business Associate is a named adverse party.
12. INTERPRETATION AND ORDER OF PRECEDENCE
Any ambiguity in this Agreement shall be resolved in favor of a meaning that complies and is consistent with the
HIPAA Rules. In the event of an inconsistency between the Contract and this Agreement, this Agreement shall
control. This Agreement supersedes and replaces any previous, separately executed HIPAA business associate
agreement between the Parties.
13. SURVIVAL
Provisions of this Agreement requiring continued performance, compliance, or effect after termination shall
survive termination of this contract or this agreement and shall be enforceable by Covered Entity.
Page 8 of 9
HIPAA BAA
Revised August 2018
APPENDIX TO HIPAA BUSINESS ASSOCIATE AGREEMENT
This Appendix ("Appendix") to the HIPAA Business Associate Agreement ("Agreement") is s an appendix to the
Contract and the Agreement. For the purposes of this Appendix, defined terms shall have the meanings ascribed
to them in the Agreement and the Contract.
Unless the context clearly requires a distinction between the Contract, the Agreement, and this Appendix, all
references to "Contract" or "Agreement" shall include this Appendix.
1. PURPOSE
This Appendix sets forth additional terms to the Agreement. Any sub -section of this Appendix marked as
"Reserved" shall be construed as setting forth no additional terms.
2. ADDITIONAL TERMS
a. Additional Permitted Uses. In addition to those purposes set forth in the Agreement, Business
Associate may use PHI for the following additional purposes:
i. None except as otherwise directed in writing by the State.
b. Additional Permitted Disclosures. In addition to those purposes set forth in the Agreement, Business
Associate may disclose PHI for the following additional purposes:
i. None except as otherwise directed in writing by the State
c. Approved Subcontractors. Covered Entity agrees that the following Subcontractors or agents of
Business Associate may receive PHI under the Agreement:
i. None except as otherwise directed in writing by the State
d. Definition of Receipt of PHI. Business Associate's receipt of PHI under this Contract shall be
deemed to occur, and Business Associate's obligations under the Agreement shall commence, as
follows:
i. None except as otherwise directed in writing by the State
e. Additional Restrictions on Business Associate. Business Associate agrees to comply with the
following additional restrictions on Business Associate's use and disclosure of PHI under the
Contract:
i. None except as otherwise directed in writing by the State
f. Additional Terms. Business Associate agrees to comply with the following additional terms under the
Agreement:
i. As may be directed in writing by the State
Page 9 of 9
HIPAA BAA
Revised August 2018
Contract Form
New Contract Request
Entity Information
Entity Name* Entity ID*
COLORADO DEPARTMENT OF HUMAN O00003650
SERVICES
Contract Name*
COLORADO DEPARTMENT OF HUMAN SERVICES (AAA
GRANT PROGRAM HILL N PARK BUILD PURCHASE ORDER)
Contract Status
CTB REVIEW
Contract ID
7162
Contract Lead*
COBBXXLK
New Entity?
Parent Contract ID
20213415
Requires Board Approval
YES
Contract Lead Email Department Project #
cobbxxlkx.nco.weld.co.us
Contract Description*
COLORADO DEPARTMENT OF HUMAN SERVICES AAA GRANT PROGRAM HILL N PARK BUILD PURCHASE ORDER (PO) - RESULT
FROM GRANT AWARD TYLER 10.2022-0979. PO FUNDING IS $877,700.00.
Contract Description 2
PA ROUTING THROUGH NORMAL APPROVAL PROCESS. ETA TO CTB 6, 29;2.3.
Contract Type*
WORK ORDER
Amount*
S877,700.00
Renewable*
NO
Automatic Renewal
Grant
IGA
Department
HUMAN SERVICES
Department Email
CM-
HumanServices4weldgov.co
Department Head Email
CM -Hu manServices-
DeptHeadUweldgov.com
County Attorney
GENERAL COUNTY
ATTORNEY EMAIL
County Attorney Email
CM-
COU NTYATTO RN EYSRW ELDG
OV.COM
Requested ROCC Agenda
Date*
07,05;2023
Due Date
07x01!2023
Will a work session with BOCC be required?*
NO
Does Contract require Purchasing Dept. to be included?
If this is a renewal enter previous Contract. ID
If this is part of a MSA enter MSA Contract ID
Note_ the Previous Contract Number and Master Services Agreement Number should be left blank if those contracts are not in
OnBase
Contract Dates
Effective Date
Review Date*
0 31 2022
Renewal Date
Termination Notice Period
Contact Information
Contact Info
Contact Name
Purchasing
Committed Delivery Date
Expiration Date*
12 30.'2022
Contact Type Contact Email Contact Phone 1 Contact Phone 2
Purchasing Approver Purchasing Approved Date
Approval Process
Department Head
JAMIE ULRICH
DH Approved Date
06!23:2023
Final Approval
BOCC Approved
BOCC Signed Date
BOCC Agenda Date
07f05;2023
Originator
CORB.XXLK
Finance Approver
CHERYL PATTELLI
Legal Counsel
BYRON HOWELL
Finance Approved Date Legal Counsel Approved Date
06126x'2023 06;26'2023
Tyler Ref
AG 070523
Hello