The URL can be used to link to this page

Browse Search

Home My WebLink About20232041.tiffRESOLUTION RE: APPROVE ACCEPTANCE OF PURCHASE ORDER FUNDS FOR CONTRACT TO SERVE AS SINGLE ENTRY POINT AGENCY FOR LONG-TERM CARE SERVICES, AND AUTHORIZE DEPARTMENT OF HUMAN SERVICES TO DISBURSE FUNDS WHEREAS, the Board of County Commissioners of Weld County, Colorado, pursuant to Colorado statute and the Weld County Home Rule Charter, is vested with the authority of administering the affairs of Weld County, Colorado, and WHEREAS, the Board has been presented with a Purchase Order for the Contract to Serve as a Single Entry Point Agency for Long -Term Care Services between the County of Weld, State of Colorado, by and through the Board of County Commissioners of Weld County, on behalf of the Department of Human Services, and the Colorado Department of Human Services, commencing July 1, 2023, and ending June 30, 2024, with further terms and conditions being as stated in said purchase order, and WHEREAS, after review, the Board deems it advisable to approve said purchase order, a copy of which is attached hereto and incorporated herein by reference. NOW, THEREFORE, BE IT RESOLVED by the Board of County Commissioners of Weld County, Colorado, that the Purchase Order for the Contract to Serve as a Single Entry Point Agency for Long -Term Care Services between the County of Weld, State of Colorado, by and through the Board of County Commissioners of Weld County, on behalf of the Department of Human Services, and the Colorado Department of Human Services, be, and hereby is, approved. BE IT FURTHER RESOLVED by the Board that the Purchase Order be, and hereby is, accepted, and the Department of Human Services, be, and hereby, is authorized to disburse said funds. The above and foregoing Resolution was, on motion duly made and seconded, adopted by the following vote on the 19th day of July, A.D., 2023, nunc pro tunc July 1, 2023. BOARD OF COUNTY COMMISSIONERS WELD COUNTY, COLORADO ATTEST: dia.4.O �Clto•� Weld County Clerk to the Board Bk.:Atm-614 OaNOlz-16- Deputy Clerk to the Board AP"•VED o ty ttorney f Date of signature: Mikan, Chair erry . Buc j Pro-Tem aine ccSD cg/I5 /23 2023-2041 HR0095 Con-hVcCc-V V 7217_ PRIVILEGED AND CONFIDENTIAL MEMORANDUM DATE: July 11, 2023 TO: Board of County Commissioners — Pass -Around FR: Jamie Ulrich, Director, Human Services RE: State Fiscal Year (SFY) 2023-2024 Single Entry Point (SEP) Contract Purchase Order Please review and indicate if you would like a work session prior to placing this item on the Board's agenda. Request Board Approval of the Department's State Fiscal Year (SFY) 2023-2024 Single Entry Point (SEP) Contract Purchase Order. Related to the Single Entry Point (SEP) contract #21-160398, known to the Board as Tyler ID#2020-1636, the Weld County Area Agency on Aging (AAA) has received $45,767.22 in funds per the Purchase order IHGA 202400000925 issued from the Colorado Department of Human Services (CDHS). The Weld County Department of Human Services (WCDHS) AAA receives funding annually from Health Care Policy and Finance (HCPF) to provide long-term care information, screening, assessment of need, and service coordination to appropriate long-term care case management for disabled and older adults in Weld County. These services provide individuals the opportunity to remain in the community as an alternative to entering an institutional setting such as a naming home. I do not recommend a Work Session. I recommend approval of this Purchase Order and authorize the WCDHS to dispense the purchase order funds as appropriate. Perry L. Buck, Pro-Tem Mike Freeman, Chair Scott K. James Kevin D. Ross Lori Saine Approve Schedule Recommendation Work Session Other/Comments: Pass -Around Memorandum; July 11, 2023 — CMS ID 7212 Pan. t 2023-2041 7/19 H12-0095 STATE OF COLORADO Department of Human Services • Number: PO,IHGA,202400000925 Date: 6/6/23 Description: SFY24; Weld; SEPHCA; CFMS non-encum Effective Date: 07/01/23 Ex a iration Date: 06/30/24 Page 1 of 1 **IMPORTANT*** The order number and line number must appear on all invoices, packing slips, cartons, and correspondence. BILL TO ACCOUNTING 1575 SHERMAN STREET, 6TH FLOOR DENVER, CO 80203-1714 BUYER SHIP TO Buyer: Email: JIAMIR MIRABAL jiamir.mirabalstate.co.us WELD COUNTY Human Services P O BOX 1805 GREELEY, CO 80632-1805 Contact: Phone: VENDOR 9703521551 ENDOR INSTRUCTIONS SELF SUFFICIENCY--COLO WORKS 1575 SHERMAN STREET, 3RD FLOOR DENVER, CO 80203-1714 HIPPING INSTRUCTIONS Delivery/Install Date: FOB: EXTENDED DESCRIPTION Purchase Order for the SEP Home Care Allowance (HCA) program. The Contractor shall perform the functions of the SEP for determination of functional eligibility for the HCA program as outlined in state statute (26-2-122.3 and 26-2-122.4 C.R.S.) and regulations (9 CCR 2503-5, Volume 3, Sections 3.570.1), including but not limited to: initial intake/screening/referral, assessment, determination of functional eligibility, care planning, case management, reassessment, and case closure. Please reference attached documents. Line Item Commodity/Item Code UOM QTY Unit Cost Total Cost MSDS Req. 1 95200 0 0.00 $45,767.22 Description: SFY24 Weld SEPHCA; CFMS non-encumb ■ Service From: 07/01/23 Service To: 06/30/24 TERMS AND CONDITIONS https://www.colorado.gov/osc/purchase-order-terms-conditions DOCUMENT TOTAL = $45367.22 EXHIBIT A STATEMENT OF WORK SFY 2024 — July 1, 2023 - June 30, 2024 A. The Contractor shall perform its obligations and the functions of a Single Entry Point (SEP) agency as defined by Colorado Revised Statute at Title 25.5 Article 6 and Title 26 Article 2 and by regulations applicable to the SEP system at 10 CCR 2505-10 and 9 CCR 2503- 5. B. The Contractor shall perform its obligations within all provisions of state law and regulations promulgated pursuant thereto and including without limitation those promulgated by the Colorado Department of Human Services (the Department). C. The Contractor shall perform its obligations and the functions of a SEP agency for the following counties: 1. Weld County D. The Contractor shall perform the functions required of the SEP for determination of functional eligibility for the Home Care Allowance (HCA) program as outlined in state statute (§26-2-122.3 and §26-2-122.4 C.R.S.) and regulations (9 CCR 2503-5, Volume 3, Sections 3.570.1), including but not limited to: 1. Initial intake/screening/referral; 2. Assessment; 3. Determination of functional eligibility; 4. Care planning; 5. Case management; 6. Reassessment; and, 7. Case closure. E. The Contractor, in accordance with the State statutes and regulations, shall submit to and be available for performance review related to the Contract, Statement of Work, and implementation of the HCA program, which may include but is not limited to: 1. State -prescribed information management system reviews and/or audits; on -site visits, evaluations, and/or audits; self -evaluation and reporting to determine compliance with program and administrative requirements; and/or client surveys. a. The Contractor shall comply with the State Department's HCA SEP Monitoring process, which may include, but is not limited to: communicating with the Department, submitting the required number of self reviews assigned by the Department by the due date each month, participating in training conducted by the State Department, providing documentation as requested by the State office, and will comply with other monitoring requirements as required by the State office. 2. Evaluation of agency performance related to: a. Quality of service provided; b. Compliance with program requirements; Exhibit A Statement of Work Page 1 of 6 05/05/2023 c. Case management; d. Timeliness; e. Performance of administrative functions; f. Cost per client; g. Communication with clients; h. Client monitoring; and, i. Financial accountability. F The Contractor shall perform all necessary administrative and oversight functions for the operation of a SEP Agency as defined in the State statutes and regulations identified in "A", above. These functions include but are not limited to: 1. Administering a personnel system for recruiting, hiring, evaluating, and terminating employees. 2. Providing qualified staff to perform all duties of the SEP agency, including but not limited to administrative, supervisory, and case management functions. 3. Maintaining staffing levels to operate the SEP agency at least forty (40) hours per week during regular business office hours to applicants, clients, service providers, and others at an accessible office. Regular business office hours of operation shall be posted and made available to the public and accommodations shall be made available for clients who need assistance or consultation outside regular business office hours. 4. Ensuring staff has sufficient training and experience to complete all portions of the work assigned to them as defined in this Contract and rule. 5. Providing a telephone system and trained staff to ensure timely response to messages, access to telecommunication devices and/or interpreters for the hearing and vocally impaired, and access to foreign language interpreters, as needed. 6. Performing accounting tasks in compliance with all rules and regulations for accounting practices. 7. Ensuring the authorization and administration of services through the HCA program, which are publicly funded programs, shall be in accordance with the program's eligibility criteria as defined by applicable state statutes and regulations, as they exist on the date this Contract is executed and as they may later be amended. 8. Attending county level and/or Administrative Law Judge (ALJ) hearings when the SEP agency denies approval or implements other adverse action against an applicant/client and the applicant/client appeals. The Contractor shall defend their decision as described in 9 CCR 2503-5 and 10 CCR 2505-10, to include presentation of supporting evidence and filing exceptions if necessary. 9. The Contractor shall have a plan to overcome any geographic barriers within the district, including distance from the agency office to provide timely assessment and case management services to clients, as outlined in 9 CCR 2503-5. Exhibit A Statement of Work Page 2 of 6 05/05/2023 10. Following the standards set by the Department. These standards include Agency Letters/Memos and written documents from Department -approved training. 11. The Contractor shall submit monthly reporting, using the format in Exhibit E, HCA Counts, of the client counts/case activities for the implementation of the HCA program to the Department based on information documented in the State - prescribed information management system. This information will be submitted to the Department by the 20th day of the following month for which data has been collected. This information will be submitted via email to cdhs dews contractsastate.co.us. 12. The Contractor shall obtain access to the Colorado Benefits Management System (CBMS) through their county department for all personnel conducting HCA functional assessments and other case management activities related to HCA, those personnel must complete all required CBMS access training, and the SEP agency must ensure personnel is trained on use. G. The Contractor shall perform all necessary applicant/client functions related to intake, assessment, case management, and other client -related functions for the implementation of the HCA program, as defined in the State statutes and regulations (identified in "A", above). These functions include but are not limited to: 1. Protecting applicant/client's rights. 2. Facilitating the application process for applicants, responding in a timely manner to all referrals, and providing appropriate and timely access to services, as outlined in 9 CCR 2503-5. 3. If the client is not functionally eligible for Home and Community Based Services (HCBS) through Medicaid, the Contractor shall conduct a thorough assessment of care needs and determine functional eligibility and the need for paid care score using the functional assessment in CBMS. 4. Identifying resources to assure the most appropriate public and private resources to serve the applicant/client's needs. The determination of appropriate resources shall not supplant but support self -care, family care, and other informal community based resources. 5. Establishing a care plan with input from the applicant/client. Services identified in the care plan shall not exceed the type and amount of services medically and/or functionally required for the applicant/client. 6. Providing case management services as outlined in 9 CCR 2503-5. 7. Assuring that a client who receives case management services receives the type and amount of HCA services listed in the care plan and client/provider agreement. 8. A review of the client's assessment and care plan will take place with the client six (6) months following the assessment completion date. Reviews of assessments and care plans must also take place with the client six (6) months after any re - Exhibit A Statement of Work Page 3 of 6 05/05/2023 assessment is completed. The client shall be re-evaluated for functional eligibility for HCBS prior to completing an HCA assessment at each functional assessment. If the client is not functionally eligible for HCBS, they may be eligible for HCA. As Public Health Orders allow, face-to-face functional reassessment shall be completed within twelve (12) months of the initial functional assessment and every twelve (12) months thereafter. A reassessment shall be completed sooner if the client's condition changes. 9. Revising the care plan and need for paid care score or closing the HCA case, as appropriate depending on the client's changing needs. H. The Contractor shall perform all necessary general functions related to administration of the HCA program, as defined in the State statutes and regulations (identified in "A", above). These functions include but are not limited to: 1. Following the standards set by the Department, including policy directives and other guidelines and training provided by the Department. 2. Providing accurate and timely processing of new applicants. 3. Documenting agency and case -related activities timely, as outlined in 9 CCR 2503- 5, including but not limited to: a. Documenting complaints from clients in the case file. b. Referring complaints regarding quality of care issues against a provider to the Colorado Department of Public Health and Environment and/or Adult Protective Services. c. Effectively utilizing CBMS and any other State -prescribed form or system. Information to be documented when not available in CBMS includes, but is not limited to: 1) Collection and reporting of client specific data pertaining to information and referral services; 2) Program eligibility determination; 3) Care planning; 4) Case management and case activities, including service delivery and effectiveness; 5) Service authorization; and 6) Resource development. 4. Documenting client functional assessment eligibility in CBMS and providing other required documentation to the County departments of human/social services and/or Department necessary for eligibility determination purposes, all within the prescribed timeframes. Exhibit A Statement of Work Page 4 of 6 05/05/2023 5. Cooperating with the Department, the Community Center Boards (CCBs), mental health facilities, and other community organizations for the admission of clients with/to the HCA program. 6. Providing a referral to other resources to appropriately manage care needs if the applicant/client is ineligible or would be inappropriate for the HCA program. 7. Contacting each SEP and County department when transferring a client from one county to another county or from one SEP district to another to make arrangements to coordinate the transfer of a case in CBMS to avoid service disruption to the recipient. I. Performance Standards 1. The Contractor shall maintain a performance score of 90 or higher on the semi- annual Administrative Monitoring Tool for HCA Program Implementation, attached as Exhibit D. Failure to maintain this standard may result in an order for corrective action and immediate remedy. This Tool is to be submitted no later than October 15. and March 15th. This Administrative Monitoring Tool should be submitted via email to cdhs DEWS contracts(cistate.co.us. 2. The Contractor shall fully document all attempts to conduct assessments within the timeframes specified in Adult Financial rule and must share documentation within 30 days of the Department's request. Failure to conduct assessments within timeframes without adequate documentation to support delays may result in an order for corrective action and immediate remedy. J. Payment 1. The Contractor will receive one twelfth (1/12th) of their full allocation monthly. The full allocation can be found on the Contract or Purchase Order cover sheet. This payment is to be processed by the Department no later than the tenth (10th) of the month following the month which services occurred. County Vendors will utilize CFMS as a payment system and must enter data into CFMS to receive their payment. The Department will enter and remit payments through CORE for all other Vendors that are not County entities. a. Supporting Documentation i. The Contractor shall keep on site for State review, for the Contract term, plus 4 years, the following supporting documentation for each invoice: 1. Non -personnel reimbursements must be supported by a general ledger or subledger detail generated from an accounting system. 2. The ledger detail should include payee, description, date, and amount. 3. For participant services, participant name and purpose must be maintained on file (when appropriate release forms are signed by participant). Exhibit A Statement of Work Page 5 of 6 05/05/2023 4. Documentation shall include all receipts and/or other original supporting documents. 5. Travel expenditures shall include a travel expense report. b. For personnel requests, an excerpt of the payroll register from the paying system is acceptable. The payroll register should identify staff, period paid, salary, and itemized taxes and benefits. c. All funds must be expended within the Contract/Purchase Order period. d. If monthly reporting is not submitted in accordance with the schedule outlined above, or if deliverables are not met, the State reserves the right to withhold future payments until all reporting is received and deliverables are met. Exhibit A Statement of Work Page 6 of 6 05/05/2023 EXHIBIT B Weld County BUDGET - SFY 2024 July 1, 2023 THROUGH June 30, 2024 List of Counties that above named Vendor will perform Single Entry Point (SEP) functions and obligations for: Weld County BUDGET DETAIL TOTAL Intake, Services Assessment, for the Home and Care Case Allowance Management Program GRAND TOTAL $ 45,767.22 Vendor will be paid 1/12 of their total allocation (above) each month for performing SEP functions as outlined in the Statement of Work The parties understand and agree that the Contract fixed price for any given year of the Contract term is determined by calculating the monthly average percentage of HCA clients served by the Contractor in the year prior to any such given year out of the total monthly average number of HCA clients in the State in such prior year. a COLORADO Financial Services Department or Human Services Dndston of Contracts and Procurement EXHIBIT C - HIPAA BUSINESS ASSOCIATE AGREEMENT This HIPAA Business Associate Agreement ("Agreement") between the State and Contractor is agreed to in connection with, and as an exhibit to, the Contract. For purposes of this Agreement, the State is referred to as "Covered Entity" and the Contractor is referred to as "Business Associate". Unless the context clearly requires a distinction between the Contract and this Agreement, all references to "Contract" shall include this Agreement. 1. PURPOSE Covered Entity wishes to disclose information to Business Associate, which may include Protected Health Information ("PHI"). The Parties intend to protect the privacy and security of the disclosed PHI in compliance with the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), Pub. L. No. 104-191 (1996) as amended by the Health Information Technology for Economic and Clinical Health Act ("HITECH Act") enacted under the American Recovery and Reinvestment Act of 2009 ("ARRA") Pub. L. No. 111-5 (2009), implementing regulations promulgated by the U.S. Department of Health and Human Services at 45 C.F.R. Parts 160, 162 and 164 (the "HIPAA Rules") and other applicable laws, as amended. Prior to the disclosure of PHI, Covered Entity is required to enter into an agreement with Business Associate containing specific requirements as set forth in, but not limited to, Title 45, Sections 160.103, 164.502(e) and 164.504(e) of the Code of Federal Regulations ("C.F.R.") and all other applicable laws and regulations, all as may be amended. 2. DEFINITIONS The following terms used in this Agreement shall have the same meanings as in the HIPAA Rules: Breach, Data Aggregation, Designated Record Set, Disclosure, Health Care Operations, Individual, Minimum Necessary, Notice of Privacy Practices, Protected Health Information, Required by Law, Secretary, Security Incident, Subcontractor, Unsecured Protected Health Information, and Use. The following terms used in this Agreement shall have the meanings set forth below: a. Business Associate. "Business Associate" shall have the same meaning as the term "business associate" at 45 C.F.R. 160.103, and shall refer to Contractor. b. Covered Entity. "Covered Entity" shall have the same meaning as the term "covered entity" at 45 C.F.R. 160.103, and shall refer to the State. c. Information Technology and Information Security. "Information Technology" and "Information Security" shall have the same meanings as the terms "information technology" and "information security", respectively, in §24-37.5-102, C.R.S. Capitalized terms used herein and not otherwise defined herein or in the HIPAA Rules shall have the meanings ascribed to them in the Contract. Page 1 of 10 HIPAA BAA Revised August 2018 rte Financial Services COLORADO Caperton* « Human Semces Division of Contracts and Procurement 3. OBLIGATIONS AND ACTIVITIES OF BUSINESS ASSOCIATE a. Permitted Uses and Disclosures. i. Business Associate shall use and disclose PHI only to accomplish Business Associate's obligations under the Contract. ii. To the extent Business Associate carries out one or more of Covered Entity's obligations under Subpart E of 45 C.F.R. Part 164, Business Associate shall comply with any and all requirements of Subpart E that apply to Covered Entity in the performance of such obligation. iii. Business Associate may disclose PHI to carry out the legal responsibilities of Business Associate, provided, that the disclosure is Required by Law or Business Associate obtains reasonable assurances from the person to whom the information is disclosed that: A. the information will remain confidential and will be used or disclosed only as Required by Law or for the purpose for which Business Associate originally disclosed the information to that person, and; B. the person notifies Business Associate of any Breach involving PHI of which it is aware. iv. Business Associate may provide Data Aggregation services relating to the Health Care Operations of Covered Entity. Business Associate may de -identify any or all PHI created or received by Business Associate under this Agreement, provided the de -identification conforms to the requirements of the HIPAA Rules. b. Minimum Necessary. Business Associate, its Subcontractors and agents, shall access, use, and disclose only the minimum amount of PHI necessary to accomplish the objectives of the Contract, in accordance with the Minimum Necessary Requirements of the HIPAA Rules including, but not limited to, 45 C.F.R. 164.502(b) and 164.514(d). c. Impermissible Uses and Disclosures. i. Business Associate shall not disclose the PHI of Covered Entity to another covered entity without the written authorization of Covered Entity. ii. Business Associate shall not share, use, disclose or make available any Covered Entity PHI in any form via any medium with or to any person or entity beyond the boundaries or jurisdiction of the United States without express written authorization from Covered Entity. d. Business Associate's Subcontractors. i. Business Associate shall, in accordance with 45 C.F.R. 164.502(e)(1)(ii) and 164.308(b)(2), ensure that any Subcontractors who create, receive, maintain, or transmit PHI on behalf of Page 2 of 10 HIPAA BAA Revised August 2018 COLORADO Financial Services Department of Human Sarwces Divismn o1 Contracts and Procureme Business Associate agree in writing to the same restrictions, conditions, and requirements that apply to Business Associate with respect to safeguarding PHI. ii. Business Associate shall provide to Covered Entity, on Covered Entity's request, a list of Subcontractors who have entered into any such agreement with Business Associate. iii. Business Associate shall provide to Covered Entity, on Covered Entity's request, copies of any such agreements Business Associate has entered into with Subcontractors. e. f. g• Access to System. If Business Associate needs access to a Covered Entity Information Technology system to comply with its obligations under the Contract or this Agreement, Business Associate shall request, review, and comply with any and all policies applicable to Covered Entity regarding such system including, but not limited to, any policies promulgated by the Office of Information Technology and available at http://oit.state.co.us/about/policies. Access to PHI. Business Associate shall, within ten days of receiving a written request from Covered Entity, make available PHI in a Designated Record Set to Covered Entity as necessary to satisfy Covered Entity's obligations under 45 C.F.R. 164.524. Amendment of PHI. i. Business Associate shall within ten days of receiving a written request from Covered Entity make any amendment to PHI in a Designated Record Set as directed by or agreed to by Covered Entity pursuant to 45 C.F.R. 164.526, or take other measures as necessary to satisfy Covered Entity's obligations under 45 C.F.R. 164.526. ii. Business Associate shall promptly forward to Covered Entity any request for amendment of PHI that Business Associate receives directly from an Individual. h. Accounting Rights. Business Associate shall, within ten days of receiving a written request from Covered Entity, maintain and make available to Covered Entity the information necessary for Covered Entity to satisfy its obligations to provide an accounting of Disclosure under 45 C.F.R. 164.528. Restrictions and Confidential Communications. i. Business Associate shall restrict the Use or Disclosure of an Individual's PHI within ten days of notice from Covered Entity of: A. a restriction on Use or Disclosure of PHI pursuant to 45 C.F.R. 164.522; or B. a request for confidential communication of PHI pursuant to 45 C.F.R. 164.522. ii. Business Associate shall not respond directly to an Individual's requests to restrict the Use or Disclosure of PHI or to send all communication of PHI to an alternate address. Page 3 of 10 HIPAA BAA Revised August 2018 COLORADO Financial Services Department or Huron Sava. Otvtion of Contracts and Procurement iii. Business Associate shall refer such requests to Covered Entity so that Covered Entity can coordinate and prepare a timely response to the requesting Individual and provide direction to Business Associate. J• Governmental Access to Records. Business Associate shall make its facilities, internal practices, books, records, and other sources of information, including PHI, available to the Secretary for purposes of determining compliance with the HIPAA Rules in accordance with 45 C.F.R. 160.310. k. Audit, Inspection and Enforcement. Business Associate shall obtain and update at least annually a written assessment performed by an independent third party reasonably acceptable to Covered Entity, which evaluates the Information Security of the applications, infrastructure, and processes that interact with the Covered Entity data Business Associate receives, manipulates, stores and distributes. Upon request by Covered Entity, Business Associate shall provide to Covered Entity the executive summary of the assessment. ii. Business Associate, upon the request of Covered Entity, shall fully cooperate with Covered Entity's efforts to audit Business Associate's compliance with applicable HIPAA Rules. If, through audit or inspection, Covered Entity determines that Business Associate's conduct would result in violation of the HIPAA Rules or is in violation of the Contract or this Agreement, Business Associate shall promptly remedy any such violation and shall certify completion of its remedy in writing to Covered Entity. 1. Appropriate Safeguards. i. Business Associate shall use appropriate safeguards and comply with Subpart C of 45 C.F.R. Part 164 with respect to electronic PHI to prevent use or disclosure of PHI other than as provided in this Agreement. ii. Business Associate shall safeguard the PHI from tampering and unauthorized disclosures. iii. Business Associate shall maintain the confidentiality of passwords and other data required for accessing this information. iv. Business Associate shall extend protection beyond the initial information obtained from Covered Entity to any databases or collections of PHI containing information derived from the PHI. The provisions of this section shall be in force unless PHI is de -identified in conformance to the requirements of the HIPAA Rules. m. Safeguard During Transmission. i. Business Associate shall use reasonable and appropriate safeguards including, without limitation, Information Security measures to ensure that all transmissions of PHI are authorized and to prevent use or disclosure of PHI other than as provided for by this Agreement. Page 4 of 10 HIPAA BAA Revised August 2018 COLORADO Finances Services ONPan merit of Human Services DivtsIon of Contracts and Procurement ii. Business Associate shall not transmit PHI over the internet or any other insecure or open communication channel unless the PHI is encrypted or otherwise safeguarded with a FIPS- compliant encryption algorithm. Reporting of Improper Use or Disclosure and Notification of Breach. Business Associate shall, as soon as reasonably possible, but immediately after discovery of a Breach, notify Covered Entity of any use or disclosure of PHI not provided for by this Agreement, including a Breach of Unsecured Protected Health Information as such notice is required by 45 C.F.R. 164.410 or a breach for which notice is required under §24-73-103, C.R.S. ii. Such notice shall include the identification of each Individual whose Unsecured Protected Health Information has been, or is reasonably believed by Business Associate to have been, accessed, acquired, or disclosed during such Breach. iii. Business Associate shall, as soon as reasonably possible, but immediately after discovery of any Security Incident that does not constitute a Breach, notify Covered Entity of such incident. iv. Business Associate shall have the burden of demonstrating that all notifications were made as required, including evidence demonstrating the necessity of any delay. Business Associate's Insurance and Notification Costs. i. Business Associate shall bear all costs of a Breach response including, without limitation, notifications, and shall maintain insurance to cover: A. loss of PHI data; B. Breach notification requirements specified in HIPAA Rules and in §24-73-103, C.R.S.; and C. claims based upon alleged violations of privacy rights through improper use or disclosure of PHI. ii. All such policies shall meet or exceed the minimum insurance requirements of the Contract or otherwise as may be approved by Covered Entity (e.g., occurrence basis, combined single dollar limits, annual aggregate dollar limits, additional insured status, and notice of cancellation). iii. Business Associate shall provide Covered Entity a point of contact who possesses relevant Information Security knowledge and is accessible 24 hours per day, 7 days per week to assist with incident handling. Page 5 of 10 HIPAA BAA Revised August 2018 Ate P. q. COLORADO Financial sue«. Department or Human Sera.. Divisson of Contracts and Procurement iv. Business Associate, to the extent practicable, shall mitigate any harmful effect known to Business Associate of a Use or Disclosure of PHI by Business Associate in violation of this Agreement. Subcontractors and Breaches. Business Associate shall enter into a written agreement with each of its Subcontractors and agents, who create, receive, maintain, or transmit PHI on behalf of Business Associate. The agreements shall require such Subcontractors and agents to report to Business Associate any use or disclosure of PHI not provided for by this Agreement, including Security Incidents and Breaches of Unsecured Protected Health Information, on the first day such Subcontractor or agent knows or should have known of the Breach as required by 45 C.F.R. 164.410. ii. Business Associate shall notify Covered Entity of any such report and shall provide copies of any such agreements to Covered Entity on request. Data Ownership. i. Business Associate acknowledges that Business Associate has no ownership rights with respect to the PHI. ii. Upon request by Covered Entity, Business Associate immediately shall provide Covered Entity with any keys to decrypt information that the Business Association has encrypted and maintains in encrypted form, or shall provide such information in unencrypted usable form. r. Retention of PHI. Except upon termination of this Agreement as provided in Section 5, below, Business Associate and its Subcontractors or agents shall retain all PHI throughout the term of this Agreement, and shall continue to maintain the accounting of disclosures required under Section 3.h, above, for a period of six years. 4. OBLIGATIONS OF COVERED ENTITY a. Safeguards During Transmission. Covered Entity shall be responsible for using appropriate safeguards including encryption of PHI, to maintain and ensure the confidentiality, integrity, and security of PHI transmitted pursuant to this Agreement, in accordance with the standards and requirements of the HIPAA Rules. b. Notice of Changes. Covered Entity maintains a copy of its Notice of Privacy Practices on its website. Covered Entity shall provide Business Associate with any changes in, or revocation of, permission to use or disclose PHI, to the extent that it may affect Business Associate's permitted or required uses or disclosures. Page 6 of 10 HIPAA BAA Revised August 2018 a COLORADO Financial Services C�pmaweerxf of Murrmr S.rvu;s Division of Contracts and Procurement ii. Covered Entity shall notify Business Associate of any restriction on the use or disclosure of PHI to which Covered Entity has agreed in accordance with 45 C.F.R. 164.522, to the extent that it may affect Business Associate's permitted use or disclosure of PHI. 5. TERMINATION a. Breach. i. In addition to any Contract provision regarding remedies for breach, Covered Entity shall have the right, in the event of a breach by Business Associate of any provision of this Agreement, to terminate immediately the Contract, or this Agreement, or both. ii. Subject to any directions from Covered Entity, upon termination of the Contract, this Agreement, or both, Business Associate shall take timely, reasonable, and necessary action to protect and preserve property in the possession of Business Associate in which Covered Entity has an interest. b. Effect of Termination. i. Upon termination of this Agreement for any reason, Business Associate, at the option of Covered Entity, shall return or destroy all PHI that Business Associate, its agents, or its Subcontractors maintain in any form, and shall not retain any copies of such PHI. ii. If Covered Entity directs Business Associate to destroy the PHI, Business Associate shall certify in writing to Covered Entity that such PHI has been destroyed. iii. If Business Associate believes that returning or destroying the PHI is not feasible, Business Associate shall promptly provide Covered Entity with notice of the conditions making return or destruction infeasible. Business Associate shall continue to extend the protections of Section 3 of this Agreement to such PHI, and shall limit further use of such PHI to those purposes that make the return or destruction of such PHI infeasible. 6. INJUNCTIVE RELIEF Covered Entity and Business Associate agree that irreparable damage would occur in the event Business Associate or any of its Subcontractors or agents use or disclosure of PHI in violation of this Agreement, the HIPAA Rules or any applicable law. Covered Entity and Business Associate further agree that money damages would not provide an adequate remedy for such Breach. Accordingly, Covered Entity and Business Associate agree that Covered Entity shall be entitled to injunctive relief, specific performance, and other equitable relief to prevent or restrain any Breach or threatened Breach of and to enforce specifically the terms and provisions of this Agreement. 7. LIMITATION OF LIABILITY Any provision in the Contract limiting Contractor's liability shall not apply to Business Associate's liability under this Agreement, which shall not be limited. Page 7 of 10 HIPAA BAA Revised August 2018 a COLORADO Financial services Cepartment d Hron.n Services Division of Contracts and Procuremen 8. DISCLAIMER Covered Entity makes no warranty or representation that compliance by Business Associate with this Agreement or the HIPAA Rules will be adequate or satisfactory for Business Associate's own purposes. Business Associate is solely responsible for all decisions made and actions taken by Business Associate regarding the safeguarding of PHI. 9. CERTIFICATION Covered Entity has a legal obligation under HIPAA Rules to certify as to Business Associate's Information Security practices. Covered Entity or its authorized agent or contractor shall have the right to examine Business Associate's facilities, systems, procedures, and records, at Covered Entity's expense, if Covered Entity determines that examination is necessary to certify that Business Associate's Information Security safeguards comply with the HIPAA Rules or this Agreement. 10. AMENDMENT a. Amendment to Comply with Law. The Parties acknowledge that state and federal laws and regulations relating to data security and privacy are rapidly evolving and that amendment of this Agreement may be required to provide procedures to ensure compliance with such developments. i. In the event of any change to state or federal laws and regulations relating to data security and privacy affecting this Agreement, the Parties shall take such action as is necessary to implement the changes to the standards and requirements of HIPAA, the HIPAA Rules and other applicable rules relating to the confidentiality, integrity, availability and security of PHI with respect to this Agreement. Business Associate shall provide to Covered Entity written assurance satisfactory to Covered Entity that Business Associate shall adequately safeguard all PHI, and obtain written assurance satisfactory to Covered Entity from Business Associate's Subcontractors and agents that they shall adequately safeguard all PHI. iii. Upon the request of either Party, the other Party promptly shall negotiate in good faith the terms of an amendment to the Contract embodying written assurances consistent with the standards and requirements of HIPAA, the HIPAA Rules, or other applicable rules. iv. Covered Entity may terminate this Agreement upon 30 days' prior written notice in the event that: A. Business Associate does not promptly enter into negotiations to amend the Contract and this Agreement when requested by Covered Entity pursuant to this Section; or B. Business Associate does not enter into an amendment to the Contract and this Agreement, which provides assurances regarding the safeguarding of PHI sufficient, Page 8 of 10 HIPAA BAA Revised August 2018 a t1t� COLORADO Financial Services Department or Human Services Dwiswn of Contracts and Procurement in Covered Entity's sole discretion, to satisfy the standards and requirements of the HIPAA, the HIPAA Rules and applicable law. b. Amendment of Appendix. The Appendix to this Agreement may be modified or amended by the mutual written agreement of the Parties, without amendment of this Agreement. Any modified or amended Appendix agreed to in writing by the Parties shall supersede and replace any prior version of the Appendix. 11. ASSISTANCE IN LITIGATION OR ADMINISTRATIVE PROCEEDINGS Covered Entity shall provide written notice to Business Associate if litigation or administrative proceeding is commenced against Covered Entity, its directors, officers, or employees, based on a claimed violation by Business Associate of HIPAA, the HIPAA Rules or other laws relating to security and privacy or PHI. Upon receipt of such notice and to the extent requested by Covered Entity, Business Associate shall, and shall cause its employees, Subcontractors, or agents assisting Business Associate in the performance of its obligations under the Contract to, assist Covered Entity in the defense of such litigation or proceedings. Business Associate shall, and shall cause its employees, Subcontractor's and agents to, provide assistance, to Covered Entity, which may include testifying as a witness at such proceedings. Business Associate or any of its employees, Subcontractors or agents shall not be required to provide such assistance if Business Associate is a named adverse party. 12. INTERPRETATION AND ORDER OF PRECEDENCE Any ambiguity in this Agreement shall be resolved in favor of a meaning that complies and is consistent with the HIPAA Rules. In the event of an inconsistency between the Contract and this Agreement, this Agreement shall control. This Agreement supersedes and replaces any previous, separately executed HIPAA business associate agreement between the Parties. 13. SURVIVAL Provisions of this Agreement requiring continued performance, compliance, or effect after termination shall survive termination of this contract or this agreement and shall be enforceable by Covered Entity. Page 9 of 10 HIPAA BAA Revised August 2018 SO COLORADO Financial Services orHuman Serves% Division of Contracts anti Procurement APPENDIX TO HIPAA BUSINESS ASSOCIATE AGREEMENT This Appendix ("Appendix") to the HIPAA Business Associate Agreement ("Agreement") is s an appendix to the Contract and the Agreement. For the purposes of this Appendix, defined terms shall have the meanings ascribed to them in the Agreement and the Contract. Unless the context clearly requires a distinction between the Contract, the Agreement, and this Appendix, all references to "Contract" or "Agreement" shall include this Appendix. 1. PURPOSE This Appendix sets forth additional terms to the Agreement. Any sub -section of this Appendix marked as "Reserved" shall be construed as setting forth no additional terms. 2. ADDITIONAL TERMS a. Additional Permitted Uses. In addition to those purposes set forth in the Agreement, Business Associate may use PHI for the following additional purposes: i. Reserved. b. Additional Permitted Disclosures. In addition to those purposes set forth in the Agreement, Business Associate may disclose PHI for the following additional purposes: i. Reserved. c. Approved Subcontractors. Covered Entity agrees that the following Subcontractors or agents of Business Associate may receive PHI under the Agreement: i. Reserved. d. Definition of Receipt of PHI. Business Associate's receipt of PHI under this Contract shall be deemed to occur, and Business Associate's obligations under the Agreement shall commence, as follows: i. Reserved. e. Additional Restrictions on Business Associate. Business Associate agrees to comply with the following additional restrictions on Business Associate's use and disclosure of PHI under the Contract: i. Reserved. f. Additional Terms. Business Associate agrees to comply with the following additional terms under the Agreement: i. Reserved. Page 10 of 10 HIPAA BAA Revised August 2018 EXHIBIT D - ADMINISTRATIVE MONITORING TOOL FOR HCA PROGRAM IMPLEMENTATION Agency Name: Reviewed By: Review Date: Performance Standard Related to Administrative Authority Measure/Expectation Yes/No/NA PTS 1. Case Managers meet the qualifications as outlined in State regulations 2. Case Managers as defined have been screened (e.g. drug screening, background checks) and are appropriate for employment by the agency 3. Agency administers a personnel system for recruiting, hiring, evaluating, and terminating employees 4. Agency staff have sufficient training and experience to complete all portions of the work assigned to them as I defined in this contract and rule 5. The agency follows standards as set forth by the Department through rules, Agency Letters/Memos documents from Department sanctioned trainings 6. Agency completed the mandated sample review of cases within required timeframes and written 7. Agency has a method to determine that clients are receiving specified services at least monthly 8. Agency maintains client records in accordance with program requirements, including documentation of all case activities, the monitoring of service deliver_ and service effectiveness --- -- y 9. Theagency uses the State -prescribed information management system for the purpose management of client information 10. Clients rights are p pertains protected as it to the terms of the contract 11. Clients have access to the office during regular business hours 12. Agency provides a telephone system and trained staff to: a. Timely P messages res and to b. Provide access to telecommunication devices and/or interpreters for the hearing/vocally impaired c. Provide access to foreign language interpreters as needed 13. Case management functions are performed according to the contract and rule_ 14. The agency timely provided required documentation to the county departments of human/social services and/or I Department necessary for eligibility determination purposes within the prescribed timeframes 1- 15. The agency submits Department required information electronically as scheduled or upon the Department's request 16. Insurance is maintained as specified in the contract 17. Certificates showing insurance coverage were submitted to the Department within 7 business days of the effective date of the contract 18. Agency complied with the reporting requirements as specified in the contract 19. The agency complies with HIPAA 20. The agency attended county level and/or Administrative Law Judge (AU) hearings when the agency denies approval or implemented other adverse action against an applicant/client and the applicant/client appeals to include presentation of supporting evidence and filing exceptions if necessary Grading: Each question is worth 4.55 points. "Yes" or "NA" (when applicable) is worth 4.55 points, "No" is worth 0 points Total Score: Exhibit D, page 1 of 1 <COUNTY/ENTITY NAME ' SFY 2023-24 (DUE BY THE 20TH OF THE FOLLOWING MONTH) July Aug Sept Oct Nov Dec Jan Feb Mar Apr May 1 Jun HOME CARE ALLOWANCE HCA CASELOAD STARTING ASSESSMENT APPROVALS HCA APPROVALS I ASSESSMENT DENIALS HCA DENIALS . TOTAL INTAKE ASSESSMENTS i TOTAL HCA 0 j 0 1 0 I 0 I 0 I 0 I 0 I 0 I 0 I 0 I 0 0 Exhibit E, page 1 of 1 Contract Form New Contract Request Entity Information Entity Name. COLORADO DEPT OF HEALTH CARE POLICY & FINANCING Entity ID* L90007174 Contract Name * DEPARTMENT OF HEALTH CARE POLICY & FINANCING (2023-24 PURCHASE ORDER FOR HOME CARE ALLOWANCE) Contract Status CTE REVIEW Contract ID 7212 Contract Lead. COBEXXLK ❑ New Entity? Parent Contract ID 20201636 Requires Board Approval YES Contract Lead Email Department Project # cobbxxlk.co.weld.co.us Contract Description FISCAL YEAR 2023-2024 SINGLE ENTRY POINT (SEP) CONTRACT PURCHASE ORDER. TERM 7i 1 2023-6 30 2024. AMOUNT: 845,707.22 Contract Description 2 PA ROUTING THROUGH NORMAL APPROVAL PROCESS. ETA 7/1 3123 (REFERENCE: ALSO ASSOCIATED WITH SEP CONTRACT TYLER ID 2020-1636. CONTRACT AMEND 41 -TYLER ID 2021-1459 AND AMEND #2 - TYLER ID 2021-3087 AND AMEND #3 - TYLER ID 2023-0569) Contract Type. CHANGE ORDER Amount. 045,707.22 Renewable NO Automatic Renewal Grant ICA Department HUMAN SERVICES Department Email CM- HumanServices?tveldgov.co Department Head Email CM-HumanServices- DeptHeadgweldgov.com County Attorney GENERAL COUNTY ATTORNEY EMAIL County Attorney Email CM- COUNTYATTORNEY aWELDG OV.COM Requested BOCC Agenda Date 07119;2023 Due Date 07i15,2023 Will a work session with BOCC be required?* NO Does Contract require Purchasing Dept. to be included? if this is a renewal enter previous Contract ID If this is part of a MSA enter MSA Contract ID Note: the Previous Contract Number and Master Services Agreement Number should be left blank if those contracts are not in OnEase Contract Dates Effective Date Termination Notice Period Contact Information Contact Info Contact Name Purchasing Review Date. 04`30: 2024 Committed Delivery Date Renewal Date Expiration Date 06:28:2024 Contact Type Contact Email Contact Phone i Contact Phone 2 Purchasing Approver Purchasing Approved Date Approval Process Department Head JAMIE ULRICH DH Approved Date 0710712023 Final Approval BOCC Approved BOCC Signed Date BOCC Agenda Date 07'19 .2023 Originator COBBXXLK Finance Approver CHERYL PATTELLI Legal Counsel BRUCE BARKER Finance Approved Date Legal Counsel Approved Date 07'10:2023 07:1112023 Tyler Ref # AG 071923 Hello