HomeMy WebLinkAbout20220749.tiffSTATE OF COLORADO
Department of Human Services
•
Number: PO,IHFA,202200008908
Date: 9/16/22
Description:
Family First Placement Continuum
Effective Date: 01/28/22
Ex ' iration Date: 09/30/23
UYER
Buyer:
Email:
ENDOR
Toby Erxleben
toby.erxleben@state.co.us
WELD COUNTY
Human Services
PO BOX A
GREELEY, CO 80632
Contact: Denise Suniga
Phone: PHONE
ENDOR INSTRUCTIONS
,XTENDED DESCRIPTION
Page of 2
The order number and line number must appear on all
invoices, packing slips, cartons, and correspondence.
ILL TO
CHILD WELFARE
1575 SHERMAN ST. 2ND FL.
DENVER, CO 80203
HIP TO
CHILD WELFARE
1575 SHERMAN ST. 2ND FL.
DENVER, CO 80203
SHIPPING INSTRUCTIONS
Delivery/Install Date:
FOB:
RFP IHFA 2022000042 Family First Placement Continuum Weld County Award
Weld County will develop a therapeutic foster care program which will allow for placement of youth who need
higher level of care within the community allowing them to maintain connections with parents and family
members, school and community supports.
91800 0 0.00 $103,446.00 O
Description: Family First - Transition Fund - Placement Continuum
Service From: 01/28/22
Service To: 09/30/23
TERMS AND CONDITIONS
https://www.colorado.gov/osc/purchase-order-terms-conditions
REASON FOR MODIFICATION
Change Order Number: 1
PO Term Extension per eC2216431
0.-Ommon; C s -t ons
(0/03ifa•
c.c.: CAMP/ ► M), 1-16O
F= f cC.ICP)
/z6/22
i-1 P O09'-i
le
STATE OF COLORADO
Department of Human Services
Page 2 of 2
DOCUMENT TOTAL = $103,446.00
RESOLUTION
RE: APPROVE ACCEPTANCE OF PURCHASE ORDER FUNDS FOR FAMILY FIRST
TRANSITION ACT TO IMPLEMENT A THERAPEUTIC FOSTER CARE PROGRAM
AND AUTHORIZE DIVISION OF CHILD WELFARE TO DISBURSE FUNDS
WHEREAS, the Board of County Commissioners of Weld County, Colorado, pursuant to
Colorado statute and the Weld County Home Rule Charter, is vested with the authority of
administering the affairs of Weld County, Colorado, and
WHEREAS, the Board has been presented with the Acceptance of the Purchase Order
Funds for the Family First Transition Act to Implement a Therapeutic Foster Care Program
between the County of Weld, State of Colorado, by and through the Board of County
Commissioners of Weld County, on behalf of the Department of Human Services, Division of Child
Welfare, and the Colorado Department of Human Services, commencing January 28, 2022, and
ending September 30, 2022, with further terms and conditions being as stated in said purchase
order, and
WHEREAS, after review, the Board deems it advisable to approve said purchase order, a
copy of which is attached hereto and incorporated herein by reference.
NOW, THEREFORE, BE IT RESOLVED by the Board of County Commissioners of
Weld County, Colorado, that the Acceptance of the Purchase Order Funds for the Family First
Transition Act to Implement a Therapeutic Foster Care Program between the County of Weld,
State of Colorado, by and through the Board of County Commissioners of Weld County, on behalf
of the Department of Human Services, Employment Services of Weld County, and the Colorado
Department of Human Services, be, and hereby is, approved.
BE IT FURTHER RESOLVED by the Board that the Division of Child Welfare be, and
hereby is, authorized to disburse said funds.
The above and foregoing Resolution was, on motion duly made and seconded, adopted
by the following vote on the 9th day of March, A.D., 2022, nunc pro tunc January 28, 2022.
BOARD OF COUNTY COMMISSIONERS
WELD MOUNT , COLORADO
ATTEST: dettAgio�' •deo;oc.
Weld County Clerk to the Board
BY:
APP
Co my ' ttorney
Date of signature: o3/IS'/2
Sc•tt K. James, Chair
Lori Sain
Mike Freeman, Pro-Tem
EXCUSED
Perry L. Buck
cc: HSD
3/24 /22.
2022-0749
HR0094
Car e±- I t 55<5c1
PRIVILEGED AND CONFIDENTIAL
MEMORANDUM
DATE: February 8, 2022
TO: Board of County Commissioners — Pass -Around
FR: Jamie Ulrich, Director, Human Services
RE: Family First Placement Continuum Purchase Order
Please review and indicate if you would like a work session prior to placing this item on the
Board's agenda.
Request Board Approval of the Department's Family First Placement Continuum Purchase Order.
The Department of Human Services' Division of Child Welfare has been awarded $103,446.00 in the
form of Purchase Order, IHFA, 202200008908 from the Colorado Department of Human Services. This
funding will be used to develop a therapeutic foster care program for youth who need higher level of care
within our community allowing them to maintain connections with parents and family members, school
and community supports. The cost savings that are realized by reducing the number of youth in higher
level placements will be re -invested into the therapeutic foster home program to maintain this program
into the future. The Department received approval to apply for this funding opportunity in September
2021, referenced as Tyler ID 2021-2706.
I do not recommend a Work Session. I recommend approval of this Purchase Order and authorize the
Child Welfare Division to dispense the purchase order funds as appropriate.
Perry L. Buck
Mike Freeman, Pro -Tern
Scott K. James, Chair
Steve Moreno
Lori Saine
MF
Approve Schedule
Recommendation Work Session
Other/Comments:
Pass -Around Memorandum; February 8, 2022 - CMS ID 5554 Pam 1
2022-0749
03/0°1 {+r00qq
•
RDER
STATE OF COLORADO
Department of Human Services
Number: PO,IHFA,202200008908
Date: 1/28/22
Description:
Family First Placement Continuum
Effective Date: 01/28/22
Ex I iration Date: 09/30/22
Page 1 of 1
*****IMPORTANT*****
The order number and line number must appear on all
invoices, packing slips, cartons, and correspondence.
BILL TO
CHILD WELFARE
1575 SHERMAN ST. 2ND FL.
DENVER, CO 80203
UYER HIP TO
Buyer:
Email:
VENDOR
Toby Erxleben
toby.erxleben@state.co.us
WELD COUNTY
Human Services
PO BOX A
GREELEY, CO 80632
Contact: Denise Suniga
Phone: PHONE
VENDOR INSTRUCTIONS
XTENDED DESCRIPTION
CHILD WELFARE
1575 SHERMAN ST. 2ND FL.
DENVER, CO 80203
SHIPPING INSTRUCTIONS
Delivery/Install Date:
FOB:
RFP IHFA 2022000042 Family First Placement Continuum Weld County Award
Weld County will develop a therapeutic foster care program which will allow for placement of youth who need
higher level of care within the community allowing them to maintain connections with parents and family
members, school and community supports.
91800
0
Description: Family First - Transition Fund - Placement Continuum
Service From: 01/28/22
0.00
Service To: 09/30/22
$103,446.00
O
TERMS AND CONDITIONS
https://www.colorado.gov/osc/purchase-order-terms-conditions
DOCUMENT TOTAL = $103,446.00
Weld County Therapeutic Foster Care Program
Statement of Work
Weld County will develop a therapeutic foster care program which will allow for
placement of youth who need higher level of care within the community allowing them
to maintain connections with parents and family members, school and community
supports. The program will consist of four to five veteran and specially trained foster
parents. Each home will be a two- parent home with one parent being at home when
the youth are present in order to provide support, encourage youth extracurricular
activities and family visitation. Families recruited for the program will have proven
experience with difficult and challenging youth, either as foster parents, residential
staff, teachers or counselors. Families will have a history of providing service and
support to youth, promoting positive outcomes for youth and collaborating with
professionals and families in the best interest of youth.
Timeline
Targeted recruitment for the therapeutic foster homes will begin in January 2022,
including identifying current foster homes to transition to this new program as well as
recruiting new homes to be part of the program. The certification and training process
will be completed by April 2022 and first placements into this program will occur
beginning in May 2022. Based on an average length of stay of three months, the first
youth will transition to home, kin or a lower level of care by the end of July 2022.
Budget
Weld County is requesting funding for three years to support the implementation of our
therapeutic foster care program. The total funding request for three years is
$103,446.00. The yearly funding request includes:
• Salary and benefits of a County communication staff to spend 10% of work time
to provide recruitment support using social media postings, marketing material
creation and website updates
• 12 hours of initial training for 5-6 foster parents as required by rule and monthly
2-4 hours of training for foster parents to support ongoing training needs
• Respite care for one full weekend per month for 6 youth, 3 hours unplanned
respite time each month for 6 youth and 108 hours of respite time to be used by
the biological family and provided by the foster home after youth return home
• Incentive funding for family activities, youth pro -social and extra -curricular
activities and gifts cards for food and supplies for 5-6 foster parents and 12
youth.
a
COLORADO
Financial Services
Depanme ltd Human Services
Divis%on of Contracts and Procurement
HIPAA BUSINESS ASSOCIATE AGREEMENT
This HIPAA Business Associate Agreement ("Agreement") between the State and Contractor is agreed to in
connection with, and as an exhibit to, the Contract. For purposes of this Agreement, the State is referred to as
"Covered Entity" and the Contractor is referred to as "Business Associate". Unless the context clearly requires a
distinction between the Contract and this Agreement, all references to "Contract" shall include this Agreement.
1. PURPOSE
Covered Entity wishes to disclose information to Business Associate, which may include Protected Health
Information ("PHI"). The Parties intend to protect the privacy and security of the disclosed PHI in compliance with
the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), Pub. L. No. 104-191 (1996) as
amended by the Health Information Technology for Economic and Clinical Health Act ("HITECH Act") enacted
under the American Recovery and Reinvestment Act of 2009 ("ARRA") Pub. L. No. 111-5 (2009), implementing
regulations promulgated by the U.S. Department of Health and Human Services at 45 C.F.R. Parts 160, 162 and
164 (the "HIPAA Rules") and other applicable laws, as amended. Prior to the disclosure of PHI, Covered Entity is
required to enter into an agreement with Business Associate containing specific requirements as set forth in, but not
limited to, Title 45, Sections 160.103, 164.502(e) and 164.504(e) of the Code of Federal Regulations ("C.F.R.")
and all other applicable laws and regulations, all as may be amended.
2. DEFINITIONS
The following terms used in this Agreement shall have the same meanings as in the HIPAA Rules: Breach, Data
Aggregation, Designated Record Set, Disclosure, Health Care Operations, Individual, Minimum Necessary, Notice
of Privacy Practices, Protected Health Information, Required by Law, Secretary, Security Incident, Subcontractor,
Unsecured Protected Health Information, and Use.
The following terms used in this Agreement shall have the meanings set forth below:
a. Business Associate. "Business Associate" shall have the same meaning as the term "business associate"
at 45 C.F.R. 160.103, and shall refer to Contractor.
b. Covered Entity. "Covered Entity" shall have the same meaning as the term "covered entity" at 45 C.F.R.
160.103, and shall refer to the State.
c. Information Technology and Information Security. "Information Technology" and "Information
Security" shall have the same meanings as the terms "information technology" and "information
security", respectively, in §24-37.5-102, C.R.S.
Capitalized terms used herein and not otherwise defined herein or in the HIPAA Rules shall have the meanings
ascribed to them in the Contract.
Page 1 of 10
HIPAA BAA
Revised August 2018
Ate
COLORADO
Financial Services
D.wrt.4, t d Human ;awes
Division of Contracts and Procurement
3. OBLIGATIONS AND ACTIVITIES OF BUSINESS ASSOCIATE
a. Permitted Uses and Disclosures.
i. Business Associate shall use and disclose PHI only to accomplish Business Associate's
obligations under the Contract.
i. To the extent Business Associate carries out one or more of Covered Entity's obligations under
Subpart E of 45 C.F.R. Part 164, Business Associate shall comply with any and all requirements
of Subpart E that apply to Covered Entity in the performance of such obligation.
ii. Business Associate may disclose PHI to carry out the legal responsibilities of Business
Associate, provided, that the disclosure is Required by Law or Business Associate obtains
reasonable assurances from the person to whom the information is disclosed that:
A. the information will remain confidential and will be used or disclosed only as Required
by Law or for the purpose for which Business Associate originally disclosed the
information to that person, and;
B. the person notifies Business Associate of any Breach involving PHI of which it is
aware.
iii. Business Associate may provide Data Aggregation services relating to the Health Care
Operations of Covered Entity. Business Associate may de -identify any or all PHI created or
received by Business Associate under this Agreement, provided the de -identification conforms
to the requirements of the HIPAA Rules.
d. Minimum Necessary. Business Associate, its Subcontractors and agents, shall access, use, and disclose
only the minimum amount of PHI necessary to accomplish the objectives of the Contract, in accordance
with the Minimum Necessary Requirements of the HIPAA Rules including, but not limited to, 45
C.F.R. 164.502(b) and 164.514(d).
e. Impermissible Uses and Disclosures.
i. Business Associate shall not disclose the PHI of Covered Entity to another covered entity
without the written authorization of Covered Entity.
ii. Business Associate shall not share, use, disclose or make available any Covered Entity PHI in
any form via any medium with or to any person or entity beyond the boundaries or jurisdiction
of the United States without express written authorization from Covered Entity.
f. Business Associate's Subcontractors.
i. Business Associate shall, in accordance with 45 C.F.R. 164.502(e)(1)(ii) and 164.308(b)(2),
ensure that any Subcontractors who create, receive, maintain, or transmit PHI on behalf of
Page 2 of 10
HIPAA BAA
Revised August 2018
a
g.
COLORADO
Financial Services
Department or Human Semces
Dlviston of Contracts and Procurement
Business Associate agree in writing to the same restrictions, conditions, and requirements that
apply to Business Associate with respect to safeguarding PHI.
ii. Business Associate shall provide to Covered Entity, on Covered Entity's request, a list of
Subcontractors who have entered into any such agreement with Business Associate.
iii. Business Associate shall provide to Covered Entity, on Covered Entity's request, copies of any
such agreements Business Associate has entered into with Subcontractors.
Access to System. If Business Associate needs access to a Covered Entity Information Technology
system to comply with its obligations under the Contract or this Agreement, Business Associate shall
request, review, and comply with any and all policies applicable to Covered Entity regarding such
system including, but not limited to, any policies promulgated by the Office of Information Technology
and available at http://oit.state.co.us/about/policies.
h. Access to PHI. Business Associate shall, within ten days of receiving a written request from Covered
Entity, make available PHI in a Designated Record Set to Covered Entity as necessary to satisfy
Covered Entity's obligations under 45 C.F.R. 164.524.
i. Amendment of PHI.
J•
Business Associate shall within ten days of receiving a written request from Covered Entity
make any amendment to PHI in a Designated Record Set as directed by or agreed to by Covered
Entity pursuant to 45 C.F.R. 164.526, or take other measures as necessary to satisfy Covered
Entity's obligations under 45 C.F.R. 164.526.
ii. Business Associate shall promptly forward to Covered Entity any request for amendment of
PHI that Business Associate receives directly from an Individual.
Accounting Rights. Business Associate shall, within ten days of receiving a written request from
Covered Entity, maintain and make available to Covered Entity the information necessary for Covered
Entity to satisfy its obligations to provide an accounting of Disclosure under 45 C.F.R. 164.528.
k. Restrictions and Confidential Communications.
i. Business Associate shall restrict the Use or Disclosure of an Individual's PHI within ten days
of notice from Covered Entity of:
A. a restriction on Use or Disclosure of PHI pursuant to 45 C.F.R. 164.522; or
B. a request for confidential communication of PHI pursuant to 45 C.F.R. 164.522.
ii. Business Associate shall not respond directly to an Individual's requests to restrict the Use or
Disclosure of PHI or to send all communication of PHI to an alternate address.
Page 3 of 10
HIPAA BAA
Revised August 2018
Ato
COLORADO
Financial Services
Department of Human Services
Division of Contracts and Procurement
iii. Business Associate shall refer such requests to Covered Entity so that Covered Entity can
coordinate and prepare a timely response to the requesting Individual and provide direction to
Business Associate.
1. Governmental Access to Records. Business Associate shall make its facilities, internal practices, books,
records, and other sources of information, including PHI, available to the Secretary for purposes of
determining compliance with the HIPAA Rules in accordance with 45 C.F.R. 160.310.
m. Audit, Inspection and Enforcement.
Business Associate shall obtain and update at least annually a written assessment performed by
an independent third party reasonably acceptable to Covered Entity, which evaluates the
Information Security of the applications, infrastructure, and processes that interact with the
Covered Entity data Business Associate receives, manipulates, stores and distributes. Upon
request by Covered Entity, Business Associate shall provide to Covered Entity the executive
summary of the assessment.
ii. Business Associate, upon the request of Covered Entity, shall fully cooperate with Covered
Entity's efforts to audit Business Associate's compliance with applicable HIPAA Rules. If,
through audit or inspection, Covered Entity determines that Business Associate's conduct
would result in violation of the HIPAA Rules or is in violation of the Contract or this
Agreement, Business Associate shall promptly remedy any such violation and shall certify
completion of its remedy in writing to Covered Entity.
n. Appropriate Safeguards.
i. Business Associate shall use appropriate safeguards and comply with Subpart C of 45 C.F.R.
Part 164 with respect to electronic PHI to prevent use or disclosure of PHI other than as
provided in this Agreement.
ii. Business Associate shall safeguard the PHI from tampering and unauthorized disclosures.
iii. Business Associate shall maintain the confidentiality of passwords and other data required for
accessing this information.
iv. Business Associate shall extend protection beyond the initial information obtained from
Covered Entity to any databases or collections of PHI containing information derived from the
PHI. The provisions of this section shall be in force unless PHI is de -identified in conformance
to the requirements of the HIPAA Rules.
o. Safeguard During Transmission.
i. Business Associate shall use reasonable and appropriate safeguards including, without
limitation, Information Security measures to ensure that all transmissions of PHI are authorized
and to prevent use or disclosure of PHI other than as provided for by this Agreement.
Page 4 of 10
HIPAA BAA
Revised August 2018
a
P.
q.
COLORADO
Financial Services
Department or Human 5...w..,s
6ivisxrn of Contracts and Procuretteot.
ii. Business Associate shall not transmit PHI over the internet or any other insecure or open
communication channel unless the PHI is encrypted or otherwise safeguarded with a FIPS-
compliant encryption algorithm.
Reporting of Improper Use or Disclosure and Notification of Breach.
Business Associate shall, as soon as reasonably possible, but immediately after discovery of a
Breach, notify Covered Entity of any use or disclosure of PHI not provided for by this
Agreement, including a Breach of Unsecured Protected Health Information as such notice is
required by 45 C.F.R. 164.410 or a breach for which notice is required under §24-73-103,
C.R.S.
ii. Such notice shall include the identification of each Individual whose Unsecured Protected
Health Information has been, or is reasonably believed by Business Associate to have been,
accessed, acquired, or disclosed during such Breach.
iii. Business Associate shall, as soon as reasonably possible, but immediately after discovery of
any Security Incident that does not constitute a Breach, notify Covered Entity of such incident.
iv. Business Associate shall have the burden of demonstrating that all notifications were made as
required, including evidence demonstrating the necessity of any delay.
Business Associate's Insurance and Notification Costs.
i. Business Associate shall bear all costs of a Breach response including, without limitation,
notifications, and shall maintain insurance to cover:
A. loss of PHI data;
B. Breach notification requirements specified in HIPAA Rules and in §24-73-103, C.R.S.;
and
C. claims based upon alleged violations of privacy rights through improper use or
disclosure of PHI.
ii. All such policies shall meet or exceed the minimum insurance requirements of the Contract or
otherwise as may be approved by Covered Entity (e.g., occurrence basis, combined single
dollar limits, annual aggregate dollar limits, additional insured status, and notice of
cancellation).
iii. Business Associate shall provide Covered Entity a point of contact who possesses relevant
Information Security knowledge and is accessible 24 hours per day, 7 days per week to assist
with incident handling.
Page 5 of 10
HIPAA BAA
Revised August 2018
go
COLORADO
Financial services
Department of Hymen Sernces
Dfviston of Contracts and Procurement
iv. Business Associate, to the extent practicable, shall mitigate any harmful effect known to
Business Associate of a Use or Disclosure of PHI by Business Associate in violation of this
Agreement.
r. Subcontractors and Breaches.
Business Associate shall enter into a written agreement with each of its Subcontractors and
agents, who create, receive, maintain, or transmit PHI on behalf of Business Associate. The
agreements shall require such Subcontractors and agents to report to Business Associate any
use or disclosure of PHI not provided for by this Agreement, including Security Incidents and
Breaches of Unsecured Protected Health Information, on the first day such Subcontractor or
agent knows or should have known of the Breach as required by 45 C.F.R. 164.410.
ii. Business Associate shall notify Covered Entity of any such report and shall provide copies of
any such agreements to Covered Entity on request.
s. Data Ownership.
i. Business Associate acknowledges that Business Associate has no ownership rights with respect
to the PHI.
ii. Upon request by Covered Entity, Business Associate immediately shall provide Covered Entity
with any keys to decrypt information that the Business Association has encrypted and maintains
in encrypted form, or shall provide such information in unencrypted usable form.
t. Retention of PHI. Except upon termination of this Agreement as provided in Section 5, below, Business
Associate and its Subcontractors or agents shall retain all PHI throughout the term of this Agreement,
and shall continue to maintain the accounting of disclosures required under Section 3.h, above, for a
period of six years.
4. OBLIGATIONS OF COVERED ENTITY
a. Safeguards During Transmission. Covered Entity shall be responsible for using appropriate safeguards
including encryption of PHI, to maintain and ensure the confidentiality, integrity, and security of PHI
transmitted pursuant to this Agreement, in accordance with the standards and requirements of the
HIPAA Rules.
b. Notice of Changes.
a.
i. Covered Entity maintains a copy of its Notice of Privacy Practices on its website. Covered Entity
shall provide Business Associate with any changes in, or revocation of, permission to use or
disclose PHI, to the extent that it may affect Business Associate's permitted or required uses or
disclosures.
Page 6 of 10
HIPAA BAA
Revised August 2018
COLORADO
Financial Services
Department of Mown xrvicts
Division of Contracts and Procurement
ii. Covered Entity shall notify Business Associate of any restriction on the use or disclosure of PHI
to which Covered Entity has agreed in accordance with 45 C.F.R. 164.522, to the extent that it
may affect Business Associate's permitted use or disclosure of PHI.
5. TERMINATION
b. Breach.
i. In addition to any Contract provision regarding remedies for breach, Covered Entity shall have
the right, in the event of a breach by Business Associate of any provision of this Agreement, to
terminate immediately the Contract, or this Agreement, or both.
ii. Subject to any directions from Covered Entity, upon termination of the Contract, this
Agreement, or both, Business Associate shall take timely, reasonable, and necessary action to
protect and preserve property in the possession of Business Associate in which Covered Entity
has an interest.
u. Effect of Termination.
i. Upon termination of this Agreement for any reason, Business Associate, at the option of
Covered Entity, shall return or destroy all PHI that Business Associate, its agents, or its
Subcontractors maintain in any form, and shall not retain any copies of such PHI.
ii. If Covered Entity directs Business Associate to destroy the PHI, Business Associate shall
certify in writing to Covered Entity that such PHI has been destroyed.
iii. If Business Associate believes that returning or destroying the PHI is not feasible, Business
Associate shall promptly provide Covered Entity with notice of the conditions making return
or destruction infeasible. Business Associate shall continue to extend the protections of Section
3 of this Agreement to such PHI, and shall limit further use of such PHI to those purposes that
make the return or destruction of such PHI infeasible.
6. INJUNCTIVE RELIEF
Covered Entity and Business Associate agree that irreparable damage would occur in the event Business Associate
or any of its Subcontractors or agents use or disclosure of PHI in violation of this Agreement, the HIPAA Rules or
any applicable law. Covered Entity and Business Associate further agree that money damages would not provide
an adequate remedy for such Breach. Accordingly, Covered Entity and Business Associate agree that Covered
Entity shall be entitled to injunctive relief, specific performance, and other equitable relief to prevent or restrain any
Breach or threatened Breach of and to enforce specifically the terms and provisions of this Agreement.
7. LIMITATION OF LIABILITY
Any provision in the Contract limiting Contractor's liability shall not apply to Business Associate's liability under
this Agreement, which shall not be limited.
Page 7 of 10
HIPAA BAA
Revised August 2018
AO
COLORADO
Financial Services
Department of Human Semcas
Divtsto n of Contracts and Procurement
8. DISCLAIMER
Covered Entity makes no warranty or representation that compliance by Business Associate with this Agreement
or the HIPAA Rules will be adequate or satisfactory for Business Associate's own purposes. Business Associate is
solely responsible for all decisions made and actions taken by Business Associate regarding the safeguarding of
PHI.
9. CERTIFICATION
Covered Entity has a legal obligation under HIPAA Rules to certify as to Business Associate's Information Security
practices. Covered Entity or its authorized agent or contractor shall have the right to examine Business Associate's
facilities, systems, procedures, and records, at Covered Entity's expense, if Covered Entity determines that
examination is necessary to certify that Business Associate's Information Security safeguards comply with the
HIPAA Rules or this Agreement.
10. AMENDMENT
a. Amendment to Comply with Law. The Parties acknowledge that state and federal laws and regulations
relating to data security and privacy are rapidly evolving and that amendment of this Agreement may
be required to provide procedures to ensure compliance with such developments.
i. In the event of any change to state or federal laws and regulations relating to data security
and privacy affecting this Agreement, the Parties shall take such action as is necessary to
implement the changes to the standards and requirements of HIPAA, the HIPAA Rules and
other applicable rules relating to the confidentiality, integrity, availability and security of
PHI with respect to this Agreement.
ii. Business Associate shall provide to Covered Entity written assurance satisfactory to
Covered Entity that Business Associate shall adequately safeguard all PHI, and obtain
written assurance satisfactory to Covered Entity from Business Associate's Subcontractors
and agents that they shall adequately safeguard all PHI.
i. iii. Upon the request of either Party, the other Party promptly shall negotiate in good faith the
terms of an amendment to the Contract embodying written assurances consistent with the
standards and requirements of HIPAA, the HIPAA Rules, or other applicable rules.
ii. iv. Covered Entity may terminate this Agreement upon 30 days' prior written notice in the
event that:
A. Business Associate does not promptly enter into negotiations to amend the Contract
and this Agreement when requested by Covered Entity pursuant to this Section; or
B. Business Associate does not enter into an amendment to the Contract and this
Agreement, which provides assurances regarding the safeguarding of PHI sufficient,
Page 8 of 10
HIPAA BAA
Revised August 2018
a
COLORADO
Financial Services
Departmere d Human Services
Division of Contracts and Procurement
in Covered Entity's sole discretion, to satisfy the standards and requirements of the
HIPAA, the HIPAA Rules and applicable law.
v. Amendment of Appendix. The Appendix to this Agreement may be modified or amended by the mutual
written agreement of the Parties, without amendment of this Agreement. Any modified or amended
Appendix agreed to in writing by the Parties shall supersede and replace any prior version of the
Appendix.
11. ASSISTANCE IN LITIGATION OR ADMINISTRATIVE PROCEEDINGS
Covered Entity shall provide written notice to Business Associate if litigation or administrative proceeding is
commenced against Covered Entity, its directors, officers, or employees, based on a claimed violation by Business
Associate of HIPAA, the HIPAA Rules or other laws relating to security and privacy or PHI. Upon receipt of such
notice and to the extent requested by Covered Entity, Business Associate shall, and shall cause its employees,
Subcontractors, or agents assisting Business Associate in the performance of its obligations under the Contract to,
assist Covered Entity in the defense of such litigation or proceedings. Business Associate shall, and shall cause its
employees, Subcontractor's and agents to, provide assistance, to Covered Entity, which may include testifying as a
witness at such proceedings. Business Associate or any of its employees, Subcontractors or agents shall not be
required to provide such assistance if Business Associate is a named adverse party.
12. INTERPRETATION AND ORDER OF PRECEDENCE
Any ambiguity in this Agreement shall be resolved in favor of a meaning that complies and is consistent with the
HIPAA Rules. In the event of an inconsistency between the Contract and this Agreement, this Agreement shall
control. This Agreement supersedes and replaces any previous, separately executed HIPAA business associate
agreement between the Parties.
13. SURVIVAL
Provisions of this Agreement requiring continued performance, compliance, or effect after termination shall survive
termination of this contract or this agreement and shall be enforceable by Covered Entity.
Page 9 of 10
HIPAA BAA
Revised August 2018
COLORADO
Financial services
Department or Human s
Division of Contracts and Procurement
APPENDIX TO HIPAA BUSINESS ASSOCIATE AGREEMENT
This Appendix ("Appendix") to the HIPAA Business Associate Agreement ("Agreement") is s an appendix to the
Contract and the Agreement. For the purposes of this Appendix, defined terms shall have the meanings ascribed to
them in the Agreement and the Contract. Unless the context clearly requires a distinction between the Contract, the
Agreement, and this Appendix, all references to "Contract" or "Agreement" shall include this Appendix.
1. PURPOSE
This Appendix sets forth additional terms to the Agreement. Any sub -section of this Appendix marked as
"Reserved" shall be construed as setting forth no additional terms.
2. ADDITIONAL TERMS
a. Additional Permitted Uses. In addition to those purposes set forth in the Agreement, Business
Associate may use PHI for the following additional purposes:
i. Reserved.
b. Additional Permitted Disclosures. In addition to those purposes set forth in the Agreement, Business
Associate may disclose PHI for the following additional purposes:
i. Reserved.
c. Approved Subcontractors. Covered Entity agrees that the following Subcontractors or agents of
Business Associate may receive PHI under the Agreement:
i. Reserved.
d. Definition of Receipt of PHI. Business Associate's receipt of PHI under this Contract shall be deemed
to occur, and Business Associate's obligations under the Agreement shall commence, as follows:
i. Reserved.
e. Additional Restrictions on Business Associate. Business Associate agrees to comply with the following
additional restrictions on Business Associate's use and disclosure of PHI under the Contract:
i. Reserved.
f. Additional Terms. Business Associate agrees to comply with the following additional terms under the
Agreement:
i. Reserved.
Page 10 of 10
HIPAA BAA
Revised August 2018
Contract Form
New Contract Request
Entity Information
Entity Name* Entity ID*
COLORADO DEPARTMENT OF HUMAN 0003650
SERVICES
❑ New Entity?
Contract Name* Contract ID
FAMILY FIRST PLACEMENT CONTINUUM PO, IHFA, 5554
202200008908
Contract Status
CTB REVIEW
Contract Lead*
APEGG
Contract Lead Email
apeggOvveldgov.com; cobbx
xlkC'weldgov.com
Parent Contract ID
Requires Board Approval
YES
Department Project #
Contract Description*
NEW PURCHASE ORDER (PO) RFP IHFA 2022000042 FAMILY FIRST PLACEMENT CONTINUUM WELD COUNTY AWARD. DHS CW
DIVISION WILL DEVELOP A THERAPEUTIC FOSTER CARE PROGRAM.
FUNDS MUST BE SPENT BY 9:30122. RELATED TO TYLER ID: 2021-2706.
Contract Description 2
PA IS ROUTING THROUGH THE NORMAL PROCESS. ETA TO CTB: 2 rI0122.
Contract Type
CONTRACT
Amount*
3103,446.00
Renewable*
NO
Automatic Renewal
Department Requested BOCC Agenda Due Date
HUMAN SERVICES Date* 02;19;2022
0223,2022
Department Email
CM -
H u rnanServi ces'weldgov. co
m
Department Head Email
CM-HumanServices-
DeptHead@veldgov.com
County Attorney
GENERAL COUNTY
A I I ORNEY EMAIL
County Attorney Email
CM-
COU NTYATTORN EY@WELDG
OV.COM
Will a work session with BOCC be required?*
NO
Does Contract require Purchasing Dept. to be included?
If this is a renewal enter previous Contract ID
If this is part of a MSA enter MSA Contract ID
Note: the Previous Contract Number and Master Services Agreement Number should be left blank if those contracts are not in
OnBase
Contract Dates
Effective Date
Termination Notice Period
Contact Information
Contact Info
Contact Name
Purchasing
Purchasing Approver
Approval Process
Department Head
JAMIE ULRICH
DH Approved Date
02'28(2022
Final Approval
BOCC Approved
BOCC Signed Date
BOCC Agenda Date
03 09'2022
Originator
APEGG
Contact Type
Review Date*
08:0] 2022
Committed Delivery Date
Contact Email
Finance Approver
CHRIS D'OVIDIO
Renewal Date
Expiration Date
09,3012022
Contact Phone 1
Purchasing Approved Date
Finance Approved Date
03/02,2022
Tyler Ref #
AG 030922
Legal Counsel
CAITLIN PERRY
Contact Phone 2
Legal Counsel Approved Date
03 02/2022
Hello