The URL can be used to link to this page

Browse Search

Home My WebLink About20212666.tiffRESOLUTION RE: APPROVE BUSINESS ASSOCIATE AGREEMENT AND AUTHORIZE CHAIR TO SIGN - COLORADO REGIONAL HEALTH INFORMATION ORGANIZATION (CORHIO) WHEREAS, the Board of County Commissioners of Weld County, Colorado, pursuant to Colorado statute and the Weld County Home Rule Charter, is vested with the authority of administering the affairs of Weld County, Colorado, and WHEREAS, the Board has been presented with a Business Associate Agreement between the County of Weld, State of Colorado, by and through the Board of County Commissioners of Weld County, on behalf of Weld County Department of Public Health and Environment, and the Colorado Regional Health Information Organization (CORHIO), commencing upon full execution of signatures, with further terms and conditions being as stated in said agreement, and WHEREAS, after review, the Board deems it advisable to approve said agreement, a copy of which is attached hereto and incorporated herein by reference. NOW, THEREFORE, BE IT RESOLVED by the Board of County Commissioners of Weld County, Colorado, that the Business Associate Agreement between the County of Weld, State of Colorado, by and through the Board of County Commissioners of Weld County, on behalf of Weld County Department of Public Health and Environment, and the Colorado Regional Health Information Organization (CORHIO), be, and hereby is, approved. BE IT FURTHER RESOLVED by the Board that the Chair be, and hereby is, authorized to sign said agreement. The above and foregoing Resolution was, on motion duly made and seconded, adopted by the following vote on the 13th day of September, A.D., 2021. BOARD OF COUNTY COMMISSIONERS WELD COUNTY, COLORADO ATTEST: dithA) G.. o•e/k. Weld County Clerk to the Board ounty A orney Date of signature: oa121 /2 oreno, C Steve cc:HLLr ) 2021-2666 HL0053 &rt'vcc-H 5Zc5 Memorandum TO: FROM: DATE: SUBJECT: Steve Moreno, Chair Board of County Commissioners Mark Lawley, Executive Director Department of Public Health & Environment August 17, 2021 Colorado Regional Health Information Organization (CORHIO) Business Associate Agreement For the Board's approval is a Business Associate Agreement between the Colorado Regional Health Information Organization (CORHIO) and the Board of County Commissioners of Weld County for the use and benefit of the Weld County Department of Public Health and Environment (WCDPHE). The purpose of this Agreement is to specifically declare a Business Associate relationship between WCDPHE and CORHIO and also define the privacy and security terms and conditions that will govern the protected health information (PHI) and personal information (PI) that WCDPHE transmits or receives when accessing the Health Information Exchange (HIE) maintained and operated by the Colorado Regional Health Information Organization (CORHIO). By way of this Agreement, the WCDPHE will be able to transmit and receive PHI from CORHIO, and CORHIO will be able to access, use, create, receive, transmit, maintain and/or disclose transmitted PHI to Colorado's Health Care Policy and Financing (HCPF), which administers Colorado Medicaid Program, and other qualified participants in CORHIO's Health Information Exchange. The term of this Agreement shall commence as of the effective date and shall terminate at the time of the termination or expiration of the Participant Agreement unless earlier terminated by WCDPHE for material breach of the Agreement and upon thirty (30) days prior written notice as described in this Agreement. This Agreement has been reviewed by the Weld County Attorneys' office and it meets with their approval. The Board approved placement of this Agreement on the Board's agenda via pass -around dated August 13, 2021. I recommend approval of this Business Associate Agreement with Colorado Regional Health Information Organization (CORHIO). 2021-2666 DocuSign Envelope ID: 0EDEFFC0-0A42-4F5F-9034-D20570D857FD (—) COR °t wAa°oa '&HIh"sa�,w'w BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement ("Agreement") is entered into as of the date of execution by both parties (the "Effective Date"), by and among weld County Board of County Commissioners acting as a Covered Entity ("Covered Entity") and the Colorado Regional Health Information Organization, a Colorado nonprofit corporation, with an address of 4500 Cherry Creek South Drive, Suite 820, Denver CO 80246, acting in the capacity as a Business Associate or Subcontractor Business Associate ("CORHIO" or "Business Associate") (collectively referred to herein as the "Parties"). This Agreement supersedes any prior Business Associate Agreement between or among the Parties. RECITALS WHEREAS, CORHIO governs and operates a Colorado, state-wide health information exchange ("HIE") through which Covered Entity and other participants will transmit or receive Protected Health Information (referred to herein as "PHI" and defined below) and other information to CORHIO, acting in the capacity as a common Business Associate or Subcontractor Business Associate; WHEREAS, CORHIO and Covered Entity have entered into a written agreement and may in the future enter into additional written agreements, including one or more statements of work, pursuant to which CORHIO may, on Covered Entity's behalf, access, use, create, receive, transmit, maintain, and/or disclose PHI (the "Participant Agreement"); WHEREAS, Covered Entity and CORHIO intend to protect the privacy and provide for the security of PHI disclosed to CORHIO and comply with the requirements of the Health Insurance Portability and Accountability Act of 1996 ("HIPAA") and the Health Information Technology for Economic and Clinical Health Act, Public Law 111-005 ("HITECH Act"), and the final regulations to such Acts that the U.S. Department of Health and Human Services ("HHS") has promulgated and set forth in 45 CFR Parts 160, 162, and 164, as may be amended from time to time (collectively, the "HIPAA Rules"); WHEREAS, the Parties acknowledge that this Agreement shall supplement and / or amend the Participant Agreement only with respect to CORHIO's access, use, creation, receipt, transmittal, maintenance or disclosure of PHI and supersedes any prior Business Associate Agreement between the parties; WHEREAS, the participants in HIE do not become Business Associates of each other by virtue of this Business Associate Agreement. NOW THEREFORE, in consideration of the mutual promises below and the exchange of information pursuant to this Agreement, the Parties agree as follows: 1. DEFINITIONS. A. "Applicable Law" means HIPAA, the HITECH Act, the HIPAA Rules, as may be amended from time to time, as well as applicable state law. B. "Breach" shall have the meaning given to such term at 45 C.F.R. § 164.402. CORHIO Master BAA (Updated July 2021) O2aou 0260Z, DocuSign Envelope ID: 0EDEFFC0-0A42-4F5F-9034-D20570D857FD JCORHIO “.14,11 @IIA MY nmeuan:. C. "Discovery" shall mean the first day on which an Incident (as defined herein) is known to Business Associate (including any person that is an employee, officer, or Subcontractor of Business Associate), or should reasonably have been known to Business Associate, to have occurred. D. "Incident" shall have the meaning provided under Section II.F. E. "Individual" shall have the same meaning as the term "Individual" in 45 C.F.R. §160.103 and shall include a person who qualifies as a personal representative in accordance with 45 C.F.R. §164.502(g). F. "Protected Health Information" or "PHI" shall have the same meaning as the term "Protected Health Information" in 45 C.F.R. §160.103, limited to the information created, received, transmitted, or maintained by Business Associate on behalf of or for Covered Entity. For purposes of this Agreement, "Protected Health Information" or "PHI" shall collectively refer to Protected Health Information, Electronic Protected Health Information ("ePHI") as defined in 45 C.F.R. § 160.103, and "Personal Information" as defined below. G. "Personal Information" or "PI", also known as "Personally Identifiable Information," "Personal Data," and similar terms, shall have the meaning provided under state law. For purposes of this Agreement, Personal Information shall include any data elements that identify an individual or that could be used to identify an individual, including but not limited to an individual's first name or initial and last name in combination with one or more of the following data elements: social security number; driver's license or state issued identification number; credit or debit card number; medical information (such as an individual's condition, treatment, or payment information); financial information, such as checking account or other account number (either in combination with a required security code, access code, or password that would permit access to the account, or alone if the account does not require such an access code); or other identifying information, such as email addresses and usernames in combination with passwords or security questions, date of birth, mother's maiden name, digital signature, passport number, fingerprint or other biometric data, an insurance policy number, employment information, employment history, an employer, student, tribal, or military identification numbers. H. "Required by Law" means a mandate contained in law that compels Covered Entity or Business Associate to use or disclose PHI and that is enforceable in a court of law, including, but not limited to, court orders, court -ordered warrants and statutes and regulations. I. "Secretary" shall mean the Secretary of the Department of Health and Human Services or his/her designee. J. "Security Incident" shall have the meaning provided in 45 C.F.R. § 164.304. K. Terms used but not otherwise defined in this Agreement shall have the same meaning as given to those terms in the HIPAA Rules. A regulatory reference in this Agreement means the section as in effect or as amended, and for which compliance is required. 2. BUSINESS ASSOCIATE'S OBLIGATIONS. A. Permitted Use and Disclosure of PHI. 1. Business Associate shall use and disclose PHI only as permitted by this Agreement or as Required by Law. To the extent that Business Associate is to carry out one or more of Covered Entity's obligation(s) under the HIPAA Rules, Business Associate shall comply with the provisions in the HIPAA Rules that would apply to Covered Entity in the performance of such obligation(s). Business Associate is also 2 CORHIO Master BAA (Updated July 2021) DocuSign Envelope ID: 0EDEFFC0-0A42-4F5F-9034-D20570D857FD C0RHIO permitted to obtain Individual HIPAA authorizations and other consents in accordance with the HIPAA Rules and to use and disclose PHI as permitted by such authorizations and consents in compliance with CORHIO's policies. 2. Participant Agreement. Except as otherwise limited in this Agreement, CORHIO may use or disclose PHI for, or on behalf of, Covered Entity, in the operation of the HIE and in CORHIO's provision of services, including but not limited to the following functions, services and activities that are implicit in the Participant Agreement (even if not specifically stated): a) Managing authorized requests for, and disclosures of, PHI amongst Participants in the health information exchange; b) Creating and maintaining a master patient index; c; Providing a record locator or patient matching service; d) Standardizing data formats; e) Implementing policies and other business rules to assist in the automation of data exchange; f) Facilitating the identification and correction of errors in health information records; g) Aggregating data on behalf of multiple Participants, including to create, update, modify, transmit, standardize, maintain, or disclose a Continuity of Care Document; h) Developing new functionality of the health information exchange; i) Responding to permissible requests from public health authorities including for public health activities and facilitating the exchange of information between participants and public health authorities (e.g., immunization information systems); j) Any other use permitted or directed by the Participation Agreements; provided that such use or disclosure would not violate Applicable Law if done by the Covered Entity or another Participant. B. Permitted Uses of PHI by CORHIO. CORHIO may use PHI i) for the proper management and administration of CORHIO, ii) to carry out its legal responsibilities, (iii) to create de - identified data consistent with 45 C.F.R. 164.514, and (iv) to provide Data Aggregation services to Covered Entity and for the Health Care Operations of the Participants. (See 45 CFR Sections 164.504(e) (2) (i), 164.504(e) (2) (ii) (A), and 164.504(e) (4) (i)). C. Permitted Disclosures of PHI by CORHIO. CORHIO may only disclose PHI for the purpose of performing its respective obligations under this Agreement and as permitted under the Participant Agreement; provided, however, that CORHIO shall not disclose PHI in any manner that would constitute a violation of Applicable Law if so disclosed by Covered Entity or a Participant. Except as otherwise limited in this Agreement, CORHIO may disclose PHI (i) for its proper management and administration, (ii) to carry out its legal responsibilities, or (iii) as required by law. If CORHIO makes a permitted disclosure of PHI to a third party pursuant to this subsection, prior to making any such disclosure, CORHIO shall first obtain, (i) reasonable written assurances from such third party that such PHI will be held confidential as provided pursuant to this Agreement and Applicable Law and will only be disclosed as Required by Law 3 CORHIO Master BAA (Updated July 2021) DocuSign Envelope ID: 0EDEFFC0-0A42-4F5F-9034-D20570D857FD C0RHIO Ifl1A ,O7=2 or for the purposes for which it was disclosed to such third party, and (ii) a written agreement from such third party to immediately notify Business Associate of any instance of which the recipient is aware in which the confidentiality of the PHI has been breached. D. Safeguards. CORHIO shall implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the PHI that Business Associate creates, receives, maintains, uses, discloses, or transmits on behalf of Covered Entity, in accordance with all applicable provisions of the HIPAA Rules. Business Associate shall comply with the requirements in 45 C.F.R. Part 164, subpart C. CORHIO shall Encrypt, or cause the Encryption of, all ePHI they transmit or store such that such ePHI will not comprise Unsecured PHI as such term is used under the HITECH Act and the Breach Notification Rule. E. Minimum Necessary. If applicable, CORHIO, and its agents and subcontractors, will make reasonable efforts to use, disclose, or request only the minimum necessary PHI to accomplish the intended purpose (as described in 45 C.F.R. § 164.502(b) and § 164.514(d)). The Parties understand and agree that the definition of "minimum necessary" is in flux, and CORHIO agrees to keep itself informed of guidance issued by the Secretary with respect to what constitutes "minimum necessary." F. Incident Reporting: Business Associate shall report to Covered Entity any of the following without unreasonable delay after Discovery by Business Associate or any Subcontractor: (i) any acquisition, access, use or disclosure of PHI not provided for in this Agreement or the Participant Agreement; (ii) any Security Incident involving PHI; (iii) any Breach of Unsecured PHI (collectively, an "Incident"). Business Associate shall implement reasonable systems for the Discovery and prompt reporting of any Incidents and shall train Business Associate personnel regarding the requirements under this Agreement. Notwithstanding the foregoing, the Parties agree that this Agreement serves as notification, and that no further notification is required, of the ongoing existence of Unsuccessful Security Incidents, defined to include, without limitation, activity such as pings and other broadcast attacks on Business Associate's firewall, port scans, unsuccessful log -in attempts, denial of service, and any combination of the above, so long as such activity does not result in unauthorized access, use, acquisition, or disclosure of PHI. G. Agents & Subcontractors. Business Associate shall ensure that any agent or subcontractor to whom it provides PHI agrees in writing to substantially the same restrictions and conditions that apply throughout this Agreement to Business Associate. H. Access to PHI. To the extent that Business Associate possesses an applicable Designated Record Set, CORHIO shall provide access to PHI in a Designated Record Set to Covered Entity or, as directed by Covered Entity, to an Individual all in accordance with the requirements in 45 CFR §164.524, including providing or sending a copy to a designated third party and providing or sending a copy in electronic format. If an Individual requests access to PHI directly from Business Associate, Business Associate will forward such a request in writing to Covered Entity within a reasonable amount of time. Covered Entity will be responsible for making all determinations regarding the granting or denial of an Individual's request, and Business Associate shall make no such determinations. If Business Associate maintains PHI in electronic form, Business Associate shall provide such information in electronic format to Covered Entity if requested. 4 CORHIO Master BAA (Updated July 2021) DocuSign Envelope ID: 0EDEFFC0-0A42-4F5F-9034-D20570D857FD C0RHIO NCgtnR t� lg: I. Amendment of PHI. Business Associate shall make any amendment(s) to PHI in a Designated Record Set that Covered Entity, or a Participant acting through CORHIO, directs or agrees to pursuant to 45 CFR Section 164.526 at the request of an Individual, and in the time and manner reasonably designated by Covered Entity. If any Individual requests an amendment of PHI directly from CORHIO or its agents or subcontractors, CORHIO will notify the Covered Entity within a reasonable amount of time. Any approval or denial of amendment of PHI maintained by CORHIO or its agents or subcontractors shall be the responsibility of the affected Covered Entity in accordance with 45 CFR § 164.504(e)(2)(ii)(F)). J. Documentation and Accounting of Disclosures. Business Associate shall document such disclosures of PHI as would be required for Covered Entity to respond to a request by an Individual for an accounting of disclosures of PHI in accordance with 45 C.F.R. §164.528. Business Associate agrees to implement a process in the time and manner reasonably designated by Covered Entity that allows for an accounting to be collected and maintained by Business Associate and its agents or subcontractors. In addition, Business Associate agrees that (i) within a reasonable amount of time of receipt of a notice from Covered Entity requesting an accounting of PHI disclosures, Business Associate shall provide Covered Entity with records of such disclosures containing information as outlined in 45 C.F.R. §164.528(b); (ii) within a reasonable amount of time of receipt of a request by an Individual to Business Associate or its agents or subcontractors for an accounting of disclosures of PHI, Business Associate shall forward to Covered Entity any such requests in writing. Covered Entity shall be responsible for providing an accounting of PHI disclosures to the Individual. Business Associate will not provide an accounting of its disclosures directly to the Individual. K. Government Access. Upon request, Business Associate shall make its internal practices, books and records relating to the use and disclosure of PHI available to the Secretary to the extent required for determining Covered Entity's or Business Associates' compliance with the HIPAA Rules. L. State Law. Business Associate shall comply with applicable state law confidentiality, privacy, security, document retention, and breach notification requirements involving PI. Notwithstanding any provision to the contrary, the provisions of this Agreement shall apply equally with respect to PI as they do to PHI; provided, however, that to the extent that state law is more stringent than the HIPAA Rules or the terms of this Agreement, Business Associate agrees to comply with the requirement that provides more privacy and security protection to PI. 3. COVERED ENTITY'S OBLIGATIONS. A. Restrictions. Covered Entity shall notify Business Associate of any limitation(s) or restriction(s) that may affect Business Associate's use or disclosure of PHI, including: (i) any such limitation(s) or restriction(s) in Covered Entity's notice of privacy practices in accordance with 45 C.F.R. § 164.520; (ii) any changes in, or revocation of, permission by an Individual to use or disclose PHI; or (iii) any restriction on the use and disclosure of PHI that Covered Entity has agreed to in accordance with 45 C.F.R. § 164.522 or otherwise (collectively, "Restrictions"). B. Notice of Restrictions. Covered Entity shall provide Business Associate with notice of Restrictions within a reasonable time period, which shall be no later than ten (10) calendar days prior to the effective date of the Restriction. Due to current legal, technical and administrative limitations, including but not limited to data segmentation infeasibility, Covered Entity acknowledges that any such Restrictions may require Business Associate to opt out affected Individuals from participation in the HIE in order to accommodate the Restriction. Covered 5 CORHIO Master BAA (Updated July 2021) DocuSign Envelope ID: OEDEFFCO-0A42-4F5F-9034-D20570D857FD C0RHIO ftgANIMINAIR Entity agrees to assume all responsibility for any claim arising out of or relating to opt outs made in connection with implementing a Restriction. C. Compliance. Covered Entity represents, warrants and covenants that at all relevant times: (a) Covered Entity has not and will not improperly encourage or induce Individuals to make Restrictions; (b) Covered Entity's practices with respect to Restrictions will be implemented in a consistent and non-discriminatory manner; and (c) in the event Covered Entity terminates a Restriction, it will be done in accordance with 45 C.F.R. § 171.202(e). 4. TERM AND TERMINATION. A. Term. The term of this Agreement shall commence as of the Effective Date, and shall terminate at the time of the termination or expiration of the Participant Agreement, or earlier as provided herein. B. Termination for Cause. 1. Material Breach: If Covered Entity reasonably determines that Business Associate has materially breached this Agreement, Covered Entity may a) provide Business Associate with thirty (30) days written notice of the alleged material breach and an opportunity to cure the breach. If CORHIO fails to cure the breach or end the violation within the specified timeframe, Covered Entity may terminate this Agreement and the Participant Agreement; or b) immediately terminate this Agreement. 2. Effect of Termination or Expiration. Within thirty (30) days after the expiration or termination for any reason of the Agreement, CORHIO shall return or destroy all applicable PHI, if feasible to do so, including all applicable PHI in possession of CORHIO's subcontractors. Notwithstanding the foregoing, Covered Entity understands that PHI provided to the HIE may be integrated into the medical record of Data Recipients that access the HIE, and into records maintained by CORHIO (including but not limited to back-up tapes), and it will not be feasible for CORHIO to return or destroy the PHI that has been thus integrated upon termination of the Participant Agreement. To the extent that CORHIO determines that returning or destroying the PHI is not feasible, CORHIO shall notify Covered Entity in writing of the reasons return or destruction is not feasible. If CORHIO does not return or destroy PHI upon termination, CORHIO shall extend the protections for this Agreement to such PHI and limit further uses and disclosures of such PHI to those purposes that make the return or destruction infeasible, for so long as CORHIO maintains such PHI. 5. MISCELLANEOUS. A. Amendment. The Parties may amend this Agreement from time to time as is necessary to achieve and maintain compliance with Applicable Law, except that no agreement or other understanding in any way modifying the terms hereof will be binding unless made in writing as a modification or amendment to this Agreement and executed by each of the Parties. B. Interpretation. Any ambiguity in this Agreement shall be resolved to permit the Parties to comply with Applicable Law. 6 CORHIO Master BAA (Updated July 2021) DocuSign Envelope ID: 0EDEFFC0-0A42-4F5F-9034-D20570D857FD ( CORHIO" WANAMEGIONAIXEI MAIiAN AAAAtI3AlAN C. Choice of Law. This Agreement shall be governed by the laws of the state of Colorado without regard to conflict of laws principles thereof. D. Relationship to Agreements with Covered Entity. In the event that a provision of this Agreement is contrary to a provision of any other agreement between Business Associate and Covered Entity (including any inconsistences in defined or capitalized terms), this Agreement shall control. E. Survival. Business Associate's obligations under Sections 2 and 4.B2 of this Agreement shall survive the termination of this Agreement. F. No Third Party Beneficiaries. Nothing express or implied in this Agreement is intended to confer, nor shall anything herein confer, upon any person other than Covered Entity, Business Associate and their respective successors and assigns, any rights, remedies, obligations or liabilities whatsoever. G. Entire Agreement. This Agreement constitutes the entire agreement between the Parties with respect to its subject matter and merges, integrates and supersedes all prior and contemporaneous agreements, addenda and understandings between the Parties, whether written (including within any Services Agreements) or oral, concerning its subject matter. Covered Entity and CORHIO have caused their duly authorized representatives to execute this Agreement. FOR COVERED ENTITY: Weld County Board of County Commissioners DocuSigned by: r kort M.6 Signed: OCDDC68'B8E6449... Name: Title: 9/13/2021 Date: Steve Moreno Chair,weld County Commissioner FOR CORHIO: Colorado Regional Health Information Organization DocuSigned by: Signed: l o000C88302r746C... Name: Morgan Honea Title: CEO Date: 9/13/2021 7 CORHIO Master BAA (Updated July 2021) BOARD OF COUNTY COMMISSIONERS PASS AROUND REVIEW TITLE: Colorado Regional Health information Organization (CORHIO) Business Associate Agreement DEPARTMENT: PUBLIC HEALTH & ENVIRONMENT DATE: August 13, 2021 PERSON REQUESTING: Mark Lawley, Executive Director Brief description of the problem/issue: For the Board's review and approval is a Business Associate Agreement between the Colorado Regional Health Information Organization (CORHIO) and the Board of County Commissioners of Weld County for the use and benefit of the Weld County Department of Public Health and Environment (WCDPHE). The purpose of this Agreement is to specifically declare a Business Associate relationship between WCDPHE and CORHIO and also define the privacy and security terms and conditions that will govern the protected health information (PHI) and personal information (PI) that WCDPHE transmits or receives when accessing the Health Information Exchange (HIE) maintained and operated by the Colorado Regional Health Information Organization (CORHIO). By way of this Agreement, the WCDPHE will be able to transmit and receive PHI from CORHIO, and CORHIO will be able to access, use, create, receive, transmit, maintain and/or disclose transmitted PHI to Colorado's Health Care Policy and Financing (HCPF), which administers Colorado Medicaid Program, and other qualified participants in CORHIO's Health Information Exchange. The term of this Agreement shall commence as of the effective date and shall terminate at the time of the termination or expiration of the Participant Agreement unless earlier terminated by WCDPHE for material breach of the Agreement and upon thirty (30) days prior written notice as described in this Agreement. What options exist for the Board? (include consequences, impacts, costs, etc. of options): Approving this Agreement will enable the WCDPHE to continue its participation in CORHIO's Health Information Exchange, which has proven to be a valuable tool in reducing the time and costs associated with the transmission and receipt of PHI and facilitate the processing of 3`d party payor claims. Declining this Business Associate Agreement will likely result in the termination of the CORHIO Participant Agreement and prevent the WCDPHE from participating in the HIE. This will require the Department to use less cost -and time -efficient paper -based procedures to access necessary medical records and results on clients served by the Department. Increasing numbers of providers only wish to share information via electronic means to reduce costs and enhance efficiency. Not participating in the HIE could result in the Department not being able to access certain necessary medical information. Recommendation: I recommend approval of this Business Associate Agreement with Colorado Regional Health Information Organization (CORHIO). Approve Recommendation Perry L. Buck Mike Freeman Scott K. James, Pro-Tem Steve Moreno, Chair Lori Saine Schedule Work Session Other/Comments: 1\k4YEA. dv A& . (� 1 Contract Form Entity Information Entity Name* CORHIO New Contract Request Entity ID* O0©361 71 Contract Name* COLORADO REGIONAL HEALTH INFORMATION ORGANIZATION (CORHIO) BUSINESS ASSOCIATE AGREEMENT Contract Status FINANCE REVIEW ❑ New Entity? Contract ID 5205 Contract Lead* KJAKUS-HOTCHKISS Contract Lead Email kjakus- hotchkiss Pweldgov.com Parent Contract ID Requires Board Approval YES Department Project # Contract Description* COLORADO REGIONAL HEALTH INFORMATION ORGANIZATION (CORHIO) BUSINESS ASSOCIATE AGREEMENT FOR TRANSMI I I ING AND RECEIVING PHI AND PI Contract Description 2 Contract Type* AGREEMENT Amount* 30.00 Renewable* NO Automatic Renewal NO Grant NO IGA NO Department HEALTH Department Email CM-Healthgwaeldgov.com Department Head Email CM-Health- DeptHeadmeldgov.com County Attorney GENERAL COUNTY ATTORNEY EMAIL County Attorney Email CM- COUNTYA I I ORNEYWELDG OV,C:OM Requested BOCC Agenda Date* 09 08 2021 Due Date 0904'2021 Will a work session with BOCC be required?* HAD Does Contract require Purchasing Dept. to be included? NO If this is a renewal enter previous Contract ID If this is part of a MSA enter MSA Contract ID Note: the Previous Contract Number and Master Services Agreement Number should be left blank if those contracts are not in On Base Contract Dates Effective Date Review Date* Renewal Date 09;01,2021 O6 01:'2024 Termination Notice Period Committed Delivery Date Expiration Date • 08/31 '2024 Contact Information Contact Info Contact Name Purchasing Contact Type Contact Email Contact Phone 1 Contact Phone 2 Purchasing Approver Purchasing Approved Date Approval Process Department Head TANYA GEISER OH Approved Date 09'08 2021 Final Approval BOCC Approved BOCC Signed Date BOCC Agenda Date 09 13/2021 Originator KJAKUS-HOTCHKISS Finance Approver Legal Counsel Finance Approved Date Legal Counsel Approved Date Tyler Ref # AG091321 Hello