HomeMy WebLinkAbout20160815.tiff RESOLUTION
RE: APPROVE MEMORANDUM OF UNDERSTANDING FOR SAFECARE COLORADO
AND AUTHORIZE CHAIR TO SIGN - NORTHEAST BEHAVIORAL HEALTH, LLC
WHEREAS, the Board of County Commissioners of Weld County, Colorado, pursuant to
Colorado statute and the Weld County Home Rule Charter, is vested with the authority of
administering the affairs of Weld County, Colorado, and
WHEREAS, the Board has been presented with a Memorandum of Understanding for
Safecare Colorado between the County of Weld, State of Colorado, by and through the Board of
County Commissioners of Weld County, on behalf of the Department of Human Services, and
Northeast Behavioral Health, LLC, commencing September 1, 2015, and ending June 30, 2016,
with further terms and conditions being as stated in said memorandum of understanding, and
WHEREAS, after review, the Board deems it advisable to approve said memorandum of
understanding, a copy of which is attached hereto and incorporated herein by reference.
NOW, THEREFORE, BE IT RESOLVED by the Board of County Commissioners of Weld
County, Colorado, that the Memorandum of Understanding for Safecare Colorado between the
County of Weld, State of Colorado, by and through the Board of County Commissioners of Weld
County, on behalf of the Department of Human Services, and Northeast Behavioral Health, LLC,
be, and hereby is, approved.
BE IT FURTHER RESOLVED by the Board that the Chair be, and hereby is, authorized
to sign said memorandum of understanding.
The above and foregoing Resolution was, on motion duly made and seconded, adopted
by the following vote on the 2nd day of March, A.D., 2016, nunc pro tunc September 1, 2015.
BOARD OF COUNTY COMMISSIONERS
WELD`COUNTY, COLORADO
ATTEST: C � W �,rGLO•ei r 8 �-L(�-c.� L2e
GG//� Mike Freeman, Chair
Weld County Clerk to the Board c �-'
- S Conway, Pro-T ( )
BY: 1 ,oi.Q .-i u L�...4'� � / , `�
� •uty Clerk to th Board E It
APPROVED AS TO FORM: isot '`°►
rbara Kirkmeyer •
� 4
County Attorney
.. Steve Moreno
Date of signature: 66U
2016-0815
CG 1 )4s Rein 3laa HR0087
MEMORANDUM
DATE: February 12, 2016
X1861
r " TO: Board of County Commissioners—Pass-Around
FR: Judy A. Griego, Director, Human Services
RE: Weld County Department of Human Services'
Memorandum of Understanding(MOU) with Northeast
Behavioral Health, LLC (NBH)
Please review and indicate if you would like a work session prior to placing this item on the
Board's agenda.
Request Board Approval of the Department's Memorandum of Understanding(MOU)
with Northeast Behavioral Health,LLC(NBH).The Department and NBH are committed to
a prevention partnership that will support vulnerable families, who have a child 5 years of age
or younger, in the home. The partnership is a method to proactively increase protective
capacities, which arc crucial to improving child safety. A comprehensive, community-based
service continuum for families at risk for child maltreatment, is critical to the success of
children, families and the community. This is a non-financial MOU that is effective from
September 1, 2015 through June 30,2016.
I do not recommend a Work Session. I recommend approval of this MOU.
Approve Request
BOCC Agenda Work Session
Sean Conway
Steve Moreno
Barbara Kirkmeyer
Mike Freeman
Julie Cozad
2016-0815
ELP_OO 7
Pass-Around Memorandum; February 12, 2016 - Contract ID 350 Page 1
MEMORANDUM OF UNDERSTANDING
REGARDING SAFECARE®COLORADO
This Memorandum of Understanding("MOU") is made between Northeast Behavioral Health, LLC, a Colorado
limited liability company ("NBH"), and Weld County Department of Human Services, by and through the Weld
County Board of Commissioners ("WCDHS") (collectively, the "Parties"). The Parties agree that Weld County,
Colorado residents can best be served through a cooperative and collaborative approach to service delivery which
eliminates duplication and assures the correct level, intensity and duration of service is provided to meet the
identified needs of eligible children and their families.
1. This MOU is effective from September 1, 2015 through June 30, 2016 as it relates to the
implementation of the SafeCare x Colorado program in Weld County by NBH.
2. This MOU will be reviewed by both parties prior to the ending date to amend, expand or clarify
any section that will be utilized as a template for each subsequent years MOU as it relates to the SafeCare
partnership.
3. Janis Pottorff, Family Connects Program Director at NBH, will act as the liaison for NBH and
Veronica Cavazos will act as the liaison for WCDHS.
4. NBH and WCDHS are committed to many of the same objectives as they pertain to the welfare of
children and families in Weld County. The following objectives are intended to continuously improve the
outcomes for families in the county:
➢ A prevention partnership with vulnerable families who have a child 5 years of age or younger in the home
to proactively increase protective capacities which are crucial to improve child safety.
➢ A comprehensive, community-based service continuum for families at risk for child maltreatment is
critical to the success of children, families, and the community.
➢ Desired goals include:
o To enhance comprehensive, voluntary services
o To increase families' protective capacities
o To reduce assessments of young children (birth through five years)to the child welfare system
➢ Desired outcomes include:
o Increased services and supports to families with young children
o Increase in the number of families utilizing community resources needed by their family
o Increased family involvement in goal planning
o Increase in the number of families with parenting knowledge and skills necessary to anticipate and
meet the educational, physical, and developmental needs of their children
o Increase the number of family homes that have increased safety for young children
o Increase the appropriate use of medical care for young children to promote overall health/wellness
o Improved strength and stability of parental relationships
5. Obligations of NBH:
➢ Will provide a point person for ongoing communication related to SafeCare® Colorado — Jamie Preuss
Morrison.
-D,/ate6�
o Provide monthly updates through email, phone or meetings.
o Will coordinate the required monthly and quarterly meetings both in person and phone.
➢ Provide community-based services to SafeCare® Colorado eligible children and families referred by
WCDHS:
o SafeCare® Colorado home based education covers three major topics: health, home safety, and
parent child interactions.
■ The above-named services are voluntary for families;therefore,families cannot be required
or coerced into participating in services with the provider.
• NBH staff will inform all families of voluntary participation in all sessions.
o Attempt to engage or re-engage clients referred into services through a variety of methods,
including but not limited to; telephone, United States mail, email, and face-to-face attempts.
• 3 attempts: 1) phone/text documented in log; 2)mailing; and 3) follow up phone call or
letter.
➢ NBH shall have staff available to collaborate, participate, and implement the services referred to in this
MOU including:
o Organize and facilitate ongoing implementation meetings referenced above (monthly and
quarterly).
o Present annually to teams at WCDHS to keep them informed about SafeCare®Colorado.
o Provide data and impact reports on regular basis to key WCDHS staff.
o Provide WCDHS marketing materials as needed.
6. Obligations of WCDHS:
➢ WCDHS staff will work with SafeCare of Weld County to ensure referrals, communication and address
any obstacles to implementation.
➢ WCDHS staff will participate in ongoing SafeCare® Colorado implementation meetings.
o WCDHS will have one staff person available for all regularly scheduled conference calls and
attend the quarterly implementation meetings with SafeCare®Colorado.
➢ WCDHS will partner with SafeCare coordinator to clarify why referrals are deemed ineligible by CDHS
➢ WCDHS will work with staff to avoid referral of families that would be ineligible for SafeCare®
Colorado, including:
o Families with an open court case
o Families that are being required to participate; SafeCare® Colorado is voluntary.
➢ Refer families who have children 5 years or younger in the home through the agreed upon service referral
form and method.
o Will provide a point person for ongoing communication related to SafeCare®Colorado referrals
through Trails: Kathi Brown, Prevention Supervisor.
o WCDHS caseworkers will, if able, provide general information and printed materials on
SafeCare® Colorado to families prior to referral
o Will ensure that all required safety assessments are completed prior to referral to SafeCare®
Colorado.
o For children under WCDHS child protection team; referrals to SafeCare® Colorado will be made
through the Trails system.
• WCDHS staff that have involvement with a family will make the SafeCare® Colorado
referral through Trails as part of their process.
2
• For "screen out" referrals that have no contact — Kathi Brown will oversee the Trails
referral.
o TANF staff will use the approved paper form for SafeCare®Colorado referrals and send the NBH
liaison listed in paragraph 4 above, by fax or email.
7. None of the provisions of this MOU is intended to create, nor shall they be deemed or construed
to create, any relationship between and DHS other than that of independent entities contracting solely for the
purposes of effecting the provisions of this MOU. In addition, nothing contained herein shall be construed to
create any partnership, agency, or employment arrangement whatsoever between NBH and WCDHS.
8. Governing Law. This MOU shall be governed by and construed in accordance with the laws of
the State of Colorado.
9. Entire Agreement. This MOU constitutes the entire understanding and agreement between the
Parties with respect to its subject matter and supersedes all prior agreements or understandings, whether written
or unwritten, with respect to the same subject matter.
10. Amendment. This MOU may not be amended or modified except by a written instrument
executed by all Parties.
11. Severability. If any term or condition of this MOU shall be held to be invalid, illegal, or
unenforceable by a court of competent jurisdiction, this MOU shall be construed and enforced without such
provision, to the extent that this Agreement is then capable of execution within the original intent of the parties.
12. Headings. The headings contained in this MOU are inserted solely for the ease of reference and
shall not in any way affect the meaning or interpretation of this MOU.
13. Waiver of Breach. The waiver by any Party of a breach or violation of any provision of this MOU
shall not operate as, or be construed to be, a waiver of any subsequent breach of the same or any other provision
hereof.
14. No Indemnification. Each Party will be responsible for its own acts or omissions that result in
injury or damage to individuals or property that arise as a consequence of the Party's performance of this MOU
whether or not as a result of negligence. This provision shall survive the termination of this MOU.
15. Compliance with Law. Each party shall strictly comply with all applicable Federal and state
laws, rules and regulations in effect or hereafter established, including without limitation, laws applicable to
discrimination and unfair employment practices.
16. Non-Exclusive Agreement. This MOU is nonexclusive and WCDHS may engage or use other
contract professionals or persons to perform services of the same or similar nature.
17. Termination. Notwithstanding any other provision in this MOU, this MOU may be terminated
on the first to occur of the following:
a. Either Party may terminate this MOU, with or without cause and with or without providing reasons
for termination, upon giving the other Party thirty (30)days' prior written notice.
b. Either Party may terminate this MOU for breach upon giving the other Party fourteen(14)days' prior
written notice of intent to terminate and a description of the specific breach of the MOU. If the
3
breaching Party has not cured the breach by the end of the fourteen day notice period, this MOU shall
terminate immediately at the expiration of the fourteen day period.
18. Notices. Notices,requests,and other communications that are required to be in writing must be personally
delivered, mailed by prepaid certified mail,return receipt requested, or sent by overnight carrier,and must be addressed as
follows. Such notice shall be effective as of the date of delivery to the recipient.
If to Covered Entity:
Northeast Behavioral Health
Attn: John C. Rattle, Executive Director
1300 N. 17111 Avenue
Greeley, CO 80631
If to Business Associate:
Weld County Department of Human Services,
by and through the Weld County Board of Commissioners
19. This MOU does not include the reimbursement or exchange of funds between the Parties.
20. The Parties have entered into a HIPAA Business Associate Agreement which shall be effective for
the duration of this MOU except as otherwise provided in said IIIPAA Business Associate Agreement, which is
hereby incorporated into this MOU by reference.
21. However, NBH is advised that as a public entity, WCDHS must comply with the provisions of
C.R.S. § 24-72-201, et seq., with regard to public records, and cannot guarantee the confidentiality of all
documents.
AIThST: Vc440.4.1 ,,�„/ '� BOARD OF COUNTY COMMISSIONERS
Weld Coune o r WELD COUNTY,COLORADO
Ei
By: /4�..�, `(t ;�. '
Deputy Clerk t•) he oard: 1 �`•'�'�
Date: r'J3-D, •-c20/6,
/ ism � Mike Freeman, Chair
+� MAR 0 2 2016
NORTHEAST BEHAVIORAL HEALTH, LLC,
a Colorado limited liability company
r )ce„
(2
By:
John C. Rr attle, Executive Director
Date: / 11
4
020/ - dP5((1
HIPAA Business Associate Agreement
Weld County Department of Human Services, by and through the Weld County Board of
Commissioners ("Business Associate"), acknowledges that it is a business associate of Northeast
Behavioral Health, LLC, a Colorado limited liability company ("Covered Entity") (collectively, the
"Parties"),as defined by the standards for Privacy of Individually Identifiable Health Information under the
Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), as amended by Sections 13400
through 13424 of the Health Information Technology for Economic Clinical Health Act (the "HITECH
Act"),which was enacted as part of the American Recovery and Reinvestment Act of 2009("ARRA"). In
accordance with the terms set forth in the Memorandum of Understanding Regarding SafeCare®Colorado
between the Parties hereto, the Parties shall use reasonable best efforts to protect the privacy of Protected
Health Information.
1. Terms and Terminology.
1.1. Covered Entity shall generally have the same meaning as the term "Covered Entity" at 45
C.F.R. § 160.103, and in reference to the party to this Agreement, shall mean Northeast
Behavioral Health,LLC.
1.2. Business Associate. "Business Associate"shall generally have the same meaning as the term
"Business Associate"at 45 C.F.R. § 160.103,and in reference to the party to this Agreement, shall
mean Weld County Department of Human Services,by and through the Weld County Board
of Commissioners.
1.3. Patient. "Patient"means a patient or client of Covered Entity.
1.4. Terms. Terms used,but not defined, in this HIPAA Business Associate Agreement shall have
the same meaning as those terms in the Privacy Rule or the Security Rule.
1.5. Privacy Rule. "Privacy Rule"shall mean the standards for Privacy of Individually Identifiable
Health Information contained in 45 C.F.R. §§ 160 and 164, Subparts A and E.
1.6. Protected Health Information. "Protected Health Information" and/or "PHI" means
information,whether oral or recorded in any form or medium, including demographic information,
that: (i)relates to the past,present or future physical or mental health or condition of an individual,
the provision of health care to an individual,or the past,present or future payment for the provision
of health care to an individual; (ii)identifies the individual,or for which there is a reasonable basis
for believing that the information can be used to identify the individual; and (iii) is received by
Business Associate from or on behalf of Covered Entity, or is created by Business Associate for
Covered Entity, or is made accessible to Business Associate by Covered Entity. PHI includes,
without limitation, "Electronic Protected Health Information" and/or "EPHI," as that term is
defined at 45 C.F.R. § 160.103.
1.7. Patient Record. "Patient Record"means any item,collection,or grouping of information that
includes Protected Health Information that is maintained,collected,used,or distributed by Covered
Entity.
1.8. Memorandum of Understanding. "Memorandum of Understanding"means the Memorandum
of Understanding Regarding SafeCare® Colorado by and between Covered Entity and Business
Page 1 of 8
Updated 11/12/15
Associate having a term of September 1, 2015 through June 30, 2016, into which this Business
Associate Agreement is incorporated by reference.
1.9. Person. "Person"means any legal entity or individual.
1.10. Security Rule. "Security Rule"means the Security Standards for the Protection of Electronic
Protected Health Information contained in 45 C.F.R. §§160 and 164, Subparts A and C.
1.11. Personal Health Records. "Personal Health Records" means electronic records of personal
health information, regardless of whether the information has been created or received by Covered
Entity, health plan, employer, or health care clearinghouse, in order to distinguish it from
individually identifiable health information that is created or received by Covered Entity, health
plan,employer,or health care clearinghouse. Personal Health Records includes the kinds of records
managed, shared and controlled by or primarily for the Patient, but not records managed by or
primarily for commercial enterprises, such as life insurance companies.
1.12. Unsecured Protected Health Information. "Unsecured Protected Health Information"and/or
"Unsecured PHI" means information that is not secured through the use of a technology or
methodology identified by the Secretary of the U.S. Department of Health and Human Services
(the "Secretary") to render the Protected Health Information unusable, unreadable and
undecipherable to unauthorized users.
2. Business Associate's Obligations.
2.1. Business Associate Subject to Same Standards and Same Penalties as Covered Entity.
Business Associate will comply with the use and disclosure provisions of the Privacy Rule and the
security standards regarding administrative,physical and technical safeguards of the Security Rule.
As set forth in the HITECH Act,Business Associate will be subject to civil and criminal penalties
for violation of the Privacy Rule or the Security Rule.
2.2. Permitted Uses and Disclosures. Business Associate shall use or disclose PHI solely as
necessary to perform the services set forth in the Memorandum of Understanding,and as permitted
or required by this HIPAA Business Associate Agreement or as required by law.
2.3. Safeguards. Business Associate shall use appropriate privacy and security measures to prevent
the use or disclosure of PHI other than as permitted under this HIPAA Business Associate
Agreement. Such measures shall include,but not be limited to: (i)implementing and maintaining
appropriate administrative, physical, and technical safeguards that reasonably and appropriately
protect the confidentiality, integrity, and availability of any EPHI that it creates, receives,
maintains, or transmits on behalf of Covered Entity, as required by the Privacy Rule and Security
Rule; and (ii) taking measures to ensure compliance with standards and implementation
specifications with respect to the administrative,physical, and technical safeguards,as required by
45 C.F.R. §§ 164.308, 164.310, 164.312, and 164.316.
2.4. Mitigation. If Business Associate uses or discloses PHI in a manner other than as permitted
under this HIPAA Business Associate Agreement, Business Associate shall use its reasonable best
efforts to mitigate the effects of the use or disclosure. These efforts shall include, but are not be
limited to, ensuring that the improper use of PHI is discontinued immediately, seeking return or
destruction of the improperly disclosed PHI, and ensuring that any person to whom PHI was
improperly disclosed will not redisclose such information.
Page 2 of 8
Updated 11/i2/15
2.5. Duty to Report. Business Associate shall immediately notify Covered Entity of any use or
disclosure of PHI of which Business Associate is aware that is not expressly authorized under this
HIPAA Business Associate Agreement, whether made by Business Associate, its employees,
representatives, agents, or subcontractors. Business Associate shall also immediately notify
Covered Entity of any attempted or successful unauthorized access, use, disclosure, modification,
or destruction of information, or interference with the system operations in an information system.
Business Associate shall provide in such notice the remedial or other actions taken to correct the
unauthorized use or disclosure.
2.6. Agents. Business Associate will ensure that any of its employees, agents, subcontractors, or
other third parties with which Business Associate does business are aware of and are bound to abide
by Business Associate's obligations under this HIPAA Business Associate Agreement.
2.7. Access to Patient Record. Business Associate understands that a Patient has the right to access
the PIII in its Patient Record in accordance with 45 C.F.R. § 164.524. To provide Patients with
access to Patient Records held by Business Associate, Business Associate agrees to provide access
to, or copies of,any Patient Record upon request by Covered Entity. Covered Entity shall request
access by giving at least 48 hours notice by facsimile, telephone, or electronic mail. Business
Associate may charge Covered Entity for the reasonable costs of copying only if Covered Entity is
allowed under state and federal law to recoup such costs from the Patient.
2.8. Amendments to Patient Record. Business Associate understands that a Patient may have the
right to amend the PHI in its Patient Record. To provide Patients with the ability to amend PHI in
Patient Records held by Business Associate, Business Associate agrees to make amendments to
any Patient Record upon request of Covered Entity. Business Associate shall make such
amendment within 30 days of the written request of Covered Entity.
2.9. Duty to Document Disclosures.
a. Business Associate will document each disclosure it makes of PHI to any other person,
including Covered Entity. The documentation shall include:
i. The date of the disclosure;
ii. The name of the person receiving the PHI, and, if known, the address of such
person;and
iii. A brief statement of the purpose of the disclosure or, instead of such statement, a
copy of the request for disclosure.
b. Notwithstanding Section 2.9(a), Business Associate is not required to document the
following disclosures:
i. Unless otherwise required by Section 2.10,disclosures made for the purpose of,or
incidental to,car►ying out treatment, payment, or health care operations;
ii. Disclosures made prior to April 14, 2003;
iii. Disclosures made to provide the Patient with access to its PHI under Section 2.7;
Page 3 of 8
Updated 11/12/15
iv. Disclosures made pursuant to a Patient's written authorization;
v. Disclosures required by law for national security or intelligence purposes;
vi. Disclosures to correctional institutions or law enforcement officials having lawful
custody of a Patient;
vii. Disclosures made as part of a limited data set;
viii. Disclosures made to persons involved in the individual's care; and
ix. Disclosures made for notification purposes such as in an emergency.
2.10. Accounting of Disclosures. Business Associate understands that a Patient has the right to an
accounting of disclosures of PHI. To provide Patients with such an accounting,Business Associate
will make available the documentation Business Associate has collected in accordance with Section
2.9 upon written request of Covered Entity. Business Associate shall provide the accounting within
30 days of receipt of Covered Entity's request. If disclosures were made by Business Associate
through the use of an electronic health record,the Patient has the right to receive an accounting of
disclosures of personal health records made by Business Associate for treatment, payment, and
health care operations during the previous 3 years.
2.1 1. Minimum Necessary. Business Associate represents and warrants that it will use and disclose
PHI in accordance with the Privacy Rule's"minimum necessary" standards.
2.12. Other Uses and Disclosures. Business Associate will not use or disclose Protected Health
Information in any manner that would not be permissible under the Privacy Rule or the Security
Rule if used or disclosed by Covered Entity.
2.13. Books and Records and Internal Practices. Business Associate agrees to make all internal
practices, books,and records relating to the use and disclosure of PHI available to Covered Entity
or to the Secretary, in a time and manner designated by Covered Entity or the Secretary for the
purposes of the Secretary determining Covered Entity's compliance with the Privacy Rule and the
Security Rule.
2.14. Business Associate's Obligations Regarding Unsecured Protected Health Information.
Business Associate shall comply with the following obligations that relate to Unsecured PHI.
a. Notification of Covered Entity. Business Associate will notify Covered Entity of any
Patient whose Unsecured PHI has been, or is reasonably believed by Business Associate
to have been, inappropriately accessed,disclosed,or used. Such notification shall include
the names and contact information of the Patients involved and shall be made without
unreasonable delay, but in no case later than 30 days following discovery of such breach,
unless delayed for law enforcement purposes.
b. Notification of Patient. Business Associate will notify the Patient by first class mail or by
e-mail (if the Patient has indicated a preference to receive information by e-mail) of any
breaches of Unsecured PHI as soon as possible, but in any event, no later than 60 days
following the discovery of the breach. Business Associate will obtain Covered Entity's
approval of the form and content of the written notification before its issuance.
Page 4 of 8
Updated 11/12/15
c. Posting Notice of Breach. In the event the breach involves 10 or more Patients whose
contact information is out of date, Business Associate will post a notice of the breach on
the home page of its website or in a major print or broadcast media. Business Associate
will obtain Covered Entity's approval of the form and content of the written notice before
its posting.
d. Contacting Media Outlets. If a breach involves more than 500 Patients in a single state or
jurisdiction, Business Associate will send a notice to prominent media outlets. Business
Associate will obtain Covered Entity's approval of the form and content of the written
notice before its issuance to the media outlets.
e. Notice to the Secretary. If a breach involves more than 500 Patients, Business Associate
will immediately notify the Secretary. Business Associate will obtain Covered Entity's
approval of the form and content of the written notice before its issuance.
f. Contents of Notice. The notices required under this Section shall include the following:
i. A brief description of the breach , including the date of the breach and the date of
its discovery, if known;
ii. A description of the types of Unsecured PHI involved in the breach;
iii. Steps the Patient should take to protect himself/herself from potential harm
resulting from the breach;
iv. A brief description of actions Business Associate is taking to investigate the
breach, mitigate losses, and protect against further breaches; and
v. Contact information, including a toll-free telephone number, e-mail address,
website or postal address to permit Patient to ask questions or obtain additional
information.
g. Annual Report to Secretary and Maintenance of Log. Business Associate will submit an
annual report to the Secretary of a breach that involved less than 500 Patients during the
year and will maintain a written log of breaches involving less than 500 Patients.
3. Obligations of Covered Entity.
3.1. Notice of Privacy Practices. To the extent that such limitation or restriction may affect
Business Associate's use or disclosure of PHI, Covered Entity shall provide Business Associate
with a copy of its Notice of Privacy Practices, and notify Business Associate of:
a. Any limitation(s) in its Notice of Privacy Practices;
b. Any changes in, or revocation of,permission by a Patient to use or disclose PHI; and
c. Any restriction to the use or disclosure of PHI to which Covered Entity has agreed,to the
extent that such restriction may affect Business Associate's use or disclosure of PHI.
Page 5 of 8
Updated 11/12/15
3.2. Permissible Requests. Covered Entity shall not request Business Associate to use or disclose
PHI in any manner that would not be permissible under the Privacy Rule if used or disclosed by
Covered Entity.
4. Term and Termination.
4.1. Term. The Term of this HIPAA Business Associate Agreement shall be effective as of the
effective date of the Memorandum of Understanding and shall continue in effect for the duration
of the term of the Memorandum of Understanding or until all obligations of the parties have been
met, whichever is later, unless terminated by mutual agreement of the Parties or as provided in
Section 4.2.
4.2. Termination for Cause. Covered Entity may immediately terminate this HIPAA Business
Associate Agreement and the Memorandum of Understanding if, after providing Business
Associate written notice of the existence of a material breach of this HIPAA Business Associate
Agreement, Business Associate fails to, or is unable to, cure the breach upon mutually agreeable
terms within ten(10)days.
4.3. Effect of Termination.
a. Except as provided in Section 4.3(b), upon expiration or termination of the Memorandum
of Understanding for any reason, Business Associate shall return or destroy all PHI,
including PHI that is in the possession of subcontractor or agents of Business Associate.
Business Associate shall retain no copies of PHI.
b. To the extent that it is not feasible for Business Associate to return or destroy all PHI,then
i. Business Associate's obligations under this HIPAA Business Associate
Agreement shall continue for as long as Business Associate maintains such PHI;
and
ii. Business Associate's further uses and disclosures of PHI shall be limited to those
purposes that make it not feasible for Business Associate to return or destroy the
information for as long as Business Associate maintains such PHI.
5. Miscellaneous Provisions.
5.1. Notice. Notices, requests, and other communications that are required to be in writing must
be personally delivered, mailed by prepaid certified mail, return receipt requested, or sent by
overnight carrier, and must be addressed as follows. Such notice shall be effective as of the date
of delivery to the recipient.
If to Covered Entity:
Northeast Behavioral Health
Attn:John C. Rattle, Executive Director
1300 N. l7''Avenue
Greeley,CO 80631
If to Business Associate:
Weld County Department of Human Services,
Page 6 of 8
Updated 11/12/15
by and through the Weld County Board of Commissioners
5.2. Mutual Representation and Warranty. Business Associate and Covered Entity each represents
and warrants to the other that all of its employees,agents,representatives,and members of its work
force, whose services may be used to fulfill obligations under this Business Associate Agreement
and/or the Memorandum of Understanding, are or shall be appropriately informed of the terms of
this Business Associate Agreement and are under legal obligation to fully comply with all
provisions of this Business Associate Agreement.
5.3. Business Associate Warranty. To the extent required by law or regulations,Business Associate
warrants that it has implemented a Red Flags Program in accordance with the Federal Trade
Commission's Identity Theft Prevention Red Flags Rule, 16 C.F.R. §681.1 et seq.,or that it agrees
to comply with Covered Entity's Red Flags Program.
5.4. No Third Party Beneficiaries. Nothing express or implied in this Business Associates
Agreement is intended to confer,or shall confer,any rights,remedies,or liabilities upon any person
other than Business Associate and Covered Entity.
5.5. Effect of Assignment. This Business Associate Agreement shall be binding upon and shall
inure to the benefit of Business Associate and Covered Entity and their respective transferees,
successors and assigns,except that Business Associate shall not have the right to assign or transfer
this HIPAA Business Associate Agreement, or Business Associate's rights and obligations
hereunder, without Covered Entity's prior written consent. Upon assignment or transfer of this
Business Associate Agreement, Business Associate shall return or destroy all PHI in accordance
with the terms set forth in Section 4.3.
5.6. Regulato,y References. A reference in this HIPAA Business Associate Agreement to a section
in the Privacy Rule or the Security Rule or a term defined in the Privacy Rule or the Security Rule
means the section or definition as in effect or as amended.
5.7. Amendment. Business Associate and Covered Entity agree to take such action to amend this
HIPAA Business Associate Agreement as is necessary for Covered Entity to comply with the
requirements of the Privacy Rule and the Security Rule.
5.8. Survival. The respective rights and obligations of Business Associate under this HIPAA
Business Associate Agreement shall survive the termination of this HIPAA Business Associate
Agreement and the Memorandum of Understanding.
5.9. Interpretation. Any ambiguity in this HIPAA Business Associate Agreement shall be resolved
to permit Covered Entity to comply with the Privacy Rule and the Security Rule.
5.10. Captions and Headings. The captions and headings in this HIPAA Business Associate
Agreement are included for convenience and reference only,and shall in no way be held or deemed
to define, limit, describe, explain, modify, amplify or add to the interpretation, construction or
meaning of, or the scope or intent of,this HIPAA Business Associate Agreement.
Page 7 of 8
Updated 11/12/15
IN WITNESS WHEREOF, Covered Entity and Business Associate have executed or caused the
execution of this HIPAA Business Associate Agreement.
Covered Entity:
NORTHEAST BEHAVIORAL HEALTH,LLC,
a Colorado limited liability company
By:
John '. Rattle
Its: Executive Director
Date: \ `I ) 1 \o
Business Associate: Cam(
ATTEST: d:arrdo,A „ v ;� BOARD OF COUNTY COMMISSIONERS
Weld County Clerk to the Board WELD COUNTY, COLORADO
/ /
By: '�S ' - % ,l�i/_1
Deputy C 1 rk to the Boa,r�ti \ �Z�`Ike Freeman, Chair MAR 0 2 2. Y6
361 ;i9'
Page 8 of 8
Updated 11/12/15
0,20/6 oP5���
Hello