The URL can be used to link to this page

Home My WebLink AboutAgreement A-22-231 with Netsmart.pdf Agreement No. 22-231 1 AGREEMENT 2 THIS AGREEMENT is made and entered into this Th day of June 2022 by and 3 between the COUNTY OF FRESNO, a Political Subdivision of the State of California, hereinafter 4 referred to as "COUNTY", and, Netsmart Technologies, Inc., a Delaware Corporation, whose 5 address is 4950 College Boulevard, Overland Park, Kansas 66212, hereinafter referred to as 6 "CONTRACTOR". COUNTY and CONTRACTOR are each a "party" to this Agreement and are 7 collectively, the "parties" to this Agreement. 8 WITNESSETH: 9 WHEREAS, COUNTY is in need of an electronic medical records system for its Department of 10 Behavioral Health (DBH); 11 WHEREAS, CONTRACTOR can provide an electronic medical records system (Avatar) 12 including the hosting of the software, and technical support; 13 NOW, THEREFORE, in consideration of their mutual covenants and conditions, the parties 14 hereto agree as follows: 15 1. DEFINITIONS 16 As used in this Agreement, the following definitions apply to capitalized terms: 17 A. "Applicable Law" means, in the case of software compliance, Federal or State of 18 California law, rules or regulations that relate to the functionality of the Software. In all other cases 19 Applicable Law means Federal, State of California or local laws, rules and regulations that apply to the 20 conduct of CONTRACTOR's general business operations. 21 B. "Encumbrance" means the process by which amounts payable under this 22 Agreement are posted to the COUNTY's financial records for the payment then due under this 23 Agreement, reducing the related appropriations balance. 24 C. "Charges" means the amounts to be paid by COUNTY for the right to use the 25 Licensed Programs, for services provided to COUNTY and for hardware or other Third Party Products 26 acquired by COUNTY under the terms of this Agreement. The Charges and Payment Terms are 27 described in Schedule A, attached hereto and by this reference incorporated herein and made part of 28 this Agreement. - 1 - 1 D. "Hardware Configuration" means the computer hardware required to install and 2 operate the Licensed Programs. A description of the recommended Hardware Configuration is set 3 forth in Schedule B, attached hereto and by this reference incorporated herein and made part of this 4 Agreement. 5 E. "COUNTY Database" means a collection of data records that are maintained as 6 a single logical area on a single computer system that is used, accessed, or acted upon by Licensed 7 Programs. 8 F. "Licensed Programs" means both the Netsmart Programs and the Third Party 9 Programs. 10 G. "Netsmart Programs" means the CONTRACTOR's computer programs in object 11 code form and their associated documentation. Schedule A lists separately the various modules of the 12 CONTRACTOR Programs purchased by COUNTY. 13 H. "Problem or Defect" means any failure of the Licensed Programs to operate in 14 substantial conformance with the Specifications. 15 I. "Specifications" means the description and features of the Licensed Programs 16 as set forth in the documentation relating to the Licensed Programs supplied to COUNTY by 17 CONTRACTOR hereunder. 18 J. "Support Services" means the maintenance and support services to be provided 19 by CONTRACTOR in accordance with Schedule C, attached hereto and by this reference incorporated 20 herein and made part of this Agreement. 21 K. "Third Party Products" means any product acquired by CONTRACTOR from an 22 outside vendor on behalf of COUNTY under the terms of this Agreement. Third Party Products 23 consisting of software are called Third Party Programs. Third Party Products are described in 24 Schedule A. 25 2. LICENSED PROGRAMS 26 A. CONTRACTOR hereby grants COUNTY a non-exclusive, royalty-free, perpetual 27 (subject only to termination under Section 15) non-transferable license to use the Licensed Programs 28 in object code form only: - 2 - 1 1) for COUNTY's internal business purposes and not to process the data of 2 any other entity; 3 2) to support the number of COUNTY Databases and the number of named 4 users of the CONTRACTOR Programs set forth in Schedule A; 5 3) on the number of servers, operating system and for access by the 6 maximum number of simultaneous users or other such restrictions of the Third Party Products as set 7 forth in Schedule A; 8 The foregoing license grant may be exercised by COUNTY and its employees 9 and independent contractors (provided that such independent contractors undertake in writing to be 10 bound by all applicable restrictions in this Agreement) (collectively, "COUNTY Personnel") on 11 COUNTY's equipment for COUNTY's internal business purposes provided they are added as named 12 users for the Licensed Programs. 13 B. Except as expressly stated in this Agreement, no other rights, express, implied 14 or otherwise are granted to COUNTY. 15 C. The Third Party Products are licensed subject to the same restrictions as are set 16 forth in Section 2(a) above as well as such other restrictions as may be set forth in Schedule A. 17 D. Nothing in this Agreement will be deemed to convey any title or ownership 18 interest in the Licensed Programs to COUNTY. COUNTY acknowledges CONTRACTOR's rights and 19 the rights of the owner of the Third Party Programs in the Licensed Programs and agrees that the 20 Licensed Programs are trade secrets and unpublished works on which CONTRACTOR and such third 21 party(s) hold and will hold the sole and exclusive copyright. COUNTY will not dispute the rights of 22 CONTRACTOR and the third party(s) in the Licensed Programs and will not sell, disclose, lease, 23 sublease, lend or otherwise make the Licensed Programs available to others including third party 24 hosting providers. 25 E. No copies of the Licensed Programs may be made by COUNTY without the 26 prior written consent of CONTRACTOR except for backup purposes in accordance with normal data 27 processing practices. COUNTY agrees to reproduce any copyright notices and/or other proprietary 28 legends, regardless of form, contained in, affixed to, or appearing on the Licensed Programs. - 3 - 1 F. COUNTY will not disassemble or reverse engineer any of the Licensed 2 Programs nor attempt to access or modify the source code version of the Licensed Programs and will 3 not make any derivations, adaptations, or translations of the Licensed Programs in whole or in part, 4 nor use the Licensed Programs to develop functionally similar computer software or to otherwise 5 compete with CONTRACTOR. 6 G. If suggestions made by COUNTY are incorporated into subsequent versions of 7 the Licensed Programs, COUNTY hereby assigns to CONTRACTOR all rights COUNTY may have in 8 and to any suggestions, concepts, or improvements concerning the Licensed Programs that may result 9 from COUNTY communications to CONTRACTOR. 10 H. Escrow Program. The license herein does not include any rights to the source 11 code for the CONTRACTOR Programs. CONTRACTOR has established a source code escrow 12 program with an affiliate of Iron Mountain Incorporated ("Escrow Agent") under which it has deposited 13 a copy of the CONTRACTOR Program source code and source code documentation in electronic 14 format with the Escrow Agent. CONTRACTOR deposits with the Escrow Agent, updates, changes, 15 alterations, or modifications to the code for the CONTRACTOR Programs on a quarterly basis. If 16 COUNTY elects to receive the benefit of the Escrow Program, COUNTY will pay the annual 17 subscription fee as stated in Schedule A. 18 I. Upon CONTRACTOR's request and with reasonable notice, COUNTY agrees to 19 provide CONTRACTOR with verification as to the number of users using the Licensed Programs or 20 allow CONTRACTOR or its authorized agent to independently audit COUNTY's database to verify the 21 same. Should this verification identify usage of the Licensed Programs in excess of the number of 22 licensed users, COUNTY agrees to immediately pay CONTRACTOR's invoice for the then-current 23 prices for such Licensed Programs for each additional user license. 24 3. COMPLIANCE WITH APPLICABLE LAW & TERMS OF GRANT 25 A. Compliance with Law. In providing services under this Agreement, 26 CONTRACTOR shall comply with all Applicable Laws, regulations, and administrative requirements 27 adopted by Federal, State, and local governments including, but not limited to, Welfare and Institutions 28 Code, Divisions 5, 6, and 9; California Code of Regulations, Titles 9 and 22; any Short-Doyle and - 4 - 1 Short-Doyle/Medi-Cal policies as identified in Department of Health Care Services letters and in the 2 Cost Reporting/Data Collection (CR/DC) Manual. In addition, if CONTRACTOR is providing Medi-Cal 3 services pursuant to this Agreement, CONTRACTOR shall comply with Title XIX of the Social Security 4 Act, and all other Applicable Laws, regulations and guidelines pertaining to Federally funded mental 5 health programs, including all requirements necessary for Medicaid/Medi-Cal reimbursement for 6 mental health treatment services. 7 4. HARDWARE 8 CONTRACTOR will be responsible for all hardware necessary to host the database, 9 application, and provide remote access to the Avatar suite of applications to COUNTY on 10 CONTRACTOR premises. 11 5. SERVICES 12 A. The categories of services to be provided by CONTRACTOR are as follows: 13 1) Provide software license subscriptions; 14 2) Provide software maintenance/support services including technical 15 support; and 16 3) Provide recurring services and support associated with a 17 CONTRACTOR-hosted solution, which entails the management of the hardware, software, and 18 database that will reside on CONTRACTOR premises for access by COUNTY. 19 B. The details of the services is defined pursuant to the following sections of this 20 Agreement: 21 1) Schedule B: Hardware Configuration — details the minimum COUNTY 22 hardware requirements to remotely access the Avatar software and database hosted by 23 CONTRACTOR. 24 2) Schedule C: Support Services — defines the recurring technical support 25 and maintenance services provided by CONTRACTOR during the term of this Agreement. 26 3) Schedule D, attached hereto and by this reference incorporated herein 27 and made part of this Agreement: Confidentiality of Patient Information 28 4) Schedule E, attached hereto and by this reference incorporated herein - 5 - 1 and made part of this Agreement: Qualified Service Organization/Business Associates Agreement. 2 5) Schedule F, attached hereto and by this reference incorporated herein 3 and made part of this Agreement: Netsmart Hosting Addendum —describes the services and 4 infrastructure provided by CONTRACTOR under hosting components and hosting scope of services 5 agreement 6 6) Schedule G, attached hereto and by this reference incorporated herein 7 and made part of this Agreement: Netsmart Subscription Products Addendum — describes the 8 services and infrastructure provided for subscription-based solutions as well as the Service Level 9 Agreement for said solutions. 10 6. TERM OF AGREEMENT 11 A. The initial term of this Agreement shall be for a period of two (2) years, 12 commencing on July 1, 2022 through and including June 30, 2024 ("Initial Term"). 13 B. Upon the expiration of the Initial Term, the terms of this Agreement shall be 14 extended for three (3) additional consecutive twelve (12) month periods upon the same terms and 15 conditions herein set forth, unless written notice of non-renewal is given no later than thirty (30) days 16 prior to the close of the current Agreement term by COUNTY's DBH Director, or designee,or 17 CONTRACTOR. 18 7. COMPENSATION AND PAYMENTS 19 COUNTY agrees to pay, and CONTRACTOR agrees to receive, compensation for the 20 performance of its services under this Agreement as described in this section. 21 A. Maximum Contract Amount 22 The maximum compensation payable to CONTRACTOR under this Agreement 23 for the first year of the Initial Term (July 1, 2022 through June 30, 2023) shall not exceed One Million 24 Nine Hundred Twenty-Two Thousand Eighteen and No/100 Dollars ($1,922,018.00). 25 The maximum compensation payable to CONTRACTOR under this Agreement 26 for the second year of the initial term (July 1, 2023 through June 30, 2024) shall not exceed One 27 Million Nine Hundred Twenty-Three Thousand Nine Hundred Ninety-Six and No/100 Dollars 28 ($1,923,996.00). - 6 - 1 The maximum compensation payable to CONTRACTOR under this Agreement 2 first twelve-month extension period (July 1, 2024 through June 30, 2025) shall not exceed Two 3 Hundred Twelve Thousand Eight Hundred Seventy-One and No/100 Dollars ($212,871.00). 4 The maximum compensation payable to CONTRACTOR under this Agreement 5 next twelve-month extension period (July 1, 2025 through June 30, 2026) shall not exceed Two 6 Hundred Fifteen Thousand Three Hundred Eighty-Six and No/100 Dollars ($215,386.00). 7 The maximum compensation payable to CONTRACTOR under this Agreement 8 last twelve-month extension period (July 1, 2026 through June 30, 2027) shall not exceed Two 9 Hundred Eighteen Thousand One and No/100 Dollars ($218,001.00). 10 In no event shall the maximum compensation payable to CONTRACTOR under 11 this Agreement be in excess of Four Million Four Hundred Ninety-Two Thousand Two Hundred 12 Seventy-Two and No/100 Dollars ($4,492,272.00) during the total five (5) year term of this Agreement. 13 B. In consideration of the licenses granted hereunder, Services to be performed 14 and Third Party Products to be provided by CONTRACTOR, COUNTY agrees to pay CONTRACTOR 15 the Charges at the times and in the amounts set forth in Schedule A. 16 C. Negotiations for rate changes shall be commenced, by CONTRACTOR, a 17 minimum of ninety days (90) prior to the renewal date of this Agreement, and subject to the maximum 18 rate increase as defined in Schedule A. 19 D. Invoice amounts shall be billed directly to the ordering department. 20 E. CONTRACTOR shall reference this Agreement number on all invoices 21 submitted to the COUNTY. The invoice shall set forth the amounts. CONTRACTOR shall submit such 22 invoice periodically or at the completion of services, but in any event, not later than claimed by 23 CONTRACTOR for the previous period, together with an itemized basis for the amounts claimed, and 24 such other information pertinent to the invoice. The COUNTY shall certify the invoice, either in the 25 requested amount or in such other amount as the COUNTY approves in conformity with this 26 Agreement. Payments shall be made by COUNTY to CONTRACTOR within forty-five (45) days after 27 the date of receipt and approval by COUNTY of the invoice. 28 8. TAXES - 7 - 1 The Charges set forth in this Agreement do not include any taxes. The COUNTY is not 2 subject to pay any taxes on Charges set forth in this Agreement. 3 9. INDEMNIFICATION 4 A. Indemnification by CONTRACTOR: Intellectual Property Infringement. In the 5 event of any claim by a third party against COUNTY (the "Claim"), alleging that the use of the Licensed 6 Programs infringes upon any intellectual property rights of such third party, COUNTY will promptly 7 notify CONTRACTOR and CONTRACTOR will defend COUNTY and its officers, agents, and 8 employees against such Claim in COUNTY's name but at CONTRACTOR's expense, and will 9 indemnify and hold harmless COUNTY against any liability paid by COUNTY, including but not limited 10 to attorneys' fees and disbursements, arising out of such Claim. In the event such an infringement is 11 found and CONTRACTOR cannot either procure the right to continued use of the Licensed Programs, 12 or, within forty-five (45) days of such finding, and, if CONTRACTOR has a right to appeal, the 13 exhaustion of those rights by CONTRACTOR, (unless such period is extended by COUNTY), replace 14 or modify the Licensed Programs with a non-infringing program of comparable quality and 15 functionality, then CONTRACTOR shall terminate the license of the Licensed Programs, and will 16 refund to COUNTY all license fees, paid by COUNTY, pursuant to this Agreement, reduced by 1/24th 17 for each full month from the date of first use of the Licensed Programs, until the date of termination. 18 CONTRACTOR will not have any liability under Section 10(b), and CONTRACTOR will be indemnified 19 by COUNTY with respect to any Claim, to the extent that the Claim is based upon (i) the use of the 20 Licensed Programs in combination with other products or services not made or furnished by 21 CONTRACTOR, provided that the Licensed Programs alone are not the cause of such Claim; or (ii) 22 the modification of the Licensed Programs or any portion thereof by anyone other than 23 CONTRACTOR, provided that the Licensed Programs in unmodified form are not the cause of such 24 Claim. 25 B. Indemnification by COUNTY: Failure to Use Licensed Programs as Permitted. 26 COUNTY will indemnify and hold harmless CONTRACTOR from and against all claims, suits or 27 actions by any third party against CONTRACTOR (the "Claims") relating to, arising out of or resulting 28 from COUNTY's failure to use the Licensed Programs as permitted under this Agreement, or any claim - 8 - 1 by any party receiving services from COUNTY ("Claim for Services"). CONTRACTOR shall provide 2 COUNTY with prompt notice of any such Claims or Claim for Services, allow COUNTY sole control of 3 the defense, and shall fully cooperate with COUNTY in defending the Claims or Claim for Services. 4 10. WARRANTIES 5 A. Licensed Programs. CONTRACTOR warrants that the Licensed Programs will 6 substantially conform in all material respects with the requirements of this Agreement and their 7 Specifications. If a Problem or Defect occurs while COUNTY is receiving Support Services, 8 CONTRACTOR will correct the Problem or Defect in accordance with the Support Services provisions 9 set forth in Schedule C. 10 B. Infringement. CONTRACTOR further represents and warrants that it has the 11 right to grant the licenses granted to COUNTY hereunder and that to the best of CONTRACTOR's 12 knowledge the Licensed Programs do not infringe upon or violate the United States patent rights of 13 any third party and do not infringe upon or violate the copyright, or trade secret right of any third party. 14 C. The limited warranty described under Section 10(a) will not apply unless the 15 COUNTY's hardware and software system components meet CONTRACTOR's minimum 16 requirements as described in Schedule C. 17 D. Third Party Programs. In the event CONTRACTOR provides any Third Party 18 Programs to COUNTY in connection with this Agreement, the following shall apply: (1) CONTRACTOR 19 shall specifically identify in writing all Third Party Programs in Schedule A; (2) CONTRACTOR shall 20 attach to Schedule A written copies of all third party license pass through terms applicable to 21 COUNTY; and (3) CONTRACTOR warrants that (i) it has the right to license any Third Party Programs 22 licensed to COUNTY under this Agreement; (ii) to the best of CONTRACTOR's knowledge, the Third 23 Party Programs do not, and the use of the Third Party Programs by COUNTY as contemplated by this 24 Agreement will not, infringe any intellectual property rights of any third party, and (iii) unless 25 specifically provided otherwise herein, COUNTY shall have no obligation to pay any third party any 26 fees, royalties, or other payments for COUNTY's use of any Third Party Programs in accordance with 27 the terms of this Agreement. CONTRACTOR shall support and maintain all such Third Party Programs 28 to the same extent as the Licensed Programs. - 9 - 1 Viruses and Disabling Mechanisms. CONTRACTOR shall use commercially 2 reasonable measures to screen the Licensed Programs to avoid introducing any virus or other 3 destructive programming that are designed (1) to permit unauthorized access or use by third parties to 4 the software installed on COUNTY's systems, or (ii) to disable or damage COUNTY's systems. 5 CONTRACTOR shall not insert into the Licensed Programs any code or other device that would have 6 the effect of disabling or otherwise shutting down all or any portion of the Licensed Programs. 7 CONTRACTOR shall not invoke such code or other device at any time, including upon expiration or 8 termination of this Agreement for any reason. 9 E. Services. CONTRACTOR warrants that all services provided by CONTRACTOR 10 to COUNTY under this Agreement shall be performed in a workmanlike manner. 11 F. No Litigation. CONTRACTOR further warrants there is no pending or threatened 12 litigation that would have a material adverse impact on its performance under this Agreement. 13 G. Compliance with Applicable Law. CONTRACTOR warrants that the services 14 provided under this Agreement and COUNTY's permitted use of the Licensed Programs shall comply 15 with applicable Federal, State laws and regulations. 16 H. Authority. CONTRACTOR has the full power, capacity and authority to enter into 17 and perform this Agreement and to make the grant of rights contained herein. 18 11. LIMITATION OF WARRANTY 19 The foregoing warranties are in lieu of all other warranties and conditions express or 20 implied, whether in relation to the Licensed Programs, hardware or the provision of any services 21 including, but not limited to, those concerning merchantability and fitness for a particular purpose or 22 arising by trade usage or course of dealing. COUNTY's exclusive remedy in the event of a breach of 23 the Section 10(a) warranty and CONTRACTOR's sole obligation is to modify the software to eliminate 24 the problem or defect. COUNTY's exclusive remedy in the event of a breach of the Section 10(b) 25 warranty is set forth in Section 9. 26 12. LIMITATIONS OF LIABILITY 27 A. Limitation on Specified Damages. Except for breach of the warranty in Section 28 10(b) (Infringement), and Section 9 (Indemnification), in no event will either party be liable to the other - 10 - 1 for any indirect, special, incidental, consequential, punitive, or exemplary damages (including damages 2 related to delays, loss of data, interruption of service or loss of business or profits or revenue), even if 3 the party has been advised of the possibility of such damages and regardless of whether any remedy 4 fails of its essential purpose. 5 B. Limitation on Cumulative Liability. Except for the parties' respective express 6 indemnity obligations in Section 9 (Indemnification) the cumulative liability of one party to the other 7 party for any actual or alleged damages arising out of, based on or relating to this Agreement, whether 8 based upon breach of contract, tort (including negligence), warranty or any other legal theory, will not 9 exceed the total fees paid by COUNTY to CONTRACTOR under this Agreement or$2,000,000, 10 whichever is greater. 11 13. INSURANCE 12 A. Evidence of Coverage: Prior to commencement of this Agreement, the 13 CONTRACTOR shall provide a "Certificate of Insurance" certifying that coverage as required herein 14 has been obtained. Individual endorsements executed by the insurance carrier shall accompany the 15 certificate. In addition, a certified copy of the policy or policies shall be provided by the 16 CONTRACTOR upon request. 17 This verification of coverage shall be sent to the County of Fresno, Department 18 of Behavioral Health, 3133 N. Millbrook Avenue, Fresno, California 93703, Attention: Contracts 19 Division, unless otherwise directed. The CONTRACTOR shall not receive a "Notice to Proceed" with 20 the work under this Agreement until it has obtained all insurance required and such insurance has 21 been approved by the COUNTY. This approval of insurance shall neither relieve nor decrease the 22 liability of the CONTRACTOR. 23 B. Qualifying Insurers: All coverages, except surety, shall be issued by companies 24 which hold a current policy holder's alphabetic and financial size category rating of not less than A 25 FSC VI I, according to the current Best's Key Rating Guide or a company of equal financial stability that 26 is approved by the COUNTY. 27 C. Insurance Coverage Requirements: Without limiting CONTRACTOR's duty to 28 indemnify, CONTRACTOR shall maintain in effect throughout the term of this Agreement a policy or - 11 - 1 policies of insurance with the following minimum limits of liability: 2 1) Commercial General Liability 3 Commercial General Liability Insurance with limits of not less than Two 4 Million Dollars ($2,000,000) per occurrence and an annual aggregate of 5 Five Million Dollars ($5,000,000). This policy shall be issued on a per occurrence basis. COUNTY may require specific coverage including 6 completed operations, product liability, contractual liability, Explosion, Collapse, and Underground (XCU), fire legal liability or any other liability 7 insurance deemed necessary because of the nature of the Agreement. 8 2) Automobile Liability 9 Comprehensive Automobile Liability Insurance with limits of not less than 10 One Million Dollars ($1,000,000.00) per accident for bodily injury and for property damages. Coverage should include any auto used in 11 connection with this Agreement. 12 3) Real and Property Insurance 13 CONTRACTOR shall maintain a policy of insurance for all risk personal property coverage which shall be endorsed naming the County of Fresno 14 as an additional loss payee. The personal property coverage shall be in 15 an amount that will cover the total of the COUNTY purchase and owned property. 16 All Risk Property Insurance 17 CONTRACTOR will provide property coverage for the full replacement 18 value of the COUNTY'S personal property in possession of CONTRACTOR and/or used in the execution of this Agreement. 19 COUNTY will be identified on an appropriate certificate of insurance as 20 the certificate holder and will be named as an Additional Loss Payee on the Property Insurance Policy. 21 4) Professional Liability 22 If CONTRACTOR employs licensed professional staff(e.g. Ph.D., R.N., 23 L.C.S.W., M.F.T.) in providing services, Professional Liability Insurance with limits of not less than One Million Dollars ($1,000,000) per 24 occurrence, Three Million Dollars ($3,000,000) annual aggregate. 25 CONTRACTOR agrees that it shall maintain, at its sole expense, in full force and effect for a period of three (3) years following the termination of 26 this Agreement, one or more policies of professional liability insurance with limits of coverage as specified herein. 27 5) Worker's Compensation 28 - 12 - 1 A policy of Worker's Compensation Insurance as may be required by the California Labor Code. 2 3 D. Other Insurance Requirements: All insurance required by this Agreement shall 4 be with a company acceptable to the COUNTY and issued and executed by an admitted insurer 5 authorized to transact Insurance business in the State of California. Unless otherwise specified by this 6 Agreement, all such insurance shall be written on an occurrence basis, or, if the policy is not written on 7 an occurrence basis, such policy with the coverage required herein shall continue in effect for a period 8 of three years following the date CONTRACTOR completes its performance of services under this 9 Agreement. 10 E. COUNTY shall be given notice in writing at least thirty days in advance of any 11 endorsed reduction in coverage or limit, cancellation, or intended non-renewal thereof. Each policy 12 shall provide coverage for CONTRACTOR and additional insureds with respect to claims arising from 13 each subcontractor, if any, performing work under this Agreement, or be accompanied by a certificate 14 of insurance from each subcontractor showing each subcontractor has identical insurance coverage to 15 the above requirements. 16 F. Commercial general liability and automobile liability policies shall provide an 17 endorsement naming the County of Fresno, its officers, agents, and employees as Additional Insureds 18 with respect to liability arising out of the CONTRACTOR's work, including ongoing and completed 19 operations, and shall further provide that such insurance is primary insurance to any insurance or self- 20 insurance maintained by the COUNTY and that the insurance of the Additional Insureds shall not be 21 called upon to contribute to a loss covered by the CONTRACTOR's insurance. 22 G. Within thirty (30) days from the date CONTRACTOR signs this Agreement, 23 CONTRACTOR shall file certificates of insurance with the County of Fresno, Department of Behavioral 24 Health, 3133 N. Millbrook Avenue, Fresno, California 93703, Attention: Contracts Division, showing 25 that the CONTRACTOR has in effect the insurance required by this Agreement. The insurance shall 26 not be cancelled or changed without a minimum of thirty (30) days advance written notice given to 27 COUNTY. The CONTRACTOR shall file a new or amended certificate of insurance within five 28 calendar days after any change is made in any insurance policy, which would alter the information on - 13 - 1 the certificate then on file. Acceptance or approval of insurance shall in no way modify or change the 2 indemnification clause in this Agreement, which shall continue in full force and effect. 3 H. CONTRACTOR shall at all times during the term of this Agreement maintain in 4 force the insurance coverage required under this Agreement and shall send, without demand by 5 COUNTY, annual certificates to County of Fresno, Department of Behavioral Health, 3133 N. Millbrook 6 Avenue, Fresno, California 93703, Attention: Contracts Division. If the certificate is not received by the 7 expiration date, COUNTY shall notify CONTRACTOR and CONTRACTOR shall have five calendar 8 days to send in the certificate, evidencing no lapse in coverage during the interim. Failure by 9 CONTRACTOR to maintain such insurance is a default of this Agreement, which entitles COUNTY, at 10 its sole discretion, to terminate this Agreement immediately. 11 14. ACCESS TO AND AUDIT OF RECORDS 12 A. Maintenance of Records. CONTRACTOR shall maintain records indicating the 13 nature and extent of all services performed and all payments received under this Agreement for a 14 period of five (5) years after completion of all services pursuant to this Agreement or until all disputes, 15 claims, litigation, or audits have been resolved, whichever occurs later. CONTRACTOR shall maintain 16 such records in a form conforming with generally accepted standards and applicable law. Government 17 Code § 8546.7 makes any expenditure of public funds over $10,000 subject to the examination and 18 audit of the State Auditor for a period of three (3) years after final payment under the Agreement. 19 B. Right to Inspect Records. The COUNTY, State Department of Health Care 20 Services, the Comptroller General of the United States, the U.S. Department of Health and Human 21 Services, and other authorized Federal and State agencies shall have the right to inspect any and all 22 books, records, and facilities maintained by CONTRACTOR during normal business hours to evaluate 23 the use of funds and the cost, quality, appropriateness, and timeliness of services. 24 C. Overpayment. If the results of any audit show that the funds paid to 25 CONTRACTOR under this Agreement exceeded the amount due, then CONTRACTOR shall pay the 26 excess amount to COUNTY in cash not later than sixty (60) days after the final audit settlement; or, at 27 COUNTY's election, COUNTY may recover the excess or any portion of it by offsets made by 28 COUNTY against any payment(s) owed to CONTRACTOR under this or any other Agreement. - 14 - 1 D. Responsibility for Audit Exceptions. Any and all audit exceptions by COUNTY 2 or any state or federal agency resulting from an audit of CONTRACTOR's performance of this 3 Agreement, or actions by CONTRACTOR, its officers, agents, and employees shall be the sole 4 responsibility of the CONTRACTOR. 5 15. TERMINATION 6 A. Termination without Cause. The COUNTY reserves the right to terminate this 7 Agreement, or any extension of this Agreement, without cause, with a thirty day (30) written notice. 8 B. Termination for Cause. Either party may terminate this Agreement for cause, if 9 the other party is in default of any of its material obligations hereunder, and has not commenced cure 10 within thirty (30) days after receiving written notice of default, and affected the cure within ninety (90) 11 days of receipt of notice of default from the other party. In the event cure cannot reasonably be 12 affected within ninety (90) days, a party may choose not to cancel this Agreement if the other party 13 acts diligently during the ninety (90) day period following its receipt of notice and completes the cure 14 promptly thereafter. 15 C. Termination or Amendment in Response to Reduction of Government Funding. 16 Notwithstanding any other provision of this Agreement, if Federal, State or local government 17 terminates or reduces its funding to the COUNTY for services that are to be provided under this 18 Agreement, COUNTY, in its sole and absolute discretion after consultation with the CONTRACTOR, 19 may elect to terminate this Agreement by giving written notice of termination to CONTRACTOR 20 effective immediately or on such other date as COUNTY specifies in the notice. Alternatively, 21 COUNTY and CONTRACTOR may mutually agree to amend this Agreement in response to a 22 reduction in Federal, State or local funding. 23 D. Termination for Transition to an Alternative System. The COUNTY reserves the 24 right to terminate this Agreement, or any extension of this Agreement, in conjunction with a transition 25 to another contractor's alternative electronic health records system with a thirty day (30) written notice. 26 E. In the event of termination without cause pursuant to Section 15 (a) 27 CONTRACTOR shall within thirty (30) days of receipt of notice of termination submit to the COUNTY 28 all outstanding invoices for services provided prior to the effective date of the termination. Payment - 15 - 1 shall be made by the COUNTY to the CONTRACTOR within forty-five (45) days after the date of 2 receipt and approval by COUNTY. 3 F. In the event this Agreement is terminated pursuant to Section 15(b) solely due 4 to a breach by COUNTY of license rights contained in Section 2, COUNTY will, within thirty (30) days 5 of the date of termination of this Agreement, erase from all computer storage any image or copies of 6 the Licensed Programs, related specifications and documentation and will certify in writing to 7 CONTRACTOR that the original and all copies of such property have been destroyed. 8 G. Upon Termination of this Agreement for any reason specified in this Section, 9 CONTRACTOR will provide a machine-readable copy of the data available to COUNTY within thirty 10 (30) days of termination of this Agreement. 11 H. Notwithstanding any termination of this Agreement for any reason, the terms 12 and conditions set forth in the following Sections of this Agreement will survive and will be binding on 13 the representatives, successors, heirs and assignees of the parties: 14 1) Section 2 Licensed Programs 15 2) Section 9 Indemnification 16 3) Section 12 Limitation of Warranty 17 4) Section 13 Professional Liability Insurance Tail Coverage 18 5) Section 14. Access to and Audit of Records 19 6) Section 16 Confidentiality 20 7) Section 18 Non-Hiring 21 8) Section 20 General Provisions 22 9) Schedule D Confidentiality of Patient Information 23 10) Schedule E Business Associate Agreement 24 11) Schedule F Netsmart Hosting Addendum to License 25 16. CONFIDENTIALITY 26 A. Except where disclosure is required by law, including disclosures pursuant to a 27 request under the California Public Records Act, each Party agrees that all information supplied by 28 one Party and its affiliates and agents (collectively, the "Disclosing Party") to the other ("Receiving - 16 - 1 Party") including, without limitation, (a) source code, prices, trade secrets, mask works, databases, 2 designs and techniques, models, displays and manuals; (b) any unpublished information concerning 3 research activities and plans, marketing or sales plans, sales forecasts or results of marketing efforts, 4 pricing or pricing strategies, costs, operational techniques, or strategic plans, and unpublished 5 financial information, including information concerning revenues, profits, and profit margins; (c) any 6 information relating to customers, patients, business partners, or personnel; (d) Patient Information (as 7 defined in Schedule H), and (e) Protected Health Information (as defined in 45 C.F.R. § 160.103), will 8 be deemed confidential and proprietary to the Disclosing Party, regardless of whether such information 9 was disclosed intentionally or unintentionally or marked as "confidential" or"proprietary" ("Confidential 10 Information"). The foregoing definition shall also include any Confidential Information provided by 11 either Party's contractors, subcontractors, agents, or vendors. To be deemed "Confidential 12 Information", trade secrets and mask works must be plainly and prominently marked with restrictive 13 legends. 14 B. Each Party recognizes the importance of the other Party's Confidential 15 Information. In particular, each Party recognizes and agrees that the Confidential Information of the 16 other is critical to their respective businesses and that neither Party would enter into this Agreement 17 without assurance that such information and the value thereof will be protected as provided in this 18 Section 16 (Confidentiality), Section 17 (Intellectual Property Rights) and elsewhere in this Agreement. 19 Accordingly, each Party agrees as follows: (a) the Receiving Party will hold any and all Confidential 20 Information it obtains in strictest confidence and will use and permit use of Confidential Information 21 solely for the purposes of this Agreement. Without limiting the foregoing, the Receiving Party shall use 22 at least the same degree of care, but no less than reasonable care, to avoid disclosure or use of this 23 Confidential Information as the Receiving Party employs with respect to its own Confidential 24 Information of a like importance; (b) the Receiving Party may disclose or provide access to its 25 responsible employees, agents, and consultants who have a need to know and may make copies of 26 Confidential Information only to the extent reasonably necessary to carry out its obligations hereunder; 27 and (c) the Receiving Party currently has, and in the future will maintain in effect and enforce, rules 28 and policies to protect against access to or use or disclosure of Confidential Information other than in - 17 - 1 accordance with this Agreement, including without limitation written instruction to and agreements with 2 employees, agents, or consultants who are bound by an obligation of confidentiality no less restrictive 3 than set forth in this Agreement to ensure that such employees, agents, and consultants protect the 4 confidentiality of Confidential Information, including Section 16 (Confidentiality), Section 17 (Intellectual 5 Property Rights). The Receiving Party will require its employees, agents, and consultants not to 6 disclose Confidential Information to third-parties, including without limitation customers, 7 subcontractors, or consultants, without the Disclosing Party's prior written consent, will notify the 8 Disclosing Party immediately of any unauthorized disclosure or use, and will cooperate with the 9 Disclosing Party to protect all proprietary rights in and ownership of its Confidential Information. 10 C. During the course of this Agreement, CONTRACTOR and COUNTY agree not 11 to discuss the project with any person who does not have a need to know that information for a 12 constructive purpose that will positively impact completion of the implementation plan. 13 D. CONTRACTOR recognizes and acknowledges the sensitive and confidential 14 nature of information it may obtain with regard to COUNTY and the treatment services that it provides, 15 and agrees that information with respect to COUNTY's treatment services will be governed by 16 Schedule D and Schedule E. 17 17. INTELLECTUAL PROPERTY RIGHTS 18 A. All data provided by COUNTY belongs to COUNTY. All records compiled by 19 CONTRACTOR in completing the work described in this Agreement, including but not limited to written 20 reports, studies, drawings, blueprints, negatives of photographs, graphs, charts, plans, COUNTY 21 specific table and dictionary codes, configuration specifications and all other similar recorded data, 22 shall become and remain the property of COUNTY. Use or distribution of COUNTY data by 23 CONTRACTOR is prohibited unless CONTRACTOR obtains prior written consent from COUNTY. 24 B. For systems hosted or stored on equipment not owned by COUNTY, 25 CONTRACTOR will ensure that COUNTY has full access to its data 24 hours each day, 7 days each 26 week, and 365 days each year. Upon Termination of this Agreement for any reason, CONTRACTOR 27 will provide a machine-readable copy of the data available to COUNTY within thirty (30) days of 28 termination of this Agreement. - 18 - 1 Notwithstanding anything to the contrary contained in this Agreement, it is 2 understood and agreed that CONTRACTOR shall retain all of its rights in its proprietary information 3 including, without limitation, methodologies and methods of analysis, ideas, concepts, expressions, 4 know how, methods, techniques, skills, knowledge and experience possessed by CONTRACTOR prior 5 to this Agreement. 6 18. NON-HIRING 7 During the term of this Agreement and for a period of one (1) year following its 8 termination, neither party will directly or indirectly solicit for employment or as a consultant, an 9 employee or consultant of the other party, or any person who was an employee or consultant of the 10 other party for a period of twelve (12) consecutive months following the end of that person's 11 employment or contractual relationship with that party. 12 19. FORCE MAJEURE 13 Neither party will be responsible for delays or failures in performance resulting from acts 14 or events beyond its reasonable control, including but not limited to, acts of nature, governmental 15 actions, acts of terrorism, fire, labor difficulties or shortages, civil disturbances, transportation 16 problems, interruptions of power supply or communications or natural disasters, provided such party 17 takes reasonable efforts to minimize the effect of such acts or events. 18 20. GENERAL PROVISIONS 19 A. Governing Law. The laws of the State of California govern all matters arising 20 from or related to this Agreement. 21 B. Jurisdiction and Venue. This Agreement is signed and performed in Fresno 22 County, California. CONTRACTOR consents to California jurisdiction for actions arising from or related 23 to this Agreement, and, subject to the Government Claims Act, all such actions must be brought and 24 maintained in Fresno County. 25 C. Entire Agreement. This Agreement and the schedules and exhibits attached 26 hereto contain the entire understanding of the parties with respect to the matter contained herein. 27 There are no promises, covenants or undertakings contained in any other writing or oral 28 communication. In the event of any conflict between or among the documents comprising this - 19 - 1 Agreement, the latest dated document will prevail. 2 D. Amendments. This Agreement may not be amended or modified except in a 3 writing signed by authorized representatives of the parties. 4 E. Waiver. A waiver of a breach or default under this Agreement will not be a 5 waiver of any subsequent breach or default. Failure of either party to enforce compliance with any 6 term or condition of this Agreement will not constitute a waiver of such term or condition. 7 F. Insolvency. In the event that either party will cease conducting business in the 8 normal course, becomes insolvent, makes a general assignment for the benefit of creditors, suffers or 9 permits the appointment of a receiver for its business or assets, or avails itself of, or becomes subject 10 to, any proceeding under a Bankruptcy Act or any other statute of any state relating to insolvency or 11 the protection of rights of creditors, then (at the option of the other party) this Agreement will terminate 12 and be of no further force and effect and any property or rights of such other party, whether tangible or 13 intangible, will forthwith be returned to it. 14 G. Assignment. The license granted hereunder to COUNTY may not be assigned, 15 or sublicensed, or shared, nor may COUNTY use the Licensed Programs to provide the software 16 features as a service (Software as a Service) to a third party, whether for the benefit of COUNTY or 17 others, without the written consent of CONTRACTOR. CONTRACTOR may not assign, sell, or 18 otherwise transfer its interest or obligations in this Agreement without the prior written consent of the 19 COUNTY. The assignment of this Agreement to a majority owned affiliate of CONTRACTOR or 20 CONTRACTOR's parent corporation will not require consent of COUNTY, provided CONTRACTOR 21 provides thirty (30) days prior notice to COUNTY. COUNTY may, however, assign all of its rights 22 under this Agreement to an assignee who acquires all or substantially all of the assets of COUNTY, is 23 not a competitor of CONTRACTOR, and has financial resources at least equal to those of COUNTY. 24 Any permitted assignee will assume in writing, all obligations of the assignor. 25 H. Severability. If any provision of this Agreement is found to be invalid, illegal or 26 unenforceable under any applicable statute or law, it is to that extent deemed to be omitted, and the 27 remaining provisions of this Agreement will not be affected in any way. 28 I. This Agreement may be executed in two or more counterparts, each of which - 20 - 1 will be deemed an original. 2 J. Headings. The headings of the paragraphs and sections of this Agreement are 3 for convenience only and will not control or affect the meaning or construction of any provision of this 4 Agreement. 5 K. Compliance with Laws. The parties agree to comply with all laws and 6 regulations, including all United States and multilateral export laws and regulations, to assure that the 7 Licensed Programs are not exported, directly or indirectly, in violation of law. 8 L. Non-Exclusive Agreement. This Agreement is non-exclusive and both COUNTY 9 and CONTRACTOR expressly reserve the right to contract with other entities for the same or similar 10 services. 11 21. DATA SECURITY 12 The following identifies security policies of CONTRACTOR for its Plexus Cloud Services 13 and Support Services. CONTRACTOR will, upon request and no more than once per year, certify its 14 compliance with this Section. 15 Solely for the purpose of this Section, the definition of "COUNTY Data" is expanded to 16 include any data that COUNTY submits to CONTRACTOR for analysis pursuant to the Support Services 17 it requests. 18 A. Security Management System 19 CONTRACTOR has a risk-based, third-party-audited Information Security 20 Management System ("ISMS") designed to enable Plexus Cloud Services and Support Services to be 21 delivered in a secure manner and is designed to protect Plexus Cloud Services and related 22 CONTRACTOR systems from threats and data loss. CONTRACTOR regularly assesses and makes 23 improvements to the ISMS with reference to changing security threats applicable laws and regulatory 24 requirements. 25 B. RiskAssessment 26 CONTRACTOR conducts, or retains independent third parties to conduct, 27 information security risk assessments at least annually. The risk assessment includes identifying 28 reasonably foreseeable internal and external risks to privacy, confidentiality, security, integrity, or - 21 - 1 availability; assessing the likelihood of, and potential damage that can be caused by, identified risks; 2 assessing the adequacy of personnel training concerning the ISMS; updating the ISMS to limit and 3 mitigate identified risks as appropriate and to address material changes in relevant technology, business 4 practices, and personal information practices and regulations; and assessing whether the ISMS is 5 operating in a manner reasonably calculated to prevent and mitigate unauthorized access to or 6 disclosures of maintained COUNTY Data ("Incidents"). 7 C. Standards 8 CONTRACTOR governs and aligns its ISMS to NIST CyberSecurity framework. 9 For Plexus Cloud Services, CONTRACTOR annually completes third party audits for compliance with 10 SSAE18 SOC 2 Type 2, and the U.S. Health Insurance Portability and Accountability Act ("HIPAX), 11 including as amended by the Health Information Technology for Economic and Clinical Health Act 12 ("HITECH") and undergoes a minimum of annual penetration tests and regular vulnerability analysis. The 13 most recent attestation reports and/or audit summary letters, including an SSAE18 report, are available 14 upon COUNTY request under NDA. CONTRACTOR's baseline security controls currently align with 15 NIST 800.53 Moderate Revision 4 and is in the process of migrating to Revision 5. CONTRACTOR 16 maintains corresponding policies and procedures that includes adhering to 15 critical security control 17 domains: 18 CONTRACTOR maintains corresponding policies and procedures that includes 19 adhering to 15 critical security control domains: 20 Access Control • Logging and Monitoring 21 Awareness and Training 22 Configuration Management • Contingency Planning 23 Physical and Environmental Protection • Incident Response 24 Physical and Environmental Protection 25 Planning • Risk Assessment 26 Information Security Policy • Third Party Risk Management 27 Vulnerability Management 28 Network Protection - 22 - 1 0 Endpoint Protection 2 3 D. Data Processing and Storage 4 CONTRACTOR provides redundant, dedicated virtualization throughout the Plexus 5 Cloud environment, including IIS web and application servers, and database servers. The database 6 environment utilizes high availability ("HA") server components, to fail over between servers, in the event 7 of a failure. Replicated copies of the web and application server environments are maintained offline, at 8 CONTRACTOR's secondary availability zone that is geographically dispersed by a meaningful distance 9 and updated on a weekly basis or after any changes are made. The database server environments are 10 replicated to the availability zone. In the event of a catastrophic event within the primary data center, 11 CONTRACTOR will failover to the secondary availability zone and continue operations. 12 Nightly backups of the environment occur to local storage and to encrypted backup. 13 Under the terms of this Agreement the hosted environment infrastructure 14 components, including network load balancers, web servers, application servers, and database servers 15 are provided as redundant configurations. 16 COUNTY's Data will be stored on a fully redundant storage and multiple data paths. 17 Backups will be performed on a nightly basis, and data replications will occur throughout the day. Nightly 18 backup will be encrypted and stored at a secondary CONTRACTOR availability zone. 19 E. Support Services Data Security 20 Support Services may require CONTRACTOR to receive COUNTY Data such as 21 a detailed description of COUNTY's environment, a copy of COUNTY's repository, or a sample of the 22 COUNTY's Data. COUNTY will transmit such COUNTY Data via secure FTP site or physical media, and 23 CONTRACTOR will store such COUNTY Data solely at CONTRACTOR Support Services facilities. 24 COUNTY must notify CONTRACTOR immediately in the event it mistakenly uploads protected health 25 information to ensure deletion from the system. 26 F. Security—Overview 27 CONTRACTOR uses commercially reasonable methods designed to safeguard 28 maintained COUNTY Data from unauthorized access, use, and loss including physical, technical, and - 23 - 1 administrative safeguards. These methods incorporate physical and data security safeguards, including 2 data encryption, firewall and monitoring software, perimeter and internal systems security, and backup. 3 COUNTY Data maintained from different counties are segregated logically and/or physically. 4 CONTRACTOR may use additional measures to enhance security beyond those listed below. 5 G. Security—Physical Security 6 Physical access to CONTRACTOR locations holding CONTRACTOR systems 7 have limited access points, which are governed by card or biometric access devices and monitored by 8 surveillance cameras. Access to servers, network ports, wireless access points, routers, firewalls, or any 9 physical computing equipment involved with data hosting is physically restricted. In addition, the facilities 10 utilize 24-hour physical security which includes fingerprint scanning, video surveillance, and photo 11 identification and verification systems. 12 H. Security—Access 13 CONTRACTOR's ISMS limits its access to CONTRACTOR systems to authorized 14 CONTRACTOR personnel. In order to gain access to the facilities, a background check may be 15 performed for the individual. Once the check has been completed, the individual can be admitted while 16 accompanied by a CONTRACTOR data center associate. An audit log of all individuals who enter the 17 facility is maintained. Access to maintained COUNTY data is authorized in accordance with individual 18 role-based segregation of duties. Access authorizations for CONTRACTOR's personnel are reviewed at 19 least semi-annually and rescinded promptly upon change of roles or separation of employment from 20 CONTRACTOR. CONTRACTOR maintains logs of access by CONTRACTOR personnel. 21 I. Security—Authentication 22 All Plexus Cloud Services are accessible to COUNTY through interfaces requiring 23 authentication. Plexus Cloud Services include optional support for two factor authentication for user 24 access. 25 J. Security—Encryption 26 CONTRACTOR uses industry standard products in its ISMS to protect patient 27 data for secure data transmission including HTTPS 128/256-bit Secure Socket Layer (SSL) certificates 28 signed by VeriSign. For site to site encryption CONTRACTOR uses 168-bit Triple DES and AES 256-bit - 24 - 1 encryption IPSec VPN connections. Generally, CONTRACTOR uses the maximum encryption possible 2 for a given client. 3 For data at rest, CONTRACTOR utilizes enterprise encryption logic with AES 256 4 Bit encryption that is FIPS 140-2 compliant. 5 CONTRACTOR implements an encryption key management process. 6 Encryption/decryption keys are managed independently of the native operating system access control 7 system; stored with reasonable protections; protected during transmission or distribution, changed at or 8 before they reach the end of their cryptoperiod; and retired if CONTRACTOR becomes aware that their 9 integrity has been compromised. With the exception of one-time use password communication, all user 10 passwords are encrypted with cryptography in transit and at rest on CONTRACTOR systems. Valid user 11 identifier and password combinations are encrypted via TLS while in transit. 12 K. Security—Harmful Code and Patches 13 CONTRACTOR's systems implement and maintain software designed to detect 14 and prevent malicious code that may perform unauthorized functions or permit unauthorized access to 15 any CONTRACTOR system, including computer viruses, Trojan horses, worms, and time bombs. All 16 critical and high vendor security patches are applied within thirty (30) days of release date. All medium 17 vendor security patches are applied within six (6) months of release date. 18 L. Security—Architecture 19 CONTRACTOR systems accessible to the Internet are protected with server 20 hardening, patch management, and incident management. CONTRACTOR systems accessible to the 21 Internet are protected with application firewalls in a DMZ architecture. Firewall and router rules are 22 default-deny and reviewed for unnecessary services and IP address exposures at least once per year. 23 M. Security—Product Development 24 CONTRACTOR implements Security as a Design Principle. The lifecycle of cloud 25 product development, from secure application development training, application and code reviews, 26 source code scans, vulnerability scans, penetration tests, responsible disclosure program, and other 27 controls are implemented continuously to reduce the probability and/or impact of application 28 vulnerabilities. All critical and high application security patches are applied within seven (7) days of - 25 - 1 release date. All medium rated security patches are applied within six (6) months days of release date. 2 N. User Access Logs 3 CONTRACTOR maintains access logs to the Plexus Cloud Services including 4 date, time, and User identifier. CONTRACTOR can provide COUNTY the access logs, upon written 5 request and to the extent required to comply with governing law or to the extent reasonably necessary to 6 assist in forensic analysis if there is a suspicion of inappropriate access. Access logs are maintained in a 7 secure area for a minimum of ninety (90) days in accordance with Disposition of Data below. Passwords 8 are not logged under any circumstances. 9 0. COUNTY Security Controls 10 Plexus Cloud Services include configurable security controls including unique 11 user identifiers to help ensure that activities can be attributed to the responsible individual. Controls to 12 revoke access and/or lock out a user after multiple failed login attempts, password length controls, 13 termination of a session after a period of inactivity, and geographical and/or chronological restrictions on 14 access. 15 P. Employees and Contractors 16 CONTRACTOR personnel that operate, or support Plexus Cloud Services receive 17 annual education on security, confidentiality, and privacy of maintained COUNTY Data, CONTRACTOR 18 policies and associated data security practices, and the risks to CONTRACTOR and COUNTY 19 associated with Incidents. 20 Q. Incident Management 21 Plexus Cloud Services personnel receive regular training on standard operational 22 procedures and tactics to minimize the impact of production cloud incidents. Such incidents are 23 classified according to severity of impact, with high-severity incidents triggering root cause analysis and 24 reviews to identify areas for long-term improvement. 25 R. Change Management 26 CONTRACTOR routinely enhances and maintains the Plexus Cloud Services and 27 Support Services, including but not limited to changes in response to relevant technology and systems, 28 unauthorized access to maintained Client Data, and the discovery of material privacy or security - 26 - 1 vulnerabilities. Security controls, procedures, policies and features may change or be added but will 2 deliver a level of security protection that is not materially less than that provided as of the Effective Date. 3 CONTRACTOR maintains a change management process with separation of 4 duties and appropriate approvals required for modification to CONTRACTOR systems, including patch 5 management for the Plexus Cloud Services. CONTRACTOR uses risk- based criteria with remediation 6 objectives for critical and high vulnerabilities. 7 S. Business Continuity and Disaster Recovery 8 Any facility housing CONTRACTOR systems is designed to withstand adverse 9 weather and other commercially reasonably predicable natural conditions and is also supported by on- 10 site back-up generators in the event of a power failure. All networking components and web and 11 application servers are configured in a redundant configuration. 12 CONTRACTOR maintains a business continuity and disaster recovery program. 13 Policies and procedures are in place to provide Plexus Cloud Services and Client Support Services with 14 minimal interruptions, including disaster recovery planning and testing capabilities, recovery site 15 management and standard backup and recovery procedures. CONTRACTOR's business continuity 16 management system is aligned with NIST 800-34 to prepare for, respond to, and recover from disruptive 17 events. 18 T. CyberSecurity 19 CONTRACTOR or an authorized third party performs periodic testing, including 20 penetration testing, against Plexus Cloud Services available to the Internet. CONTRACTOR's security 21 operations center, staffed by the office of CONTRACTOR's Chief Information Security Officer, is 22 responsible for scanning and monitoring system activity and has pre-defined procedures for addressing 23 or escalating vulnerabilities and events as needed. A security incident response team ("SIRT"), also 24 staffed by the office of the Chief Information Security Officer, is responsible for investigating and 25 responding to information-security related events escalated to their attention and determining if a 26 Security Incident has taken place. CONTRACTOR systems, including firewalls, routers, network 27 switches and operating systems log information to enable the SIRT to detect, investigate, and resolve 28 potential Incidents. Pre-defined procedures are also available to guide those efforts, including when to - 27 - 1 involve other internal groups in a response process and associated notification activities. 2 U. Transition of Services 3 Upon termination of this Agreement, CONTRACTOR shall provide to COUNTY 4 within thirty (30) days, at no additional cost, a backup copy of the COUNTY's production database in an 5 SQL backup file (.bak)format. The backup file will be delivered via Secure FTP or on an encrypted disc 6 as requested by the COUNTY. In addition, CONTRACTOR shall reasonably cooperate to support an 7 orderly transition of maintained COUNTY data to the services of another provider or to COUNTY's 8 internal operations, which may include consulting and/or conversion services related to COUNTY Data 9 at CONTRACTOR's then-current professional services rate. 10 V. Disposition of Data 11 CONTRACTOR's policy is to delete COUNTY data within sixty (60) days of 12 termination or expiration of COUNTY's subscription to the Cloud Service and to delete COUNTY data 13 within sixty (60) days of termination or expiration of COUNTY's subscription to the Cloud Service, except 14 to the extent such COUNTY data are included in backup and disaster recovery logs the integrity of which 15 requires that they remain unmodified. 16 Destruction of data as referenced herein includes, at minimum, secure erasure of 17 media and secure disposal of records so that the information cannot be read or reconstructed solely 18 except to the extent such COUNTY data is included on infrastructure hardware that cannot be destroyed 19 in its entirety until the system is officially declared end of life and Iifecycled where it will be erased and 20 destroyed resulting in a certificate of destruction 21 22. NOTICES 22 A. Contact Information. The persons and their addresses having authority to give 23 and receive notices provided for or permitted under this Agreement include the following: 24 For the County: 25 Director, Department of Behavioral Health County of Fresno 26 1925 E. Dakota Avenue 27 Fresno, CA 93726 28 - 28 - 1 For the Contractor: 2 Corporate Counsel Netsmart Technologies, Inc. 3 4950 College Blvd 4 Overland Park, Kansas 66212 Contract_Notices@ntst.com 5 Tel. No.(800) 421-7503 6 B. Change of Contact Information. Either party may change the information in 7 section 22. A. by giving notice as provided in section 22.C. 8 C. Method of Delivery. Each notice between the COUNTY and the CONTRACTOR g provided for or permitted under this Agreement must be in writing, state that it is a notice provided 10 under this Agreement, and be delivered either by personal service, by first-class United States mail, by 11 an overnight commercial courier service, or by Portable Document Format (PDF) document attached 12 to an email. 13 1) A notice delivered by personal service is effective upon service to the 14 recipient. 15 2) A notice delivered by first-class United States mail is effective three 16 COUNTY business days after deposit in the United States mail, postage prepaid, addressed to the 17 recipient. 18 3) A notice delivered by an overnight commercial courier service is effective 19 one COUNTY business day after deposit with the overnight commercial courier service, delivery fees 20 prepaid, with delivery instructions given for next day delivery, addressed to the recipient. 21 4) A notice delivered by PDF document attached to an email is effective 22 when transmission to the recipient is completed (but, if such transmission is completed outside of 23 COUNTY business hours, then such delivery is deemed to be effective at the next beginning of a 24 COUNTY business day), provided that the sender maintains a machine record of the completed 25 transmission. 26 D. Claims Presentation. For all claims arising from or related to this Agreement, 27 nothing in this Agreement establishes, waives, or modifies any claims presentation requirements or 28 procedures provided by law, including the Government Claims Act (Division 3.6 of Title 1 of the - 29 - 1 Government Code, beginning with section 810). 2 23. DISCLOSURE OF OWNERSHIP AND/OR CONTROL INTEREST INFORMATION 3 This provision is only applicable if CONTRACTOR is a disclosing entity, fiscal agent, or 4 managed care entity as defined in Code of Federal Regulations (C.F.R), Title 42 § 455.101 455.104, 5 and 455.106(a)(1),(2). 6 In accordance with C.F.R., Title 42 §§ 455.101, 455.104, 455.105 and 7 455.106(a)(1),(2), the following information must be disclosed by CONTRACTOR by completing 8 Exhibit A, "Disclosure of Ownership and Control Interest Statement", attached hereto and by this 9 reference incorporated herein and made part of this Agreement. CONTRACTOR shall submit this 10 form to the Department of Behavioral Health within thirty (30) days of the effective date of this 11 Agreement. Additionally, CONTRACTOR shall report any changes to this information within thirty five 12 (35) days of occurrence by completing Exhibit A, "Disclosure of Ownership and Control Interest 13 Statement." Submissions shall be scanned pdf copies and are to be sent via email to 14 DBHContractedServicesDivision(a�,co.fresno.ca.us attention: Contracts. 15 24. DISCLOSURE — CRIMINAL HISTORY AND CIVIL ACTIONS 16 CONTRACTOR is required to disclose if any of the following conditions apply to them, 17 their owners, officers, corporate managers and partners (hereinafter collectively referred to as 18 "CONTRACTOR"): 19 A. Within the three-year period preceding this Agreement, they have been 20 convicted of, or had a civil judgment rendered against them for: 21 1) Fraud or a criminal offense in connection with obtaining, attempting to 22 obtain, or performing a public (Federal, State, or local) transaction or 23 contract under a public transaction; 24 2) Violation of a Federal or State antitrust statute; 25 3) Embezzlement, theft, forgery, bribery, falsification, or destruction of 26 records; or 27 4) False statements or receipt of stolen property. 28 - 30 - 1 B. Within a three-year period preceding this Agreement, they have had a public 2 transaction (Federal, State, or local) terminated for cause or default. 3 Disclosure of the above information will not automatically eliminate 4 CONTRACTOR from further business consideration. The information will be considered as part of 5 the determination of whether to continue and/or renew this Agreement and any additional 6 information or explanation that a CONTRACTOR elects to submit with the disclosed information will 7 be considered. If it is later determined that the CONTRACTOR failed to disclose required 8 information, any contract awarded to such CONTRACTOR may be immediately voided and 9 terminated for material failure to comply with the terms and conditions of the award. 10 CONTRACTOR must sign a "Certification Regarding Debarment, Suspension, 11 and Other Responsibility Matters- Primary Covered Transactions" in the form set forth in Exhibit B, 12 attached hereto and by this reference incorporated herein and made part of this Agreement. 13 Additionally, CONTRACTOR must immediately advise the COUNTY in writing if, during the term of this 14 Agreement: (1) CONTRACTOR becomes suspended, debarred, excluded or ineligible for participation 15 in Federal or State funded programs or from receiving Federal funds as listed in the excluded parties' 16 list system (http://www.epls.gov); or (2) any of the above listed conditions become applicable to 17 CONTRACTOR. CONTRACTOR shall indemnify, defend and hold the COUNTY harmless for any 18 loss or damage resulting from a conviction, debarment, exclusion, ineligibility or other matter listed in 19 the signed Certification Regarding Debarment, Suspension, and Other Responsibility Matters. 20 25. DISCLOSURE OF SELF-DEALING TRANSACTIONS 21 This provision is only applicable if the CONTRACTOR is operating as a corporation (a 22 for-profit or non-profit corporation) or if during the term of this Agreement, the CONTRACTOR changes 23 its status to operate as a corporation. 24 Members of the CONTRACTOR's Board of Directors shall disclose any self-dealing 25 transactions that they are a party to while CONTRACTOR is providing goods or performing services 26 under this Agreement. A self-dealing transaction shall mean a transaction to which the CONTRACTOR 27 is a party and in which one or more of its directors has a material financial interest. Members of the 28 Board of Directors shall disclose any self-dealing transactions that they are a party to by completing - 31 - 1 and signing a Self-Dealing Transaction Disclosure Form, attached hereto as Exhibit C and 2 incorporated herein by reference and made part of this Agreement, and submitting it to the COUNTY 3 prior to commencing with the self-dealing transaction or immediately thereafter. 4 26. ENTIRE AGREEMENT 5 This Agreement, including all Schedules and Exhibits, constitutes the entire agreement 6 between CONTRACTOR and COUNTY with respect to the subject matter hereof and supersedes all 7 previous agreement negotiations, proposals, commitments, writings, advertisements, publications, and 8 understandings of any nature whatsoever unless expressly included in this Agreement. 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 - 32 - 1 IN WITNESS WHEREOF, the parties hereto have executed this Agreement as of the 2 day and year first hereinabove written. 3 ATTEST 4 CONTRACTOR COUNTY OF FRESNO 5 NETSMART TECHNOLOGIES, INC. 7 By By Brian Pacheco, 8 Chairman of the Board of Supervisors of the 9 Print Name: Joseph McGovern County of Fresno 10 Title: Executive Vice President 11 Chairman of Board, or President or any Vice President 12 Bernice E. Seidel Clerk of the Board of Supervisors 13 ?� ' /" - ��'j County of Fresno, State of California y 14 r ; 15 By Print Name: Kevin Kaufman 16 17 Title: CFO Secretary of Corporation, or 18 Any Assistant Secretary, or Chief Financial Officer, or 19 Any Assistant Treasurer 20 Mailing Address: 21 4(9Wcf WL5gft>5WufeiMrdxt4100 Nall Avenue PLEASE SEE ADDITIONAL 22 Overland Park, KS 66211 SIGNATURE PAGE ATTACHED Phone No. (310) 945-3350 23 Contact: Chief Executive Officer 24 25 FOR ACCOUNTING USE ONLY: 26 Fund/Subclass: 0001/10000 Organization: 5630 27 Account/Program: 7295/0 28 - 33- Schedule A-Charges and Payment Terms for Committed Funds 7/1/22 Thru 7/1/23 Thru 7/1/24 Thru 7/1/25 Thru 7/1/26 Thru Total 6/30/23 6/30/24 6/30/25 6/30/26 6/30/27 Amount Payment Terms Avatar Named Users Avatar Named User Maintenance Includes the following Applications: Period Billable upon the first day of the first *CaIPM Maintenance Fees $388,554 $404,097 $13,470 $14,009 $14,569 $834,699 Fiscal Year, then Quartely Billing for *Avatar CWS Subsequent Fiscal Years *Avatar E Signature QTY 1,560 1,560 50 50 50 Plexus Cloud Hosting Plexus Cloud HostingPeriod Billable upon the first day of the first Avatar Fees $731,578 $760,841 $25,361 $26,376 $27,431 $1,571,586 Fiscal Year, then Quartely Billing for Disaster Recovery Named User QTY 1,560 11560 50 50 50 Subsequent Fiscal Years Plexus Cloud Hosting- Perceptive tive - Period Billable upon the first day of the first $91,080 $94,723 $3,157 $3,284 $3,415 Disaster Recovery- Named User Fees $195,660 Fiscal Year, then Quartely Billing for QTY 1,560 11560 50 50 50 Subsequent Fiscal Years Plexus Cloud Hosting- -Avatar Period $15,600 $16,224 $16,873 $17,548 $18,250 Billable upon the first day of the first Scriptlink Fees $84,495 Fiscal Year, then Quartely Billing for QTY 1,560 11560 50 50 50 Subsequent Fiscal Years Escrow Period Billable upon the first day of the first Escrow Fees $3,707 $3,855 $4,009 $4,169 $4,336 $20,076 Fiscal Year, then Quartely Billing for QTY N/A N/A N/A N/A N/A Subsequent Fiscal Years ICD 10/DSM V Subscription Period Billable upon the first day of the first ICD 10/Diagnosis Content on Demar $15,282 $15,893 $0 $0 $0 Fees $31,175 Fiscal Year, then Quartely Billing for QTY 1,560 1,560 N/A N/A N/A Subsequent Fiscal Years OrderConnect Subscriptions Period Billable upon the first day of the first OrderConnect Base Fee Fees $1,560 $1,622 $0 $0 $0 $3,182 Fiscal Year, then Quartely Billing for QTY N/A N/A N/A N/A N/A Subsequent Fiscal Years OrderConnect Inventory $3,120 $3,245 $0 $0 $0 Period Billable upon the first day of the first Management Fees $6,365 Fiscal Year, then Quartely Billing for QTY N/A N/A N/A N/A N/A Subsequent Fiscal Years Page 1 of 3 Schedule A—Charges and Payment Terms for Committed Funds OrderConnect Non-Prescribing $12,168 $12,655 $0 $0 $0 Period Billable upon the first day of the first User Subscription Fees $24,823 Fiscal Year, then Quartely Billing for QTY 75 75 0 0 0 Subsequent Fiscal Years OrderConnect-Full Suite- Period $116,813 $121,485 $0 $0 $0 Billable upon the first day of the first Prescriber Subscription Fees $238,298 Fiscal Year, then Quartely Billing for QTY 90 90 0 0 0 Subsequent Fiscal Years ePrescribing Controlled Substances Tokens Period $23,976 $24,935 $0 $0 $0 Billable upon the first day of the first OrderConnect- EPCS Subscription Fees $48,911 Fiscal Year, then Quartely Billing for QTY 120 120 0 0 0 Subsequent Fiscal Years myHealthPointe Client Portal A m HealthPointe Portal - Period Billable upon the first day of the first y $72,soo $75,712 $o $o $o Level V Subscription Fees $148,512 Fiscal Year, then Quartely Billing for QTY 1,500 1,500 0 0 0 Subsequent Fiscal Years Perceptive Period $1,976 $2,055 $0 $0 $0 Billable upon the first day of the first Avatar POS Scanning Maintenance Fees $4,031 Fiscal Year, then Quartely Billing for QTY N/A N/A N/A N/A N/A Subsequent Fiscal Years Document Capture Upgrade- Perceptive Period $2,080 $2,163 0 0 0 Billable upon the first day of the first Maintenance for Batch Scanning Fees $4,243 Fiscal Year, then Quartely Billing for QTY N/A N/A N/A N/A N/A Subsequent Fiscal Years CareConnect Interoperability Solutions A CareConnect Monthly Period Billable upon the first day of the first Subscription(Lab Order/Results, Fees $58,344 $60,678 $0 $0 $0 $119,022 Fiscal Year, then Quartely Billing for Referral Connector,Base) QTY 1,500 1,500 N/A N/A N/A Subsequent Fiscal Years Reaching Recovery A(Remove years 3-5) Period Billable upon the first day of each Fiscal $78,000 $s1,12o $o $o $o Reaching Recovery Subscription Fees $159,120 Year Contingent upon County,s Level of QTY N/A N/A N/A N/A N/A Need Each Fiscal Year SAIS A Period SAIS Annual Fee Fees $66,252 $0 $0 $0 $0 $66,252 Billable upon the first day of Fiscal Year QTY N/A N/A N/A N/A N/A Avatar Web Services A Page 2 of 3 Schedule A—Charges and Payment Terms for Committed Funds Period Billable upon the first day of the first Avatar Web Services Maintenance Fees $4,368 $4,543 $0 $0 $0 $8,911 Fiscal Year, then Quartely Billing for QTY N/A N/A N/A N/A N/A Subsequent Fiscal Years CareConnect Inbox a CareConnect Inbox Named User Period $52,000 $54,080 $0 $0 $0 Billable upon the first day of the first Direct Message Mailbox Fees $106,080 Fiscal Year, then Quartely Billing for QTY 1,000 1,000 0 0 0 Subsequent Fiscal Years CPT Codes Period Billable upon the first day of the first CPT Codes Fees $32,760 $34,070 $0 $0 $0 $66,830 Fiscal Year, then Quartely Billing for QTY 1,560 1,560 0 0 0 Subsequent Fiscal Years Reserved Services Reserved Services: Professional Services, Consulting or Additional Licensing& Optional Services $150,000 $150,000 $150,000 $150,000 $150,000 $750,000 Billed as Incurred or according to Term needed during the course of outlined in SOW/Quote Agreement on an "as-needed" and "as-approved" basis Total $1,922,018 1 $1,923,996 1 $212,871 1 $215,386 1 $218,001 1 $4,492,272 A After the Initial Term,the Subscription Products and Services will continue to be available to Licensee for additional terms of twelve (12) months, commencing on each subsequent Anniversary Date, unless either party gives the other written notice not less than (90) days prior to an Anniversary Date that it is terminating its use of the Subscription Products and Services. Page 3 of 3 Schedule B Hardware Configuration Technical Requirements may change over the course of the Agreement and as such,Contractor shall notify County of any change in which County is expected to reasonably adopt to meet then-current technical requirements. User's Computer Minimum Processor 1 gigahertz(GHz)or faster 32-bit x86 Operating System Windows 7, 8 8.1 RAM 1 GB or greater Hard Disk Space 1 GB or greater Monitor VGA or higher(1024 x 768 pixels) Mouse Microsoft Mouse, or compatible pointing device Browser IE 9(Windows 7),IE 10(Windows 7, 8),IE 11 (Windows 7, 8.1)(IE 32 bit only in compatibility mode) Chrome 16-27 ,Firefox 10-22 Java Requirement JRE 1.6.0_22-49(32-bit only) JRE 1.7.0 45 (32-bit only) JRE 1.7.0_51-55 & 1.8.0-u5 (32-bit only,RADplus 2011+MW Build 2014.01.00.1276 User's Computer(Recommended) Processor 2 gigahertz(GHz)or faster 32-bit x86 or 64-bit Operating System Windows 7, 8 8.1 RAM 2 GB or greater Hard Disk Space 2 GB or greater Monitor VGA or higher(1024 x 768 pixels) Mouse Microsoft Mouse, or compatible pointing device Browser IE 9(Windows 7),IE 10(Windows 7, 8),IE 11 (Windows 7, 8.1)(IE 32 bit only in compatibility mode) Chrome 16-27 ,Firefox 10-22 Java Requirement JRE 1.6.0_22-49(32-bit only) JRE 1.7.0 45 (32-bit only) JRE 1.7.0 51-55 1.8.0-u5 (32-bit only,RADplus 2011+MW Build 2014.01.00.1276) Schedule C Support Services The Support Services described in this Schedule will be performed by Contractor subject to the terms and conditions of this License and Service Agreement. a) Contractor will maintain the then current version of the Licensed Programs in substantial conformance with its Specifications as amended from time to time by Contractor, and with applicable Federal regulatory requirements and laws. Contractor will use commercially reasonable efforts to either: (i) Correct any reproducible Problems or Defects in the then current or immediately prior release of Licensed Programs by Contractor which prevent it from operating in substantial conformance with the Specifications and applicable Federal regulatory requirements; or (ii) Provide a commercially reasonable alternative that will substantially conform with the Specifications and applicable Federal regulatory requirements and laws. b) County will make requests for Support Services by giving Contractor written notice specifying a problem or Defect in the Licensed Programs. In making a verbal request for Support Services, County will provide Contractor within twenty four(24) hours after such verbal notice with such written information and docu- mentation as may be reasonably prescribed by Contractor. c) County will provide and maintain, at its expense, hardware and/or software to allow Contractor to access County's system remotely. County will provide Contractor with appropriate access credentials. d) On a timely basis Contractor will also provide County with: (i) such updates as are distributed without charge to other similar counties which reflect modifications and incremental improvements made to the Licensed Programs by Contractor; (ii) an opportunity to obtain enhancements to the Licensed Programs for which charges are imposed on the same terms as such enhancements are generally made available to other counties. e) Contractor will make technical support personnel available from 9:00 a.m.to 6:00 p.m.,Contractor local time Monday through Friday,exclusive of Contractor holidays. f) If reasonable analysis by Contractor indicates that a reported Problem or Defect is caused by a problem related to Hardware used by County, the hardware's system software, or applicable software other than Licensed Programs, or County's misuse or modification of the Licensed Programs,Contractor's responsibility will be limited to the correction of the portion,if any,of the problem caused by a Problem or Defect in the Licensed Programs. County will,at Contractor's option,pay Contractor for the cost of analyzing the reported problem at Contractor's then prevailing time-and-materials rate. g) The initial term for provision of Support Services for Licensed Programs will begin on July 1,2022 and end on June 30,2023. h) Contractor agrees that it will not revise the Charges for Support Services during the initial term. In accordance with Section 6 of the Agreement, Contractor will give County not less than ninety (90) days written notice prior to the expiration of the initial term of the Agreement to commence negotiations on Support Service Charges as part of the parties' negotiations on any option to extend the Agreement. Charges will not be increased for any extension term by more than the most recent increase in the US Bureau of Labor Statistics Consumer Price Index for All Urban Consumers(CPI-U)-Medical Care or 4%,whichever is higher. i) Absent a bona fide dispute, if County fails to pay for Support Services when due, Contractor may refuse to provide Support Services until County makes payment of all Charges due. If County has missed any mandatory upgrades Contractor will also charge,and County will pay,for software and services necessary to bring the Licensed Programs up to Contractor's then-current level before Contractor will certify that County is again eligible for maintenance hereunder. j) Guardiant is included at no charge provided County is current on maintenance. Guardiant is a diagnostic tool that monitors the health of County's licensed Contractor solutions and provides the ability to review technical configuration and metric data not limited to; configuration changes, support case activities, system usage, application events,licensing,user activity,and installed updates in a dashboard view. k) If analysis by Contractor indicates that a reported problem is caused by a reproducible Problem or Defect, Contractor will use commercially reasonable efforts to provide Support Services in accordance with the following prioritization of reported problems: Priority Definition 1-Critical Priority 1: will be assigned when the Contractor Program or a material Contractor Program Function component is non-operational as a result of a defect[in Production environment only]such as the Production system cannot be accessed or utilized in any capacity,a direct patient safety issue is present,or a HIPAA compliance violation as a result of a server incident or Contractor application defect. Best efforts will be made to correct Priority 1 problems, or to provide a plan for such correction,within two(2)business days. County's Commitment: • This case Priority must be called in directly to the Contractor Support department. • County provides specific,detailed information required for troubleshooting/investigation. • County provides appropriate staff and resources to sustain continuous communication and work effort as required. • Without appropriate County resources,the case will be downgraded to Priority 2 after three(3)business days. 2—High Priority 2:will be assigned to Production defects that result in functions that have a significant negative impact on daily operations but do not constitute as a"System Down". A workaround may be available and/or the capacity to maintain daily business functionality. Commercially reasonable efforts will be made to correct Priority 2 problems, or to provide a plan for such correction,within five(5)business days. County's Commitment: • County provides specific,detailed information required for troubleshooting/investigation. • County provides appropriate staff and resources to sustain continuous communication and work effort as required. • Without appropriate County resources,the case will be downgraded to Priority 3 after six(6)business days. 3-Medium Priority 3:will be assigned for system defects that result in functions that have no major impact on daily operations. An issue that allows the continuation of function,including issues in which a reasonable workaround is available. Commercially reasonable efforts will be made to correct Priority 3 problems,or to provide a plan for such correction,within ten(10)business day. County's Commitment: • County provides specific,detailed information required for troubleshooting/investigation. • County provides appropriate staff and resources to sustain continuous communication and work effort as required. • Without appropriate County resources,the case will be downgraded to Priority 4 after eleven(11)business days. 4—Low Priority 4: will be assigned to cosmetic defects that do not affect system usability or non-defect related requests including,but not limited to,system set up/configuration,training,functionality questions,documentation,portal access,and upgrade requests.Commercially reasonable efforts will be made to address Priority 4 issues,or to provide a plan for such correction,within fifteen(15)business day. County's Commitment: • County provides specific,detailed information required for troubleshooting/investigation. • County provides appropriate staff and resources to sustain continuous communication and work effort as required. • Without appropriate County resources,the case will be closed following our Case Closure Notification policy. Schedule D: Confidentiality of Patient Information Confidentiality of Patient Information and Records. All patient information and records are confidential. CONTRACTOR shall maintain the confidentiality of all patient records, including billings and computerized records, in accordance with all applicable state and federal law relating to confidentiality of patient records and patient information, including but not limited to: HIPAA, HITECH, and the HIPAA Regulations; 42 U.S.C. § 290dd-2 and the Part 2 Regulations; the Lanterman-Petris-Short Act ("LPS"), California Welfare and Institutions Code § 5328, et seq.; California substance abuse laws at California Health& Safety Code §§ 11812 and 11845.5; federal and state Medicaid and Medi-Cal laws at 45 C.F.R. § 205.50, 42 C.F.R. §§ 431.300 et seq. and California Welfare and Institutions Code § 10850, et seq., the Confidentiality of Medical Information Act ("CMIA") at California Civil Code sections 56.00 et seq., California laws governing HIV/AIDS records at California Health& Safety Code § 120975,and California Civil Code Section 1798.29. "Patient Information" includes any individually identifying information related to a patient/recipient of services including,but not limited to: name,identifying numbers, symbol,fingerprint,photograph or voice print. In addition, "Patient Information" includes all information CONTRACTOR has obtained about a patient/recipient of services,including the mere fact that patient is receiving alcohol or drug treatment from the County or has been referred to an alcohol or drug treatment program by the County, whether or not a documentary record of such information exists. Ownership of Information. All Patient Information created, maintained, received, or transmitted by the CONTRACTOR for or on or behalf of the County in connection with the Services under this Agreement shall be and remain the property of the County and the County shall retain exclusive rights and ownership thereto. Such information shall be referred to henceforth as"County Information". Use and Disclosure of Patient Information. CONTRACTOR shall use County Information or Patient Information obtained from contact with patients/recipients of Services and complainants (including anonymized data) only for the purpose(s) for which use or disclosure was authorized and shall implement appropriate safeguards to maintain the confidentiality of such information and to prevent further use or disclosure. CONTRACTOR acknowledges that County Information regarding a patient whose records are subject to the Part 2 Regulations may not be re-disclosed to another entity without specific authorization from the patient or his/her legally authorized representative for such re-disclosure. In addition, CONTRACTOR shall obtain the County's prior written consent to any disclosure of County Information, except as required by law. The County, through the Behavioral Health Director, shall have access to any Patient Information created, received, transmitted, or maintained by CONTRACTOR in connection with its performance under this Agreement. CONTRACTOR shall use County Information or Patient Information gained from access to records and from contact with patients/recipients of service and complainants(including anonymized data)only for the purpose(s) for which use or disclosure was authorized and shall implement appropriate safeguards to maintain the confidentiality of such information and to prevent further use or disclosure. CONTRACTOR shall not disclose Patient Information, including the identities of patients/recipients of service, without proper authorization to such disclosure or as required by law. CONTRACTOR further acknowledges that County Information regarding a patient whose records are subject to the Part 2 Regulations may not be re- disclosed to another entity without specific authorization from the patient or his/her legally authorized representative for such re-disclosure. In addition, CONTRACTOR shall obtain COUNTY's authorization to such disclosure prior to any release of Patient Information.The COUNTY,through the Behavioral Health Director, shall have access to such confidential information. CONTRACTOR shall return or securely destroy County Information as directed by the County. Transfer to the County or a third party designated by the County shall occur within a reasonable period of time, and without significant interruption in service. In the event that County requires destruction of County Information, CONTRACTOR agrees to securely destroy all data in its possession and in the possession of any subcontractors or agents to which the CONTRACTOR may have transferred County Information. CONTRACTOR agrees to provide certification of data destruction to County. CONTRACTOR shall notify County of any security breach or suspected security breach of any County Information or covered under applicable federal regulations set forth in 12 C.F.R. Part 30, or under California Civil Code 1798.29, or any other breach of County Information immediately following discovery, if the information was, or is reasonably believed to have been acquired by an unauthorized person. Notification must be given in the most expedient time possible and without unreasonable delay. Written confirmation must be sent within two (2) days of discovery or notification of the breach or suspected breach. A "breach" means the unauthorized acquisition of computerized data that constitutes Personal Information that compromises the security, confidentiality, or integrity of the information. A breach is also the acquisition, access, use, or disclosure of Protected Health Information in a manner not permitted under the HIPAA Privacy Rule which compromises the security or privacy of the Protected Health Information,and/or the unauthorized access,use,or disclosure of Medical Information under CMIA. Penalty for Unauthorized Disclosure. CONTRACTOR understands that disclosure of Patient Information in violation of state or federal law may subject the party releasing the information to civil and/or criminal fines,penalties,including but not limited to a minimum of$10,000 in civil damages,as set forth in Welfare and Institutions Code Section 5330. Duty to Warn. CONTRACTOR understands that persons providing services under this Agreement may,in certain situations involving a patient or recipient of services who is a danger to himself or others, have a duty to warn third parties of such danger and should consult supervisory staff and/or legal counsel about such duty to warn as appropriate. Dissemination of these Confidentiality Provisions. CONTRACTOR shall inform all its officers, employees, agents, and subcontractors providing services hereunder of these provisions. Indemnification. Netsmart will indemnify,defend and hold harmless County and its respective employees, directors, officers, subcontractors, agents and affiliates from and against all claims, actions, damages, losses, liabilities, fines, penalties, costs or expenses (including without limitation reasonable attorneys' fees) suffered by CONTRACTOR arising from any negligent or wrongful acts or omissions in connection with this Schedule D, by Netsmart or by its employees, directors, officers, subcontractors, or agents. In addition, CONTRACTOR will reimburse County for its actual out of pocket costs of notice, mitigation or remediation of any privacy breach caused by any act or omission of CONTRACTOR. By my signature below, as the authorized representative of the CONTRACTOR named below,I certify acceptance and understanding for myself and the CONTRACTOR of the above confidentiality provisions. Netsmart Technologies,Inc. Business Name of Contractor Joseph McGovern Signa Authorized Representative Name of Authorized Representative (printed) 5/23/2022 Executive Vice President Date Title of Authorized Representative SCHEDULE E QUALIFIED SERVICE ORGANIZATIONBUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement("Agreement"),effective July 1,2022(Effective Date"),is entered into by and among the County of Fresno,a political subdivision of the State of California,on behalf of the Behavioral Health Department("Covered Entity")and Netsmart Technologies,Inc.("Business Associate")(each a"Party" and collectively the"Parties")hereby enter into this Qualified Service Organization Agreement under the Part 2 Regulations and Business Associate Agreement under HIPAA. Business Associate provides certain services("Services")for Covered Entity under this Agreement that involve the use and disclosure of Protected Health Information that is created,received,transmitted, or maintained by Business Associate from,or on behalf of,Covered Entity("PHI"). The County is a"Covered Entity"as that term is defined in the Privacy Rule and the Security Regulations and Netsmart Technologies,Inc. is a`Business Associate"as that term is defined in the Privacy Rule; Business Associate is also a Qualified Service Organization, as defined in 42 C.F.R. Part 2.11, providing services to Covered Entity. The Parties are committed to complying with the Standards for Privacy of Individually Identifiable Health Information,45 C.F.R. Part 160 and Part 164, Subparts A and E as amended from time to time (the"Privacy Regulation"), the Breach Notification Standards, 45 C.F.R. Part 160 and Part 164, Subparts A and D (the "Breach Notification Regulation"),and with the Security Standards,45 C.F.R.Part 160 and Part 164, Subpart C as amended from time to time (the "Security Regulation") under the Health Insurance Portability and Accountability Act of 1996("HIPAA"),as amended by the Health Information Technology for Economic and Clinical Health Act and its implementing regulations ("HITECH") and the restrictions on use and disclosure imposed under the Confidentiality of Alcohol and Drug Abuse Patient Records under 42 U.S.C. §290dd-2 and 42 C.F.R. Part 2 (the "Part 2 Regulations"). Collectively, the Privacy Rule, Security Rule, and Breach Notification Rule are referred to as the HIPAA Regulations. Business Associate acknowledges that, pursuant to HITECH, 45 C.F.R. §§ 164.308 (administrative safeguards), 164.310 (physical safeguards), 164.312 (technical safeguards), 164.316 (policies and procedures and documentation requirements) and 164.502 et. seq. apply to Business Associate in the same manner that such sections apply to Covered Entity. The additional requirements of Title XIII of HITECH contained in Public Law 111-005 that relate to privacy and security and that are made applicable with respect to covered entities shall also be applicable to Business Associate. Business Associate is committed to complying with applicable California law,including but not limited to,the California Confidentiality of Medical Information Act,Cal.Civil Code§§56 et seq.("CMIA"),the Lanterman- Petris-Short Act("LPS") Cal. Welf. &Inst. Code § 5328 et seq., California substance abuse laws Cal. Health &Safety Code§§ 11812 and 11845.5;California laws governing HIV/AIDS records at California Health& Safety Code § 120975, and California Civil Code Section 1798.29. Collectively,these and other applicable laws shall be referred to as"California Laws") Business Associate is committed to complying with any applicable Medi-Cal requirements at 45 C.F.R. § 205.50,42 C.F.R. §431.300,et seq. and Cal.Wel£&Inst. Code §10850,et seq. ("Medi-Cal requirements"). Business Associate is also committed to complying with applicable requirements of the Red Flag Rules issued pursuant to the Fair and Accurate Credit Transactions Act of 2003 ("Red Flag Rules"). Business Associate acknowledges that the general prohibitions on re-disclosure under the Part 2 Regulations do not allow Business Associate to disclose patient identifying information to another entity without patient authorization,even where the Privacy Rule might allow disclosure; Business Associate acknowledges that a person's mere participation in an alcohol/drug program is confidential, as is any information about the individual; Business Associate acknowledges that the CMIA prohibits Business Associate from further disclosing PHI that it receives from Covered Entity where such disclosure would be violative of the CMIA,LPS,or other state or federal law. Business Associate acknowledge that disclosure of confidential matters can be a violation of federal law and can subject Covered Entity, individual persons, and/or the Business Associate to potential criminal and civil sanctions and fines; This Agreement sets forth the terms and conditions pursuant to which PHI,and,when applicable,Electronic Protected Health Information("EPHI"),and the information protected under the Part 2 Regulations("Part 2 Information")shall be handled. The Parties further acknowledge that state statutes or other laws or precedents may impose additional obligations,including data breach notification or information security obligations,and it is their the Parties' further intention that each shall comply with such laws as well as HITECH and HIPAA in the collection,handling,storage,and disclosure of personal data of patients or other personal identifying information exchanged or stored in connection with their relationship. The Parties agree as follows: ARTICLE 1—DEFINITIONS All capitalized terms used in this Agreement but not otherwise defined shall have the meaning set forth in the Privacy Rule, Security Rule and HITECH. ARTICLE 2—PERMITTED USES AND DISCLOSURES OF PHI Unless otherwise limited herein,Business Associate may: (a) use or disclose PHI to perform functions,activities or Services for, or on behalf of,Covered Entity as requested by Covered Entity from time to time,provided that such use or disclosure would not violate the Privacy or Security Regulations or the standards for Business Associate Agreements set forth in 45 C.F.R. § 164.504(e),exceed the minimum necessary to accomplish the intended purpose of such use or disclosure,violate the additional requirements of HITECH contained in Public Law 111-005 that relate to privacy and security, or violate the 42 C.F.R. Part 2 Regulations, California Law,Medi-Cal Requirements,and other applicable federal or state law; (b) disclose PHI for the purposes authorized by this Agreement only: (i) to its employees, subcontractors and agents; (ii)as directed by this Agreement; or(iii)as otherwise permitted by the terms of this Agreement; (c) use PHI in its possession to provide Data Aggregation Services to Covered Entity as permitted by 45 C.F.R. § 164.504(e)(2)(i)(B)if necessary to provide the Services under this Agreement; (d) use PHI in its possession for proper management and administration of Business Associate or to carry out the legal responsibilities of Business Associate as permitted by 45 C.F.R. § 164.504(e)(4)(i); (e) use PHI to report violations of law to appropriate Federal and state authorities, consistent with 45 C.F.R. § 164.5020)(1) and to the extent permitted by the 42 C.F.R. Part 2 Regulations, California Law,and Medi-Cal Requirements; (f) de-identify any PHI obtained by Business Associate under this Agreement for further use or disclosure only to the extent such de-identification is necessary for the provision of Services pursuant to this Agreement, and use such de-identified data in accordance with 45 C.F.R. § 164.502(d)(1); and ARTICLE 3—RESPONSIBILITIES OF THE PARTIES WITH RESPECT TO PHI 1. Responsibilities of Business Associate. With regard to its use and/or disclosure of PHI, Business Associate shall: (a) acknowledge that PHI may also be subject to the Part 2 Regulations (referred to as "Part 2 Information")and that it is fully bound by the provisions of the Part 2 Regulations and the HIPAA Regulations in receiving,transmitting,transporting,storing,processing,or otherwise dealing with, any Part 2 Information as it would apply to a"program" as defined in the Part 2 Regulations. (b) ensure that any Part 2 Information will not be re-disclosed to any other person or entity,including an agency or Subcontractor who provides services to Business Associate, except as permitted by the Part 2 Regulations; (c) resist any efforts in judicial or administrative proceedings (including court order and subpoena) if necessary, any efforts to obtain access to information pertaining to PHI and Part 2 Information, except as permitted by the Part 2 Regulations; (d) use and/or disclose the PHI only as permitted or required by this Agreement or as otherwise Required by Law; (e) report to the privacy officer of Covered Entity immediately(i) any use and/or disclosure of the PHI that is not permitted or required by this Agreement of which Business Associate becomes aware, and(ii) any Breach of unsecured PHI as specified by HITECH,the Breach Notification Rule, and(iii) any actual or suspected use or disclosure of data in violation of any applicable federal or state laws by Business Associate or its agents or subcontractors upon Business Associate's determination of the occurrence of such unauthorized use and/or disclosure. In such event,the Business Associate shall, in consultation with the Covered Entity,mitigate,to the extent practicable, any harmful effect that is known to the Business Associate of such improper use or disclosure. The notification of any Breach of unsecured PHI shall include,to the extent possible,the identification of each individual whose unsecured PHI has been,or is reasonably believed by the Business Associate to have been,accessed, acquired,used or disclosed during the Breach, as well as any other available information that Covered Entity is required to include in Breach notification to the individual,the media,the Secretary,and any other entity under the Breach Notification Rule and any other applicable state or federal laws, including,but not limited to,45 C.F.R. §§ 164.404 through 164.408. If any required information is not available at the time of notification,it shall be reported to Covered Entity as soon as such information becomes available. Business Associate shall cooperate fully with Covered Entity in meeting Covered Entity's obligations with respect to such Breach. (f) use commercially reasonable safeguards to maintain the security of the PHI and to prevent use and/or disclosure of such PHI other than as provided herein; (g) obtain and maintain an agreement with each of its subcontractors and agents that receive, use, or have access to PHI pursuant to which agreement such subcontractors and agents agree to adhere to the same restrictions, conditions, and requirements on the use and/or disclosure of PHI that apply to Business Associate pursuant to this Agreement; (h) make available all internal practices,records,books, agreements,policies and procedures and PHI relating to the use and/or disclosure of PHI to the Secretary for purposes of determining Covered Entity or Business Associate's compliance with the Privacy Rule; (i) document disclosures of PHI and information related to such disclosure and,within ten(10) days of receiving a written request from Covered Entity,provide to Covered Entity such information as is requested by Covered Entity to permit Covered Entity to respond to a request by an individual for an accounting of the disclosures of the individual's PHI in accordance with 45 C.F.R. § 164.528, as well as provide an accounting of disclosures, as required by HITECH, directly to an individual provided that the individual has made a request directly to Business Associate for such an accounting. At a minimum, the Business Associate shall provide the Covered Entity with the following information: (i) the date of the disclosure, (ii) the name of the entity or person who received the PHI, and if known,the address of such entity or person; (iii) a brief description of the PHI disclosed; and (iv) a brief statement of the purpose of such disclosure which includes an explanation of the basis for such disclosure. In the event the request for an accounting is delivered directly to the Business Associate, the Business Associate shall, within two (2) business days, forward such request to the Covered Entity. The Business Associate shall implement an appropriate recordkeeping process to enable it to comply with the requirements of this Section; 0) subject to Section 4.4 below, return to Covered Entity within twenty-one (21) days of the termination of this Agreement, the PHI in its possession and retain no copies, including backup copies; (k) disclose to its subcontractors, agents or other third parties, and request from Covered Entity, only the minimum PHI necessary to perform or fulfill a specific function required or permitted hereunder; (1) if all or any portion of the PHI is maintained in a Designated Record Set: i. upon ten(10)business days' prior written request from Covered Entity,provide access to the PHI in a Designated Record Set to Covered Entity or, as directed by Covered Entity, the individual to whom such PHI relates or his or her authorized representative to meet a request by such individual under 45 C.F.R. § 164.524; and ii. upon ten(10)business days' prior written request from Covered Entity,make any amendment(s)to the PHI that Covered Entity directs pursuant to 45 C.F.R. § 164.526; (m) maintain policies and procedures to detect and prevent identity theft in connection with the provision of the Services,to the extent required to comply with the Red Flag Rules; (n) notify the Covered Entity within five(5)days of the Business Associate's receipt of any request or subpoena for PHI. To the extent that the Covered Entity decides to assume responsibility for challenging the validity of such request, the Business Associate shall cooperate fully with the Covered Entity in such challenge; (o) maintain a formal security program materially in accordance with all applicable data security and privacy laws and industry standards designed to ensure the security and integrity of the Covered Entity's data and protect against threats or hazards to such security; (p) to the extent that Business Associate carries out one or more of Covered Entity's obligations under the Privacy Rule, comply with the requirements of Privacy Rule that apply to the Covered Entity in the performance of such obligations. Business Associate further acknowledges that,pursuant to HITECH,the applicable provisions of HIPAA apply to Business Associate in the same manner that such sections apply to Covered Entity; (q) acknowledge that it is obligated by law to comply,and represents and warrants that it shall comply, with HIPAA,HITECH,the HIPAA Regulations,the Part 2 Regulations, and the Red Flags Rules, as applicable. Business Associate further represents and warrants that it shall comply with all applicable state privacy and security laws, to the extent that such state laws are not preempted by HIPAA or HITECH and acknowledges that, as between the Business Associate and the Covered Entity, all PHI shall be and remain the sole property of the Covered Entity. 2. Additional Responsibilities of Business Associate with Respect to EPHI. In the event that Business Associate has access to EPHI, in addition to the other requirements set forth in this Agreement relating to PHI, Business Associate shall: (a) implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of EPHI that Business Associate creates, receives, maintains, or transmits on behalf of Covered Entity as required by 45 C.F.R. Part 164, Subpart C; (b) ensure that any subcontractor or agent to whom Business Associate provides any EPHI agrees in writing to implement reasonable and appropriate safeguards to protect such EPHI; and (c) report to the privacy officer of Covered Entity,in writing, any Security Incident involving EPHI of which Business Associate becomes aware within two(2)business days of Business Associate's discovery of such Security Incident or sooner if practical. For purposes of this Section, a Security Incident shall mean(consistent with the definition set forth at 45 C.F.R. § 164.304),the attempted or successful unauthorized access,use, disclosure,modification, or destruction of information or interference with systems operations in an information system. In such event,the Business Associate shall, in consultation with the Covered Entity,mitigate,to the extent practicable,any harmful effect that is known to the Business Associate of such improper use or disclosure. If such Security Incident constitutes a Breach of Unsecured PHI,Business Associate shall comply with the notification requirements set forth in Section 1.02(e). 3. Responsibilities of Covered Entity. Covered Entity shall,with respect to Business Associate: (a) provide Business Associate a copy of Covered Entity's notice of privacy practices ("Notice") currently in use; (b) notify Business Associate of any limitations in the Notice pursuant to 45 C.F.R. § 164.520,to the extent that such limitations may affect Business Associate's use or disclosure of PHI; (c) notify Business Associate of any changes to the Notice that Covered Entity provides to individuals pursuant to 45 C.F.R. § 164.520,to the extent that such changes may affect Business Associate's use or disclosure of PHI; (d) notify Business Associate of any changes in, or withdrawal of,the consent or authorization of an individual regarding the use or disclosure of PHI provided to Covered Entity pursuant to 45 C.F.R. § 164.506 or§ 164.508,to the extent that such changes may affect Business Associate's use or disclosure of PHI; and (e) notify Business Associate, in writing and in a timely manner, of any restrictions on use and/or disclosure of PHI as provided for in 45 C.F.R. § 164.522 agreed to by Covered Entity,to the extent that such restriction may affect Business Associate's use or disclosure of PHI. ARTICLE 4—TERMS AND TERMINATION 4.1 Term.This Agreement shall become effective on the Effective Date and shall continue in effect unless terminated as provided in this Article 4.Certain provisions and requirements of this Agreement shall survive its expiration or other termination as set forth in Section 5.1 herein. 4.2 Termination. Either Covered Entity or Business Associate may terminate this Agreement and any related agreements if the terminating Party determines in good faith that the terminated Party has breached a material term of this Agreement;provided,however,that no Party may terminate this Agreement if the breaching Party cures such breach to the reasonable satisfaction of the terminating Party within thirty (30)days after the breaching Parry's receipt of written notice of such breach. 4.3 Automatic Termination. This Agreement shall automatically terminate without any further action of the Parties upon the termination or expiration of Business Associate's provision of Services to Covered Entity. 4.4 Effect of Termination. Upon termination or expiration of this Agreement for any reason, Business Associate shall return all PHI pursuant to 45 C.F.R. § 164.504(e)(2)(ii)(I)if,and to the extent that, it is feasible to do so. Prior to doing so, Business Associate shall recover any PHI in the possession of its subcontractors or agents. To the extent it is not feasible for Business Associate to return or destroy any portion of the PHI, Business Associate shall provide Covered Entity a statement that Business Associate has determined that it is infeasible to return or destroy all or some portion of the PHI in its possession or in possession of its subcontractors or agents. Business Associate shall extend any and all protections, limitations and restrictions contained in this Agreement to any PHI retained after the termination of this Agreement until such time as the PHI is returned to Covered Entity or destroyed. ARTICLE 5—MISCELLANEOUS 5.1 Survival.The respective rights and obligations of Business Associate and Covered Entity under the provisions of Sections 4.4, 5_1, 5_6, and 5_7, and Section 2.1 (solely with respect to PHI that Business Associate retains in accordance with Section 4.4 because it is not feasible to return or destroy such PHI), shall survive termination of this Agreement until such time as the PHI is returned to Covered Entity or destroyed. In addition, Section 3.1(i) shall survive termination of this Agreement, provided that Covered Entity determines that the PHI being retained pursuant to Section 4.4 constitutes a Designated Record Set. 5.2 Amendments; Waiver. This Agreement may not be modified or amended, except in a writing duly signed by authorized representatives of the Parties. To the extent that any relevant provision of the HIPAA, HITECH or Red Flag Rules is materially amended in a manner that changes the obligations of Business Associates or Covered Entities, the Parties agree to negotiate in good faith appropriate amendment(s) to this Agreement to give effect to the revised obligations. Further, no provision of this Agreement shall be waived, except in a writing duly signed by authorized representatives of the Parties. A waiver with respect to one event shall not be construed as continuing, or as a bar to or waiver of any right or remedy as to subsequent events. 5.3 No Third Party Beneficiaries. Nothing express or implied in this Agreement is intended to confer, nor shall anything herein confer, upon any person other than the Parties and the respective successors or assigns of the Parties, any rights,remedies, obligations, or liabilities whatsoever. 5.4 Notices. Any notices to be given hereunder to a Party shall be made via U.S. Mail or express courier to such Party's address given below, and/or via facsimile to the facsimile telephone numbers listed below. If to Business Associate,to: Netsmart Technologies,Inc. 4950 College Blvd. Overland Park,KS Attn: Chief Privacy Officer Tel: 800-421-7503 If to Covered Entity,to: County of Fresno Department of Behavioral Health Attn: Director Tel: (559) 600-9193 Each Party named above may change its address and that of its representative for notice by the giving of notice thereof in the manner hereinabove provided. Such notice is effective upon receipt of notice, but receipt is deemed to occur on next business day if notice is sent by FedEx or other overnight delivery service. 5.5 Counterparts; Facsimiles. This Agreement may be executed in any number of counterparts, each of which shall be deemed an original. Facsimile copies hereof shall be deemed to be originals. 5.6 Choice of Law; Interpretation. This Agreement shall be governed by the laws of the State of California;as provided,however,that any ambiguities in this Agreement shall be resolved in a manner that allows Business Associate to comply with the Privacy Rule, and, if applicable, the Security Rule and the CMIA. 5.7 Indemnification Business Associate will indemnify, defend and hold harmless Covered Entity and its respective employees, directors, officers, subcontractors, agents and affiliates from and against all claims, actions, damages, losses, liabilities, fines, penalties, costs or expenses, including reasonable attorneys' fees (Damages) suffered by Covered Entity arising from any acts or omissions in connection with this Agreement, by Business Associate or by its employees, directors, officers, subcontractors, or agents. The referenced limitation of liability will not apply to and Netsmart will fully indemnify Covered Entity for: (a) Covered Entity's reasonable costs of notice, mitigation or remediation of any Breach of Unsecured PHI or acquisition, access, use, or disclosure of data in a manner not permitted by this Agreement that is attributable to any act or omission of Business Associate or its agents or subcontractors. (b) Fines or penalties that are assessed against Covered Entity by a state or federal regulatory agency for an act or omission of Business Associate or by its employees, directors, officers, subcontractors, or agents on a theory of agency or vicarious liability. (c) Damages resulting from any negligent or willful acts or omissions of Covered Entity in connection with this Agreement are excepted from this indemnification requirement. It is the intent of the parties to this Agreement to provide the broadest possible indemnification for Covered Entity. Business Associate shall reimburse Covered Entity for all costs, attorneys' fees, expenses, and liabilities incurred by Covered Entity with respect to any investigation, enforcement proceeding or litigation in which Business Associate is obligated to indemnify, defend, and hold harmless Covered Entity under this Agreement. This provision is in addition to and independent of any indemnification provision in any related or other agreement between the Covered Entity and the Business Associate, including the underlying AGREEMENT. IN WITNESS WHEREOF,each of the undersigned has caused this Agreement to be duly executed in its name and on its behalf as of the Effective Date. [BUSINESS ASSOCIATE] COUNTY OF FRESNO, ON BEHALF OF THE DEPARTMENT OF BEHAVIORAL HEALTH By: By: Print Name: Joseph McGovern Print Name: Print Title: Executive Vice President Print Title: Director Date: 5/23/2022 Date: SCHEDULE F: NETSMART HOSTING iii) Any Professional Services ADDENDUM TO LICENSE iv) The payment terms for Service Charges is set forth in"Schedule A—Charges and This Addendum is effective on the effective date of \\Payment Terms"of the Agreement and the Agreement("Addendum Effective Date"). referenced again in Schedule 2(c)of this addendum. 1. PURPOSE OF ADDENDUM This h) "SLA"is an abbreviation for Service Level Addendum states the terms and conditions under Agreement. The Service Level Agreement, which Contractor will provide software hosting or SLA,describes the functions,features and services and permit County to load Data on the performance capabilities of the Hosted Hosted System via a virtual private network System as available at County's site and is set ("VPN")or Secure Socket Layer("SSL"). forth in Addendum Schedule 2(d). 2. DEFINITIONS Capitalized terms in this 3. TERM Addendum that are not defined below will have a) Contractor hereby grants County a non- the same meaning as the terms that are given in transferable,non-exclusive right to access the the Agreement. All references to Schedules mean Hosted System from Contractor's Data the Schedules attached to this Contractor Hosting Center for a period of 60 months from the Addendum to License unless otherwise indicated. Agreement Effective Date expiring on June 30,2027 ("Agreement Initial Term"),with a) "Migration"refers to all services, activities, the option to extend the Agreement for two and infrastructure associated with the additional one year periods.County is not migration of the County's Avatar system and required to state a reason if it elects not to all associated components from the County renew. Network to Contractor's Plexus Cloud.An b) If this Agreement includes options for example project plan and narrative renewal or extension,CONTRACTOR will description of activities are provided in notify COUNTY of a proposed rate change a Schedule 2(a). After the signing of this minimum of ninety days(90)prior to the agreement,the County and Contractor Project expiration of the Agreement. Both parties Managers will define a mutually acceptable must agree to any rate changes in writing. Project Plan and Timeline. c) The Hosted Software Services may be used b) "County Hardware"means the computer by County only: hardware and communications equipment i) for County's internal business purposes required by County to log on to the System and not to process the data of any other and use the Software Services and is the entity; and responsibility of County to obtain. ii) for access by the maximum number of c) "Data"has the meaning provided in Section 6 named users permitted under the d) "Hosted System"means the hardware and Agreement; and software in Contractor's data center, iii) so long as the County is not otherwise in including the Licensed Programs as defined default under the Agreement or this in the Agreement that are used to provide Addendum. Software Services to County.A brief Subsections (i), (ii), and (iii) above shall be overview of the components and services of understood to permit non-employees of County, the"Hosted System"is set forth in such as agents or contractors who have a need for Addendum Schedule 2(b) access to the Licensed Programs to support the e) "Month 1"means the first day of the first internal operations of County, to be added as month after mutual contract execution. named users for the Licensed Programs. f) "Contractor Provided Hardware"means any equipment provided to the County by d) This Addendum does not convey to County Contractor any title or ownership interest in the Hosted g) "Service Charges"means the amount to be Systems or the Licensed Programs. County paid by County for has additional rights in the Licensed i) Contractor's data center usage; Programs,however,under the Agreement. ii) Any Contractor Provided Hardware ; e) The Hosting Services covered by this Addendum are provided solely to County. County is prohibited from engaging in any activity that makes these Hosting Services available to third parties. 4. CHARGES AND PAYMENT TERMS County agrees to pay Contractor in accordance with Section 7 and Schedule A. 5. TAXES The Charges set forth in this Agreement do not include any taxes. The County is not subject to pay any taxes on Charges set forth in this Agreement. 6. PROTECTION OF COUNTY DATA As used in this paragraph 6,the word"Data" means all information acquired from County that will reside on a Contractor secure server and be maintained for County during the performance of this Agreement.Contractor will maintain the Data in accordance with generally accepted security standards applicable to protected health information and as required by law. Upon termination of this Agreement for any reason Contractor shall furnish all Data to County as soon as reasonably practical in a mutually acceptable industry standard format. If professional services are required to convert or format the Data to meet requested format,County will pay for such professional services as an additional charge. 7. GENERAL TERMS Except as expressly set forth in this Addendum, the relationship between Contractor and County will be governed by the provisions of the Agreement. 8. SURVIVAL OF TERMS In the event this Addendum terminates pursuant to its terms,the Agreement will continue in full force and effect. 9. CROSS DEFAULT A default by County and resulting termination of the Agreement will similarly terminate the license rights granted by this Addendum. A default and termination of this Addendum,however,will not constitute grounds for termination of the Agreement,unless the default under this Addendum would likewise be grounds for termination of the Agreement Addendum Schedule F (a) Overview of the "Hosted System" Components and Services HOSTING COMPONENTS A. Avatar Environment Contractor will provide redundant middleware and ECP servers to County running through SSL,load balanced with enterprise F5 load balancers,tied to a backend Cache database. This environment will be replicated to our Kansas City data center with failover capabilities spelled out in the Disaster Recovery portion of this document. The environment will be provisioned based up concurrent number of users and estimated growth patterns. Contractor implements and utilizes real-time monitoring on Avatar hosted system,providing feedback on all security, stability, and performance attributes of each system. The Contractor Avatar environment is governed under an ISO 27000 series framework, consisting of an extensive set of policies,procedures, and work instructions governing the planning, implementation, management, and support of the environment. Contractor's complete set of policies and procedures will be provided under a separate cover. Contractor Plexus Support includes application and database patching. Contractor encourages the County to stay current with applications patches.Patches will be applied to County test environments first,to be tested by Contractor and County.Upon successful testing and validation by the County, Contractor will schedule and apply patches to the County's live environment at a mutually agreeable time. Patches affecting core system security and stability,will be escalated and applied to the County environment, as soon as reasonably possible,to ensure optimal security and stability within the hosted Avatar solution. Avatar application support will continue under the current Contractor Application support model. System support, consisting of network connectivity, Cache database, security,and infrastructure system support is provided by Contractor's Plexus Cloud Systems Engineering team,Infrastructure Team, and Security Teams. County will be provided all applicable support phone numbers,which include the general hosting phone numbers,24/7 phone numbers,and escalation phone numbers. Contractor Plexus hosting support will continue to utilize the same priority ranking system representing the severity of issue currently being encountered. Priority 1 (P1)issues represent a down system event or significant event severely hampering core system functionality or availability,which have Contractor's support teams immediate engage with the County on addressing the issue.Priority 2 (P2)issues represent a significant event occurring within the Avatar solution,while the core system remains functional and accessible or critical system patches that need added to the environment. Contractor will assign and initially engage with County within 12 hours,to begin work on a resolution. Priority 3 (P3)issues represent low priority issues,representing non-critical issues,non-critical patches,or questions. Contractor will engage with the County within 48 hours and begin work on a resolution. B. Avatar Disaster Recovery Contractor provides redundant,dedicated virtualization throughout the entire Avatar environment, including middleware, ECP, and database servers. The middleware and ECP systems employ load balancing behind master F5 load balancers,monitoring performance and health of each device. System failures are identified and routed around,by the load balancers. The database environment utilizes HA server components,to fail over between servers,in the event of a failure. Replicated copies of the middleware and ECP environments are maintained offline, at our secondary data center, and update on a weekly basis or after any changes are made. The database server environments are replicated in real-time to the secondary data center. Target RTO for Avatar failover to the secondary data center is 4 hours, though generally can be completed in a matter of minutes. Target RPO for data loss is 30 minutes,though all tests generally show times in the sub-2 minute timeframe. Nightly backups of the Avatar environment occur to local tier III storage and to encrypted backup tapes, which are taken offsite daily by Iron Mountain. Monthly restoration tests of random County environments occur and are fully documented from all three sources of information C. Scriptlink Hosting Contractor will provide redundant Web Servers to support the hosting and execution of County developed scripts. In order to provide administrative rights to this Web Server, Contractor provides representatives from County secure access mechanisms into the Plexus Cloud Environment. The environment will be provisioned based up concurrent number of users and estimated growth patterns. Finally,as part of the Scriptlink Hosting Contractor will provide and manage all aspects of the communication between the County's Hosted Avatar Environment and the Scriptlink Web Servers. The Contractor Avatar environment is governed under an ISO 27000 series framework, consisting of an extensive set of policies,procedures, and work instructions governing the planning, implementation, management, and support of the environment. HOSTING SCOPE OF SERVICES fJrr rr;�rt Data Center Environments. The Netsmart Plexus Data Centers("NPDC")consist of a 2X primary data center environment and an N+1 secondary datacenter environment, both consisting of dual-fed, redundant data operation facility intended to provide uninterrupted power and service for Netsmart clients. The NPDC are designed to significantly reduce client downtime and operates under supervision twenty-four (24)hours per day, seven(7) days per week ("24 x 7"),every day of the year. The NPDC houses all data center equipment,including hosted computing equipment,network equipment,and security equipment. Data center monitoring systems include fire protection (detectors,sprinklers, and dry agent),mechanical systems, camera recording systems, entry alarms,electrical systems,generator operations,water detection systems, and card access control/biometrics access controls. Netsmart engineers observe systems 24 x 7 and report alarms as needed. The following table sets forth the responsibilities of Netsmart and Client regarding the physical facilities: No. Table 1: Netsmart Client Facility ResponsibilitV Description NPDC 1.1 Environment 1.1.1 Provide the NPDC facility required to host the computing and netwo4. X environment 1.1.2 Provide the NPDC equipment and third party software X 1.1.3 Manage,monitor and control the NPDC X 1.1.4 Provide any applicable UPS/temperature-controlled environmentfor x Netsmart provided equipment needed at Client site (e.g.network e q ui pment,etc. 1.1.5 Provide appropriate rack space forNetsmart provided equipment at the X Client site, if applicable 1.2 NPDC Facility Management and Monitorin 1.2.1 NPDC power m onitoring for generators-* X 1.2.2 Monitoring of chiller system for pressure,temp,alarm and standby- X 1.2.3 Monitoring of electrical room for moisture,UPS availability-' x 1.2.4 Monitoring of NPDC data center air-conditioning units,including air X c o n diti o n i ng, power,moisture,h um 1 clity and tem peratu re-" 1.2.5 Monitoring of NPDCAuto Transfer Switches. Monitors and activates x UPS/generator s stem as incoming power dictates-" 1.2.6 Monitoring and control of the NPDC environment-" X 1.2.7 Facility operation and maintenance-" X 1.3 NPDC Physical Security 1.3 1 Camera monitoring is provided throughout the Data Center and X exterior entries. Multiple cameras provide views of the Data Center and all access points,which are visible at all times to the on-site operators. All cameras continuously record to tape for future viewing and investi q ation-" 1.3.2 All primary doors are controlled by card access with biometric readers X in high-security areas. Multiple access points must be crossed to access the Data Center floor-" 1.3.3 All secured doors are electronic fail-secure strikes.All door hardware X and Monitoring are backed bV emer encpower-* 1.3.4 Access to host facility is site-restricted via ACL's which are controlled x by Netsmart's security personnel 1.3.5 E ntrylexit points of service center are rri onitored via closed-circuit x televisi on-* B. Network Operations. As part of the NPDC Services, Netsmart will provide and manage many aspects of the communications between the NPDC and the Client networks. Each section below describes a unique aspect of the network infrastructure. There are three separate networks that mustwork together in unison to provide seamless application delivery. In addition, each party agrees to perform their respective network operations responsibilities,as setforth in Table 2 below. 1. NPDC Network Operation. The NPDC Network Operations are the network equipment,software, and console systems that support the servers and databases for Client within a facility or facilities that Netsmart manages. Netsmartwill provide and operate at the NPDC all network equipment,third party software and console systems to hostthe Licensed Software,equipment,and certain third party software(collectively,the"Netsmart Environment"). Netsmartwill provide a high-availability network designed to remain fully operational in the event of any single equipment failure. Possible points of equipmentfailure may include routers,switches,load balancers,and firewalls. Netsmartwill support, manage, and maintain this equipment and third party software in a manner consistent with vendor specifications and Netsmart best practices. Netsmart will provide network management of all Netsmart-provided network components in the NPDC to maintain the service levels set forth in this Netsmart System Schedule. 2. Netsmart/Client provided Internet Communications. The Internet Communications Network Operations are the communications infrastructures that include primary and secondary communications circuits between the NPDC and the Internet, and from the client LANNVAN to the Internet.The Netsmart circuits will be provisioned in a mannerthat maximizes existing physical circuit diversity from a variety of Internet backbone providers, at both data center environments. This process does not guarantee physical diversity; but rather provides the best practice for obtaining physical diversity. The Netsmart Internet circuits will be sized in accordance with Netsmart best practices for appropriate bandwidth, quality of service and responsiveness. Some metrics that may be used for sizing include active concurrent users,number and volume of interface traffic, number and volume of print activities,etc. All Netsmart-side circuit provisioning and management will be the responsibility of Netsmart in conjunction with Netsmarrs third party communications carriers. All communications equipment necessary to terminate these WAN circuits will be provided and managed by Netsmart. The equipment may include routers, switches, firewalls, out-of-band- management consoles and power reboot switches as well as CSUIDSU circuit termination equipment.All client-side circuit provisioning and management will be the responsibility of the client. All communications equipment necessary to terminate these Internet circuits will be provided and managed by the client. The equipment may include routers, switches, firewalls, out-of-band- management consoles and power reboot switches as well as CSUIDSU circuit termination equipment. Netsmart will assist Client in troubleshooting Internet issues that may involve Client's network or client's Internet provider; however, Netsmart reserves the right to charge for the time, materials and travel and related expenses involved in resolution of problems that are determined to originate within Client's network. 3. Client-provided LAN/WAN. Client LAN and ClientWAN will consist of any communications circuits, WAN termination equipment and LAN equipment not provided by Netsmart. These circuits and equipmentwill be managed and maintained by Client.Netsmartwill assist Client in troubleshooting issues that may involve Client's network; however,Netsmart reserves the right to charge for the tim e, materials and travel and related expenses involved in resolution of problems that are determined to originate within Client's network. 4. Netsmart Provided MPLS Connectivity Client location will be provided(2) routers forconnection to Netsmart Technologies' MPLS network from client's internal network. An MPLS circuit will be installed at the client location from (2)diverse carriers. Both circuits will be identical in capacity and not less than 20Mbps. Circuits will be provisioned to have connectivity to both Netsmart data centers, Columbus and Kansas City,through their respective MPLS cloud. Once installed,l,c ith circuits an_i routers will be active allowing traffic to utilize each connection Table 2: Netsm art No. Client Network Operations Responsibility Description NPDC 2.1 NPDC Network Operations 2 1 1 All required network equipment within the NPDC,such as routers, X switches, load balancers and consoles 2 1 Network management of equipment and third part_;,-_,ofti.are,inducing X routers, switches,load balancers and firerialls 2.1.3 Redundant power circuits and power distribution X 2.1.4 24 x 7 x 365 network support with level 2 and 3 backup available by X pacier 2.1.5 Monitoring Netsmart provided applications response time, including X round trip latency from Netsmart's Internet providers 2.1.6 Network management, support, installation, and configuration of X Netsmart- rovided WAN circuits and WAN equipment 2.2 Netsmart/Clientprovided Intemet Communications Network Operations 2.2.1 Communications circuits from the NPDC to I internet Backbone X 2.2.2 Network management including Monitoring systems,device X management and polling systems 2.2.3 Monitoring of Netsmart provided network routers,including utilization, x memory, exception reporting,syslog, configuration management and ACL hits/denies 2.2.4 Monitoring of Netsmart provided WAN links ups/downs,error k thresholds,bandwidth,and CIR packet flow/loss 2.2.5 Communications circuits from the CUENTto IntemetBackbone x 2.2.6 Network management including Monitoring systems, device management and polling systems 2.2.7 Monitoring of client-provided network routers,including utilization, X memory, exception reporting,syslog, configuration management and ACL hits/denies 2.2.8 Monitoring of Client Gateway ups/downs,router, switch, power x 2.3 Client LANNUAN Operations 2.3.1 Network management, support, installation, and configuration of Client x provided WAN circuits and WAN Equipment 2.3.2 Network management, support, installation, and configuration of Client X LAN infrastructure 2.3.3 Management of network printers,terminal servers,PCs,terminals or X other Client-side equipment C. Systems Management. As part of the NPDC Services,Netsmartwill provide systems management services for the management,security and performance of the computing systems required to operate the Licensed Software.The"back-end system"includes third party software,certain Sublicensed Software,and host nodes running the Licensed Software database as well as the Avaguard monitoring system, and interface engine. This aspect of the back-end system also includes the storage technology and media.The back-end systems also include the required operating systems("OS")and layered products necessaryforthe System to operate. The computing system includes the back-end system and the front-end application server resources necessary to provide access to the System and executes the Licensed Software and server requirements to facilitate printing (excluding Client print servers required for and on Client LAN). The computing system includes management and Monitoring systems and software to monitor and report on system health,security, capacity and availability. The front-end system includes the required OS and layered-product licenses (necessary for the System to operate. The system management services include the responsibility for the equipment and third parry software maintenance of the computing system and associated infrastructure in accordance with manufacturer-recommended and supported practices. In addition, such services include processes and resources to monitorthe computing systems and to report and alert on compromised system health,security, capacity,and availability. Furthermore,Netsmartwill: • Meetorexceed contracted performance, capacity,and System Availability(as defined below)levels using the appropriate management methodologies, resources, and tools for the Netsmart Environments • Provide System performance Monitoring and tuning • Provide System capacity analysis and planning • Provide storage managementforall the in-scope environments • Use and adhere to documented change management processes and procedures • Use and adhere to documented problem management processes, procedures and escalation guidelines • Provide and monitor mutually agreed-upon security functions in conjunction with Client's security officer and in accordance with documented security policies In addition,each party agrees to perform their respective systems management responsibilities, as setforth in Table 3 below. No. Table3: Netsmart Client Systems Wriagement Responsibility Descnption NPDC 3.1 Equipment and Third Party S oftware A c qu i siti o n and Provisioning 3.1.1 Provide back-end computing systems consisting of CPU,memory and x data storage required to operate the in-scope environments) Back-end computing systems will be provided in accordance with obligations set forth in this Netsmart System Schedule and certified by Netsmart Engineering 3.1.2 Provide OS and layered-product software licenses for back-end x s stiems rectuired to op erate the in-sco pe environment s 3.1.3 Purchase of database Sublicensed Software and ongoing Sublicensed x Software Maintenance fees 1.4 Provide front-end computing systems necessary to facilitate Client x access to their specific in-scope environment(s) Front-end computing systems will be provided in accordance with obligations set forth in this Netsmart System Schedule and certified by Netsmart Engineering 3.1.5 Provide OS and layered-product software licenses for front-end x s stems req uired to op erate the in-sco pe environment s 3.1.6 Provide systems and third party software necessary for Netsmart to x manse and monitor back-end and front-end systems 3.1.7 Provide front-end servers required to facilitate printing from the in- x scope environment(s), excluding Client-specific print servers required for local printing on Client site 3.1.8 Provide systems required for Client local printing from Avatar and nor- x Avatars p plications 3.1.9 Provide systems required for Client access to Client's LAN (e.g.local x authentication,primary/backup domain controllers) and other non- Avatar functionality 3.1.10 Provide front-end computing systems necessaryto facilitate local x Client Licensed Software installation. Computing systems must meet Netsmart minimums stem requirements 3.2 Management and Monitoring 3.2.1 Apply OS and layered-product service packs to front-end and back-end x systems as required to maintain system health,security,availability and capacitV 3.2.2 Monitor the computing systems (24 x 7)to report and alert on x compromised system health, security, availability and capacity 3.2.3 Reboot back-end and front-end computing systems on a recurring x schedule to optimize performance of the computing environment 3.2.4 Monitor charting application services (charting and Remote Report x Distribution)for successful completion 3.2.5 Resubmit and/or reroute arry failed printjobs x 3.2.6 Provide OS and layered-product software licenses for front end x systems required for a local Avatar application installation (Windows, Crystal) 3.3 Security Administration 3.3.1 Provides stem third party software and equipment security controls x 3.3.2 Monitor System security errors, exceptions and attempted violations as x dictated by standard procedures 3.3.3 Host facility sical security measures and controls x 3.3.4 Secure backup media with check-in and check-out procedures x 3.3.5 Store Client's backup media in a manner that will protect the x confidentiality of the data stored on them and ensure that such data remain Client's property 3.3.6 Run and monitor continuous intrusion detection software on both host x and network-based systems 3.3.7 Provide secure environment for on-site and off-site storage for backups x 3.3.8 Virus detection and correction as required x 3.3.9 Provide corporate IT Security Manager to monitor and enforce security x procedures and resolve exception report issues 3.3.10 Provide to ical security using locWdown procedures post producton x 3.3.11 Assign and manage accounts for Client users to access systems x 3.3.12 Designate assigned security representative to ensure personnel have x appropriate access and be responsible for review of access controls, etc. 3.4 Other Third-P Software 3.4.1 Provide adequate licenses for third party products used to augment x Avatar functionality Third-party products will be implemented in accordance with obligations set forth in the contract and certified by Netsmart Engineering 3.5 Mscellaneous Technologies Selection, Deploymentand Management 3.5.1 Provide,configure,host and manage other non-Avatar resources x deployed to augment Avatar functionality(excluding those which have not been identified as Netsmart Avatar technology partners) Resources excluded may consist of, but are not limited to, biometric authentication application and database servers, and medical encoding applicaton and database servers 3.5.2 Select peripheral technologies certified by Netsmart and consult with x X Netsmart Technical Project Manager priorto final selection Peripheral technologies consist of PCs,thin client devices, hand-held devices,printers, document scanners,and barcode scanners N etsm art is responsible for providing Client with a list of validated devices,and Client is responsible for making their selection and verifyingwith the TP M that it is valid according to the list provided 3 5 3 Procurement and deployment of peripheral technologies in accordance X with Netsmart-certified configurations 3 5.4 Peripheral devices configuration,management and maintenance (Web X browser configuration, connectivity,rebooting,paper,toner,paper jam, device offline,etc. 3.5.5 Client site peripheral management(adds,moves and changes--some X changes ay require NPDC assistance to implement) 3.5.6 Provide virtual access to peripherals and interfaces as needed to X support Client D. Database Administration. Netsmart will provide the ability to implement and maintain database access, performance and availability in a consistent and efficient manner across all System environments. Client will maintain the content and integrity of the database. Netsmartwill: • Install and maintain Database Management System ("DBMS") software as defined in Table 4 beloldd • Provide appropriate database management methodologies, resources and tools to manage, troubleshoot,back up and recover the database environments. • Monitor and report on database performance and capacity • Provide DBMS storage management • Monitor and manage database security • Maintain offsite backup of the System and Client data (the offsite media backup will operate and perform in a manner comparable to NPDC with respect tiD both System and Client data) In addition, each party agrees to perform their respective database administration responsibilities,as setforth in Table 4 below. No. Table4: Netsmart Client D atabas e A dm in i stratio n Res p ons i bi I itV Des cri ption NPDC 4.1 Software Installation and Upgrade 4.1.1 Installation,management,and upgrading of third party database x software necessaryto supportthe Licensed Software. 4.1.2 Certification of application environment after database or other x upgrade 4.2 Perfonnance Management and Monitoring 4.2.1 Monitor database alert logs x 4.2.2 Monitor database number of extents remaining x 4.2.3 Monitor database freespace x 4.2.4 Monitor database freespace deficits x 4.2.5 Monitor database instance status x 4.2.6 Monitor database lock conflicts x 4.2.7 Monitor space available in tablespace x 4.2.8 Monitor status of database listeners x 4.2.9 Reorg/defragmentdatabase objectsAablespace x 4.2.10 Analysis and tuning of any custom scripts developed by Client or third- x party 4.2.11 Monitor basic database performance characteristics such as I/O x 4.2.12 Monitor and manage file and tablespace x 4.3 Backup,Restore and Recovery 4.3.1 Perform system backups as specified in standard backup procedure x 4.3.2 Media rotation x 4.3.3 Verify backup logs x 4.3.4 Maintain and document backup requirements x 4.3.5 Coordinate offsite storage functions, including logging,tracking, x labeling, ordering, receiving and sending storage media 4.3.6 Restore System data as required x 4.3.7 Define System-wide recovery and backup requirements x 4.3.8 Schedule and test routine recovery procedures x 4.3.9 Perform the required frequency of replacement for all media in storage x 4.3.10 B,acktip of Client-based PCs and servers X 4.3.11 Verification of restored environment X E. Applications Management. Applications Management services are the services required to manage the Licensed Software application level of the System. As part ofthe NPDC Services,Netsmart's primaryfunction with respect to Applications Management is in the areas of service package management,application server management, and monitoring and reporting on application processes. Each party agrees to perform their respective Applications Management responsibilities,as setforth in Table 5 below. Netsmartwill upgrade the System as required to keep Client on a supportable release;but not more frequently than limit set forth in the scope of use table above. Specific service packages will be made available as required to address a medical need,financial need or regulatory requirement. Client will,at its own expense,support,manage and provide training for all Licensed Software, including without limitation all maintenance and build activities related to production financial and clinical applications and Licensed Software upgrades. Client agrees to use "superusers"to provide Licensed Software management support. No. Tables: Netsmart Client Applications Management Responsibility Description NPDC 5.1 Service Package Management 5.11 Load patches and Service Packages as required to meet contractual X a reements 5.1.2 Installation of New Releases on a periodic basis,subject to notice and X approval by Client.(Frequency as setforth in the scope of use limit section above 5.1.3 Perform back-end special instructions for service package loads x 5.1.4 Perform front-endspecial instructions for service package loads X 5.1.5 Support applications testing by providing a certification domain to Client x as require to support contractual commitments 5.1.6 Monitor Licensed Software notifications for isjues related to patient X care,financial burden,or performance 5.1.7 Request patches & service packages as needed to keel_the System at x a supportable level as defined above 5.1.8 Perform application special instructions for service package loads as X needed 5.1.9 Perform service package certification quiclelines as needed X 5.1.10 Test service packages/application enhancements,fixes and upgrades x and assure the integrity of the resulting data.Client is responsible for final si noff 5.1.11 Perform and manage the processforlocal installations oftrie Licensed X Software application on Client PCs 5.2 IVIonitorling tasks 5.2.1 Monitor Application Servers for appropriate number/ups/downs X 5.2.2 Monitor orphaned journal transactions X 5.2.3 MonitorAvatar System Access logs and perform maintenance X 5.2.4 Verify client record status x 5.3 Audit reports and logs 5.3.1 Review/monitor audit reports and logs x 5.3.2 Perform Client audits/reports/tools x 5.4 User accounts 5.4.1 Establish ongoing setup and maintenance of user accounts for x Licensed Software products 5.5 Maintenance Activities 5.5.1 Cycle Application Servers as needed x 5.5.2 Perform evert code/event set changes as required x 5.5.3 Provide and maintain application-specific security such as task access, x positions,and role seta 5.5.4 Train end users on application x 5.5.5 Maintain change management of all local installations of the Licensed x Software applications on Client PCs 6.6 Avatar Software Operations 5.6.1 Perform Daylight Savings Time management activities x 5.6.2 Notify Client help desk of issues found that affect service x 5.6.3 Set up and review purges and operations jobs x 5.6.4 Run/review Licensed Software operations x 5.6.5 Add/remove op erations jobs x 5.6tj Monitor operations for successful completion x Restart production jobs as required x F. Interface Management. Interfaces include both medical device interfaces ('MDI") and foreign system interfaces ("FSI") that reside on the System. Each party agrees to perform their respective Interface Management responsibilities,as set forth in Table 6 below. No. Table6: Netsmart Client Interface Managein ent Responsibility Description NPDC 6.1 Monitoring 6.1.1 Monitor N etsmart outbound interface queue counts and over-threshold x alarms 6.1.2 Monitor and cycle inbound interfaces as required to establish x connections or start transact ons sending 6.13 Monitor Netsmart inbound cycle times over-threshold alarms x 6.2 Management 6.2.1 NotifV Client help desk of issues found that affect service x 6.2.2 Notify Netsmart Hosting Support when cycling interfaceNPN's or of x known up s/downs 6.2.3 Reviews stem access locis x 6.2.5 Review error logs I X 6.2.6 Notify Netsmarts Hosting Support of issues found that affect service X G. Administration. Each party agrees to perform their respective administrations responsibilities,as set forth in Table 7 below. 1. Change Management. Netsmart and Client will follow a formal process for changes that could affect the hosted System. Netsmart will provide a copy of the change management procedure to Client. This process(i)ensures that changes occur in a controlled environment so that all parties understand the potential impact of an impending change, and (ii) identifies potentially affected systems and processes prior to implementation of the change(s). Client must authorize all changes that affect production domains as specified in the standard change management procedure. Client agrees to cooperate with Netsmart in connection with providing reasonable and appropriate maintenance windows and participating in the testing as reasonably required. 2. Problem Management. Problem management is the identification,assessment of impact,reporting, tracking, escalation, notification, and resolution of problems that occur in the NPDC. Client is responsible for maintaining a staffed help deskthatwill provide the first line of support for users and data coordination calls. This line of support must be able to distinguish application issues versus connectivity or infrastructure issues. In addition,the use of"superusers" at Client site should be maintainedto address applicati on-specific issues. 3. Audit. Upon written notice from Client to Netsmart's VP of Hosting'Systems Engineering,Netsmart will permit access to the NPDC and processing environment for Client's auditors and/or an independent third party retained by Client. Client will provide Netsmart's VP of Hosting/Systems Engineering an audit agenda two (2)weeks prior to audit date. Any such audit conducted by Client auditors and/or an independent third party auditor retained by Client shall be limited to one(1)audit per calendar year. Netsmart shall provide reasonable support and assistance during any such audit(s) to include preparation, pre-audit events and 1 business day of physical NPDC access. Netsmart will conduct a periodic independent audit(internal or third party) of the NPDC operating environment in accordance with applicable standards. Questions regarding NPDC audits should be directed to Netsmart's VP of Hosting/Systems Engineering. No. TOW: Netsmart Client Administration ResponsibillitV Description NPDC 7.1 Change Management 7.1.1 Provide and maintain an automated change management system for x the centralized reporting and tracking of changes made by Netsmart personnel 7.1.2 Provide a week) Avatar patching maintenance window X 7.1.3 Allow for a monthly global maintenance window X 7.1.4 Notify Netsmart of planned outages on Client side X 7.1.5 Designate at least two individuals responsible for signing change fuim s X 7.1.6 Notify Netsmart of changes to Client environment X 7.1.7 Certify ALL changes prior to moving them to production X 7.1.8 Test application enhancements,fixes, and upgrades and assure the x integrity of the resulting data 7.1.9 Provide sufficient advance notice (6 months)to Netsmart of material x changes to Client growth(e.g.,order volumes,users) 7.2 Problem Management 7.2.1 Provide and maintain a method for proper escalation of problems within x Netsmart hosting mana ement 7.2.2 Log all incidents and problems in accordance with documented X processes. 7.2).3 Maintain ownership of all problems related to Netsmart services through x closure or until agreement that the problem is not within Netsmart's scope of responsibility 7.2.4 Provide appropriate contact numbers or other information necessaryto x communicate with key NPDC support staff Perform post-mortem reviews on problemsthat affect servi ce level 7.2.5 standards, including root cause analysis if possible x 7.2.6 Notify Netsmarts hosting support desk of issues found that affect x service 7.2.7 Staff o perations 24 x 7 x 7.2.8 Provide on-call technical staff 24 x 7 x 7.2.9 Ensure proper notification and escalation in accordance with standard x operating procedures 7.2.10 Maintain Client help desk to provide first line of support for Users x 7.2.11 Identify applications issues versus connectivity issues x 7.2.12 Provide and maintain a method for proper escalation of problems within x Client's management 7.2.13 Assign IT Coordinator for primary contact by N etsmart technology x group as per Netsmart standard escalation procedures 7.3 Service Management 7.3.1 Provides stem availability reporting x 7.3.2 Create incident reports for outages x 7.3.3 Maintain i rive nto ry of installed products x 7.3A Provide statistics and management reports to Client on a regular basis x as detailed in the procedures manual 7: 5 Provide Clientwith detailed reporting and statistics on reported x problems Addendum Schedule F (b) Contractor Professional Services, Third Party Products, and Annual Charges All charges and Payment Terms are governed under "Schedule A- Charges and Payment Terms for Committed Funds" of the Agreement. Addendum Schedule F (c) SERVICE LEVEL AGREEMENT For Hosting Account Services 1. Coverage Definitions This Hosting Availability Service Level Agreement(SLA)applies to you("County")if you have contracted for any of the following web-based services from Contractor: Avatar,TIER,Insight,or Cache hosting, e-mail hosting,or web hosting. This Section sets forth the System Availability commitments for Hosting Services. If monthly System Availability (as defined below) falls below 99.0%, Contractor will provide a credit against the County's next monthly Hosting Fees to account for the downtime. The appropriate credit percentage (%)will be determined based on the following table. System U time% Credit% >=98.0%and< 98.9% 5% 97.0 to 97.9% 10% 95.0 to 96.9% 15% <94.9 or below 25% 2. System Availability Calculation a. Contractor will calculate System Availability as set forth below for each month during the Term of this Contractor Contract Addendum. b. System Availability will be calculated as follows(and will be rounded to up to the next one tenth of a percentage point): System Availability= [(Base Time—Unscheduled Downtime)/(Base Time)] x 100 "Base Time"equals the product of the number of days in the applicable month times 24 hours times 60 minutes. "Unscheduled Downtime"equals the time(in minutes)during which the Production System is not operational(excluding"Scheduled Downtime")from Contractor's Hosting facility internet connection based on the measuring methodology documented below. "Scheduled Downtime"equals the aggregate total of all minutes of planned and scheduled maintenance performed during the month to perform any necessary hardware,operating system, network,database,application software maintenance,repair,upgrades,and updates. Contractor will work with County to determine and use commercially reasonable efforts to Schedule Downtime after regular business hours, during times that minimize the disruption to operations. The amount of scheduled downtime may vary from month to month depending on the level of change to the system such as the project implementation phase, adding new products,upgrading products,etc. c. County is permitted to audit the Unscheduled Downtime based on the methodology established below. Contractor agrees to cooperate with County in connection with any audit of the Unscheduled Downtime. This audit must take place within 30 days of the month end. d. Contractor recommends that County implement,on a timely basis,the Service Packages that will be provided to County by Contractor on a periodic basis. Contractor will advise County on Service Packages that may enhance performance and availability and will advise County of the advantages of implementing the Service Packages as well as the implication of electing not to implement the Service Packages. Contractor will perform the technical requirements needed for County to use the Service Packages that County elects to implement, at no additional charge and as part of the Hosting Fees. County and Contractor will work together to establish a mutually agreeable implementation schedule for the Service Packages. Upon notice to County that the System's performance and availability will be adversely affected if County elects not to implement a Service Package,County will waive any credits set forth above,until such time as County performs its obligations as necessary to implement the required Service Packages. e. County must allow Contractor to implement the latest Contractor supported layered software version (i.e. OS,DBMS,etc.)and patches within six(6)months of the general support announcement from Contractor. Contractor will advise County regarding the layered software enhancements as well as the implications of electing not to implement the layered software enhancements. Contractor will perform the technical requirements needed for County to use the layered software enhancements that County elects to implement as part of the Hosting Service fees. County and Contractor will work together to establish an implementation schedule for the layered software enhancements. If Contractor provides notice to County that the System's performance and availability will be adversely affected if County elects not to implement the layered software enhancements, County waives its right to any credits set forth above until County implements the required layered software enhancements. f. If County is operating beyond the Scope of Use limits,County waives its right to any credits set forth above until County is in compliance with Scope of Use. g. The System will be considered in a System Stabilization Period during the seventy-two(72)hour window following the First Productive Use and following a Major System Change. During a System Stabilization Period, changes to the System may be required to achieve optimal performance and Unscheduled Downtime or Scheduled Downtime minutes do not apply. 3. Exceptions County shall not receive any credits under this SLA in connection with any failure or deficiency of Hosting Availability caused or associated with: a. Circumstances beyond Contractor's reasonable control,including,without limitation,acts of any governmental body,war,insurrection, sabotage,armed conflict,embargo,fire, flood,strike or other labor disturbance,interruption of or delay in transportation,unavailability of or interruption or delay in telecommunications or third party services,virus attacks or hackers,failure of third party software (including,without limitation,web server software,FTP Servers,or statistics)or inability to obtain supplies,or power used in or equipment needed for provision of services; b. Failure of access circuits to the Contractor Network,unless such failure is caused solely by Contractor; c. Scheduled maintenance, scheduled backups, scheduled restores and emergency maintenance and upgrades; d. Issues with FTP,POP,or SMTP County access; e. County's acts or omissions(or acts or omissions of others engaged or authorized by County), including,without limitation,custom scripting or coding(e.g.,CGI,Perl,Java,HTML,ASP,etc), any negligence,willful misconduct,or misuse of the Services; f. E-mail or webmail delivery and transmission; g. Outages elsewhere on the Internet that hinder access to your account.Contractor is not responsible for browser or DNS caching that may make your site appear inaccessible when others can still access it. Contractor will guarantee only those areas considered under the control of Contractor: Contractor server links to the Internet,Contractor's routers, and Contractor's servers. h. Use of a VPN or similar connection which is not exclusively within Contractor's control at both ends of such connection,and where the problem occurs in the part of the VPN which is not under Contractor's control. 4. Scheduled Maintenance Contractor reserves the right to establish a monthly maintenance window for the purpose of upgrading, patching,modifying,and repairing portions or the entire ASP/Hosting environment. The monthly window is generally scheduled on the 3rd Sunday of the month,from 2:OOAM—5:30AM EST. 5. Credit Request and Payment Procedures In order to receive a credit,County must submit a request for credit to Contractor Technologies,Inc. Accounting at AR(&ntst.com,within ten(10)business days after the incident supporting the request. Each request must include County's account number(per Contractor's invoice)and the dates and times of the unavailability of the services. If the unavailability is confirmed by Contractor as an incident eligible for credit,credits will be applied within two billing cycles after Contractor's receipt of County's request. Credits are not refundable and can be used only towards future billing charges. Notwithstanding anything to the contrary herein,the total amount credited to County in a particular month under this SLA cannot exceed the total hosting fee paid by County for the month in which Services were impacted. Credits are exclusive of any applicable taxes charged to County or collected by Contractor and are County's sole and exclusive remedy with respect to any failure or deficiency in level of services described in this SLA if County applied for and received a credit. Nothing in this SLA precludes County from pursuing an alternate contract remedy for any future incident that may occur. Schedule G Netsmart Subscription Products Addendum 1. Introduction. This Addendum is a supplement to the terms of the License and Services Agreement dated July 1,2022 ("Effective Date")by and between Netsmart Technologies,Inc. ("Contractor"),and the County of Fresno, a political subdivision of the State of California,hereinafter referred to as ("County"), which will be referred to in this Addendum as the"Agreement". The terms and conditions of this Addendum will apply to Subscription Products and Services identified in Section 2 by check mark. All references to Schedules in this Addendum refer to the Schedules of this Addendum. 2. Subscription Products and Services Descriptions. Subscription Products and Services will include all generic versions,corrections,enhancements and improvements developed by Contractor during the Term of this Addendum: ® OrderConnect ❑ Not Included The OrderConnect suite is an e-Prescribing and medication management product. The full version of this product has the ability to exchange web-based pharmaceutical information,prescriptions,medication orders,disease specific information,laboratory orders,and radiology/imaging and results with defined allied healthcare partners. ® CareConnect ❑ Not Included A software service that enables clinical data to be shared between providers and other entities such as RHIOs Regional Health Information Organizations("RHIOs"),Health Information Exchanges("HIEs"), State agencies for public health organizations for immunizations,reportable labs and syndromic surveillance data in support of national standards related to continuity of care,and Contractor County to County referrals to support transitions of care with direct messaging capabilities. ❑ Care Guidance/Clinical Quality Metrics ®Not Included Contractor's Clinical Decision Support and Quality Measures ensure County's utilizing a Netsmart CareRecord have the means necessary to meet all Meaningful Use stage 2 requirements for metric reporting and care guidance functionality. The Care Guidance rules are based upon national quality forums clinical quality measures,thus assuring clinician awareness and organizational improvement towards meeting quality outcomes measures. As data is aggregated on the Clinical Quality Metrics ("CQM")Contractor will benchmark your organization's performance on all required CQM. ® myHealthPointe Portal ❑ Not Included A Consumer web portal that enables Care Providers to proactively involve Consumers in their care.Using the portal, Consumers can schedule appointments,view current medications, and communicate with their Care Providers. ❑ ProviderConnect ® Not Included A software product that supports data exchange between the Contractor host system and outside providers of care. 3. Supplemental Definitions Any capitalized term not defined below but used in this Addendum will have the meaning given to that term in the Agreement. "Agent"means any person who is authorized under applicable law and regulations to transmit or relay prescription authorization information between a Prescriber and a pharmacy. An Agent is typically a nurse who is authorized by a physician to communicate with a pharmacy or laboratory on behalf of a Prescriber. "Anniversary Date"means the annual calendar anniversary of the Effective Date. "Care Provider"means an organization that provides medical or health services and any other person or organization that furnishes,bills,or is paid for health care in the normal course of business including a hospital,critical access hospital, skilled nursing facility,or comprehensive outpatient rehabilitation facility. "Charges"means the amounts to be paid by County for the right to use the Subscription Products and Services and for hardware or other Third Party Products acquired by County under the terms of this Addendum. The Charges and payment schedule are set forth in"Schedule A—Charges and Payment Terms"of the Agreement and referenced again in Schedule 3(a)of this addendum. "Consumer"means an individual who is receiving services from a Care Provider,and who has the right to access specific portions of their electronic health record and the ability to exchange messages with their Care Provider through a Subscription Services Product. "Drug Information Data"or"DID"means context-relevant drug database products licensed from one of the following publishers: Cerner Multum,Inc. ("VantageRx"),First DataBank Evaluations of Drug Interactions ("EDI")or Thompson Reuters,Inc. ("U1tiMedex")that provides drug and allergy interaction and dosage information(collectively,"DID Publishers"). "Non-Prescribing User"means any person who is granted limited access to OrderConnect for the purpose of editing information that is not required to be entered or modified by a Prescriber or Agent under applicable law and regulations. A Non-Prescribing User typically generates reports without modification of the information in the reports,and can update basic demographic information, "Patient Data"or"Consumer Data"means names,addresses, social security numbers,medical records and any other information concerning or relating to Consumers which is deemed to be protected health information under the rules and regulations of the Health Insurance Portability and Accountability Act of 1996("HIPAA").Deidentified Data(as such term is defined by HIPAA) shall not be considered to be Patient Data. "Prescriber"means any person who possesses a DEA number and who is authorized by law to write prescriptions. "Service Level Agreement"means the minimum performance criteria that Contractor will meet while delivering the Subscription Service and the remedial action if performance falls below the target criteria as provided in Schedule 3(b). "User"means an individual or entity,other than a Consumer,that has been granted access with a user ID and password to a Subscription Product or Service by the County. 4. License Terms and Conditions A. The Subscription Products and Services are specifically included within the grant of license and term of license as"Licensed Programs"under the Agreement. B. County grants to Contractor a non-exclusive,non-transferable license(the"Usage License")to use all Patient Data for the sole purpose of operating the Subscription Products and Services for the benefit of County and its clients and for maintaining the Subscription Products and Services(for example,creating backups of the Patient Data or moving it between servers) so long as Contractor has a bona fide need to do so subject to and for the sole purpose required by this Addendum and the Agreement. The Usage License does not confer on Contractor any right to share Patient Data with third parties other than Contractor employees or consultants who are bound by agreements that contain confidentiality provisions equivalent to those contained in the Agreement. The foregoing restriction on Contractor's use of Patient Data does not prohibit Contractor from making use of Deidentified Data as described and permitted under HIPAA, but any use of Deidentified Data requires County's prior written approval. 5. Term and Termination A. Contractor will make the Subscription Products and Services available and Charges will apply in accordance with Sections 6 and 15,and Schedule A of the Agreement. B. In the event that County discontinues using the Subscription Products and Services for any reason,County shall be entitled to the return of all data entered into the Subscription Product. In the event Contractor ceases doing business,County shall also be entitled to the return of all data entered into the Subscription Product. In the event data is returned to County,it will be provided in comma delimited file format or another format mutually agreed to by both parties. C. Either party may terminate this Addendum in the event the other is in material breach of the terms of this Addendum,or as permitted under the Agreement. 6. Charges and Payment Terms County shall pay Contractor for the Subscription Products and Services as provided in Schedule A to this Agreement. 7. County Obligations In addition to the obligations under the Agreement County agrees: A. That it has no ownership rights in data or information in the DID services or content. B. To restrict use of Drug Information Data to licensed healthcare professional directly connected with the County,either as an employee or an authorized affiliate. Such use shall be made only under the supervision of, and reliance upon,the clinical discretion and judgment of a licensed physician.As between the County and the publisher of the Drug Information Data,County assumes full responsibility for ensuring the appropriateness of using and relying upon the information supplied by the Drug Information Data publisher,in view of all attendant circumstances, indications and contraindications.Except as provided above, it will not otherwise make the DID content available to any person,or entity including the government,whether affiliated or not,except as required by subpoena or other legal process and after notice to the owner of the content. C. To maintain accurate and up to date Patient Data in all systems covered by the Agreement. D. To provide support to its Users and Consumers related to their use of the Subscription Products and Services. E. To notify Contractor in the event County becomes aware of or suspects misuse,unauthorized access,data corruption or any other threat to the security of the Subscription Products system and related data or if County receives a subpoena or other legal process requiring disclosure of Contractor confidential information or DID content. F. For myHealthPointe Portal,to adhere to the terms and conditions or at a minimum,terms that are the same as or equivalent to the terms stated in Schedule 3(c). 8. Contractor Obligations In addition to the obligations of the Agreement,Contractor will be responsible for: A. Establishing SSL connectivity between the Consumer's computing device and the Care Provider's firewall; B. Meeting the service levels as stated in Schedule 3(b); C. Keeping Patient Data confidential in accordance with the terms of the Agreement. 9. Limitation on Cumulative Liability EXCEPT FOR THE PARTIES' RESPECTIVE EXPRESS INDEMNITY OBLIGATIONS IN THE AGREEMENT(INCLUDING IN SECTION 9(INDEMNIFICATION)), IN SCHEDULE H AND SCHEDULE I, THE CUMULATIVE LIABILITY OF CONTRACTOR TO COUNTY FOR ANY ACTUAL OR ALLEGED DAMAGES ARISING OUT OF,BASED ON OR RELATING TO THE SUBSCRIPTION PRODUCTS AND SERVICES COVERED BY THIS ADDENDUM,WHETHER BASED UPON BREACH OF CONTRACT,TORT(INCLUDING NEGLIGENCE),WARRANTY OR ANY OTHER LEGAL THEORY,WILL NOT EXCEED THE AMOUNT OF THE CHARGES PAID TO CONTRACTOR UNDER SCHEDULE A FOR THE PRIOR TWELVE(12)MONTHS. 10. List of Schedules Schedule A Charges and Payment Terms Schedule G(b) Service Level Agreement Schedule G(c) Supplier pass-through terms for myHealthPointe Portal Addendum Schedule G(a) Netsmart Subscription Charges and Payment Terms All Charges and Payment Terms are governed under "Charges and Payment Terms for Committed Funds" of the Agreement. NTST Avatar Plexus License Agreement Page 37 of 43 September 2014 vl Signed Schedule G (b) Service Level Agreement 1. Coverage and Definitions This Service Level Agreement(SLA)applies to you("County"or"County")if you have contracted for any of the Subscription Products and Services identified in Schedule G above. This Section sets forth the System Availability commitments for this Addendum. If monthly System Availability(as defined below)falls below 99.0%,Contractor will provide a credit against the County's next monthly Fees(under this Addendum)to account for the downtime. The appropriate credit percentage(%)will be determined based on the following table. System U time% Credit% >=98.0%and<99.0% 5% 97.0 to 97.9% 10% 95.0 to 96.9% 15% <94.9 or below 25% 2. System Availability Calculation a. Contractor will calculate System Availability as set forth below for each month during the Term of this Contractor Agreement. b. System Availability will be calculated as follows(and will be rounded to up to the next one tenth of a percentage point): System Availability= [(Base Time—Unscheduled Downtime)/(Base Time)] x 100 "Base Time"equals the product of the number of days in the applicable month times 24 hours times 60 minutes. "Unscheduled Downtime"equals the time(in minutes)during which the Production System is not operational(excluding"Scheduled Downtime")from Contractor's Hosting facility internet connection based on the measuring methodology documented below. "Scheduled Downtime"equals the aggregate total of all minutes of planned and scheduled maintenance performed during the month to perform any necessary hardware,operating system, network,database,application software maintenance,repair,upgrades,and updates. Contractor will work with County to determine and use commercially reasonable efforts to Schedule Downtime after regular business hours,during times that minimize the disruption to operations. The amount of scheduled downtime may vary from month to month depending on the level of change to the system such as the project implementation phase,adding new products,upgrading products,etc. c. County is permitted to audit the Unscheduled Downtime based on the methodology established below. Contractor agrees to cooperate with County in connection with any audit of the Unscheduled Downtime. This audit must take place within 30 days of the month end. d. Contractor recommends that County implement,on a timely basis,the Service Packages that will be provided to County by Contractor on a periodic basis. Contractor will advise County on Service Packages that may enhance performance and availability and will advise County of the advantages of implementing the Service Packages as well as the implication of electing not to implement the Service Packages. Contractor will perform the technical requirements needed for County to use the Service Packages that County elects to implement, at no additional charge and as part of the fees under this Addendum. County and Contractor will work together to establish a mutually agreeable implementation schedule for the Service Packages. Upon notice to County that the System's performance and availability will be adversely affected if County elects not to implement a Service Package,County will waive any credits set forth above,until such time as County performs its obligations as necessary to implement the required Service Packages. e. County must allow Contractor to implement the latest Contractor supported layered software version (i.e. OS,DBMS,etc.)and patches within six(6)months of the general support announcement from Contractor. Contractor will advise County regarding the layered software enhancements as well as the implications of electing not to implement the layered software enhancements. Contractor will perform the technical requirements needed for County to use the layered software enhancements that County elects to implement as part of the fees under this Addendum. County and Contractor will work together to establish an implementation schedule for the layered software enhancements. If Contractor provides notice to County that the System's performance and availability will be adversely affected if County elects not to implement the layered software enhancements,County waives its right to any credits set forth above until County implements the required layered software enhancements. f. If County is operating beyond the Scope of Use limits,County waives its right to any credits set forth above until County is in compliance with Scope of Use. g. The System will be considered in a System Stabilization Period during the seventy-two(72)hour window following the First Productive Use and following a Major System Change. During a System Stabilization Period, changes to the System may be required to achieve optimal performance and Unscheduled Downtime or Scheduled Downtime minutes do not apply. 3. Exceptions County shall not receive any credits under this SLA in connection with any failure or deficiency of Hosting Availability caused or associated with: a. Circumstances beyond Contractor's reasonable control,including,without limitation,acts of any governmental body,war,insurrection,sabotage,armed conflict, embargo,fire,flood, strike or other labor disturbance,interruption of or delay in transportation,unavailability of or interruption or delay in telecommunications or third party services,virus attacks or hackers,failure of third party software (including,without limitation,web server software,FTP Servers,or statistics)or inability to obtain supplies,or power used in or equipment needed for provision of services; b. Failure of access circuits to the Contractor Network,unless such failure is caused solely by Contractor; c. Scheduled maintenance,scheduled backups, scheduled restores and emergency maintenance and upgrades; d. Issues with FTP,POP,or SMTP County access; e. County's acts or omissions(or acts or omissions of others engaged or authorized by County), including,without limitation,custom scripting or coding(e.g.,CGI,Perl,Java,HTML,ASP,etc),any negligence,willful misconduct, or misuse of the Services; £ E-mail or webmail delivery and transmission; g. Outages elsewhere on the Internet that hinder access to your account.Contractor is not responsible for browser or DNS caching that may make your site appear inaccessible when others can still access it. Contractor will guarantee only those areas considered under the control of Contractor: Contractor server links to the Internet,Contractor's routers,and Contractor's servers. h. Use of a VPN or similar connection which is not exclusively within Contractor's control at both ends of such connection,and where the problem occurs in the part of the VPN which is not under Contractor's control. 4. Scheduled Maintenance Contractor reserves the right to establish a monthly maintenance window for the purpose of upgrading, patching,modifying,and repairing portions or the entire ASP/Hosting environment. The monthly window is generally scheduled on the 3rd Sunday of the month,from 2:OOAM—5:OOAM EST. 5. Credit Request and Payment Procedures In order to receive a credit,County must submit a request for credit to Contractor Accounting at: AR(&ntst.com,within ten(10)business days after the incident supporting the request.Each request must include County's account number(per Contractor's invoice)and the dates and times of the unavailability of the services.If the unavailability is confirmed by Contractor as an incident eligible for credit,credits will be applied within two billing cycles after Contractor's receipt of County's request. Credits are not refundable and can be used only towards future billing charges. Notwithstanding anything to the contrary herein,the total amount credited to County in a particular month under this SLA cannot exceed the total hosting fee paid by County for the month in which Services were impacted. Credits are exclusive of any applicable taxes charged to County or collected by Contractor and are County's sole and exclusive remedy with respect to any failure or deficiency in level of services described in this SLA if County applied for and received a credit.Nothing in this SLA precludes County from pursuing an alternate contract remedy for any future incident that may occur. Schedule G (c)- myHealthPointe Portal Supplier Terms and Conditions This Schedule states the terms and conditions of the Supplier(the"Terms")that shall further govern the access and use of the myHealthPointe Portal("Portal")made available by Netsmart Technologies Inc. Capitalized terms not otherwise defined in this Schedule shall have the same meaning as in the Agreement(as defined below). ARTICLE I—DEFINITIONS "Documentation"means those materials provided to County that describe the function and use of the Portal, including without limitation the online user guide for the Portal,as updated from time to time. "InteliChart"or"Supplier'means InteliChart,LLC,a North Carolina limited liability company. "Agreement"means the Agreement between Contractor and County,including all schedules, exhibits, and addenda thereto,pursuant to which County is purchasing subscriptions to access and use the Portal and to which this Schedule 3(c)is attached. "Order Form"means a Contractor order form submitted by County in order to(i)purchase additional User subscriptions to the Portal,and/or(iii)purchase Services from Contractor. Each Order Form shall be in a form acceptable to Contractor and shall not be deemed effective unless accepted in writing by Contractor in its sole discretion. The terms of each such Order Form are hereby incorporated by reference. ARTICLE II-SUBSCRIPTION AND SERVICES (a) Subscription Purchases. During the Initial Term of the Agreement Contractor shall make the Portal available to the County pursuant to,and in accordance with,the Terms,the Agreement and each of the applicable exhibits,schedule(s)and/or Order Forms thereto. County agrees that its subscriptions hereunder are neither contingent on the delivery of any future functionality or features in the Portal nor dependent on any oral or written public comments made by Contractor regarding future functionality or features in the Portal. For avoidance of doubt,County acknowledges and agrees that its right to access and use the Portal is subscription-based and is not being provided pursuant any perpetual license grant included within the Agreement;provided,however,that the restrictions and limitations imposed on the Licensed Programs included in the Agreement shall apply to your access and use of the Portal. (b) User Subscriptions. Unless otherwise specified in an applicable Order Form, (i)the Portal shall be purchased as User subscriptions and may be accessed by no more than the number of Users purchased by County from Contractor,(ii)additional User subscriptions for the Portal may be purchased during the term of the Agreement by submitting an Order Form,and(iii)the additional User subscriptions for the Portal shall terminate on the same dates as the then-existing subscriptions for the Portal. User subscriptions are for designated Users and cannot be shared or used by more than one User but may be reassigned to new Users replacing former Users who no longer require ongoing use of the Portal. (c) Reservation of Rights. Subject to the limited rights expressly granted hereunder,Contractor reserve all rights,title and interest in and to the Portal,including all related intellectual property rights. No rights are granted to County hereunder other than as expressly set forth herein. (d) County Responsibilities. County shall(i)be responsible for its User's compliance with the Agreement, (ii) be solely responsible for the accuracy,quality,integrity and legality of the Patient Data and of the means by which County acquired the Patient Data,(iii)use commercially reasonable efforts to prevent unauthorized access to or use of the Portal,and notify Contractor promptly of any such unauthorized access or use,(iv)use the Portal only in accordance with the Documentation and all applicable federal and state laws and regulations,(v)not make the Portal available to anyone other than its Users,its administrative personnel and County's patients,provided that in each such instance that County shall ensure that such individual(A)shall use the Portal only in accordance with the Documentation and all applicable federal and state laws and regulations and(B)shall not access and/or use the Portal in order to build a competitive product or service,copy any features, functions or graphics of the Portal,or monitor the availability and/or functionality of the Portal for any benchmarking or competitive purposes,(vi)not sell,resell,rent or lease the Portal, (vii)not modify,alter,revise,decompile,disassemble,reverse engineer,create derivative works or attempt to derive the source code of the Portal, (viii)not use the Portal to store or transmit infringing,libelous,or otherwise unlawful or tortious material,or to store or transmit material in violation of third-party privacy rights, (ix)not store or transmit any material containing software viruses,worms,time bombs,Trojan horses or other harmful or malicious code, files, scripts, agents or programs,(x)not interfere with or disrupt the integrity or performance of the Portal,(xi)not attempt to gain unauthorized access to the Portal or their related systems or networks,or(xii)not access the Portal in order to build a competitive product or service, copy any features,functions or graphics of the Portal or monitor the availability and/or functionality of the Portal for any benchmarking or competitive purposes. Article III-WARRANTIES AND INDEMNIFICATION (a) The Portal. Contractor represents that the Portal will substantially conform in all material respects with the requirements of this Agreement and their Specifications. If a Problem or Defect occurs while County is receiving Support Services,Contractor will correct the Problem or Defect in accordance with the Support Services provisions set forth in Schedule E. (b) Infringement. Contractor further represents and warrants that it has the right to grant the licenses granted to County hereunder and in connection with the Portal and that to the best of Contractor's knowledge the Portal does not infringe upon or violate the United States patent rights of any third party and do not infringe upon or violate the copyright, or trade secret right of any third party. (c) Viruses and Disabling Mechanisms. Contractor shall use commercially reasonable measures to screen the Portal to avoid introducing any virus or other destructive programming that are designed(1)to permit unauthorized access or use by third parties to the software installed on County's systems,or(ii)to disable or damage County's systems. Contractor shall not insert into the Portal any code or other device that would have the effect of disabling or otherwise shutting down all or any portion of the Portal. Contractor shall not invoke such code or other device at any time,including upon expiration or termination of this Agreement for any reason. (d) Disclaimer. EXCEPT AS EXPRESSLY PROVIDED IN THE AGREEMENT AND IN THIS SECTION, NEITHER PARTY MAKES ANY WARRANTIES OF ANY KIND,WHETHER EXPRESS,IMPLIED, STATUTORY OR OTHERWISE,AND EACH PARTY SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES,INCLUDING ANY WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE,TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW.Contractor Breach. County acknowledges and agrees that should Contractor discontinue its provision of services under this Schedule of the Agreement,or materially breach its reseller agreement with InteliChart,then County,in its discretion,may negotiate directly with InteliChart to obtain subscriptions/licenses and/or services previously provided by or through Contractor. (e) Indemnity by Contractor Intellectual Property Infringement. In the event of any claim by a third party against County(the"Claim"),alleging that the use of the Portal infringes upon any intellectual property rights of such third party,County will promptly notify Contractor and Contractor will defend County and its officers, agents, and employees against such Claim in County's name but at Contractor's expense,and will indemnify and hold harmless County against any liability paid by County,including but not limited to attorneys'fees and disbursements,arising out of such Claim.In the event such an infringement is found and Contractor cannot either procure the right to continued use of the Portal,or,within forty-five(45)days of notice of the Claim(unless such period is extended by County),replace or modify the Portal with a non- infringing program of comparable quality and functionality,then Contractor shall discontinue its provision of services and refund to County all fees, including subscriptions or licenses and professional service fees, paid by County,reduced by 1/36th or each full month from the date of first use of the Portal,until the date of termination. (f) LIMITATION OFLIABILITY. COUNTY ACKNOWLEDGES AND AGREES EXCEPT FOR BREACH OF SECTION 16(COUNTY CONFIDENTIALITY), SCHEDULE H(CONFIDENTIALITY OF PATIENT INFORMATION),AND SCHEDULE I(BUSINESS ASSOCIATE AGREEMENT), INSURED CLAIMS,AND THE PARTIES' RESPECTIVE EXPRESS INDEMNITY OBLIGATIONS IN THIS AGREEMENT(INCLUDING IN SECTION 9(INDEMNIFICATION)),THAT IN NO EVENT SHALL INTELICHART HAVE ANY LIABILITY TO COUNTY,WHETHER BASED ON CONTRACT,TORT,NEGLIGENCE, STRICT LIABILITY,PRODUCTS LIABILITY OR OTHERWISE. COUNTY AGREES THAT THE PORTAL IS A DOCUMENTATION TOOL ONLY, AND THAT THE PORTAL IS NOT INTENDED TO PROVIDE DIAGNOSES,PRACTICE GUIDELINES,ADVICE,OR PROTOCOLS FOR DELIVERING MEDICAL CARE. COUNTY FURTHER AGREES THAT NOTHING IN THE PORTAL OR ANYTHING ELSE PROVIDED PURSUANT TO THE AGREEMENT CONSTITUTES OR IS INTENDED TO BE MEDICAL ADVICE OR A SUBSTITUTE FOR MEDICAL KNOWLEDGE OR JUDGMENT. COUNTY FURTHER AGREES IT SHALL BE SOLELY RESPONSIBLE TO ENSURE THAT THE DOCUMENTATION OF MEDICAL CARE PROVIDED BY IT,ITS AFFILIATES OR THEIR RESPECTIVE EMPLOYEES, AGENTS,THIRD PARTY CONTRACTORS,AND SUPPLIERS IS ACCURATE AND THAT ALL BILLING INFORMATION DELIVERED BY COUNTY TO ANY INSURANCE COMPANY, GOVERNMENTAL AGENCY,OR OTHER PAYOR SHALL BE ACCURATE AND COMPLETE. NEITHER NETSMART NOR ITS VENDORS SHALL HAVE ANY RESPONSIBILITY AS A RESULT OF THE AGREEMENT FOR DECISIONS MADE OR ACTIONS TAKEN OR NOT TAKEN IN RENDERING MEDICAL CARE OR FOR INFORMATION PROVIDED TO ANY INSURANCE COMPANY,GOVERNMENTAL AGENCY,OR OTHER PAYOR. ARTICLE IV-MISCELLANEOUS (a) Assignment. County shall have no right to transfer, assign or sublicense any of its rights, interests or obligations with respect to the Portal to any third party and any attempt to do so shall be null and void.(b) Except as expressly set forth in this Schedule,the relationship between Contractor and County will be governed by the provisions of the Agreement. Exhibit A Page 1 of 2 DISCLOSURE OF OWNERSHIP AND CONTROL INTEREST STATEMENT I. Identifying Information Name of entity D/B/A Address(number,street) City State ZIP code CLIA number Taxpayer ID number(EIN) /Telephone number ) II. Answer the following questions by checking "Yes" or "No." If any of the questions are answered "Yes," list names and addresses of individuals or corporations under"Remarks"on page 2. Identify each item number to be continued. YES NO A. Are there any individuals or organizations having a direct or indirect ownership or control interest of five percent or more in the institution, organizations, or agency that have been convicted of a criminal offense related to the involvement of such persons or organizations in any of the programs established by Titles XVIII, XIX, or XX? ......................................................................................................................... o rR B. Are there any directors, officers, agents, or managing employees of the institution, agency, or organization who have ever been convicted of a criminal offense related to their involvement in such programs established by Titles XVI ll, XIX, or XX?...................................................................................... o �R C. Are there any individuals currently employed by the institution, agency, or organization in a managerial, accounting, auditing, or similar capacity who were employed by the institution's, organization's, or agency's fiscal intermediary or carrier within the previous 12 months? (Title XVIII providers only)........... 0 4t III. A. List names, addresses for individuals, or the EIN for organizations having direct or indirect ownership or a controlling interest in the entity. (See instructions for definition of ownership and controlling interest.) List any additional names and addresses under "Remarks" on page 2. If more than one individual is reported and any of these persons are related to each other, this must be reported under"Remarks." NAME ADDRESS EIN B. Type of entity: o Sole proprietorship o Partnership 5t Corporation o Unincorporated Associations n Other(specify) C. If the disclosing entity is a corporation, list names, addresses of the directors, and EINs for corporations under"Remarks." D. Are any owners of the disclosing entity also owners of other Medicare/Medicaid facilities? (Example: sole proprietor, partnership, or members of Board of Directors) If yes, list names, addresses of individuals, and provider numbers........................................................................................................... o rX NAME ADDRESS PROVIDER NUMBER Exhibit A Page 2 of 2 YES NO IV. A. Has there been a change in ownership or control within the last year? ....................................................... o rA If yes, give date. B. Do you anticipate any change of ownership or control within the year?....................................................... o rX If yes, when? C. Do you anticipate filing for bankruptcy within the year?................................................................................ o 51 If yes, when? V. Is the facility operated by a management company or leased in whole or part by another organization?.......... o a If yes, give date of change in operations. VI. Has there been a change in Administrator, Director of Nursing, or Medical Director within the last year?......... o N VII. A. Is this facility chain affiliated? ...................................................................................................................... o N If yes, list name, address of corporation, and EIN. Name EIN Address(number,name) City State ZIP code B. If the answer to question VII.A. is NO, was the facility ever affiliated with a chain? (If yes, list name, address of corporation, and EIN.) No Name EIN Address(number,name) City State ZIP code Whoever knowingly and willfully makes or causes to be made a false statement or representation of this statement, may be prosecuted under applicable federal or state laws. In addition, knowingly and willfully failing to fully and accurately disclose the information requested may result in denial of a request to participate or where the entity already participates, a termination of its agreement or contract with the agency, as appropriate. Name of authorized representative(typed) Title Joseph McGovern Executive Vice President Signature Date 1 5/23/2022 Remarks Exhibit B Page 1 of 2 CERTIFICATION REGARDING DEBARMENT, SUSPENSION, AND OTHER RESPONSIBILITY MATTERS--PRIMARY COVERED TRANSACTIONS INSTRUCTIONS FOR CERTIFICATION 1. By signing and submitting this proposal, the prospective primary participant is providing the certification set out below. 2. The inability of a person to provide the certification required below will not necessarily result in denial of participation in this covered transaction. The prospective participant shall submit an explanation of why it cannot provide the certification set out below. The certification or explanation will be considered in connection with the department or agency's determination whether to enter into this transaction. However, failure of the prospective primary participant to furnish a certification or an explanation shall disqualify such person from participation in this transaction. 3. The certification in this clause is a material representation of fact upon which reliance was placed when the department or agency determined to enter into this transaction. If it is later determined that the prospective primary participant knowingly rendered an erroneous certification, in addition to other remedies available to the Federal Government, the department or agency may terminate this transaction for cause or default. 4. The prospective primary participant shall provide immediate written notice to the department or agency to which this proposal is submitted if at any time the prospective primary participant learns that its certification was erroneous when submitted or has become erroneous by reason of changed circumstances. 5. The terms covered transaction, debarred, suspended, ineligible, participant, person, primary covered transaction, principal, proposal, and voluntarily excluded, as used in this clause, have the meanings set out in the Definitions and Coverage sections of the rules implementing Executive Order 12549. You may contact the department or agency to which this proposal is being submitted for assistance in obtaining a copy of those regulations. 6. Nothing contained in the foregoing shall be construed to require establishment of a system of records in order to render in good faith the certification required by this clause. The knowledge and information of a participant is not required to exceed that which is normally possessed by a prudent person in the ordinary course of business dealings. Exhibit B Page 2of2 CERTIFICATION (1) The prospective primary participant certifies to the best of its knowledge and belief, that it, its owners, officers, corporate managers and partners: (a) Are not presently debarred, suspended, proposed for debarment, declared ineligible, or voluntarily excluded by any Federal department or agency; (b) Have not within a three-year period preceding this proposal been convicted of or had a civil judgment rendered against them for commission of fraud or a criminal offense in connection with obtaining, attempting to obtain, or performing a public (Federal, State or local) transaction or contract under a public transaction; violation of Federal or State antitrust statutes or commission of embezzlement, theft, forgery, bribery, falsification or destruction of records, making false statements, or receiving stolen property; (c) (d) Have not within a three-year period preceding this application/proposal had one or more public transactions (Federal, State or local) terminated for cause or default. (2) Where the prospective primary participant is unable to certify to any of the statements in this certification, such prospective participant shall attach an explanation to this proposal. Signature: Date: 5/23/2022 Joseph McGovern Netsmart Technologies, Inc. (Printed Name & Title) (Name of Agency or Company) Exhibit C Page 1 of 2 SELF-DEALING TRANSACTION DISCLOSURE FORM In order to conduct business with the County of Fresno (hereinafter referred to as "County"), members of a contractor's board of directors (hereinafter referred to as "County Contractor"), must disclose any self-dealing transactions that they are a party to while providing goods, performing services, or both for the County. A self-dealing transaction is defined below: "A self-dealing transaction means a transaction to which the corporation is a party and in which one or more of its directors has a material financial interest" The definition above will be utilized for purposes of completing this disclosure form. INSTRUCTIONS (1) Enter board member's name,job title (if applicable), and date this disclosure is being made. (2) Enter the board member's company/agency name and address. (3) Describe in detail the nature of the self-dealing transaction that is being disclosed to the County. At a minimum, include a description of the following: a. The name of the agency/company with which the corporation has the transaction; and b. The nature of the material financial interest in the Corporation's transaction that the board member has. (4) Describe in detail why the self-dealing transaction is appropriate based on applicable provisions of the Corporations Code. (5) Form must be signed by the board member that is involved in the self-dealing transaction described in Sections (3) and (4). Exhibit C Page 2 of 2 (1)Company Board Member Information: Name: Date: Job Title: (2)Company/Agency Name and Address: (3)Disclosure(Please describe the nature of the self-dealing transaction you are a party to) (4)Explain why this self-dealing transaction is consistent with the requirements of Corporations Code 5233(a) (5)Authorized Signature Signature: Date: