The URL can be used to link to this page

Home My WebLink AboutAgreement A-19-592 with CDPH.pdfState of California – Health and Human Services Agency – California Department of Public Health CDPH 1229 (5/2019) Page 1 of 3 California HIV Surveillance Program Awarded By THE CALIFORNIA DEPARTMENT OF PUBLIC HEALTH (CDPH), hereinafter “Department” TO County of Fresno, hereinafter “Grantee” Implementing the project, HIV Surveillance, hereinafter “Project” GRANT AGREEMENT NUMBER 19-10415 The Department awards this Grant and the Grantee accepts and agrees to use the Grant funds as follows: AUTHORITY: The Department has authority to grant funds for this project under the California Health and Safety Code (HSC). Legislature authorized in HSC Section 131019 the CDPH, Office of AIDS (OA) as the lead agency within the State responsible for coordinating state programs, services and activities related to Human Immunodeficiency Virus (HIV) and Acquired Immune Deficiency Syndrome (AIDS). HSC 131085 (a) and (b) authorize the Department to enter into grants to perform public health activities. PURPOSE: The Department shall provide a grant to and for the benefit of the Grantee. The Grantee agrees to administer the HIV Surveillance Program (HSP) and to ensure the implementation of HIV surveillance activities. The Grantee will plan, develop, and implement all aspects of HIV surveillance in their jurisdiction. GRANT AMOUNT: The maximum amount payable under this Grant shall not exceed $453,215. TERM OF GRANT AGREEMENT: The term of the Grant shall begin on July 1, 2019, and terminates on June 30, 2024. No funds may be requested or invoiced for services performed or costs incurred after June 30, 2024. PROJECT REPRESENTATIVES: The Project Representatives during the term of this Grant will be: California Department of Public Health County of Fresno Kimberly Ferreira, Assistant Chief 1616 Capitol Avenue, Suite 616, MS 7700 Sacramento, CA, 95814 Telephone: (916) 449-5262 Email: kimberly.ferreira@cdph.ca.gov Joe Prado, Community Health Division Manager 1221 Fulton Street Fresno, CA 93721 Telephone: (559) 600-3007 Email: jprado@fresnocountyca.gov Agreement No. 19-592 State of California – Health and Human Services Agency – California Department of Public Health CDPH 1229 (5/2019) Page 2 of 3 Direct all inquiries to: California Department of Public Health County of Fresno Kimberly Ferreira, Assistant Chief 1616 Capitol Avenue, Suite 616, MS 7700 Sacramento, CA, 95814 Telephone: (916) 449-5262 Email: kimberly.ferreira@cdph.ca.gov Jena Adams, Supervising Communicable Disease Specialist 1221 Fulton Street Fresno, CA 93721 Telephone: (559) 600-6404 ex. 3042 Email: jadams@fresnocountyca.gov All payments from CDPH to the Grantee; shall be sent to the following address: Remittance Address Contractor: County of Fresno Cashier – Bruna Chavez, Business Manager P.O. Box 11800 Fresno, CA 93775 Telephone: (559) 600-6438 Email: dphboap@@fresnocountyca.gov •Either party may make changes to the information above by giving written notice to the other party. Said changes shall not require an amendment to the agreement, but the Grantee will be required to submit a new completed CDPH 9083 Governmental Entity Taxpayer ID Form or STD 204 Payee Data Record form to the Project Representative for processing. STANDARD PROVISIONS: The following exhibits are attached and made a part of this Grant by this reference: EXHIBIT A LETTER OF AWARD EXHIBIT A1 LIST OF ALLOCATIONS EXHIBIT A2 FUNDING ALLOCATION PROCESS EXHIBIT B BUDGET DETAIL AND PAYMENT PROVISIONS EXHIBIT C STANDARD GRANT CONDITIONS EXHIBIT D ADDITIONAL PROVISIONS EXHIBIT E INFORMATION PRIVACY AND SECURITY REQUIREMENTS GRANTEE REPRESENTATIONS: The Grantee(s) accept all terms, provisions, and conditions of this grant, including those stated in the Exhibits incorporated by reference above. The Grantee(s) shall fulfill all assurances and commitments made in the application, declarations, other accompanying documents, and written communications (e.g., e-mail, correspondence) filed in support of the request for grant funding. The Grantee(s) shall comply with and require its contractors and subcontractors to comply with all applicable laws, polices, and regulations. Exhibit A Letter of Award Exhibit A1 List of Allocation County/City Summary Action FINAL FY 19/20 Adjusted Allocation FINAL FY 20/21 Adjusted Allocation FINAL FY 21/22 Adjusted Allocation FINAL FY 22/23 Adjusted Allocation FINAL FY 23/24 Adjusted Allocation TOTAL Five (5) Year Allocation Alameda Formula 285,286$ 285,286$ 285,286$ 285,286$ 285,286$ 1,426,430$ Alpine No Case -$ -$ -$ -$ -$ -$ Amador Cap 6,015$ 6,015$ 6,015$ 6,015$ 6,015$ 30,075$ Berkeley HH 27,342$ 27,342$ 27,342$ 27,342$ 27,342$ 136,710$ Butte HH 25,343$ 25,343$ 25,343$ 25,343$ 25,343$ 126,715$ Calaveras HH 5,334$ 5,334$ 5,334$ 5,334$ 5,334$ 26,670$ Colusa Minimum 3,000$ 3,000$ 3,000$ 3,000$ 3,000$ 15,000$ Contra Costa HH 172,681$ 172,681$ 172,681$ 172,681$ 172,681$ 863,405$ Del Norte HH 3,334$ 3,334$ 3,334$ 3,334$ 3,334$ 16,670$ El Dorado Formula 12,561$ 12,561$ 12,561$ 12,561$ 12,561$ 62,805$ Fresno Cap 90,643$ 90,643$ 90,643$ 90,643$ 90,643$ 453,215$ Glenn Minimum 3,000$ 3,000$ 3,000$ 3,000$ 3,000$ 15,000$ Humboldt HH 12,004$ 12,004$ 12,004$ 12,004$ 12,004$ 60,020$ Imperial Cap 19,193$ 19,193$ 19,193$ 19,193$ 19,193$ 95,965$ Inyo HH 4,668$ 4,668$ 4,668$ 4,668$ 4,668$ 23,340$ Kern Cap 122,859$ 122,859$ 122,859$ 122,859$ 122,859$ 614,295$ Kings HH 18,007$ 18,007$ 18,007$ 18,007$ 18,007$ 90,035$ Lake HH 10,003$ 10,003$ 10,003$ 10,003$ 10,003$ 50,015$ Lassen HH 5,334$ 5,334$ 5,334$ 5,334$ 5,334$ 26,670$ Long Beach HH 243,065$ 243,065$ 243,065$ 243,065$ 243,065$ 1,215,325$ Los Angeles Cap 1,972,378$ 1,972,378$ 1,972,378$ 1,972,378$ 1,972,378$ 9,861,890$ Madera HH 16,006$ 16,006$ 16,006$ 16,006$ 16,006$ 80,030$ Marin HH 51,353$ 51,353$ 51,353$ 51,353$ 51,353$ 256,765$ Mariposa Minimum 3,000$ 3,000$ 3,000$ 3,000$ 3,000$ 15,000$ Mendocino HH 13,337$ 13,337$ 13,337$ 13,337$ 13,337$ 66,685$ Merced Cap 18,049$ 18,049$ 18,049$ 18,049$ 18,049$ 90,245$ Modoc HH 2,820$ 2,820$ 2,820$ 2,820$ 2,820$ 14,100$ Mono Minimum 3,000$ 3,000$ 3,000$ 3,000$ 3,000$ 15,000$ Monterey Formula 47,999$ 47,999$ 47,999$ 47,999$ 47,999$ 239,995$ Napa Formula 13,251$ 13,251$ 13,251$ 13,251$ 13,251$ 66,255$ Nevada HH 6,669$ 6,669$ 6,669$ 6,669$ 6,669$ 33,345$ Orange Formula 425,502$ 425,502$ 425,502$ 425,502$ 425,502$ 2,127,510$ Pasadena Cap 26,792$ 26,792$ 26,792$ 26,792$ 26,792$ 133,960$ Placer Cap 15,040$ 15,040$ 15,040$ 15,040$ 15,040$ 75,200$ Plumas Minimum 3,000$ 3,000$ 3,000$ 3,000$ 3,000$ 15,000$ Riverside Cap 293,218$ 293,218$ 293,218$ 293,218$ 293,218$ 1,466,090$ Sacramento Cap 218,266$ 218,266$ 218,266$ 218,266$ 218,266$ 1,091,330$ San Benito Cap 3,180$ 3,180$ 3,180$ 3,180$ 3,180$ 15,900$ San Bernardino Cap 256,250$ 256,250$ 256,250$ 256,250$ 256,250$ 1,281,250$ San Diego Formula 660,768$ 660,768$ 660,768$ 660,768$ 660,768$ 3,303,840$ San Francisco HH 715,084$ 715,084$ 715,084$ 715,084$ 715,084$ 3,575,420$ San Joaquin Formula 83,479$ 83,479$ 83,479$ 83,479$ 83,479$ 417,395$ San Luis Obispo HH 33,345$ 33,345$ 33,345$ 33,345$ 33,345$ 166,725$ San Mateo HH 89,634$ 89,634$ 89,634$ 89,634$ 89,634$ 448,170$ Santa Barbara HH 34,678$ 34,678$ 34,678$ 34,678$ 34,678$ 173,390$ Santa Clara HH 232,038$ 232,038$ 232,038$ 232,038$ 232,038$ 1,160,190$ Santa Cruz HH 28,010$ 28,010$ 28,010$ 28,010$ 28,010$ 140,050$ Shasta Formula 13,985$ 13,985$ 13,985$ 13,985$ 13,985$ 69,925$ Sierra Minimum 3,000$ 3,000$ 3,000$ 3,000$ 3,000$ 15,000$ Siskiyou HH 4,668$ 4,668$ 4,668$ 4,668$ 4,668$ 23,340$ Solano HH 63,257$ 63,257$ 63,257$ 63,257$ 63,257$ 316,285$ Sonoma HH 74,029$ 74,029$ 74,029$ 74,029$ 74,029$ 370,145$ Stanislaus Cap 45,123$ 45,123$ 45,123$ 45,123$ 45,123$ 225,615$ Sutter Cap 7,520$ 7,520$ 7,520$ 7,520$ 7,520$ 37,600$ Tehama Minimum 3,000$ 3,000$ 3,000$ 3,000$ 3,000$ 15,000$ Trinity Minimum 3,000$ 3,000$ 3,000$ 3,000$ 3,000$ 15,000$ Tulare Cap 30,081$ 30,081$ 30,081$ 30,081$ 30,081$ 150,405$ Tuolumne HH 4,668$ 4,668$ 4,668$ 4,668$ 4,668$ 23,340$ Ventura Formula 65,776$ 65,776$ 65,776$ 65,776$ 65,776$ 328,880$ Yolo HH 14,672$ 14,672$ 14,672$ 14,672$ 14,672$ 73,360$ Yuba Cap 6,015$ 6,015$ 6,015$ 6,015$ 6,015$ 30,075$ Total 6,674,612$ 6,674,612$ 6,674,612$ 6,674,612$ 6,674,612$ 33,373,060$ Fiscal Year 2019-2020 HIV Surveillance Program The Office of AIDS (OA) will allocate $6.67 million in Fiscal Year (FY) 2019-20 State General Fund to local health jurisdictions (LHJs) for local HIV Surveillance Programs. OA will use the FY 2016-17 formula, with updated data, for allocating these funds and will implement provisions to provide equity and stability of funding across all regions of California. The allocation formula is based upon the following factors: New HIV/AIDS cases diagnosed 2013 – 2017; and Cumulative HIV (non AIDS cases) through December 31, 2017 No Case LHJs: The following LHJ, with no reported HIV or AIDS cases during the periods indicated above, will not receive an allocation of HIV Surveillance Program funding: Alpine. Funding Minimum: OA will implement a minimum allocation of $3,000 for the rest of the LHJs. The eight LHJs receiving the minimum allocation: Colusa, Glenn, Mariposa, Mono, Plumas, Sierra, Tehama, and Trinity. OA will apply the following stabilization measures: 1.Funding Cap (CAP): OA will implement a funding cap, which is a maximum funding level placed on each LHJ, set at 106 percent of the FY 2016-17 allocation. The sixteen LHJs impacted by the funding cap: Amador, Fresno, Imperial, Kern, Los Angeles, Merced, Pasadena, Placer, Riverside, Sacramento, San Benito, San Bernardino, Stanislaus, Sutter, Tulare and Yuba. 2.Hold Harmless Provision: OA will distribute funds to other LHJs so that the minimum funding level is 94 percent of the FY 2016-17 allocation. Twenty-seven LHJs are allocated funds due to the hold harmless provision. Nine LHJs receive their unadjusted formula amount: Alameda, El Dorado, Monterey, Napa, Orange, San Diego, San Joaquin, Shasta, and Ventura. Exhibit A2 Funding Allocation Process 1 FY 2019/20 HIV Surveillance Program Funding Allocation County/City FY 16/17 Allocation FY 19/ 20 Unadjusted Allocation Unadjusted Allocation % of FY 16/17 Allocation FINAL FY 19/20 Adjusted Allocation FINAL Adjusted Allocation % of Unadjusted FINAL Adjusted Allocation % of FY 16/17 Allocation Summary Action Alameda 289,225$ 286,135$ 98.9%285,286$ 99.7%98.6%Formula Alpine -$ -$ --$ --No Case Amador 5,675$ 6,464$ 113.9%6,015$ 93.1%106.0%Cap Berkeley 29,088$ 21,468$ 73.8%27,342$ 127.4%94.0%HH Butte 26,961$ 16,162$ 59.9%25,343$ 156.8%94.0%HH Calaveras 5,675$ 3,803$ 67.0%5,334$ 140.3%94.0%HH Colusa 3,000$ 932$ 31.1%3,000$ 321.9%100.0%Minimum Contra Costa 183,704$ 123,340$ 67.1%172,681$ 140.0%94.0%HH Del Norte 3,547$ 1,954$ 55.1%3,334$ 170.6%94.0%HH El Dorado 12,416$ 12,599$ 101.5%12,561$ 99.7%101.2%Formula Fresno 85,513$ 144,080$ 168.5%90,643$ 62.9%106.0%Cap Glenn 3,000$ 2,300$ 76.7%3,000$ 130.4%100.0%Minimum Humboldt 12,771$ 11,200$ 87.7%12,004$ 107.2%94.0%HH Imperial 18,107$ 25,860$ 142.8%19,193$ 74.2%106.0%Cap Inyo 4,966$ 3,353$ 67.5%4,668$ 139.2%94.0%HH Kern 115,905$ 123,994$ 107.0%122,859$ 99.1%106.0%Cap Kings 19,157$ 15,892$ 83.0%18,007$ 113.3%94.0%HH Lake 10,642$ 5,743$ 54.0%10,003$ 174.2%94.0%HH Lassen 5,675$ 811$ 14.3%5,334$ 657.7%94.0%HH Long Beach 258,580$ 181,323$ 70.1%243,065$ 134.1%94.0%HH Los Angeles 1,860,734$ 2,217,159$ 119.2%1,972,378$ 89.0%106.0%Cap Madera 17,028$ 9,742$ 57.2%16,006$ 164.3%94.0%HH Marin 54,631$ 33,255$ 60.9%51,353$ 154.4%94.0%HH Mariposa 3,000$ 841$ 28.0%3,000$ 356.7%100.0%Minimum Mendocino 14,189$ 7,261$ 51.2%13,337$ 183.7%94.0%HH Merced 17,028$ 22,462$ 131.9%18,049$ 80.4%106.0%Cap Modoc 3,000$ -$ 0.0%2,820$ -94.0%HH Mono 3,000$ 706$ 23.5%3,000$ 424.9%100.0%Minimum Monterey 46,116$ 48,142$ 104.4%47,999$ 99.7%104.1%Formula Napa 13,203$ 13,290$ 100.7%13,251$ 99.7%100.4%Formula Nevada 7,095$ 5,201$ 73.3%6,669$ 128.2%94.0%HH Orange 422,925$ 426,768$ 100.9%425,502$ 99.7%100.6%Formula Pasadena 25,276$ 33,557$ 132.8%26,792$ 79.8%106.0%Cap Placer 14,189$ 19,063$ 134.4%15,040$ 78.9%106.0%Cap Plumas 3,000$ 496$ 16.5%3,000$ 604.8%100.0%Minimum Riverside 276,621$ 413,031$ 149.3%293,218$ 71.0%106.0%Cap Sacramento 205,912$ 227,691$ 110.6%218,266$ 95.9%106.0%Cap San Benito 3,000$ 4,420$ 147.3%3,180$ 71.9%106.0%Cap San Bernardino 241,746$ 271,540$ 112.3%256,250$ 94.4%106.0%Cap San Diego 691,677$ 662,735$ 95.8%660,768$ 99.7%95.5%Formula San Francisco 760,728$ 499,451$ 65.7%715,084$ 143.2%94.0%HH San Joaquin 80,906$ 83,728$ 103.5%83,479$ 99.7%103.2%Formula San Luis Obispo 35,474$ 23,799$ 67.1%33,345$ 140.1%94.0%HH San Mateo 95,356$ 80,688$ 84.6%89,634$ 111.1%94.0%HH Santa Barbara 36,892$ 32,023$ 86.8%34,678$ 108.3%94.0%HH Santa Clara 246,849$ 189,557$ 76.8%232,038$ 122.4%94.0%HH Santa Cruz 29,798$ 22,205$ 74.5%28,010$ 126.1%94.0%HH Shasta 14,189$ 14,027$ 98.9%13,985$ 99.7%98.6%Formula Sierra 3,000$ 180$ 6.0%3,000$ 1666.7%100.0%Minimum Siskiyou 4,966$ 4,029$ 81.1%4,668$ 115.9%94.0%HH Solano 67,295$ 56,814$ 84.4%63,257$ 111.3%94.0%HH Sonoma 78,755$ 45,536$ 57.8%74,029$ 162.6%94.0%HH Stanislaus 42,569$ 55,600$ 130.6%45,123$ 81.2%106.0%Cap Sutter 7,095$ 7,878$ 111.0%7,520$ 95.5%106.0%Cap Tehama 3,000$ 2,976$ 99.2%3,000$ 100.8%100.0%Minimum Trinity 3,000$ 405$ 13.5%3,000$ 740.7%100.0%Minimum Tulare 28,379$ 41,602$ 146.6%30,081$ 72.3%106.0%Cap Tuolumne 4,966$ 1,698$ 34.2%4,668$ 274.9%94.0%HH Ventura 69,530$ 65,971$ 94.9%65,776$ 99.7%94.6%Formula Yolo 15,609$ 11,786$ 75.5%14,672$ 124.5%94.0%HH Yuba 5,675$ 6,254$ 110.2%6,015$ 96.2%106.0%Cap Total 6,649,342$ 6,650,980$ 6,674,612$ 1 No Case County/City 9 Unadjusted Formula County/City 16 Funding Cap County/City 8 Minimum Allocation County/City 27 Hold Harmless County/City 61 Total Counties/Cities 2 County of Fresno 19-10415 Page 1 of 2 Exhibit B Budget Detail and Payment Provisions 1.Invoicing and Payment A.Upon completion of project activities as provided in the Grant Application, and upon receipt and approval of the invoices, the State agrees to reimburse the Grantee for activities performed and expenditures incurred in accordance with the costs specified herein. B.Invoices shall include the Grant Number and shall be submitted in triplicate not more frequently than monthly in arrears to: Invoice Desk California Department of Public Health Prevention Program MS 7700 1616 Capitol Avenue, Suite 616 Sacramento, CA 95814 C.Invoices shall: 1)Be prepared on Grantee letterhead. If invoices are not on produced letterhead invoices must be signed by an authorized official, employee or agent certifying that the expenditures claimed represent activities performed and are in accordance with the Grant Application under this Grant. 2)Bear the Grantee’s name as shown on the Grant. 3)Identify the billing and/or performance period covered by the invoice. 4)Itemize costs for the billing period in the same or greater level of detail as indicated in this Grant. Subject to the terms of this Grant, reimbursement may only be sought for those costs and/or cost categories expressly identified as allowable and approved by CDPH. 2.Budget Contingency Clause A.It is mutually agreed that if the Budget Act of the current year and/or any subsequent years covered under this Agreement does not appropriate sufficient funds for the program, this Agreement shall be of no further force and effect. In this event, the State shall have no liability to pay any funds whatsoever to Grantee or to furnish any other considerations under this Agreement and Grantee shall not be obligated to fulfill any provisions of this Agreement. B.If funding for any fiscal year is reduced or deleted by the Budget Act for purposes of this program, the State shall have the option to either cancel this Agreement with no liability occurring to the State, or offer an agreement amendment to Grantee to reflect the reduced amount. 3.Prompt Payment Clause Payment will be made in accordance with, and within the time specified in, Government Code Chapter 4.5, commencing with Section 927. 4.Amounts Payable A.The amounts payable under this Grant shall not exceed: 1)$453,215 for the budget period of 07/01/2019 through 06/30/2024. County of Fresno 19-10415 Page 2 of 2 Exhibit B Budget Detail and Payment Provisions B.Payment allocations shall be made for allowable expenses up to the amount annually encumbered commensurate with the state fiscal year in which services are fulfilled and/or goods are received. 5.Timely Submission of Final Invoice A.A final undisputed invoice shall be submitted for payment no more than forty-five (45) calendar days following the expiration or termination date of this Grant, unless a later or alternate deadline is agreed to in writing by the program grant manager. Said invoice should be clearly marked “Final Invoice”, indicating that all payment obligations of the State under this Grant have ceased and that no further payments are due or outstanding. B.The State may, at its discretion, choose not to honor any delinquent final invoice if the Grantee fails to obtain prior written State approval of an alternate final invoice submission deadline. 6.Travel and Per Diem Reimbursement Any reimbursement for necessary travel and per diem shall be at the rates currently in effect as established by the California Department of Human Resources (CalHR). County of Fresno 19-10415 Page 1 of 4 EXHIBIT C STANDARD GRANT CONDITIONS 1.APPROVAL: This Grant is of no force or effect until signed by both parties and approved by the Department of General Services, if required. The Grantee may not commence performance until such approval has been obtained 2.AMENDMENT: No amendment or variation of the terms of this Grant shall be valid unless made in writing, signed by the parties, and approved as required. No oral understanding or Agreement not incorporated in the Grant is binding on any of the parties. In no case shall the Department materially alter the scope of the Project set forth in Exhibit A. 3.ASSIGNMENT: This Grant is not assignable by the Grantee, either in whole or in part, without the written consent of the Grant Manager in the form of a written amendment to the Grant. 4.AUDIT: Grantee agrees that the Department, the Bureau of State Audits, or their designated representative shall have the right to review and to copy any records and supporting documentation pertaining to this Grant. Grantee agrees to maintain such records for a possible audit for a minimum of three (3) years after final payment or completion of the project funded with this Grant, unless a longer period of records retention is stipulated. Grantee agrees to allow the auditor(s) access to such records during normal business hours and to allow interviews of any employees who might reasonably have information related to such records. Further, Grantee agrees to include a similar right of the State to audit records and interview staff in any subcontract related to the project. 5.CONFLICT OF INTEREST: Grantee certifies that it is in compliance with all applicable state and/or federal conflict of interest laws. 6.INDEMNIFICATION: Grantee agrees to indemnify, defend and save harmless the State, its officers, agents and employees from any and all claims and losses accruing or resulting to any and all contractors, subcontractors, suppliers, laborers, and any other person, firm or corporation furnishing or supplying work services, materials, or supplies in connection with the project, and from any and all claims and losses accruing or resulting to any person, firm or corporation who may be injured or damaged by Grantee in the performance of any activities related to the Project. 7.FISCAL MANAGEMENT SYSTEMS AND ACCOUNTING STANDARDS: Grantee agrees that, at a minimum, its fiscal control and accounting procedures will be sufficient to permit tracing of all grant funds to a level of expenditure adequate to establish that such funds have not been used in violation of any applicable state or federal law, or the provisions of this Grant. Grantee further agrees that it will maintain separate Project accounts in accordance with generally accepted accounting principles. 8.GOVERNING LAW: This Grant is governed by and shall be interpreted in accordance with the laws of the State of California. Page 2 of 4 9.INCOME RESTRICTIONS: Grantee agrees that any refunds, rebates, credits, or other amounts (including any interest thereon) accruing to or received by the Grantee under this Grant shall be paid by the Grantee to the Department, to the extent that they are properly allocable to costs for which the Grantee has been reimbursed by the Department under this Grant. 10.INDEPENDENT CONTRACTOR: Grantee, and its agents and employees of Grantee, in the performance of the Project, shall act in an independent capacity and not as officers, employees or agents of the Department. 11.MEDIA EVENTS: Grantee shall notify the Department’s Grant Manager in writing at least twenty (20) working days before any public or media event publicizing the accomplishments and/or results of the Project and provide the opportunity for attendance and participation by Department’s representatives. 12.NO THIRD-PARTY RIGHTS: The Department and Grantee do not intend to create any rights or remedies for any third- party as a beneficiary of this Grant or the project. 13.NOTICE: Grantee shall promptly notify the Department’s Grant Manager in writing of any events, developments or changes that could affect the completion of the project or the budget approved for this Grant. 14.PROFESSIONALS: Grantee agrees that only licensed professionals will be used to perform services under this Grant where such services are called for. 15.RECORDS: Grantee certifies that it will maintain Project accounts in accordance with generally accepted accounting principles. Grantee further certifies that it will comply with the following conditions for a grant award as set forth in the Request for Applications and the Grant Application. A.Establish an official file for the Project which shall adequately document all significant actions relative to the Project; B.Establish separate accounts which will adequately and accurately depict all amounts received and expended on this Project, including all grant funds received under this Grant; C.Establish separate accounts which will adequately depict all income received which is attributable to the Project, especially including any income attributable to grant funds disbursed under this Grant; D.Establish an accounting system which will adequately depict final total costs of the Project, including both direct and indirect costs; and, E.Establish such accounts and maintain such records as may be necessary for the state to fulfill federal reporting requirements, including any and all reporting requirements under federal tax statutes or regulations. 16.RELATED LITIGATION: Under no circumstances may Grantee use funds from any disbursement under this Grant to pay for costs associated with any litigation between the Grantee and the Department. Page 3 of 4 17.RIGHTS IN DATA: Grantee and the Department agree that all data, plans, drawings, specifications, reports, computer programs, operating manuals, notes, and other written or graphic work submitted under Exhibit A in the performance of the Project funded by this Grant shall be in the public domain. Grantee may disclose, disseminate and use in whole or in part, any final form data and information received, collected, and developed under this Project, subject to appropriate acknowledgment of credit to the Department for financial support. Grantee shall not utilize the materials submitted to the Department (except data) for any profit making venture or sell or grant rights to a third-party who intends to do so. The Department has the right to use submitted data for all governmental purposes. 18.VENUE: The Department and Grantee agree that any action arising out of this Grant shall be filed and maintained in the Superior Court, California. Grantee waives any existing sovereign immunity for the purposes of this Grant, if applicable. 19.STATE-FUNDED RESEARCH GRANTS: A.Grantee shall provide for free public access to any publication of a department-funded invention or department-funded technology. Grantee further agrees to all terms and conditions required by the California Taxpayer Access to Publicly Funded Research Act (Chapter 2.5 (commencing with Section 13989) of Part 4.5 of Division 3 of Title 2 of the Government Code). B.As a condition of receiving the research grant, Grantee agrees to the following terms and conditions which are set forth in Government Code section 13989.6 (“Section 13989.6”): 1)Grantee is responsible for ensuring that any publishing or copyright agreements concerning submitted manuscripts fully comply with Section 13989.6. 2)Grantees shall report to the Department the final disposition of the research grant, including, but not limited to, if it was published, when it was published, where it was published, when the 12-month time period expires, and where the manuscript will be available for open access. 3)For a manuscript that is accepted for publication in a peer-reviewed journal, the Grantee shall ensure that an electronic version of the peer-reviewed manuscript is available to the department and on an appropriate publicly accessible database approved by the Department, including, but not limited to, the University of California’s eScholarship Repository at the California Digital Library, PubMed Central, or the California Digital Open Source Library, to be made publicly available not later than 12 months after the official date of publication. Manuscripts submitted to the California Digital Open Source Library shall be exempt from the requirements in subdivision (b) of Section 66408 of the Education Code. Grantee shall make reasonable efforts to comply with this requirement by ensuring that their manuscript is accessible on an approved publicly accessible database, and notifying the Department that the manuscript is available on a department-approved database. If Grantee is unable to ensure that their manuscript is accessible on an approved publicly accessible database, Grantee may comply by providing the manuscript to the Department not later than 12 months after the official date of publication. Page 4 of 4 4)For publications other than those described in paragraph B.3 above, including meeting abstracts, Grantee shall comply by providing the manuscript to the Department not later than 12 months after the official date of publication. 5)Grantee is authorized to use grant money for publication costs, including fees charged by a publisher for color and page charges, or fees for digital distribution. County of Fresno 19-10415 Page 1 of 3 Exhibit D Additional Provisions 1. Cancellation / Termination A.This Grant may be cancelled by CDPH without cause upon thirty (30) calendar days advance written notice to the Grantee. B.CDPH reserves the right to cancel or terminate this Grant immediately for cause. The Grantee may submit a written request to terminate this Grant only if CDPH substantially fails to perform its responsibilities as provided herein. C.The term “for cause” shall mean that the Grantee fails to meet the terms, conditions, and/or responsibilities of this agreement. Causes for termination include, but are not limited to the following occurrences: 1)If the Grantee knowingly furnishes any statement, representation, warranty, or certification in connection with the agreement, which representation is materially false, deceptive, incorrect, or incomplete. 2)If the Grantee fails to perform any material requirement of this Grant or defaults in performance of this agreement. 3)If the Grantee files for bankruptcy, or if CDPH determines that the Grantee becomes financially incapable of completing this agreement. D.Grant termination or cancellation shall be effective as of the date indicated in CDPH’s notification to the Grantee. The notice shall stipulate any final performance, invoicing or payment requirements. E.In the event of early termination or cancellation, the Grantee shall be entitled to compensation for services performed satisfactorily under this agreement and expenses incurred up to the date of cancellation and any non-cancelable obligations incurred in support of this Grant. F.In the event of termination, and at the request of CDPH, the Grantee shall furnish copies of all proposals, specifications, designs, procedures, layouts, copy, and other materials related to the services or deliverables provided under this Grant, whether finished or in progress on the termination date. G.The Grantee will not be entitled to reimbursement for any expenses incurred for services and deliverables pursuant to this agreement after the effective date of termination. H.Upon receipt of notification of termination of this Grant, and except as otherwise specified by CDPH, the Grantee shall: 1)Place no further order or subgrants for materials, services, or facilities. 2)Settle all outstanding liabilities and all claims arising out of such termination of orders and subgrants. County of Fresno 19-10415 Page 2 of 3 Exhibit D Additional Provisions 3)Upon the effective date of termination of the Grant and the payment by CDPH of all items properly changeable to CDPH hereunder, Grantee shall transfer, assign and make available to CDPH all property and materials belonging to CDPH, all rights and claims to any and all reservations, grants, and arrangements with owners of media/PR materials, or others, and shall make available to CDPH all written information regarding CDPH’s media/PR materials, and no extra compensation is to be paid to Grantee for its services. 4)Take such action as may be necessary, or as CDPH may specify, to protect and preserve any property related to this agreement which is in the possession of the Grantee and in which CDPH has or may acquire an interest. I.CDPH may, at its discretion, require the Grantee to cease performance of certain components of the Scope of Work as designated by CDPH and complete performance of other components prior to the termination date of the Grant. 2.Avoidance of Conflicts of Interest by Grantee A.CDPH intends to avoid any real or apparent conflict of interest on the part of the Grantee, subgrants, or employees, officers and directors of the Grantee or subgrants. Thus, CDPH reserves the right to determine, at its sole discretion, whether any information, assertion or claim received from any source indicates the existence of a real or apparent conflict of interest; and, if a conflict is found to exist, to require the Grantee to submit additional information or a plan for resolving the conflict, subject to CDPH review and prior approval. B.Conflicts of interest include, but are not limited to: 1)An instance where the Grantee or any of its subgrants, or any employee, officer, or director of the Grantee or any subgrant or has an interest, financial or otherwise, whereby the use or disclosure of information obtained while performing services under the grant would allow for private or personal benefit or for any purpose that is contrary to the goals and objectives of the grant. 2)An instance where the Grantee’s or any subgrant’s employees, officers, or directors use their positions for purposes that are, or give the appearance of being, motivated by a desire for private gain for themselves or others, such as those with whom they have family, business or other ties. C.If CDPH is or becomes aware of a known or suspected conflict of interest, the Grantee will be given an opportunity to submit additional information or to resolve the conflict. A Grantee with a suspected conflict of interest will have five (5) working days from the date of notification of the conflict by CDPH to provide complete information regarding the suspected conflict. If a conflict of interest is determined to exist by CDPH and cannot be resolved to the satisfaction of CDPH, the conflict will be grounds for terminating the grant. CDPH may, at its discretion upon receipt of a written request from the Grantee, authorize an extension of the timeline indicated herein. County of Fresno 19-10415 Page 3 of 3 Exhibit D Additional Provisions 3.Dispute Resolution Process A.A Grantee grievance exists whenever there is a dispute arising from CDPH’s action in the administration of an agreement. If there is a dispute or grievance between the Grantee and CDPH, the Grantee must seek resolution using the procedure outlined below. 1)The Grantee should first informally discuss the problem with the CDPH Program Grant Manager. If the problem cannot be resolved informally, the Grantee shall direct its grievance together with any evidence, in writing, to the program Branch Chief. The grievance shall state the issues in dispute, the legal authority or other basis for the Grantee's position and the remedy sought. The Branch Chief shall render a decision within ten (10) working days after receipt of the written grievance from the Grantee. The Branch Chief shall respond in writing to the Grantee indicating the decision and reasons therefore. If the Grantee disagrees with the Branch Chief’s decision, the Grantee may appeal to the second level. 2)When appealing to the second level, the Grantee must prepare an appeal indicating the reasons for disagreement with Branch Chief’s decision. The Grantee shall include with the appeal a copy of the Grantee's original statement of dispute along with any supporting evidence and a copy of the Branch Chief’s decision. The appeal shall be addressed to the Deputy Director of the division in which the branch is organized within ten (10) working days from receipt of the Branch Chief’s decision. The Deputy Director of the division in which the branch is organized or his/her designee shall meet with the Grantee to review the issues raised. A written decision signed by the Deputy Director of the division in which the branch is organized or his/her designee shall be directed to the Grantee within twenty (20) working days of receipt of the Grantee's second level appeal. B.If the Grantee wishes to appeal the decision of the Deputy Director of the division in which the branch is organized or his/her designee, the Grantee shall follow the procedures set forth in Division 25.1 (commencing with Section 38050) of the Health and Safety Code and the regulations adopted thereunder. (Title 1, Division 2, Chapter 2, Article 3 (commencing with Section 1140) of the California Code of Regulations). C.Disputes arising out of an audit, examination of an agreement or other action not covered by subdivision (a) of Section 20204, of Chapter 2.1, Title 22, of the California Code of Regulations, and for which no procedures for appeal are provided in statute, regulation or the Agreement, shall be handled in accordance with the procedures identified in Sections 51016 through 51047, Title 22, California Code of Regulations. D.Unless otherwise stipulated in writing by CDPH, all dispute, grievance and/or appeal correspondence shall be directed to the CDPH Grant Manager. E.There are organizational differences within CDPH’s funding programs and the management levels identified in this dispute resolution provision may not apply in every contractual situation. When a grievance is received and organizational differences exist, the Grantee shall be notified in writing by the CDPH Grant Manager of the level, name, and/or title of the appropriate management official that is responsible for issuing a decision at a given level. County of Fresno 19-10415 Page 1 of 11 Exhibit E Information Privacy and Security Requirements (For Non-HIPAA/HITECH Act Contracts) CDPH IPSR (6-16) This Information Privacy and Security Requirements Exhibit (For Non-HIPAA/HITECH Act Contracts) (hereinafter referred to as “this Exhibit”) sets forth the information privacy and security requirements Contractor is obligated to follow with respect to all personal and confidential information (as defined herein) disclosed to Contractor, or collected, created, maintained, stored, transmitted or used by Contractor for or on behalf of the California Department of Public Health (hereinafter “CDPH”), pursuant to Contractor’s agreement with CDPH. (Such personal and confidential information is referred to herein collectively as “CDPH PCI”.) CDPH and Contractor desire to protect the privacy and provide for the security of CDPH PCI pursuant to this Exhibit and in compliance with state and federal laws applicable to the CDPH PCI. I.Order of Precedence: With respect to information privacy and security requirements for all CDPH PCI, the terms and conditions of this Exhibit shall take precedence over any conflicting terms or conditions set forth in any other part of the agreement between Contractor and CDPH, including Exhibit A (Scope of Work), all other exhibits and any other attachments, and shall prevail over any such conflicting terms or conditions. II.Effect on lower tier transactions: The terms of this Exhibit shall apply to all contracts, subcontracts, and subawards, and the information privacy and security requirements Contractor is obligated to follow with respect to CDPH PCI disclosed to Contractor, or collected, created, maintained, stored, transmitted or used by Contractor for or on behalf of CDPH, pursuant to Contractor’s agreement with CDPH. When applicable the Contractor shall incorporate the relevant provisions of this Exhibit into each subcontract or subaward to its agents, subcontractors, or independent consultants. III.Definitions: For purposes of the agreement between Contractor and CDPH, including this Exhibit, the following definitions shall apply: A.Breach: “Breach” means: 1.the unauthorized acquisition, access, use, or disclosure of CDPH PCI in a manner which compromises the security, confidentiality or integrity of the information; or 2.the same as the definition of "breach of the security of the system" set forth in California Civil Code section 1798.29(f). B.Confidential Information: “Confidential information” means information that: 1.does not meet the definition of “public records” set forth in California Government Code section 6252(e), or is exempt from disclosure under any of the provisions of Section 6250, et seq. of the California Government Code or any other applicable state or federal laws; or 2.is contained in documents, files, folders, books or records that are clearly labeled, marked or designated with the word “confidential” by CDPH. C.Disclosure: “Disclosure” means the release, transfer, provision of, access to, or divulging in any manner of information outside the entity holding the information. County of Fresno 19-10415 Page 2 of 11 Exhibit E Information Privacy and Security Requirements (For Non-HIPAA/HITECH Act Contracts) CDPH IPSR (6-16) D. PCI: “PCI” means “personal information” and “confidential information” (as these terms are defined herein: E.Personal Information: “Personal information” means information, in any medium (paper, electronic, oral) that: 1.directly or indirectly collectively identifies or uniquely describes an individual; or 2.could be used in combination with other information to indirectly identify or uniquely describe an individual, or link an individual to the other information; or 3.meets the definition of “personal information” set forth in California Civil Code section 1798.3, subdivision (a) or 4.is one of the data elements set forth in California Civil Code section 1798.29, subdivision (g)(1) or (g)(2); or 5.meets the definition of “medical information” set forth in either California Civil Code section 1798.29, subdivision (h)(2) or California Civil Code section 56.05, subdivision (j); or 6.meets the definition of “health insurance information” set forth in California Civil Code section 1798.29, subdivision (h)(3); or 7.is protected from disclosure under applicable state or federal law. F.Security Incident: “Security Incident” means: 1.an attempted breach; or 2.the attempted or successful unauthorized access or disclosure, modification or destruction of CDPH PCI, in violation of any state or federal law or in a manner not permitted under the agreement between Contractor and CDPH, including this Exhibit; or 3.the attempted or successful modification or destruction of, or interference with, Contractor’s system operations in an information technology system, that negatively impacts the confidentiality, availability or integrity of CDPH PCI; or 4.any event that is reasonably believed to have compromised the confidentiality, integrity, or availability of an information asset, system, process, data storage, or transmission. Furthermore, an information security incident may also include an event that constitutes a violation or imminent threat of violation of information security policies or procedures, including acceptable use policies. G.Use: “Use” means the sharing, employment, application, utilization, examination, or analysis of information. IV.Disclosure Restrictions: The Contractor and its employees, agents, and subcontractors shall protect from unauthorized disclosure any CDPH PCI. The Contractor shall not disclose, except as otherwise specifically permitted by the agreement between Contractor and CDPH (including this Exhibit), any County of Fresno 19-10415 Page 3 of 11 Exhibit E Information Privacy and Security Requirements (For Non-HIPAA/HITECH Act Contracts) CDPH IPSR (6-16) CDPH PCI to anyone other than CDPH personnel or programs without prior written authorization from the CDPH Program Contract Manager, except if disclosure is required by State or Federal law. V.Use Restrictions: The Contractor and its employees, agents, and subcontractors shall not use any CDPH PCI for any purpose other than performing the Contractor's obligations under its agreement with CDPH. VI.Safeguards: The Contractor shall implement administrative, physical, and technical safeguards that reasonably and appropriately protect the privacy, confidentiality, security, integrity, and availability of CDPH PCI, including electronic or computerized CDPH PCI. At each location wher CDPH PCI exists under Contractor’s control, the Contractor shall develop and maintain a written information privacy and security program that includes administrative, technical and physical safeguards appropriate to the size and complexity of the Contractor’s operations and the nature and scope of its activities in performing its agreement with CDPH, including this Exhibit, and which incorporates the requirements of Section VII, Security, below. Contractor shall provide CDPH with Contractor’s current and updated policies within five (5) business days of a request by CDPH for the policies. VII.Security: The Contractor shall take any and all steps reasonably necessary to ensure the continuous security of all computerized data systems containing CDPH PCI. These steps shall include, at a minimum, complying with all of the data system security precautions listed in the Contractor Data Security Standards set forth in Attachment 1 to this Exhibit. VIII.Security Officer: At each place where CDPH PCI is located,, the Contractor shall designate a Security Officer to oversee its compliance with this Exhibit and to communicate with CDPH on matters concerning this Exhibit. IX.Training: The Contractor shall provide training on its obligations under this Exhibit, at its own expense, to all of its employees who assist in the performance of Contractor’s obligations under Contractor’s agreement with CDPH, including this Exhibit, or otherwise use or disclose CDPH PCI. A.The Contractor shall require each employee who receives training to certify, either in hard copy or electronic form, the date on which the training was completed. B.The Contractor shall retain each employee’s certifications for CDPH inspection for a period of three years following contract termination or completion. C.Contractor shall provide CDPH with its employee’s certifications within five (5) business days of a request by CDPH for the employee’s certifications. X.Employee Discipline: Contractor shall impose discipline that it deems appropriate (in its sole discretion) on such employees and other Contractor workforce members under Contractor’s direct control who intentionally or negligently violate any provisions of this Exhibit. County of Fresno 19-10415 Page 4 of 11 Exhibit E Information Privacy and Security Requirements (For Non-HIPAA/HITECH Act Contracts) CDPH IPSR (6-16) XI.Breach and Security Incident Responsibilities: A.Notification to CDPH of Breach or Security Incident: The Contractor shall notify CDPH immediately by telephone call plus email or fax upon the discovery of a breach (as defined in this Exhibit), and within twenty-four (24) hours by email or fax of the discovery of any security incident (as defined in this Exhibit), unless a law enforcement agency determines that the notification will impede a criminal investigation, in which case the notification required by this section shall be made to CDPH immediately after the law enforcement agency determines that such notification will not compromise the investigation. Notification shall be provided to the CDPH Program Contract Manager, the CDPH Privacy Officer and the CDPH Chief Information Security Officer, using the contact information listed in Section XI(F), below. If the breach or security incident is discovered after business hours or on a weekend or holiday and involves CDPH PCI in electronic or computerized form, notification to CDPH shall be provided by calling the CDPH Information Security Office at the telephone numberslisted in Section XI(F), below. For purposes of this Section, breaches and security incidents shall be treated as discovered by Contractor as of the first day on which such breach or security incident is known to the Contractor, or, by exercising reasonable diligence would have been known to the Contractor. Contractor shall be deemed to have knowledge of a breach if such breach is known, or by exercising reasonable diligence would have been known, to any person, other than the person committing the breach, who is a employee or agent of the Contractor. Contractor shall take: 1.prompt corrective action to mitigate any risks or damages involved with the breach or security incident and to protect the operating environment; and 2.any action pertaining to a breach required by applicable federal and state laws, including, specifically, California Civil Code section 1798.29. B.Investigation of Breach and Security Incidents: The Contractor shall immediately investigate such breach or security incident. As soon as the information is known and subject to the legitimate needs of law enforcement, Contractor shall inform the CDPH Program Contract Manager, the CDPH Privacy Officer, and the CDPH Chief Information Security Officer of: 1.what data elements were involved and the extent of the data disclosure or access involved in the breach, including, specifically, the number of individuals whose personal information was breached; and 2.a description of the unauthorized persons known or reasonably believed to have improperly used the CDPH PCI and/or a description of the unauthorized persons known or reasonably believed to have improperly accessed or acquired the CDPH PCI, or to whom it is known or reasonably believed to have had the CDPH PCI improperly disclosed to them; and 3.a description of where the CDPH PCI is believed to have been improperly used or disclosed; and 4.a description of the probable and proximate causes of the breach or security incident; and County of Fresno 19-10415 Page 5 of 11 Exhibit E Information Privacy and Security Requirements (For Non-HIPAA/HITECH Act Contracts) CDPH IPSR (6-16) 5.whether Civil Code section 1798.29 or any other federal or state laws requiring individual notifications of breaches have been triggered. C.Written Report: The Contractor shall provide a written report of the investigation to the CDPH Program Contract Manager, the CDPH Privacy Officer, and the CDPH Chief Information Security Officer as soon as practicable after the discovery of the breach or security incident. The report shall include, but not be limited to, the information specified above, as well as a complete, detailed corrective action plan, including information on measures that were taken to halt and/or contain the breach or security incident, and measures to be taken to prevent the recurrence or further disclosure of data regarding such breach or security incident. D.Notification to Individuals: If notification to individuals whose information was breached is required under state or federal law, and regardless of whether Contractor is considered only a custodian and/or non-owner of the CDPH PCI, Contractor shall, at its sole expense, and at the sole election of CDPH, either: 1.make notification to the individuals affected by the breach (including substitute notification), pursuant to the content and timeliness provisions of such applicable state or federal breach notice laws. Contractor shall inform the CDPH Privacy Officer of the time, manner and content of any such notifications, prior to the transmission of such notifications to the individuals; or 2.cooperate with and assist CDPH in its notification (including substitute notification) to the individuals affected by the breach. E.Submission of Sample Notification to Attorney General: If notification to more than 500 individuals is required pursuant to California Civil Code section 1798.29, and regardless of whether Contractor is considered only a custodian and/or non-owner of the CDPH PCI, Contractor shall, at its sole expense, and at the sole election of CDPH, either: 1.electronically submit a single sample copy of the security breach notification, excluding any personally identifiable information, to the Attorney General pursuant to the format. content and timeliness provisions of Section 1798.29, subdivision (e). Contractor shall inform the CDPH Privacy Officer of the time, manner and content of any such submissions, prior to the transmission of such submissions to the Attorney General; or 2.cooperate with and assist CDPH in its submission of a sample copy of the notification to the Attorney General. F.CDPH Contact Information: To direct communications to the above referenced CDPH staff, the Contractor shall initiate contact as indicated herein. CDPH reserves the right to make changes to the contact information below by verbal or written notice to the Contractor. Said changes shall not require an amendment to this Exhibit or the agreement to which it is incorporated. County of Fresno 19-10415 Page 6 of 11 Exhibit E Information Privacy and Security Requirements (For Non-HIPAA/HITECH Act Contracts) CDPH IPSR (6-16) CDPH Program Contract Manager CDPH Privacy Officer CDPH Chief Information Security Officer See the Scope of Work exhibit for Program Contract Manager Privacy Officer Privacy Office Office of Legal Services California Dept. of Public Health 1415 L Street, 5th Floor Sacramento, CA 95814 Email: privacy@cdph.ca.gov Telephone: (877) 421-9634 Chief Information Security Officer Information Security Office California Dept. of Public Health P.O. Box 997377 MS6302 Sacramento, CA 95899-7413 Email: cdphiso@cdph.ca.gov Telephone: (855) 500-0016 XII.Documentation of Disclosures for Requests for Accounting: Contractor shall document and make available to CDPH or (at the direction of CDPH) to an Individual such disclosures of CDPH PCI, and information related to such disclosures, necessary to respond to a proper request by the subject Individual for an accounting of disclosures of personal information as required by Civil Code section 1798.25, or any applicable state or federal law. XIII.Requests for CDPH PCI by Third Parties: The Contractor and its employees, agents, or subcontractors shall promptly transmit to the CDPH Program Contract Manager all requests for disclosure of any CDPH PCI requested by third parties to the agreement between Contractor and CDPH (except from an Individual for an accounting of disclosures of the individual’s personal information pursuant to applicable state or federal law), unless prohibited from doing so by applicable state or federal law. XIV.Audits, Inspection and EnforcementCDPH may inspect the facilities, systems, books and records of Contractor to monitor compliance with this Exhibit. Contractor shall promptly remedy any violation of any provision of this Exhibit and shall certify the same to the CDPH Program Contract Manager in writing. XV.Return or Destruction of CDPH PCI on Expiration or Termination: Upon expiration or termination of the agreement between Contractor and CDPH for any reason, Contractor shall securely return or destroy the CDPH PCI. If return or destruction is not feasible, Contractor shall provide a written explanation to the CDPH Program Contract Manager, the CDPH Privacy Officer and the CDPH Chief Information Security Officer, using the contact information listed in Section XI(F), above. A.Retention Required by Law: If required by state or federal law, Contractor may retain, after expiration or termination, CDPH PCI for the time specified as necessary to comply with the law. B.Obligations Continue Until Return or Destruction: Contractor’s obligations under this Exhibit shall continue until Contractor returns or destroys the CDPH PCI or returns the CDPH PCI to CDPH; provided however, that on expiration or termination of the agreement between Contractor and CDPH, Contractor shall not further use or disclose the CDPH PCI except as required by state or federal law. County of Fresno 19-10415 Page 7 of 11 Exhibit E Information Privacy and Security Requirements (For Non-HIPAA/HITECH Act Contracts) CDPH IPSR (6-16) C.Notification of Election to Destroy CDPH PCI: If Contractor elects to destroy the CDPH PCI, Contractor shall certify in writing, to the CDPH Program Contract Manager, the CDPH Privacy Officer and the CDPH Chief Information Security Officer, using the contact information listed in Section XI(F), above, that the CDPH PCI has been securely destroyed. The notice shall include the date and type of destruction method used. XVI.Amendment: The parties acknowledge that federal and state laws regarding information security and privacy rapidly evolves and that amendment of this Exhibit may be required to provide for procedures to ensure compliance with such laws. The parties specifically agree to take such action as is necessary to implement new standards and requirements imposed by regulations and other applicable laws relating to the security or privacy of CDPH PCI.The parties agree to promptly enter into negotiations concerning an amendment to this Exhibit consistent with new standards and requirements imposed by applicable laws and regulations. XVII.Assistance in Litigation or Administrative Proceedings: Contractor shall make itself and any subcontractors, workforce employees or agents assisting Contractor in the performance of its obligations under the agreement between Contractor and CDPH, available to CDPH at no cost to CDPH to testify as witnesses, in the event of litigation or administrative proceedings being commenced against CDPH, its director, officers or employees based upon claimed violation of laws relating to security and privacy, which involves inactions or actions by the Contractor, except where Contractor or its subcontractor, workforce employee or agent is a named adverse party. XVIII.No Third-Party Beneficiaries: Nothing express or implied in the terms and conditions of this Exhibit is intended to confer, nor shall anything herein confer, upon any person other than CDPH or Contractor and their respective successors or assignees, any rights, remedies, obligations or liabilities whatsoever. XIX.Interpretation: The terms and conditions in this Exhibit shall be interpreted as broadly as necessary to implement and comply with regulations and applicable State laws. The parties agree that any ambiguity in the terms and conditions of this Exhibit shall be resolved in favor of a meaning that complies and is consistent with federal and state laws and regulations. XX.Survival: If Contractor does not return or destroy the CDPH PCI upon the completion or termination of the Agreement, the respective rights and obligations of Contractor under Sections VI, VII and XI of this Exhibit shall survive the completion or termination of the agreement between Contractor and CDPH. County of Fresno 19-10415 Page 8 of 11 Exhibit E Information Privacy and Security Requirements (For Non-HIPAA/HITECH Act Contracts) CDPH IPSR (6-16) Attachment 1 Contractor Data Security Standards 1.General Security Controls A.Confidentiality Statement. All persons that will be working with CDPH PCI must sign a confidentiality statement. The statement must include at a minimum, General Use, Security and Privacy safeguards, Unacceptable Use, and Enforcement Policies. The statement must be signed by the workforce member prior to access to CDPH PCI. The statement must be renewed annually. The Contractor shall retain each person’s written confidentiality statement for CDPH inspection for a period of three (3) years following contract termination. B.Background check. Before a member of the Contractor’s workforce may access CDPH PCI, Contractor must conduct a thorough background check of that worker and evaluate the results to assure that there is no indication that the worker may present a risk for theft of confidential data. The Contractor shall retain each workforce member’s background check documentation for a period of three (3) years following contract termination. C.Workstation/Laptop encryption. All workstations and laptops that process and/or store CDPH PCI must be encrypted using a FIPS 140-2 certified algorithm, such as Advanced Encryption Standard (AES), with a 128bit key or higher. The encryption solution must be full disk unless approved by the CDPH Information Security Office. D.Server Security. Servers containing unencrypted CDPH PCI must have sufficient administrative, physical, and technical controls in place to protect that data, based upon a risk assessment/system security review. E.Minimum Necessary. Only the minimum necessary amount of CDPH PCI required to perform necessary business functions may be copied, downloaded, or exported. F.Removable media devices. All electronic files that contain CDPH PCI data must be encrypted when stored on any removable media or portable device (i.e. USB thumb drives, floppies, CD/DVD, smart devices tapes etc.). PCI must be encrypted using a FIPS 140-2 certified algorithm, such as Advanced Encryption Standard (AES), with a 128bit key or higher G.Antivirus software. All workstations, laptops and other systems that process and/or store CDPH PCI must install and actively use a comprehensive anti-virus software solution with automatic updates scheduled at least daily. H.Patch Management. All workstations, laptops and other systems that process and/or store CDPH PCI must have operating system and application security patches applied, with system reboot if necessary. There must be a documented patch management process which determines installation timeframe based on risk assessment and vendor recommendations. At a maximum, all applicable patches must be installed within 30 days of vendor release. I.User IDs and Password Controls. All users must be issued a unique user name for accessing CDPH PCI. Username must be promptly disabled, deleted, or the password changed upon the transfer or termination of an employee with knowledge of the password. Passwords are not to be shared. Must be at least eight characters. Must be a non-dictionary County of Fresno 19-10415 Page 9 of 11 Exhibit E Information Privacy and Security Requirements (For Non-HIPAA/HITECH Act Contracts) CDPH IPSR (6-16) word. Must not be stored in readable format on the computer. Must be changed every 60 days. Must be changed if revealed or compromised. Must be composed of characters from at least three of the following four groups from the standard keyboard: •Upper case letters (A-Z) •Lower case letters (a-z) •Arabic numerals (0-9) •Non-alphanumeric characters (punctuation symbols) J.Data Sanitization. All CDPH PCI must be sanitized using NIST Special Publication 800-88 standard methods for data sanitization when the CDPH PCI is no longer needed. 2.System Security Controls A.System Timeout. The system must provide an automatic timeout, requiring reauthentication of the user session after no more than 20 minutes of inactivity. B.Warning Banners. All systems containing CDPH PCI must display a warning banner each time a user attempts access, stating that data is confidential, systems are logged, and system use is for business purposes only. User must be directed to log off the system if they do not agree with these requirements. C.System Logging. The system must maintain an automated audit trail which can identify the user or system process which initiates a request for CDPH PCI, or which alters CDPH PCI. The audit trail must be date and time stamped, must log both successful and failed accesses, must be read only, and must be restricted to authorized users This logging must be included for all user privilege levels including, but not limited to, systems administrators. If CDPH PCI is stored in a database, database logging functionality must be enabled. Audit trail data must be archived for at least 3 years after occurrence. D.Access Controls. The system must use role based access controls for all user authentications, enforcing the principle of least privilege. E.Transmission encryption. All data transmissions of CDPH PCI outside the contractor’s secure internal network must be encrypted using a FIPS 140-2 certified algorithm, such as Advanced Encryption Standard (AES), with a 128bit key or higher. Encryption can be end to end at the network level, or the data files containing CDPH PCI can be encrypted. This requirement pertains to any type of CDPH PCI in motion such as website access, file transfer, and E-Mail. F.Intrusion Detection. All systems involved in accessing, holding, transporting, and protecting CDPH PCI that are accessible via the Internet must be protected by a comprehensive intrusion detection and prevention solution. 3.Audit Controls County of Fresno 19-10415 Page 10 of 11 Exhibit E Information Privacy and Security Requirements (For Non-HIPAA/HITECH Act Contracts) CDPH IPSR (6-16) A.System Security Review. All systems processing and/or storing CDPH PCI must have at least an annual system risk assessment/security review which provides assurance that administrative, physical, and technical controls are functioning effectively and providing adequate levels of protection. Reviews shall include vulnerability scanning tools. B.Log Reviews. All systems processing and/or storing CDPH PCI must have a routine procedure in place to review system logs for unauthorized access. C.Change Control. All systems processing and/or storing CDPH PCI must have a documented change control procedure that ensures separation of duties and protects the confidentiality, integrity and availability of data. 4.Business Continuity / Disaster Recovery Controls A.Disaster Recovery. Contractor must establish a documented plan to enable continuation of critical business processes and protection of the security of electronic CDPH PCI in the event of an emergency. Emergency means any circumstance or situation that causes normal computer operations to become unavailable for use in performing the work required under this agreement for more than 24 hours. B.Data Backup Plan. Contractor must have established documented procedures to securely backup CDPH PCI to maintain retrievable exact copies of CDPH PCI. The backups shall be encrypted.The plan must include a regular schedule for making backups, storing backups offsite, an inventory of backup media, and the amount of time to restore CDPH PCI should it be lost. At a minimum, the schedule must be a weekly full backup and monthly offsite storage of CDPH data. 5.Paper Document Controls A.Supervision of Data. CDPH PCI in paper form shall not be left unattended at any time, unless it is locked in a file cabinet, file room, desk or office. Unattended means that information is not being observed by an employee authorized to access the information. CDPH PCI in paper form shall not be left unattended at any time in vehicles or planes and shall not be checked in baggage on commercial airplanes. B.Escorting Visitors. Visitors to areas where CDPH PCI is contained shall be escorted and CDPH PHI shall be kept out of sight while visitors are in the area. C.Confidential Destruction. CDPH PCI must be disposed of through confidential means, using NIST Special Publication 800-88 standard methods for data sanitization when the CDPH PSCI is no longer needed. D.Removal of Data. CDPH PCI must not be removed from the premises of the Contractor except with express written permission of CDPH. E.Faxing. Faxes containing CDPH PCI shall not be left unattended and fax machines shall be in secure areas. Faxes shall contain a confidentiality statement notifying persons receiving County of Fresno 19-10415 Page 11 of 11 Exhibit E Information Privacy and Security Requirements (For Non-HIPAA/HITECH Act Contracts) CDPH IPSR (6-16) faxes in error to destroy them. Fax numbers shall be verified with the intended recipient before sending. F.Mailing. CDPH PCI shall only be mailed using secure methods. Large volume mailings of CDPH PHI shall be by a secure, bonded courier with signature required on receipt. Disks and other transportable media sent through the mail must be encrypted with a CDPH approved solution, such as a solution using a vendor product specified on the CALIFORNIA STRATEGIC SOURCING INITIATIVE. CCC 04/2017 CERTIFICATION I, the official named below, CERTIFY UNDER PENALTY OF PERJURY that I am duly authorized to legally bind the prospective Contractor to the clause(s) listed below. This certification is made under the laws of the State of California . Contractor/Bidder Firm Name (Printed) County of Fresno By (Authorized Signature) Printed Name and Title of Person Signing Nathan Magsig , Chairman of the Board of Supervisors of the County of Fresno Federal ID Number 94-6000-512 Date Executed Executed in the County oj ATTEST: BERNICE E. SEIDEL Fresno \ \ Clerk of the Board of Supervisors ====at==-============~========= County res ~10 , State of Cal ifornia CONTRACTOR CERTIFICATION CLAUSES 1. STATEMENT OF COMPLIANCE: Contractor has, unless exempted , complied with the nondiscrimination program requirements. (Gov. Code§ 12990 (a-t) and CCR, Title 2, Section 11102) (Not applicable to public entities.) 2. DRUG-FREE WORKPLACE REQUIREMENTS: Contractor will comply with the requirements of the Drug-Free Workplace Act of 1990 and will provide a drug-free workplace by taking the following actions: a. Publish a statement notifying employees that unlawful manufacture, distribution, dispensation, possession or use of a controlled substance is prohibited and specifying actions to be taken against employees for violations. b. Establish a Drug-Free Awareness Program to inform employees about: 1) the dangers of drug abuse in the workplace ; 2) the person's or organization's policy of maintaining a drug-free workplace; 3) any available counseling, rehabilitation and employee assistance programs; and , 4) penalties that may be imposed upon employees for drug abuse violations. c. Every employee who works on the proposed Agreement will: l) receive a copy of the company's drug-free workplace policy statement; and, 2) agree to abide by the terms of the company's statement as a condition of employment on the Agreement. Failure to comply with these requirements may result in suspension of payments under the Agreement or termination of the Agreement or both and Contractor may be ineligible for award of any future State agreements if the department determines that any of the following has occurred: the Contractor has made false certification , or violated the certification by failing to carry out the requirements as noted above. (Gov. Code §8350 et seq.) 3.NATIONAL LABOR RELATIONS BOARD CERTIFICATION: Contractor certifies that no more than one (1) final unappealable finding of contempt of court by a Federal court has been issued against Contractor within the immediately preceding two-year period because of Contractor's failure to comply with an order of a Federal court, which orders Contractor to comply with an order of the National Labor Relations Board. (Pub. Contract Code §10296) (Not applicable to public entities.) 4.CONTRACTS FOR LEGAL SERVICES $50,000 OR MORE- PRO BONO REQUIREMENT: Contractor hereby certifies that Contractor will comply with the requirements of Section 6072 of the Business and Professions Code, effective January 1, 2003. Contractor agrees to make a good faith effort to provide a minimum number of hours of pro bono legal services during each year of the contract equal to the lessor of 30 multiplied by the number of full time attorneys in the firm’s offices in the State, with the number of hours prorated on an actual day basis for any contract period of less than a full year or 10% of its contract with the State. Failure to make a good faith effort may be cause for non-renewal of a state contract for legal services, and may be taken into account when determining the award of future contracts with the State for legal services. 5.EXPATRIATE CORPORATIONS: Contractor hereby declares that it is not an expatriate corporation or subsidiary of an expatriate corporation within the meaning of Public Contract Code Section 10286 and 10286.1, and is eligible to contract with the State of California. 6.SWEATFREE CODE OF CONDUCT: a.All Contractors contracting for the procurement or laundering of apparel, garments or corresponding accessories, or the procurement of equipment, materials, or supplies, other than procurement related to a public works contract, declare under penalty of perjury that no apparel, garments or corresponding accessories, equipment, materials, or supplies furnished to the state pursuant to the contract have been laundered or produced in whole or in part by sweatshop labor, forced labor, convict labor, indentured labor under penal sanction, abusive forms of child labor or exploitation of children in sweatshop labor, or with the benefit of sweatshop labor, forced labor, convict labor, indentured labor under penal sanction, abusive forms of child labor or exploitation of children in sweatshop labor. The contractor further declares under penalty of perjury that they adhere to the Sweatfree Code of Conduct as set forth on the California Department of Industrial Relations website located at www.dir.ca.gov, and Public Contract Code Section 6108. b. The contractor agrees to cooperate fully in providing reasonable access to the contractor’s records, documents, agents or employees, or premises if reasonably required by authorized officials of the contracting agency, the Department of Industrial Relations, or the Department of Justice to determine the contractor’s compliance with the requirements under paragraph (a). 7.DOMESTIC PARTNERS: For contracts of $100,000 or more, Contractor certifies that Contractor is in compliance with Public Contract Code section 10295.3. 8.GENDER IDENTITY: For contracts of $100,000 or more, Contractor certifies that Contractor is in compliance with Public Contract Code section 10295.35. DOING BUSINESS WITH THE STATE OF CALIFORNIA The following laws apply to persons or entities doing business with the State of California. 1.CONFLICT OF INTEREST: Contractor needs to be aware of the following provisions regarding current or former state employees. If Contractor has any questions on the status of any person rendering services or involved with the Agreement, the awarding agency must be contacted immediately for clarification. Current State Employees (Pub. Contract Code §10410): 1). No officer or employee shall engage in any employment, activity or enterprise from which the officer or employee receives compensation or has a financial interest and which is sponsored or funded by any state agency, unless the employment, activity or enterprise is required as a condition of regular state employment. 2). No officer or employee shall contract on his or her own behalf as an independent contractor with any state agency to provide goods or services. Former State Employees (Pub. Contract Code §10411): 1). For the two-year period from the date he or she left state employment, no former state officer or employee may enter into a contract in which he or she engaged in any of the negotiations, transactions, planning, arrangements or any part of the decision-making process relevant to the contract while employed in any capacity by any state agency. 2). For the twelve-month period from the date he or she left state employment, no former state officer or employee may enter into a contract with any state agency if he or she was employed by that state agency in a policy-making position in the same general subject area as the proposed contract within the 12-month period prior to his or her leaving state service. If Contractor violates any provisions of above paragraphs, such action by Contractor shall render this Agreement void. (Pub. Contract Code §10420) Members of boards and commissions are exempt from this section if they do not receive payment other than payment of each meeting of the board or commission, payment for preparatory time and payment for per diem. (Pub. Contract Code §10430 (e)) 2.LABOR CODE/WORKERS' COMPENSATION: Contractor needs to be aware of the provisions which require every employer to be insured against liability for Worker's Compensation or to undertake self-insurance in accordance with the provisions, and Contractor affirms to comply with such provisions before commencing the performance of the work of this Agreement. (Labor Code Section 3700) 3.AMERICANS WITH DISABILITIES ACT: Contractor assures the State that it complies with the Americans with Disabilities Act (ADA) of 1990, which prohibits discrimination on the basis of disability, as well as all applicable regulations and guidelines issued pursuant to the ADA. (42 U.S.C. 12101 et seq.) 4.CONTRACTOR NAME CHANGE: An amendment is required to change the Contractor's name as listed on this Agreement. Upon receipt of legal documentation of the name change the State will process the amendment. Payment of invoices presented with a new name cannot be paid prior to approval of said amendment. 5.CORPORATE QUALIFICATIONS TO DO BUSINESS IN CALIFORNIA: a. When agreements are to be performed in the state by corporations, the contracting agencies will be verifying that the contractor is currently qualified to do business in California in order to ensure that all obligations due to the state are fulfilled. b. "Doing business" is defined in R&TC Section 23101 as actively engaging in any transaction for the purpose of financial or pecuniary gain or profit. Although there are some statutory exceptions to taxation, rarely will a corporate contractor performing within the state not be subject to the franchise tax. c. Both domestic and foreign corporations (those incorporated outside of California) must be in good standing in order to be qualified to do business in California. Agencies will determine whether a corporation is in good standing by calling the Office of the Secretary of State. 6.RESOLUTION: A county, city, district, or other local public body must provide the State with a copy of a resolution, order, motion, or ordinance of the local governing body which by law has authority to enter into an agreement, authorizing execution of the agreement. 7.AIR OR WATER POLLUTION VIOLATION: Under the State laws, the Contractor shall not be: (1) in violation of any order or resolution not subject to review promulgated by the State Air Resources Board or an air pollution control district; (2) subject to cease and desist order not subject to review issued pursuant to Section 13301 of the Water Code for violation of waste discharge requirements or discharge prohibitions; or (3) finally determined to be in violation of provisions of federal law relating to air or water pollution. 8.PAYEE DATA RECORD FORM STD. 204: This form must be completed by all contractors that are not another state agency or other governmental entity. State of California-Health and Human Services Agency California Department of Public Health Contracts and Purch asing Services Section Darfur Contracting Act Pursuant to Public Contract Code (PCC) sections 104 75-10481, the Darfur Contracting Act 's intent is to preclude State agencies from contracting with scrutinized companies that do business in the African nation of Sudan. A scrutinized company is a company doing specified types of business in Sudan as defined in PCC section 104 76 . Scrutinized companies are ineligible to , and cannot , contract with a State agency for goods or services (PCC section 10477(a)) unless obtaining permission from the Department of General Services according to the criteria set forth in PCC section 10477(b). Therefore , to be eligible to contract with the California Department of Public Health, please initial one of the following three paragraphs and complete the certification below : 1. 2 . 3 . NM Initials Initials Initials CERTIFICATION We do not currently have , or we have not had within the previous th ree years , business activities or other operations outside of the United States . OR We are a scrutinized company as defined in Public Contract Code section 104 76, but we have received written permission from the Department of General Services (DGS) to submit a bid or proposal pursuant to Public Contract Code section 10477(b) or submit a contract/purchase order. A copy of the written permission from DGS is included with our bid , proposal or contract/purchase order. OR We currently have, or we have had within the previous three years , business activities or other operations outside of the United States, but we certify below that we are not a scrutinized company as defined in Public Contract Code section 10476. I , the official named below, CERTIFY UNDER PENAL TY OF PERJURY that I am duly authorized to legally bind this company to the clause listed above . This certification is made under the laws of the State of California. Company Name (Printed) Federal ID Number County of Fresno 94-6000-512 By (Authorized Signature) ::5 2 ., z ~) Printed Name and Title of Person Signing ATTEST: Nathan Magsig , Chairman of the Board of Supervisors of the County of Fresno BERNICE E. SEIDEL Date Executed Ex ecuted in the County and State of Cle rk of the Board of Supervisors Coun~ Fre~no , f{ate of California \\ \ \°l\ 10\Ci Fresno , California By ,,-.L~ • • t, Depu ty L) CDPH 9067 (7/17 ) STATE OF CALIFORNIA CALIFORNIA CIVIL RIGHTS LAWS ATTACHMENT DGS OLS 04 (Rev . 01/17) DEPARTMENT OF GENERAL SERVIC ES OFFICE OF LEGAL SERVICES Pursuant to Public Contract Code section 2010 , a person that submits a bid or proposal to , or otherwise proposes to enter into or renew a contract with , a state agency with respect to any contract in the amount of $100 ,000 or above shall certify, under penalty perjury, at the time the bid or proposal is submitted or the contract is renewed , all of the following : 1. CALIFORNIA CIVIL RIGHTS LAWS : For contracts executed or renewed after January 1, 2017 , the contractor certifies compliance with the Unruh Civil Rights Act (Section 51 of the Civil Code) and the Fair Employment and Housing Act (Section 12960 of the Government Code); and 2 . EMPLOYER DISCRIMINATORY POLICIES : For contracts executed or renewed after January 1, 2017, if a Contractor has an internal policy against a sovereign nation or peoples recognized by the United States government , the Contractor certifies that such policies are not used in violation of the Unruh Civil Rights Act (Section 51 of the Civil Code) or the Fair Employment and Housing Act (Section 12960 of the Government Code). CERTIFICATION r-------------------------------------------------------,----------------------, , I, the offic ial named below, certify under penalty of perjury under Federal ID Number ! the laws of the State of California that the foregoing is true and I correct. I I I Proposer/Bidder Firm Name (Printed) I I I County of Fresno 94-6000-512 r--------------------------------------------------------L----------------------7 , By (Authorized Signature) , I ---~:» · I I ---~ I I ~--~ c;..-~-I I -..;;;;;_,.--~ I r-------------------------------------------------------------------------------~ , Printed Name and Title of Person Signing , I I I Nathan Magsig , Chairman of the Board of Supervisors of the County of Fresno I I I r--------------------------------,----------------------------------------------~ , Date Executed , Executed in the County and State of , I I I L _______ \ \\\Ct.~ Q()\S, ____________ L_Fresno , ______ California --::~~~~ E . SEIDEL · Clerk of the Board of Supervisors Countt fl! Fresn,o , State of Cal ifornia By ~~ Deputy California Department of Public Health Name/No.: HIV Surveillance Program Grant (State Grant Agreement No. 19-10415) Fund/Subclass: 0001/10000 Organization #: 56201644 Revenue Account #: 3525