The URL can be used to link to this page

Home My WebLink AboutP-23-486 Streamline Verify LLC..pdf P-23-486 STREAMLINE VERIFY AGREEMENT This STREAMLINE VERIFY AGREEMENT(this"Agreement"),dated as of September 131h,2023 , by and between Streamline Verify LLC, a New Jersey limited liability company("Streamline,""we"or"us"), and the County of Fresno("Client"). In consideration of the agreements and premises hereof,and for other good and valuable consideration,the receipt and sufficiency of which is hereby acknowledged,the parties hereto hereby agree as follows: A. STREAMLINE VERIFY LICENSE. 1. Subject to Client's compliance with this Agreement, Streamline hereby grants to Client and Client hereby accepts a limited,non-exclusive, non-transferable and non-sublicenseable license(the"License")to use and access, and allow Client's Personnel(as defined below)to use and access,the Streamline Verify software and web portal(collectively,"Streamline Verify")to check the Social Security Administration(SSA)Death Master File(DMF)(collectively referred to herein as the"Databases").Client's rights under this Agreement are limited as explicitly set forth in this Agreement and Streamline retains ownership and all other rights to Streamline Verify. 2. Client acknowledges that in order for Streamline Verify to obtain the most accurate results from a search Client will have to enter information which shall include at a minimum:for individuals,the individuals full legal name,date of birth, and social security number. Streamline shall comply with the Business Associate Agreement requirements in Exhibit B. 3. Client may designate employees to access Streamline Verify on Client's behalf("Personnel"). Client agrees to restrict access to Streamline Verify to only Personnel who were registered with Streamline by Client and who have been provided a personal user name and password for access to Streamline Verify. 4. Streamline shall provide Personnel such initial training as is reasonably necessary. Client is solely responsible for training Client's other Personnel and assuring such Personnel's compliance with this Agreement, maintaining the privacy of their passwords and complying with all legal obligations associated with accessing and using Streamline Verify. Notwithstanding anything herein to the contrary, Streamline reserves the right to amend this Agreement with the signed written approval of both parties. Streamline may revise the terms of use of Streamline Verify and/or restrict access to Streamline Verify only after giving thirty(30)days'written notice in order to ensure compliance with this Agreement and all applicable laws. B. INTELLECTUAL PROPERTY. 1. Streamline retains all rights, interests,title and ownership with respect to Streamline Verify and any and all associated software, programs, trade secrets, know-how,developments,specifications,processes,concepts,technology,drawings,tools, ideas and techniques("Streamline Property")and Client acknowledges and agrees that Client has no rights or ownership of Streamline Property whatsoever except for such rights as are explicitly set forth herein. Client may not modify, reverse engineer,decompile,disassemble,re-engineer or otherwise create or permit or assist others to create or access Streamline Verify, or to create any derivative works from Streamline Verify or to combine Streamline Verify with any other software or services except as provided or approved in advance and in writing by Streamline. 2. The license provided hereunder by Streamline to Client may only be used by, and only for the purposes of the Client. Client may not use Streamline Verify or any other services provided by Streamline hereunder except in accordance herewith and only for healthcare facilities that are owned,controlled or managed by Client. Client agrees not to circumvent,directly or indirectly, in any way the terms and restrictions of this Paragraph B.2. C. FEES. 1. Client shall pay Streamline an annual fee in advance of the commencement of each contract year of the term("Annual Fee"). The Annual Fee for the first annual period of the term is$2,475.00. Concurrently with the execution hereof, Client shall pay to Streamline the Annual Fee for the first year in full. The Annual Fee for the first annual period of the term includes searches by Client on Streamline Verify of up to 2,500 Queries per year.The Annual Fee for each additional one year period of the term is$974.40 and includes searches by Client on Streamline Verify of up to 840 Queries per year.The Annual Fee for each additional year of the term shall be paid in full prior to the commencement of each such additional year. In the event Client exceeds the amount of Queries searched during any annual term of the Agreement, Client shall pay an additional$99 per annum for up to an additional 100 Queries.As used herein,"Query"means an individual listing check.This subscription includes up to six users. Each additional user will be$150 annually. 2. Such Annual Fee covers access to and use of Streamline Verify,hereunder may be increased by Streamline to reflect extraordinary factors requiring the Streamline to devote unusual amounts of time and effort to properly perform Streamline's responsibilities hereunder;provided however, that Streamline shall be required to provide at least thirty(30)days'advance written notice of such extraordinary factors, and if Client does not agree and the increased fee is not agreed upon, Client may terminate this Agreement immediately,without penalty. Streamline will invoice Client for Additional Fees as and when incurred and Payment shall be due from Client within thirty(30)days of receipt of the invoice by Client. In the event of any termination of this Agreement, Client shall continue to remain obligated to pay to Streamline all fees for Services provided hereunder prior to the effective date of such termination and shall pay all such fees in accordance herewith. 3. The Annual Fee and Additional Fees is subject to change by us upon annual renewal of the term hereof and with at least thirty(30)days advance written notification of increase. If Client does not agree to the change in Annual Fee, Client may terminate this Agreement immediately, Page 1 of 8 P-23-486 without penalty. In the event that Client fails to pay the Annual Fee and any applicable Additional Fees for any additional annual term in advance or if Client's payment is declined, reversed, returned or otherwise dishonored for any reason, Client's account will be suspended until payment is made. The Annual Fee and Additional Fees do not include any tax of any kind and Client will be responsible to pay for all taxes associated with or required to be collected in connection with such fees. D. TERM AND TERMINATION. 1. This Agreement becomes effective as of the date set forth above in the preamble to this Agreement and shall terminate on June 30, 2024. The initial term of this Agreement may be extended for no more than four(4)one-year periods only upon written approval of both parties at least(30) days before the first day of the next one year extension period.The County's DBH Director or his or her designee is authorized to sign the written approval on behalf of the County based on the Contractors satisfactory performance.The extension of this Agreement by the County is not a waiver or compromise of any default or breach of this Agreement by the Contractor existing at the time of the extension whether or not known to the County. Streamline will send Client an email to the email address that Client has provided to Streamline on Client's application thirty(60)days prior to the beginning of each additional one(1)year term informing Client of the Annual Fee and Additional Fees for such additional year. Client agrees that Streamline will not refund any portion of any fees once paid unless this Agreement is terminated by Client pursuant to Paragraph D.2(a)hereof,in which case Streamline will refund a prorated portion of the fees received. 2. This Agreement may be terminated(a)by Client, upon delivery of notice via email to billingastreamlineverify.com to Streamline, if Streamline breaches any material provision of this Agreement and fails to cure such breach within thirty(30)days after receipt of notice to the email address above specifying the breach; (b)by Client,immediately upon sending notice via email to billinq(@streamlineverify.com to Streamline;or(c) by Streamline,immediately upon sending notice via email to the email address that Client provided to Streamline in its Client application for Streamline Verify if Client breaches any provision of this Agreement. Sections B1, C, E, F and G shall survive any termination or expiration of this Agreement. Upon the expiration or termination of this Agreement for any reason, Client and Personnel will no longer have any access to Streamline Verify, including,previously accessed or generated information. E. SECURITY AND RESTRICTIONS. 1. Streamline shall,in accordance with industry standard security measures,maintain in confidence all personal information provided by Client about Client's employees,vendors and other third-parties,and all related information obtained or maintained by Streamline, and shall not use nor disclose to any third party such confidential information except for the purposes set forth in this Agreement or as Streamline may be required to comply with legal requirements or with requests of governmental agencies. 2. Client may not, and may not permit Personnel to, use Streamline Verify in any unlawful way or for any unlawful activities or other purposes not expressly permitted pursuant to this Agreement. Streamline will vigorously enforce all available legal remedies if any such improper use occurs. 3. Client shall keep all email contact information correct and current at all times. 4. Streamline employs various methods to help safeguard, prevent unauthorized access to,and maintain data security of, Streamline Verify. To the extent the law does not allow Streamline to disclaim any duty with respect to security, Client agrees that intentional misconduct or negligence will be the standard used to measure Streamline's compliance with that duty. 5. Client shall not access,or authorize or enable Personnel to access, Streamline Verify in a manner other than as explicitly permitted hereunder,and shall not access or seek to access data other than Client's data.Any attempt to interfere with Streamline's software,systems or operations or bypass Streamline's security is strictly prohibited and a breach of this Agreement. Client represents and warrants to Streamline that Client and Personnel have the right and authority(legally and otherwise)to access all information that Client and Personnel access through Streamline Verify. 6. Streamline makes no representations, shall have no liability for, and neither warrants, vouches for, nor authenticates, the reliability of information contained within the Databases nor does Streamline guarantee the accuracy,adequacy,quality,validity,completeness,or suitability of the information obtained from the Databases for any purpose. Client agrees that, except for the specific duties of Streamline as set forth herein, Client shall have the sole responsibility to evaluate the information and to comply with all local, state and federal laws pertaining to the investigation and protection of such information, as well as the protection of all rights of any person or persons accused of any wrongdoing. 7. Client must confirm with information obtained from various government provided listings the information reported on each potential match before drawing any conclusions.The information reported may not be complete.It is also possible that information may exist,but has not been reported by the agencies accessed by Streamline. Streamline does not add any information to the report, nor attempt to merge files from the same or different sources.Also Client acknowledges that Streamline neither verifies credentials nor obtains information from court records. Client must make the final determination of whether the information provided by Streamline is identifiable with the individual or entity searched by Client. 8. Client shall comply with this Agreement and other terms and conditions and policies posted on Streamline's Website and/or on the Streamline Verify portal. Streamline reserves the right to change the terms of use or other policies at any time,provided that such changes will only be prospective. F. LIMITATIONS OF LIABILITY. Page 2 of 8 P-23-486 1. STREAMLINE VERIFY AND ALL COMPONENTS THEREOF AND ALL OTHER SERVICES PROVIDED BY STREAMLINE HEREUNDER ARE PROVIDED"AS IS,"WITHOUT WARRANTIES OF ANY KIND. STREAMLINE DISCLAIMS ALL WARRANTIES, EXPRESS AND IMPLIED, INCLUDING WITHOUT LIMITATION ANY AND ALL WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. STREAMLINE DOES NOT WARRANT THAT THE DATA PROVIDED BY STREAMLINE OR OBTAINED BY CLIENT FROM STREAMLINE OR STREAMLINE VERIFY WILL MEET CLIENT'S REQUIREMENTS OR THAT THE OPERATION OF STREAMLINE VERIFY WILL BE UNINTERRUPTED OR WITHOUT ERROR. CLIENT ACKNOWLEDGES THAT IT IS SOLELY RESPONSIBLE FOR THE ACCURACY OF THE DATA PROVIDED TO STREAMLINE. CLIENT ALSO ACKNOWLEDGES THAT ANY DATA PROVIDED BY ANY THIRD PARTY SOURCES MAY BE ERRONEOUS, INCOMPLETE, UNTIMELY,AND ONE OR MORE OF THE DATABASES MAY NOT BE AVAILABLE WHICH MAY ADVERSELY IMPACT THE ACCURACY OF THE SERVICES AND INFORMATION PROVIDED HEREUNDER. CLIENT ACKNOWLEDGES THAT ADDITIONAL INFORMATION REGARDING INDIVIDUALS AND ENTITIES MAY BE REQUIRED TO MATCH RECORDS WITH CERTAIN DATABASES AND THAT RESULTS FROM SUCH DATABASES MAY BE INCOMPLETE AND/OR UNRELIABLE. 2. STREAMLINE SHALL NOT BE LIABLE FOR ANY SPECIAL, INDIRECT, INCIDENTAL OR CONSEQUENTIAL DAMAGES(INCLUDING LOSS OF USE,DATA, BUSINESS OR PROFITS)ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT,THE SERVICES PROVIDED HEREUNDER OR THE USE OF STREAMLINE VERIFY,WHETHER SUCH LIABILITY ARISES FROM ANY CLAIM BASED UPON CONTRACT,WARRANTY,TORT(INCLUDING NEGLIGENCE), STRICT LIABILITY OR OTHERWISE,WHETHER OR NOT CLIENT HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH LOSS OR DAMAGE,AND WHETHER OR NOT THE SERVICES HEREUNDER ARE FOUND TO HAVE FAILED OF THEIR ESSENTIAL PURPOSE. STREAMLINE'S TOTAL LIABILITY FROM ALL CAUSES OF ACTION AND ALL THEORIES OF LIABILITY WILL IN NO EVENT EXCEED AN AGGREGATE MAXIMUM OF THE LESSER OF(1)$1,000,000.00 AND(II)THE MAXIMUM COVERAGE PROVIDED UNDER STREAMLINE'S INSURANCE POLICIES COVERING SUCH MATTERS. 3. Streamline shall indemnify and hold harmless and defend Client(including its officers,agents,employees, and volunteers)against all claims,demands, injuries,damages,costs,expenses(including attorney fees and costs),fines,penalties,and liabilities of any kind to the Client, Streamline,or any third party that arise from or relate to the performance or failure to perform by Streamline(or any of its officers,agents, subcontractors,or employees)under this Agreement except where explicitly stated herein. Client may conduct or participate in its own defense without affecting Streamline's obligation to indemnify and hold harmless or defend Client. 4. Streamline shall comply with all the insurance requirements in Exhibit A of this Agreement. 5. Streamline Verify may provide links to various websites that it does not control.When Client clicks on one of these links, Client will be transferred out of Streamline Verify and connected to the website of the organization or company that Client selected. Streamline shall not be responsible for the nature,quality or accuracy of the content or opinions expressed on such websites,and such websites are not investigated, monitored or checked for quality,accuracy or completeness by Streamline. Inclusion of any linked website by Streamline Verify does not imply or express an approval or endorsement of the linked website by Streamline,or of any of the content,opinions, products or services provided on these websites. Each of these linked sites maintains its own independent privacy and data collection policies and procedures.Although Streamline expects such third-parties and Streamline's partners and affiliates to respect the privacy of Client, Streamline cannot and shall not be responsible for the actions of third parties. If Client visits a website that is linked to from Streamline Verify, Streamline encourages Client to consult that website's privacy policy before providing any personal information and whenever interacting with any website. 6. Client understands and acknowledges that access to Streamline Verify services and access will be provided over various facilities and communications lines, and information will be transmitted over local exchange and internet backbone carrier lines and through routers,switches, and other devices owned, maintained, and serviced by third-party carriers,utilities,and internet service providers,all of which are beyond Streamline's control. Streamline assumes no liability for or relating to the integrity, privacy,security,confidentiality,or use of any information while it is transmitted in such manner,or any delay,failure, interruption, interception,loss,transmission,or corruption of any data or other information attributable to transmission in such manner. Transmission of information is solely at Client's own risk and is subject to all applicable local,state,national, and international laws. G. MISCELLANEOUS PROVISIONS. 1. The waiver by either party of a breach of any provision of this Agreement shall not operate or be interpreted as a waiver of any other or subsequent breach. 2. Headings used in this Agreement are for reference purposes only and shall in no way define,limit,construe or describe the scope or extent of such section or in any way affect this Agreement. 3. This Agreement will be governed and construed in accordance with the laws of the United States of America and the States of New Jersey and California. 4. The parties to this Agreement are independent contractors, and no agency, partnership,joint venture or employee-employer relationship is intended or created by this Agreement.Neither party will have the power to bind the other or incur obligations on the other's behalf without the other's prior written consent. 5. Streamline may send notices to Client by sending notice via email or regular mail using the contact information under"Subscriber Contact Info"below.Any changes to this Agreement require the signed written consent of the parties. Page 3 of 8 P-23-486 6. Neither party hereto may(by operation of law or otherwise)transfer,assign or sublicense this Agreement nor any rights or obligations hereunder without the other party's prior written consent. 7. During the term of this Agreement and for a period of two(2)years after the termination of this Agreement for any reason whatsoever(the "Restricted Period"), Client shall not,directly or indirectly,either on its own account or for any person,firm, partnership,company,or other entity, (i) solicit,interfere with,or endeavor to cause any employee,consultant or contractor of Streamline to leave his employment or other engagement with Streamline;or(ii)induce or attempt to induce any such employee,consultant or contractor to breach his/her agreement with Streamline. 8. This Agreement sets forth the entire understanding and agreement of the parties and supersedes any and all oral or written agreements or understandings between the parties as to the subject matter of this Agreement. Except as otherwise explicitly set forth herein,this Agreement may be changed only by a writing signed by both parties.Neither party is relying upon any warranties,representations,assurances or inducements not expressly set forth herein. 9. Except for payment obligations, neither party will be responsible for any failure or delay in its performance under this Agreement due to causes beyond its reasonable control,including but not limited to labor disputes,strikes,lockouts,civil disorder,disruptions of telecommunications services,shortages of or inability to obtain labor,energy,raw materials or supplies,war,riot, acts of God,governmental action,or unavailability of the Databases. 10. Streamline shall not be liable for any lost or delayed e-mail messages or attachments. 11. Streamline represents that neither it nor any of its employees has been excluded or debarred from participation in any federal or state health care program;neither it nor any of its employees currently appears on the Office of Inspector General's List of Excluded Individuals/Entities. [Signature Page Follows] Page 4 of 8 P-23-486 IN WITNESS WHEREOF,the parties hereto have duly executed this Agreement as of the date set forth below. Date: September 13th, 2023 STREAMLINE VERIFY LLC COUNTY OF FRESNO Digitally signed by Gary Gary Comuelle By,Cornuelle Date:2023.09.13 By: fiery (Toe--e- �/G 11:15:44-0T00' Name: Jeffrey Josefovic Name: Gary E.Cornuelle Title: Chief Operating Officer Title: Purchasing Manager 333 W.Pontiac Way Clovis, CA 93612 Subscriber Contact Info: Company Name: Department Behavioral Health Accounts Payable Contact Info Address: 1925 E.Dakota Avenue Send Invoices To: Fresno County Department of Behavioral Health Contact Susan Holt, Director of Behavioral Health&Public NamelTitle: Guardian Address: 1925 E.Dakota Avenue dbh-invoices(a)fresnocountyca.gov; Email: sholt@fresnocountyca.gov Email: dbhinvoicereview(a)fresnocountyca.gov; dbhcontractedservicesdivision fresnocoun ca. ov Phone: 559-600-9193 Phone: Streamline Contact Info: Account Rep: Dov Schechter Street: 100 Boulevard of the Americas, Lakewood, NJ 08701 Email: Dov.s@streamlineverify.com Email: Billingna streamlineverify.com Phone: 732-276-4203 [Signature Page to Streamline Verify Terms and Conditions] 5of8 P-23-486 ADDENDUM FOR ACCESS TO DEATH MASTER FILE DATA This Addendum("Addendum"),dated as of September 13th, 2023 by and between Streamline Verify, a New Jersey limited liability company("Streamline,""we"or"us"),and the County of Fresno("Client")(collectively,the"Parties")governs queries against and other access to Death Master File("DMF")data using the Streamline Verify application.This Addendum amends and supplements the Agreement between Streamline and Client, and applies with respect to the DMF access data described herein only.Unless notice is provided by Streamline otherwise,the term of this Addendum shall run in parallel to the Agreement. In the event there is any inconsistency between the Agreement and this Addendum,this Addendum shall govern. Pursuant to paragraph AA of the Agreement, under which Streamline reserved the right to revise and/or restrict the Agreement in order to ensure compliance with all applicable laws,the Parties hereto hereby agree as follows: A. DEFINITIONS. Capitalized terms that appear in this Addendum that are not defined herein have the same meaning as in the Agreement.For purposes of this Addendum,these terms are defined as follows: 1. DMF:The federal Death Master File maintained by NTIS. 2. NTIS: National Technical Information Service, U.S.Department of Commerce. 3. Open Access DMF:The DMF product made available by NTIS which does not include DMF data with respect to any deceased individual at any time during the three-calendar-year period beginning on the date of the individual's death. 4. Limited Access DMF: Limited Access DMF includes DMF data with respect to any deceased individual at any time during the three-calendar-year period beginning on the date of the individual's death. Limited Access DMF is made available by Streamline Verify as an NTIS Certified Person.This Addendum governs Client's access to Limited Access DMF through Streamline Verify,whether full or partial Limited Access DMF records or indicators of deceased status,and via any format, including in particular through the Client's license to use Streamline Verify(as defined in the Agreement). Limited Access DMF does not include an individual element of information (name,social security number,date of birth,or date of death)in the possession of the Client obtained through a source independent of Streamline Verify. If the Client obtains,or a third party subsequently provides to the Client, death information (i.e.,the name,social security account number,date of birth, or date of death)independently,such information in the possession of the Client is not Limited Access DMF covered by this Addendum. Fact of Death (defined below)is not Limited Access DMF. 5. Fact of Death:Fact of Death means the fact,taken alone,that a person is no longer living. Fact of Death is not equivalent to date of death, and Fact of Death is not itself Limited Access DMF. B. CERTIFICATION By marking the box directly below, Client agrees that it will not access or seek to access Limited Access DMF through Streamline Verify. Neither Fact of Death nor Open Access DMF are Limited Access DMF.Clients who mark the box directly below are not subject to the certifications and requirements of parts(1)-(3)of this Paragraph B: ❑ Client agrees and certifies that it will not access Limited Access DMF through Streamline Verify. If Client intends to access or does access Limited Access DMF through Streamline Verify,then as a condition for any such access, Client hereby certifies and agrees that it has the indicated permissible purpose(s)under part(1)of this Paragraph B ("Certification"),that it meets the requirements of parts(2)and(3)of this Paragraph B: 1. Client has a legitimate fraud prevention interest,or has a legitimate business purpose pursuant to a law,governmental rule, regulation,or fiduciary duty,and will use Limited Access DMF only for such purpose(s), and specifies the basis for so certifying as(Client:choose any applicable purposes that apply to your use): ❑ Legitimate Fraud Prevention Interest: Client has a legitimate fraud prevention interest to detect and prevent fraud and/or to confirm identities across its commercial business and/or government activities. and/or 6of8 P-23-486 x Legitimate Business Purpose Pursuant to a Law, Governmental Rule, Regulation,or Fiduciary Duty: Client has one or more of the purposes permitted under 42 USC 1306c including fraud prevention and identity verification purposes. Client's specific purpose(s)for obtaining Limited Access DMF data under this Addendum is: Fraud Prevention and identity verification purposes; For uses permitted or required by law; X For uses permitted or required by governmental rules; For uses permitted or required by regulation; For uses necessary to fulfill or avoid violating fiduciary duties. and 2. Client has systems,facilities,and procedures in place to safeguard Limited Access DMF,and experience in maintaining the confidentiality, security, and appropriate use of such information,pursuant to requirements similar to the requirements of section 6103(p)(4)of the Internal Revenue Code of 1986,as amended;and 3. Client agrees to satisfy the requirements of such section 6103(p)(4)as if such section applied to Client. C. DISCLOSURE OF Limited Access DMF 1. Client agrees that it will not disclose Limited Access DMF it obtains pursuant to this Agreement or Addendum to any third party(including affiliates of or other persons or business entities related to the Client),for any purpose. D. INDEMNIFICATION 1. Client agrees to defend, indemnify, and hold harmless Streamline and each of its affiliates and representatives from losses resulting from any claims brought by a third party resulting from Client's alleged breach of Paragraph B or Paragraph C of this Addendum.This includes,without limitation, indemnification for(i)any fines or regulatory penalties assessed against Streamline arising from Client's alleged breach of Paragraphs B or C of this Addendum; and(ii)consequential,indirect, incidental,or other damages arising from other regulatory or enforcement action taken against Streamline arising from Client's alleged breach of Paragraphs B or C of this Addendum(e.g.,damages arising from revocation of Streamline's certification to access Limited Access DMF from NTIS as a result of such breach). AUTHORIZATION AND ACCEPTANCE OF TERMS I HEREBY CERTIFY that I am authorized to execute this Addendum on behalf of the Client and that I have direct knowledge of the facts stated above. IN WITNESS WHEREOF,the Parties hereto have duly executed this Addendum as of the date set forth below. Date: September 13th, 2023 STREAMLINE VERIFY LLC COUNTY OF FRESNO Digitally signed by Gary T Gary Connuelle .13 By: By.Cornuelle 10:30:57-07'00'Name: Jeffrey Josefovic Name: Name: Gary E.Cornuelle Title: Chief Operating Officer Title: Purchasing Manager 333 W. Pontiac Way Clovis CA 93612 7of8 P-23-486 8of8 P-23-486 Exhibit A Insurance Requirements 1. Required Policies Without limiting the County's right to obtain indemnification from the Contractor or any third parties, Contractor, at its sole expense, shall maintain in full force and effect the following insurance policies throughout the term of this Agreement. (A) Commercial General Liability. Commercial general liability insurance with limits of not less than Two Million Dollars ($2,000,000) per occurrence and an annual aggregate of Four Million Dollars ($4,000,000). This policy must be issued on a per occurrence basis. Coverage must include products, completed operations, property damage, bodily injury, personal injury, and advertising injury. The Contractor shall obtain an endorsement to this policy naming the County of Fresno, its officers, agents, employees, and volunteers, individually and collectively, as additional insureds, but only insofar as the operations under this Agreement are concerned. Such coverage for additional insureds will apply as primary insurance and any other insurance, or self-insurance, maintained by the County is excess only and not contributing with insurance provided under the Contractor's policy. (B) Workers Compensation. Workers compensation insurance as required by the laws of the State of California with statutory limits. Contractor shall comply with all Workers' Compensation laws required by their jurisdiction. (C) Employer's Liability. Employer's liability insurance with limits of not less than One Million Dollars ($1,000,000) per occurrence for bodily injury and for disease. (D)Technology Professional Liability (Errors and Omissions). Technology professional liability (errors and omissions) insurance with limits of not less than Two Million Dollars ($2,000,000) per occurrence and in the aggregate. Coverage must encompass all of the Contractor's obligations under this Agreement, including but not limited to claims involving Cyber Risks. (E) Cyber Liability. Cyber liability insurance with limits of not less than Two Million Dollars ($2,000,000) per occurrence. Coverage must include claims involving Cyber Risks. The cyber liability policy must be endorsed to cover the full replacement value of damage to, alteration of, loss of, or destruction of intangible property (including but not limited to information or data) that is in the care, custody, or control of the Contractor. Definition of Cyber Risks. "Cyber Risks" include but are not limited to (i) Security Breach, which may include Disclosure of Personal Information to an Unauthorized Third Party; (ii) data breach; (iii) breach of any of the Contractor's obligations this Agreement; (iv) system failure; (v) data recovery; (vi) failure to timely disclose data breach or Security Breach; (vii) failure to comply with privacy policy; (viii) payment card liabilities and costs; (ix) infringement of intellectual property, including but not limited to infringement of copyright, trademark, and trade dress; (x) invasion of privacy, including release of private information; (xi) information theft; (xii) damage to or destruction or alteration of electronic information; (xiii) cyber extortion; (xiv) extortion related to the Contractor's obligations under this Agreement regarding electronic information, including Personal Information; (xv) fraudulent instruction; (xvi) funds transfer fraud; (xvii) D-1 P-23-486 Exhibit A telephone fraud; (xviii) network security; (xix) data breach response costs, including Security Breach response costs; (xx) regulatory fines and penalties related to the Contractor's obligations under this Agreement regarding electronic information, including Personal Information; and (xxi) credit monitoring expenses. If the Contractor is a governmental entity, it may satisfy the policy requirements above through a program of self-insurance, including an insurance pooling arrangement or joint exercise of powers agreement. 2. Additional Requirements (A) Verification of Coverage. Within 30 days after the Contractor signs this Agreement, and at any time during the term of this Agreement as requested by the County's Risk Manager or the County Administrative Office, the Contractor shall deliver, or cause its broker or producer to deliver, to the County Risk Manager, at 2220 Tulare Street, 16th Floor, Fresno, California 93721, or HRRiskManagement@fresnocountyca.gov, and by mail or email to the person identified to receive notices under this Agreement, certificates of insurance and endorsements for all of the coverages required under this Agreement. (i) Each insurance certificate must state that: (1) the insurance coverage has been obtained and is in full force; (2) the County, its officers, agents, employees, and volunteers are not responsible for any premiums on the policy; and (3) the Contractor has waived its right to recover from the County, its officers, agents, employees, and volunteers any amounts paid under any insurance policy required by this Agreement and that waiver does not invalidate the insurance policy. (ii) The commercial general liability insurance certificate must also state, and include an endorsement, that the County of Fresno, its officers, agents, employees, and volunteers, individually and collectively, are additional insureds insofar as the operations under this Agreement are concerned. The commercial general liability insurance certificate must also state that the coverage shall apply as primary insurance and any other insurance, or self-insurance, maintained by the County shall be excess only and not contributing with insurance provided under the Contractor's policy. (iii) The technology professional liability insurance certificate must also state that coverage encompasses all of the Contractor's obligations under this Agreement, including but not limited to claims involving Cyber Risks, as that term is defined in this Agreement. (iv) The cyber liability insurance certificate must also state that it is endorsed, and include an endorsement, to cover the full replacement value of damage to, alteration of, loss of, or destruction of intangible property (including but not limited to information or data) that is in the care, custody, or control of the Contractor. (B) Acceptability of Insurers. All insurance policies required under this Agreement must be issued by admitted insurers licensed to do business in the State of California and D-2 P-23-486 Exhibit A possessing at all times during the term of this Agreement an A.M. Best, Inc. rating of no less than A: VII. (C) Notice of Cancellation or Change. For each insurance policy required under this Agreement, the Contractor shall provide to the County, or ensure that the policy requires the insurer to provide to the County, written notice of any cancellation or change in the policy as required in this paragraph. For cancellation of the policy for nonpayment of premium, the Contractor shall, or shall cause the insurer to, provide written notice to the County not less than 10 days in advance of cancellation. For cancellation of the policy for any other reason, and for any other change to the policy, the Contractor shall, or shall cause the insurer to, provide written notice to the County not less than 30 days in advance of cancellation or change. The County in its sole discretion may determine that the failure of the Contractor or its insurer to timely provide a written notice required by this paragraph is a breach of this Agreement. (D) County's Entitlement to Greater Coverage. If the Contractor has or obtains insurance with broader coverage, higher limits, or both, than what is required under this Agreement, then the County requires and is entitled to the broader coverage, higher limits, or both. To that end, the Contractor shall deliver, or cause its broker or producer to deliver, to the County's Risk Manager certificates of insurance and endorsements for all of the coverages that have such broader coverage, higher limits, or both, as required under this Agreement. (E) Waiver of Subrogation. The Contractor waives any right to recover from the County, its officers, agents, employees, and volunteers any amounts paid under the policy of worker's compensation insurance required by this Agreement. The Contractor is solely responsible to obtain any policy endorsement that may be necessary to accomplish that waiver, but the Contractor's waiver of subrogation under this paragraph is effective whether or not the Contractor obtains such an endorsement. (F) County's Remedy for Contractor's Failure to Maintain. If the Contractor fails to keep in effect at all times any insurance coverage required under this Agreement, the County may, in addition to any other remedies it may have, suspend or terminate this Agreement upon the occurrence of that failure, or purchase such insurance coverage, and charge the cost of that coverage to the Contractor. The County may offset such charges against any amounts owed by the County to the Contractor under this Agreement. (G)Subcontractors. The Contractor shall require and verify that all subcontractors used by the Contractor to provide services under this Agreement maintain insurance meeting all insurance requirements provided in this Agreement. This paragraph does not authorize the Contractor to provide services under this Agreement using subcontractors. D-3 P-23-486 Exhibit B Health Insurance Portability and Accountability Act (HIPAA) 1. The County is a Covered Entity ("County" or"Covered Entity" or"Client"), and the Streamline Verify is a Business Associate ("Streamline" or"Business Associate") as these terms are defined by 45 CFR 160.103. In connection with providing services under the Agreement, the parties anticipate that the Streamline will create and/or receive Protected Health Information ("PHI") from or on behalf of the County. The parties enter into this Business Associate Agreement (BAA) to comply with the Business Associate requirements of HIPAA, to govern the use and disclosures of PHI under this Agreement. "HIPAA Rules" shall mean the Privacy, Security, Breach Notification, and Enforcement Rules at 45 CFR Parts 160 and 164. 2. The parties to this Agreement shall be in strict conformance with all applicable federal and State of California laws and regulations, including, but not limited to California Welfare and Institutions Code sections 5328, 10850, and 14100.2 et seq.; 42 CFR 2; 42 CFR 431; California Civil Code section 56 et seq.; the Health Insurance Portability and Accountability Act of 1996, as amended ("HIPAA"), including, but not limited to, 45 CFR Parts160, 45 CFR 162, and 45 CFR 164; the Health Information Technology for Economic and Clinical Health Act ("HITECH") regarding the confidentiality and security of patient information, including, but not limited to 42 USC 17901 et seq.; and the Genetic Information Nondiscrimination Act ("GINA") of 2008 regarding the confidentiality of genetic information. 3. Except as otherwise provided in this Agreement, Streamline, as a business associate of the County, may use or disclose Protected Health Information ("PHI") to perform functions, activities or services for or on behalf of the County, as specified in this Agreement, provided that such use or disclosure shall not violate HIPAA Rules. The uses and disclosures of PHI may not be more expansive than those applicable to the County, as the "Covered Entity" under the HIPAA Rules, except as authorized for management, administrative or legal responsibilities of Streamline. 4. Streamline shall protect, from unauthorized access, use, or disclosure of names and other identifying information concerning persons receiving services pursuant to this Agreement, except where permitted in order to carry out data aggregation purposes for health care operations. (45 CFR Sections 164.504 (e)(2)(i), 164.504 (3)(2)(ii)(A), and 164.504 (e)(4)(i).) F-1 P-23-486 Exhibit B Health Insurance Portability and Accountability Act (HIPAA) This pertains to any and all persons receiving services pursuant to a County funded program. Streamline shall not use such identifying information for any purpose other than carrying out Streamline's obligations under this Agreement. 5. Streamline shall not disclose any such identifying information to any person or entity, except as otherwise specifically permitted by this Agreement, authorized by law, or authorized by the client/patient. 6. For purposes of the above sections, identifying information shall include, but not be limited to name, identifying number, symbol, or other identifying particular assigned to the individual, such as finger or voice print, or a photograph. 7. Streamline shall provide access, at the request of County, and in the time and manner designated by County, to PHI in a designated record set (as defined in 45 CFR Section 164.501), to an individual or to County in order to meet the requirements of 45 CFR Section164.524 regarding access by individuals to their PHI. Streamline shall make any amendment(s) to PHI in a designated record set at the request of County, and in the time and manner designated by County in accordance with 45 CFR Section 164.526. Streamline shall provide to County or to an individual, in a time and manner designated by County, information collected in accordance with 45 CFR Section 164.528, to permit County to respond to a request by the individual for an accounting of disclosures of PHI in accordance with 45 CFR Section 164.528. 8. Streamline shall report to County, in writing, any knowledge or reasonable belief that there has been unauthorized access, viewing, use, disclosure, or breach of PHI not permitted by this Agreement, and any breach of unsecured PHI of which it becomes aware, immediately and without reasonable delay and in no case later than two (2) business days of discovery. Immediate notification shall be made to County's Information Security Officer and Privacy Officer and DBH's HIPAA Representative, within two (2) business days of discovery. The notification shall include, to the extent possible, the identification of each individual whose unsecured PHI has been, or is reasonably believed to have been, accessed, acquired, used, F-2 P-23-486 Exhibit B Health Insurance Portability and Accountability Act (HIPAA) disclosed, or breached. Streamline shall take prompt corrective action to cure any deficiencies and any action pertaining to such unauthorized disclosure required by applicable Federal and State Laws and regulations. Streamline shall investigate such breach and is responsible for all notifications required by law and regulation or deemed necessary by County and shall provide a written report of the investigation and reporting required to County's Information Security Officer and Privacy Officer and DBH's HIPAA Representative. This written investigation and description of any reporting necessary shall be postmarked within the thirty (30) working days of the discovery of the breach to the addresses below: County of Fresno County of Fresno County of Fresno Department of Public Health Department of Public Health Department of Internal HIPAA Representative Privacy Officer Services (559) 600-6439 (559) 600-6405 Information Security Officer P.O. Box 11867 P.O. Box 11867 (559) 600-5800 Fresno, California 93775 Fresno, California 93775 2048 North Fine Street Fresno, California 93727 9. Streamline shall make its internal practices, books, and records relating to the use and disclosure of PHI received from County, or created or received by Streamline on behalf of County, available to the United States Department of Health and Human Services upon demand. 10. Safe-guards Streamline shall implement administrative, physical, and technical safeguards as required by 45 CFR 164.308, 164.310, and 164.312 that reasonably and appropriately protect the confidentiality, integrity, and availability of PHI, including electronic PHI, that it creates, receives, maintains or transmits on behalf of County; and to prevent access, use or disclosure of PHI other than as provided for by this Agreement. Streamline shall develop and maintain a written information privacy and security program that includes administrative, technical and physical safeguards appropriate to the size and complexity of Streamline's operations and the nature and scope of its activities. Upon County's request, Streamline shall provide County with information concerning such safeguards. Streamline shall implement strong access controls and other security safeguards F-3 P-23-486 Exhibit B Health Insurance Portability and Accountability Act (HIPAA) and precautions in order to restrict logical and physical access to confidential, personal (e.g., PHI) or sensitive data to authorized users only. 11. Mitigation of Harmful Effects Streamline shall mitigate, to the extent practicable, any harmful effect that is known to Streamline of an unauthorized access, viewing, use, disclosure, or breach of PHI by Streamline or its subcontractors in violation of the requirements of these provisions. 12. Streamline's Subcontractors Streamline shall ensure that any of its subcontractors, if applicable, to whom Streamline provides PHI received from or created or received by Streamline on behalf of County, agree to the same restrictions and conditions that apply to Streamline with respect to such PHI; and to incorporate, when applicable, the relevant provisions of these provisions into each subcontract or sub-award to such subcontractors. 13. Effect of Termination Upon termination or expiration of this Agreement for any reason, Streamline shall return or destroy all PHI received from County (or created or received by Streamline on behalf of County) that Streamline still maintains in any form, and shall retain no copies of such PHI. If return or destruction of PHI is not feasible, it shall continue to extend the protections of these provisions to such information, and limit further use of such PHI to those purposes that make the return or destruction of such PHI infeasible. This provision shall apply to PHI that is in the possession of subcontractors or agents, if applicable, of Streamline. If Streamline destroys the PHI data, a certification of date and time of destruction shall be provided to the County by Streamline. 14. Interpretation The terms and conditions in these provisions shall be interpreted as broadly as necessary to implement and comply with HIPAA, the HIPAA regulations and applicable State laws. The parties agree that any ambiguity in the terms and conditions of these provisions shall be resolved in favor of a meaning that complies and is consistent with HIPAA and the HIPAA regulations. F-4 P-23-486 Exhibit B Health Insurance Portability and Accountability Act (HIPAA) 15. Regulatory References A reference in the terms and conditions of these provisions to a section in the HIPAA regulations means the section as in effect or as amended. 16. Survival The respective rights and obligations of Streamline as stated in this Section shall survive the termination or expiration of this Agreement. F-5