HomeMy WebLinkAboutAgreement A-24-104 with Pacific Storage Company.pdf Agreement No. 24-104
1 SERVICE AGREEMENT
2 This Service Agreement ("Agreement") is dated March 5, 2024 and is between
3 Pacific Storage Company, a California corporation ("Contractor"), and the County of Fresno, a
4 political subdivision of the State of California ("County").
5 Recitals
6 A. The County has need for countywide confidential document shredding and information
7 media destruction services.
8 B. On November 29, 2023, the County issued a Request for Quotation (RFQ) No. 24-026
9 for confidential document shredding and information media destruction services. The RFQ
10 closed on December 22, 2023, and the Contractor submitted the lowest overall bid for the
11 requested services throughout the projected term. The RFQ and Contractor's Response to the
12 RFQ are incorporated herein by reference.
13 C. The County desires to engage the Contractor to perform confidential document
14 shredding and information media destruction services. The Contractor is qualified and willing to
15 perform these services as described in this Agreement.
16 The parties therefore agree as follows:
17 Article 1
18 Contractor's Services
19 1.1 Scope of Services. The Contractor shall perform all of the services provided in
20 Exhibit A to this Agreement.
21 1.2 Representation. The Contractor represents that it is qualified, ready, willing, and
22 able to perform all of the services provided in this Agreement.
23 1.3 Compliance with Laws. The Contractor shall, at its own cost, comply with all
24 applicable federal, state, and local laws and regulations in the performance of its obligations
25 under this Agreement, including but not limited to workers compensation, labor, and
26 confidentiality laws and regulations.
27 1.4 Data Security. The Contractor will follow present practices as outlined in Exhibit F.
28
1
1 1.5 HIPPA Compliance. The Contractor will follow present practices as outlined in
2 Exhibit G.
3 1.6 Hostage Situations. The Contractor will follow present practices as outlined in
4 Exhibit H.
5 1.7 Background Check and ID Badges. The Contractor will follow present practices as
6 outlined in Exhibit I.
7 Article 2
8 County's Responsibilities
9 2.1 The County shall provide a County representative to represent the County and who
10 will serve as a point of contact for the Contractor in the fulfillment of its duties under this
11 Agreement with the County. The County Representative will be the County Internal Services
12 Department's Facility Services Manager, and/or their designees. The Contractor shall provide a
13 contact person to the County Representative upon execution of this Agreement.
14 2.2 The County shall provide the Contractor with a list of all of the County facilities to be
15 serviced by the Contractor under this Agreement, which shall further specify the particular
16 department and/or the division of the County to which the services for each such facility shall be
17 billed.
18 2.3 The County shall provide the Contractor with the following information when
19 requesting service:
20 (A) The Department, Division, and/or program name.
21 (B) Contact person and telephone number.
22 (C)Address of the location in need of container collection.
23 All of the aforementioned information will also be included in the Schedule of
24 Services located in Exhibit E.
25 2.4 The County's departments shall place only confidential paper documents, such as
26 criminal records, photographs, arrest reports, case histories, medical records, legal documents,
27 etc. in the collection containers provided by the Contractor.
28
2
1 Article 3
2 Compensation, Invoices, and Payments
3 3.1 The County agrees to pay, and the Contractor agrees to receive, compensation for
4 the performance of its services under this Agreement as described in Exhibit B to this
5 Agreement.
6 3.2 Maximum Compensation. The maximum compensation payable to the Contractor
7 under this Agreement for the first year is $201,520. The maximum compensation payable to the
8 Contractor under this Agreement for the second year is $131,940. The maximum compensation
9 payable to the Contractor under this Agreement for the third year is $131,940. The total
10 maximum compensation payable to the Contractor in the initial three-year term is $465,400. In
11 the event this Agreement is extended for its first optional one-year extension ("Year 4"), if any,
12 this maximum shall increase by $149,988. Upon utilization of the final one-year extension ("Year
13 5"), if any, this maximum shall increase by an additional $149,988. The total maximum
14 compensation payable to the Contractor under this Agreement is $765,376 for the entire
15 potential five-year term as set forth in Exhibit B. In the event the total maximum compensation
16 amount for each year is not fully expended, the remaining unspent funding amounts shall roll
17 over to each subsequent term's established maximum compensation.
18 The Contractor acknowledges that the County is a local government entity, and does so with
19 notice that the County's powers are limited by the California Constitution and by State law, and
20 with notice that the Contractor may receive compensation under this Agreement only for
21 services performed according to the terms of this Agreement and while this Agreement is in
22 effect, and subject to the maximum amount payable under this section. The Contractor further
23 acknowledges that County employees have no authority to pay the Contractor except as
24 expressly provided in this Agreement.
25 3.3 Invoices. The Contractor shall submit monthly invoices referencing the provided
26 agreement number, organization number, and the department that received services to the
27 County of Fresno, Internal Services Department, Attention: Business Office, 333 W. Pontiac
28 Way, Clovis, CA 93612, isdcontracts(a)fresnocountyca.go, . The Contractor shall submit each
3
1 invoice within 60 days after the month in which the Contractor performs services and in any
2 case within 60 days after the end of the term or termination of this Agreement.
3 3.4 Payment. The County shall pay each correctly completed and timely submitted
4 invoice within 45 days after receipt. The County shall remit any payment to the Contractor's
5 address specified in the invoice.
6 3.5 Incidental Expenses. The Contractor is solely responsible for all of its costs and
7 expenses that are not specified as payable by the County under this Agreement.
8 Article 4
9 Term of Agreement
10 4.1 Term. This Agreement is effective on March 12, 2024 and terminates on March 11,
11 2027, except as provided in section 4.2, "Extension," or Article 6, "Termination and Suspension,"
12 below.
13 4.2 Extension. The term of this Agreement may be extended for no more than two, one-
14 year periods only upon written approval of both parties at least 30 days before the first day of
15 the next one-year extension period. The Director of Internal Services/Chief Information Officer
16 or his or her designee is authorized to sign the written approval on behalf of the County based
17 on the Contractor's satisfactory performance. The extension of this Agreement by the County is
18 not a waiver or compromise of any default or breach of this Agreement by the Contractor
19 existing at the time of the extension whether or not known to the County.
20 Article 5
21 Notices
22 5.1 Contact Information. The persons and their addresses having authority to give and
23 receive notices provided for or permitted under this Agreement include the following:
24
For the County:
25 Director of Internal Services/Chief Information Officer
County of Fresno
26 333 W. Pontiac Way
Clovis, CA 93612
27 isdcontracts(a)fresnocountyca.gov
28 For the Contractor:
Manager
4
1 Dallin Woodruff
4315 W Santa Ana Ave
2 Fresno, CA 93722
doodruff@pacific-records.com
3
5.2 Change of Contact Information. Either party may change the information in section
4
5.1 by giving notice as provided in section 5.3.
5
5.3 Method of Delivery. Each notice between the County and the Contractor provided
6
for or permitted under this Agreement must be in writing, state that it is a notice provided under
7
this Agreement, and be delivered either by personal service, by first-class United States mail, by
8
an overnight commercial courier service, or by Portable Document Format (PDF) document
9
attached to an email.
10
(A) A notice delivered by personal service is effective upon service to the recipient.
11
(B) A notice delivered by first-class United States mail is effective three County
12
business days after deposit in the United States mail, postage prepaid, addressed to the
13
recipient.
14
(C)A notice delivered by an overnight commercial courier service is effective one
15
County business day after deposit with the overnight commercial courier service,
16
delivery fees prepaid, with delivery instructions given for next day delivery, addressed to
17
the recipient.
18
(D)A notice delivered by PDF document attached to an email is effective when
19
transmission to the recipient is completed (but, if such transmission is completed outside
20
of County business hours, then such delivery is deemed to be effective at the next
21
beginning of a County business day), provided that the sender maintains a machine
22
record of the completed transmission.
23
5.4 Claims Presentation. For all claims arising from or related to this Agreement,
24
nothing in this Agreement establishes, waives, or modifies any claims presentation
25
requirements or procedures provided by law, including the Government Claims Act (Division 3.6
26
of Title 1 of the Government Code, beginning with section 810).
27
28
5
1 Article 6
2 Termination and Suspension
3 6.1 Termination for Non-Allocation of Funds. The terms of this Agreement are
4 contingent on the approval of funds by the appropriating government agency. If sufficient funds
5 are not allocated, then the County, upon at least 30 days' advance written notice to the
6 Contractor, may:
7 (A) Modify the services provided by the Contractor under this Agreement; or
8 (B) Terminate this Agreement.
9 6.2 Termination for Breach.
10 (A) Upon determining that a breach (as defined in paragraph (C) below) has
11 occurred, the County may give written notice of the breach to the Contractor. The written
12 notice may suspend performance under this Agreement, and must provide at least 30
13 days for the Contractor to cure the breach.
14 (B) If the Contractor fails to cure the breach to the County's satisfaction within the
15 time stated in the written notice, the County may terminate this Agreement immediately.
16 (C) For purposes of this section, a breach occurs when, in the determination of the
17 County, the Contractor has:
18 (1) Obtained or used funds illegally or improperly;
19 (2) Failed to comply with any part of this Agreement;
20 (3) Submitted a substantially incorrect or incomplete report to the County; or
21 (4) Improperly performed any of its obligations under this Agreement.
22 6.3 Termination without Cause. In circumstances other than those set forth above, the
23 County may terminate this Agreement by giving at least 30 days advance written notice to the
24 Contractor.
25 6.4 No Penalty or Further Obligation. Any termination of this Agreement by the County
26 under this Article 6 is without penalty to or further obligation of the County.
27 6.5 County's Rights upon Termination. Upon termination for breach under this Article
28 6, the County may demand repayment by the Contractor of any monies disbursed to the
6
1 Contractor under this Agreement that, in the County's sole judgment, were not expended in
2 compliance with this Agreement. The Contractor shall promptly refund all such monies upon
3 demand. This section survives the termination of this Agreement.
4 Article 7
5 Independent Contractor
6 7.1 Status. In performing under this Agreement, the Contractor, including its officers,
7 agents, employees, and volunteers, is at all times acting and performing as an independent
8 contractor, in an independent capacity, and not as an officer, agent, servant, employee, joint
9 venturer, partner, or associate of the County.
10 7.2 Verifying Performance. The County has no right to control, supervise, or direct the
11 manner or method of the Contractor's performance under this Agreement, but the County may
12 verify that the Contractor is performing according to the terms of this Agreement.
13 7.3 Benefits. Because of its status as an independent contractor, the Contractor has no
14 right to employment rights or benefits available to County employees. The Contractor is solely
15 responsible for providing to its own employees all employee benefits required by law. The
16 Contractor shall save the County harmless from all matters relating to the payment of the
17 Contractor's employees, including compliance with Social Security withholding and all related
18 regulations.
19 7.4 Services to Others. The parties acknowledge that, during the term of this
20 Agreement, the Contractor may provide services to others unrelated to the County.
21 Article 8
22 Indemnity and Defense
23 8.1 Indemnity. The Contractor shall indemnify and hold harmless and defend the
24 County (including its officers, agents, employees, and volunteers) against all claims, demands,
25 injuries, damages, costs, expenses (including attorney fees and costs), fines, penalties, and
26 liabilities of any kind to the County, the Contractor, or any third party that arise from or relate to
27 the performance or failure to perform by the Contractor (or any of its officers, agents,
28 subcontractors, or employees) under this Agreement. The County may conduct or participate in
7
1 its own defense without affecting the Contractor's obligation to indemnify and hold harmless or
2 defend the County.
3 8.2 Survival. This Article 8 survives the termination of this Agreement.
4 Article 9
5 Insurance
6 9.1 The Contractor shall comply with all the insurance requirements in Exhibit D to this
7 Agreement.
8 Article 10
9 Inspections, Audits, and Public Records
10 10.1 Inspection of Documents. The Contractor shall make available to the County, and
11 the County may examine at any time during business hours and as often as the County deems
12 necessary, all of the Contractor's records and data with respect to the matters covered by this
13 Agreement, excluding attorney-client privileged communications. The Contractor shall, upon
14 request by the County, permit the County to audit and inspect all of such records and data to
15 ensure the Contractor's compliance with the terms of this Agreement.
16 10.2 State Audit Requirements. If the compensation to be paid by the County under this
17 Agreement exceeds $10,000, the Contractor is subject to the examination and audit of the
18 California State Auditor, as provided in Government Code section 8546.7, for a period of three
19 years after final payment under this Agreement. This section survives the termination of this
20 Agreement.
21 10.3 Public Records. The County is not limited in any manner with respect to its public
22 disclosure of this Agreement or any record or data that the Contractor may provide to the
23 County. The County's public disclosure of this Agreement or any record or data that the
24 Contractor may provide to the County may include but is not limited to the following:
25 (A) The County may voluntarily, or upon request by any member of the public or
26 governmental agency, disclose this Agreement to the public or such governmental
27 agency.
28
8
1 (B) The County may voluntarily, or upon request by any member of the public or
2 governmental agency, disclose to the public or such governmental agency any record or
3 data that the Contractor may provide to the County, unless such disclosure is prohibited
4 by court order.
5 (C)This Agreement, and any record or data that the Contractor may provide to the
6 County, is subject to public disclosure under the Ralph M. Brown Act (California
7 Government Code, Title 5, Division 2, Part 1, Chapter 9, beginning with section 54950).
8 (D)This Agreement, and any record or data that the Contractor may provide to the
9 County, is subject to public disclosure as a public record under the California Public
10 Records Act (California Government Code, Title 1, Division 10, Chapter 3, beginning
11 with section 7920.200) ("CPRA").
12 (E) This Agreement, and any record or data that the Contractor may provide to the
13 County, is subject to public disclosure as information concerning the conduct of the
14 people's business of the State of California under California Constitution, Article 1,
15 section 3, subdivision (b).
16 (F) Any marking of confidentiality or restricted access upon or otherwise made with
17 respect to any record or data that the Contractor may provide to the County shall be
18 disregarded and have no effect on the County's right or duty to disclose to the public or
19 governmental agency any such record or data.
20 10.4 Public Records Act Requests. If the County receives a written or oral request
21 under the CPRA to publicly disclose any record that is in the Contractor's possession or control,
22 and which the County has a right, under any provision of this Agreement or applicable law, to
23 possess or control, then the County may demand, in writing, that the Contractor deliver to the
24 County, for purposes of public disclosure, the requested records that may be in the possession
25 or control of the Contractor. Within five business days after the County's demand, the
26 Contractor shall (a) deliver to the County all of the requested records that are in the Contractor's
27 possession or control, together with a written statement that the Contractor, after conducting a
28 diligent search, has produced all requested records that are in the Contractor's possession or
9
1 control, or (b) provide to the County a written statement that the Contractor, after conducting a
2 diligent search, does not possess or control any of the requested records. The Contractor shall
3 cooperate with the County with respect to any County demand for such records. If the
4 Contractor wishes to assert that any specific record or data is exempt from disclosure under the
5 CPRA or other applicable law, it must deliver the record or data to the County and assert the
6 exemption by citation to specific legal authority within the written statement that it provides to
7 the County under this section. The Contractor's assertion of any exemption from disclosure is
8 not binding on the County, but the County will give at least 10 days' advance written notice to
9 the Contractor before disclosing any record subject to the Contractor's assertion of exemption
10 from disclosure. The Contractor shall indemnify the County for any court-ordered award of costs
11 or attorney's fees under the CPRA that results from the Contractor's delay, claim of exemption,
12 failure to produce any such records, or failure to cooperate with the County with respect to any
13 County demand for any such records.
14 Article 11
15 Disclosure of Self-Dealing Transactions
16 11.1 Applicability. This Article 11 applies if the Contractor is operating as a corporation
17 or changes its status to operate as a corporation.
18 11.2 Duty to Disclose. If any member of the Contractor's board of directors is party to a
19 self-dealing transaction, he or she shall disclose the transaction by completing and signing a
20 "Self-Dealing Transaction Disclosure Form" (Exhibit C to this Agreement) and submitting it to
21 the County before commencing the transaction or immediately after.
22 11.3 Definition. "Self-dealing transaction" means a transaction to which the Contractor is
23 a party and in which one or more of its directors, as an individual, has a material financial
24 interest.
25 Article 12
26 General Terms
27 12.1 Modification. Except as provided in Article 6, "Termination and Suspension," this
28 Agreement may not be modified, and no waiver is effective, except by written agreement signed
10
1 by both parties. The Contractor acknowledges that County employees have no authority to
2 modify this Agreement except as expressly provided in this Agreement.
3 12.2 Non-Assignment. Neither party may assign its rights or delegate its obligations
4 under this Agreement without the prior written consent of the other party.
5 12.3 Governing Law. The laws of the State of California govern all matters arising from
6 or related to this Agreement.
7 12.4 Jurisdiction and Venue. This Agreement is signed and performed in Fresno
8 County, California. The Contractor consents to California jurisdiction for actions arising from or
9 related to this Agreement, and, subject to the Government Claims Act, all such actions must be
10 brought and maintained in Fresno County.
11 12.5 Construction. The final form of this Agreement is the result of the parties' combined
12 efforts. If anything in this Agreement is found by a court of competent jurisdiction to be
13 ambiguous, that ambiguity shall not be resolved by construing the terms of this Agreement
14 against either party.
15 12.6 Days. Unless otherwise specified, "days" means calendar days.
16 12.7 Headings. The headings and section titles in this Agreement are for convenience
17 only and are not part of this Agreement.
18 12.8 Severability. If anything in this Agreement is found by a court of competent
19 jurisdiction to be unlawful or otherwise unenforceable, the balance of this Agreement remains in
20 effect, and the parties shall make best efforts to replace the unlawful or unenforceable part of
21 this Agreement with lawful and enforceable terms intended to accomplish the parties' original
22 intent.
23 12.9 Nondiscrimination. During the performance of this Agreement, the Contractor shall
24 not unlawfully discriminate against any employee or applicant for employment, or recipient of
25 services, because of race, religious creed, color, national origin, ancestry, physical disability,
26 mental disability, medical condition, genetic information, marital status, sex, gender, gender
27 identity, gender expression, age, sexual orientation, military status or veteran status pursuant to
28 all applicable State of California and federal statutes and regulation.
11
1 12.10 No Waiver. Payment, waiver, or discharge by the County of any liability or obligation
2 of the Contractor under this Agreement on any one or more occasions is not a waiver of
3 performance of any continuing or other obligation of the Contractor and does not prohibit
4 enforcement by the County of any obligation on any other occasion.
5 12.11 Entire Agreement. This Agreement, including its exhibits, is the entire agreement
6 between the Contractor and the County with respect to the subject matter of this Agreement,
7 and it supersedes all previous negotiations, proposals, commitments, writings, advertisements,
8 publications, and understandings of any nature unless those things are expressly included in
9 this Agreement. If there is any inconsistency between the terms of this Agreement without its
10 exhibits and the terms of the exhibits, then the inconsistency will be resolved by giving
11 precedence first to the terms of this Agreement without its exhibits, and then to the terms of the
12 exhibits.
13 12.12 No Third-Party Beneficiaries. This Agreement does not and is not intended to
14 create any rights or obligations for any person or entity except for the parties.
15 12.13 Authorized Signature. The Contractor represents and warrants to the County that:
16 (A) The Contractor is duly authorized and empowered to sign and perform its
17 obligations under this Agreement.
18 12.14 The individual signing this Agreement on behalf of the Contractor is duly authorized
19 to do so and his or her signature on this Agreement legally binds the Contractor to the terms of
20 this Agreement.
21 12.15 Electronic Signatures. The parties agree that this Agreement may be executed by
22 electronic signature as provided in this section.
23 (A) An "electronic signature" means any symbol or process intended by an individual
24 signing this Agreement to represent their signature, including but not limited to (1) a
25 digital signature; (2) a faxed version of an original handwritten signature; or (3) an
26 electronically scanned and transmitted (for example by PDF document) version of an
27 original handwritten signature.
28
12
1 (B) Each electronic signature affixed or attached to this Agreement (1) is deemed
2 equivalent to a valid original handwritten signature of the person signing this Agreement
3 for all purposes, including but not limited to evidentiary proof in any administrative or
4 judicial proceeding, and (2) has the same force and effect as the valid original
5 handwritten signature of that person.
6 (C)The provisions of this section satisfy the requirements of Civil Code section
7 1633.5, subdivision (b), in the Uniform Electronic Transaction Act (Civil Code, Division 3,
8 Part 2, Title 2.5, beginning with section 1633.1).
9 (D) Each party using a digital signature represents that it has undertaken and
10 satisfied the requirements of Government Code section 16.5, subdivision (a),
11 paragraphs (1) through (5), and agrees that each other party may rely upon that
12 representation.
13 (E) This Agreement is not conditioned upon the parties conducting the transactions
14 under it by electronic means and either party may sign this Agreement with an original
15 handwritten signature.
16 12.16 Counterparts. This Agreement may be signed in counterparts, each of which is an
17 original, and all of which together constitute this Agreement.
18 [SIGNATURE PAGE FOLLOWS]
19
20
21
22
23
24
25
26
27
28
13
I The parties are signing this Agreement on the date stated in the introductory clause.
2
Pacific Storage Company COUNTY OF FRESNO
3
4
5 Wory J,fru r. Presiden Tt CEO Nathan Mags'ig, Chairman of the Board of
PO Box 334 Supervisors of the County of Fresno
6 Stockton, CA 95201
Attest:
7 Bernice E. Seidel
Clerk of the Board of Supervisors
8 County of Fresno. State of California
9
By:
10 Deputy
11 For accounting use only:
12 Org No.: 8905
Account No.: 7295
13 Fund No.: 1020
Subclass No.: 10000
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
14
Exhibit A
1 Scope of Services
2 Upon a regular basis, as established and defined in the schedule table below, the
3 Contractor will provide on-site and off-site confidential document shredding and information
4 media destruction services.
5 The types of paper to be shredded include, but are not limited to:
6 . Computer paper
7 . Mixed paper (with ACCO fasteners, staples, paper clips, plastic, etc.)
8 • Confidential criminal and health records, including used, unwanted manila
9 folders, crime photos, arrest reports, used ballots, election materials, and
10 assorted paper forms.
11 Photographs, checks, arrest reports, case histories, medical records, legal
12 documents.
13 Other paper types.
14 The types of information media to be destroyed include, but are limited to:
15 • Hard drives
16 0 CD's/DVD's
17 USB drives
18 • Zip disks
19
• Microfiche/microfilm
20
• Cell phones
21
• Pagers
22
• Tablets
23
• SSD's
24
• Building Entry Cards
25
• Employee ID Badges
26
• SD Cards
27
• Other Information media items
28
A-1
Exhibit B
1 Compensation
2 The Contractor will be compensated for performance of its services under this
3 Agreement as provided in this Exhibit B. The Contractor is not entitled to any compensation
4 except as expressly provided in this Exhibit B.
5
6 YEAR ANNUALCOST
7 YEAR 1: 03/12/2024-03/11/2025 $131,940
8 YEAR 2: 03/12/2025-03/11/2026 $131,940
9 YEAR 3: 03/12/2026-03/11/2027 $131,940
10 YEAR 4: 03/12/2027-03/11/2028 $149,988
11 YEAR 5: 03/12/2027-03/11/2028 $149,988
12
13 Any services over the maximum 23,000 items per year will be subject to Pacific Storage
14 Company's overage fee. After 20,000 paper items there will be a charge of$10 per item.
15 After 3,000 assorted media items there will be a charge of$8 per item. A 10% buffer will
16 be added to the first year of this contract to account for any potential overage cost and
17 any unspent funding amounts shall roll over into each subsequent year's established
18 compensation and shall only be utilized as needed for overage charges.
19
20
21
22
23
24
25
26
27
28
B-1
Exhibit C
Self-Dealing Transaction Disclosure Form
In order to conduct business with the County of Fresno ("County"), members of a
contractor's board of directors ("County Contractor"), must disclose any self-dealing transactions
that they are a party to while providing goods, performing services, or both for the County. A
self-dealing transaction is defined below:
"A self-dealing transaction means a transaction to which the corporation is a party and in
which one or more of its directors has a material financial interest."
The definition above will be used for purposes of completing this disclosure form.
Instructions
(1) Enter board member's name, job title (if applicable), and date this disclosure is being
made.
(2) Enter the board member's company/agency name and address.
(3) Describe in detail the nature of the self-dealing transaction that is being disclosed to the
County. At a minimum, include a description of the following:
a. The name of the agency/company with which the corporation has the transaction;
and
b. The nature of the material financial interest in the Corporation's transaction that
the board member has.
(4) Describe in detail why the self-dealing transaction is appropriate based on applicable
provisions of the Corporations Code.
The form must be signed by the board member that is involved in the self-dealing
transaction described in Sections (3) and (4).
C-1
Exhibit C
(1) Company Board Member Information:
Name: Date:
Job Title:
(2) Company/Agency Name and Address:
(3) Disclosure (Please describe the nature of the self-dealing transaction you are a
party to)
(4) Explain why this self-dealing transaction is consistent with the requirements of
Corporations Code § 5233 (a)
(5) Authorized Signature
Signature: Date:
C-2
Exhibit D
Insurance Requirements
1. Required Policies
Without limiting the County's right to obtain indemnification from the Contractor or any third
parties, the Contractor, at its sole expense, shall maintain in full force and effect the following
insurance policies throughout the term of this Agreement.
(A) Commercial General Liability. Commercial general liability insurance with limits of not
less than Two Million Dollars ($2,000,000) per occurrence and an annual aggregate of
Four Million Dollars ($4,000,000). This policy must be issued on a per occurrence basis.
Coverage must include products, completed operations, property damage, bodily injury,
personal injury, and advertising injury. The Contractor shall obtain an endorsement to
this policy naming the County of Fresno, its officers, agents, employees, and volunteers,
individually and collectively, as additional insureds, but only insofar as the operations
under this Agreement are concerned. Such coverage for additional insureds will apply as
primary insurance and any other insurance, or self-insurance, maintained by the County
is excess only and not contributing with insurance provided under the Contractor's policy.
(B) Automobile Liability. Automobile liability insurance with limits of not less than One
Million Dollars ($1,000,000) per occurrence for bodily injury and for property damages.
Coverage must include any auto used in connection with this Agreement.
(C) Workers Compensation. Workers compensation insurance as required by the laws of
the State of California with statutory limits.
(D) Employer's Liability. Employer's liability insurance with limits of not less than One
Million Dollars ($1,000,000) per occurrence for bodily injury and for disease.
(E) Professional Liability. Professional liability insurance with limits of not less than One
Million Dollars ($1,000,000) per occurrence and an annual aggregate of Three Million
Dollars ($3,000,000). If this is a claims-made policy, then (1) the retroactive date must be
prior to the date on which services began under this Agreement; (2) the Contractor shall
maintain the policy and provide to the County annual evidence of insurance for not less
than five years after completion of services under this Agreement; and (3) if the policy is
canceled or not renewed, and not replaced with another claims-made policy with a
retroactive date prior to the date on which services begin under this Agreement, then the
Contractor shall purchase extended reporting coverage on its claims-made policy for a
minimum of five years after completion of services under this Agreement
(F) Technology Professional Liability (Errors and Omissions). Technology professional
liability (errors and omissions) insurance with limits of not less than One Million Dollars
($1,000,000) per occurrence and in the aggregate. Coverage must encompass all of the
Contractor's obligations under this Agreement, including but not limited to claims
involving Cyber Risks.
D-1
Exhibit D
(G)Cyber Liability. Cyber liability insurance with limits of not less than Two Million Dollars
($2,000,000) per occurrence. Coverage must include claims involving Cyber Risks. The
cyber liability policy must be endorsed to cover the full replacement value of damage to,
alteration of, loss of, or destruction of intangible property (including but not limited to
information or data) that is in the care, custody, or control of the Contractor.
Definition of Cyber Risks. "Cyber Risks" include but are not limited to (i) Security
Breach, which may include Disclosure of Personal Information to an Unauthorized Third
Party; (ii) data breach; (iii) breach of any of the Contractor's obligations under Exhibit F
of this Agreement; (iv) system failure; (v) data recovery; (vi) failure to timely disclose
data breach or Security Breach; (vii) failure to comply with privacy policy; (viii) payment
card liabilities and costs; (ix) infringement of intellectual property, including but not
limited to infringement of copyright, trademark, and trade dress; (x) invasion of privacy,
including release of private information; (xi) information theft; (xii) damage to or
destruction or alteration of electronic information; (xiii) cyber extortion; (xiv) extortion
related to the Contractor's obligations under this Agreement regarding electronic
information, including Personal Information; (xv) fraudulent instruction; (xvi) funds
transfer fraud; (xvii) telephone fraud; (xviii) network security; (xix) data breach response
costs, including Security Breach response costs; (xx) regulatory fines and penalties
related to the Contractor's obligations under this Agreement regarding electronic
information, including Personal Information; and (xxi) credit monitoring expenses.
2. Additional Requirements
(A) Verification of Coverage. Within 30 days after the Contractor signs this Agreement,
and at any time during the term of this Agreement as requested by the County's Risk
Manager or the County Administrative Office, the Contractor shall deliver, or cause its
broker or producer to deliver, to the County Risk Manager, at 2220 Tulare Street, 16th
Floor, Fresno, California 93721, or , and by
mail or email to the person identified to receive notices under this Agreement,
certificates of insurance and endorsements for all of the coverages required under this
Agreement.
(i) Each insurance certificate must state that: (1) the insurance coverage has been
obtained and is in full force; (2) the County, its officers, agents, employees, and
volunteers are not responsible for any premiums on the policy; and (3) the
Contractor has waived its right to recover from the County, its officers, agents,
employees, and volunteers any amounts paid under any insurance policy
required by this Agreement and that waiver does not invalidate the insurance
policy.
(ii) The commercial general liability insurance certificate must also state, and include
an endorsement, that the County of Fresno, its officers, agents, employees, and
volunteers, individually and collectively, are additional insureds insofar as the
operations under this Agreement are concerned. The commercial general liability
insurance certificate must also state that the coverage shall apply as primary
insurance and any other insurance, or self-insurance, maintained by the County
D-2
Exhibit D
shall be excess only and not contributing with insurance provided under the
Contractor's policy.
(iii) The automobile liability insurance certificate must state that the policy covers any
auto used in connection with this Agreement.
(iv) The professional liability insurance certificate, if it is a claims-made policy, must
also state the retroactive date of the policy, which must be prior to the date on
which services began under this Agreement.
(B) Acceptability of Insurers. All insurance policies required under this Agreement must be
issued by admitted insurers licensed to do business in the State of California and
possessing at all times during the term of this Agreement an A.M. Best, Inc. rating of no
less than A: VI I.
(C) Notice of Cancellation or Change. For each insurance policy required under this
Agreement, the Contractor shall provide to the County, or ensure that the policy requires
the insurer to provide to the County, written notice of any cancellation or change in the
policy as required in this paragraph. For cancellation of the policy for nonpayment of
premium, the Contractor shall, or shall cause the insurer to, provide written notice to the
County not less than 10 days in advance of cancellation. For cancellation of the policy
for any other reason, and for any other change to the policy, the Contractor shall, or shall
cause the insurer to, provide written notice to the County not less than 30 days in
advance of cancellation or change. The County in its sole discretion may determine that
the failure of the Contractor or its insurer to timely provide a written notice required by
this paragraph is a breach of this Agreement.
(D) County's Entitlement to Greater Coverage. If the Contractor has or obtains insurance
with broader coverage, higher limits, or both, than what is required under this
Agreement, then the County requires and is entitled to the broader coverage, higher
limits, or both. To that end, the Contractor shall deliver, or cause its broker or producer
to deliver, to the County's Risk Manager certificates of insurance and endorsements for
all of the coverages that have such broader coverage, higher limits, or both, as required
under this Agreement.
(E) Waiver of Subrogation. The Contractor waives any right to recover from the County, its
officers, agents, employees, and volunteers any amounts paid under the policy of
worker's compensation insurance required by this Agreement. The Contractor is solely
responsible to obtain any policy endorsement that may be necessary to accomplish that
waiver, but the Contractor's waiver of subrogation under this paragraph is effective
whether or not the Contractor obtains such an endorsement.
(F) County's Remedy for Contractor's Failure to Maintain. If the Contractor fails to keep
in effect at all times any insurance coverage required under this Agreement, the County
may, in addition to any other remedies it may have, suspend or terminate this
Agreement upon the occurrence of that failure, or purchase such insurance coverage,
and charge the cost of that coverage to the Contractor. The County may offset such
charges against any amounts owed by the County to the Contractor under this
Agreement.
D-3
Exhibit D
(G)Subcontractors. The Contractor shall require and verify that all subcontractors used by
the Contractor to provide services under this Agreement maintain insurance meeting all
insurance requirements provided in this Agreement. This paragraph does not authorize
the Contractor to provide services under this Agreement using subcontractors.
D-4
Exhibit E
Schedule of Services
ORG Department - Division Address Schedule C 64g 96g
0120 Administrative Office 2281 Tulare St. Rm. 304 Biweekly 1
Fresno, CA 93721
3430 Adult Probation -Winery 2212 N. Winery#101 Weekly 5
Fresno, CA 93727
4010 Agriculture— Maple (1720) 1720 S. Maple Ave. Monthly 2
Fresno, CA 93702
4010 Agriculture— Maple (1730) 1730 S Maple Ave. Monthly 2
Fresno, CA 93702
0420 Assessor's Office 2281 Tulare St. Rm 201 Weekly 4
Fresno, CA 93721
0410 Auditor's#104 2281 Tulare St. Rm 104 Biweekly 1
Fresno, CA 93721
0410 Auditor's#102 2281 Tulare St. Rm 102 Weekly 1
Fresno, CA 93721
0410 Auditor's#105 2281 Tulare St. Rm 105 Weekly 3
Fresno, CA 93721
0410 Auditor's Basement#5 2281 Tulare St. Rm 5 Weekly 1
Fresno, CA 93721
0410 Auditor's Basement#8 2281 Tulare St. Rm 8 Weekly 1
Fresno, CA 93721
3111 Children's Mental Health 3333 E American Ave. Bldg 702 Monthly 1
Fresno, CA 93725
3111 Sheriff's Office 3150 E Jefferson Ave. Every 8 2
Fresno, CA 93725 Weeks
3111 Sheriff Public Admin 3333 E. American Bldg 702 Biweekly 2
Fresno, CA 93725
2850 County Clerk- Records MGMT 4525 E. Hamilton Biweekly 4
Fresno, CA 93721
0710 County Counsel 2220 Tulare St. 5th FL Weekly 4
Fresno, CA 93721
5630 Behavioral Health - CMH Outpatient 3133 N. Millbrook Ave. Weekly 3
Fresno, CA 93703
5630 Behavioral Health - Finance & IT 4417 E. Inyo, Modular B Every 8 4
Fresno, CA 93702 Weeks
5630 Behavioral Health - Perinatal Program 142 E. California Ave. Rm 310 Biweekly 1
Fresno, CA 93706
5630 Behavioral Health - Public Guardian Office 4460 E. Huntington Ave Weekly 1
Fresno, CA 93706
5630 Behavioral Health- Substance Use 4411 E. Kings Canyon Bldg. Biweekly 1
319 Fresno, CA 93702
5110 Child Support Services - Family Support 2220 Tulare St(Multiple Floors) Weekly 12
Fresno CA, 93721
5610 Social Services - Coalinga 311 Coalinga Plaza Monthly 1 3 3
Coalinga, CA 93210
5610 Social Services Kerman 15180 W. Whitesbridge Monthly 1 4
Kerman, CA 93630
5610 Social Services - Modular D 4452 E. Kings Canyon Monthly 2
Fresno, CA 93702
E-1
Exhibit E
5610 Social Services - Pelco Ad min 205 Pontiac Way Weekly 26
Clovis, CA 93612
5610 Social Services - Reedley Regional Center 1680 East Manning Biweekly 1 6
Reedley, CA 93654
5610 Social Services - Selma SouthEast Reg Center 3830 McCall Ave Monthly 1 7
Selma, CA 93662
5610 Social Services - Sunnyside 5693 E. Kings Canyon Weekly 1 9
Fresno, CA 93727
5610 Social Services -VSO 1320 E. Shaw Ave.#105 Weekly 1
Fresno, CA 93710
5610 Social Services -W Fresno Reg Center 142 E. California Ave. Weekly 6
Fresno, CA 93706
2860 District Attorney (Juvenile Dept) 3333 E. American Bldg. 701 Biweekly 2
Ste F Fresno, CA 93725
2850 Elections 2221 Kern St Biweekly 1
Fresno, CA 93721
8935 Facilities Services 4590 E. Kings Canyon Bldg. Monthly 1
348 Fresno, CA 93721
5610 DSS Adult Services - P.A.C.T. 4441 East Kings Canyon Weekly 7
Fresno, CA 93702
8905 Information Tech (Pontiac) 333 W. Pontiac Way Monthly 6
Clovis, CA 93612
8970 Internal Services Security 2220 Tulare St. Plaza Level Weekly 1
Fresno, CA 93721
8845 Jail 1225 M St. Weekly 1
Fresno, CA 93721
8830 Juvenile Justice Campus Bldg 704 3333 E. American Ave. Bldg. Monthly 2
704 Fresno, CA 93725
8830 Juvenile Probation 3333 E. American Bldg. 701 Weekly 7
Fresno, CA 93725
1010 Personnel -Admin 2220 Tulare St 16th FL Monthly 1
Fresno, CA 93721
1010 Personnel - Employee Benefits 2220 Tulare St 14th FL Biweekly 2
Fresno, CA 93721
1010 Personnel - Employee Services 2220 Tulare St 14th FL Weekly 1
Fresno, CA 93721
1010 Personnel - Risk Management 2220 Tulare St 16th FL Monthly 1
Fresno, CA 93721
3430 Probation (AB 109) 2171 N. Fine Ave. Biweekly 4
Fresno, CA 93727
3430 Probation (Drug Suppression Unit) 2212 N. Winery Ste. 122 Biweekly 3
Fresno, CA 93703
3430 Probation (Fine) 2048 N. Fine Ave. Weekly 4
Fresno, CA 93727
3430 Probation (Superior Court Investigations) 2135 Fresno St, Suite 404 Weekly 2
Fresno, CA 93721
3430 Probation (Yale) 4939 E. Yale Biweekly 1
Fresno, CA 93702
2880 Public Defender-American 3333 E. American Ave. Bldg. Every 3 1
701 Rm 134-E Weeks
Fresno, CA 93725
E-2
Exhibit E
5620 Public Health -Admin 1221 Fulton Mall, Rm 626 Biweekly 1
Fresno, CA 93721
5620 Public Health - California Children's Services 1221 Fulton Mall. 2nd Floor Weekly 3
Fresno, CA 93721
5620 Public Health - CCS/Ginsburg Medical Therapy 67 E. Ashlan Ave. As-needed 1
Fresno, CA 93704
5620 Public Health - Clovis Medical Therapy Unit 1345 N. Peach Ave. Monthly 1
Clovis, CA 93619
5620 Public Health - CMS Storey MTU 2444 S. Peach Ave. Monthly 1
Fresno, CA 93725
5620 Public Health - Communicable Diseases- Epidemiology 1221 Fulton Mall. Rm 291 Biweekly 1
Fresno, CA 93721
5620 Public Health - Communicable Health TB Control 1221 Fulton Mall, Rm 160 Biweekly 1
Fresno, CA 93721
5620 Public Health - Community Health - SCIP/CLASP/DIS 1221 Fulton Mall Rm 1st Floor Biweekly 1
Fresno, CA 93721
5620 Public Health - Emergency Medical Services (EMS) 1221 Fulton Mall, 5th Floor Monthly 1
Fresno, CA 93721
5620 Public Health - Environmental Health Systems 1221 Fulton Man, 3rd Floor Biweekly 2
Fresno, CA 93721
5620 Public Health - EPI Triage 1221 Fulton Mall, 2nd floor, Rm Monthly 1
267 Fresno, CA 93721
5620 Public Health - Health Dept (CDPH) 1221 Fulton, Rm. 270 Weekly 2
Fresno, CA 93721
5620 Public Health - Lab 4525 E. Hamilton Ave, 2nd Monthly 2
Floor Fresno, CA 93702
5620 Public Health - Nursing 1221 Fulton Mall, 4th Floor Biweekly 1
Fresno, CA 93721
5620 142 E. California Ave. Weekly 1
Public Health -West Fresno Nursing Center Fresno, CA 93706
5620 1221 Fulton Mall, 1st Floor Biweekly 1
Public Health - Nursing Outreach Immunizations Fresno, CA 93721
5620 1221 Fulton Mall, Rm 360 Biweekly 1
Public Health - OPPC Fresno, CA 93721
5620 1221 Fulton Mall Rm 128 Every other 1
Public Health -Vital Statistics Fresno, CA 93721 Wednesday
4360 4553 E. Hamilton Monthly 1
Public Works- Construction Division Materials Lab Fresno, CA 93702
4360 2220 Tulare St. Ste B Weekly 2
Public Works- Roads & Maintenance Fresno, CA 93721
4360 2220 Tulare St. 8th Floor Biweekly 1
Public Works- Community Development Fresno, CA 93721
4360 2220 Tulare St. Suite A Weekly 3 3
Public Works- Development Services Ste A Fresno, CA 93721
4360 2220 Tulare St. Suite B Weekly 2
Public Works- Development Services Ste B Fresno, CA 93721
1048 2281 Tulare St. Rm 302 Biweekly 1
Recorder's Office Fresno, CA 93721
9200 7772 N. Palm Ave. Weekly 2
Retirement Fresno, CA 93711
3111 Sheriffs Dept-Area 3 Substation 1055 S. Golden State Blvd. Monthly 2
E-3
Exhibit E
Selma, CA 93662
3111 1129 N Armstrong Ave Monthly 2
Sheriff's Dept-Area 2 Substation Fresno, CA 93727
3111 1130 O St Basement Biweekly 1
Sheriff's Dept- Court Services (O st) Fresno, CA 93721
3111 1100 Van Ness Avenue, Lobby Monthly 1
Sheriff's Dept- Court Services (Van Ness) Office Fresno, CA 93721
3111 1225 M St-2nd FI Weekly 1
Sheriff's Dept- Detention Admin Fresno, CA 93721
3111 1225 M St- 1 st FI Weekly 1
Sheriff's Dept- Detention Facility Fresno, CA 93721
3111 2590 N. Grove Industrial Dr. Monthly 2
Sheriff's Dept- Grove Fresno, CA 93727
3111 5849 E. Clinton Ave. Monthly 1
Sheriff's Dept- H.E.A.T. Fresno, CA 93727
3111 2200 Fresno St. 2nd FI Rm Biweekly 2
Sheriff's Dept- Internal Affairs #239 Fresno, CA 93721
3111 2510 S. East Ave. #400 Weekly 1
Sheriff's Dept- M.A.G.E.C. Fresno, CA 93706
3111 21925 W. Manning Every 12 2
Sheriff's Dept- San Joaquin San Joaquin, CA 93660 Weeks
3111 110 M St Monthly 1
Sheriff's Dept- Satellite Jail Fresno, CA 93721
3111 1256 Divisadero Monthly 2
Sheriff's Dept-Training Unit Fresno, CA 93721
3111 2200 Fresno St 1st Floor Biweekly 2
Sheriff's Dept- Records Fresno, CA 93721
3430 2220 Tulare St., Suite 1111 Biweekly 2
Victim Witness (11th FL) Fresno, CA 93721
7511 2420 Mariposa St Monthly 5
Fresno County Library Fresno, CA 93703
3111 770 E. Shaw Ave Suite 300 Weekly 2
Sheriff's Office Fresno, CA 93710
5630 1925 E. Dakota Ave Weekly 8
Behavioral Health Fresno, CA 93726
5630 2719 N Air Fresno Drive Weekly 1
Mental Health -TAY Fresno, CA 93727
5610 3151 N Millbrook 1st Floor Weekly 3
Social Services - Heritage Center- 1st FL Fresno, CA 93703
5610 3151 N Millbrook 2nd Foor Biweekly 2
Social Services - Heritage Center- 2nd FL Fresno, CA 93703
8830 3333 E. American Ave Bldg 703 Biweekly 2
Juvenile Justice Campus Bldg 703 Fresno, CA 93725
8830 3333 E. American Ave Every 8 2
Juvenile Justice Campus Bldg 702 Fresno, CA 93725 Weeks
8830 Internal Services Department- Graphic Communication 844 Van Ness Avenue Monthly 2
Services Division Fresno, CA 93721
3111 2200 Fresno St Basement Biweekly 2
Sheriff's Dept.- Communication Dispatch Fresno, CA 93721
3111 33155 Auberry Road Every 12 2
Sheriff's Department-Auberry Auberry, CA 93602 Weeks
E-4
Exhibit E
2860 2135 Fresno St, 2nd Floor Weekly 8
District Attorney/Crocker Building Fresno, CA 93721
5630 1925 E Dakota Monthly 1
Behavioral Health/1925 1st flr Fresno, CA 93726
3430 2135 Fresno St Weekly 1
Fresno County Adult Probation Fresno, CA 93721
5610 3500 Never Forget Lane Weekly 2 35
Social Services - Clovis Bldg 1 Clovis, CA 93612
5620 770 E Shaw Ave, Suite 109 Monthly 1
Dept. Public Health - EMS Education Center Fresno, CA 93710
5610 250 W Pontiac Way Weekly 20
Social Services 250 Pontiac Clovis, CA 93612
2860 2100 Tulare St Weekly 8
Fresno County DA Floors 1-6 Fresno, CA 93721
4360 2220 Tulare St, 6th FL Biweekly 4
Fresno County- Dept Public Works & Planning Fresno, CA 93721
5630 4447 E Kings Canyon Monthly 1
Behavioral Health/4447 - Mod E Fresno, CA 93702
5620 1510 W Dan Ronquillo Dr, #1 Monthly 1
Fresno Co-Animal Shelter Fresno, CA 93706
5610 380 W Ashlan Weekly 25
DSS - Building 5 Clovis, CA 93612
3430 3333 E American Ave, Bldg 712 Monthly 1
JJC Warehouse Fresno, CA 93725
8910 4551 E Hamilton Ave Monthly 2
ISD-Fleet Services Fresno, CA 93702
E-5
Exhibit F
Data Security
A. Definitions.
Capitalized terms used in this Exhibit F have the meanings set forth in this section A.
"Authorized Employees" means the Contractor's employees who have access to
Personal Information.
"Authorized Persons" means: (i) any and all Authorized Employees; and (ii) any and all of
the Contractor's subcontractors, representatives, agents, outsourcers, and consultants, and
providers of professional services to the Contractor, who have access to Personal Information and
are bound by law or in writing by confidentiality obligations sufficient to protect Personal Information
in accordance with the terms of this Exhibit F.
"Director" means the County's Director of Internal Services/Chief Information Officer or his
or her designee.
"Disclose" or any derivative of that word means to disclose, release, transfer, disseminate,
or otherwise provide access to or communicate all or any part of any Personal Information orally, in
writing, or by electronic or any other means to any person.
"Person" means any natural person, corporation, partnership, limited liability company,
firm, or association.
"Personal Information" means any and all information, including any data provided, or to
which access is provided, to the Contractor by or upon the authorization of the County, including
but not limited to vital records, that: (i) identifies, describes, or relates to, or is associated with, or is
capable of being used to identify, describe, or relate to, or associate with, a person (including,
without limitation, names, physical descriptions, signatures, addresses, telephone numbers, e-mail
addresses, education, financial matters, employment history, and other unique identifiers, as well
as statements made by or attributable to the person); (ii) is used or is capable of being used to
authenticate a person (including, without limitation, employee identification numbers, government-
issued identification numbers, passwords or personal identification numbers (PINs), financial
account numbers, credit report information, answers to security questions, and other personal
identifiers); or is personal information within the meaning of California Civil Code section 1798.3,
F-1
Exhibit F
subdivision (a), or 1798.80, subdivision (e). Personal Information does not include publicly
available information that is lawfully made available to the general public from federal, state, or
local government records.
"Privacy Practices Complaint" means a complaint received by the County relating to the
Contractor's (or any Authorized Person's) privacy practices, or alleging a Security Breach. Such
complaint shall have sufficient detail to enable the Contractor to promptly investigate and take
remedial action under this Exhibit F.
"Security Safeguards" means physical, technical, administrative or organizational security
procedures and practices put in place by the Contractor(or any Authorized Persons)that relate to
the protection of the security, confidentiality, value, or integrity of Personal Information. Security
Safeguards shall satisfy the minimal requirements set forth in subsection C.(5) of this Exhibit F.
"Security Breach" means (i) any act or omission that compromises either the security,
confidentiality, value, or integrity of any Personal Information or the Security Safeguards, or(ii) any
unauthorized Use, Disclosure, or modification of, or any loss or destruction of, or any corruption of
or damage to, any Personal Information.
"Use" or any derivative thereof means to receive, acquire, collect, apply, manipulate,
employ, process, transmit, disseminate, access, store, disclose, or dispose of Personal
Information.
B. Standard of Care.
(1)The Contractor acknowledges that, in the course of its engagement by the County
under this Agreement, the Contractor, or any Authorized Persons, may Use Personal Information
only as permitted in this Agreement.
(2)The Contractor acknowledges that Personal Information is deemed to be confidential
information of, or owned by, the County (or persons from whom the County receives or has
received Personal Information) and is not confidential information of, or owned or by, the
Contractor, or any Authorized Persons. The Contractor further acknowledges that all right, title, and
interest in or to the Personal Information remains in the County (or persons from whom the County
receives or has received Personal Information) regardless of the Contractor's, or any Authorized
F-2
Exhibit F
Person's, Use of that Personal Information.
(3)The Contractor agrees and covenants in favor of the County that the Contractor shall: (i)
keep and maintain all Personal Information in strict confidence, using such degree of care under
this Subsection B as is reasonable and appropriate to avoid a Security Breach; (ii) Use Personal
Information exclusively for the purposes for which the Personal Information is made accessible to
the Contractor pursuant to the terms of this Exhibit F; (iii) not Use, Disclose, sell, rent, license, or
otherwise make available Personal Information for the Contractor's own purposes or for the benefit
of anyone other than the County, without the County's express prior written consent, which the
County may give or withhold in its sole and absolute discretion; and (iv) not, directly or indirectly,
Disclose Personal Information to any person (an "Unauthorized Third Party") other than Authorized
Persons pursuant to this Agreement, without the Director's express prior written consent.
Notwithstanding the foregoing paragraph, in any case in which the Contractor believes it, or
any Authorized Person, is required to disclose Personal Information to government regulatory
authorities, or pursuant to a legal proceeding, or otherwise as may be required by applicable law,
the Contractor shall (a) immediately notify the County of the specific demand for, and legal
authority for the disclosure, including providing the County with a copy of any notice, discovery
demand, subpoena, or order, as applicable, received by the Contractor, or any Authorized Person,
from any government regulatory authorities, or in relation to any legal proceeding, and (b) promptly
notify the County before such Personal Information is offered by the Contractor for such disclosure
so that the County may have sufficient time to obtain a court order or take any other action the
County may deem necessary to protect the Personal Information from such disclosure, and the
Contractor shall cooperate with the County to minimize the scope of such disclosure of such
Personal Information.
The Contractor shall remain liable to the County for the actions and omissions of any
Unauthorized Third Party concerning its Use of such Personal Information as if they were the
Contractor's own actions and omissions.
C. Information Security.
(1)The Contractor covenants, represents and warrants to the County that the Contractor's
F-3
Exhibit F
Use of Personal Information under this Agreement does and shall at all times comply with all
federal, state, and local, privacy and data protection laws, as well as all other applicable regulations
and directives, including but not limited to California Civil Code, Division 3, Part 4, Title 1.81
(beginning with section 1798.80), and the Song-Beverly Credit Card Act of 1971 (California Civil
Code, Division 3, Part 4, Title 1.3, beginning with section 1747). If the Contractor Uses credit, debit,
or other payment cardholder information, the Contractor shall at all times remain in compliance with
the Payment Card Industry Data Security Standard ("PCI DSS") requirements, including remaining
aware at all times of changes to the PCI DSS and promptly implementing and maintaining all
procedures and practices as may be necessary to remain in compliance with the PCI DSS, in each
case, at the Contractor's sole cost and expense.
(2)The Contractor covenants, represents and warrants to the County that, as of the
Effective Date, the Contractor has not received notice of any violation of any privacy or data
protection laws, as well as any other applicable regulations or directives, and is not the subject of
any pending legal action or investigation by, any government regulatory authority regarding same.
(3)Without limiting the Contractor's obligations under subsection C.(1) of this Exhibit F, the
Contractor's (or Authorized Person's) Security Safeguards shall be no less rigorous than accepted
industry practices and, at a minimum, include the following: (i) limiting Use of Personal Information
strictly to the Contractor's and Authorized Persons' technical and administrative personnel who are
necessary for the Contractor's, or Authorized Persons', Use of the Personal Information pursuant
to this Agreement; (ii) ensuring that all of the Contractor's connectivity to the County computing
systems will only be through the County's security gateways and firewalls, and only through
security procedures approved upon the express prior written consent of the Director; (iii)to the
extent that they contain or provide access to Personal Information, (a) securing the Contractor's
business facilities, data centers, paper files, servers, back-up systems and computing equipment,
operating systems, and software applications, including, but not limited to, all mobile devices and
other equipment, operating systems, and software applications with information storage capability;
(b) employing adequate controls and data security measures with respect to the Contractor
Facilities and Equipment), both internally and externally, to protect (1)the Personal Information
F-4
Exhibit F
from potential loss or misappropriation, or unauthorized Use, and (2)the County's operations from
disruption and abuse; (c) having and maintaining network, device application, database and
platform security; (d) maintaining authentication and access controls within media, computing
equipment, operating systems, and software applications; and (e) installing and maintaining in all
mobile, wireless, or handheld devices a secure internet connection, having continuously updated
anti-virus software protection and a remote wipe feature always enabled, all of which is subject to
express prior written consent of the Director; (iv) encrypting all Personal Information at advance
encryption standards of Advanced Encryption Standards (AES) of 128 bit or higher(a)stored on
any mobile devices, including but not limited to hard disks, portable storage devices, or remote
installation, or(b) transmitted over public or wireless networks (the encrypted Personal Information
must be subject to password or pass phrase, and be stored on a secure server and transferred by
means of a Virtual Private Network (VPN) connection, or another type of secure connection, all of
which is subject to express prior written consent of the Director); (v) strictly segregating Personal
Information from all other information of the Contractor, including any Authorized Person, or
anyone with whom the Contractor or any Authorized Person deals so that Personal Information is
not commingled with any other types of information; (vi) having a patch management process
including installation of all operating system/software vendor security patches; (vii) maintaining
appropriate personnel security and integrity procedures and practices, including, but not limited to,
conducting background checks of Authorized Employees consistent with applicable law; and (viii)
providing appropriate privacy and information security training to Authorized Employees.
(4) During the term of each Authorized Employee's employment by the Contractor, the
Contractor shall cause such Authorized Employees to abide strictly by the Contractor's obligations
under this Exhibit F. The Contractor further agrees that it shall maintain a disciplinary process to
address any unauthorized Use of Personal Information by any Authorized Employees.
(5)The Contractor shall, in a secure manner, backup daily, or more frequently if it is the
Contractor's practice to do so more frequently, Personal Information received from the County, and
the County shall have immediate, real time access, at all times, to such backups via a secure,
remote access connection provided by the Contractor, through the Internet.
F-5
Exhibit F
(6)The Contractor shall provide the County with the name and contact information for each
Authorized Employee (including such Authorized Employee's work shift, and at least one alternate
Authorized Employee for each Authorized Employee during such work shift)who shall serve as the
County's primary security contact with the Contractor and shall be available to assist the County 24
hours per day, seven days per week as a contact in resolving the Contractor's and any Authorized
Persons' obligations associated with a Security Breach or a Privacy Practices Complaint.
D. Security Breach Procedures.
(1) Promptly, and without undue delay, upon the Contractor's confirmation of a Security
Breach, the Contractor shall (a) notify the Director of the Security Breach, such notice to be given
first by telephone at the following telephone number, followed promptly by email at the following
email address: (559) 600-5900/incidents@fresnocountyca.gov (which telephone number and email
address the County may update by providing notice to the Contractor), and (b) preserve all relevant
evidence (and cause any affected Authorized Person to preserve all relevant evidence) relating to
the Security Breach. The notification shall include, to the extent reasonably possible, the
identification of each type and the extent of Personal Information that has been, or is reasonably
believed to have been, breached, including but not limited to, compromised, or subjected to
unauthorized Use, Disclosure, or modification, or any loss or destruction, corruption, or damage.
(2) Immediately following the Contractor's notification to the County of a Security Breach,
as provided pursuant to subsection D.(1) of this Exhibit F, the Parties shall coordinate with each
other to investigate the Security Breach. The Contractor agrees to fully cooperate with the County,
including, without limitation: (i) assisting the County in conducting any investigation; (ii) providing
the County with physical access to the facilities and operations affected; (iii)facilitating interviews
with Authorized Persons and any of the Contractor's other employees knowledgeable of the
matter; and (iv) making available all relevant records, logs, files, data reporting and other materials
required to comply with applicable law, regulation, industry standards, or as otherwise reasonably
required by the County. To that end, the Contractor shall, with respect to a Security Breach, be
solely responsible, at its cost, for all notifications required by law and regulation, and the Contractor
shall provide a written report of the investigation and reporting required to the Director within 30
F-6
Exhibit F
days after the Contractor's discovery of the Security Breach.
(3)The County shall promptly notify the Contractor of the Director's knowledge, or
reasonable belief, of any Privacy Practices Complaint, and upon the Contractor's receipt of
notification thereof, the Contractor shall promptly address such Privacy Practices Complaint,
including taking any corrective action under this Exhibit F, all at the Contractor's sole expense, in
accordance with applicable privacy rights, laws, regulations and standards. In the event the
Contractor discovers a Security Breach, the Contractor shall treat the Privacy Practices Complaint
as a Security Breach. Within 24 hours of the Contractor's receipt of notification of such Privacy
Practices Complaint, the Contractor shall notify the County whether the matter is a Security
Breach, or otherwise has been corrected and the manner of correction, or determined not to
require corrective action and the reason therefor.
(4)The Contractor shall take prompt corrective action to respond to and remedy any
Security Breach and take reasonable mitigating actions, including but not limiting to, preventing any
reoccurrence of the Security Breach and correcting any deficiency in Security Safeguards as a
result of such incident, all at the Contractor's sole expense, in accordance with applicable privacy
rights, laws, regulations and standards. The Contractor shall reimburse the County for all
reasonable costs incurred by the County in responding to, and mitigating damages caused by, any
Security Breach, including all costs of the County incurred in relation to any litigation or other action
described in subsection D.(5) of this Exhibit F to the extent applicable: (1)the cost of providing
affected individuals with credit monitoring services for a specific period not to exceed 12 months, to
the extent the incident could lead to a compromise of the data subject's credit or credit standing; (2)
call center support for such affected individuals for a specific period not to exceed 30 days; and (3)
the cost of any measures required under applicable laws.
E. Oversight of Security Compliance.
(1)The Contractor shall have and maintain a written information security policy that
specifies Security Safeguards appropriate to the size and complexity of the Contractor's operations
and the nature and scope of its activities.
(2) Upon the County's written request, to confirm the Contractor's compliance with this
F-7
Exhibit F
Exhibit F, as well as any applicable laws, regulations and industry standards, the Contractor grants
the County or, upon the County's election, a third party on the County's behalf, permission to
perform an assessment, audit, examination or review of all controls in the Contractor's physical and
technical environment in relation to all Personal Information that is Used by the Contractor pursuant
to this Agreement. The Contractor shall fully cooperate with such assessment, audit or
examination, as applicable, by providing the County or the third party on the County's behalf,
access to all Authorized Employees and other knowledgeable personnel, physical premises,
documentation, infrastructure and application software that is Used by the Contractor for Personal
Information pursuant to this Agreement. In addition, the Contractor shall provide the County with
the results of any audit by or on behalf of the Contractor that assesses the effectiveness of the
Contractor's information security program as relevant to the security and confidentiality of Personal
Information Used by the Contractor or Authorized Persons during the course of this Agreement
under this Exhibit F.
(3)The Contractor shall ensure that all Authorized Persons who Use Personal Information
agree to the same restrictions and conditions in this Exhibit F. that apply to the Contractor with
respect to such Personal Information by incorporating the relevant provisions of these provisions
into a valid and binding written agreement between the Contractor and such Authorized Persons,
or amending any written agreements to provide same.
F. Return or Destruction of Personal Information.
Upon the termination of this Agreement, the Contractor shall, and shall instruct all
Authorized Persons to, promptly return to the County all Personal Information, whether in written,
electronic or other form or media, in its possession or the possession of such Authorized Persons,
in a machine readable form used by the County at the time of such return, or upon the express
prior written consent of the Director, securely destroy all such Personal Information, and certify in
writing to the County that such Personal Information have been returned to the County or disposed
of securely, as applicable. If the Contractor is authorized to dispose of any such Personal
Information, as provided in this Exhibit F, such certification shall state the date, time, and manner
(including standard) of disposal and by whom, specifying the title of the individual. The Contractor
F-8
Exhibit F
shall comply with all reasonable directions provided by the Director with respect to the return or
disposal of Personal Information and copies thereof. If return or disposal of such Personal
Information or copies of Personal Information is not feasible, the Contractor shall notify the County
accordingly, specifying the reason, and continue to extend the protections of this Exhibit F to all
such Personal Information and copies of Personal Information. The Contractor shall not retain any
copy of any Personal Information after returning or disposing of Personal Information as required
by this section F. The Contractor's obligations under this section F survive the termination of this
Agreement and apply to all Personal Information that the Contractor retains if return or disposal is
not feasible and to all Personal Information that the Contractor may later discover.
G. Equitable Relief.
The Contractor acknowledges that any breach of its covenants or obligations set forth in
this Exhibit F may cause the County irreparable harm for which monetary damages would not be
adequate compensation and agrees that, in the event of such breach or threatened breach, the
County is entitled to seek equitable relief, including a restraining order, injunctive relief, specific
performance and any other relief that may be available from any court, in addition to any other
remedy to which the County may be entitled at law or in equity. Such remedies shall not be
deemed to be exclusive but shall be in addition to all other remedies available to the County at law
or in equity or under this Agreement.
H. Indemnification.
The Contractor shall defend, indemnify and hold harmless the County, its officers,
employees, and agents, (each, a "County Indemnitee")from and against any and all infringement
of intellectual property including, but not limited to infringement of copyright, trademark, and trade
dress, invasion of privacy, information theft, and extortion, unauthorized Use, Disclosure, or
modification of, or any loss or destruction of, or any corruption of or damage to, Personal
Information, Security Breach response and remedy costs, credit monitoring expenses, forfeitures,
losses, damages, liabilities, deficiencies, actions,judgments, interest, awards, fines, and penalties
(including regulatory fines and penalties), costs or expenses of whatever kind, including attorney's
fees and costs, the cost of enforcing any right to indemnification or defense under the Agreement
F-9
Exhibit F
and the cost of pursuing any insurance providers, arising out of or resulting from any third party
claim or action against any County Indemnitee in relation to the Contractor's, its officers,
employees, or agents, or any Authorized Employee's or Authorized Person's, performance or
failure to perform under this Exhibit F or arising out of or resulting from the Contractor's failure to
comply with any of its obligations under this section H. The provisions of this section H do not apply
to the acts or omissions of the County. The provisions of this section H are cumulative to any other
obligation of the Contractor to, defend, indemnify, or hold harmless any County Indemnity under
this Agreement. The provisions of this section H shall survive the termination of this Agreement.
I. Survival.
The respective rights and obligations of the Contractor and the County as stated in this
Exhibit F shall survive the termination of this Agreement.
J. No Third Party Beneficiary.
Nothing express or implied in the provisions of in this Exhibit F is intended to confer, nor
shall anything herein confer, upon any person other than the County or the Contractor and their
respective successors or assignees, any rights, remedies, obligations or liabilities whatsoever.
L. No County Warranty.
The County does not make any warranty or representation whether any Personal
Information in the Contractor's (or any Authorized Person's) possession or control, or Use by the
Contractor(or any Authorized Person), pursuant to the terms of this Agreement is or will be secure
from unauthorized Use, or a Security Breach or Privacy Practices Complaint.
F-10
Exhibit G
Health Insurance Portability and Accountability Act (HIPAA)
1. The County is a "Covered Entity," and the Contractor is a "Business Associate," as
these terms are defined by 45 CFR 160.103. In connection with providing services under the
Agreement, the parties anticipate that the Contractor will create and/or receive Protected Health
Information ("PHI")from or on behalf of the County. The parties enter into this Business Associate
Agreement (BAA)to comply with the Business Associate requirements of HIPAA, to govern the
use and disclosures of PHI under this Agreement. "HIPAA Rules" shall mean the Privacy, Security,
Breach Notification, and Enforcement Rules at 45 CFR Parts 160 and 164. The parties to this
Agreement shall be in strict conformance with all applicable federal and State of California laws
and regulations, including, but not limited to California Welfare and Institutions Code sections 5328,
10850, and 14100.2 et seq.; 42 CFR 2; 42 CFR 431; California Civil Code section 56 et seq.; the
Health Insurance Portability and Accountability Act of 1996, as amended ("HIPAA"), including, but
not limited to, 45 CFR Parts160, 45 CFR 162, and 45 CFR 164; the Health Information Technology
for Economic and Clinical Health Act ("HITECH") regarding the confidentiality and security of
patient information, including, but not limited to 42 USC 17901 et seq.; and the Genetic Information
Nondiscrimination Act ("GINA") of 2008 regarding the confidentiality of genetic information.
Except as otherwise provided in this Agreement, the Contractor, as a business
associate of the County, may use or disclose Protected Health Information ("PHI") to perform
functions, activities or services for or on behalf of the County, as specified in this Agreement,
provided that such use or disclosure shall not violate HIPAA Rules. The uses and disclosures of
PHI may not be more expansive than those applicable to the County, as the "Covered Entity"
under the HIPAA Rules, except as authorized for management, administrative or legal
responsibilities of the Contractor.
2. The Contractor, including its subcontractors and employees, shall protect from
unauthorized access, use, or disclosure of names and other identifying information, including
genetic information, concerning persons receiving services pursuant to this Agreement, except
where permitted in order to carry out data aggregation purposes for health care operations [45
CFR§§ 164.504(e)(2)(i), 164.504(e)(2)(ii)(A), and 164.504(e)(4)(i)]. This pertains to any and all
persons receiving services pursuant to a County-funded program. This requirement applies to
electronic PHI. The Contractor shall not use such identifying information or genetic information for
any purpose other than carrying out the Contractor's obligations under this Agreement.
3. The Contractor, including its subcontractors and employees, shall not disclose any
such identifying information or genetic information to any person or entity, except as otherwise
specifically permitted by this Agreement, authorized by Subpart E of 45 CFR Part 164 or other law,
required by the Secretary of the United States Department of Health and Human Services
("Secretary"), or authorized by the client/patient in writing. In using or disclosing PHI that is
permitted by this Agreement or authorized by law, the Contractor shall make reasonable efforts to
limit PHI to the minimum necessary to accomplish intended purpose of use, disclosure or request.
4. For purposes of the above sections, identifying information shall include, but not be
limited to, name, identifying number, symbol, or other identifying particular assigned to the
individual, such as fingerprint or voiceprint, or photograph.
5. For purposes of the above sections, genetic information shall include genetic tests
of family members of an individual or individual(s), manifestation of disease or disorder of family
members of an individual, or any request for or receipt of genetic services by individual or family
G-1
Exhibit G
members. Family member means a dependent or any person who is first, second, third, or fourth
degree relative.
6. The Contractor shall provide access, at the request of the County, and in the time
and manner designated by the County, to PHI in a designated record set (as defined in 45 CFR §
164.501), to an individual or to COUNTY in order to meet the requirements of 45 CFR§ 164.524
regarding access by individuals to their PHI. With respect to individual requests, access shall be
provided within thirty (30) days from request. Access may be extended if the Contractor cannot
provide access and provides the individual with the reasons for the delay and the date when
access may be granted. PHI shall be provided in the form and format requested by the individual
or the County.
The Contractor shall make any amendment(s) to PHI in a designated record set
at the request of the County or individual, and in the time and manner designated by the County
in accordance with 45 CFR § 164.526.
The Contractor shall provide to the County or to an individual, in a time and
manner designated by the County, information collected in accordance with 45 CFR § 164.528,
to permit the County to respond to a request by the individual for an accounting of disclosures of
PHI in accordance with 45 CFR § 164.528.
7. The Contractor shall report to the County, in writing, any knowledge or
reasonable belief that there has been unauthorized access, viewing, use, disclosure, security
incident, or breach of unsecured PHI not permitted by this Agreement of which the Contractor
becomes aware, immediately and without reasonable delay and in no case later than two (2)
business days of discovery. Immediate notification shall be made to the County's Information
Security Officer and Privacy Officer and the County's Department of Public Health ("DPH")
HIPAA Representative, within two (2) business days of discovery. The notification shall include,
to the extent possible, the identification of each individual whose unsecured PHI has been, or is
reasonably believed to have been, accessed, acquired, used, disclosed, or breached. The
Contractor shall take prompt corrective action to cure any deficiencies and any action pertaining
to such unauthorized disclosure required by applicable federal and State laws and regulations.
The Contractor shall investigate such breach and is responsible for all notifications required by
law and regulation or deemed necessary by the County and shall provide a written report of the
investigation and reporting required to the County's Information Security Officer and Privacy
Officer and the County's DPH HIPAA Representative.
This written investigation and description of any reporting necessary shall be
postmarked within the thirty (30) working days of the discovery of the breach to the
addresses below:
County of Fresno County of Fresno County of Fresno
Department of Public Health Department of Public Health Department of Internal
HIPAA Representative Privacy Officer Services
(559) 600-6439 (559) 600-6405 Information Security Officer
P.O. Box 11867 P.O. Box 11867 (559) 600-5800
Fresno, California 93775 Fresno, California 93775 2048 North Fine Street
Fresno, California 93727
8. The Contractor shall make its internal practices, books, and records relating to
the use and disclosure of PHI received from the County, or created or received by the
G-2
Exhibit G
Contractor on behalf of the County, in compliance with Parts the HIPAA Rules. The Contractor
shall make its internal practices, books, and records relating to the use and disclosure of PHI
received from the County, or created or received by the Contractor on behalf of the County,
available to the Secretary upon demand.
The Contractor shall cooperate with the compliance and investigation reviews conducted
by the Secretary. PHI access to the Secretary must be provided during the Contractor's normal
business hours; however, upon exigent circumstances access at any time must be granted.
Upon the Secretary's compliance or investigation review, if PHI is unavailable to the Contractor
and in possession of a subcontractor of the Contractor, the Contractor must certify to the
Secretary its efforts to obtain the information from the subcontractor.
9. Safeguards
The Contractor shall implement administrative, physical, and technical safeguards as
required by the HIPAA Security Rule, Subpart C of 45 CFR Part 164, that reasonably and
appropriately protect the confidentiality, integrity, and availability of PHI, including electronic
PHI, that it creates, receives, maintains or transmits on behalf of the County and to prevent
unauthorized access, viewing, use, disclosure, or breach of PHI other than as provided for by
this Agreement. The Contractor shall conduct an accurate and thorough assessment of the
potential risks and vulnerabilities to the confidentiality, integrity and availability of electronic PHI.
The Contractor shall develop and maintain a written information privacy and security program
that includes administrative, technical and physical safeguards appropriate to the size and
complexity of the Contractor's operations and the nature and scope of its activities. Upon the
County's request, the Contractor shall provide the County with information concerning such
safeguards.
The Contractor shall implement strong access controls and other security safeguards
and precautions in order to restrict logical and physical access to confidential, personal (e.g.,
PHI) or sensitive data to authorized users only. Said safeguards and precautions shall include
the following administrative and technical password controls for all systems used to process or
store confidential, personal, or sensitive data:
A. Passwords must not be:
(1) Shared or written down where they are accessible or recognizable by anyone
else; such as taped to computer screens, stored under keyboards, or visible
in a work area;
(2) A dictionary word; or
(3) Stored in clear text
B. Passwords must be:
(1) Eight (8) characters or more in length;
(2) Changed every ninety (90) days;
(3) Changed immediately if revealed or compromised; and
(4) Composed of characters from at least three (3) of the following four (4)
groups from the standard keyboard:
a) Upper case letters (A-Z);
b) Lowercase letters (a-z);
c) Arabic numerals (0 through 9); and
d) Non-alphanumeric characters (punctuation symbols).
G-3
Exhibit G
The Contractor shall implement the following security controls on each workstation or
portable computing device (e.g., laptop computer) containing confidential, personal, or sensitive
data:
1. Network-based firewall and/or personal firewall;
2. Continuously updated anti-virus software; and
3. Patch management process including installation of all operating system/software
vendor security patches.
The Contractor shall utilize a commercial encryption solution that has received RIPS
140-2 validation to encrypt all confidential, personal, or sensitive data stored on portable
electronic media (including, but not limited to, compact disks and thumb drives) and on portable
computing devices (including, but not limited to, laptop and notebook computers).
The Contractor shall not transmit confidential, personal, or sensitive data via e-mail or
other internet transport protocol unless the data is encrypted by a solution that has been
validated by the National Institute of Standards and Technology (NIST) as conforming to the
Advanced Encryption Standard (AES) Algorithm. The Contractor must apply appropriate
sanctions against its employees who fail to comply with these safeguards. The Contractor must
adopt procedures for terminating access to PHI when employment of employee ends.
10. Mitigation of Harmful Effects
The Contractor shall mitigate, to the extent practicable, any harmful effect that is
suspected or known to the Contractor of an unauthorized access, viewing, use, disclosure, or
breach of PHI by the Contractor or its subcontractors in violation of the requirements of these
provisions. The Contractor must document suspected or known harmful effects and the
outcome.
11. The Contractor's Subcontractors
The Contractor shall ensure that any of its contractors, including subcontractors, if
applicable, to whom the Contractor provides PHI received from or created or received by the
Contractor on behalf of the County, agree to the same restrictions, safeguards, and conditions
that apply to the Contractor with respect to such PHI and to incorporate, when applicable, the
relevant provisions of these provisions into each subcontract or sub-award to such agents or
subcontractors.
Nothing in this section 11 or this Exhibit G authorizes the Contractor to perform services
under this Agreement using subcontractors.
12. Employee Training and Discipline
The Contractor shall train and use reasonable measures to ensure compliance with the
requirements of these provisions by employees who assist in the performance of functions or
activities on behalf of the County under this Agreement and use or disclose PHI, and discipline
such employees who intentionally violate any provisions of these provisions, which may include
termination of employment.
13. Termination for Cause
Upon the County's knowledge of a material breach of these provisions by the Contractor,
the County will either:
A. Provide an opportunity for the Contractor to cure the breach or end the
violation, and the County may terminate this Agreement if the Contractor does not cure the
breach or end the violation within the time specified by the County; or
G-4
Exhibit G
B. Immediately terminate this Agreement if the Contractor has breached a
material term of this Exhibit G and cure is not possible, as determined by the County.
C. If neither cure nor termination is feasible, the County's Privacy Officer will
report the violation to the Secretary of the U.S. Department of Health and Human Services.
14. Judicial or Administrative Proceedings
The County may terminate this Agreement if: (1) the Contractor is found guilty in a
criminal proceeding for a violation of the HIPAA Privacy or Security Laws or the HITECH Act; or
(2) there is a finding or stipulation in an administrative or civil proceeding in which the Contractor
is a party that the Contractor has violated a privacy or security standard or requirement of the
HITECH Act, HIPAA or other security or privacy laws.
15. Effect of Termination
Upon termination or expiration of this Agreement for any reason, the Contractor shall
return or destroy all PHI received from the County (or created or received by the Contractor on
behalf of the County) that the Contractor still maintains in any form, and shall retain no copies of
such PHI. If return or destruction of PHI is not feasible, the Contractor shall continue to extend
the protections of these provisions to such information, and limit further use of such PHI to those
purposes that make the return or destruction of such PHI infeasible. This provision applies to
PHI that is in the possession of subcontractors or agents, if applicable, of the Contractor. If the
Contractor destroys the PHI data, a certification of date and time of destruction shall be
provided to the County by the Contractor.
16. Compliance with Other Laws
12.17 To the extent that other state and/or federal laws provide additional, stricter
and/or more protective privacy and/or security protections to PHI or other confidential
information covered under this BAA, the Contractor agrees to comply with the more protective of
the privacy and security standards set forth in the applicable state or federal laws to the extent
such standards provide a greater degree of protection and security than HIPAA Rules or are
otherwise more favorable to the individual.
17. Disclaimer
The County makes no warranty or representation that compliance by the Contractor with
these provisions, the HITECH Act, or the HIPAA Rules, will be adequate or satisfactory for the
Contractor's own purposes or that any information in the Contractor's possession or control, or
transmitted or received by the Contractor, is or will be secure from unauthorized access,
viewing, use, disclosure, or breach. The Contractor is solely responsible for all decisions made
by the Contractor regarding the safeguarding of PHI.
18. Amendment
The parties acknowledge that Federal and State laws relating to electronic data security
and privacy are rapidly evolving and that amendment of this Exhibit G may be required to
provide for procedures to ensure compliance with such developments. The parties specifically
agree to take such action as is necessary to amend this agreement in order to implement the
standards and requirements of the HIPAA Rules, the HITECH Act and other applicable laws
relating to the security or privacy of PHI. The County may terminate this Agreement upon thirty
(30) days written notice in the event that the Contractor does not enter into an amendment
providing assurances regarding the safeguarding of PHI that the County in its sole discretion,
deems sufficient to satisfy the standards and requirements of the HIPAA Rules, and the
G-5
Exhibit G
HITECH Act.
19. No Third-Party Beneficiaries
Nothing expressed or implied in the provisions of this Exhibit G is intended to confer, and
nothing in this Exhibit G does confer, upon any person other than the County or the
Contractor and their respective successors or assignees, any rights, remedies, obligations or
liabilities whatsoever.
20. Interpretation
The provisions of this Exhibit G shall be interpreted as broadly as necessary to
implement and comply with the HIPAA Rules, and applicable State laws. The parties agree that
any ambiguity in the terms and conditions of these provisions shall be resolved in favor of a
meaning that complies and is consistent with the HIPAA Rules.
21. Regulatory References
A reference in the terms and conditions of these provisions to a section in the HIPAA
Rules means the section as in effect or as amended.
22. Survival
The respective rights and obligations of the Contractor as stated in this Exhibit G survive
the termination or expiration of this Agreement.
23. No Waiver of Obligation
Change, waiver or discharge by the County of any liability or obligation of the Contractor
under this Exhibit G on any one or more occasions is not a waiver of performance of any
continuing or other obligation of the Contractor and does not prohibit enforcement by the County
of any obligation on any other occasion.
G-6
Exhibit H
Subject: Hostage Situations
4 Page: 1 of 2
Date Originated: April 1, 2004
Date Revised: February 1, 2008
Authority: Title 15; Section 1327;
California Code of Regulations
It is imperative for the safety and security of all persons within Juvenile Justice Campus (JJC)
facilities, as well as for those in the community, that minors are not allowed to leave the secure
confines of the facilities by the taking of a hostage(s). If successful in securing a release through
these means minors would be much more likely in the future to use this practice again in an attempt
to escape the confines of the facilities. This would put those visiting and working at the JJC at higher
level of risk and would jeopardize the safety of the community if the minor was in fact successful in
securing his/her release.
The JJC is a "no-hostage" facility. This means that minors will not be released from custody under
any circumstances due to the taking of a hostage(s). Any staff person taken hostage, no matter what
their rank or status, immediately loses their authority and any orders issued by that person will not be
followed.
I. HOSTAGE SITUATION PROCEDURES
A. If any minor(s) and/or other person(s) in the facility attempt to hold any person hostage, and
they do not respond to verbal commands to stop staff will immediately notify the Watch
Commander. He/she will respond to the location and assess the situation. If a hostage
situation is in progress the Watch Commander will:
1. Summon assistance from other officers as required.
2. Establish a secure perimeter around the hostage takers and allow no one to pass into
it for any reason without authorization. Risks should not be taken that might allow the
taking of additional hostages.
3. Evacuate all non-essential persons at the scene to a safe location or any housing pod
that is not directly involved in the incident.
4. Direct officers to place minors in uninvolved housing pods in their rooms and have
them remain there until directed otherwise. Minors outside of housing pods will remain
in place under officer supervision until it is safe to return to their respective housing
pods or any housing pod that is not directly involved in the incident.
5. Immediately notify the Director or the Probation Services Manager/Assistant Director
in his/her absence and confer with higher authority as to action to be taken.
Administration in turn will notify the Chief.
B. The Fresno Sheriff's Dispatch Center (488-3111) will be notified immediately and a request
for a trained hostage negotiator and other emergency personnel will be made as needed.
Prior to the arrival of the Sheriff Department's hostage negotiator the Watch Commander will
attempt to ascertain:
1. The number and identity of both the hostages and hostage takers;
H-1
Exhibit H
Subject: Hostage Situation
Policy #: 326.0
2. Any known weapons possessed by the hostage takers;
3. The demands of the hostage takers.
C. The Watch Commander will retain and direct departing custody officers, as well as,
available Probation peace officer staff to assist with security and safety needs, as
necessary. Additional Juvenile Correctional Officers should be called in as may be
needed to insure the safe and secure operation of the facility.
D. The Watch Commander will coordinate with the Sheriff's Department all activities taken
to resolve the hostage situation, including the use of appropriate force, and will maintain
control of the facility until relieved of that duty by the presence of a Probation Services
Manager/Assistant Director, Director, or the Chief Probation Officer.
E. Once the hostage situation has been resolved the minors involved should be housed in
the most secure setting available and all appropriate charges should be filed.
F. Each officer and/or non-sworn staff member who was involved or observed the incident
will complete an incident report and if required, the appropriate critical incident evaluation
report(s) regarding the details of the incident prior to the end of his/her shift. (See Incident
Report, located in JAS Probation View, under "Word Templates".)
G. The Watch Commander will prepare a Critical Incident Investigation Report, using the
Critical Incident Evaluation Report- Page 2 report form and the critical incident evaluation
report(s) completed by the reporting persons at the time of the incident.
II. PARENTAL AND MEDIA INFORMATION
A. Attempts will be made at the direction of Administration to reach the families of the
hostages to advise them of the situation. Notification will also be made to the parents of
the hostage takers as deemed appropriate.
B. All media inquiries will be referred to the Chief's office per departmental policy.
III. SECURITY AND OPERATIONAL REVIEW
A. Once the incident has been resolved a team will be established to conduct a security and
operational review of the incident. The review will be conducted within 2 days of the resolution of the
incident. The review team will be comprised of the facility administrator and/or facility Director,
Probation Services Manager/Assistant Director and Supervising Juvenile Correctional Officers who
are relevant to the incident. The team will review the circumstances leading up to the incident and
any necessary corrective action necessary to ensure that such an incident does not repeat itself.
H-2
Exhibit I
BACKGROUND INVESTIGATIONS AND
IDENTIFICATION (ID) BADGES
Background Investigations
Prior to the beginning of any services, one (1) background check may be required for every member of
the Contractor's personnel providing services to a building location for the life of the agreement. The
background check may be required before access is given to any County facility/property. Clearance will
only be granted after a successful background check, completed by the County of Fresno Sheriff's
Department. Background checks provided by any agency other than the County of Fresno Sheriff's
Department will not be accepted.
The current cost of a background check is $52 per person. This cost will be incurred by the successful
Bidder. One check covering the cost of background checks for all employees shall be made payable to:
Sheriff, County of Fresno. The successful bidder will be notified regarding the result of background
checks. Those that are accepted will report to County of Fresno Security to have their photo taken and ID
badge issued.
Background checks are done on a first-come, first serve basis between the hours of 7:00 a.m and 12:00
noon. Monday through Friday. The process takes approximately 20 minutes time. The amount of time it
takes to receive the result of background checks varies from one day to a month (or longer), dependent
upon the individual's history.
Individuals who are cleared through this process are entered into the Department of Justice database.
Their records are flagged and the County of Fresno Sheriff's Department is notified if the person is ever
arrested in the future.
When required by County, applicants' background checks must be approved prior to entering any County
facility. Approval will not be granted to any individual possessing any of the following circumstances:
1. They have been convicted of a felony, or any crime involving moral turpitude, or carrying or
possessing a dangerous weapon.
2. They have ever been charged with a felony or are currently under investigation for a felony.
3. They are charged with or convicted of any crime committed in or at a correctional institution.
4. They are currently on parole or probation or are a sentenced inmate at any correctional facility.
5. They have been refused a license as a private investigator or had such license revoked.
6. They have fraudulently represented themselves,their credentials,their employment or their
criminal or arrest record on their application.
7. Make omissions or false statements on their application.
8. They have no valid reason for entering a facility.
9. Their admission into a facility could represents a threat to security,staff or inmate safety.
10. Further information regarding the criteria for background check clearance, including an appeal
for process for someone who may be denied clearance is available upon request.
I-1
Identification (ID) Badges
The successful bidder's employees will be issued a badge that must be worn and be visible at all times
during performance of work in any County building to identify the wearer as an individual who is authorized
to enter County facilities.
1. ID badges will be given only after successfully completing the background investigation. ID
badges will be issued when the photo is taken. If electronic access to any County facility is
required, activation of the badge may take an additional 48 hours to complete.
2. The wearer will not escort or bring any other individuals into any County facilities. County issued
ID badges are for the exclusive use of the individual named and pictured on the badge.
3. All ID badges will remain the property of the County and are returnable upon demand or upon
the expiration of the contract. The successful Bidder will be responsible for collecting all ID
badges issued and turning them in to the County Security Office when a contract ends or when
an employee leaves employment.The Bidder will assumes all responsibility for their employee's
use of and the return of the County ID badges.
4. The ID badges will only be issued to individuals passing the Background check. Each individual
will need to present themselves in person with a valid, clean, and legible copy of a Driver's
license or State issued Identification Card to receive an ID badge.
1-2