The URL can be used to link to this page

Home My WebLink AboutAgreement A-24-224 with Netsmart Technologies Inc..pdf Agreement No. 24-224 1 SERVICE AGREEMENT 2 This Service Agreement ("Agreement") is dated May 21, 2024 and is between 3 Netsmart Technologies, Inc., a Delaware corporation ("Contractor"), and the County of Fresno, 4 a political subdivision of the State of California ("County"). 5 Recitals 6 A. The County previously purchased a computer-based information system from the 7 Contractor for client registration, referral, client service tracking, quality assurance, scheduling, 8 billing, and reporting for the County's Department of Public Health ("myAvatar"), including the 9 Clinicians Workstation software applications and the Mobile Module System ("CWS"), and the 10 Orchard Laboratory Information Management System ("LIMS"). 11 B. The Contractor has provided maintenance and support for the System under several 12 prior agreements with the County. 13 C. The County desires to execute this Agreement for the continued maintenance and 14 support for the system. 15 The parties therefore agree as follows: 16 Article 1 17 Contractor's Services 18 1.1 Scope of Services. The Contractor shall perform all of the services provided in 19 Exhibit A to this Agreement. 20 1.2 Representation. The Contractor represents that it is qualified, ready, willing, and 21 able to perform all of the services provided in this Agreement. 22 1.3 Compliance with Laws. The Contractor shall, at its own cost, comply with all 23 applicable federal and state laws and regulations in the performance of its obligations under this 24 Agreement, including but not limited to workers compensation, labor, and confidentiality laws 25 and regulations. 26 1.4 License Term. The term of the Software license (as defined in Exhibit A) is non- 27 perpetual. However, the County shall be entitled to Software updates, upgrades, 28 enhancements, new versions, bug fixes, other improvements to the Software, as and when 1 1 released by the Contractor to Contractor's customers, and access to the Software, and to 2 technical assistance relating to the Software, for the Term described in this Agreement. 3 Contractor hereby grants to County, at no additional cost, a royalty-free, non-perpetual non- 4 transferable license to use the Contractor's Products and Services (as defined in Exhibit A) in 5 object code only for County's internal business purposes (and not to process the data of any 6 other entity or agency, except to the extent the other entity or agency uses the County's public 7 facing site), as well as to support the number of County databases and the number of named 8 users of the Contractor. 9 1.5 Patent Indemnity. In the event of a claim of alleged infringement of patent rights, 10 copyright, trade secret rights, or intellectual property rights, to the fullest extent permitted by law, 11 the Contractor agrees to and shall indemnify, save, hold harmless, and at County's request, 12 defend County (including its officers, officials, agents, employees and volunteers) from and 13 against any and all demands, costs and expenses, penalties, attorney's fees and court costs, 14 damages of any nature whatsoever (including, without limitation, injury or damage to or loss or 15 destruction of property), judgments (including, without limitation, amounts paid in settlement and 16 amounts paid to discharge judgments), liabilities, claims and losses, suits, actions or 17 proceedings of every name, kind and description occurring or resulting to County, out of or in 18 connection with any claim that is based on the infringement (or assertions of infringement) of 19 any of patent rights, copyright, trade secret rights, or intellectual property rights with respect to 20 the Contractor Products and/or Services, including, but not limited to, their materials, designs, 21 techniques, processes and information supplied or used by the Contractor performing or 22 providing any portion of the Contractor Products and/or Services. If, in any suit, action, 23 proceeding or claim relating to the foregoing, a temporary restraining order or preliminary 24 injunction is granted, the Contractor shall make every reasonable effort to secure the 25 suspension of the injunction or restraining order. If, in any such suit, action proceeding or claim, 26 the Contractor Products and/or Services or any part, combination or process thereof, is held to 27 constitute an infringement and its use is enjoined, the Contractor shall, at its own cost and 28 without impairing performance requirements of the Contractor Products and/or Services, 2 1 immediately (a) pay the reasonable direct out-of-pocket costs and expenses to secure for the 2 County a license, at no cost to the County, to use such infringing work, replace the infringing 3 work or modify the same so that it becomes non-infringing, and (b) make every reasonable 4 effort to secure for the County a license, at no cost to County, authorizing County's continued 5 use of the infringing work. If the Contractor is unable to secure such license within a reasonable 6 time, the Contractor, at its own cost and without impairing performance requirements of the 7 Contractor Products and/or Services, shall either replace the affected Contractor Products 8 and/or Services, or part, combination or process thereof, with non-infringing components or 9 parts or modify the same so that they become non-infringing. This section survives the 10 termination of this Agreement. 11 1.6 Coordination of Work. Contractor shall coordinate all work with County to minimize 12 any interruptions to the normal operation of County operations, through the appointee as 13 identified in Section 1 of Article 2 of this Agreement. 14 1.7 Infringement. Contractor further represents and warrants that it has the right to 15 grant the licenses granted to County hereunder and that the services provided under this 16 Agreement do not infringe upon or violate the United States patent of rights of any third party 17 and do not infringe upon or violate the copyright, or trade secret right of any third party. This 18 Section survives the termination of this agreement. 19 1.8 Viruses & Disabling Mechanisms. Contractor shall use commercially reasonable, 20 diligent measures to screen the licensed programs provided under this Agreement to avoid 21 introducing, or coding of, any virus or other destructive programming designed to permit 22 unauthorized access or use by third parties to the software installed on County's systems (as 23 defined in Exhibit A), or to disable or damage the County's systems (each, a "Virus"). Without 24 limiting the rights and remedies of the County, in the event any Virus is introduced into the 25 County's systems through any of the licensed programs provided under this Agreement, 26 whether or not such introduction is attributable to the Contractor (including the Contractor's 27 failure to perform its obligations under this Agreement), the Contractor shall, as soon as 28 practicable, use its diligent, commercially reasonable efforts to assist the County in eliminating 3 1 the effects of the Virus, and if the Virus causes a loss of operational efficiency or loss of data, 2 and upon the County's request, Contractor will, diligently work as soon as practicable to contain 3 and remedy the problem and to restore lost data resulting from the introduction of such Virus. 4 Contractor shall not insert into any of the licensed programs provided in this Agreement any 5 code or other device that would have the effect of disabling or otherwise shutting down all or 6 any portion of the licensed programs. Contractor shall not invoke such code or other device at 7 any time, including upon expiration or termination of this Agreement for any reason. This 8 section survives the termination of this Agreement. 9 1.9 ADA Compliance. Contractor's Products and Services shall be in Compliance with 10 the Americans with Disabilities Act of 1990 (ADA) shall be the sole responsibility of the 11 Contractor. Contractor shall indemnify, defend, and hold County (including its officers, agents, 12 employees, and volunteers) harmless from liability of any nature or kind, including damages, 13 costs and expenses (including attorney's fees and costs) arising from the Contractor's non- 14 compliance therewith, including compliance with ADA Section 508 of the Rehabilitation Act of 15 1973. This section survives the termination of this Agreement. 16 Article 2 17 County's Responsibilities 18 2.1 County Contractor Administrator. The County appoints the Director of Internal 19 Services/Chief Information Officer ("CIO"), or his or her designee, as the County's Contract 20 Administrator with full authority to deal with the Contractor in all matters concerning this 21 Agreement. 22 2.2 Notice to Proceed. County shall issue a Notice to Proceed for each Order or SOW, 23 (as defined in Exhibit A) for which County may desire, and shall issue any subsequent Change 24 Requests, which County may desire, for each Order or SOW, as applicable. 25 2.3 Written Acceptance. County shall provide a Written Acceptance of all Orders or 26 SOW's, upon the County's determination that the Contractor has fully performed under the 27 Order or SOW, at the end of an Order or SOW, as applicable. 28 4 1 2.4 Contractor Access. The County will ensure that Contractor's consultants have 2 access to County's network and systems as required during County's normal business hours, 3 which is 8AM to 5PM Monday through Friday, except for County holidays or when the Office of 4 the Clerk of the Board of Supervisors is officially closed to the public. 5 Article 3 6 Compensation, Invoices, and Payments 7 3.1 Compensation. The County agrees to pay, and Contractor agrees to receive, 8 compensation for the performance of its services under this Agreement as described in Exhibit 9 B to this Agreement. 10 3.2 Maximum Compensation. Pursuant to Article 4 of this Agreement, the term of this 11 Agreement for a three-year term, with two, optional 12-month extension periods. The total 12 maximum compensation payable to Contractor during the initial term of this Agreement is 13 $873,100. If this Agreement is extended for the first additional year as provided in Article 4, 14 below, the total maximum compensation payable to Contractor will increase to $1,148,159. If 15 this Agreement is extended for the second additional year as provided in Article 4, below, the 16 total maximum compensation payable to Contractor for Contractor Products and Services will 17 increase to $1,423,218. In the event the total maximum compensation amount in the Initial 18 Term, Year 4, and/or Year 5 is not fully expended, the remaining unspent funding amounts shall 19 roll over to each subsequent term's established maximum compensation. 20 The Contractor acknowledges that the County is a local government entity and does so with 21 notice that the County's powers are limited by the California Constitution and by State law, and 22 with notice that the Contractor may receive compensation under this Agreement only for 23 services performed according to the terms of this Agreement and while this Agreement is in 24 effect, and subject to the maximum amount payable under this section. The Contractor further 25 acknowledges that County employees have no authority to pay the Contractor except as 26 expressly provided in this Agreement. 27 3.3 Contractor Products and Services. The Contractor Products and Services are 28 purchased by County as subscriptions during an Order Term (as defined in Exhibit A) specified 5 1 in each Order, SOW, or Exhibit. Additional Contractor Products and Services, which may 2 include but is not limited to, licenses, modules, features, may be added, during an Order Term 3 (as described in 3.4 below.), to the System Software as determined necessary by the Contract 4 Administrator. 5 3.4 Annual Fees. Subject to Section 3.2, product setup and annual fees (as identified in 6 Exhibit B) are due for the first year of the Agreement, and then annually thereafter, and at the 7 beginning of any extended term within forty-five (45) days of receipt of invoice. Exhibit B of this 8 Agreement identifies the list of Products and Services used in this Agreement and a 9 discretionary budget available for additional Products and Services 10 3.5 Invoices. The Contractor shall submit invoices to the County of Fresno, Internal 11 Services Department, Attention: Business Office, 333 W. Pontiac Way, Clovis, CA 93612, 12 isabusinessottice(otresnocountvca.go . The Contractor shall submit each invoice within 60 days 13 after the month in which the Contractor performs services and in any case within 60 days after 14 the end of the term or termination of this Agreement. 15 3.6 Payment. The County shall pay each correctly completed and timely submitted 16 invoice within 45 days after receipt. The County shall remit any payment to the Contractor's 17 address specified in the invoice. 18 3.7 Incidental Expenses. The Contractor is solely responsible for all of its costs and 19 expenses that are not specified as payable by the County under this Agreement. 20 Article 4 21 Term of Agreement 22 4.1 Term. This Agreement is effective on March 25, 2024 and terminates three years 23 after that date, except as provided in section 4.2, "Extension," or Article 6, "Termination and 24 Suspension," below. 25 4.2 Extension. The term of this Agreement may be extended for no more than two (2), 26 one-year periods only upon the written approval of both parties at least 30 days before the first 27 day of the next one-year extension period. The Director of Internal Services/Chief Information 28 Officer or his or her designee is authorized to sign the written approval on behalf of the County 6 1 based on the Contractor's satisfactory performance. The extension of this Agreement by the 2 County is not a waiver or compromise of any default or breach of this Agreement by the 3 Contractor existing at the time of the extension whether or not known to the County. 4 Article 5 5 Notices 6 5.1 Contact Information. The persons and their addresses having authority to give and 7 receive notices provided for or permitted under this Agreement include the following: 8 For the County: 9 Director of Internal Services/Chief Information Officer County of Fresno 10 333 W. Pontiac Way Clovis, CA 93612 11 I�Uk UI ILI d.... ,,..,;snocountVca.gov 12 For the Contractor: Joseph McGovern, EVP 13 Netsmart Technologies, Inc. 11100 Nall Avenue 14 Overland Park, KS 66211 jmcgovern@ntst.com 15 Legal notices to be sent to: Contracts_Notice@ntst.com 16 5.2 Change of Contact Information. Either party may change the information in section 17 5.1 by giving notice as provided in section 5.3. 18 5.3 Method of Delivery. Each notice between the County and the Contractor provided 19 for or permitted under this Agreement must be in writing, state that it is a notice provided under 20 this Agreement, and be delivered either by personal service, by first-class United States mail, by 21 an overnight commercial courier service, by telephonic facsimile transmission, or by Portable 22 Document Format (PDF) document attached to an email. 23 (A) A notice delivered by personal service is effective upon service to the recipient. 24 (B) A notice delivered by first-class United States mail is effective three County 25 business days after deposit in the United States mail, postage prepaid, addressed to the 26 recipient. 27 (C)A notice delivered by an overnight commercial courier service is effective one 28 County business day after deposit with the overnight commercial courier service, 7 1 delivery fees prepaid, with delivery instructions given for next day delivery, addressed to 2 the recipient. 3 (D)A notice delivered by PDF document attached to an email is effective when 4 transmission to the recipient is completed (but, if such transmission is completed outside 5 of County business hours, then such delivery is deemed to be effective at the next 6 beginning of a County business day), provided that the sender maintains a machine 7 record of the completed transmission. 8 5.4 Claims Presentation. For all claims arising from or related to this Agreement, 9 nothing in this Agreement establishes, waives, or modifies any claims presentation 10 requirements or procedures provided by law, including the Government Claims Act (Division 3.6 11 of Title 1 of the Government Code, beginning with section 810). 12 Article 6 13 Termination and Suspension 14 6.1 Termination for Non-Allocation of Funds. The terms of this Agreement are 15 contingent on the approval of funds by the appropriating government agency. If sufficient funds 16 are not allocated, then the County, upon at least 30 days' advance written notice to the 17 Contractor, may: 18 (A) Negotiate a reduction in the services provided by the Contractor under this 19 Agreement; or 20 (B) Terminate this Agreement. 21 6.2 Termination for Breach. 22 (A) Upon determining that a breach (as defined in paragraph (C) below) has 23 occurred, the County may give written notice of the breach to the Contractor. The written 24 notice may suspend performance under this Agreement, and must provide at least 30 25 days for the Contractor to cure the breach. 26 (B) If the Contractor fails to cure the breach to the County's satisfaction within the 27 time stated in the written notice, the County may terminate this Agreement immediately. 28 8 1 (C) For purposes of this section, a breach occurs when, in the reasonable 2 determination of the County, the Contractor has: 3 (1) Obtained or used funds illegally or improperly; 4 (2) Failed to comply with any material terms of this Agreement; 5 (3) Submitted a substantially incorrect or incomplete report (specified under this 6 Agreement) to the County that results in direct damages to the County; or 7 (4) Improperly performed any of its material obligations under this Agreement. 8 6.3 Termination without Cause. In circumstances other than those set forth above, the 9 County CIO may terminate this Agreement by giving at least 30 days advance written notice to 10 the Contractor. 11 6.4 No Penalty or Further Obligation. Any termination of this Agreement by the County 12 under this Article 6 is without penalty to or further obligation of the County. 13 6.5 County's Rights upon Termination. Upon termination for breach under this Article 14 6, the County may demand repayment by the Contractor of any pre-paid monies disbursed to 15 the Contractor under this Agreement that, in the County's sole and reasonable judgment, were 16 not expended in compliance with this Agreement. The Contractor shall promptly refund all such 17 monies upon demand. This section survives the termination of this Agreement. 18 Article 7 19 Independent Contractor 20 7.1 Status. In performing under this Agreement, the Contractor, including its officers, 21 agents, employees, and volunteers, is at all times acting and performing as an independent 22 contractor, in an independent capacity, and not as an officer, agent, servant, employee, joint 23 venturer, partner, or associate of the County. 24 7.2 Verifying Performance. The County has no right to control, supervise, or direct the 25 manner or method of the Contractor's performance under this Agreement, but the County may 26 verify that the Contractor is performing according to the terms of this Agreement. 27 7.3 Benefits. Because of its status as an independent contractor, the Contractor has no 28 right to employment rights or benefits available to County employees. The Contractor is solely 9 1 responsible for providing to its own employees all employee benefits required by law. The 2 Contractor shall save the County harmless from all matters relating to the payment of 3 Contractor's employees, including compliance with Social Security withholding and all related 4 regulations. 5 7.4 Services to Others. The parties acknowledge that, during the term of this 6 Agreement, the Contractor may provide services to others unrelated to the County. 7 Article 8 8 Indemnity and Defense 9 8.1 Indemnity. The Contractor shall indemnify and hold harmless and defend the 10 County (including its officers, agents, employees, and volunteers) against all claims, demands, 11 injuries, damages, costs, expenses (including attorney fees and costs), fines, penalties, and 12 liabilities of any kind to the County, the Contractor, or any third party that arise from or relate to 13 the performance or failure to perform by the Contractor (or any of its officers, agents, 14 subcontractors, or employees) under this Agreement. The County may conduct or participate in 15 its own defense without affecting the Contractor's obligation to indemnify and hold harmless or 16 defend the County. 17 8.2 LIMITATION ON DAMAGES. EXCEPT FOR A BREACH OF THE LICENSE 18 RESTRICTIONS (Detailed in Exhibit A), IN NO EVENT WILL EITHER PARTY BE LIABLE TO 19 THE OTHER FOR ANY INDIRECT, INCIDENTAL, CONSEQUENTIAL, PUNITIVE, OR 20 EXEMPLARY DAMAGES. 21 8.3 LIMITATION ON CUMULATIVE LIABILITY. EXCEPT FOR INFRINGEMENT 22 INDEMNIFICATION OBLIGATIONS, THE MAXIMUM AGGREGATE LIABILITY OF 23 CONTRACTOR TO COUNTY FOR ANY ACTUAL OR ALLEGED DAMAGES ARISING OUT 24 OF, BASED ON OR RELATING TO THIS AGREEMENT, WHETHER BASED UPON BREACH 25 OF CONTRACT, TORT (INCLUDING NEGLIGENCE), WARRANTY OR ANY OTHER LEGAL 26 THEORY, WILL NOT EXCEED THE FEES PAID TO CONTRACTOR FOR THE IMPACTED 27 PRODUCTS AND SERVICES DURING THE PRIOR TWENTY-FOUR (24) MONTH PERIOD 28 PRECEDING THE EVENT GIVING RISE TO THE CAUSE OF ACTION. 10 1 8.4 EXCLUSIONS. The referenced limitation of liability will not apply to and Contractor 2 will fully indemnify County for: 3 County's actual out of pocket costs of notice, mitigation or remediation of any Breach of 4 Unsecured PHI to the extent arising out of any negligence by Contractor; and 5 Fines or penalties that are assessed against County by a state or federal regulatory agency 6 due to the Breach of Unsecured PHI to the extent arising out of any negligence by 7 Contractor. 8 8.5 Survival. This Article 8 survives the termination of this Agreement. 9 Article 9 10 Insurance 11 9.1 The Contractor shall comply with all the insurance requirements in Exhibit D to this 12 Agreement. 13 Article 10 14 Health Insurance Portability and Accountability Act 15 10.1 HIPAA. See Exhibit F to this Agreement, titled, "Health Insurance Portability and 16 Accountability Act (HIPAA)". 17 Article 11 18 Ownership of Data 19 11.1 Ownership of Data. The parties acknowledge and agree that all the County's data 20 (Data), is and shall remain the exclusive property of the County. The Contractor acknowledges 21 that in performing its obligations under the Agreement it may have access to the County's 22 networks and Data. The Contractor shall use and access such Data only as necessary for the 23 purpose of providing the services and supporting the Software as agreed. 24 11.2 Data Services. To the extent permitted by applicable law, Netsmart may (i) use and 25 disclose Data as necessary to perform, analyze and improve the Services; (ii) use and disclose 26 Data to provide data aggregation services as permitted by 45 C.F.R. § 164.504(e)(2)(i)(B), 27 including use for statistical compilations, reports and all other purposes allowed under 28 11 1 applicable law HIPAA and (iii) deidentify PHI in accordance with the standards set forth in 2 HIPAA and use and disclose such deidentified data. 3 4 11.3 Ownership of System Software. The parties acknowledge and agree that, as 5 between Contractor and County, title and full ownership of all rights in and to the System 6 Software, System Documentation (as defined in Exhibit A), and all other materials provided to 7 County by Contractor under the terms of this Agreement shall remain with Contractor. County 8 will take reasonable steps to protect trade secrets (as defined in Government Code Section 9 7924.510(f)) of the System Software and System Documentation, and which are identified as 10 such by Contractor. County may not disclose or make available to third parties the System 11 Software or System Documentation or any portion thereof, unless otherwise required by court 12 order. Contractor shall own all right, title and interest in and to all corrections, modifications, 13 enhancements, programs, and work product conceived, created or developed, alone or with 14 County or others, as a result of or related to the performance of this Agreement, including all 15 proprietary rights therein and based thereon. Except and to the extent expressly provided 16 herein, Contractor does not grant to County any right or license, express or implied, in or to the 17 System Software and System Documentation or any of the foregoing. The parties acknowledge 18 and agree that, as between Contractor and County, full ownership of all rights in and to all 19 County data, whether in magnetic or paper form, including without limitation printed output from 20 the System, are the exclusive property of County. 21 11.4 Contractor Intellectual Property Rights. Contractor shall grant a non-exclusive, 22 non-transferrable, and non-perpetual subscription license, at no additional cost, to County to 23 use the Contractor Products and Services to the extent allowed in the relevant Order or SOW 24 (Permitted Use). All rights not licensed are reserved to the Contractor and no rights may be 25 implied. The Contractor retains all intellectual property rights in the Software, and the County 26 agrees to implement software protection measures designed to prevent unauthorized use and 27 copying of the Software. 28 12 1 11.5 Data Sources. Data uploaded into Contractor Products and Services must be 2 brought in from County sources (interactions with end users and opt-in contact lists). County 3 cannot upload purchased contact information into Contractor Products and Services without 4 Contractor's written permission, which shall not be unreasonably withheld or delayed, and 5 professional services support for list cleansing. Contractor understands and acknowledges, 6 however, that County is a government agency and intends to use Contractor for the purpose of 7 publishing information required by law to be available to the public. 8 Article 12 9 Confidentiality & Data Security 10 12.1 Confidentiality. The County and the Contractor may have access to information that 11 the other considers to be a trade secret as defined in California Government Code section 12 7924.510(f). 13 12.2 Each party shall use the other's Information only to perform its obligations under, and 14 for the purposes of, the Agreement. Neither party shall use the Information of the other Party for 15 the benefit of a third party. Each Party shall maintain the confidentiality of all Information in the 16 same manner in which it protects its own information of like kind, but in no event shall either 17 Party take less than reasonable precautions to prevent the unauthorized disclosure or use of the 18 Information. 19 12.3 Contractor shall not disclose the County's data except to any third parties as 20 necessary to operate the Contractor Products and Services (provided that the Contractor 21 hereby grants to the County, at no additional cost, a non-perpetual, noncancelable, worldwide, 22 nonexclusive license to utilize any data, on an anonymous or aggregate basis only, that arises 23 from the use of the Contractor Products and Services by the Contractor, whether disclosed on, 24 subsequent to, or prior to the Effective Date, to improve the functionality of the Contractor 25 Products and Services and any other legitimate business purpose, subject to all legal 26 restrictions regarding the use and disclosure of such information). 27 12.4 Upon termination of the Agreement, or upon a Party's request, each Party shall 28 return to the other all Information of the other in its possession. All provisions of the Agreement 13 1 relating to confidentiality, ownership, and limitations of liability shall survive the termination of 2 the Agreement. 3 12.5 All services performed by Contractor shall be in strict conformance with all applicable 4 Federal, State of California, and/or local laws and regulations relating to confidentiality, including 5 but not limited to, California Civil Code, California Welfare and Institutions Code, California 6 Health and Safety Code, California Code of Regulations, and the Code of Federal Regulations. 7 12.6 Data Security. Contractor shall be responsible for the privacy and security 8 safeguards, as identified in Exhibit E, entitled "Data Security." To the extent required to carry out 9 the assessment and authorization process and continuous monitoring, to safeguard against 10 threats and hazards to the security, integrity, and confidentiality of any County data collected 11 and stored by the Contractor, Contractor shall afford the County access as necessary at 12 Contractor's reasonable discretion, to the Contractor's facilities, installations, and technical 13 capabilities. If new or unanticipated threats or hazards are discovered by either the County or 14 the Contractor, or if existing safeguards have ceased to function, the discoverer shall 15 immediately bring the situation to the attention of the other party. 16 17 Article 13 18 Inspections, Audits, and Public Records 19 13.1 Inspection of Documents. The Contractor shall make available to the County, and 20 the County may examine at any time during Business Hours and as often as the County deems 21 necessary, all of the Contractor's records and data with respect to the matters covered by this 22 Agreement, excluding attorney-Contractor privileged communications. The Contractor shall, 23 upon request by the County, permit the County to audit and inspect all of such records and data 24 to ensure the Contractor's compliance with the terms of this Agreement. 25 13.2 State Audit Requirements. If the compensation to be paid by the County under this 26 Agreement exceeds $10,000, the Contractor is subject to the examination and audit of the 27 California State Auditor, as provided in Government Code section 8546.7, for a period of three 28 14 1 years after final payment under this Agreement. This section survives the termination of this 2 Agreement. 3 13.3 Public Records. The County is not limited in any manner with respect to its public 4 disclosure of this Agreement or any record or data that the Contractor may provide to the 5 County. The County's public disclosure of this Agreement or any record or data that the 6 Contractor may provide to the County may include but is not limited to the following: 7 (A) The County may voluntarily, or upon request by any member of the public or 8 governmental agency, disclose this Agreement to the public or such governmental 9 agency. 10 (B) The County may voluntarily, or upon request by any member of the public or 11 governmental agency, disclose to the public or such governmental agency any record or 12 data that the Contractor may provide to the County, unless such disclosure is prohibited 13 by court order. 14 (C)This Agreement, and any record or data that the Contractor may provide to the 15 County, is subject to public disclosure under the Ralph M. Brown Act (California 16 Government Code, Title 5, Division 2, Part 1, Chapter 9, beginning with section 54950). 17 (D)This Agreement, and any record or data that the Contractor may provide to the 18 County, is subject to public disclosure as a public record under the California Public 19 Records Act (California Government Code, Title 1, Division 10, Chapter 3, beginning 20 with section 7920.200) ("CPRA") 21 (E) This Agreement, and any record or data that the Contractor may provide to the 22 County, is subject to public disclosure as information concerning the conduct of the 23 people's business of the State of California under California Constitution, Article 1, 24 section 3, subdivision (b). 25 (F) Any marking of confidentiality or restricted access upon or otherwise made with 26 respect to any record or data that the Contractor may provide to the County shall be 27 disregarded and have no effect on the County's right or duty to disclose to the public or 28 governmental agency any such record or data. 15 1 13.4 Public Records Act Requests. If the County receives a written or oral request 2 under the CPRA to publicly disclose any record that is in the Contractor's possession or control, 3 and which the County has a right, under any provision of this Agreement or applicable law, to 4 possess or control, then the County may demand, in writing, that the Contractor deliver to the 5 County, for purposes of public disclosure, the requested records that may be in the possession 6 or control of the Contractor. Within five business days after the County's demand, the 7 Contractor shall (a) deliver to the County all of the requested records that are in the Contractor's 8 possession or control, together with a written statement that the Contractor, after conducting a 9 diligent search, has produced all requested records that are in the Contractor's possession or 10 control, or (b) provide to the County a written statement that the Contractor, after conducting a 11 diligent search, does not possess or control any of the requested records. The Contractor shall 12 cooperate with the County with respect to any County demand for such records. If the 13 Contractor wishes to assert that any specific record or data is exempt from disclosure under the 14 CPRA or other applicable law, it must deliver the record or data to the County and assert the 15 exemption by citation to specific legal authority within the written statement that it provides to 16 the County under this section. The Contractor's assertion of any exemption from disclosure is 17 not binding on the County, but the County will give at least 10 days' advance written notice to 18 the Contractor before disclosing any record subject to the Contractor's assertion of exemption 19 from disclosure. The Contractor shall indemnify the County for any court-ordered award of costs 20 or attorney's fees under the CPRA that results from the Contractor's delay, claim of exemption, 21 failure to produce any such records, or failure to cooperate with the County with respect to any 22 County demand for any such records. 23 Article 14 24 Disclosure of Self-Dealing Transactions 25 14.1 Applicability. This Article 11 applies if the Contractor is operating as a corporation, 26 or changes its status to operate as a corporation. 27 14.2 Duty to Disclose. If any member of the Contractor's board of directors is party to a 28 self-dealing transaction, he or she shall disclose the transaction by completing and signing a 16 1 "Self-Dealing Transaction Disclosure Form" (Exhibit C to this Agreement) and submitting it to 2 the County before commencing the transaction or immediately after. 3 14.3 Definition. "Self-dealing transaction" means a transaction to which the Contractor is 4 a party and in which one or more of its directors, as an individual, has a material financial 5 interest. 6 Article 15 7 General Terms 8 15.1 CIO. Director of Internal Services/Chief Information Officer (CIO). 9 15.2 Modification. Except as provided in Article 6, "Termination and Suspension," this 10 Agreement may not be modified, and no waiver is effective, except by written agreement signed 11 by both parties. The Contractor acknowledges that County employees have no authority to 12 modify this Agreement except as expressly provided in this Agreement. 13 15.3 Non-Assignment. Neither party may assign its rights or delegate its obligations 14 under this Agreement without the prior written consent of the other party. 15 15.4 Governing Law. The laws of the State of California govern all matters arising from 16 or related to this Agreement. 17 15.5 Jurisdiction and Venue. This Agreement is signed and performed in Fresno 18 County, California. Contractor consents to California jurisdiction for actions arising from or 19 related to this Agreement, and, subject to the Government Claims Act, all such actions must be 20 brought and maintained in Fresno County. 21 15.6 Severability. If anything in this Agreement is found by a court of competent 22 jurisdiction to be unlawful or otherwise unenforceable, the balance of this Agreement remains in 23 effect, and the parties shall make best efforts to replace the unlawful or unenforceable part of 24 this Agreement with lawful and enforceable terms intended to accomplish the parties' original 25 intent. 26 15.7 Nondiscrimination. During the performance of this Agreement, the Contractor shall 27 not unlawfully discriminate against any employee or applicant for employment, or recipient of 28 services, because of race, religious creed, color, national origin, ancestry, physical disability, 17 1 mental disability, medical condition, genetic information, marital status, sex, gender, gender 2 identity, gender expression, age, sexual orientation, military status or veteran status pursuant to 3 all applicable State of California and federal statutes and regulation. 4 15.8 No Waiver. Payment, waiver, or discharge by the County of any liability or obligation 5 of the Contractor under this Agreement on any one or more occasions is not a waiver of 6 performance of any continuing or other obligation of the Contractor and does not prohibit 7 enforcement by the County of any obligation on any other occasion. 8 15.9 Entire Agreement. This Agreement, including its exhibits, is the entire agreement 9 between the Contractor and the County with respect to the subject matter of this Agreement, 10 and it supersedes all previous negotiations, proposals, commitments, writings, advertisements, 11 publications, and understandings of any nature unless those things are expressly included in 12 this Agreement. If there is any inconsistency between the terms of this Agreement without its 13 exhibits and the terms of the exhibits, then the inconsistency will be resolved by giving 14 precedence first to the terms of this Agreement without its exhibits, and then to the terms of the 15 exhibits. 16 15.10 No Third-Party Beneficiaries. This Agreement does not and is not intended to 17 create any rights or obligations for any person or entity except for the parties. 18 15.11 Authorized Signature. The Contractor represents and warrants to the County that: 19 (A) The Contractor is duly authorized and empowered to sign and perform its 20 obligations under this Agreement. 21 (B) The individual signing this Agreement on behalf of the Contractor is duly 22 authorized to do so and his or her signature on this Agreement legally binds the 23 Contractor to the terms of this Agreement. 24 15.12 Electronic Signatures. The parties agree that this Agreement may be executed by 25 electronic signature as provided in this section. 26 (A) An "electronic signature" means any symbol or process intended by an individual 27 signing this Agreement to represent their signature, including but not limited to (1) a 28 digital signature; (2) a faxed version of an original handwritten signature; or (3) an 18 1 electronically scanned and transmitted (for example by PDF document) version of an 2 original handwritten signature. 3 (B) Each electronic signature affixed or attached to this Agreement (1) is deemed 4 equivalent to a valid original handwritten signature of the person signing this Agreement 5 for all purposes, including but not limited to evidentiary proof in any administrative or 6 judicial proceeding, and (2) has the same force and effect as the valid original 7 handwritten signature of that person. 8 (C)The provisions of this section satisfy the requirements of Civil Code section 9 1633.5, subdivision (b), in the Uniform Electronic Transaction Act (Civil Code, Division 3, 10 Part 2, Title 2.5, beginning with section 1633.1). 11 (D) Each party using a digital signature represents that it has undertaken and 12 satisfied the requirements of Government Code section 16.5, subdivision (a), 13 paragraphs (1) through (5), and agrees that each other party may rely upon that 14 representation. 15 (E) This Agreement is not conditioned upon the parties conducting the transactions 16 under it by electronic means and either party may sign this Agreement with an original 17 handwritten signature. 18 15.13 Counterparts. This Agreement may be signed in counterparts, each of which is an 19 original, and all of which together constitute this Agreement. 20 Agent for Service of Process. The Contractor represents to the County that the 21 Contractor's agent for service of process in California, and that such agent's address for 22 receiving such service of process in California, which information the Contractor shall maintain 23 with the office of the California Secretary of State, is as follows: 24 1505 Corporation 25 C T Corporation System 26 11100 Nall Ave Overland Park, KS 66211 27 28 The Contractor further represents to the County that if the Contractor changes its agent for service of process in California, or the Contractor's agent for service of process in California 19 1 changes its address for receiving such service of process in California, which changed 2 information the Contractor shall maintain with the office of the California Secretary of State, the 3 Contractor shall give the County written notice thereof within five (5) calendar days thereof 4 pursuant to Article 5. 5 [SIGNATURE PAGE FOLLOWS] 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 20 I The parties are signing this Agreement on the date stated in the introductory clause. 2 NETSMART TECHNOLOGIES, INC. COUNTY OF FRESNO 3 7ofwhMcGovp��r v...�. 5 Joseph McGovern, EVP Nathan Magsig, Chairman of the Board of Supervisors of the County of Fresno 6 11100 Nall Avenue Overland Park, KS 66211 Attest: 7 Bernice E. Seidel Clerk of the Board of Supervisors 8 County of Fresno, State of California 9 B - �� v: 10 Deputy 11 For accounting use only: 12 Org No.: 56201500 Account No.: 7309 13 Fund No.: 0001 Subclass No.: 7309 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 21 Exhibit A — License Terms and Service Level Agreement 1 2 ADDITIONAL DEFINITIONS 3 4 1. Definitions. In addition to the terms defined elsewhere in this Agreement, the following 5 terms shall have the meanings specified: 6 Change Control Process means the process used by the Information Services Division 7 of COUNTY's Internal Services Department to inform COUNTY staff of new or updated 8 production use systems. 9 Confidential Information means all technical, financial and other information that is 10 disclosed by either party to the other, whether orally or in writing, any disputes, status reports, 11 scheduling updates, workflows, forms, reporting, the terms of this Agreement, pricing, Services, 12 Work Product, data (other than Protected Health Information which is protected in accordance 13 with the BAA), Documentation, all non-public information related to Contractor's products, 14 services and methodologies. "Confidential Information" does not include information (a) publicly 15 available through no breach of this Agreement; (b) rightfully acquired from a third party having a 16 bona fide right to disclose or make the same available; (c) independently developed or 17 previously known by a party; (d) Protected Communication; or that subject to Provisions 13.3 18 and 13.4 of the Agreement. 19 Data means all information collected, stored, processed or generated through Client's 20 use of the Software Services. 21 Documentation means the description and features of the Licensed Software and 22 Software Services as set forth on the Netsmart Wiki, which includes release notes. The 23 Netsmart Wiki can be accessed via the application or the NetsmartConnect support portal. 24 Products and Services — means the products and services made available to the County 25 pursuant to this Agreement, which may include Contractor Products and Services accessible for 26 use by the County on a subscription basis ("Software-as-a-Service" or "SaaS"), Contractor 27 professional services, content from any professional services or other required equipment 28 components or other required hardware, as specified in each Order or SOW. License is the license granted under this Agreement, and the rights and obligations that A-1 Exhibit A — License Terms and Service Level Agreement 1 it creates under the laws of the United States of America and the State of California, including 2 without limitation, copyright and intellectual property law. 3 Order or Statement of Work (SOW) means a written order, proposal, or purchase 4 document in which the Contractor agrees to provide and the County agrees to purchase specific 5 Contractor Products and Services. Statement of Work (SOW) means a written order, proposal, 6 or purchase document that is signed by both Parties and describes the Contractor Products and 7 Services to be provided and/or performed by the Contractor. Each Order or SOW shall describe 8 the Parties' performance obligations and any assumptions or contingencies associated with the 9 implementations of the Contractor Products and Services, as specified in each Order or SOW 10 placed hereunder. 11 Order Term means the then-current duration of performance identified on each Order or 12 SOW, for which the Contractor has committed to provide, and the County has committed to pay 13 for, Contractor Products and Services. 14 Problem or Defect means any failure of the Licensed Software or Software Services to 15 operate in substantial conformance with the Documentation. 16 Support means the ongoing support and maintenance services performed by the 17 Contractor related to the Contractor Products and Services as specified in each Order or SOW 18 placed between the Parties. 19 Support Services means the application maintenance and support services provided by 20 Contractor for the Software Services. 21 System refers to the System Software and System Documentation, collectively, including 22 all modifications and enhancements. 23 Svstem Documentation means the documentation relating to the System Software, 24 including all manuals, reports, brochures, sample runs, specifications, and other materials 25 provided by CONTRACTOR in connection with the System Software. 26 System Software is Contractors Products and Services provided and hosted by a 27 Contractor provided SaaS environment. System Software does not include operating system 28 software, or any other third-party software. System Software Maintenance and Support and Support means software hosting for A-2 Exhibit A — License Terms and Service Level Agreement 1 System Software, regular software updates to System Software, and support provided for 2 System Software in case of errors, mistakes, or other technical difficulties. 3 Work Product means any documentation, technique, methodologies, inventions, reports, 4 software, or procedures developed, conceived or introduced by Contractor during the course of 5 this Agreement, whether acting alone or in conjunction with County or its employees, Users or 6 others. Work Product does not include any Client Confidential Information or Data. 7 2. Warranties & Disclaimers. Contractor warrants that all services performed under this 8 Agreement will conform in all material aspects with the requirements of this Agreement and 9 their specifications. Contractor warrants that it takes all commercially reasonable precautions 10 that are standard in the industry, in California, to increase the likelihood of a successful 11 performance for the Contractor Products and Services. 12 Except as provided in herein provided, each Party hereby disclaims any and all other 13 warranties of any nature whatsoever whether oral and written, express or implied, including, 14 without limitation, the implied warranties of merchantability, title, non-infringement, and fitness 15 for a particular purpose. Contractor does not warrant that Contractor Products and Services will 16 meet County's requirements. 17 3. Project Deadlines. It is understood and agreed by both parties to this Agreement that if 18 all the work specified or indicated in the Order or SOW is not completed within the specified 19 time frames set forth in the Order or SOW, or within such time limits as extended, County may 20 elect to terminate without clause as discussed in section 6.3, provided however, nothing in this 21 Section A.9 limits any of County's remedies under this Agreement for Contractor's breach of 22 this Agreement. 23 4. Contractor's Project Coordinator. Upon execution of this Agreement, Contractor shall 24 appoint a Project Coordinator who will act as the primary contact person to interface with 25 County for the services discussed in this Agreement. 26 5. Documentation. Contractor shall provide to County access to on-line System 27 Documentation. Contractor shall update new on-line System Documentation corresponding to 28 all new Software Upgrades. All System Documentation is to be used by County only for the purposes identified within this Agreement. A-3 Exhibit A — License Terms and Service Level Agreement 1 6. Technical Information. Contractor will provide technical information to County. Such 2 information may cover areas regarding the software discussed in this Agreement, third party 3 software, and other matters considered relevant to County by Contractor. Technical information 4 will be provided at the discretion of Contractor but will not be unreasonably withheld. 5 7. RESERVED. 6 8. Adhere to Change Control Process. Contractor employs a procedure to implement 7 updates, upgrades, and version releases to a system that is in production use. This forum 8 allows Contractor to inform County of upcoming changes to a production system. Contractor 9 must inform County a minimum of one (1) week prior to any planned, non-emergency changes 10 so that the Change Control Process may be followed. 11 9. Storage and Sending. If any services specified in this Agreement are used to store 12 and/or send Confidential Information, Contractor must be notified in writing, in advance of the 13 storage or sending. Should County provide such notice, County must ensure that Confidential 14 Information is stored behind a secure interface and that Contractor Products and Services be 15 used only to notify people of updates to the information that can be accessed after 16 authentication against a secure interface managed by County. 17 10. Support Services. The following is a description of the Support Services to be 18 performed by Contractor during the time period in which the County is purchasing Support 19 Services. 20 a. Contractor will support and maintain the most current version of the Licensed Software 21 in substantial conformance with applicable Federal laws. County acknowledges and agrees 22 that, in the event County has chosen to utilize a less than current version of the Licensed 23 Software or has missed any mandatory upgrades, County will bring the Licensed Software up 24 to Contractor's then-current version in order for County to maintain compliance with applicable 25 Federal law. 26 b. Priority 1 issues must be called in directly to the Contractor Support department. 27 For all other concerns County can call or use Contractor's designated online support system to 28 log issues specifying a Problem or Defect in the Licensed Software. A-4 Exhibit A — License Terms and Service Level Agreement 1 c. If self-hosted, County will provide and maintain, at its expense, hardware and/or 2 software to allow Contractor to access County's system remotely. 3 d. Contractor will also provide County with: (a.) updates that are distributed without charge 4 to other similar clients which reflect modifications and incremental improvements made to the 5 Licensed Software by Netsmart; (b.) an opportunity to obtain enhancements to the Licensed 6 Software for which fees are imposed on the same terms as such enhancements are generally 7 made available to other clients. 8 e. Contractor will provide a toll-free problem reporting and support telephone line available 9 8:00 a.m. to 5:00 p.m., Central time Monday through Friday, exclusive of Federal holidays. 10 f. County agrees to grant Contractor access to the Licensed Software on County's 11 system(s) for the sole purpose of performing Contractor's obligations under this Agreement. 12 Netsmart will ensure all connectivity to Contractor's system is through a single point of 13 connectivity utility which audits Contractor' activity on County's system(s)when Contractor is 14 connected to County's system(s). These audit logs are retained for 90 days. 15 g. If reasonable analysis by Contractor indicates that a reported Problem or Defect is 16 caused by a problem related to hardware used by County, the hardware's system software, or 17 applicable software other than Licensed Software, or County's misuse or modification of the 18 Licensed Software, Contractor's responsibility will be limited to the correction of the portion, if 19 any, of the problem caused by a Problem or Defect in the Licensed Software. 20 h. If analysis by Contractor indicates that a reported problem is caused by a reproducible 21 Problem or Defect, Contractor will use commercially reasonable efforts to provide Support 22 Services in accordance with the following prioritization of reported problems: 23 24 Priority Definition 25 Priority 1: will be assigned when the Licensed Software or a 26 1 - material functional component thereof is non-operational as a result 27 Critical of a defect, in the production environment only, such as the 28 production system cannot be accessed or utilized in any capacity, a A-5 Exhibit A — License Terms and Service Level Agreement 1 direct patient safety issue is present, or a HIPAA compliance 2 violation as a result of a server incident or Netsmart application 3 defect. Best efforts will be made to correct Priority 1 problems, or to 4 provide a plan for such correction, within two (2) business days. 5 Notwithstanding the above, Netsmart will work continuously toward 6 resolution. 7 County's Commitment: 8 • This case Priority must be called in directly to the Netsmart Support department. 9 • County provides specific, detailed information required for 10 troubleshooting/investigation. • County provides appropriate staff and resources to sustain 11 continuous communication and work effort as required. • Without appropriate County resources, the case will be 12 downgraded to Priority 2 after three business days. 13 14 Priority 2: will be assigned to defects in the live production 15 environment that have a significant negative impact on daily 16 operations but do not cause a "System Down". A workaround may 17 be available and/or the capacity to maintain daily business 18 functionality. Commercially reasonable efforts will be made to 19 2 - correct Priority 2 problems, or to provide a plan for such correction, 20 High within five (5) business days. 21 County's Commitment: 22 • County provides specific, detailed information required for troubleshooting/investigation. 23 • County provides appropriate staff and resources to sustain continuous communication and work effort as required. 24 • Without appropriate County resources, the case will be downgraded to Priority 3 after six business days. 25 26 Priority 3: will be assigned for system defects that result in functions 3 - 27 that have no major impact on daily operations. An issue that allows Medium 28 the continuation of function, including issues in which a reasonable A-6 Exhibit A — License Terms and Service Level Agreement 1 workaround is available. Commercially reasonable efforts will be 2 made to correct Priority 3 problems, or to provide a plan for such 3 correction, within ten (10) business day. 4 County's Commitment: 5 • County provides specific, detailed information required for troubleshooting/investigation. 6 • County provides appropriate staff and resources to sustain 7 continuous communication and work effort as required. • Without appropriate County resources, the case will be 8 downgraded to Priority 4 after eleven (11) business days. 9 Priority 4: will be assigned to cosmetic defects that do not affect 10 system usability or non-defect related requests including, but not 11 limited to, system set up/configuration, training, functionality 12 questions, documentation, portal access, and upgrade requests. 13 Commercially reasonable efforts will be made to address Priority 4 14 4 - Low issues, or to provide a plan for such correction, within fifteen (15) 15 business day. 16 County's Commitment: 17 • County provides specific, detailed information required for 18 troubleshooting/investigation. 19 • County provides appropriate staff and resources to sustain continuous communication and work effort as required. 20 21 22 11. Downtime. Downtime shall be defined as System non-availability due to System 23 Software error, malfunction, or due to System Software Maintenance and Support activity other 24 than in accordance with the scheduling parameters set forth in this Agreement. Examples of 25 Downtime include, without limitation, County and public cannot access the System for reasons 26 within Contractor's Control or any functional Component of the System or Interference is not 27 available and is within Contractor's Control. County requires that there be no unscheduled 28 Downtime for routine System Software Maintenance and Support of the Application Software. County will accept occasional scheduled Downtime, not to exceed, four (4) hours, for significant A-7 Exhibit A — License Terms and Service Level Agreement 1 non-routine Updates and maintenance to be scheduled by Contractor. Routine System 2 Software Maintenance and Support includes such tasks as major System Software version 3 Updates. Contractor shall use its best efforts to keep scheduled Downtime for non-routine 4 maintenance to a minimum (99.9% up time guarantee). 5 12. Data Sources. Data uploaded into Contractor Products and Services must be 6 brought in from County sources (interactions with end users and opt-in contact lists). County 7 cannot upload purchased contact information into Contractor Products and Services without 8 Contractor' written permission and professional services support for list cleansing. Contractor 9 certifies that it will not sell, retain, use, or disclose any personal information provided by County 10 for any purpose other than retaining, using, or disclosing such personal information for the 11 specific purpose of performing the services outlined within this Agreement. 12 13. Passwords. Passwords are not transferable to any third party. County is 13 responsible for keeping all passwords secure and all use of the Contractor products and 14 services accessed through County's passwords. 15 14. County Feedback. County will provide feedback to Contractor with any 16 suggestion, enhancement, request, recommendation, correction or other feedback provided by 17 County relating to the use of the Contractor Products and Services. Contractor may use such 18 submissions as it deems appropriate in its sole discretion. 19 15. Third Party Disclaimer - Closed Captioning and Meeting Services. County 20 and Contractor may agree that a third party will provide closed captioning, transcription 21 services, or other meeting services under this Agreement. In such case, County expressly 22 understands that the third party is an independent contractor and not an agent or employee of 23 Contractor. Contractor is not liable for acts performed by such an independent third party. 24 25 16. Software Services License Terms. Contractor hereby grants County a non- 26 exclusive, royalty-free, non-transferable subscription license to use the Software Services only: 27 i. for County's internal business purposes and not to process the data of any other entity; 28 and A-8 Exhibit A — License Terms and Service Level Agreement 1 ii. to support the Scope of Use for the Software Services set forth on the applicable 2 Statements of Work. 3 4 License Rights. The license rights granted in this section may be exercised by County, its 5 employees and independent contractors (provided that such independent contractors are 6 not competitors of Contractor (each a "User"). County shall be responsible for each User(s) 7 compliance with the terms of this Agreement. 8 9 License Restrictions. Except as expressly stated in this Agreement, no other rights, 10 express, implied or otherwise, are granted to County and Contractor reserves all rights not 11 expressly granted herein. County will not permit the Software Services or Third Party 12 Products (i) to be disassembled or reverse engineered, (ii) to be sold, disclosed, leased, 13 subleased, lended or otherwise made available to others including third party hosting 14 providers, (iii) to be or attempted to be accessed, modified, make additions to or altered, (iv) 15 make any derivations, adaptations, or translations in whole or in part, (v) County shall not 16 transmit malware including but not limited to malicious codes, viruses, Trojan horses or 17 similar mechanisms, and/or (vi) to be used to develop functionally similar computer 18 software or to otherwise compete with Netsmart. No copies of the Software Services or 19 Third Party Products may be made by County without the prior written consent of 20 Contractor except for backup purposes in accordance with normal data processing 21 practices. County agrees to reproduce any copyright notices and/or other proprietary 22 legends, regardless of form, contained in, affixed to, or appearing on the Software Services 23 and Third Party Products. 24 25 Third Party Products. Third Party Products are licensed subject to the same restrictions as 26 are set forth in this Agreement. Third Party Products are also subject to and County agrees 27 to the pass through terms that apply to those Third Party Products at 28 https://www.ntst.com/lp/pass-through-terms. Notwithstanding the foregoing, nothing A-9 Exhibit A — License Terms and Service Level Agreement 1 contained in the third party pass through terms will diminish or replace Contractor's 2 obligations under the terms of this Agreement. 3 4 Software Title. The Software Services are proprietary to contractor and are based upon and 5 contain trade secrets and other Confidential Information. Contractor reserves title to the 6 Software Services and all other rights not expressly granted herein. 7 8 Scope of Use Audit. County acknowledges that Contractor has access to view County's 9 actual Scope of Use and will periodically verify County's actual Scope of Use of the 10 Software Services. Should this verification identify usage of the Software Services in 11 excess of the Scope of Use contracted for, County agrees to true-up the Scope of Use to 12 the current usage levels. 13 14 17. Product Descriptions. 15 Product Description 16 AMA CPT Code Subscription AMA CPT Code -American Medical Association CPT 17 Code Subscription - pricing based on Named Users 18 Red Hat Jboss Subscription Red Hat Jboss-Java Application for Self-Hosted Clients 19 Avatar CWS Maintenance 20 Avatar CWS -Clinician Workstation Maintenance Avatar HL7 Interface Avatar HL7- HL7 Interface that allows transferring 21 Maintenance data between Avatar and any other system that 22 supports HL7 Avatar POS Scanning 23 Maintenance Avatar POS-Scanning by Perceptive 24 Diagnosis Content on Diagnosis Content on Demand - Includes access to Demand Subscription the DSM-5 Library 25 Support Internal-Avatar- 26 Avatar Support Internal -Avatar- Maintenance Fee 27 Orchard Enterprise Lab Maintenance Support Orchard/Harvest- provides Labs with software, 28 services and support A-10 Exhibit B Compensation The Contractor will be compensated for Contractor's Products and Services under this Agreement as provided in this Exhibit B. The Contractor is not entitled to any compensation except as expressly provided in this Exhibit B. 1. Annual Maintenance and Support Fees Master Agreement Year 1 Year 2 Year 3 Year 4 Year 5 Payment Expenditures Terms AMA CPT Code $ $ $ $ $ Billed Annually Subscription 3,595.37 2,991.35 3,111.00 3,235.44 3,364.86 Red Hat Jboss $ $ $ $ $ Billed Annually Subscription 7,828.00 8,141.12 8,466.76 8,805.44 9,157.65 Avatar CWS $ $ $ $ $ Billed Annually Maintenance 6,850.07 7,124.07 7,409.03 7,705.39 8,013.61 Avatar HL7 Interface $ $ $ $ $ Billed Annually Maintenance 7,178.41 7,465.55 7,764.17 8,074.73 8,397.72 Avatar POS Scanning $ $ $ $ $ Billed Annually Maintenance 2,553.42 2,655.56 2,761.78 2,872.25 2,987.14 Diagnosis Content on $ $ $ $ Demand Subscription 9,726.45 $ 10,115.51 10,520.13 10,940.94 11,378.58 Billed Annually Support Internal- $ $ 108,633.13 $ $ $ Billed Annually Avatar-Avatar 104,454.94 112,978.46 117,497.60 122,197.50 Orchard Enterprise Lab Maintenance& 41,888.53 $ 43,564.08 45,306.64 47,118.90 49,003.66 Billed Annually Support Additional Services $300,000 as needed Total Per Year $ $ $ $ $ 484,075.19 190,690.37 198,317.98 206,250.70 214,500.73 Total Contract Amount for 5-year Term plus 10%buffer $ 1,423,218.00 B-1 Exhibit B 2. Additional Services. Additional services shall only be performed, and additional service fees shall only be paid to Contractor upon County's written request. Interfaces shall be negotiated at the time they are needed and shall be agreed upon by both parties in writing. In no event shall the total compensation paid by County to Contractor for Additional Services for the possible five (5) year term of this Agreement exceed $300,000. Any payment by County to Contractor for Additional Services is subject to the maximum compensation limits in Section 3.2 of this Agreement. 3. Annual Increases. Contractor agrees that it will not revise any recurring fees during the first year of this Agreement. Thereafter, any recurring fees will be increased annually at a rate of four percent (4%), again subject to Section 3.2. B-2 Exhibit C Self-Dealing Transaction Disclosure Form In order to conduct business with the County of Fresno ("County"), members of a contractor's board of directors ("County Contractor"), must disclose any self-dealing transactions that they are a party to while providing goods, performing services, or both for the County. A self-dealing transaction is defined below: "A self-dealing transaction means a transaction to which the corporation is a party and in which one or more of its directors has a material financial interest." The definition above will be used for purposes of completing this disclosure form. Instructions (1) Enter board member's name, job title (if applicable), and date this disclosure is being made. (2) Enter the board member's company/agency name and address. (3) Describe in detail the nature of the self-dealing transaction that is being disclosed to the County. At a minimum, include a description of the following: a. The name of the agency/company with which the corporation has the transaction; and b. The nature of the material financial interest in the Corporation's transaction that the board member has. (4) Describe in detail why the self-dealing transaction is appropriate based on applicable provisions of the Corporations Code. The form must be signed by the board member that is involved in the self-dealing transaction described in Sections (3) and (4). C-1 Exhibit C (1) Company Board Member Information: Name: Date: Job Title: (2) Company/Agency Name and Address: (3) Disclosure (Please describe the nature of the self-dealing transaction you are a party to) (4) Explain why this self-dealing transaction is consistent with the requirements of Corporations Code § 5233 (a) (5) Authorized Signature Signature: Date: C-2 Exhibit D Insurance Requirements 1. Required Policies Without limiting the County's right to obtain indemnification from the Contractor or any third parties, Contractor, at its sole expense, shall maintain in full force and effect the following insurance policies throughout the term of this Agreement. (A) Commercial General Liability. Commercial general liability insurance with limits of Two Million Dollars ($2,000,000) per occurrence and an annual aggregate of Four Million Dollars ($4,000,000). This policy must be issued on a per occurrence basis. Coverage must include products, completed operations, property damage, bodily injury, personal injury, and advertising injury. The Contractor shall obtain an endorsement to this policy naming the County of Fresno, its officers, agents, employees, and volunteers, individually and collectively, as additional insureds, but only insofar as the operations under this Agreement are concerned. Such coverage for additional insureds will apply as primary insurance and any other insurance, or self-insurance, maintained by the County is excess only and not contributing with insurance provided under the Contractor's policy. (B) Automobile Liability. Automobile liability insurance with limits of One Million Dollars ($1,000,000) per occurrence for bodily injury and for property damages. Coverage must include any auto used in connection with this Agreement. (C)Workers Compensation. Workers compensation insurance as required by the laws of the State of California with statutory limits. (D) Employer's Liability. Employer's liability insurance with limits of One Million Dollars ($1,000,000) per occurrence for bodily injury and for disease. (E) Technology Professional Liability (Errors and Omissions). Technology professional liability (errors and omissions) insurance with limits of Two Million Dollars ($2,000,000) per occurrence and in the aggregate. Coverage must encompass all of the Contractor's obligations under this Agreement, including but not limited to claims involving Cyber Risks. (F) Cyber Liability. Cyber liability insurance with limits of Two Million Dollars ($2,000,000) per occurrence. Coverage must include claims involving Cyber Risks. The cyber liability policy must be endorsed to cover the full replacement value of damage to, alteration of, loss of, or destruction of intangible property (including but not limited to information or data) that is in the care, custody, or control of the Contractor. Definition of Cyber Risks. "Cyber Risks" include but are not limited to (i) Security Breach, which may include Disclosure of Personal Information to an Unauthorized Third Party; (ii) data breach; (iii) breach of any of the Contractor's obligations under Article 11 of this Agreement; (iv) system failure; (v) data recovery; (vi)failure to timely disclose data breach or Security Breach; (vii)failure to comply with privacy policy; (viii) payment card liabilities and costs; (ix) infringement of intellectual property, including but not limited to infringement of copyright, trademark, and trade dress; (x) invasion of privacy, including release of private information; (xi) information theft; (xii) damage to or D-1 Exhibit D destruction or alteration of electronic information; (xiii) cyber extortion; (xiv) extortion related to the Contractor's obligations under this Agreement regarding electronic information, including Personal Information; (xv)fraudulent instruction; (xvi) funds transfer fraud; (xvii) telephone fraud; (xviii) network security; (xix) data breach response costs, including Security Breach response costs; (xx) regulatory fines and penalties related to the Contractor's obligations under this Agreement regarding electronic information, including Personal Information; and (xxi) credit monitoring expenses. 2. Additional Requirements (A) Verification of Coverage. Within 30 days after the Contractor signs this Agreement, and at any time during the term of this Agreement as requested by the County's Risk Manager or the County Administrative Office, the Contractor shall deliver, or cause its broker or producer to deliver, to the County Risk Manager, at 2220 Tulare Street, 16th Floor, Fresno, California 93721, or HRRiskManagement@fresnocountyca.gov, and by mail or email to the person identified to receive notices under this Agreement, certificates of insurance and endorsements for all of the coverages required under this Agreement. (i) Each insurance certificate must state that: (1) the insurance coverage has been obtained and is in full force; (2) the County, its officers, agents, employees, and volunteers are not responsible for any premiums on the policy; and (3) the Contractor has waived its right to recover from the County, its officers, agents, employees, and volunteers any amounts paid under any insurance policy required by this Agreement and that waiver does not invalidate the insurance policy. (ii) The commercial general liability insurance certificate must also state, and include an endorsement, that the County of Fresno, its officers, agents, employees, and volunteers, individually and collectively, are additional insureds insofar as the operations under this Agreement are concerned. The commercial general liability insurance certificate must also state that the coverage shall apply as primary insurance and any other insurance, or self-insurance, maintained by the County shall be excess only and not contributing with insurance provided under the Contractor's policy. (iii) The automobile liability insurance certificate must state that the policy covers any auto used in connection with this Agreement. (iv) The technology professional liability insurance certificate must also state that coverage encompasses all of the Contractor's obligations under this Agreement, including but not limited to claims involving Cyber Risks, as that term is defined in this Agreement. (v) The cyber liability insurance certificate must also state that it is endorsed, and include an endorsement, to cover the full replacement value of damage to, alteration of, loss of, or destruction of intangible property (including but not limited to information or data) that is in the care, custody, or control of the Contractor. D-2 Exhibit D (B) Acceptability of Insurers. All insurance policies required under this Agreement must be issued by admitted insurers licensed to do business in the State of California and possessing at all times during the term of this Agreement an A.M. Best, Inc. rating of no less than A: VI I. (C) Notice of Cancellation or Change. For each insurance policy required under this Agreement, the Contractor shall provide to the County, or ensure that the policy requires the insurer to provide to the County, written notice of any cancellation or change in the policy as required in this paragraph. For cancellation of the policy for nonpayment of premium, the Contractor shall, or shall cause the insurer to, provide written notice to the County not less than 10 days in advance of cancellation. For cancellation of the policy for any other reason, and for any other change to the policy, the Contractor shall, or shall cause the insurer to, provide written notice to the County not less than 30 days in advance of cancellation or change. The County in its sole discretion may determine that the failure of the Contractor or its insurer to timely provide a written notice required by this paragraph is a breach of this Agreement. (D)Waiver of Subrogation. The Contractor waives any right to recover from the County, its officers, agents, employees, and volunteers any amounts paid under the policy of worker's compensation insurance required by this Agreement. The Contractor is solely responsible to obtain any policy endorsement that may be necessary to accomplish that waiver, but the Contractor's waiver of subrogation under this paragraph is effective whether or not the Contractor obtains such an endorsement. (E) County's Remedy for Contractor's Failure to Maintain. If the Contractor fails to keep in effect at all times any insurance coverage required under this Agreement, the County may, in addition to any other remedies it may have, suspend or terminate this Agreement upon the occurrence of that failure, or purchase such insurance coverage, and charge the cost of that coverage to the Contractor. The County may offset such charges against any amounts owed by the County to the Contractor under this Agreement. (F) Subcontractors. The Contractor shall require and verify that all subcontractors used by the Contractor to provide services under this Agreement maintain insurance meeting all insurance requirements provided in this Agreement. This paragraph does not authorize the Contractor to provide services under this Agreement using subcontractors D-3 Exhibit E Data Security A. Definitions. Capitalized terms used in this Exhibit E have the meanings set forth in this section A. "Authorized Employees" means the Contractor's employees who have access to Personal Information. "Authorized Persons" means: (i) any and all Authorized Employees; and (ii) any and all of the Contractor's subcontractors, representatives, agents, outsourcers, and consultants, and providers of professional services to the Contractor, who have access to Personal Information and are bound by law or in writing by confidentiality obligations sufficient to protect Personal Information in accordance with the terms of this Exhibit E. "Director" means the County's Director of Internal Services-Chief Information Officer or his or her designee. "Disclose" or any derivative of that word means to disclose, release, transfer, disseminate, or otherwise provide access to or communicate all or any part of any Personal Information orally, in writing, or by electronic or any other means to any person. "Person" means any natural person, corporation, partnership, limited liability company, firm, or association. "Personal Information" means any and all information, including any data provided, or to which access is provided, to the Contractor by or upon the authorization of the County, including but not limited to vital records, that: (i) identifies, describes, or relates to, or is associated with, or is capable of being used to identify, describe, or relate to, or associate with, a person (including, without limitation, names, physical descriptions, signatures, addresses, telephone numbers, e-mail addresses, education, financial matters, employment history, and other unique identifiers, as well as statements made by or attributable to the person); (ii) is used or is capable of being used to authenticate a person (including, without limitation, employee identification numbers, government- issued identification numbers, passwords or personal identification numbers (PINs), financial account numbers, credit report information, answers to security questions, and other personal identifiers); or is personal information within the meaning of California Civil Code section 1798.3, E-1 Exhibit E subdivision (a), or 1798.80, subdivision (e). Personal Information does not include publicly available information that is lawfully made available to the general public from federal, state, or local government records. "Privacy Practices Complaint" means a complaint received by the County relating to the Contractor's (or any Authorized Person's) privacy practices, or alleging a Security Breach by Contractor. Such complaint shall have sufficient detail to enable the Contractor to promptly investigate and take remedial action under this Exhibit E. "Security Safeguards" means physical, technical, administrative or organizational security procedures and practices put in place by the Contractor(or any Authorized Persons)that relate to the protection of the security, confidentiality, value, or integrity of Personal Information. Security Safeguards shall satisfy the minimal requirements set forth in subsection C.(5) of this Exhibit E. "Security Breach" means (i) any negligent or willful act or omission by Contractor that compromises either the security, confidentiality, value, or integrity of any Personal Information or the Security Safeguards, or(ii) any unauthorized Use, Disclosure, or modification of, or any loss or destruction of, or any corruption of or damage to, any Personal Information caused by Contractor. "Use" or any derivative thereof means to receive, acquire, collect, apply, manipulate, employ, process, transmit, disseminate, access, store, disclose, or dispose of Personal Information. B. Standard of Care. (1)The Contractor acknowledges that, in the course of its engagement by the County under this Agreement, the Contractor, or any Authorized Persons, may Use Personal Information only as permitted in this Agreement. (2)The Contractor acknowledges that Personal Information is deemed to be confidential information of, or owned by, the County(or persons from whom the County receives or has received Personal Information) and is not confidential information of, or owned or by, the Contractor, or any Authorized Persons. The Contractor further acknowledges that all right, title, and interest in or to the Personal Information remains in the County (or persons from whom the County receives or has received Personal Information) regardless of the Contractor's, or any Authorized E-2 Exhibit E Person's, Use of that Personal Information. (3)The Contractor agrees and covenants in favor of the County that the Contractor shall make commercially reasonable efforts to: (i) keep and maintain all Personal Information in strict confidence, using such degree of care under this Subsection B as is reasonable and appropriate to avoid a Security Breach; (ii) Use Personal Information exclusively for the purposes for which the Personal Information is made accessible to the Contractor pursuant to the terms of this Exhibit E; (iii) not Use, Disclose, sell, rent, license, or otherwise make available Personal Information for the Contractor's own purposes or for the benefit of anyone other than the County, without the County's express prior written consent, which the County may give or withhold in its sole and absolute discretion; and (iv) not, directly or indirectly, Disclose Personal Information to any person (an "Unauthorized Third Party") other than Authorized Persons pursuant to this Agreement, without the Director's express prior written consent. Notwithstanding the foregoing paragraph, in any case in which the Contractor believes it, or any Authorized Person, is required to disclose Personal Information to government regulatory authorities, or pursuant to a legal proceeding, or otherwise as may be required by applicable law, the Contractor shall (a) immediately notify the County of the specific demand for, and legal authority for the disclosure, including providing the County with a copy of any notice, discovery demand, subpoena, or order, as applicable, received by the Contractor, or any Authorized Person, from any government regulatory authorities, or in relation to any legal proceeding, and (b) promptly notify the County before such Personal Information is offered by the Contractor for such disclosure so that the County may have sufficient time to obtain a court order or take any other action the County may deem necessary to protect the Personal Information from such disclosure, and the Contractor shall cooperate with the County to minimize the scope of such disclosure of such Personal Information. The Contractor may be liable to the County for the actions and omissions of Contractor related to any Unauthorized Third Party concerning its Use of such Personal Information during the performance of Services as if they were the Contractor's own actions and omissions. C. Information Security. E-3 Exhibit E (1)The Contractor covenants, represents and warrants to the County that the Contractor's Use of Personal Information under this Agreement does and shall at all times comply with all federal and state privacy and data protection laws, as well as all other applicable regulations and directives, including but not limited to California Civil Code, Division 3, Part 4, Title 1.81 (beginning with section 1798.80), and the Song-Beverly Credit Card Act of 1971 (California Civil Code, Division 3, Part 4, Title 1.3, beginning with section 1747). If the Contractor Uses credit, debit, or other payment cardholder information, the Contractor shall at all times under the term of the Agreement remain in compliance with the Payment Card Industry Data Security Standard ("PCI DSS") requirements, including remaining aware at all times of changes to the PCI DSS and promptly implementing and maintaining all procedures and practices as may be necessary to remain in compliance with the PCI DSS, in each case, at the Contractor's sole cost and expense. (2)The Contractor covenants, represents and warrants to the County that, as of the Effective Date, the Contractor has not received notice of any violation of any privacy or data protection laws, as well as any other applicable regulations or directives, and is not the subject of any pending legal action or investigation by, any government regulatory authority regarding same. (3)Without limiting the Contractor's obligations under subsection C.(1) of this Exhibit E, the Contractor's (or Authorized Person's) Security Safeguards shall be no less rigorous than accepted industry practices and, at a minimum, include the following: (i) limiting Use of Personal Information strictly to the Contractor's and Authorized Persons' technical and administrative personnel who are necessary for the Contractor's, or Authorized Persons', Use of the Personal Information pursuant to this Agreement; (ii) ensuring that all of the Contractor's connectivity to the County computing systems will only be through the County's security gateways and firewalls, and only through security procedures approved upon the express prior written consent of the Director; (iii)to the extent that they contain or provide access to Personal Information, (a) securing the Contractor's business facilities, data centers, paper files, servers, back-up systems and computing equipment, operating systems, and software applications, including, but not limited to, all mobile devices and other equipment, operating systems, and software applications with information storage capability; (b) employing adequate controls and data security measures with respect to the Contractor E-4 Exhibit E Facilities and Equipment), both internally and externally, to make commercially reasonable efforts to protect(1)the Personal Information from potential loss or misappropriation, or unauthorized Use, and (2)the County's operations from disruption and abuse; (c) having and maintaining network, device application, database and platform security; (d) maintaining authentication and access controls within media, computing equipment, operating systems, and software applications; and (e) installing and maintaining in all mobile, wireless, or handheld devices a secure internet connection, having continuously updated anti-virus software protection and a remote wipe feature always enabled, all of which is subject to express prior written consent of the Director; (iv) encrypting all Personal Information at advance encryption standards of Advanced Encryption Standards (AES) of 128 bit or higher(a)stored on any mobile devices, including but not limited to hard disks, portable storage devices, or remote installation, or(b)transmitted over public or wireless networks (the encrypted Personal Information must be subject to password or pass phrase, and be stored on a secure server and transferred by means of a Virtual Private Network(VPN) connection, or another type of secure connection, all of which is subject to express prior written consent of the Director); (v) strictly segregating Personal Information from all other information of the Contractor, including any Authorized Person, or anyone with whom the Contractor or any Authorized Person deals so that Personal Information is not commingled with any other types of information; (vi) having a patch management process including installation of all operating system/software vendor security patches; (vii) maintaining appropriate personnel security and integrity procedures and practices, including, but not limited to, conducting background checks of Authorized Employees consistent with applicable law; and (viii) providing appropriate privacy and information security training to Authorized Employees. (4) During the term of each Authorized Employee's employment by the Contractor, the Contractor shall cause such Authorized Employees to abide strictly by the Contractor's obligations under this Exhibit E. The Contractor further agrees that it shall maintain a disciplinary process to address any unauthorized Use of Personal Information by any Authorized Employees. (5)The Contractor shall, in a secure manner, backup daily, or more frequently if it is the Contractor's practice to do so more frequently, Personal Information received from the County, and E-5 Exhibit E the County shall have immediate, real time access, at all times, to such backups via a secure, remote access connection provided by the Contractor, through the Internet. (6)The Contractor shall provide the County with the name and contact information for each Authorized Employee (including such Authorized Employee's work shift, and at least one alternate Authorized Employee for each Authorized Employee during such work shift)who shall serve as the County's primary security contact with the Contractor and shall be available to assist the County as a contact in resolving the Contractor's and any Authorized Persons' obligations associated with a Security Breach or a Privacy Practices Complaint. D. Security Breach Procedures. (1) Promptly, and without undue delay, upon the Contractor's confirmation of a Security Breach, the Contractor shall (a) notify the Director of the Security Breach, such notice to be given first by telephone at the following telephone number, followed promptly by email at the following email address: (559) 600-5900/ incidents@fresnocountyca.gov (which telephone number and email address the County may update by providing notice to the Contractor), and (b) preserve all relevant evidence (and cause any affected Authorized Person to preserve all relevant evidence) relating to the Security Breach. The notification shall include, to the extent reasonably possible, the identification of each type and the extent of Personal Information that has been, or is reasonably believed to have been, breached, including but not limited to, compromised, or subjected to unauthorized Use, Disclosure, or modification, or any loss or destruction, corruption, or damage. (2) Immediately following the Contractor's notification to the County of a Security Breach, as provided pursuant to subsection D.(1) of this Exhibit E, the Parties shall coordinate with each other to investigate the Security Breach. The Contractor agrees to reasonably cooperate with the County, including, without limitation: (i) assisting the County in conducting any investigation; and (ii) making available all relevant records, logs, files, data reporting and other materials required to comply with applicable law, regulation, industry standards, or as otherwise reasonably required by the County. To that end, the Contractor shall, with respect to a Security Breach, be responsible, at its cost, for all notifications required by law and regulation, and the Contractor shall provide a written report of the investigation and reporting required to the Director within thirty (30) days after E-6 Exhibit E the Contractor's discovery of the Security Breach. (3)The County shall promptly notify the Contractor of the Director's knowledge, or reasonable belief, of any Privacy Practices Complaint, and upon the Contractor's receipt of notification thereof, the Contractor shall promptly address such Privacy Practices Complaint, including taking any corrective action under this Exhibit E, all at the Contractor's sole expense, in accordance with applicable privacy rights, laws, regulations and standards. In the event the Contractor discovers a Security Breach, the Contractor shall treat the Privacy Practices Complaint as a Security Breach. As reasonably practicable, the Contractor shall notify the County whether the matter is a Security Breach, or otherwise has been corrected and the manner of correction, or determined not to require corrective action and the reason therefor. (4)The Contractor shall take prompt corrective action to respond to and remedy any Security Breach and take reasonable mitigating actions, including but not limiting to, preventing any reoccurrence of the Security Breach and correcting any deficiency in Security Safeguards as a result of such incident, all at the Contractor's sole expense, in accordance with applicable privacy rights, laws, regulations and standards. The Contractor shall reimburse the County for all reasonable costs incurred by the lawful requirement of County in responding to, and mitigating damages caused by, any Security Breach, including all costs of the County incurred in relation to any litigation or other action described in subsection D. (4) of this Exhibit E. to the extent applicable: (1)the cost of providing affected individuals with credit monitoring services for a specific period not to exceed twelve (12) months, to the extent the incident could lead to a compromise of the data subject's credit or credit standing; (2) call center support for such affected individuals for a specific period not to exceed thirty(30) days; and (3)the cost of any measures required under applicable laws. E. Oversight of Security Compliance. (1)The Contractor shall have and maintain a written information security policy that specifies Security Safeguards appropriate to the size and complexity of the Contractor's operations and the nature and scope of its activities. (2)As of the Effective Date, Contractor's cloud environment is certified to meet SSAE-18 E-7 Exhibit E SOC2 requirements. Contractor annually conducts an SSAE-18 SOC-2 type II audit by an accredited independent third-party as validation of our data center control environment, providing assurance that administrative, physical, and technical controls are functioning effectively. Upon the County's written request, to confirm the Contractor's compliance with this Exhibit E, as well as any applicable laws, regulations and industry standards, the Contractor shall provide the County with a copy of the most current SSAE-18 report. In addition, the Contractor shall provide the County with the abridged results of any audit by or on behalf of the Contractor that assesses the effectiveness of the Contractor's information security program as relevant to the security and confidentiality of Personal Information Used by the Contractor or Authorized Persons during the course of this Agreement under this Exhibit E. (3)The Contractor shall ensure that all Authorized Persons who Use Personal Information agree to substantially similar restrictions and conditions in this Exhibit E. that apply to the Contractor with respect to such Personal Information by incorporating the relevant provisions of these provisions into a valid and binding written agreement between the Contractor and such Authorized Persons, or amending any written agreements to provide same. F. Return or Destruction of Personal Information. Upon the termination of this Agreement, the Contractor shall, and shall instruct all Authorized Persons to, promptly return to the County all Personal Information, whether in written, electronic or other form or media, in its possession or the possession of such Authorized Persons, in a machine readable form used by the County at the time of such return, or upon the express prior written consent of the Director, securely destroy all such Personal Information, and certify in writing to the County that such Personal Information have been returned to the County or disposed of securely, as applicable. If the Contractor is authorized to dispose of any such Personal Information, as provided in this Exhibit E, such certification shall state the date, time, and manner (including standard) of disposal and by whom, specifying the title of the individual. The Contractor shall comply with all reasonable directions provided by the Director with respect to the return or disposal of Personal Information and copies thereof. If return or disposal of such Personal Information or copies of Personal Information is not feasible, the Contractor shall notify the County E-8 Exhibit E accordingly, specifying the reason, and continue to extend the protections of this Exhibit E to all such Personal Information and copies of Personal Information. The Contractor shall not retain any copy of any Personal Information after returning or disposing of Personal Information as required by this section F. The Contractor's obligations under this section F survive the termination of this Agreement and apply to all Personal Information that the Contractor retains if return or disposal is not feasible and to all Personal Information that the Contractor may later discover. G. Equitable Relief. The Contractor acknowledges that any breach of its covenants or obligations set forth in this Exhibit E may cause the County irreparable harm for which monetary damages would not be adequate compensation and agrees that, in the event of such breach or threatened breach, the County is entitled to seek equitable relief, including a restraining order, injunctive relief, specific performance and any other relief that may be available from any court, in addition to any other remedy to which the County may be entitled at law or in equity. Such remedies shall not be deemed to be exclusive but shall be in addition to all other remedies available to the County at law or in equity or under this Agreement. H. Indemnification. Subject to Article 8 of this Agreement, the Contractor shall defend, indemnify and hold harmless the County, its officers, employees, and agents, (each, a "County Indemnitee")from and against any and all third party claims of infringement of intellectual property including, but not limited to infringement of copyright, trademark, and trade dress, invasion of privacy, information theft, and extortion, unauthorized Use, Disclosure, or modification of, or any loss or destruction of, or any corruption of or damage to, Personal Information, Security Breach response and remedy costs, credit monitoring expenses, forfeitures, losses, damages, liabilities, deficiencies, actions, judgments, interest, awards, fines, and penalties (including regulatory fines and penalties), costs or expenses of whatever kind, including attorney's fees and costs, the cost of enforcing any right to indemnification or defense under this Section and the cost of pursuing any insurance providers, arising out of or resulting from any third party claim or action against any COUNTY Indemnitee in relation to CONTRACTOR's, its officers, employees, or agents, or any Authorized Employee's or E-9 Exhibit E Authorized Person's, performance or failure to perform under this Section or arising out of or resulting from CONTRACTOR's failure to comply with any of its obligations under this section H. The provisions of this section H do not apply to the acts or omissions of the County. The provisions of this section H are cumulative to any other obligation of the Contractor to, defend, indemnify, or hold harmless any County Indemnity under this Agreement. The provisions of this section H shall survive the termination of this Agreement. I. Survival. The respective rights and obligations of the Contractor and the County as stated in this Exhibit E shall survive the termination of this Agreement. J. No Third Party Beneficiary. Nothing express or implied in the provisions of in this Exhibit E is intended to confer, nor shall anything herein confer, upon any person other than the County or the Contractor and their respective successors or assignees, any rights, remedies, obligations or liabilities whatsoever. L. No County Warranty. The parties acknowledge and agree that neither party makes any warranty or representation whether any Personal Information in the Contractor's (or any Authorized Person's) possession or control, or Use by the Contractor(or any Authorized Person), pursuant to the terms of this Agreement is or will be secure from unauthorized Use, or a Security Breach or Privacy Practices Complaint. E-10 Exhibit F Health Insurance Portability and Accountability Act (HIPAA) 1. The County is a "Covered Entity," and the Contractor is a "Business Associate," as these terms are defined by 45 CFR 160.103. In connection with providing services under the Agreement, the parties anticipate that the Contractor will create and/or receive Protected Health Information ("PHI") from or on behalf of the County. The parties enter into this Business Associate Agreement (BAA)to comply with the Business Associate requirements of HIPAA, to govern the use and disclosures of PHI under this Agreement. "HIPAA Rules" shall mean the Privacy, Security, Breach Notification, and Enforcement Rules at 45 CFR Parts 160 and 164. The parties to this Agreement shall be in strict conformance with all applicable federal and State of California laws and regulations, including, but not limited to California Welfare and Institutions Code sections 5328, 10850, and 14100.2 et seq.; 42 CFR 2; 42 CFR 431; California Civil Code section 56 et seq.; the Health Insurance Portability and Accountability Act of 1996, as amended ("HIPAA"), including, but not limited to, 45 CFR Parts160, 45 CFR 162, and 45 CFR 164; the Health Information Technology for Economic and Clinical Health Act ("HITECH") regarding the confidentiality and security of patient information, including, but not limited to 42 USC 17901 et seq.; and the Genetic Information Nondiscrimination Act ("GINA") of 2008 regarding the confidentiality of genetic information. Except as otherwise provided in this Agreement, the Contractor, as a business associate of the County, may use or disclose Protected Health Information ("PHI") to perform functions, activities or services for or on behalf of the County, as specified in this Agreement, provided that such use or disclosure shall not violate HIPAA Rules. The uses and disclosures of PHI may not be more expansive than those applicable to the County, as the "Covered Entity" under the HIPAA Rules, except as authorized for management, administrative or legal responsibilities of the Contractor. 2. The Contractor, including its subcontractors and employees, shall protect from unauthorized access, use, or disclosure of names and other identifying information, including genetic information, concerning persons receiving services pursuant to this Agreement, except where permitted in order to carry out data aggregation purposes for health care operations [45 CFR§§ 164.504(e)(2)(i), 164.504(e)(2)(ii)(A), and 164.504(e)(4)(i)]. This pertains to any and all persons receiving services pursuant to a County-funded program. This requirement applies to electronic PHI. The Contractor shall not use such identifying information or genetic information for any purpose other than carrying out the Contractor's obligations under this Agreement. 3. The Contractor, including its subcontractors and employees, shall not disclose any such identifying information or genetic information to any person or entity, except as otherwise specifically permitted by this Agreement, authorized by Subpart E of 45 CFR Part 164 or other law, required by the Secretary of the United States Department of Health and Human Services ("Secretary"), or authorized by the client/patient in writing. In using or disclosing PHI that is permitted by this Agreement or authorized by law, the Contractor shall make reasonable efforts to limit PHI to the minimum necessary to accomplish intended purpose of use, disclosure or request. 4. For purposes of the above sections, identifying information shall include, but not be limited to, name, identifying number, symbol, or other identifying particular assigned to the individual, such as fingerprint or voiceprint, or photograph. F-1 Exhibit F 5. For purposes of the above sections, genetic information shall include genetic tests of family members of an individual or individual(s), manifestation of disease or disorder of family members of an individual, or any request for or receipt of genetic services by individual or family members. Family member means a dependent or any person who is first, second, third, or fourth degree relative. 6. The Contractor shall provide access, at the request of the County, and in the time and manner reasonably designated by the County, to PHI in a designated record set(as defined in 45 CFR§ 164.501), to COUNTY in order to meet the requirements of 45 CFR § 164.524 regarding access by individuals to their PHI. PHI shall be provided in the form and format reasonably requested by the County. The Contractor shall make any amendment(s) to PHI in a designated record set at the request of the County, and in the time and manner designated by the County in accordance with 45 CFR § 164.526. The Contractor shall provide to the County, in a time and manner designated by the County, information collected in accordance with 45 CFR § 164.528, to permit the County to respond to a request by the individual for an accounting of disclosures of PHI in accordance with 45 CFR § 164.528. 7. The Contractor shall report to the County, in writing, any knowledge or reasonable belief that there has been unauthorized access, viewing, use, disclosure, security incident, or breach of unsecured PHI not permitted by this Agreement of which the Contractor becomes aware, immediately and without reasonable delay and in no case later than two (2) business days of discovery. Immediate notification shall be made to the County's Information Security Officer and Privacy Officer and the County's Department of Public Health ("DPH") HIPAA Representative, within two (2) business days of discovery. The notification shall include, to the extent possible, the identification of each individual whose unsecured PHI has been, or is reasonably believed to have been, accessed, acquired, used, disclosed, or breached. The Contractor shall take prompt corrective action to cure any deficiencies and any action pertaining to such unauthorized disclosure required by applicable federal and State laws and regulations. The Contractor shall investigate such breach and is responsible for all notifications required by law and regulation or deemed necessary by the County and shall provide a written report of the investigation and reporting required to the County's Information Security Officer and Privacy Officer and the County's DPH HIPAA Representative. For purposes of this BAA, "security incident" does not include trivial incidents that occur on a daily basis, such as scans, "pings", or unsuccessful attempts to penetrate computer networks or servers maintained by Business Associate. This written investigation and description of any reporting necessary shall be postmarked within the thirty (30) working days of the discovery of the breach to the addresses below: County of Fresno County of Fresno County of Fresno Department of Public Health Department of Public Health Department of Internal Services HIPAA Representative Privacy Officer Information Security Officer (559) 600-6439 (559) 600-6405 (559) 600-5800 P.O. Box 11867 P.O. Box 11867 333 Pontiac Way Fresno, California 93775 Fresno, California 93775 Clovis, California 93612 F-2 Exhibit F 8. The Contractor shall make its internal practices, books, and records relating to the use and disclosure of PHI received from the County, or created or received by the Contractor on behalf of the County, in compliance with Parts the HIPAA Rules. The Contractor shall make its internal practices, books, and records relating to the use and disclosure of PHI received from the County, or created or received by the Contractor on behalf of the County, available to the Secretary upon demand. The Contractor shall cooperate with the compliance and investigation reviews conducted by the Secretary. PHI access to the Secretary must be provided during the Contractor's normal business hours; however, upon exigent circumstances access at any time must be granted. Upon the Secretary's compliance or investigation review, if PHI is unavailable to the Contractor and in possession of a subcontractor of the Contractor, the Contractor must certify to the Secretary its efforts to obtain the information from the subcontractor. 9. Safeguards The Contractor shall implement administrative, physical, and technical safeguards as required by the HIPAA Security Rule, Subpart C of 45 CFR Part 164, that reasonably and appropriately protect the confidentiality, integrity, and availability of PHI, including electronic PHI, that it creates, receives, maintains or transmits on behalf of the County and to prevent unauthorized access, viewing, use, disclosure, or breach of PHI other than as provided for by this Agreement. The Contractor shall conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity and availability of electronic PHI. The Contractor shall develop and maintain a written information privacy and security program that includes administrative, technical and physical safeguards appropriate to the size and complexity of the Contractor's operations and the nature and scope of its activities. Upon the County's request, the Contractor shall provide the County with information concerning such safeguards. The Contractor shall implement strong access controls and other security safeguards and precautions in order to restrict logical and physical access to confidential, personal (e.g., PHI) or sensitive data to authorized users only. Said safeguards and precautions shall include the following administrative and technical password controls for all systems used to process or store confidential, personal, or sensitive data: A. Passwords must not be: (1) Shared or written down where they are accessible or recognizable by anyone else; such as taped to computer screens, stored under keyboards, or visible in a work area; (2) or (3) Stored in clear text B. Passwords must be: (1) Eight (8) characters or more in length; (2) Changed every ninety (90) days; (3) Changed immediately if revealed or compromised; and (4) Composed of characters from at least three (3) of the following four (4) groups from the standard keyboard: a) Upper case letters (A-Z); F-3 Exhibit F b) Lowercase letters (a-z); c) Arabic numerals (0 through 9); and d) Non-alphanumeric characters (punctuation symbols). The Contractor shall implement the following security controls on each workstation or portable computing device (e.g., laptop computer) containing confidential, personal, or sensitive data: 1. Network-based firewall and/or personal firewall; 2. Continuously updated anti-virus software; and 3. Patch management process including installation of all operating system/software vendor security patches. The Contractor shall utilize a commercial encryption solution that has received FIPS 140-2 validation to encrypt all confidential, personal, or sensitive data stored on portable electronic media (including, but not limited to, compact disks and thumb drives) and on portable computing devices (including, but not limited to, laptop and notebook computers). The Contractor shall not transmit confidential, personal, or sensitive data via e-mail or other internet transport protocol unless the data is encrypted by a solution that has been validated by the National Institute of Standards and Technology (NIST) as conforming to the Advanced Encryption Standard (AES) Algorithm. The Contractor must apply appropriate sanctions against its employees who fail to comply with these safeguards. The Contractor must adopt procedures for terminating access to PHI when employment of employee ends. 10. Mitigation of Harmful Effects The Contractor shall mitigate, to the extent practicable, any harmful effect that is suspected or known to the Contractor of an unauthorized access, viewing, use, disclosure, or breach of PHI by the Contractor or its subcontractors in violation of the requirements of these provisions. The Contractor must document suspected or known harmful effects and the outcome. 11. The Contractor's Subcontractors The Contractor shall ensure that any of its contractors, including subcontractors, if applicable, to whom the Contractor provides PHI received from or created or received by the Contractor on behalf of the County, agree to the substantially same restrictions, safeguards, and conditions that apply to the Contractor with respect to such PHI and to incorporate, when applicable, the relevant provisions of these provisions into each subcontract or sub-award to such agents or subcontractors. Nothing in this section 11 or this Exhibit F authorizes the Contractor to perform services under this Agreement using subcontractors unless otherwise agreed to by the parties. 12. Employee Training and Discipline The Contractor shall train and use reasonable measures to ensure compliance with the requirements of these provisions by employees who assist in the performance of functions or activities on behalf of the County under this Agreement and use or disclose PHI, and discipline such employees who intentionally violate any provisions of these provisions, which may include termination of employment. 13. Termination for Cause Upon the County's knowledge of a material breach of these provisions by the Contractor, the County will either: F-4 Exhibit F A. Provide an opportunity for the Contractor to cure the breach or end the violation, and the County may terminate this Agreement if the Contractor does not cure the breach or end the violation within the time specified by the County; or B. Immediately terminate this Agreement if the Contractor has breached a material term of this Exhibit F and cure is not possible, as determined by the County. C. If neither cure nor termination is feasible, the County's Privacy Officer will report the violation to the Secretary of the U.S. Department of Health and Human Services. 14. Judicial or Administrative Proceedings The County may terminate this Agreement if: (1) the Contractor is found guilty in a criminal proceeding for a violation of the HIPAA Privacy or Security Laws or the HITECH Act; or (2) there is a finding or stipulation in an administrative or civil proceeding in which the Contractor is a party that the Contractor has violated a privacy or security standard or requirement of the HITECH Act, HIPAA or other security or privacy laws. 15. Effect of Termination Upon termination or expiration of this Agreement for any reason, the Contractor shall return or destroy all PHI received from the County (or created or received by the Contractor on behalf of the County) that the Contractor still maintains in any form, and shall retain no copies of such PHI. If return or destruction of PHI is not feasible, the Contractor shall continue to extend the protections of these provisions to such information, and limit further use of such PHI to those purposes that make the return or destruction of such PHI infeasible. This provision applies to PHI that is in the possession of subcontractors or agents, if applicable, of the Contractor. If the Contractor destroys the PHI data, a certification of date and time of destruction shall be provided to the County by the Contractor. 16. Compliance with Other Laws 15.14 To the extent that other state and/or federal laws provide additional, stricter and/or more protective privacy and/or security protections to PHI or other confidential information covered under this BAA, the Contractor agrees to comply with the more protective of the privacy and security standards set forth in the applicable state or federal laws to the extent such standards provide a greater degree of protection and security than HIPAA Rules or are otherwise more favorable to the individual. 17. Disclaimer The County makes no warranty or representation that compliance by the Contractor with these provisions, the HITECH Act, or the HIPAA Rules, will be adequate or satisfactory for the Contractor's own purposes or that any information in the Contractor's possession or control, or transmitted or received by the Contractor, is or will be secure from unauthorized access, viewing, use, disclosure, or breach. The Contractor is solely responsible for all decisions made by the Contractor regarding the safeguarding of PHI. 18. Amendment The parties acknowledge that Federal and State laws relating to electronic data security and privacy are rapidly evolving and that amendment of this Exhibit F may be required to provide for procedures to ensure compliance with such developments. The parties specifically agree to take such action as is necessary to amend this agreement in order to implement the standards and requirements of the HIPAA Rules, the HITECH Act and other applicable laws relating to the security or privacy of PHI. The County may terminate this Agreement upon thirty F-5 Exhibit F (30) days written notice in the event that the Contractor does not enter into an amendment providing assurances regarding the safeguarding of PHI that the County in its sole discretion, deems sufficient to satisfy the standards and requirements of the HIPAA Rules, and the HITECH Act. 19. No Third-Party Beneficiaries Nothing expressed or implied in the provisions of this Exhibit F is intended to confer, and nothing in this Exhibit F does confer, upon any person other than the County or the Contractor and their respective successors or assignees, any rights, remedies, obligations or liabilities whatsoever. 20. Interpretation The provisions of this Exhibit F shall be interpreted as broadly as necessary to implement and comply with the HIPAA Rules, and applicable State laws. The parties agree that any ambiguity in the terms and conditions of these provisions shall be resolved in favor of a meaning that complies and is consistent with the HIPAA Rules. 21. Regulatory References A reference in the terms and conditions of these provisions to a section in the HIPAA Rules means the section as in effect or as amended. 22. Survival The respective rights and obligations of the Contractor as stated in this Exhibit F survive the termination or expiration of this Agreement. 23. No Waiver of Obligation Change, waiver or discharge by the County of any liability or obligation of the Contractor under this Exhibit F on any one or more occasions is not a waiver of performance of any continuing or other obligation of the Contractor and does not prohibit enforcement by the County of any obligation on any other occasion. F-6