HomeMy WebLinkAboutManiFest MedEx-Fresno County Community Information Exchange CIE_A-24-626.pdf COtj County of Fresno Hall of Records, Room 301
2281 Tulare Street
Fresno,California
601 Board of Supervisors 93721-2198
O� 1$56 0 Telephone: (559)600-3529
FRV,t' Minute Order Toll Free: 1-800-742-1011
www.fresnocountyca.gov
December 3, 2024
Present: 5- Supervisor Steve Brandau, Chairman Nathan Magsig,Vice Chairman Buddy Mendes,
Supervisor Brian Pacheco, and Supervisor Sal Quintero
Agenda No. 63. Public Health File ID: 24-1233
Re: Under Administrative Policy No. 34 for competitive bids or requests for proposals(AP 34), determine
that an exception to the competitive bidding requirement under AP 34 is satisfied and a sole source is
warranted due to unusual or extraordinary circumstances, and that the best interests of the County
would be served by entering into an agreement with Manifest MedEx as this contractor is the current
sole technical host of a Health Information Exchange platform used for Fresno County patient data
transmission; approve and authorize the Chairman to execute an Agreement with Manifest MedEx to
implement a Community Information Exchange platform for the utilization of data exchange among
varied partner data systems, effective January 1, 2025, not to exceed five consecutive years,which
includes a five-year base contract total of$8,600,000 and optional expansion services of$6,100,000,
total not to exceed $14,700,000; and authorize the County Administrative Officer or his designee(s),to
execute Amendment to Agreement to comply with the fulfillment of the Scope of Work,technical
specifications, and implementation phase requirements subject to approval by County Counsel as to
legal form,with no increase to the contract maximum; and to execute any future Business Associate
Agreements with future public agencies and affiliates; and any subsequent documents necessary to
implement the actions above,for a period not to exceed five years
APPROVED AS RECOMMENDED
Ayes: 5- Brandau, Magsig, Mendes, Pacheco, and Quintero
Agreement No. 24-626
County of Fresno Page 64
co
Board Agenda Item 63
O 1856 O
FRE`'�
DATE: December 3, 2024
TO: Board of Supervisors
SUBMITTED BY: David Luchini, RN, PHN, Director, Department of Public Health
SUBJECT: Agreement with Manifest MedEx for a Community Information Exchange
RECOMMENDED ACTION(S):
1. Under Administrative Policy No. 34 for competitive bids or requests for proposals (AP 34),
determine that an exception to the competitive bidding requirement under AP 34 is satisfied
and a sole source is warranted due to unusual or extraordinary circumstances, and that the
best interests of the County would be served by entering into an agreement with Manifest
MedEx as this contractor is the current sole technical host of a Health Information Exchange
platform used for Fresno County patient data transmission;
2. Approve and authorize the Chairman to execute an Agreement with Manifest MedEx to
implement a Community Information Exchange platform for the utilization of data exchange
among varied partner data systems, effective January 1, 2025, not to exceed five
consecutive years, which includes a five-year base contract total of$8,600,000 and optional
expansion services of$6,100,000, total not to exceed $14,700,000; and
3. Authorize the County Administrative Officer or his designee(s), to execute Amendment to
Agreement to comply with the fulfillment of the Scope of Work, technical specifications, and
implementation phase requirements subject to approval by County Counsel as to legal form,
with no increase to the contract maximum; and to execute any future Business Associate
Agreements with future public agencies and affiliates; and any subsequent documents
necessary to implement the actions above, for a period not to exceed five years.
There is no additional Net County Cost associated with the recommended actions. Approval of the
recommended actions will enable the Department of Public Health (DPH), the Department of
Behavioral Health (DBH) and the Department of Social Services (DSS) in the initial phases to more
efficiently access and exchange data with healthcare facilities and providers, and monitor, track, and
improve care coordination and outcomes data of Fresno County residents. The Fresno County
Community Information Exchange (CIE), formerly known as the Integrated Data Systems represents a
groundbreaking initiative aimed at revolutionizing data utilization to improve the well-being of Fresno
County residents. The recommended agreement will be partially funded with American Rescue Plan
Act - State Local Fiscal Recovery Funds (ARPA-SLFRF) up to $5,000,000, and CIE system
participants will fund ongoing annual maintenance costs $3,600,000. This item is countywide.
ALTERNATIVE ACTION(S):
Should your Board not approve the recommended actions, the DPH will not be able to utilize Manifest
County of Fresno Page 1 File Number:24-1233
File Number:24-1233
MedEx (MX) to begin the initial phase to more efficiently develop access and exchange data amongst
DBH and DSS, nor the future varied partners and providers, and monitor, track and improve care
coordination and outcomes data of Fresno County residents. Existing, manual, less efficient and less
comprehensive methods would continue to be utilized for these purposes.
SUSPENSION OF COMPETITION/SOLE SOURCE CONTRACT:
It is requested that the County find under AP 34 that an exception to the competitive bidding
requirement is satisfied, and a sole source is warranted due to unusual or extraordinary
circumstances, as MX is in a unique position to support the County as a technical host for the
provision of a CIE Platform because they are currently the provider of Health Information Exchange
services for all hospitals and some clinics in Fresno County. In addition, they are also the Health
Information Exchange for the Central Valley hospitals, Fresno County departments of Public Health
and Behavioral Health and this allows for more efficient care coordination across central valley
counties. Operating in this capacity has allowed MX to develop a greater understanding of the need
for having a platform designed to foster interoperability and seamless data exchange among varied
partner data systems to facilitate the coordination and provision of essential community resources
while also serving as a tool for analyzing health-related services and ensure coordination of care. The
existing infrastructure is a financial benefit to the County of Fresno in developing a CIE that will have
the capability to bridge into the existing infrastructure versus building new infrastructure that would
require new connection fees to the existing partners. The Internal Services Department- Purchasing
Division concurs with the Department's assessment that this satisfies the exception to the competitive
bidding process required by AP 34.
FISCAL IMPACT:
There is no increase in Net County Cost associated with the recommended actions. The
recommended agreement maximum compensation ($14,700,000)will be funded with ARPA-SLFRF
($5,000,000) and ongoing annual maintenance cost will be supported by participants utilizing the CIE
System. The Department of Public Health has requested funding from various stakeholders to
support future costs. County departments participating in the CIE will be requested to fund the ongoing
annual maintenance cost. Sufficient appropriations and estimated revenues are included in DPH Org
5620 FY 2024-25 Adopted Budget and will be included in future budget requests for the duration of
the term.
DISCUSSION:
On January 4, 2022, the Board approved Agreement No. 22-011 with Central Valley Health
Information Exchange (CVHIE) and MX for the provision of a Health Information Exchange (HIE)
system for patient data transmission for the Department of Public Health and Behavioral Health.
On May 21, 2024, the Board approved Amendment I to Agreement No. 22-011 with MX for the
provision of a HIE system as CVHIE had ceased operations.
The proposed recommended actions will support the Fresno County Community Information
Exchange (CIE), an innovative initiative aimed at modernizing data sharing methods to enable
seamless data exchange across different systems. MX's existing technology and database of the
local population enables highly efficient matching algorithms, which can expedite care coordination
with local providers and potentially leverage existing infrastructure. The vision of the CIE is to establish
County of Fresno Page 2 File Number.24-1233
File Number:24-1233
a data-driven, interconnected community in Fresno County, providing timely and effective support to
those in need. The mission is to facilitate data sharing across different sectors to enhance
communication and coordinated services for students and families in Fresno County. The CIE
initiative will enable the coordination and provision of essential community resources and serve as a
tool for analyzing health, social, and education-related services. MX, as the technical host, will provide
and manage a flexible platform for the CIE. This platform will be designed to promote interoperability
and seamless data exchange among diverse partner systems.
MX will oversee the integration and transformation of records-level data within a centralized, scalable
system manner, ensuring role-based access and field-level governance controls to protect privacy and
security for the users and their data. As the CIE expands, the technical host will play a crucial role in
accommodating new partners and data systems, thereby enhancing the platform's capabilities to
meet growing demands. The Technical Operational Plan (TOP) is a working document that parties
are utilizing and will be edited as the relationship continues.
Within the CIE initiative, there are two upcoming pilots, the Suicide Prevention and Home Visitation
projects are scheduled for phased development between 2024 and 2026. These initiatives are
strategically designed to generate immediate and tangible outcomes at the community level while
concurrently establishing foundational partnerships, governance structures, and technical infrastructure
to facilitate future expansion and broader impact.
The current policies for MX can be found at the following link:
https://www.manifestmedex.org/resources/. Please note that these policies are subject to change
from time to time. DPH drafted TOP (Attachment A) to guide the development process of the initial
phases. As other County departments onboard into the CIE the TOP will need to be adjusted to meet
their specific needs within the existing framework.
The approval of the proposed action No. 3 will allow the County Administrative Officer (CAO) or
designee to sign Health Insurance Portability and Accountability Act (HIPAA) Business Associate
Agreements (BAA) on behalf of your Board for future Participant Affiliates to exchange client data,
thereby creating another opportunity to identify and reach Fresno County residents in need of public
health programs and services. DPH is currently in discussion with two potential future Participant
Affiliates, Sanger Unified School District and Central Unified School District. Additionally, this will
allow the CAO to modify the scope, technical specifications, and implementation phases to ensure
that as other County departments are ready to connect to the system, their specific needs are met
while staying within the contract maximum.
The recommended agreement with MX varies from the County's model contract template as it is
drafted by MX. The agreement deviates from the standard County insurance provisions, in that it
includes mutual indemnification and limitation of liability insurance provisions. The recommended
agreement differs from the standard County language, in that it is for a five-year initial term with one
potential five-year extension. The proposed agreement specifies that a determination by your Board
on the extension will be made when there is twelve months remaining on the then-existing term of the
proposed agreement. The County in years 3-5 may not have sufficient funding for expansion into
additional phases, which could result in additional time required for completion.
The recommended agreement includes security requirements that are consistent with industry and
HIPAA standards. Within the County's infrastructure, access to data will be limited to specific
employees that require access to the data sets. Departments, in conjunction with MX, will monitor
County of Fresno Page 3 File Number.24-1233
File Number:24-1233
employee access into the system. Management of the CIE and employee access will conform to the
County's existing HIPAA Management Directives.
REFERENCE MATERIAL:
BAI #44, May 21, 2024
BAI #27, January 4, 2022
ATTACHMENTS INCLUDED AND/OR ON FILE:
Sole Source Acquisition Request
On file with Clerk -Agreement with Manifest MedEx
Attachment A- Technical Operation Plan (TOP)
CAO ANALYST:
Ron Alexander
County of Fresno Page 4 File Number.24-1233
COUP
Email Me]
r Sole Source Acquisition Request Double click!
FRES;
1. Fully describe the product(s) and/or service(s) being requested.
Manifest MedEx (MX) to provide the technology to support Fresno County's Community Information
Exchange (CIE). A flexible platform designed to foster interoperability and seamless data exchange
among data systems to facilitate the coordination and provision of essential community resources, a tool
for analyzing health-related services and ensure coordination of care.
2. Identify the selected vendor and contact person; include the address, phone number and e-mail address
for each.
Manifest MedEx
6001 Shellmound St. Suite 500
Emeryville, CA 94608
Contact: Mimi Hall E-mail:mimi.hall@manifestmedex.org
Phone: (530) 545-3004
3. What is the total cost of the acquisition? If an agreement, state the total cost of the initial term and the
amounts for potential renewal terms.
ARPA American Rescue Plan Act- State Local Fiscal Recovery Funds (ARPA-SLFRF) funding was
allocated at$5 million. The goal is to have a contract in place by December 2024. Contract finalization is
pending. The agreement will have an initial term of 5 years, with the option for a second 5-year term
subject to approval by the Board of Supervisors.
4. Identify the unique qualities and/or capabilities of the service(s) and/or product(s) that qualify this as a
sole source acquisition.
Manifest MedEx is the Department of Public Health's, contractor for Health Information Exchange (HIE)
services and they are also the provider of HIE services for all hospitals in the Central Valley (e.g. Kings,
Tulare, Fresno, previously Madera). Their information technology framework meets the privacy and
security requirements for HIPAA & HITECH and is deemed essential for the establishment of Fresno
County's CIE. Fresno County would need to build a system that meets these same requirements and
MX has the technology and population already in an existing system. The CIE will expedite
data sharing across sectors to allow for improved communication and coordinated services for the
Fresno County population. No other Information Exchange company in the United States has direct
access to the health data of Fresno County's population like MX.
5. Explain why the unique qualities and/or capabilities described above are essential to your department.
Its centralized and scalable system architecture will allow for the integration and transformation of
records-level data, all while upholding role-based access and field-level governance controls to
safeguard the privacy and security of partners and their data. The move towards modern data sharing
methods highlights the importance of seamless data exchange across different systems. Considering
Fresno County's need to develop a system that aligns with these same requirements, the existing
technology and population within MX system presents a prime opportunity. The
presence of Fresno County's population in their datasets facilitates highly efficient matching algorithms,
expediting care coordination with local providers. Furthermore, the establishment of data feeds has
already minimized implementation costs.
6. Provide a comprehensive explanation of the research done to verify that there is only a sole vendor that is
capable of providing the required service(s) and/or product(s). Include a list of all other vendors contacted
with regard to providing the requested product(s) and/or service(s) and indicate their response.
E-PD-047 (07/2021)
We contacted Electronic Health Network (EHN), whose focus is primarily on securing the exchange of
health information between healthcare entities.They facilitate the electronic sharing of patient data
between different healthcare entities, such as hospitals, clinics, and insurance companies. EHN currently
has a technology which is used for sharing behavioral health and substance use information among
diverse health care entities. Another company we contacted was Care Coordination Systems (CCS)
Health. CCS Health specializes in integrating healthcare and social services to improve community
health outcomes. They offer solutions to help organizations manage patient data, track progress, and
support care transition. They work with various entities, including Federally Qualified Health Centers
(FQHCs). Nevertheless, both CCS and EHN lack the direct access to health data of Fresno County
population as well as a lack in broader community focus as compared to MX. EHN and CCS may have
significant patient data, but they are not as extensive as MX in terms of coverage and the breadth of data
provided. MX is the largest nonprofit health data network in California. MX provides real-time access to
comprehensive health data, which is crucial for timely decision-making for patients especially in case of
an emergency. MX is the only data aggregator in California with National Committee for Quality
Assurance (NCQA) validated data which simplifies reporting and improves data accuracy. MX is the
provider of HIE services for all hospitals in the Central Valley, specifically Kings, Tulare, Fresno and
previously Madera. The Department has a current agreement with MX for Health Information Exchange
(HIE), Agreement 22-011. As Fresno County's current HIE, MX already has an established network and
infrastructure in place. Consequently, the prospect of leveraging existing infrastructure for the CIE, as
opposed to constructing an entirely new system represents a substantial cost saving for Fresno County.
Notably, no other Information Exchange company in the United States has direct access to the health
data of Fresno County's population like MX.
mapena 11/5/2024 10:51:03 AM [4 Sign] Double click!
Requested By: Title
I approve this request to sole source for the service(s) and/or product(s) identified herein.
dluchini 11/5/2024 11:12:16 AM [a Sign] Double click!
Department Head Signature
rblackburn 11/5/2024 11:50:42 AM [a Sign] Double click!
Purchasing Manager Signature
E-PD-047 (07/2021)
Docusign Envelope ID: 17CA6E55-28OD-4BEE-8D36-AE1E4B1DDOB1 Agreement No. 24-626
MANIFEST MEDEX
PARTICIPATION AGREEMENT
This Participation Agreement, (the"Agreement")by and between Manifest Medex,a California nonprofit
public benefit corporation("MX"), and County of Fresno, a political subdivision of the State of California
("Participant"), is entered into as of the date that the last Party executes the Agreement (the "Effective
Date"). MX and Participant are each a"Party"or collectively the"Parties."
WHEREAS, MX is organized to facilitate health information aggregation and sharing in a manner that
complies with Law;
WHEREAS, MX operates a health information exchange (the "HIE") that will enable its participants to
electronically provide and receive health information regarding their Patients (defined below); and
WHEREAS,Participant is a county government contracting on behalf of itself and its various departments
and Participant Affiliates (defined below). Each individual department or Participant Affiliate will be
assigned an entity type in Exhibit 3 for purposes of determining data contribution requirements. Participant
and Participant Affiliates will both provide data to and receive data from the HIE.
WHEREAS, Fresno County Board of Supervisors on January 24, 2023 authorized American Rescue Plan
Act State and Local Fiscal Recovery Funds to develop an Integrated Data Sharing System(IDSS).
WHEREAS,Participant is contracting with MX to develop a County Integrated Data System that can serve
Fresno County residents and its Participant Affiliates as a Community Information Exchange(CIE).
NOW, THEREFORE, the Parties agree as follows:
I. DEFINITIONS.
a. "Administrator" means one (1) or more individuals designated by Participant to: (a) designate
Participant's Authorized Users; and(b) fulfill other responsibilities specified in the Agreement on
behalf of Participant.
b. "API"means application programming interface.
c. American Rescue Plan Act State and Local Fiscal Recovery Funds (ARPA-SLFRF)" means the
consolidated 2021 bill found in H.R. 1319,Public Law 117-2".
d. "Authorized User" means an individual: (i) designated and authorized by an Administrator, in
accordance with the procedures set forth in the Agreement, to access and/or use the System and
Services on behalf of a Participant;and(ii)who is permitted under applicable Law to access and/or
use the System and Services.
e. "Business Associate Agreement" or `BAA" means the business associate agreement that is
executed by the Parties and attached to the Agreement.
f. "Calendar Quarter"means the three(3)months following the first day of January,April,July and
October.
g. "Community Information Exchange" or"CIE"means a community-focused infrastructure that
enables information to be effectively and responsibly shared among many organizations, using
different, interoperable technologies, in support of holistic coordination of care and equitable
systems change, as may be further defined in Exhibit 1 of this agreement.
1
Docusign Envelope ID: 17CA6E55-28OD-4BEE-8D36-AE1E4B1DDOB1
h. "Confidential Information" means (a) Information that identifies or is substantially likely to
identify an individual and that is exempt from disclosure under the provisions of the California
Public Records Act (Government Code Sections 6250-6265) or has restrictions on disclosure in
accordance with other applicable state or federal laws,including but not limited to WIC 10850. As
used in this Agreement Confidential data may include PHI, or Individually Identifiable Health
Information as defined in HIPAA, 45 CFR 160.103; or"Limited data set(LDS)" as defined in 45
CFR 164.514;or Personal Information(PI),as defined in California Civil Code,§§ 1798.3,1798.24
and 1798.29; or Personally Identifiable Information (PII), as defined in Social Security
Administration Information Exchange Agreement (SSA IEA); or Confidential Information as
defined by California Education Code§49600; and DHCS Business Associate Addendum(BAA);
(b) all electronic or physical security profiles, security assessments and security audit reports of
MX,Participant;
(c) all trade secrets, business plans, contracts, documents, data, and operational or management
agreements, whether written or verbal, that are confidential in nature and pertains or is related to
the Agreement; and
(d) all software, solutions, services and API keys of MX Vendor to which Participant gains access
by being a Party; provided, however, that Confidential Information shall not include information
that:
1. is publicly known at the time of disclosure;
2. is already known or obtained by any other Party other than in the course of the other Parry's
performance pursuant to its "participation agreement", and without breach of any
confidentiality, nondisclosure or other agreement by that other Party or in violation of
applicable Law;
3. is independently developed by any other Party;
4. becomes known from an independent source having the right to disclose that information and
without similar restrictions as to disclosure and use and without breach of this Agreement, or
any other confidentiality or nondisclosure agreement by that other Party; or
5. is Data.
i. "Data"means health information that: (a)is created or received by a Healthcare Provider or Health
Plan; (b) relates to: (i) past, present or future physical or mental health of a Patient, or (ii) the
provision of health care to a Patient; (c) identifies the Patient, or there is a reasonable basis to
believe the information can be used to identify the Patient(including Protected Health Information,
as that term is defined in HIPAA, and Medical Information, as that term is defined in the CMIA);
and(d) is made available to the System by a Data Contributor pursuant to the Agreement.
j. "Data Contributor"means a Person,including,but not limited to,Participant,,Vendors,and other
entities,that has entered into a written agreement with MX, either directly or indirectly,to provide
Data to MX.
k. "Data Submission Guidelines" or"DSG"means the guidelines for Participant to submit Data to
MX, as provided by MX to Participant from time to time.
1. "De-Identified Data"means data that satisfies the requirements of 45 C.F.R. § 164.514(b).
in. "Fees" means, collectively, the Subscription Fees, Implementation Fees, and any other fees paid
pursuant to this Agreement as set forth in Exhibit 1.
n. "Go-Live Date" means earlier of. (1) the date on which MX first notifies Participant that
Participant and/or that one or more of the Participant Affiliates has access to use the System,or(2)
one hundred eighty days (180) from the Effective Date.
2
Docusign Envelope ID: 17CA6E55-280D-4BEE-8D36-AE1E4B1DD081
o. "Health Plan"means a Person that either: (a)meets the definition of health plan in HIPAA; or(b)
provides core health plan administrative services (at a minimum: medical claims processing
services and provider network management services) to a health plan that meets the HIPAA
definition.
p. "Healthcare Data"means Data and/or De-Identified Data that is collected, created,maintained or
disclosed by MX.
q. Healthcare Provider"means Participant that either:(a)meets the definition of provider in HIPAA;
or (b) is a medical group (e.g., independent practice association) providing core administrative
services to a provider that meets the HIPAA definition.
r. "Law" means any federal or state law, statute, ordinance, rule, legally binding administrative
interpretation, regulation, order, judgment, or decree that is applicable to a Party or to another
Person identified in the Agreement. Law shall include, but is not limited to, Health Insurance
Portability and Accountability Act ("HIPAA") and related regulations; the Health Information
Technology for Economic and Clinical Health Act ("HITECH") and related regulations;and the
California Confidentiality of Medical Information Act("CMIA") and related regulations.
s. "Material Service Change"means either: (a)a material cessation or reduction in the functionality
or interfaces of the System; or(b)a reduction in the level of Services provided by MX.
t. "MX Vendor" means a Person with which MX has entered into a written agreement to provide
technology or other services in connection with providing Services or the System.
u. "NP Participant" means a Person other than Participant that has either (1) entered into a
"participation agreement"with MX to act as a Data Contributor and/or receive Data from MX but
is not a Party to this Agreement or(2)entered into an agreement with a health information network
or similar entity(such as eHealthExchange)that permits data exchange with MX.
v. "Participant Affiliate" means the entities identified in Exhibit 3. Exhibit 3 may be amended by
mutual written agreement, which shall include email, of Participant and MX without the need for
a formal amendment. Participant shall ensure that Participant Affiliates comply with the terms of
this Agreement applicable to Participant, including the Policies, except that only Participant will
be obligated to pay Fees or perform other duties specified herein which, by their context,clearly
apply only to Participant.
w. "Patient"means an individual whose Data is contributed to MX by a Data Contributor.
x. "Person" means an individual person, an entity, or a governmental organization or agency,
including health information exchanges,researchers,Participants,and/or an individual(s)who does
not participate in MX's HIE.
y. "Personnel"means a Person's employees, Authorized Users, accountants, attorneys, consultants,
directors, agents, representatives, subcontractors and subcontractors' employees that provide,
access,receive or use any part of the System or the Services.
z. "Policies"mean the privacy policies, security policies and/or procedural requirements adopted by
MX and made available to Participant, as amended by MX from time to time. The current version
of the Policies can be found at https://www.manifestinedex.org/resources/.
aa. "Protected Health Information" or"PHI"has the meaning ascribed in 45 C.F.R. § 164.103.
bb. "Services"means all services provided by MX pursuant to the Agreement.
cc. "System"means the HIE and its related technology and Services.
II. SERVICES.
3
Docusign Envelope ID: 17CA6E55-28OD-4BEE-8D36-AE1E4B1DDOB1
a. Services. MX shall provide the System and Services as set forth in Exhibit 1. Fees, if applicable,
for such services are set forth in Exhibit 1 and payable in accordance with Section VI of this
Agreement.
b. HITRUST. MX will use commercially reasonable efforts to maintain (i) its HITRUST CSF
Certification in accordance with HITRUST standards, and/or (ii) other industry-standard security
certification as may be appropriate at a future date.
III. MUTUAL RIGHTS AND RESPONSIBILITIES;RELATIONSHIP BETWEEN THE PARTIES
a. Compliance with Law and Safety. Each Party and its Personnel shall perform their duties and
exercise their rights under the Agreement in compliance with Law. Each Party and its Personnel
shall always consider Patient safety in taking any action under the Agreement.
b. To the extent required by law and applicable to the Services being provided, MX shall adhere to
all ARPA requirements, and provide required documentation in compliance with ARPA Federal
Terms and Conditions (FTC), including those identified in Exhibit 5, attached hereto and by this
reference incorporated herein. The Parties acknowledge and agree that MX does not participate in
SAM and is not being awarded any funds thereunder.
c. Policies. MX and Participant and their respective Personnel shall each comply with the Policies,
which is incorporated into and is part of the Agreement.
d. Independent Contractors. Each Party is and shall at all times be an independent contractor of the
other,and not an employee,agent,partner of,or joint venture with the other. Except as specifically
allowed by the Agreement, neither Party has any right or authority to assume or create any
obligation of any kind, express or implied, on behalf of the other Party.
IV. PARTICIPANT RIGHTS AND RESPONSIBILITIES.
a. Policies. Participant,including,Personnel and Authorized Users,shall at all times comply with the
Policies.
b. Restricted Use, Security, and Access.
1. Participant shall:
i. Restrict access to and use of the System and Services to Participant and its Authorized
Users;
ii. Only permit Authorized Users to access or use the System and the passwords and/or the
user names applicable to the System;
iii. Prevent all Persons(other than Authorized Users)from accessing and/or using the System;
iv. Implement security measures with respect to the System and safeguard Data as required by
the Agreement;
v. Together with its Authorized Users,use reasonable professional judgment in its use of the
Healthcare Data and its application of the Healthcare Data to perform actions in connection
with treatment,payment, or healthcare operations, as defined by HIPAA;
vi. Together with its Authorized Users,use reasonable professional judgment in its use of the
healthcare, social services, educational, and other data elements, if and as permitted by
Law and the Policies,to evaluate effectiveness of service delivery and conduct population
health analysis;
vii. Develop, maintain and comply with written requirements that govern Participant's and
Authorized Users' access to Systems and use of protected health information. Those
written requirements must be consistent with the Agreement and shall be provided to MX
upon request; and
4
Docusign Envelope ID: 17CA6E55-280D-4BEE-8D36-AE1E4B1D DOB 1
viii.Notify MX immediately of any suspected or actual access to or use of the System or Data
other than as permitted by this Agreement.
2. Participant shall not inhibit an NP Participant's access to the System or Patient Data.
c. Training. Participant shall,to the reasonable satisfaction of MX, educate and train its Authorized
Users regarding the requirements of the Agreement,including the Policies and privacy and security
protocols.
d. Participant Expenses. Participant is solely responsible for all charges and expenses Participant
incurs to (1) access and use the System and Services and/or (2) meet Data Contribution
Requirements.
e. Trademarks. Participant and its Personnel shall: (i)maintain MX's and MX Vendor's trademarks,
service marks, and copyright legends; and (ii)not violate Ma's and/or MX Vendor's trademarks,
service marks, copyright legends and/or any other intellectual property rights. Participant will be
liable for the acts of third-party service providers engaged by Participant who violate these
proprietary rights or applicable Law.
V. DATA.
a. Data Contribution. Participant shall (1) contribute Data to MX regularly and promptly, and
consistent with the Data Submission Guidelines, after receiving such Data from Participant's
sources and (2) maintain its connection to the System and facilitate access to the Data, each as
required by"Exhibit 2 "Data Contribution Requirements",the Policies, and this Agreement.
b. Data Quality. Participant shall use reasonable and appropriate efforts to ensure that all Healthcare
Data provided by Participant and/or Personnel to MX is accurate with respect to each Patient. Each
Party shall use reasonable and appropriate efforts to assure that its Personnel do not inappropriately
alter or corrupt the Data received by or transmitted from that Party.
c. Notice of Data Inaccuracy. Each Party shall promptly notify the other Party of any known
inaccuracy in the Data provided to the other Party through the System.
d. Participant Access to System. MX grants to Participant, and Participant accepts, a non-exclusive,
personal,nontransferable,limited right to access and use the System under the terms and conditions
set forth in the Agreement. Participant's right is conditioned on Participant fully complying with
the Agreement. Participant does not have any other right to access the System unless otherwise
expressly granted by the Agreement.
e. Participant Use of Data. When accessing or using Data pursuant to the Agreement,Participant and
Authorized Users may access and/or use Data to perform any activities Participant is allowed to
perform under the Agreement(including the Policies).Notwithstanding any other provision of the
Agreement,if Participant or an Authorized User accesses any Data that it is not permitted to access
under the Agreement at the time of that access, then Participant: (i) will be in breach of the
Agreement, (ii) will not have or obtain any right to that Data, and(iii) must immediately return or
destroy that Data.
f. MX Use of Data. Subject to the limitations on use of Healthcare Data set forth in the Policies,
Participant grants to MX a fully-paid, non-exclusive, non-transferable, royalty-free right and
license: (a) to license and/or otherwise permit Persons to access through the System and/or to
receive from the System all Healthcare Data provided by Participant; (b) to use Healthcare Data
provided by Participant to perform any activities MX is allowed to perform under the Agreement
(including the Policies ); and(c)to use Healthcare Data provided by Participant to carry out MX's
duties under the Agreement,including,but not limited to,system administration,testing and audits,
provision of services,problem identification and resolution and management of the System. MX's
5
Docusign Envelope ID: 17CA6E55-28OD-4BEE-8D36-AE1E4B1DDOB1
rights under this Section V.f shall continue for as long as MX holds or controls Participant's
Healthcare Data.
g. Availability of Data. MX makes no representation or warranty regarding the availability through
the System of Data related to or originating from any particular Data Contributor.
h. Related Parties.If Participant physician practice is a member of an Accountable Care Organization
("ACO"), Management Services Organization ("MSO") or Independent Physician Association
("IPA")that is an MX Participant,then physician expressly grants MX permission to receive PHI
from and to send PHI to the ACO, MSO or IPA on behalf of the Participant. Participant further
agrees to notify MX in writing within thirty(30) days, if the Participant terminates its relationship
with the ACO,MSO or IPA.
VI. FEES.
a. Fees. Participant shall pay the Fees set forth in Exhibit 1 of this Agreement, subject to change as
set forth in Section VI.f below.
b. Payment Timing. Participant agrees to pay MX upon receipt of each invoice, and agrees further to
pay a one-and-one-half percent(1.5%)per month service charge on all undisputed invoices that are
not paid within forty-five (45) days of receipt of the applicable invoice.
c. Disputed Fees. Notwithstanding the foregoing, if Participant disputes any charges or amounts on
any invoice, and such dispute cannot be resolved promptly through good faith discussions between
Participant and MX, then Participant will pay upon receipt the amount of the invoice less the
disputed amount,provided that Participant shall diligently proceed to work with MX to resolve any
such disputed amount. Any sums withheld pursuant to this paragraph shall not accrue service
charges,but if the contested invoice is later determined to be valid in amount,Participant shall pay
the amount withheld consistent with Section VI.FEES, (b)upon the date of receipt of the revised
invoice or agreed upon date from the Participant of the disputed original invoice.
d. Taxes. All Fees will be paid exclusive of all federal, state,municipal or other government excise,
sales,use,occupational or like taxes now in force or enacted in the future.Participant shall pay any
tax (excluding taxes on MX's net income) that MX may be required to collect or pay due to the
sale or delivery of items and services provided to Participant pursuant to the Agreement.MX will
not deliver the System or Services to Participant in tangible form. Notwithstanding the foregoing:
(a) the Parties do not anticipate that any sales or use taxes will be payable with respect to the
Services or other deliverables provided hereunder(except for any taxes that become payable as the
result of any change in applicable Law); and (b) if possible, MX shall not deliver tangible copies
of any software or other deliverables in a manner that would cause taxes to become payable.
e. Effect of Failure to Pay. In the event that any invoice is not timely paid as provided herein, MX
may, in addition to any other right or remedy that it may have under this Agreement or at law,
suspend Participant's use of the System and/or Services if MX has not received payment in full
within ten(10) days of MX's written demand therefore.
f. Change to Subscription Fees. MX may add or change Fees charged for the Services under this
Agreement by providing Participant at least one hundred and eighty(180)days'prior written notice
of such changes (the "Fee Notice"); provided that Participant may terminate the Agreement by
providing MX written notice of such intent pursuant to Section VII.b.
g. Invoice Submission.MX shall submit invoices to the following address:
Mailing Address for Purposes of Invoices:
County of Fresno
Department of Public Health
1221 Fulton Mall
6
Docusign Envelope ID: 17CA6E55-28OD-4BEE-8D36-AE1E4B1DDOB1
Fresno, CA 93721
Email: dphboap@fresnocountyca.6ov
VII. DISCLOSURE OF SELF-DEALING TRANSACTIONS.
a. Applicability.If MX is operating as a corporation,or changes its status to operate as a corporation.
b. Duty to Disclose. If any member of MX's board of directors is party to a Self-Dealing Transaction,
MX shall request that such director disclose the transaction by completing and signing a "Self-
Dealing Transaction Disclosure Form"(Exhibit 6 to this Agreement)or other appropriate form and
submitting it to Participant within a reasonable timeframe following the transaction.
c. For purposes of this section,"Self-dealing transaction"means a transaction to which MX is a party
and in which one or more of its directors,as an individual,has a material financial interest.
VIII. TERM,TERMINATION,AND SUSPENSION.
a. Term. The Agreement is effective on the Effective Date and shall remain in effect until terminated
as set forth below.
1. Initial Term of the Agreement. The initial term of this Agreement shall be five (5) years
beginning January 1,2025 and ending December 31,2029.Unless the term of this Agreement
is renewed pursuant to the provisions for renewal set forth in Section VIII. a.2.
2. Renewal Provision.At its sole discretion,the Fresno County Board of Supervisors may extend
the granted term with MX for one (1) successive and separate five (5) year period; provided,
however,that MX may decline such extension. No less than twelve-months (12)months prior
to the expiration of the contract term.MX may petition the Participant,in writing,for a five(5)
year extension.Participant's decision to grant an extension will consider,but not be limited to,
how well MX has adhered to phase completion and compliance with the requirements set forth
in Exhibit 1.
b. Termination by Participant. Participant may terminate the Agreement at any time,with or without
cause, and without penalty, after delivering thirty(30) days'prior written notice to MX.
c. Termination by MX may exercise any of the following termination rights.
1. Privacy and Security. MX may in its sole discretion terminate user access to the System at any
time if MX determines in its sole discretion that Participant user(s) actions and/or continued
participation in MX would,or is reasonably likely to, endanger the privacy or security of Data
or otherwise result in a breach of the Agreement that is reasonably likely to harm MX . MX
shall deliver notice of this termination for user access to the system to Participant in no case
more than ten(10)business days prior to terminating user access to the System.
2. Uncured Breach. MX may terminate the Agreement if Participant breaches the Agreement and
that breach continues uncured for a period of thirty (30) days after MX has delivered written
notice of that breach to Participant. MX's notice of breach shall include a description of the
breach.
3. Without Cause. MX may terminate the Agreement at any time, with or without cause, and
without penalty,after delivering ninety(90) days' prior written notice to Participant.
d. Failure to Comply with Law. Either Party may terminate the Agreement by providing thirty (30)
days' written notice to the other Party that: (a)identifies the Law that is(or will be)violated by the
Agreement;and(b)explains why the Agreement will not comply with Law. After a Party receives
that notice,both Parties shall cooperate in good faith during the next thirty(30) days to amend the
Agreement so that it complies with the identified Law. If the Parties do not execute a written
7
Docusign Envelope ID: 17CA6E55-28OD-4BEE-8D36-AE1E4B1DDOB1
amendment to the Agreement within the thirty (30) days, then either Party may terminate the
Agreement by delivering a five (5) days' written termination notice to the other Party. If the Law
is already in effect and violated by the Parties or the Agreement,then either Party may immediately
suspend all or part of its performance under the Agreement that is illegal while the Parties attempt
in good faith to modify the Agreement to cure that violation of Law.
e. Effects of Termination.
1. Data. Upon any termination of the Agreement, Participant shall have no continued right to
receive or duty to provide Data, or to receive the Services. Upon any termination, the Parties
will comply with the provisions of the BAA as it pertains to PHI. If Participant has provided
Data to MX, the Parties acknowledge and agree that such Data has been merged with MX's
and/or data and, accordingly, it is infeasible to destroy, delete or return that Data. MX shall
protect such Data as it protects all other Data in its possession. To the extent that either Party
possesses Data from the other Party, each Party shall protect that Data as it protects all other
Data in its possession,but is not required to destroy,delete or return that Data upon termination.
2. Fees.If Participant has pre-paid to MX any Subscription Fees that have not yet been earned by
MX as of the date of termination,MX shall repay to Participant those unearned Fees.
f. Suspension. In the event that MX determines in good faith that Participant(or any of its Personnel
or Authorized Users)ceases to be compliant with the Agreement,including the Policies,MX may,
in its discretion:(i)provide written notice to Participant of such non-compliance(ii)suspend access
to the System and/or Services to Participant (but may still provide read-only access if reasonably
necessary for Patient safety, at MX's reasonable discretion); and/or (iii) work with Participant to
bring Participant(and its Personnel and Authorized Users)back into compliance. Notwithstanding
the foregoing, MX retains the right to immediately suspend access to the System and Services, in
its sole discretion, in the event that MX determines there to be (i) a Patient safety concem; (ii) a
violation or potential violation of Law; (iii) a risk to the privacy or security of Data; or(iv)access
and/or use of the System by unauthorized Persons. Participant's access to the System shall be
restored when MX, in its sole discretion, determines that the initial cause for the suspension has
been cured.
IX. CONFIDENTIAL INFORMATION&COMMUNICATION.
a. Nondisclosure. If a Party comes into possession of Confidential Information of or regarding the
other Party, MX Vendor, a Party's vendor or an , the Party shall: (a) keep and maintain in strict
confidence all such Confidential Information; (b) not use, reproduce, distribute or disclose that
Confidential Information except as permitted by the Agreement; and (c) prevent the Party's
Personnel from making any use, reproduction, distribution, or disclosure of the Confidential
Information that is not allowed by the Agreement.
b. Equitable Remedies. All Confidential Information represents a unique intellectual property of the
Person who owns that Confidential Information,and such Person will be entitled to equitable relief
and any other remedies available by Law.
c. Notice of Disclosure. A Party may disclose Confidential Information if that Party is legally
compelled to make that disclosure;provided that the Party promptly provides the other Party with
notice thereof by the earlier of: five(5)calendar days after receiving the request to disclose from
a Person, or three(3)business days before that disclosure will be made by the Party.
d. Media Releases.Notwithstanding any other provision of the Agreement,MX may publicly identify
Participant as a participant in MX and may include the name,address,logo,and a brief description
of Participant on its website or in any other materials developed by MX. Participant grants MX a
royalty free license to use Participant's name and logo for the foregoing.
8
Docusign Envelope ID: 17CA6E55-28OD-4BEE-8D36-AE1E4B1DDOB1
X. REPRESENTATIONS AND WARRANTIES.
a. Exclusion from Government Programs. Each Party represents and warrants that it and its Personnel
have not: (a) been listed by any federal or state agency as excluded, debarred, suspended or
otherwise ineligible to participate in federal and/or state programs; or (b) been convicted of any
crime relating to any federal and/or state reimbursement program.
b. Limited Warranties. Participant's access to the System, use of the Services, and receipt of Data
from MX are provided"as is"and"as available"; and(b)MX does not make any representation or
warranty of any kind regarding the System or Services,expressed or implied,including the implied
warranties of merchantability, fitness for a particular purpose, and non-infringement.MX does not
warrant that the System will meet Participant's requirements or that it will operate without
interruption or be error free.
c. Authorization and Compliance. Participant covenants, represents, and warrants that Participant
(and each Participant Affiliate) has all necessary authority: to enter into this Agreement,to grant
the rights granted herein, and to send and receive the Data exchanged under this Agreement.
XI. INSURANCE; INDEMNIFICATION;LIMITATION OF LIABILITY.
a. Insurance.
1. MX Insurance Requirements. During the Term, MX shall obtain and maintain the following
insurance coverage or self-insure in the following amounts:
i. Commercial general liability insurance in the amount of at least five million dollars
($5,000,000) per occurrence and at least ten million dollars ($10,000,000) in the annual
aggregate;
ii. Coverage must include any auto used in connection with this Agreement.
iii. Workers Compensation. Workers compensation insurance as required by the laws of the
State of California with statutory limits.
iv. Comprehensive professional liability (errors and omissions) insurance covering the
liability for financial loss due to error, omission or negligence of MX in the amount of at
least five million dollars ($5,000,000) per occurrence and at least ten million dollars
($10,000,000) in the annual aggregate; and
v. Network security liability insurance and privacy liability insurance in the amount of at least
ten million dollars ($10,000,000) per occurrence and at least ten million dollars
($10,000,000)in the annual aggregate.
2. Additional Requirements
i. Verification of Coverage. Within 30 days after MX signs this Agreement, and at any time
during the term of this Agreement, but no more than once per year without cause, as
requested by the County's Risk Manager or the County Administrative Office, MX shall
deliver, or cause its broker or producer to deliver,to the County of Fresno, Department of
Public Health, P.O. Box 11867, Fresno, CA 93775, Attention: Contracts Section — 6th
Floor, or email, DPHContracts@fresnocountyca.gov, certificates of insurance and
endorsements for all of the coverages required under this Agreement.
ii. Each insurance certificate must state that: (1)the insurance coverage has been obtained and
is in full force; (2) Participant, its officers, agents, employees, and volunteers are not
responsible for any premiums on the policy; and (3) MX has waived its right to recover
from Participant, its officers, agents, employees, and volunteers any amounts paid under
9
Docusign Envelope ID: 17CA6E55-28OD-4BEE-8D36-AE1E4B1DDOB1
any insurance policy required by this Agreement and that waiver does not invalidate the
insurance policy.
iii. The commercial general liability insurance certificate must also state, and include an
endorsement, that Participant, its officers, and agents, individually and collectively, are
additional insureds insofar as the operations under this Agreement are concerned. The
commercial general liability insurance certificate must also state that the coverage shall
apply as primary insurance and any other insurance, or self-insurance, maintained by
Participant shall be excess only and not contributing with insurance provided under MX's
policy.
iv. The professional liability insurance certificate,if it is a claims-made policy,must also state
the retroactive date of the policy,which must be prior to the date on which services began
under this Agreement.
v. Acceptability of Insurers. All insurance policies required under this Agreement must be
issued by admitted insurers licensed to do business in the State of California.
vi. Participant's Remedy for Contractor's Failure to Maintain. If MX fails to keep in effect at
all times any insurance coverage required under this Agreement, Participant may, in
addition to any other remedies it may have, suspend or terminate this Agreement upon the
occurrence of that failure.
2. Participant and Business Associate Insurance Requirements. During the Term,Participant and
any Business Associate of Participant that accesses the System shall each obtain and maintain
the following insurance coverage or self-insure in the following amounts:
i. Commercial general liability insurance in the amount commonly carried by a Person of the
same commercial size and in the same line of business as Participant, but in any event at
least one million dollars($1,000,000)per occurrence and two million dollars($2,000,000)
in the annual aggregate; and
ii. Comprehensive professional liability or errors and omissions(E&O)insurance of the type
and in the amount commonly carried by a Person of the same commercial size and in the
same line of business as Participant, but in any event at least one million dollars
($1,000,000)per occurrence and three million dollars($3,000,000)in the annual aggregate.
3. General Requirements.
i. If either Party purchases"claims made"insurance,all acts and omissions of that Party shall
be, during the Term, "continually covered" (i.e., there must be insurance coverage
commencing on the Effective Date and ending no earlier than three (3) years after
termination of the Agreement.
ii. Each Party shall purchase"tail insurance"if its coverage lapses,or"nose insurance"and/or
"tail insurance" if that Party changes insurance carriers, even after termination of the
Agreement.
iii. All insurance coverage required by this Section XI shall be provided under valid and
enforceable policies issued by insurance companies legally authorized to do business in
California.
iv. Upon request of a Party,the other Party shall provide certificates of insurance evidencing
the coverage that the other Party is required to obtain and maintain.
b. Limitation of Liability.
10
Docusign Envelope ID: 17CA6E55-280D-4BEE-8D36-AE1E4131DD0131
1. Except as otherwise provided in this Agreement, all remedies provided for in this Agreement
shall be cumulative and in addition to and not in lieu of any other remedies available at law or
in equity. EXCEPT WITH RESPECT TO INDEMNIFICATION
OBLIGATIONS,NEITHER PARTY SHALL, IN ANY EVENT, BE LIABLE TO THE
OTHER PARTY OR TO ANY THIRD PARTY FOR ANY INDIRECT,CONSEQUENTIAL,
INCIDENTAL, SPECIAL, EXEMPLARY,LOST PROFITS OR SIMILAR DAMAGES,
ARISING OUT OF OR IN ANY WAY RELATED TO THIS AGREEMENT,EVEN IF SUCH
PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH LOSS OR
DAMAGE. Each Party shall use all reasonable efforts to mitigate damages for which the other
Party is responsible.
2. The aggregate personal liability of each Party(including,in the aggregate,its officers,directors
and Personnel)to the other Party under this Agreement will be limited to the greater of: (i)the
aggregate insurance policy limits then available to the Party with respect to such claim, or(ii)
one million($1,000,000.)dollars.
3. Notwithstanding anything to the contrary in the Agreement, the limitations of liability in
Sections XI.b.I and XI.b.2 a shall not apply to any claims arising out of or relating to either
Party's: (i) grossly negligent or willful breach of the Agreement, or (ii) indemnification
obligations.
c. MX Liability. Notwithstanding any other provision,MX has no responsibility for and will not be
liable to Participant for: (a)the accuracy,completeness,currency,content or delivery of Healthcare
Data or other Data; (b) any decision or action taken or not taken by Participant or any other Person
involving Patient care, utilization management, or quality management that is in any way related
to the use of the System, Services, or Healthcare Data; (c)any impairment of the privacy,security,
confidentiality, integrity, availability of, and/or restructured use of any Healthcare Data resulting
from the acts or omissions of Participant,any, health information organization that contracts with
MX to share health data through their respective systems, or organization that represents a
community of payers and/or providers for purposes of exchanging Data between them; (d)
unauthorized access to the Participant's transmission facilities or equipment by individuals or
entities using the System or for unauthorized access to, or alteration, theft, or destruction of the
participant's data files, programs, procedures, or information through the System, whether by
accident, fraudulent means or devices, or any other method; and (e) any damages occasioned by
lost or corrupt data, incorrect reports, or incorrect data files resulting from programming error,
operator error, equipment or software malfunctions, or the use of third-party software. Participant
and its Personnel shall have no recourse against, and each does waive any claims against,MX for
any loss, damage,claim, or cost relating to or resulting from its own use of the System,Healthcare
Data and/or the Services.
d. Reliance on Data. The Participant is solely responsible for any and all acts or omissions taken or
made in reliance on the System, Healthcare Data and/or other information received from MX,
including inaccurate or incomplete information.
e. Indemnification.
1. Mutual Indemnification.Except to the extent arising from the negligence or willful misconduct
of the Indemnified Party (defined below), each Party (the "Indemnifying Party") shall
indemnify, defend, and hold harmless the other Party (the "Indemnified Party") from and
against all claims,demands,actions,suits,damages,liabilities,losses,settlements,judgements,
and costs and expenses (including but not limited to reasonable attorney's fees and
costs)("Claim")arising from, or in connection with, or based on allegations of third-party
claimants of any claims for any breach of this Agreement or violation of applicable Law by the
Indemnifying Party.
11
Docusign Envelope ID: 17CA6E55-28OD-4BEE-8D36-AE1 E4B1 DDOB1
2. Indemnification Procedures. The Indemnifying Party shall be entitled, at its option,to control
the defense of and settlement of any Claim on which it is liable,provided that the Indemnifying
Party shall act reasonably and in good faith with respect to all matters relating to the settlement
or disposition of the Claim as the disposition of the claim relates to the Indemnified Party. The
Indemnified Parties will reasonably cooperate in the investigation, defense and settlement of
any Claim and shall provide prompt notice of any such Claim or reasonably expected Claim to
the Indemnifying Party. An Indemnified Party shall have the right to retain its own separate
legal counsel at its own expense.
3. Failure to Defend or Settle. If the Indemnifying Party fails or wrongfully refuses to defend or
settle any Claims, then the Indemnified Party will, upon written notice to the Indemnifying
Party,have the right to defend or settle(and control the defense of)such Claims. In such case,
the Indemnifying Party will cooperate, at its own expense, with the Indemnified Party and its
counsel in the defense and settlement of such Claims, and will pay, as they become due, all
costs, damages, and reasonable legal fees incurred therefore.
XII. MISCELLANEOUS TERMS.
a. Governing Law. The validity,construction and enforcement of this Agreement shall be determined
in accordance with the laws of the State of California, without reference to its conflicts of laws
principles. All Disputes (defined below) not resolved pursuant to Section XII.h below will be
adjudicated in the state and federal courts located in Fresno, California and each Party hereby
consents to the personal jurisdiction of such courts.
b. Amendment and Material Service Change.
1. Amendment.Any modification or amendment to the Agreement must be in writing and signed
by the Parties, except that the Policies, DSG, Fees, and Material Service Changes may be
modified as set forth in the Agreement. The County Administrative Officer or his designee(s),
is authorized to execute Amendments to this Agreement to comply with the fulfillment of the
Services, Term, Termination, and other relevant requirements subject to approval by
Participant's legal counsel as to legal form; and to execute any future Business Associate
Agreement and any subsequent documents necessary to implement the actions above, for a
period not to exceed five years and any extension period.
2. Material Service Change.MX may in its sole discretion implement a Material Service Change
after providing at least ninety (90) days prior written notice of the change to Participant.
Following a Material Service Change not acceptable to Participant,Participant may terminate
the Agreement pursuant to Section VIII.b.
3. Policies and DSG Revision. MX may in its sole discretion modify or otherwise revise the
Policies and/or DSG after providing at least ninety(90)days prior written notice of any material
revision to Participant before the material revision is effective. If the Policy and/or DSG
revision is not acceptable to Participant, Participant may terminate the Agreement pursuant to
Section VIII.b.
4. Required Revision. Notwithstanding any other provision in the Agreement, if a revision to
the Policies, Terms and/or DSG is required, in the reasonable judgment of MX, to be made
for the continued technological functioning of the HIE or for compliance with Law, Na may
unilaterally implement that revision and may shorten any requirement for prior notice set forth
in the Agreement to that time period which MX reasonably determines appropriate under the
circumstances.
c. Notices. Except as otherwise provided in this Agreement,notices required to be given pursuant to
this Agreement shall be addressed to the appropriate Party as provided below, or at such other
address as the receiving Party may designate in writing, and shall be effective: (i) on the date of
12
Docusign Envelope ID: 17CA6E55-28OD-4BEE-8D36-AE1E4B1DDOB1
delivery if given in writing and hand delivered;(ii)on the date received,if sent by overnight courier
with written proof of receipt, or by First Class United States Mail with postage prepaid and return
receipt received; or (iii) the date sent by electronic mail so long as the sending Party does not
receive a message in return that the electronic message is undeliverable. Refusal to accept delivery
will be deemed receipt. A Party may change its notice address for purposes of this Agreement by
giving written notice to the other Party.
If to Participant: Company: Fresno County Department of Public Health
Attn: David Luchini,Director
Address: 1221 Fulton St.,Fresno, CA 93721
E-Mail: dluchini@fresnocountyca.gov
If to MX: Manifest MedEx
Attn: Chief Executive Officer
3993 Jurupa Ave, Suite 102
Riverside, CA 92506
Email: legal@manifestmedex.org
d. Assignment. Neither Party may assign the Agreement or any of the Party's rights,interests,duties
or obligations under the Agreement, by operation of law or otherwise, without the prior written
consent of the other Party,which consent may be given,conditioned or withheld in the other Party's
sole discretion, except that (a) either Party may assign the Agreement in whole or in part to an
affiliate or to a successor in interest, and (b) consent shall not be necessary in the context of an
acquisition, merger or change of control involving either Party. Any attempted assignment or
transfer in violation of the foregoing will be null and void.
e. Availability of Records. For four(4) years after any termination of the Agreement, the Secretary
of the U.S. Department of Health and Human Services ("Secretary"),the Comptroller General of
the United States("Comptroller General")and/or their designee will have access to all books and
records of MX directly pertaining to the subject matter of the Agreement, in accordance with the
criteria developed by the U.S. Department of Health and Human Services as provided in Section
952 of the Omnibus Reconciliation Act of 1980, 42 U.S.C. §1395x(v)(1)(A), et seq. ("OBRA").
During those four years, upon request of the Secretary, the Comptroller General and/or their
designee, MX shall make available (at reasonable times)the Agreement and all books, documents
and records of MX that are necessary to verify the nature and extent of the costs of Services
provided by MX under the Agreement. Notwithstanding the foregoing, access to MX's books,
records and documents will be discontinued and become null and void upon a finding by a court or
quasi-judicial body of competent jurisdiction that the Agreement is outside the scope of the
regulatory or statutory definition of those agreements included within the purview of Section 952
of OBRA or the rules and regulations promulgated thereunder.
f. Federal Reporting Requirements. For four (4) years after any termination of the Agreement, MX
shall maintain its books, documents and records showing the nature and extent of the cost of
Services furnished under the Agreement in compliance with Section 1861(v)(1)(I) of the Social
Security Act and as set forth in Exhibit 5. If requested, MX shall grant access thereto to the
Secretary,the Comptroller General and/or their designee.
g. Audit Rights. Each Party shall permit the other Party to access, inspect, and audit such data and
records for the purpose of verifying fees, adherence to access requirements, or compliance with
other terms and conditions of this Agreement. Any such inspection or audit may be performed
following reasonable prior written notice, but not more often than once in any twelve (12)month
13
Docusign Envelope ID: 17CA6E55-280D-4BEE-8D36-AE1E4B1DDOB1
period. The auditing Party will pay all of its own expenses incurred as a result of conducting any
such inspection or audit.
h. Disputes. In the event of any Claim or disagreement related to the Agreement(a"Dispute"),the
Parties shall:
1. Dispute Notice. A Party alleging a Dispute shall send written notice of the Dispute and the
Party's position regarding the Dispute(the"Dispute Notice")to the other Party and any other
Person that the Parry believes is involved in the Dispute. The Dispute Notice shall propose a
time and place for all involved Persons to meet and confer regarding the dispute.
2. Meet and Confer. Within twenty (20) days of a Party sending a Dispute Notice, the Parties
shall meet and confer in good faith regarding the Dispute. Other Persons interested in the
Dispute shall be invited to the conference,but the conference shall be held at the earliest date
on which the Parties can attend(regardless of the attendance of other interested Persons). The
Meet and Confer shall be considered a settlement negotiation for the purpose of all Laws,
including California Evidence Code § 1152.
3. Injunction. Notwithstanding anything to the contrary, any Party may immediately file suit in
any court as that Party deems necessary to protect Confidential Information or Data.
i. Representation by Counsel; Interpretation.Each Party has been represented by counsel in
connection with this Agreement or has had an opportunity to be so represented. Both parties
expressly waive any claim that ambiguities in this Agreement should be interpreted against the
other Party due to the other Party drafting the language.
j. Entire Agreement. The Agreement is the entire understanding of the Parties regarding its subject
matter, and supersedes all prior written or oral understandings, promises, representations and
discussions between them with respect the subject matter of the Agreement.
k. Force Majeure. Neither Party shall be liable or deemed in default for failure to fulfill any
obligation under this Agreement due to causes beyond its reasonable control, provided that the
Party uses good faith efforts to perform its duties. Such causes or conditions shall include,but shall
not be limited to,acts of God or of the public enemy,acts of the government in either its sovereign
or contractual capacity, fires, floods,epidemics, quarantine restrictions, strikes, shortages of labor
or materials, freight embargoes, unusually severe weather, electrical power failures,
telecommunication or internet backbone outages, failure of an internet access provider or other
similar causes beyond the Parties' control, and neither Party shall be liable for losses, expenses or
damages, ordinary, special or consequential,resulting directly or indirectly from such causes.
1. Severability. If any provision of the Agreement or the application of any provision, in whole or in
part, is determined to be invalid, void, illegal or unenforceable by an arbitrator or a court of
competent jurisdiction and such provision can be severed without substantially changing the
bargain reached by the Parries, such provision or part of such provision shall be severed from the
Agreement, and such severance shall have no effect upon the enforceability, performance or
obligations of the remainder of the Agreement.
in. Survival. Provisions of the Agreement shall survive any termination or expiration of the Agreement
when evident by the context of the provision and/or when specifically identified as surviving.
n. Third-Party Beneficiary. No Person other than the Parties will have any right under or due to the
Agreement, and no Person will be a third-party beneficiary of the Agreement.
o. Waiver. No delay or omission by a Party to exercise a right or power it has under the Agreement
shall be construed as a waiver of that right or power. A waiver by any Party of any breach of the
Agreement shall not be construed to be consent to, waiver of, or excuse for any subsequent or
different breach. All waivers must be in writing and signed by the Parties.
14
Docusign Envelope ID: 17CA6E55-28OD-4BEE-SD36-AE1E4B1DDOB1
p. Conflicts. If the BAA conflicts with any other part of this Agreement(including the Policies),the
BAA shall prevail. If the Policies conflict with any other part of this Agreement(except the BAA),
the Policies shall prevail. If the terms of any other Exhibit conflict with those of this Agreement,
this Agreement shall prevail.
THE TERMS AND CONDITIONS CONTAINED IN THIS AGREEMENT, INCLUDING ANY
EXHIBITS,ATTACHMENTS, OR SCHEDULES HERETO ARE PART OF THIS AGREEMENT AND
INCORPORATED HEREIN BY REFERENCE. BY SIGNING THIS AGREEMENT, PARTICIPANT
ACKNOWLEDGES HAVING READ AND UNDERSTOOD THIS AGREEMENT, INCLUDING ALL
TERMS AND CONDITIONS. PARTICIPANT AND MX ACKNOWLEDGE AND AGREE TO BE
BOUND BY THE TERMS HEREOF.
Signed by:
Manifest MedEx � , -'! „a CZ Participant
7DAAOC41C6S3450
By: By:
Name: Erica Galvez Name: Nathan Magsig
Title: CEO Title: Chairman of the Board of
Supervisors of the County of
Fresno
Date: 11/01/2024 Date:
For Accounting use only:
ATTEST:
Org No.: 56208520 BERNICE E.SEIDEL
Org No.: 56201019 Clerk of the Board of Supervisors
Account No.: 7295 County of Fresno,State of California
Fund No.: 0001 By � Deputy
Subclass No.: 10000
15
Docusign Envelope ID: 17CA6E55-28OD-4BEE-8D36-AE1E4B1DDOB1
EXHIBIT 1
SERVICE DESCRIPTION
This Exhibit 1 includes the various subsections of Exhibit 1 (Exhibit 1-A, Exhibit 1-B, etc.).
MX shall provide the Services described herein to Participant in accordance with the terms and conditions
of the Agreement and this Exhibit 1.
16
Docusign Envelope ID: 17CA6E55-28OD-4BEE-8D36-AE1E4B1DDOB1
EXHIBIT 1-A
CIE DEVELOPMENT
I. Description of Services (collectively, "CIE Services").
a. Youth Suicide Prevention. MX will provide to Participant each of the following Services
(collectively, the "YSP Services"):
1. Beginning in 2025, MX will:
i. Provide notifications to the following Participant Affiliates(collectively, "YSP Participant
Affiliates"):
A. Sanger Unified School District (SUSD);
B. Central Unified School District(CUSD);
C. Up to a maximum of 5 additional school districts; and
D. Fresno County Department of Behavioral Health.
ii. Make the following reports available to YSP Participant Affiliates:
A. Notify Activity Report: a summary report analyzing notification volume without PHI
or PII. Includes panel size analysis, notification volume analysis by source, recipient,
etc.
B. Patient Contact Report: identification of all historical patient contact information
including phone numbers, addresses and more.
2. Beginning in 2026, MX will:
i. Continue to provide the Services outlined in I.a.I above;
11. Provide notifications to up to a maximum of 10 additional school districts (each a YSP
Participant Affiliate); and
iii. Make available to any YSP Participant Affiliate the Patient Relationship and Activity
Report: identification of patient encounters with healthcare organizations, community
based organizations ("CBOs"), and county agencies to provide a complete picture of
patient activity. This report also includes a relationship matrix to identify all the
organizations and providers the patient has an established relationship with (collectively
with the Notify Activity Report and Patient Contact Report, the"YSP Reports").
3. Between January 1, 2027 and December 31, 2027, MX will continue to provide the Services
outlined in Sections I.a.l and I.a.2 above.
4. Between January 1, 2028 and December 31,2029,MX will:
i. Continue to provide the Services outlined in Sections I.a.l and I.a.2 above; and
ii. Provide notifications to up to a maximum of 6 additional school districts (each a YSP
Participant Affiliate).
b. Home Visitation. MX will provide to Participant each of the following Services (collectively,the
"HV Services"):
1. Beginning in 2025,MX will:
i. Accept data feeds from the following, provided that such feeds must meet the DSG
requirements;
17
Docusign Envelope ID: 17CA6E55-28OD-4BEE-8D36-AE1E4B1DDOB1
A. Fresno County Department of Social Services (FCDSS) may contribute home
visitation related data to the CIE which is anticipated to be sourced from DSS
Databases.
B. Fresno County Department of Public Health(FCDPH)may contribute essential public
health home visitation data, community health worker network, referrals, and
developmental screenings.
C. Each of FCDSS and FCDPH are "HV Participant Affiliates."
ii. Make the following reports available to HV Participant Affiliates:
A. Notify Activity Report
B. Patient Contact Report
2. Beginning in 2026, MX will:
i. Continue to provide the Services outlined in I.b.l above;
ii. Supply a data feed to the Fresno County Superintendent of Schools (FCSS) Apricot 360
System or other database system as agreed between MX and Participant; and
iii. Make the following reports available to HV Participant Affiliates:
A. Patient Relationship and Activity Report; and
B. Home Visitation Outcomes and Service Utilization Report: a summary report focusing
on the impact and outcomes of the HV use case related data: (collectively with the
Notify Activity Report, Patient Relationship and Activity Report, and Patient Contact
Report, the"HV Reports").
3. Between January 1, 2027 and December 31, 2027, MX will continue to provide the Services
outlined in Sections I.b.l and I.b.2 above.
4. Between January 1, 2028 and December 31,2029,MX will:
i. Continue to provide the Services outlined in Sections I.b.l and Lb.2 above; and
ii. Make the HV Reports available for HV Participant Affiliates to access via an online self-
service tool.
c. CIE Platform.
1. Beginning in 2025,MX will design and implement the fundamentals of the CIE and technology
platform to integrate, ingest and store data in a community record centered around an
individual. This includes identity matching functions.
2. Beginning in 2026, MX will:
i. Deploy MX Community,the web-based portal to access a person's social care record; and
ii. Offer MX Community to up to 20 CBOs affiliated with Participant.
3. Beginning in 2027, MX will continue to provide the Services outlined in Section I.c.2 above.
4. Between January 1, 2028 and December 31, 2029,MX will:
i. Continue to provide the Services outlined in Section I.c.2 above;
ii. Offer MX Community to up to 6 additional CBOs affiliated with Participant; and
18
Docusign Envelope ID: 17CA6E55-28OD-4BEE-8D36-AE1E4B1DDOB1
iii. Make iterative improvements to MX Community,provided they do not require additional
licensing or personnel cost; and
d. Additional Use Cases. Between January 1, 2026 and December 31, 2029, MX will work with
Participant to perform discovery, scoping and design for up to 2 additional use cases.
II. Training.Participant must designate a training coordinator("Training POC")before Participant may
use the CIE Services.The Training POC will be responsible for training Participant's Authorized Users
on (i) the use of the CIE Services and (ii) compliance with the Policies and the Agreement. MX will
provide (x) web-based and/or in-person training to Training POCs and Administrator POCs (defined
below) and(y) training resources and materials that Training POCs can use to train Authorized Users.
Any training requested by Participant in addition to MX's standard training will be negotiated by the
Parties and memorialized in a separate Exhibit.
III. Support.
a. Participant must provide a single point of contact("Administrator POC")for tech services before
Participant may use the CIE Services. Administrator POCs will be responsible for: managing
Authorized Users(e.g.,setting up Authorized User accounts,assigning roles and providing security
credentials to Authorized Users); ensuring that Authorized Users have reviewed and agreed to
comply with the Policies and the Agreement prior to obtaining access to the System; and providing
Level 1 help-desk support to Authorized Users,including re-setting passwords.
b. MX will support Participant's performance of the above responsibilities by MX offering support
for Administrator POCs, accessed through the web and/or email during Monday through Friday,
8:00 AM to 5:00 PM PST, excluding MX holidays posted on the MX website.
IV. Core Technology Platform. MX will develop &enhance the core technology required to support the
deliverables including:
a. Data Integration Platform: Developing a centralized platform that can securely collect, store,
manage, and distribute data from multiple sources.
b. Data Interoperability: Implementing standards and protocols to ensure seamless data exchange
between different systems. Where possible, nationally recognized standards and protocols will be
used.
c. User-Friendly Interfaces:Where needed,creating intuitive interfaces that allow users to access and
interact with data easily.
d. Master Patient Index(MPI): The existing MPI from MX will be used.
e. Robust Security & Privacy Measures: Utilizing advanced encryption, access controls, and
compliance with relevant regulations. Includes robust and granular user access controls to ensure
data sharing is compliant with county, state, and national requirements.
f. Report Development: Development of the core reporting module, exports to CSV/PDF and an
online tool that allows for self-service access.
g. Continuous Improvement:MX will perform an annual evaluation of each of the components of the
core technology platform and when needed, update specifications, core vendors, reports and
technologies when needed and where possible.
V. Governance. MX and Participant will engage in good faith discussions to design the official
governance definitions, structure, process including a responsibility matrix, using the following key
concepts:
a. Identi)�and Define Core Governance Principles.These principles will prioritize community needs,
ensuring that the CIE operates transparently,inclusively,and with a strong sense of accountability.
19
Docusign Envelope ID: 17CA6E55-28OD-4BEE-8D36-AE1E4B1DDOB1
b. Establish a Customized Governance Framework. Developing a structure that accommodates local
dynamics and stakeholder expectations.
c. Representative Joint Governance Team. Establishment of a Joint Governance Team, that will be
composed of representatives from various organizations that share data and utilize the CIE.
d. Conflict Resolution Mechanisms.Establishment of a well-defined conflict resolution processes that
is transparent and equitable, permitting all parties to have a fair opportunity to present their
concerns and reach mutually agreeable solutions.
e. Data Stewardship and Privacy. Implementation of stringent data protection measures to safeguard
the privacy of individuals and maintain the integrity of the CIE.
£ Legal and Regulatory Compliance. Implementation of mechanisms to monitor adherence to
Applicable Law, data sharing frameworks,policies,procedures, and guidelines.
g. Change Management.Development of a standardized process for change management.
VI. Fees. Participant shall pay to MX a fee of$8,600,000.00 as follows:
a. $2,400,000.00 upon execution of this Agreement;
b. $1,300,000.00 on January 1,2026;
c. $1,300,000.00 on August 31,2026;
d. $800,000.00 on January 1,2027;
e. $1,200,000.00 on January 1,2028; and
f. $1,600,000.00 on January 1, 2029.
VII. Termination. For each of the years 2027, 2028, and 2029, Participant may elect to terminate this
Exhibit 1-A with no effect upon other Services offered under this Agreement by providing prior written
notice to MX no later than October 31 of the prior calendar year. Such termination will be effective on
January 1 of the applicable year.
VIII. Technical Operation Plan. The specifications for implementation of the services listed in this
Agreement may be found in the Technical Operations Plan, a non-binding guidance document
developed jointly by MX and Participant.The parties agree to collaborate on maintaining the Technical
Operations Plan as needed to reflect changes or improvements in service implementation. The current
version of the Technical Operations Plan can be found by emailing dph@fresnocountyca.gov.
20
Docusign Envelope ID: 17CA6E55-28OD-4BEE-8D36-AE1E4B1DDOB1
EXHIBIT 1-B
OPTIONAL SERVICES
I. Description of Services (collectively, "Optional Services"). Beginning January 1, 2026, Participant
may elect to receive and or all of the following services:
a. New Use Case#1. As defined by work done pursuant to Exhibit 1-A, Section 1.d.
b. New Use Case#2. As defined by work done pursuant to Exhibit 1-A, Section Ld.
c. Undefined. Given the lack of specific details around the scope of these optional items, MX is
providing pricing for optional components each of these with a not-to-exceed(NTE)cost approach.
This approach may require a limited scope of work and MX will work with Participant to define
the scope that can fit within the NTE amounts.
1. Closed Loop Referral
2. CBO Data Entry Tool
3. Patient Consent Collection Tool
4. Secure Messaging Solution
5. Organization Directory
II. Election of Optional Services. In the event that Participant wishes to elect an Optional Service,
Participant and MX will make a good faith effort to work together to determine the applicable scope of
services. Once the scope is agreed upon, Participant must notify MX in writing of its election to
proceed. Optional Services must be elected no later than December 31, 2028.
III. Fees. Fees for the Optional Services are as follows and will be invoiced upon MX receiving written
notification of Participant's election to proceed with the applicable Optional Service and on each
anniversary of such election thereafter unless the applicable Optional Service is terminated. Fees are
subject to change following December 31,2029.
a. New Use Case#1.A fee of$1,000,000.00
b. New Use Case#2. A fee of$1,000,000.00
c. Undefined.
1. Closed Loop Referral.A fee of$1,200,000.00
2. CBO Data Entry Tool. A fee of$1,100,000.00
3. Patient Consent Collection Tool.A fee of$800,000.00
4. Secure Messaging Solution.A fee of$500,000.00
5. Organization Directory. A fee of$500,000.00
IV. Termination. For each of the years 2027, 2028, and 2029, Participant may elect to terminate any
individual Optional Service, or the entirety of this Exhibit 1-B, with no effect upon other Services
offered under this Agreement by providing prior written notice to MX no later than October 31 of the
prior calendar year. Such termination will be effective on January 1 of the applicable year.
21
Docusign Envelope ID: 17CA6E55-280D-4BEE-8D36-AE1E461DD061
EXHIBIT 2
DATA CONTRIBUTION REQUIREMENTS
Participants, including each of the Participant Affiliates, will contribute Data in accordance with the
schedules described below, over a secure connection configured by MX and Participant, and as set forth in
the Data Submission Guidelines. Participants shall adhere to the Data Submission Guidelines when
submitting Data to MX. The provisions in this Exhibit 2 below that are not applicable to Participant are for
informational purposes as to MX's intent to obtain such data. Those provisions not applicable to Participant
are not a guarantee or promise that MX will obtain such data from all.
For Participants and Participant Affiliates receiving Services pertaining to the HIE:
I. Hospitals. Hospital Participants and Participant Affiliates shall provide the following Patient Data to
MX:
a. Admit, discharge and transfer data ("ADT messages"), within ninety (90) days of the Effective
Date, and regularly thereafter;
b. ORU messages, within six(6)months of the Effective Date, and regularly thereafter;
c. CCDAs(discharge summaries,transition of care documents)within six(6)months of the Effective
Date, and regularly thereafter; and
d. Pharmacy Orders ("RDE messages"), within six(6)months of MX's initial request, and regularly
thereafter.
II. Physician and Ambulatory Practices.Physician and ambulatory practice Participants and Participant
Affiliates will provide the following Patient Data to MX:
a. Patient panel within thirty(30) days of the Effective Date, and regularly thereafter;
b. Lab data from national reference labs and transcribed radiology reports by signing an authorization
form allowing labs and other entities to send the Participant's data to MX, as of the Effective Date,
and regularly thereafter.Lab and radiology authorization forms to be provided by MX if applicable
and are included by reference herein; and
c. CCDAs (care summaries)within sixty (60) days of the Effective Date, and regularly thereafter.
III. Health Plans. Health Plan Participants and Participant Affiliates will provide the following Patient
Data to MX:
a. Eligibility files for health plan enrollees (that define the identities of lives covered by the health
plan)within thirty (30) days of the Effective Date, and regularly thereafter;
b. Provider files for Health Plan providers within six (6) months of the Effective Date, and regularly
thereafter; and
c. Medical and pharmacy claims data for health plan enrollees, within twelve (12) months of the
Effective Date, and regularly thereafter.
IV. IPAs. Independent Physician Association Participants and Participant Affiliates will provide the
following Patient Data to MX: Eligibility files for IPA members (that define the identities of lives
covered by the Participant), no later than within thirty (30) days of the Effective Date, and regularly
thereafter.
V. SNFs. Skilled Nursing Facility Participants and Participant Affiliates will provide the following Patient
Data to MX:
a. Patient panel within thirty(30) days of the Effective Date, and regularly thereafter;
22
Docusign Envelope ID: 17CA6E55-28OD-4BEE-8D36-AE1E4B1DDOB1
b. ADT messages within six (6) months of the Effective Date, and regularly thereafter if available
from the electronic health record system;
c. Lab data from national reference labs and transcribed radiology reports by signing an authorization
form allowing labs and other entities to send the Participant's data to MX,as of the Effective Date,
and regularly thereafter.Lab and radiology authorization forms to be provided by MX if applicable
and are included by reference herein; and
d. CCDAs (care summaries)within six(6)months of the Effective Date,and regularly thereafter.
VI. ACOs. Accountable Care Organization Participants will provide to MX the following for Patients that
are both attributed to the ACO and are Patients of ACO Participants (with signed MX Participation
Agreements) within six (6) months of the Effective Date and regularly thereafter: A Patient Panel
associating each patient with the appropriate ACO Participant.
VII. Public Health Departments.Public Health Department Participants and Participant Affiliates will
provide the following Patient Data to MX: patient panels no later than within thirty (30) days of the
Effective Date, and regularly thereafter.
For Participants and Participant Affiliates receiving Services related to the CIE:
VIII. Social Data Contributors. Participants and Participant Affiliates will provide the following Data
to MX:
a. If applicable,patient panel within thirty(30) days of the Effective Date, and regularly thereafter;
b. Such Health and Social Services Information as reasonably required by MX, within 6 months of
the Effective Date(or such later date as agreed to by MX and Participant),and regularly thereafter.
c. "Health and Social Services Information"means any and all individually identifiable information
received, stored, processed, generated, used, transferred, disclosed, made accessible, or shared
pursuant to the California Health and Human Services Data Exchange Framework Data Sharing
Agreement including but not limited to: (a) data elements as set forth in the applicable policy and
procedure; (b)information related to the provision of health care services,including but not limited
to PHI; and (c) information related to the provision of social services. Health and Social Services
Information may include PHI,PII, and digital identities.
For all Participants and Participant Affiliates,regardless of Services:
In addition to the requirements set forth above,as other Patient Data become relevant to the HIE,the Parties
shall work together to develop a timeline for Participant to contribute such Patient Data to MX. If the
Parties do not agree on a timeline within three(3)months after MX sends the notice requesting additional
Patient Data to Participant, or MX does not receive such Patient Data pursuant to the Parties' timeline,
either Party may terminate this Agreement by providing thirty days' notice to the other Party.
Participant shall refrain from sending Excluded Health Information(as defined in the Policies).Participants
are responsible for complying with applicable laws by filtering any information that should not be provided
or disclosed to MX.
23
Docusign Envelope ID: 17CA6E55-28OD-4BEE-8D36-AE1E4B1DDOB1
EXHIBIT 3
PARTICIPANT DEPARTMENTS AND AFFILIATES
Individually named Participant departments that are included as Participant Affiliates under this
Agreement as well as address if separate from the address provided in Section XII.c "Notices" of
the Agreement.
Department Name Org Type Address
Fresno County Department of
Public Health
Fresno County Department of
Behavioral Health
Fresno County Department of
Social Services
Individually named third-party entities governed by a contractual relationship with Participant
who will be participating in some or all of the Services under the direction and control of
Participant.
Entity Name Org Type Address
Individually named affiliated Hospitals,Medical Groups, Practices, Health Plans, MSOs or IPAs
that are included as Participant Affiliates under this Agreement as well as name and address of
clinics & affiliated sites.
Site Name Org Type Address
24
Docusign Envelope ID: 17CA6E55-28OD-4BEE-8D36-AE1E4B1DDOB1
EXHIBIT 4
BUSINESS ASSOCIATE AGREEMENT
This Business Associate Agreement("BAA') is entered into and effective as of the effective date
of the Participation Agreement (the "Effective Date"), by and between Manifest MedEx, a California
nonprofit public benefit corporation("Business Associate"), and County of Fresno, a political subdivision
of the State of California("Covered Entity"),on behalf of itself and its affiliates.Both parties hereby agree
to this Business Associate Agreement and are referred to in this BAA individually as a "Party" or
collectively as the"Parties
Covered Entity and Business Associate have entered into an agreement(the"Participation Agreement")
pursuant to which Business Associate provides to Covered Entity certain services that now or in the future
shall include,but not be limited to,the creation,receipt,maintenance, data analysis and/or transmission of
Protected Health Information (defined below) (as defined in Health Insurance Portability and
Accountability Act ("HIPAA") and related regulations), on behalf of Covered Entity, for a function or
activity regulated by HIPAA(defined below).
In consideration of the foregoing recitals and the promises set forth herein,the Parties agree as follows:
1. Definitions. All capitalized terms used in this BAA not specifically defined otherwise below or in the
Participation Agreement shall have.the same definitions as given to them under HIPAA.
a. "Breach of Privacy or Security" means any access, use, receipt or disclosure of PHI (including
electronic PHI) that is not in compliance with Law.
b. "HIPAA"means the Health Insurance Portability and Accountability Act and related regulations.
c. "Protected Health Information"or"PHI"has the meaning as the term is defined at 45 C.F.R. §
160.103, except that as used herein, the term shall refer only to Protected Health Information that
Business Associate creates,receives,maintains or transmits on behalf of or from Covered Entity.
II. Obligations of Business Associate.
a. Compliance with Re ug latory Obligations of Business Associate. Business Associate shall perform
and comply with all the applicable obligations and requirements imposed upon business associates
pursuant to HIPAA.
b. Permitted Receipt,Use and Disclosure of PHI. Business Associate may receive,Use and Disclose
PHI to the minimum extent necessary to perform Business Associate's obligations, functions,
activities and/or services under the Participation Agreement,and as otherwise permitted or required
by this BAA, the Participation Agreement, or Law. Business Associate shall not Use or Disclose
PHI in any manner that would violate the requirements of HIPAA if done by Covered Entity.
c. Specified Permitted Uses of PHI. Without limiting the generality of Section II.b (Permitted Use
and Disclosure of PHI),Business Associate may Use PHI as follows:
(A)For the proper management and administration of Business Associate.
(B) To carry out the legal responsibilities of Business Associate.
(C) To provide Data Aggregation services relating to the Health Care Operations of Covered Entity
or,if applicable,an organized health care arrangement of which the Covered Entity is a member
if and to the extent provided by the Participation Agreement or other agreement.
(D)To perform services related to the creation of De-Identified Data.
25
Docusign Envelope ID: 17CA6E55-28OD-4BEE-8D36-AE1 E4B1 DDOB1
(E) To perform quality improvement activities by the Covered Entity and to assist in identifying
appropriate additional care alternatives.
d. Specified Permitted Disclosures of PHI. Without limiting the generality of Section II.b(Permitted
Receipt,Use and Disclosure of PHI),Business Associate may Disclose PHI as follows:
(A)Pursuant to the direction of the Covered Entity; and
(B) For the proper management and administration of Business Associate or to cant'out the legal
responsibilities of Business Associate if:
i. If the disclosure is required by law; or
ii. If Business Associate obtains reasonable assurances from the person to whom the
information is Disclosed that it will be held confidentially and Used or fiuther Disclosed
only as required by law or for the purposes for which it was Disclosed to the person, and if
the person promptly notifies Business Associate of any instances of which it is aware in
which the confidentiality of the information has been Breached.
e. Specified Permitted Receipt of PHI. Without limiting the generality of Section 2(b) (Permitted
Receipt, Use and Disclosure of PHI), and in addition to Business Associate being permitted to
disclose PHI to its Subcontractors subject to section (h) below, Business Associate may receive
PHI from another business associate of Covered Entity pursuant to the direction of the Covered
Entity.
f. Safeguards. Business Associate shall Use appropriate safeguards and comply, where applicable,
with 45 C.F.R. §§ 164.302 through 164.316 with respect to electronic PHI and will apply
appropriate safeguards to prevent the Use or Disclosure of the PHI in any form,including electronic
form other than as provided for by this BAA.
g. Reporting Unauthorized Uses and Disclosures. Business Associate shall report to Covered Entity,
without unreasonable delay, and in accordance with the deadlines provided below, any Use or
Disclosure of PHI not permitted by this BAA of which Business Associate becomes aware,
including any Breach of Privacy or Security as defined in the Participation Agreement. Without
limiting the generality of the foregoing:
i. Reporting of Breaches of Privacy or Security.
(A)Following the discovery of(i) any access to,Use or Disclosure of PHI which is not permitted
by the Participation Agreement or (ii) any Security Incident, Business Associate shall notify
Covered Entity by contacting Covered Entity's designated privacy contact person without
unreasonable delay, and in no case later than forty-eight (48) hours after discovery of the
Breach of Privacy or Security or Security Incident; provided, however, that the Parties
acknowledge and agree that this Section constitutes notice by Business Associate to Covered
Entity of the ongoing existence and occurrence of attempted but Unsuccessful Security
Incidents(as defined below)for which notice to Covered Entity by Business Associate shall be
required only upon request. "Unsuccessful Security Incidents"shall include,but not be limited
to,pings and other broadcast attacks on Business Associate's firewall,port scans,unsuccessful
log-on attempts, denials of service and any combination of the above, so long as no such
incident results in unauthorized access,Use or Disclosure of PHI. Covered Entity will advise
Business Associate of any subsequent changes to the privacy contact person's contact
information.
(B) In the event of a Breach of Privacy or Security,Business Associate shall without unreasonable
delay carry out an investigation and shall provide reasonably frequent updates to Covered
Entity as to the results of the investigation, including, as soon as reasonably possible, the
26
Docusign Envelope ID: 17CA6E55-280D-4BEE-8D36-AE1E481DD0131
identification of each Patient whose PHI has been, or is reasonably believed to have been,
accessed, acquired, or Disclosed during any Breach of Privacy or Security.
(C) Business Associate shall cooperate with Covered Entity and shall provide that assistance as
Covered Entity may reasonably request so that Covered Entity may comply with any
obligations it may have to investigate,remediate,mitigate,report,and or otherwise notify third
parties of that Breach of Privacy or Security.
h. Arrangements with Subcontractors. Business Associate shall enter into a BAA with any
Subcontractor of Business Associate that creates, receives, maintains, or transmits PHI on behalf
of Business Associate, pursuant to which the Subcontractor shall agree to comply with the
applicable requirements of HIPAA and the same(or more stringent)restrictions and conditions that
apply to Business Associate with respect to that PHI pursuant to this BAA, and pursuant to which
Business Associate shall obtain satisfactory assurances that the Subcontractor shall appropriately
safeguard that PHI.
i. Individuals'Access to PHI.Business Associate shall make available PHI in a designated record set
as necessary to satisfy the requirements of 45 C.F.R. § 164.524.
j. Individuals' Request for Amendments to PHI. Business Associate shall incorporate amendments
to PHI as and to the extent required for compliance with 45 C.F.R. § 164.526.
k. Individuals' Requests for Accountings of Disclosures. Business Associate shall document
Disclosures of PHI and provide information sufficient to respond to a request by a Patient for an
Accounting of Disclosures in compliance with 45 C.F.R. § 164.528.
1. Other Obligations. To the extent that Business Associate is, pursuant to the Participation
Agreement or this BAA, responsible to carry out an obligation of Covered Entity under HIPAA,
Business Associate shall comply with the requirements of HIPAA that apply to Covered Entity in
the performance of that obligation.
in. Books and Records. Business Associate shall make its internal practices, books, and records
relating to the Use and Disclosure of PHI received from or created or received by Business
Associate on behalf of Covered Entity, available to the Secretary for purposes of determining
Covered Entity's or Business Associate's compliance under HIPAA.
II. Obligations of Covered Entity.
a. Notice of Change in Privacy Practices. Covered Entity shall notify Business Associate of any
limitation(s) in Covered Entity's Notice of Privacy Practices in accordance with 45 C.F.R.
§164.520, to the extent that that limitation may affect Business Associate's Use or Disclosure of
PHI, as soon as reasonably practicable, and in no case more than ten (10) business days after the
change to the notice of privacy practices containing such limitation.
b. Notice of Change in Permissions. Covered Entity shall notify Business Associate of any changes
in, or revocation of, permission by an individual to Use or Disclose PHI, to the extent that that
change may affect Business Associate's Use or Disclosure of PHI, as soon as reasonably
practicable, and in no case more than ten (10) business days after the date when Covered Entity
learns of the change in permissions.Business Associate shall abide by each change in,or revocation
of,permission described above in this clause(b).
C. Notice of Change in Use. Covered Entity shall notify Business Associate of any restriction to the
Use or Disclosure of PHI that Covered Entity has agreed to in accordance with 45 C.F.R. §164.522,
to the extent that that restriction may affect Business Associate's Use or Disclosure of PHI,as soon
as reasonably practicable, and in no case more than ten (10) business days after the date when
Covered Entity learns of the restriction.Business Associate shall abide by each restriction described
above in this clause (c).
27
Docusign Envelope ID: 17CA6E55-28OD-4BEE-8D36-AE1E4B1D DOB 1
d. Appropriate Requests. Covered Entity shall not request that Business Associate Use or Disclose
PHI in any manner that would not be permissible tinder HIPAA if done by Covered Entity.
III. Term and Termination.
a. Term. Subject to the other provisions of this Section 1V (Tenn and Termination), the term of this
BAA shall be coextensive with that of the Participation Agreement.
b. Breach Pattern of Practice. If a Party knows of a pattern of activity or practice by the other Patty
that constitutes a material breach or violation of its obligations under HIPAA or this BAA, such
Party shall notify the other Party of that breach. If such other Party is unsuccessful in curing that
breach within a reasonable time period specified by the notifying Patty, the notifying Party may
Lerninate this BAA and the Participation Agreement, if feasible, upon written notice to the other
Party.
c. Conduct Upon Tenmination. Upon termination or expiration of this BAA,Business Associate and
Covered Entity acknowledge that return or destruction of PHI is not feasible. Accordingly,
Business Associate shall extend the protections of this BAA, including Section 2(e) (Safeguards),
to any that PHI for so long as it is not destroyed,and limit further uses and Disclosures of that PHI
to those purposes that make the return or destruction not feasible,for as long as Business Associate
or any Subcontractor of Business Associate maintains that PHI. Upon the expiration of this period
of infeasibility, if any, Business Associate shall destroy all PHI that it has retained. if PHI is to be
destroyed pursuant to this Section 4(c)(Conduct Upon Termination)or pursuant to the Participation
Agreement, Business Associate shall certify in writing to Covered Entity that that PHI has been
destroyed.
IV. Relationship to Participation Agreement. In the event that a provision of this BAA is contrary to a
provision of the Participation Agreement pertaining to Business Associate's performance of its
obligations as a business associate, the provisions of BAA shall control.
V. Cooperation. The Parties acknowledge that certain breaches or violations of this BAA may result in
litigation or investigations pursued by federal or state governmental authorities of the United States
resulting in civil liability or criminal penalties. Each Party shall cooperate in good faith in all respects
with the other Party in connection with any request by a federal or state governmental authority for
additional information and documents or any governmental investigation, complaint, action or other
inquiry.
VI. Amendment. The Parties agree to take that action from time to time as is necessary to amend this
BAA for Covered Entity and Business Associate to comply with HIPAA or other applicable law. The
Parties agree that this BAA may only be modified by mutual written amendment,signed by both Parties,
effective on the date set forth in the amendment.
VII. Interpretation.Any ambiguity in this BAA shall be interpreted to permit compliance with HIPAA.
In witness whereof,Covered Entity and Business Associate have entered into this BAA as of the Effective
Date.
Signed by:
Business Associat�� , —,ba ,eZ Covered Entity
7DAABC41C6834500— O
By: By:
Name: Erica Galvez Name: Nathan Magsig
Title: CEO Title: Chairman of the Board of Supervisors
Date: 1110112024 Date:
ATTEST:
28 BERNICE E.SEIDEL
Clerk of the Board of Supervisors
County of Fresno,
By*Q-�SeCvv
eputy
Docusign Envelope ID: 17CA6E55-28OD-4BEE-8D36-AE1E4B1DDOB1
Exhibit 5
U.S. DEPARTMENT OF THE TREASURY CORONAVIRUS LOCAL FISCAL RECOVERY FUND
TERMS AND CONDITIONS
1. Use of Funds.
a) Contractor understands and agrees that the funds disbursed under this award may only be
used in compliance with section 603(c) of the Social Security Act (the Act), Treasury's
regulations implementing that section, and guidance issued by Treasury regarding the
foregoing.
b) Contractor will determine prior to engaging in any project using this assistance that it has
the institutional, managerial, and financial capability to ensure proper planning,
management, and completion of such project.
2. Maintenance of and Access to Records.
a) Contractor shall maintain records and financial documents sufficient to evidence
compliance with section 603(c) of the Act, Treasury's regulations implementing that section,
and guidance issued by Treasury regarding the foregoing.
b) The Treasury Office of Inspector General and the Government Accountability Office, or
their authorized representatives, shall have the right of access to records (electronic and
otherwise) of Contractor in order to conduct audits or other investigations.
c) Records shall be maintained by Contractor for a period of five (5) years after all funds have
been expended or returned to Treasury, whichever is later.
3. Compliance with Applicable Law and Regulations.
a) Contractor agrees to comply with the requirements of section 602 of the Act, regulations
adopted by Treasury pursuant to section 602(f) of the Act, and guidance issued by
Treasury regarding the foregoing. Contractor also agrees to comply with all other applicable
federal statutes, regulations, and executive orders, and Contractor shall provide for such
compliance by other parties in any agreements it enters into with other parties relating to
this award.
b) Federal regulations applicable to this award include, without limitation, the following:
1
Docusign Envelope ID: 17CA6E55-28OD-4BEE-8D36-AE1E4B1DDOB1
Exhibit 5
i. Uniform Administrative Requirements, Cost Principles, and Audit Requirements for
Federal Awards, 2 C.F.R. Part 200, other than such provisions as Treasury may
determine are inapplicable to this Award and subject to such exceptions as may be
otherwise provided by Treasury. Subpart F -Audit Requirements of the Uniform
Guidance, implementing the Single Audit Act, shall apply to this award.
ii. Universal Identifier and System for Award Management (SAM), 2 C.F.R. Part 25,
pursuant to which the award term set forth in Appendix A to 2 C.F.R. Part 25 is
hereby incorporated by reference.
iii. OMB Guidelines to Agencies on Governmentwide Debarment and Suspension
(Non procurement), 2 C.F.R. Part 180, including the requirement to include a term or
condition in all lower tier covered transactions (contracts and subcontracts
described in 2 C.F.R. Part 180, subpart B) that the award is subject to 2 C.F.R. Part
180 and Treasury's implementing regulation at 31 C.F.R. Part 19.
iv. Contractor Integrity and Performance Matters, pursuant to which the award term set
forth in 2 C.F.R. Part 200, Appendix XII to Part 200 is hereby incorporated by
reference.
V. Governmentwide Requirements for Drug-Free Workplace, 31 C.F.R. Part 20.
vi. New Restrictions on Lobbying, 31 C.F.R. Part 21.
vii. Uniform Relocation Assistance and Real Property Acquisitions Act of 1970 (42
viii. U.S.C. §§4601-4655) and implementing regulations.
ix. Generally applicable federal environmental laws and regulations.
c) Statutes and regulations prohibiting discrimination applicable to this agreement include,
without limitation, the following:
i. Title VI of the Civil Rights Act of 1964 (42 U.S.C. §§ 2000d et seq.) and Treasury's
ii. implementing regulations at 31 C.F.R. Part 22, which prohibit discrimination on the
basis of race, color, or national origin under programs or activities receiving federal
financial assistance;
2
Docusign Envelope ID: 17CA6E55-28OD-4BEE-8D36-AE1E4131DDOB1
Exhibit 5
iii. The Fair Housing Act, Title VIII of the Civil Rights Act of 1968 (42 U.S.C. §§3601 et
seq.), which prohibits discrimination in housing on the basis of race, color,
iv. religion, national origin, sex, familial status, or disability;
V. Section 504 of the Rehabilitation Act of 1973, as amended (29 U.S.C. § 794), which
prohibits discrimination on the basis of disability under any program or activity
receiving federal financial assistance;
vi. The Age Discrimination Act of 1975, as amended (42 U.S.C. §§ 6101 et seq.), and
Treasury's implementing regulations at 31 C.F.R. Part 23, which prohibit
discrimination on the basis of age in programs or activities receiving federal
financial assistance; and
vii. Title II of the Americans with Disabilities Act of 1990, as amended (42 U.S.C. §§
12101 et seq.), which prohibits discrimination on the basis of disability under
programs, activities, and services provided or made available by state and local
governments or instrumentalities or agencies thereto.
4. Hatch Act. Contractor agrees to comply, as applicable, with requirements of the Hatch Act
(5 U.S.C. §§ 1501-1508 and 7324-7328), which limit certain political activities of State or local
government employees whose principal employment is in connection with an activity financed in
whole or in part by this federal assistance.
5. False Statements. Contractor understands that making false statements or claims in
connection with this agreement is a violation of federal law and may result in criminal, civil, or
administrative sanctions, including fines, imprisonment, civil damages and penalties, debarment
from participating in federal awards or contracts, and/or any other remedy available by law.
6. Publications. Any publications produced with funds from this agreement must display the
following language: "This project [is being] [was] supported, in whole or in part, by federal award
number SLFRP 3678 awarded to County of Fresno by the U.S. Department of the Treasury."
7. Debts Owed the Federal Government.
3
Docusign Envelope ID: 17CA6E55-28OD-4BEE-8D36-AE1E4B1DDOB1
Exhibit 5
a) Any funds paid to Contractor(1) in excess of the amount to which Contractor is finally
determined to be authorized to retain under the terms of this award; (2) that are determined
by the Treasury Office of Inspector General to have been misused; or (3) that are
determined by Treasury to be subject to a repayment obligation pursuant to sections 602(e)
and 603(b)(2)(D) of the Act and have not been repaid by Contractor shall constitute a debt
to the federal government.
b) Any debts determined to be owed the federal government must be paid promptly by
Contractor. A debt is delinquent if it has not been paid by the date specified in Treasury's
initial written demand for payment, unless other satisfactory arrangements have been made
or if the Contractor knowingly or improperly retains funds that are a debt as defined in
paragraph 14(a). Treasury will take any actions available to it to collect such a debt.
8. Disclaimer.
a) The United States expressly disclaims any and all responsibility or liability to Contractor or
third persons for the actions of Contractor or third persons resulting in death, bodily injury,
property damages, or any other losses resulting in any way from the performance of this
award or any contract, or subcontract under this award.
b) The execution of this agreement by Contractor does not in any way establish an agency
relationship between the United States and Contractor.
9. Protections for Whistleblowers.
a) In accordance with 41 U.S.C. §4712, Contractor may not discharge, demote, or otherwise
discriminate against an employee in reprisal for disclosing to any of the list of persons or
entities provided below, information that the employee reasonably believes is evidence of
gross mismanagement of a federal contract or grant, a gross waste of federal funds, an
abuse of authority relating to a federal contract or grant, a substantial and specific danger to
public health or safety, or a violation of law, rule, or regulation related to a federal contract
(including the competition for or negotiation of a contract) or grant.
b) The list of persons and entities referenced in the paragraph above includes the following:
4
Docusign Envelope ID: 17CA6E55-280D-4BEE-8D36-AE1E4131DD061
Exhibit 5
i. A member of Congress or a representative of a committee of Congress;
ii. An Inspector General;
iii. The Government Accountability Office;
iv. A Treasury employee responsible for contract or grant oversight or management;
V. An authorized official of the Department of Justice or other law enforcement
agency;
vi. A court or grand jury; or
vii. A management official or other employee of Contractor, contractor, or subcontractor
who has the responsibility to investigate, discover, or address misconduct.
c) Contractor shall inform its employees in writing of the rights and remedies provided under
this section, in the predominant native language of the workforce.
10. Increasing Seat Belt Use in the United States. Pursuant to Executive Order 13043, 62 FR
19217 (Apr. 18, 1997), Contractor should adopt and enforce on-the-job seat belt policies and
programs for their employees when operating company-owned, rented or personally owned
vehicles.
11. Reducinq Text Messaging While Driving. Pursuant to Executive Order 13513, 74 FR 51225
(Oct. 6, 2009), Contractor should encourage its employees, and subcontractors to adopt and
enforce policies that ban text messaging while driving, and Contractor should establish workplace
safety policies to decrease accidents caused by distracted drivers.
12. Title VI of the Civil Rights Act of 1964. The sub-grantee, contractor, subcontractor,
successor, transferee, and assignee shall comply with Title VI of the Civil Rights Act of 1964, which
prohibits Contractors of federal financial assistance from excluding from a program or activity,
denying benefits of, or otherwise discriminating against a person on the basis of race, color, or
national origin (42 U.S.C. § 2000d et seq.), as implemented by the Department of the Treasury's
Title VI regulations, 31 CFR Part 22, which are herein incorporated by reference and made a part
of this contract (or agreement). Title VI also includes protection to persons with "Limited English
5
Docusign Envelope ID: 17CA6E55-28OD-4BEE-8D36-AE1E4B1DDOB1
Exhibit 5
Proficiency" in any program or activity receiving federal financial assistance, 42 U.S.C. § 2000d et
seq., as implemented by the Department of the Treasury's Title VI regulations, 31 CFR Part 22,
and herein incorporated by reference and made a part of this contract or agreement.
6
Docusign Envelope ID: 17CA6E55-28OD-4BEE-8D36-AE1E4B1DDOB1
Exhibit 6
Self-Dealing Transaction Disclosure Form
In order to conduct business with the County of Fresno("County"),members of a contractor's
board of directors ("County Contractor"),must disclose any self-dealing transactions that they are a party
to while providing goods, performing services, or both for the County. A self-dealing transaction is
defined below:
"A self-dealing transaction means a transaction to which the corporation is a party and in which
one or more of its directors has a material financial interest."
The definition above will be used for purposes of completing this disclosure form.
Instructions
(1) Enter board member's name,job title (if applicable), and date this disclosure is being made.
(2) Enter the board member's company/agency name and address.
(3) Describe in detail the nature of the self-dealing transaction that is being disclosed to the County.
At a minimum, include a description of the following:
a. The name of the agency/company with which the corporation has the transaction;and
b. The nature of the material financial interest in the Corporation's transaction that the
board member has.
(4) Describe in detail why the self-dealing transaction is appropriate based on applicable provisions
of the Corporations Code.
The form must be signed by the board member that is involved in the self-dealing transaction
described in Sections (3)and(4).
1
Docusign Envelope ID: 17CA6E55-28OD-4BEE-8D36-AE1E4B1DDOB1
Exhibit 6
(1) Company Board Member Information:
Name: Date:
Job Title:
(2) Company/Agency Name and Address:
(3)Disclosure (Please describe the nature of the self-dealing transaction you are a party to)
(4) Explain why this self-dealing transaction is consistent with the requirements of Corporations
Code§ 5233 (a)
(5) Authorized Signature
Signature: Date:
2
co Attachment A
w
O 1856 O
Technical and Operational Plan
Fresno County Community Information Exchange
Countywide development of integrated technical, legal, and governance infrastructure to support two pilots
focused on Youth Suicide Prevention and the Integration of Home Visitation Services
November 2024
s�0 epo
4 "CA.
Xa
�� `pBrintend° �G�
�NDENT°�
Attachment A
Table of contents
Contents
ExecutiveSummary.......................................................................................................................................................................5
Fresno CIE Vision, Mission, and Objectives........................................................................................................................5
PilotInitiatives...........................................................................................................................................................................5
SuicidePrevention...............................................................................................................................................................5
HomeVisitation....................................................................................................................................................................6
TargetPopulations...................................................................................................................................................................6
Home Visitation Pilot: Children and Families...............................................................................................................6
Suicide Prevention Pilot: School-Age Youth.................................................................................................................6
Infrastructure.........................................................................................................................................................................6
Future Development: Supporting the Broader Population of Fresno County.....................................................7
Introduction....................................................................................................................................................................................8
Purpose of the Technical and Operational Plan...............................................................................................................8
Aligning People, Organizations, and Technology.......................................................................................................8
Leadership and Stakeholder Engagement.....................................................................................................................8
PartnershipDevelopment..................................................................................................................................................8
Governance and Management..............................................................................................................................................9
Supporting the Technical Framework...........................................................................................................................10
DataSharing and Legal Framework...................................................................................................................................10
DataSharing........................................................................................................................................................................10
Legal.......................................................................................................................................................................................11
Background...................................................................................................................................................................................12
Partnership and Technical Discovery.................................................................................................................................12
Approaches to Pilot Implementation................................................................................................................................13
HomeVisitation..................................................................................................................................................................13
YouthSuicide Prevention.................................................................................................................................................13
PartnerOrganizations and Roles........................................................................................................................................13
Fresno CIE - Technical and Operational Plan
November 2024
Page 12
Attachment A
HomeVisitation..................................................................................................................................................................13
YouthSuicide Prevention.................................................................................................................................................16
Overview of Data Systems and Platforms........................................................................................................................19
HomeVisitation..................................................................................................................................................................19
YouthSuicide Prevention................................................................................................................................................20
Impact of Legislation on CIE Development......................................................................................................................22
Conclusion...........................................................................................................................................................................24
Technical &Operational Plan...................................................................................................................................................25
PlanOverview..........................................................................................................................................................................25
System Features, Requirements and Considerations.....................................................................................................26
DataManagement.................................................................................................................................................................27
DataSecurity...........................................................................................................................................................................27
DataRetention .......................................................................................................................................................................29
DataAccess and Permissions..............................................................................................................................................30
Privacy& Protocols................................................................................................................................................................31
Cybersecurity...........................................................................................................................................................................32
PartnerRequirements Documentation........................................................................................................................34
Fuzzy Matching System Evaluation Requirements...................................................................................................35
Data Flow, Interoperability, and Solution Architecture...............................................................................................36
Overview CIE Microservices Processes and Data Flows ..........................................................................................38
CIETechnical Components..................................................................................................................................................38
Systems of Origin Technical Considerations..............................................................................................................38
Technical View of Dataflows and Technology Considerations..................................................................................45
Partner Technical Systems Review....................................................................................................................................55
myAvatar— Department of Public Health...................................................................................................................55
Department of Social Services Data Systems............................................................................................................56
Apricot 360— Fresno County Superintendent of Schools....................................................................................... 57
CCS Community Health Record (CHR) System — Department of Public Health............................................... 57
Implementing a Legal Framework for the Community Information Exchange.........................................................59
Developing a Master Data Sharing Agreement Framework.......................................................................................59
SharingData Under HIPAA.............................................................................................................................................60
Key Components of Data Sharing Agreements Under FERPA..............................................................................65
Fresno CIE - Technical and Operational Plan
November 2024
Page 13
Attachment A
Operatingas a School Official .......................................................................................................................................66
Potential Legal Framework for Education Record Disclosure — Demonstration of Legitimate Educational
Interest.................................................................................................................................................................................70
Service Level Agreements (SLAB) or Data Sharing Agreements (DSAs)....................................................................74
Fresno County CIE Governance Framework........................................................................................................................76
Overview of Fresno CIE Field-Level Governance........................................................................................................77
Field Sharing and Partner Agreements ........................................................................................................................77
Maintenance and Operations Costs..................................................................................................................................78
Data Analytics & Performance Metrics to be Required by System............................................................................79
Risksand Mitigation..................................................................................................................................................................80
Identified Limitations to the Technical and Operational Plan.........................................................................................81
Summaryand Next Steps..........................................................................................................................................................81
Summary...................................................................................................................................................................................81
NextSteps.................................................................................................................................................................................81
Appendix A: Fresno CIE Data Flow Mapping ......................................................................................................................82
HomeVisitation .....................................................................................................................................................................82
SuicidePrevention.....................................................................................................................................................................83
Appendix B: Fresno CIE Data Profiles and Analysis...........................................................................................................84
AppendixC: Fresno CIE Data Models....................................................................................................................................85
Appendix D: Fresno CIE Key Questions Inventory............................................................................................................86
AppendixE: Fresno CIE FAQ...................................................................................................................................................87
Appendix F: Fresno Example Narratives..............................................................................................................................89
Appendix G: Current State Flowchart for ED 5150 Holds................................................................................................90
Fresno CIE - Technical and Operational Plan
November 2024
Page14
Attachment A
Executive Summary
The Fresno County Community Information Exchange (CIE) is an innovative initiative aimed at revolutionizing data
utilization to improve the well-being of Fresno County residents. Within the CIE initiative, there are two upcoming
pilots scheduled for phased development from 2024-26 that are designed to have immediate and tangible results
in the community while concurrently developing the founding partnerships, governance, and technical
infrastructure which will carry the work into future years of broadening impact.
This technical and operational plan is a living document currently in draft form, intended to serve as a guiding
tool for the ongoing development of the Fresno County CIE. It will be iteratively refined and redesigned through
active collaboration with CIE partners and the greater Fresno community, ensuring that it remains responsive to
evolving needs and perspectives as the initiative progresses.
Fresno CIE Vision, Mission, and Objectives
Vision
To create a data-driven, interconnected community in Fresno County where timely and effective support is
provided to those in need.
Mission
Expedite data sharing across sectors to allow for improved communication and coordinated services for students
and families in Fresno County.
Objectives
• Develop initial CIE partnerships, governance, legal framework, and technical infrastructure to set the stage
for ongoing development.
• Enhance care coordination and expand accessibility to services for Fresno County residents.
• Streamline service delivery and improve outcomes in key areas.
• Foster trust among stakeholders through clear and effective data governance.
Pilot Initiatives
Suicide Prevention
Fresno County acknowledges the severity of the suicide crisis, with approximately 50,000 suicides and an
estimated 1.6 million attempts occurring nationwide each year. The CIE is proactively addressing this issue by
integrating data from key agencies to provide timely support and resources to individuals at risk.This
initiative marks a crucial step towards comprehensive multi-agency mental health care and suicide prevention
efforts.
Key Results
• School districts and behavioral health personnel receive real-time notices regarding individuals at risk
of suicide and have operational response plans in place.
• Develop technical early-alert infrastructure in Fresno County that will set the stage for additional alert
systems to operate at scale across Fresno County.
Fresno CIE - Technical and Operational Plan
November 2024
Page 15
Attachment A
Home Visitation
The CIE will address inefficiencies in data transparency that have previously hindered home visitation services.
This cross-sector data access pilot aims to streamline services, leading to improved outcomes such as
increased kindergarten readiness, better maternal mental health, decreased trauma, and more effective
service delivery.
Key Results
• Unified case management across Home Visitation programs in Fresno County, enhancing
coordination among program teams and providers.
• Insights into service coverage for children and families.
• Reduced overhead in mandatory reporting for case managers, facilitating an increased capacity to
serve the Fresno community in the field.
• Real-time, effective reporting for all CIE users.
These efforts are expected to streamline care coordination and accessibility for residents, irrespective of
provider, insurance, network, or region. This early work will set the stage for large-scale data sharing and
utilization across Fresno County, creating a more interconnected and data-driven community.
Target Populations
Home Visitation Pilot: Children and Families
This initiative focuses on the following target populations:
• Infants and Toddlers: Ensuring that the youngest members of the community receive essential health
and developmental support from birth through early childhood.
• Expectant Mothers: Providing prenatal care and support to expectant mothers to promote healthy
pregnancies and early childhood development.
• Families with Young Children: Supporting families with children up to age five, offering resources and
guidance on parenting, health, and education to foster a nurturing and safe home environment.
Suicide Prevention Pilot: School-Age Youth
This initiative focuses on the following target populations:
• Elementary School Students: Identifying at-risk children at an early age to provide timely support and
prevent the escalation of mental health issues.
• Middle School Students: Addressing the unique challenges faced by pre-teens and early adolescents.
• High School Students: Providing resources and support for teenagers dealing with complex emotional
and psychological challenges, including depression and anxiety.
Infrastructure
The core Fresno CIE technology will offer a versatile platform designed to promote interoperability and seamless
data exchange among diverse partner data systems. Its centralized and scalable system architecture will enable
the integration and transformation of records-level data while ensuring role-based access and field-level
Fresno CIE - Technical and Operational Plan
November 2024
Page 16
Attachment A
governance controls, maintaining privacy and security measures for partners and their data. By providing a
standardized yet adaptable framework, the Fresno CIE infrastructure can accommodate new partners and data
systems as the partnership grows, thereby scaling its capabilities to meet increasing demands.
Future Development: Supporting the Broader Population of Fresno County
Initial pilot initiatives focusing on children, families, and school-age youth are critical first steps in developing a
comprehensive CIE that will ultimately support the entire population of Fresno County. By successfully
implementing these pilots, the CIE will:
• Build a Scalable Framework: Establish a scalable data-sharing infrastructure that can be expanded to
include a wider range of services and populations over time.
• Demonstrate Impact: Show tangible benefits and improvements in community health and well-being,
building the case for broader adoption and investment in the CIE.
• Foster Collaboration: Strengthen partnerships and trust among local service providers, community
organizations, and government agencies, creating a collaborative ecosystem that benefits all residents.
As the CIE evolves, it will incorporate additional initiatives and services to address the diverse needs of Fresno
County's population.This phased approach ensures that the CIE grows sustainably, continuously improving and
expanding its impact in the community.
Fresno CIE - Technical and Operational Plan
November 2024
Page 17
Attachment A
Introduction
Purpose of the Technical and Operational Plan
This Technical and Operational Plan (TOP) is a comprehensive blueprint designed to guide the initial phases of
development and implementation for the Fresno County Community Information Exchange (CIE).The primary
purpose of the TOP is to establish a detailed framework that supports the technical, partnership, governance, and
legal aspects of the CIE, ensuring its success and sustainability.This section outlines the key objectives and goals
of the TOP, emphasizing its role in providing a structured, phased approach to building the CIE technology and
partnership.
Aligning People, Organizations, and Technology
Building trust among partners is crucial for successful data-sharing efforts.The Fresno CIE will take small, iterative
steps in developing data-sharing practices and supportive technology. The initiative will begin with two pilots
carefully selected to test crucial elements of the partnership and technical development for future scaling.The
approach involves small groups of committed partners engaging in data discovery and limited data sharing
before expanding effective practices and incorporating additional partners. The Technical and Operational plan is
designed to establish the basis from which this collaboration can grow and, as a results, is anticipated to be a
living document meant to develop clear consensus among participating partners related to the technical and
operational boundaries of the work they will be engaging in together.
Leadership and Stakeholder Engagement
Leadership driving the Community Information Exchange (CIE) in Fresno County is characterized by committed
public health and education officials working in close collaboration to modernize and integrate health and
education data systems despite financial and technological challenges.Ajoint partnership between Fresno
County, the Fresno County Office of Education, and Cradle-to-Career Fresno County is actively working to evolve
past outdated methods still prevalent in data sharing, such as fax machines and phone calls, and emphasizes the
critical need for interoperability to seamlessly exchange data among diverse systems. Though funding remains a
significant barrier, the collaborative core team has secured an earmarked $5 million for data system
improvements as initial funding. Achieving full interoperability will require a persistent commitment of additional
resources and leadership engagement over years of ongoing technical and partnerships development.
Partnership Development
An effective Community Information Exchange rests in its partnership development.The CIE partnership
framework is designed to ensure inclusive, transparent, and efficient collaboration among key stakeholders. This
section outlines the roles and responsibilities of the Operational Core Team and Pilot Workgroups involved in
developing and implementing the CIE.
Fresno CIE Core Team
The Fresno CIE Core Team provides strategic guidance and operational support to the CIE initiative.This team is
composed of leadership from key organizations, including Fresno County, Fresno County Office of Education, and
Cradle-to-Career Fresno County.The Core Team's primary responsibilities include:
• Strategic Guidance: Setting the overall direction and vision for the CIE, ensuring that the initiative aligns
with community needs and priorities.
• Operational Support: Overseeing day-to-day operations, coordinating activities among partners, and
managing resources to support the development and implementation of the CIE.
Fresno CIE - Technical and Operational Plan
November 2024
Page 18
Attachment A
• Stakeholder Engagement: Facilitating communication and collaboration among all stakeholders, fostering
a sense of ownership and commitment to the CIE's success.
Fresno CIE Workgroups
To ensure effective integration of data systems and the successful implementation of the CIE, two Fresno CIE
Workgroups have been established, focused on the two initial pilot areas.These workgroups are comprised of
representatives from organizations whose data systems will be integrated into the CIE during early phases of
technical development.The primary objectives of the workgroups are to establish a Minimum Viable Partnership
which will provide the foundational governance structures and build the initial technical infrastructure of the CIE.
This includes:
• Identifying key technical systems, use cases, and data fields for inclusion in early phases of the CIE
technical implementation.
• Defining and executing service level and data-sharing agreements and protocols.
• Supporting pilot tests to ensure successful and effective technical integration and data interoperability.
By leveraging the expertise and resources of the Core Team and Workgroups, the Fresno CIE will build a strong,
collaborative foundation that supports sustainable growth and scalability.
Governance and Management
High-level governance of the Fresno County Community Information Exchange (CIE) will be developed in tandem
with the Technical and Operational Plan as a distinct but aligned process. Governance of the CIE is a foundational
aspect critical to its success and sustainability. Effective governance ensures that the CIE operates with
transparency for its partners, and remains inclusive and accountable to the community it serves.This section
outlines the steps which are considered best practice in establishing a governance framework that will guide the
operations and evolution of the CIE, addressing the following key areas:
1. Identify and Define Core Governance Principles Establishing core governance principles is essential for
setting the tone and direction of the Fresno CIE.These principles will prioritize community needs,
ensuring that the CIE operates transparently, inclusively, and with a strong sense of accountability. By
clearly defining these principles, the CIE can build a foundation that aligns with its mission and values,
fostering trust and collaboration among all stakeholders.
2. Establish a Customized Governance Framework The governance framework for the CIE must be
tailored to address the unique needs and priorities of the Fresno community.This involves developing a
structure that accommodates local dynamics and stakeholder expectations. A customized governance
framework will ensure that the CIE is responsive and adaptable, providing a solid structure for decision-
making and operational management.
3. Representative Joint Governance Team A key component of the governance framework is the
establishment of a Joint Governance Team.This team will be composed of representatives from various
organizations that share data and utilize the CIE. By involving diverse stakeholders in the governance
process, the CIE can ensure that multiple perspectives are considered, promoting fairness and inclusivity
in its operations.
4. Conflict Resolution Mechanisms Effective governance requires clear mechanisms for resolving conflicts
that may arise between CIE partners. Establishing well-defined conflict resolution processes will help
maintain harmony and collaboration within the CIE.These mechanisms should be transparent and
Fresno CIE - Technical and Operational Plan
November 2024
Page 19
Attachment A
equitable, ensuring that all parties have a fair opportunity to present their concerns and reach mutually
agreeable solutions.
5. Data Stewardship and Privacy The governance model of the CIE must prioritize data stewardship and
privacy, particularly concerning Personally Identifiable Information (PII) and Protected Health Information
(PHI). Implementing stringent data protection measures will safeguard the privacy of individuals and
maintain the integrity of the CIE. This commitment to data stewardship will build trust among participants
and encourage broader participation in the CIE.
6. Legal and Regulatory Compliance Ensuring compliance with legal and regulatory requirements is crucial
for the CIE's credibility and functionality.The governance framework must include mechanisms to monitor
adherence to data sharing frameworks, policies, procedures, and guidelines.Additionally, it should outline
processes for addressing breaches or noncompliance to protect the interests of all CIE participants and
maintain the system's integrity.
7. Regular Governance Review and Adaptation Governance practices must evolve to remain effective and
relevant. Implementing a process for regular review and adaptation of governance practices will ensure
that the CIE continues to meet the changing needs of its participants and the community. Continuous
improvement efforts will help the CIE stay aligned with best practices and emerging trends in data
governance and community information exchange.
Supporting the Technical Framework
The Technical and Operational Plan aims to create a technical foundation for the CIE by addressing the following
areas:
• Infrastructure Development: Establishing a scalable and secure technical infrastructure capable of
handling large-scale data integration and analysis.This includes the design and implementation of user-
friendly interfaces, robust security measures, and scalable data integration services for the ongoing
addition of new CIE partner organizations.
• Data Interoperability: Develop data models which ensure seamless data centralization from diverse
systems through the development of standardized data formats, transformations, and interoperability
protocols. This will facilitate efficient and accurate data sharing among partners.
• Integrating Existing Partner Technologies: Implementing the necessary technological change
management to existing platforms while will support the transaction of data into and out of the CIE
framework.
Data Sharing and Legal Framework
The Fresno CIE will be built upon a comprehensive data-sharing and legal framework designed to facilitate
seamless, secure, and compliant exchange of information among participating entities. This framework is critical
for ensuring that data sharing supports the CIE's objectives while safeguarding the privacy and rights of the
individuals it serves.
Data Sharing
Key Principles
• Transparency: Clear and open communication about data sharing practices, ensuring all partners
understand and agree to the terms of data exchange.
• Inclusiveness: Involving a diverse range of stakeholders in the development and implementation of
data sharing practices to ensure they meet community needs.
Fresno CIE - Technical and Operational Plan
November 2024
Page110
Attachment A
• Accountability: Establishing mechanisms to hold all partners accountable for their role in data sharing,
ensuring adherence to agreed-upon standards and protocols.
Data Integration and Centralization
• Standardized Data Formats: Using common data standards to ensure compatibility and
interoperability across different systems, facilitating efficient data exchange.
• Real-Time Data Sharing: Implementing systems that enable the real-time transmission of critical
information, such as suicide-related health data, to ensure timely interventions by partnering
organizations.
• Secure Data Handling: Employing robust encryption and access control measures to protect data
integrity and confidentiality during transmission and storage.
Legal
Compliance with Regulations
• Data Privacy Laws: Ensuring compliance with federal and state data privacy regulations, such as the
Health Insurance Portability and Accountability Act (HIPAA) and the Family Educational Rights and Privacy
Act (FERPA), to protect the privacy of individuals' health and personal information.
• Consent and Authorization: Establishing processes for obtaining informed consent and authorization for
data sharing from individuals or their legal guardians, as required by law while ensuring an optimized
service delivery model.
Monitoring and Enforcement
• Regular Audits: Conducting regular audits of data sharing practices and systems to ensure compliance
with legal and regulatory requirements and to identify areas for improvement.
• Continuous Improvement: Implementing a process for continuous review and adaptation of data
sharing and legal practices to keep pace with evolving legal standards and community needs.
Fresno CIE - Technical and Operational Plan
November 2024
Page111
Attachment A
Background
Partnership and Technical Discovery
From November 2023 to August 2024, a comprehensive review was conducted to assess the feasibility of
developing a Community Information Exchange (CIE) in Fresno County. This discovery process encompassed
extensive stakeholder engagement, the identification of pilot initiatives, the establishment of key success criteria,
and the early definition of governance structures. Key activities included:
1. Stakeholder Engagement: Broad efforts were made to engage key stakeholders across various sectors,
including healthcare, social services, education, and community organizations. More than 100 organizing
sessions were convened, working with key stakeholder groups to organize implementation of the Fresno
County CIE.This engagement was crucial for understanding the needs, expectations, and potential
contributions of different partners.
2. Identification of Pilot Initiatives: Two pilot initiatives were identified to serve as the initial focus for the
CIE development.These initiatives were chosen based on their potential impact, feasibility, and capacity
to provide a solid framework from which to scale future work.
3. Establishment of Success Criteria: Key success criteria for early phases of the CIE development were
established to guide the project and measure its progress.These criteria include technical feasibility,
stakeholder participation, data integration capabilities, and improved service delivery outcomes.
4. Early Definition of Governance: An early governance framework was defined to ensure clear roles,
responsibilities, and decision-making processes. This includes the development of a cross-sector CIE Core
Team which drives operational and stakeholder engagement work.
5. Selection of Partners: Partners for the first phase of the CIE development were carefully selected based
on their readiness, capabilities, and strategic alignment with the CIE's goals. These partners include
healthcare providers, social services agencies, and educational institutions.
6. Technical Interviews and Convening Workgroups: Individual and group interviews were conducted
with selected partners to gather detailed insights into their technical systems, data management
practices, and collaborative potential.These interviews helped identify technical requirements and
integration challenges, and were supported by convening CIE Workgroups.
7. Development of the Technical and Operational Plan: The findings from the discovery process and
workgroups culminated in the development of the Fresno County CIE Technical and Operational Plan
(TOP). The TOP provides a detailed roadmap for the implementation, management, and sustainability of
the Fresno County CIE, outlining the necessary infrastructure, data workflows, governance structures, and
operational procedures.
Through this thorough discovery process, the foundation has been laid for a successful and impactful CIE in
Fresno County, aimed at enhancing service delivery and improving outcomes for the community.
Fresno CIE - Technical and Operational Plan
November 2024
Page112
Attachment A
Approaches to Pilot Implementation
Home Visitation
The Home Visitation pilot aims to improve the overall efficiency and impact of these vital services in Fresno
County. In early phases of this pilot, four data systems will be interconnected to test the feasibility of
interoperability and the impact of releasing new data to home visitation workers in the field.As data are updated
between these partner systems, they will automatically feed to the CIE central hub, allowing for the seamless
delivery of new and novel data into case records, which will enrich available data with the potential to optimize
service delivery. Initial partners will include Fresno County Department of Public Health, Fresno County
Department of Social Services, and Fresno County Superintendent of Schools.
Youth Suicide Prevention
The Youth Suicide Prevention pilot will be designed to test the initial technical and workflow feasibility of
delivering real-time alerts to partner organizations which will initiate enhanced wrap around support for youth in
critical need. Trigger data such as 5150 holds (involuntary admissions) will be securely delivered from participating
healthcare partners to appropriate school district support staff and behavioral health experts. Initial partners
include Fresno County Department of Behavioral Health, Central Unified School District, Sanger Unified School
District, Manifest MeclEx Health Information Exchange, and select Fresno County healthcare providers.
Partner Organizations and Roles
Home Visitation
Partner Overview: Fresno County Department of Public Health (FCDPH)
The Fresno County Department of Public Health (FCDPH) is dedicated to protecting and promoting the health and
well-being of all Fresno County residents. The department provides a wide range of services aimed at improving
public health outcomes, including immunizations, disease prevention and control, maternal and child health
programs, environmental health services, and health education initiatives. FCDPH also plays a critical role in
responding to public health emergencies and maintaining preparedness for natural and man-made disasters.
Through its comprehensive public health programs and services, FCDPH strives to create a healthier, safer
community for all residents.
The Fresno County Department of Public Health (FCDPH) is a pivotal partner in the Fresno County Community
Information Exchange (CIE) Home Visitation Pilot. FCDPH contributes essential health data related to maternal and
child health, immunizations, and developmental screenings. By integrating this data into the CIE, FCDPH enhances
the unified case management system, facilitating coordinated care and timely interventions for families. The
department also ensures compliance with stringent data privacy regulations, safeguarding the integrity and
confidentiality of shared information.Through its involvement, FCDPH aims to improve health outcomes and
support the well-being of children and families in Fresno County.
FCDPH Role in the Home Visitation Pilot
FCDPH is a pivotal partner in the CIE Home Visitation Pilot, providing the central technical and staffing assets to
drive initial stages of the pilot. Home Visitation workers currently have limited access to key social services data,
and the pilot will support enhanced access to case data related to the individuals they serve. Access to these
enhanced case files will require workflow modifications for staff such as Public Health Nurses. The involvement of
Fresno CIE - Technical and Operational Plan
November 2024
Page113
Attachment A
FCDPH is crucial for ensuring the pilot's success, given its extensive experience and resources in Home Visitation
services.
Responsibilities and Contributions (Proposed, subject to approval)
Data Integration and Sharing
• Health Data Contribution: FCDPH will contribute essential home visitation data related to maternal
and child health, referrals, and developmental screenings. This data will be integrated into the CIE,
allowing for more comprehensive case management and coordinated care.
• Secure Data Sharing: Ensuring that all health data shared is compliant with HIPAA and other relevant
privacy regulations, FCDPH will employ security measures to protect the integrity and confidentiality
of the information.
Monitoring and Evaluation
• Outcome Tracking: Monitoring home visitation outcomes and service utilization for individuals and
families participating in the pilot. FCDPH will track key metrics determined by the Workgroup.
• Feedback Loop: Providing regular feedback to the CIE Core Team and Workgroups on the
effectiveness of the pilot, identifying areas for improvement, and contributing to the continuous
enhancement of the system.
Integration and Data Flow
The integration and data flow process for FCDPH involves several key steps:
• Trigger Release of Health Data: FCDPH will trigger the release of relevant health data from its
electronic health record (EHR) systems and other data sources to maintain an up-to-date Master
Person Index for matching against other data sources.
• Channel Data to CIE: Transmit the released data to the CIE's secure platform, ensuring that the
data flow is timely, accurate, and compliant with all legal and regulatory requirements.
• Data Matching: The CIE will match FCDPH data against the existing directory, adding new
records or assigning records in transit an existing Unique ID.
• Import and Update Records: The CIE will push updates from other data systems to the FCDPH
data system, appending and enriching case records with data from other sources not native to
the FCDPH system.
Partner Overview: Fresno County Department of Social Services
The Fresno County Department of Social Services (FCDSS) is committed to enhancing the quality of life for
individuals and families in Fresno County by providing essential social services and support programs. FCDSS
administers a variety of programs designed to assist those in need, including CalWORKs (California Work
Opportunity and Responsibility to Kids), CalFresh (nutrition assistance), and Medi-Cal (healthcare coverage). The
department also offers services related to child welfare, adult protective services, and employment assistance.
Through these programs, FCDSS aims to promote self-sufficiency, protect vulnerable populations, and improve
the overall well-being of the community.
FCDSS Role in the Home Visitation Pilot (Proposed, subject to approval)
FCDSS is considering how it may support early phases of the Home Visitation Pilot by providing workers in the
field with enriched data such as Medi-Cal eligibility and access to services such as CalWORKS and CalFresh,
improving the overall efficiency and effectiveness of Fresno's homes visitation services. The involvement of FCDSS
is vital for ensuring that home visitors have access to comprehensive social services data, empowering them to
better serve families in need.
Fresno CIE - Technical and Operational Plan
November 2024
Page114
Attachment A
Potential Responsibilities and Contributions
Data Integration and Sharing
• Social Services Data Contribution: FCDSS can provide data from their locally hosted system which
houses critical data from the California Statewide Automated Welfare System (CaISAWS) related to
CaIWORKs, CalFresh, and Medi-Cal. This information may be integrated into the CIE to facilitate a
holistic understanding of a family's needs by partnering organizations and team members.
• Secure Data Sharing: Ensuring that all data shared is compliant with relevant privacy regulations,
including safeguarding personally identifiable information (PII) and protected health information
(PHI). FCDSS will offer robust security protocols to protect the integrity and confidentiality of the
data.
Empowering Home Visitors
• Enhanced Information Access: Providing home visitors with access to detailed information about
the families they serve, including their eligibility for and access to social services. This will enable
home visitors to offer more informed and effective support.
• Service Clarity: Developing clarity around families' access to services and Medi-Cal eligibility,
helping home visitors to guide families through the process of accessing benefits and support
services.
Monitoring and Evaluation
• Continuous Improvement: Providing feedback to the CIE Core Team and Workgroups on the
effectiveness of data integration and service delivery, identifying areas for improvement, and
contributing to the ongoing enhancement of the system.
Integration and Data Flow
The integration and data flow process for FCDSS involves several key steps:
• Capture Social Services Data: FCDSS can capture relevant data from CaISAWS related to
CaIWORKs, CalFresh, and Medi-Cal within their local system.This data will provide insights into the
socioeconomic status and needs of families.
• Channel Data to CIE: Transmit the triggered data to the CIE's secure platform, ensuring timely,
accurate, and compliant data flow. This step is crucial for integrating social services information with
other data sources within the CIE.
• Data Matching and Case Management: The CIE will match social services data against the panels
of families enrolled in the home visitation programs.This matching process will help identify families
who can benefit from coordinated services and interventions.
• Triggering Alerts and Interventions: When specific needs or eligibility issues are identified, the CIE
can trigger alerts to relevant home visitors and case managers within FCDSS and partner
organizations. These alerts will enable timely and targeted support for families.
Partner Overview: Fresno County Superintendent of Schools
The Fresno County Superintendent of Schools (FCSS) is dedicated to ensuring educational excellence and
fostering academic success for all students in Fresno County. FCSS provides leadership, resources, and support to
the county's public schools, working collaboratively with school districts to enhance educational programs and
services.The office offers a wide range of services, including professional development for educators, special
education support, curriculum development, and technology integration. FCSS also oversees various student
programs aimed at improving academic achievement and preparing students for college and career readiness.
Through its commitment to quality education, FCSS strives to empower students, educators, and communities to
achieve their highest potential.
FCSS Role in the Home Visitation Pilot (Proposed, subject to approval)
FCSS will play a crucial role in testing the feasibility and efficacy of automating the delivery of reporting data from
Fresno CIE - Technical and Operational Plan
November 2024
Page115
Attachment A
the Fresno County Department of Public Health (FCDPH) into their Apricot 360 data system, streamlining data
management and improving service coordination.
Responsibilities and Contributions
Data Integration and Sharing
• Automated Data Delivery: FCSS will support the automation of reporting data from FCDPH
regarding home visitation services. This data will be seamlessly integrated into the Apricot 360 data
system used by FCSS, enhancing data accessibility and usability.
• Secure Data Handling: Ensuring that the data transfer process is secure and compliant with all
relevant privacy regulations, protecting the integrity and confidentiality of sensitive information.
Enhancing Service Coordination
• Data-Driven Decision Making: Providing educators and service providers with access to data,
allowing for more informed decision-making and targeted interventions to support the well-being
of children and families.
Monitoring and Evaluation
• Continuous Improvement: Offering feedback to the CIE Core Team and Workgroups on the
effectiveness of data integration and service coordination, helping to identify areas for improvement
and contribute to the ongoing enhancement of the system.
Integration and Data Flow
The integration and data flow process for FCSS involves several key steps:
• Capture Home Visitation Data: FCDPH will capture detailed data on home visitation services,
including health screenings, developmental assessments, and support provided to families.
• Automate Data Transfer: The CIE will automate the delivery of this data into FCSS' instance of the
Apricot 360 data system, ensuring timely and accurate data integration.This process will minimize
manual data entry and reduce the potential for errors, and test this automation process for future
phases of development.
Youth Suicide Prevention
Partner Overview: Manifest MedEx (MX)
Manifest MedEx (MX) is a leading Health Information Exchange (HIE) in California, dedicated to improving
healthcare outcomes through enhanced data sharing and collaboration among healthcare providers. MX provides
a secure platform for exchanging health information, enabling providers to access critical patient data, improve
care coordination, and enhance clinical decision-making.
MX Role in the Fresno CIE Youth Suicide Prevention Pilot
As a proposed backbone technology supporting early phases of the Fresno CIE Youth Suicide Prevention pilot,
Manifest MedEx will play a crucial role in facilitating timely and actionable data sharing between healthcare,
educational, and behavioral health partners.The primary responsibilities of MX in this pilot include:
• Ingesting Diagnosis Code Data: MX collaborates with healthcare partners to ingest data related to
diagnosis codes such as T14.91 (suicide attempt and interrupted attempt); Z91.5 (personal history of
suicide attempt(s); R45.851 (suicidal ideation) which serve as critical triggers for identifying at-risk youth in
real-time.
• Data Matching: MX matches the trigger data against the panels of participating CIE partners. These
panels are directories of individuals affiliated with the receiving organizations, such as students enrolled in
a CIE Partner school district.
Fresno CIE - Technical and Operational Plan
November 2024
Page116
Attachment A
• Transmitting Alerts: When a match is identified, MX sends an alert to the relevant partner organization.
By leveraging its data integration and alerting capabilities, Manifest MeclEx will enhance the ability of educational
and behavioral health partners to respond quickly and effectively to potential suicide risks, thereby supporting the
overall goal of the Youth Suicide Prevention pilot to safeguard and improve the mental health of school-age
youth in Fresno County.
Healthcare Systems as Catchment for Trigger Data
The healthcare systems participating in development of the Fresno CIE Youth Suicide Prevention pilot will
encompass a diverse array of hospitals and care centers throughout Fresno County. These institutions will play a
pivotal role in capturing and channeling relevant diagnosis code data into Manifest MedEx's (MX) system in real-
time. By integrating data from their respective Electronic Health Records (EHRs), these healthcare providers can
ensure timely and accurate data flows, facilitating rapid response and intervention for at-risk youth.
Participating Healthcare Systems (Proposed)
• Clovis Community Medical Center - Clovis
• Community Regional Medical Center - Fresno
• Exodus Adult CSC
• Exodus Youth CSC
• Kaiser
• St. Agnes
• Reedley Adventist Health
• Coalinga
• Selma Adventist Health
• Valley Children's Hospital
Partner Overview: Sanger and Central Unified School Districts
Sanger Unified School District (SUSD) and Central Unified School District (CUSD) will play pivotal roles in early
phases of development by receiving and acting upon real-time alerts related to at-risk students. These education
partners have indicated a lack of real-time access to data on student behavioral health and support the
development of CIE data integration to provide more comprehensive wraparound supports to students and their
families in times of need.
The integration and data flow process for SUSD involves the following steps:
• Panel Creation:The districts will maintain a directory of students enrolled in the district. This directory,
known as a panel, will be integrated with Manifest MedEx's (MX) system to enable data matching.
• Receiving Alerts: When a diagnosis code is captured and transmitted to MX by participating healthcare
systems, MX will match the data against the district's student panel.
• Alerts: If a match is found, MX will transmit an alert to designated district staff.
• Timely Interventions: Upon receiving the alert, the districts can quickly identify the at-risk student and
coordinate with appropriate educational and behavioral health resources to provide timely support and
intervention, aiming to prevent potential crises and ensure the student's well-being.
By collaborating closely with MX and integrating into the CIE, these CIE partners enhance their ability to respond
swiftly to mental health crises, thereby safeguarding the well-being of its students and contributing to the
broader objectives of the Youth Suicide Prevention pilot.
Fresno CIE - Technical and Operational Plan
November 2024
Page117
Attachment A
Partner Overview: Fresno County Department of Behavioral Health
The Fresno County Department of Behavioral Health (FCDBH) is dedicated to providing comprehensive mental
health and substance use disorder services to the residents of Fresno County. FCDBH offers a wide range of
programs and resources aimed at improving the mental health and overall well-being of individuals and families.
The department provides services across various settings, including outpatient clinics, residential treatment
facilities, and community-based programs.
Members of the FCDBH team have highlighted the importance of effective communication among various
agencies such as schools, behavioral health organizations, social services, and public health in supporting
community needs.They noted that they currently lack a system to track the movement of the people they serve,
particularly in relation to suicide prevention projects. Workgroup team members discussed the need for
improvement in data management and communication systems to foster future collaboration and effective
support for Fresno County residents.
Key Services and Programs
• Mental Health Services: FCDBH offers assessment, counseling, therapy, and psychiatric services for
individuals experiencing mental health issues. This includes support for conditions such as depression,
anxiety, bipolar disorder, and schizophrenia.
• Substance Use Disorder Services: The department provides treatment and recovery programs for
individuals struggling with substance use disorders, including detoxification, residential treatment,
and outpatient support.
• Crisis Intervention: FCDBH operates crisis intervention services, including a 24/7 crisis hotline,
mobile crisis response teams, and emergency psychiatric services to support individuals in acute
mental health crises.
• Prevention and Early Intervention: FCDBH focuses on prevention and early intervention programs
designed to address mental health and substance use issues before they escalate. This includes
educational outreach, community workshops, and early screening initiatives.
• Support Services: The department offers a range of support services, including case management,
peer support, housing assistance, and vocational training to help individuals achieve stability and
improve their quality of life.
FCDBH Role in the Youth Suicide Prevention Pilot
The Fresno County Department of Behavioral Health (FCDBH) is an important partner in the CIE Youth Suicide
Prevention Pilot. As a recipient of alerts from Manifest MeclEx (MX), FCDBH will play a significant role in
responding to the immediate needs of children at risk of suicide or experiencing severe mental health crises. This
partnership is essential for ensuring that timely and appropriate behavioral health interventions are provided to
vulnerable youth.
Responsibilities and Contributions
Integration and Data Flow
The integration and data flow process for FCDBH involves several key steps:
• Alert Reception: FCDBH will receive real-time alerts from MX when a 5150 hold is placed on a
youth.These alerts will be promptly delivered to designated staff members.
• Data Utilization: FCDBH will utilize the alert information, along with any additional data provided,
to assess the situation and determine the most appropriate response. This may include coordinating
with other service providers to ensure a holistic approach to care.
• Coordinated Care: Ensuring that all relevant information is shared with necessary team members
and partners to facilitate a coordinated response.This ensures that all parties involved have the
Fresno CIE - Technical and Operational Plan
November 2024
Page118
Attachment A
information needed to provide effective support and intervention.
Overview of Data Systems and Platforms
Home Visitation
Overview
There are a broad array of case management and other data systems in use across Fresno County's home
visitation landscape. Early phases of CIE development will integrate a representative and high-impact sample of
these systems to develop the foundation for universal case management, which will include myAvatar and CCS
Community Health Record System, managed by the Department of Public Health; CaISAWS (by way of a locally
hosted instance of Data Service), managed by Department of Social Services; and Apricot 360, managed by the
Fresno County Superintendent of Schools.
myAvatar
myAvatar is an enterprise electronic health records system currently in use by the Fresno Department of Public
Health (DPH) for case management, reporting, and as a staging area for delivering mandatory reporting to other
data systems. It is the central clearing house for all home visitation data managed by DPH.
instanceConsiderations for CIE Integration: Fresno County's of myAvatar is hosted . premises by
the Department of Public Health and does not have an active API gateway,which limits its use for
incorporation into the CIE platform without technical rework. There several options for development of
this integration gateway described within the technical sections of the TOP.
Fresno Department of Social Services Data Systems
The Fresno Department of Social Services (DSS) manages local databases with a suite of tools, technologies, and
applications designed to help organizations collect, analyze and present business data. It encompasses a range of
products that enables users to gather, process and visualize data from various sources. Amongst other use cases,
DSS uses their data systems to push and pull data from the California Statewide Automated Welfare System
(CaISAWS).
CaISAWS is a case management system providing CaIWORKs, CalFresh, Medi-Cal, Foster Care, Refugee Assistance,
County Medical Services Program, and General Assistance/General Relief to children, families, and individuals
across all California counties. It encompasses the following functions: eligibility determination, benefits
calculation, benefits issuance, and information management.
robustConsiderations for CIE Integration: DSS has a ..
require engagement and approval from senior leadership for their use.
Fresno CIE - Technical and Operational Plan
November 2024
Page119
Attachment A
Apricot 360 (Bonterra Impact Management)
Apricot 360 is an enterprise system designed for small to mid-sized nonprofit organizations.Apricot software is an
all-in-one platform that is built around the ability to allow organizations to self-define and customize their
datasets, reporting, and dashboards to best suit their organization's mission. The Apricot platform is in use by
multiple home visitation programs across Fresno County.
Considerations for CIE Integration:The high degree of custornization between each instance of
the Apricot platform deployed in Fresno County will require either agreement among CIE partners
to adhere to strict data standards or for the CIE system to accommodate customized data
transformations.Apricot 360 is notcapable of • or • API calls on own, and
instead relies on 3rd-party systems such as Workato or Zapier. Integration of any local Apricot
instance into the CIE will require the addition of these 3rl-party API services.
CCS Community Health Record (CHR) System
The CHR is an EHR developed with data interoperability as a key central component. Key functionalities of the
product are focused on providing a complete view of a client's information at all stages of engagement in order
maximize the positive outcome for the individual. Fresno Department of Public Health has 150 end users and
more than 2000 clients in the system with relatively low levels of traffic.
involveConsiderations for CIE Integration: CHR is designed for seamless integration into existing data
systems.As a 3 rd-party product, legal agreements will be needed for its incorporation into the CIE
which may revisions to existing
Youth Suicide Prevention
Overview
Suicide prevention is a complex and multifactor issue with a number of existing initiatives operating within the
Fresno County landscape. Early phases of the CIE will focus on developing a streamlined early-alert system
designed to send confidential messages to recipient organizations when a diagnosis code is entered into
participating healthcare organizations' electronic health record systems.This pilot system will integrate diagnosis
code data from existing healthcare system EHRs in the Manifest MedEx platform, match these data against panels
submitted by partners receiving alerts, and submit a alert to the receiving partner. There are multiple existing data
systems operating within this current ecosystem.
Manifest MedEx Health Information Exchange
Manifest MedEx (MX) is a comprehensive health information exchange (HIE) system designed to facilitate the
seamless and secure sharing of healthcare data among various stakeholders, including hospitals, clinics, and
public health organizations. The system integrates and aggregates patient data from multiple sources, providing a
centralized platform for real-time access to medical records, lab results, and care coordination information. MX
employs advanced data security and privacy measures to ensure compliance with regulatory standards and
protect patient confidentiality. By offering interoperability features and analytics capabilities, MX enhances clinical
decision-making, improves patient outcomes, and supports public health initiatives.
Fresno CIE - Technical and Operational Plan
November 2024
Page 120
Attachment A
providesConsiderations for CIE Integration:The IVIX data system proven . .. -
ingestion, integration, and delivery of electronic health records. These capabilities will need to be
assessed for ingestion, integration, and management of FERPA-protected student records, resultingin - potential ..-
Sanger Unified: PowerSchool
PowerSchool is a leading student information system (SIS) widely used by educational institutions to manage and
streamline various administrative tasks and student data. PowerSchool provides a comprehensive platform that
integrates student records, attendance, grades, and other essential information, facilitating efficient data
management and improving educational outcomes.
Considerations for CIE Integration:While PowerSchool offers a wide array of data integration
capabilities, SLISID team members will --. to configure the system to meet theirinternal
administrative requirements and to satisfy the agreed-upon needs of the CIE partnership, such as
the frequency of panel updates and the ingestion of key data fields.
Central Unified:Aeries Student Information System
Aeries Student Information System (SIS) is a comprehensive and user-friendly platform designed to manage and
streamline student data for K-12 educational institutions. It offers a wide range of features, including student
enrollment, attendance tracking, grade reporting, and assessment management. Aeries SIS supports seamless
communication between teachers, administrators, parents, and students through its integrated portals,
enhancing engagement and collaboration.The system's robust reporting and analytics tools enable educators to
monitor student performance, identify trends, and make data-driven decisions to improve educational
outcomes.With its emphasis on data security and compliance, Aeries SIS ensures the confidentiality and
integrity of student information, making it a trusted solution for schools seeking to enhance their administrative
efficiency and educational effectiveness.
Considerations for CIE Integration:While Aries offers a wide array of data integration capabilities,
CUSID team members - the system to meet their -
requirements and to satisfy the agreed-upon needs of the CIE partnership, such as the frequency of
panel updates - fields.
Smart Care
SmartCare EHR is a comprehensive electronic health record system designed to support behavioral health and
human services organizations.This advanced platform facilitates the seamless management of patient
information, including clinical documentation, treatment plans, medication management, and appointment
scheduling. SmartCare EHR is tailored to meet the unique needs of behavioral health providers, offering
specialized features such as progress notes, care coordination, and outcome tracking. With robust interoperability
capabilities, SmartCare EHR ensures secure data sharing across various healthcare settings, enhancing care
continuity and collaboration among providers.Additionally, its intuitive interface and customizable workflows
improve efficiency and usability for clinicians, ultimately contributing to better patient outcomes and streamlined
administrative processes.
Fresno CIE - Technical and Operational Plan
November 2024
Page 121
Attachment A
Considerations for CIE Integration:The Smart Care system has not been assessed for technical
integration into the CIE.
Electronic Health Record Systems
There are a variety of Electronic Health Record Systems (EHRs) in use by healthcare organizations. Electronic
Health Records (EHRs) are digital versions of patients' paper charts used within healthcare systems to streamline
the management and sharing of patient information. EHR systems capture comprehensive patient data, including
medical histories, diagnoses, medications, treatment plans, immunization dates, allergies, radiology images, and
laboratory test results. By providing real-time, patient-centered records accessible to authorized healthcare
providers, EHRs facilitate coordinated and efficient care delivery. Key EHR systems used within healthcare include
Epic, Cerner, Allscripts, and Meditech, each offering robust features for clinical documentation, order entry,
decision support, and reporting.These systems enhance the quality of care, improve patient outcomes, and
ensure compliance with regulatory standards, all while maintaining the security and confidentiality of sensitive
patient information.
methodConsiderations for CIE Integration: EHR systems have mandatory integration capabilities.The
of 1 hold delivery will rest on -• - of • healthcare
partners and agreed-upon standards set with MX
Impact of Legislation on CIE Development
California's AB 133 Bill
California Assembly Bill 133, enacted in 2021, is a comprehensive health care legislation aimed at
improving the state's health care delivery and data infrastructure. Key components of AB 133
include:
1. Health Data Sharing and Exchange: Mandating the establishment of a statewide health
information exchange (HIE) network to facilitate the secure sharing of health data among
providers, payers, and patients.
2. Data Exchange Framework: Requiring the development of a standardized data exchange
framework to ensure interoperability among various health IT systems.
3. CaIAIM (California Advancing and Innovating Medi-Cal) Initiatives: Supporting the
integration of Medi-Cal services with broader health and social services, promoting whole-
person care.
4. Equity and Access: Focusing on health equity by improving access to quality care for
underserved and vulnerable populations through better data collection and analysis.
Impact on Community Information Exchanges in California
The implementation of AB 133 is poised to significantly enhance the landscape for community
information exchanges (CIEs) in California in several ways:
1. Enhanced Interoperability: The standardized data exchange framework mandated by AB
133 will improve the interoperability between CIEs and other health IT systems, enabling
Fresno CIE - Technical and Operational Plan
November 2024
Page 122
Attachment A
seamless sharing of health and social service data across different organizations and
platforms.
2. Increased Data Integration: By promoting the integration of health, social, and Medi-Cal
services, AB 133 will enable CIEs to provide more comprehensive and coordinated care. This
integration will facilitate a holistic approach to addressing the needs of individuals,
particularly those from underserved communities.
3. Improved Data Accessibility: The establishment of a statewide HIE network will ensure
that data collected by CIEs is more readily accessible to health care providers, payers, and
patients.This accessibility will lead to better-informed decision-making and more effective
interventions.
4. Focus on Health Equity: AB 133's emphasis on health equity and improved access to care
for vulnerable populations will empower CIEs to better serve these communities by
leveraging enhanced data capabilities to identify and address disparities in health
outcomes.
5. Support for Whole-Person Care: The alignment with CaIAIM initiatives will encourage CIEs
to adopt a whole-person care approach, integrating physical health, behavioral health, and
social services to provide comprehensive support for individuals' overall well-being.
Overall, AB 133 is expected to strengthen the role of community information exchanges in
California, enabling them to play a critical part in the state's efforts to improve health outcomes and
promote health equity.
California Senate Bill (SB) 929: Overview and Impact on S1 SO Hold Data for Suicide
Prevention
SB 929, introduced in February 2022 and in effect on January 1, 2023„ focuses on expanding the
state's response to mental health crises, including refining the protocols for involuntary psychiatric
holds under section 5150 of the California Welfare and Institutions Code. A "5150 Hold" allows
individuals experiencing a mental health crisis and posing a danger to themselves or others to be
held involuntarily for up to 72 hours for assessment, evaluation, and crisis intervention.
SB 929 aims to improve transparency, data collection, and coordination across state and local
agencies, with an emphasis on mental health outcomes. It seeks to enhance how agencies collect
and share data related to mental health holds, crisis services, and psychiatric care, and to ensure
that data can be used to inform policy, prevention efforts, and care coordination.
Impact on Fresno CIE's Suicide Prevention Pilot
The Fresno Community Information Exchange (CIE) is exploring the use of data from 5150 holds to
inform a suicide prevention pilot, aiming to better identify and support individuals at risk. SB 929
presents several key opportunities for leveraging 5150 hold data:
1. Improved Data Access and Sharing: SB 929 supports the sharing of 5150 hold data
between health and community-based organizations while ensuring privacy protections.
This creates an opportunity for the Fresno CIE to access more comprehensive data on
individuals in crisis and integrate it into the CIE system, improving care coordination and
timely interventions for those at risk of suicide.
Fresno CIE - Technical and Operational Plan
November 2024
Page 123
Attachment A
2. Enhanced Coordination Across Systems: The bill encourages collaboration between
mental health agencies, hospitals, law enforcement, and community-based organizations.
Fresno CIE can use this coordination to establish partnerships with stakeholders that handle
5150 holds, allowing them to identify high-risk individuals and provide appropriate support
through the CIE platform.
3. Ethical Data Use for Prevention: While SIB 929 facilitates better data sharing, it also
reinforces strict privacy and ethical guidelines. For the Fresno CIE, this means using 5150
hold data responsibly, ensuring consent where appropriate, and using aggregated or de-
identified data for prevention purposes, reducing suicide risk in a manner compliant with
California's privacy laws.
4. Pilot for Early Intervention: With enhanced data access, the Fresno CIE can identify
patterns or trends in 5150 holds that signal a heightened suicide risk, enabling early
intervention and outreach as part of the suicide prevention pilot. This can lead to more
proactive, targeted support for individuals before they experience another crisis.
In summary, SB 929 enhances Fresno CIE's ability to use 5150 hold data ethically and effectively for
suicide prevention, enabling the pilot program to provide timely support and coordination of care
for individuals in crisis.
Conclusion
This thorough understanding of the Fresno County community ecosystem, as it relates to
developing a CIE, enables the partnership to address the unique needs and challenges of diverse
stakeholder community, ensuring that the CIE is poised to deliver significant improvements in data
sharing, service coordination, and ultimately, community health outcomes.As we move forward with
the implementation of the CIE, this background will serve as a critical reference point, guiding our
technical and operational decisions and ensuring alignment with our overarching mission and goals.
Fresno CIE - Technical and Operational Plan
November 2024
Page 124
Attachment A
Technical & Operational Plan
This section outlines proposed technical architecture, operational processes, governance structures, and legal
frameworks that will support the effective integration and management of data across various participating
organizations. By establishing clear guidelines and protocols, the TOP ensures that the CIE operates securely and
efficiently, ensuring a high likelihood of success for Phases 1 and 2 of CIE development and enhancing the
prospect of improved service delivery and outcomes for the residents of Fresno County.
Plan Overview
To meet the requirements for Fresno CIE in achieving key results for the children and families of Fresno County,
the Technical and Operational Plan takes a data centralization perspective (see Figure 1). This data centralization
concept is designed with the following high-level approach:
1. Existing primary data Systems of Origin for the CIE partners will need approval for release of data
for integrate into the CIE Framework and permanent storage and use by the third-party data system
vendor.
2. A standalone integration system (CIE)will be developed to support and facilitate information
centralization from these primary systems.
3. System governance will need to be developed, maintained, and evolved by the CIE partners to
ensure the Fresno CIE continues to drive effective and secure utilization of the common platform.
• Household Information Avatar Centralization . Medi-Cal
m
• Referrals and follow-up my Avatar DSS Data . CalFresh
• Case Management System CalWORKS
• Location
(FCDPH) (CIE)
(FCDSS)
Enabling Functionality for:
• Enriched Case Files
• Ongoing System Integration
• Provider Communications
Figure 1:Centralized Data Exchange Example Diagram
Fresno CIE - Technical and Operational Plan
November 2024
Page 125
Attachment A
System Features, Requirements and Considerations
Development of the Integrating System will require the features, requirements, and considerations below:
Technical and Operational Plan Considerations
Features, Requirements, . Considerations
Data Management Data segregation
• Agreements needed: Service Level Agreements(SLAB),Data Sharing Agreements(DSAs),etc.
• Scalability
Data Security 0 Disclosure
• Data Backup
• Data Archiving for Security
• Disposal of Data
• Location Security
• Redundant Utilities
• Data Encryption(at rest and in transit)
Data Retention • Statutory and policy/practices concerning length of time different types of information
(including PII and PHI)is retained by various entities
Data Flow • Determine data endpoints and how they are to connect
• Entities providing input and output data
• High-level preliminary Data Flow
Data Access&Permissions o Configurable role-based access&permissions
• Single sign on(SSO)supportability and integration
• Authentication(Multi-Factor)and Authorization
Privacy&Protocols 0 Audit Trail History
• Automated Privacy Monitoring
• Protocols to be defined with consideration to:
o Health Insurance Portability and Accountability Act(HIPAA)and 42 Code of Federal
Regulations Part 2(42 CFR Part 2)and exceptions in the event of a medical emergency
o Uniform Health Care Information Act(UHCIA),RCW 70.02
o RCW 39.26.340,which requires DSAs for Cat 3 or higher data(NOTE:this has
cybersecurity implications as well as privacy and is related to Engrossed Substitute
Senate Bill 5432(ESSB 5432)implementation)
o Health Information Technology for Economic and Clinical Health(HITECH)
o Patient,client,or parent consent(when required)
Cybersecurity 0 Ensure compliance with federal and state laws
• Alignment with any rules deemed by the office of cybersecurity in consideration of ESSB 5432
Integration or • Integration with Partner System of Origin
Interoperability 0 Application Programming Interfaces(APIs),API management&Integration
• Use of established data standards for data exchanges whenever able
Data Analytics& 0 Key Performance Indicators(e.g.,Number of Families Engaged;Number of On-time
Performance Metrics Referrals,Linkage Rates,etc.)
Referral System Performance Indicators(e.g.,Family was referred to follow-up services;Family
received follow-up services(e.g.,received referral appointment within 24 hours),Follow-up
with family completed and outcomes documented)
• Custom reporting and dashboards
Hosting Platform Cloud-hosted Platform-as-a-Service(PaaS)where feasible
• Ability to connect to both cloud-based and on-premises systems
Fresno CIE - Technical and Operational Plan
November 2024
Page 126
Attachment A
Solution Architecture 0 Microservices based architecture when possible
• Use APIs to move data between services when possible
• Use flat files to move data only when necessary
Data architecture that aligns with industry best practices and is scalable,enables data analytics
and reporting systems that support real-time monitoring data visualization capabilities
An integration architecture that meets industry standards for security and data exchange and
enables secure,interoperable information exchange of PII and PHI
Liability 0 Liability types
Liability management and mitigation
Data Management
The Technical and Operational Plan will reflect the goals and interests of a Fresno CIE Steering Committee
or similar presiding decisioning body as it is developed through the Governance Framework. In addition, it
will address a variety of data management issues including: what are the systems, users, storage, security,
and documentation needs; and how to ensure data quality and appropriate permissions for data access
(particularly given the sensitive nature of this data). The final data management plan will consider the many
actors and entities who are unique yet interdependent, and the specific data elements that need to be
shared while ensuring data can be appropriately protected and segregated. Activities that will be
undertaken to define needed data management requirements include identifying:
• Data to be transmitted and accessed for different purposes (e.g., support referrals and
coordination in care) and the system users for these purposes
• Data transmission and exchange protocols
• How data will be integrated (matching algorithm, cross system UUID and Master Person Index development,
etc.)
• API's need for integration and API management technology
• Data segregation and segmentation based primarily on:
o data type
o sensitivity associated with the type of data
o type of entry source for future integration considerations
• Identified custom reports and dashboards
Data Security
All data integration solutions will be required to include at a minimum information on:
• Disclosure Policies and Procedures
• Data Backup
• Data Archiving for Security
• Disposal of Data
• Location Security
• Redundant Utilities
• Encryption (at rest and in transit)
Ensuring industry-standard data security is crucial for the integrity and trustworthiness of the Fresno County CIE.
All data integration solutions utilized within the CIE must meet stringent security requirements to protect sensitive
information and maintain compliance with relevant standards. The following outlines the minimum required
components for data security in the CIE.
Fresno CIE - Technical and Operational Plan
November 2024
Page 127
Attachment A
Disclosure Policies and Procedures
• Clear Protocols: Establish and document clear protocols for the disclosure of data, detailing who has
access to what information and under what circumstances data can be shared.
• Consent Management: When needed, ensure that all disclosures comply with consent agreements from
data subjects, including provisions for parental or guardian consent where applicable.
• Incident Reporting: Implement procedures for promptly reporting any unauthorized disclosures or
breaches, including notification to affected parties and regulatory bodies as required by law.
Data Backup
• Regular Backups: Conduct regular backups of all critical data to secure locations, ensuring that data can
be restored in the event of loss or corruption.
• Backup Verification: Implement processes for regularly testing and verifying backups to ensure data
integrity and reliability.
• Offsite Storage: Store backups in offsite locations to protect against physical damage to primary data
centers.
Data Archiving for Security
• Secure Archiving: Archive data securely to protect it from unauthorized access and tampering.Archived
data should be encrypted and stored in compliance with regulatory requirements.
• Retention Policies: Establish clear data retention policies that specify how long data must be archived
and the conditions under which it can be accessed or restored.
Disposal of Data
• Secure Disposal Methods: Implement secure disposal methods for data that is no longer needed,
ensuring that it is irretrievably destroyed. This includes both digital data and physical records.
• Documentation: Maintain documentation of data disposal processes, including records of what data was
disposed of, when, and by whom.
Location Security
• Physical Security Controls: Ensure that data centers and storage locations are secured with physical
controls such as biometric access, surveillance cameras, and security personnel.
• Access Controls: Implement strict access controls to limit physical access to authorized personnel only.
Regular audits should be conducted to ensure compliance.
Redundant Utilities
• Power Redundancy: Ensure that data centers have redundant power supplies, including uninterruptible
power supplies (UPS) and backup generators, to maintain operations during power outages.
• Network Redundancy: Implement redundant network connections to ensure continuous data flow and
access even if one connection fails.
• Cooling and Environmental Controls: Use redundant cooling systems and environmental controls to
protect hardware from overheating and other environmental hazards.
Encryption
• Encryption at Rest: Encrypt all data stored within the CIE to protect it from unauthorized access and
breaches. This includes databases, file systems, and backups.
• Encryption in Transit: Encrypt data transmitted across networks using secure protocols such as TLS/SSL
Fresno CIE - Technical and Operational Plan
November 2024
Page 128
Attachment A
to protect it from interception and tampering.
• Key Management: Implement key management practices to ensure that encryption keys are stored
securely and rotated regularly to maintain data security.
By adhering to these comprehensive data security measures, the Fresno County CIE can ensure the protection of
sensitive information, maintain compliance with regulatory standards, and uphold the trust of all stakeholders.
These protocols provide a solid foundation for secure data integration and management, essential for the
effective and reliable operation of the CIE.
Data Retention
Effective data retention policies are crucial for the management, security, and compliance of the Fresno County
CIE.These policies ensure that data is retained for the appropriate duration, securely stored, and properly
disposed of when no longer needed. The following outlines the key components of the data retention policies for
the CIE.
Purpose and Scope
The data retention policies for the CIE aim to:
• Ensure compliance with legal, regulatory, and organizational requirements.
• Protect sensitive and personal information.
• Support the operational needs of the CIE.
• Facilitate data management and storage efficiency.
These policies apply to all data collected, processed, stored, and shared within the CIE, including health records,
social services data, educational information, and any other personal or sensitive data.
Data Retention Periods
• Legal and Regulatory Compliance: Retain data for the period required by applicable laws and
regulations, including HIPAA, FERPA, and state-specific regulations.
• Operational Needs: Retain data as long as necessary to support the operational and analytical needs of
the CIE and its participating organizations.
• Archival Data: Certain data may be archived for historical analysis and research purposes, subject to
anonymization and compliance with privacy regulations.
Data Storage and Security
• Secure Storage: All data must be stored in secure, access-controlled environments. Encryption must be
used to protect data at rest.
• Access Controls: Implement role-based access controls to ensure that only authorized personnel can
access sensitive data.
• Regular Audits: Conduct regular audits of data storage practices to ensure compliance with retention
policies and security standards.
Data Disposal
• Secure Disposal Methods: Implement secure disposal methods for data that is no longer required.This
includes:
o Digital Data: Use secure deletion tools to permanently erase digital data.
o Physical Records: Shred or incinerate physical records to prevent reconstruction.
• Documentation: Maintain records of data disposal activities, including the type of data disposed of, the
disposal method used, and the date and personnel involved in the disposal.
Fresno CIE - Technical and Operational Plan
November 2024
Page 129
Attachment A
Data Retention Reviews
• Regular Reviews: Conduct regular reviews of data retention practices and policies to ensure they remain
aligned with legal requirements and organizational needs.
• Policy Updates: Update data retention policies as necessary to reflect changes in laws, regulations, or
operational requirements.
Compliance and Accountability
• Responsibility: Designate specific personnel or teams responsible for overseeing data retention practices
and ensuring compliance with these policies.
• Training and Awareness: Provide regular training to all CIE participants on data retention policies, secure
data handling practices, and compliance requirements.
• Incident Management: Implement procedures for managing and responding to incidents related to data
retention, including unauthorized data retention or disposal.
Special Considerations
• Legal Holds: In the event of litigation or legal investigations, suspend normal data disposal processes
and retain relevant data until the legal hold is lifted.
• Parental or Guardian Consent: Ensure that data retention practices involving minors comply with
applicable consent requirements and privacy protections.
The data retention policies of the Fresno County CIE are designed to ensure that data is managed responsibly,
securely, and in compliance with all relevant laws and regulations. By adhering to these policies, the CIE can
maintain the integrity, confidentiality, and availability of data, supporting the needs of its stakeholders while
protecting the privacy and rights of individuals.
Data Access and Permissions
The CIE will require robust role-based access control. Data must be accessible to engage and/or refer children and
families on a need-to-know basis only and in accordance with federal and state law. Policies, procedures, training,
and compliance will be an integral part of maintaining the privacy and security of the technology systems and
platforms.
The following table includes examples of some of the potential roles that could be required for accessing and
using CIE. Each use case and each system integrated into the CIE will be evaluated individually and treated
separately during the development phase.
Sample Roles and Permissions— High Level
Role Description Some Possible Permissions&Data
Access
System Role applied to users requiring full access to analytics, a Full control of reporting&analytics
Administrator/ reporting, users,quality assurance portals,etc. a User management access(add/delete users,
Security assign any role or data restriction).
Administrator/ Ability to grant administrator permissions to
Business Analyst users
• Read/Write/Delete permissions
Fresno CIE - Technical and Operational Plan
November 2024
Page 130
Attachment A
Program Manager Role applied to registered providers of data Access to programmatic data to
or similar role understand performance of program
Policy Makers Decision-makers that only need access to aggregated 0 Access to high-level visualizations
data visualizations with no risk of exposing PII or PHI
Individual Public-facing data 0 Access to public-facing website
County Authorized Job Specialists 0 Access to send and/or view referrals and
Representatives check for status updates
Privacy & Protocols
Ensuring the privacy and security of data within the Fresno County CIE is paramount.This section outlines the key
privacy considerations and protocols that govern the handling, sharing, and protection of sensitive information
within the CIE. By adhering to these standards, the CIE aims to maintain the highest levels of trust, compliance,
and data integrity.
Key Privacy Principles
1. Confidentiality: Ensure that all personal and sensitive information is accessible only to authorized
individuals and organizations.This includes implementing robust access controls and encryption
protocols.
2. Integrity: Maintain the accuracy and consistency of data throughout its lifecycle.This involves regular
audits, validation checks, and error handling mechanisms to prevent unauthorized alterations.
3. Availability: Guarantee that data is accessible to authorized users when needed. This involves
implementing redundancy, backup solutions, and disaster recovery plans.
4. Transparency: Provide clear and comprehensive information to all stakeholders about how their data is
being used, shared, and protected. This includes detailed privacy notices and regular updates on data
practices.
Data Handling Protocols
1. Data Collection:
o Collect only the minimum necessary data required for the specific purpose.
o Ensure data collection methods comply with relevant legal and regulatory requirements.
2. Data Storage:
o Store data in secure, access-controlled environments.
o Use encryption to protect data at rest and in transit.
3. Data Access:
o Implement role-based access controls to restrict data access to authorized personnel only.
o Use multi-factor authentication to enhance security for accessing sensitive data.
4. Data Sharing:
o Share data only with authorized partners and for specific, predefined purposes.
o Ensure that data sharing agreements are in place with all partners, outlining the terms and
conditions of data use.
5. Data Retention and Disposal:
o Retain data only for as long as necessary to fulfill its intended purpose.
o Implement secure disposal methods to ensure that data is irretrievably deleted when no longer
needed.
Fresno CIE - Technical and Operational Plan
November 2024
Page 131
Attachment A
Compliance with Legal and Regulatory Standards
1. HIPAA Compliance:
o Ensure all data handling practices comply with the Health Insurance Portability and Accountability
Act (HIPAA) to protect health information.
2. FERPA Compliance:
o Adhere to the Family Educational Rights and Privacy Act (FERPA) regulations to protect
educational records.
3. State and Local Regulations:
o Comply with California state privacy laws and any local regulations governing data privacy and
security.
4. Welfare Institution Codes (WIC):
o Applicable data must follow review and validation guidelines as set by WIC
Incident Response and Management
1. Incident Detection:
o Implement systems for continuous monitoring to detect potential data breaches or security
incidents promptly.
2. Incident Response Plan:
o Develop and maintain an incident response plan that outlines the steps to be taken in the event
of a data breach or security incident.
3. Notification Procedures:
o Establish procedures for notifying affected individuals and relevant authorities in the event of a
data breach, in compliance with legal requirements.
4. Post-Incident Analysis:
o Conduct a thorough analysis of any security incidents to identify root causes and implement
measures to prevent future occurrences.
5. Incident Reporting:
o Potential to offer capabilities for end-users to create/submit incidents and communicate
resolutions (such as discrepancies, data errors, etc.)
Training and Awareness
1. Regular Training:
o Provide regular training to all CIE participants on data privacy, security protocols, and best
practices.
2. Awareness Programs:
o Conduct ongoing awareness programs to keep all stakeholders informed about the importance
of data privacy and the measures in place to protect it.
Cybersecurity
Ensuring robust cybersecurity measures is critical to the success and integrity of the Fresno County Community
Information Exchange (CIE).Any third-party technology solutions integrated into the CIE must comprehensively
address and manage several key areas of cybersecurity to protect the sensitive data and ensure the system's
resilience against potential threats. Below are the essential components of the cybersecurity framework that must
be implemented:
Physical and Environmental Protections
• Data Centers: Data centers must have stringent physical security measures, including access controls,
Fresno CIE - Technical and Operational Plan
November 2024
Page 132
Attachment A
surveillance systems, and security personnel, to prevent unauthorized physical access.
• Environmental Controls: Implement environmental controls to protect hardware from natural disasters,
fires, and other environmental hazards, including climate control, fire suppression systems, and flood
prevention measures.
Data Security
• Encryption: Employ strong encryption protocols for data at rest and in transit to protect sensitive
information from unauthorized access and breaches.
• Data Integrity: Implement mechanisms to ensure data integrity, such as checksums and digital
signatures, to detect any unauthorized alterations to data.
• Backup and Recovery: Maintain regular data backups and establish robust data recovery procedures to
ensure data can be restored in the event of a loss or breach.
Network Security
• Firewalls: Use advanced firewall technologies to monitor and control incoming and outgoing network
traffic based on predetermined security rules.
• Intrusion Detection and Prevention Systems (IDPS): Deploy IDPS to detect and prevent potential
security breaches and attacks on the network.
• Virtual Private Networks (VPNs): Use VPNs to secure remote access to the CIE network, ensuring
encrypted connections and protecting data during transmission.
Access Security
• Authentication: Implement multi-factor authentication (MFA) to verify the identities of users accessing
the system.
• Authorization: Enforce strict access controls and role-based access management to ensure users only
have access to the data and systems necessary for their roles.
• User Activity Monitoring: Monitor and log user activities to detect and respond to suspicious behavior
and unauthorized access attempts.
Application Security
• Secure Development Practices: Follow secure coding practices and conduct regular code reviews and
vulnerability assessments to identify and mitigate security risks in application development.
• Patch Management: Regularly update and patch applications to protect against known vulnerabilities
and security threats.
• Application Firewalls: Implement web application firewalls (WAF) to protect applications from common
web-based attacks, such as SQL injection and cross-site scripting (XSS).
Operations Management
• Security Policies and Procedures: Develop and enforce comprehensive security policies and procedures
to guide all aspects of operations management.
• Access Audits: Conduct regular audits of access controls and security policies to ensure compliance and
identify areas for improvement.
• Training and Awareness: Provide ongoing cybersecurity training and awareness programs for all
personnel to ensure they understand and adhere to security best practices.
Security Monitoring and Logging
• Continuous Monitoring: Implement continuous security monitoring to detect and respond to security
Fresno CIE - Technical and Operational Plan
November 2024
Page 133
Attachment A
events in real time.
• Centralized Logging: Use centralized logging systems to collect, analyze, and store logs from various
sources, providing a comprehensive view of security activities.
• Anomaly Detection: Employ advanced analytics and machine learning to detect anomalies and potential
security incidents from log data.
Incident Response
• Incident Response Plan: Develop a detailed incident response plan outlining the procedures for
identifying, managing, and mitigating security incidents.
• Incident Response Team: Establish a dedicated incident response team trained to handle and respond to
security breaches effectively.
• Post-Incident Analysis: Conduct thorough post-incident analysis to understand the root cause of
security incidents and implement measures to prevent future occurrences.
By addressing these key areas, third-party technology solutions can provide a cybersecurity framework that
safeguards the Fresno County CIE, ensuring the protection of sensitive data and the continued trust of all
participating organizations and stakeholders.
Partner Requirements Documentation
To participate in the Community Information Exchange (CIE), partners must meet certain system functionality
requirements.The following outlines the minimum and preferred system requirements for partners to effectively
connect to and utilize the CIE.
Minimum Viable System Requirements
1. Data Exports
• Partial Data Exports:
o Capability to export only the rows within a database that have been created or updated within a
specified time period.
o The exports should contain only the data required by the CIE's common dataset.
o Ability to export only the fields within a record that have been changed or updated.
• Data Formatting:
o Exported data must be formatted according to CIE data definitions.
o If the export process is manual, the partner must agree to upload the data on a consistent,
agreed-upon schedule.
• File Format: Data should be exported in a flat file, CSV format.
3.Agreement to Common Partner SLA
• Partners must agree to a common understanding for maintaining their connection to the CIE. This
includes being responsible for supplying crucial information to other partners in a timely and reliable
form, signifying a social contract.
Preferred System Requirements
1. Data Exports
• Triggered Exports:
o Ability to trigger data exports upon record save.
o Exported data must be formatted according to CIE data definitions.
• API Calls:
o Capability to make external HTTPS API calls to third-party endpoints with the payload from the
Fresno CIE - Technical and Operational Plan
November 2024
Page 134
Attachment A
record save.
■ For new records, include the entirety of the record that maps to the CIE dataset.
■ For updates, include only the updated fields within the record that map to the CIE
dataset.
2.Agreement to Common Partner SLA
• Partners must agree to a common Service Level Agreement (SLA) to maintain their connection to the
CIE.This includes being responsible for supplying crucial information to other partners, signifying a
social contract.
By adhering to these system requirements, partners can ensure seamless integration with the CIE, facilitating
efficient data sharing and management.These requirements help maintain data integrity, consistency, and
reliability across the CIE, supporting the collaborative goals of the participating organizations.
Fuzzy Matching System Evaluation Requirements
To ensure that the CIE can effectively match and integrate data from diverse sources, it is crucial to evaluate the
capabilities of fuzzy matching systems thoroughly. The following criteria outline the key requirements for an
effective fuzzy matching system, taking into consideration various name variant phenomena, global name
ethnicity specifics, entity types, and other critical factors.
1. Handling a Variety of Name Variant Phenomena
• Misspelling: Can the system identify and match names with common misspellings? (e.g., John
Richards vs.John Richarda)
• Names with the Same Sound: Can it recognize phonetic variations of names? (e.g., Kay vs. Kaye;
Allen vs. Allan vs.Alan)
• Nicknames: Does it handle common nicknames and their formal counterparts? (e.g., Robert vs. Bob
vs. Bobby;Theodore vs. Ted)
• Initials: Can it match names with initials? (e.g., John Ronald Smith vs.J. R. Smith)
• Name Order Variants: Can it recognize names with reversed order? (e.g., Fumio Kishida vs. Kishida
Fumio)
• Missing Name Elements: Can it match names with missing elements? (e.g., John Frank Robertson vs.
John Robertson)
• Company Abbreviations: Does it handle abbreviations of company names? (e.g., Bayerische
Motoren Werke AG vs. BMW; Smith, Jones, &Company LLP vs. SJC)
• Date of Birth (DOB): Can it consider DOB as part of the matching process?
2. Handling Global Name Ethnicity Specific Phenomena
• Arabic Names: Can the system handle different segmentations of Arabic names in English? (e.g., Abd
al-Rahman vs. Abdul Rahman vs.Abdarrahman)
• Transliteration Standards: Can it manage different transliteration standards, such as Pinyin and
Wade-Giles for Chinese? (e.g., A Jinping vs. Hsi Chin-p'ing)
• Spanish Last Names: Can it handle Spanish last names with matronymics and patronymics? (e.g.,
Carlos Guzman Ramos vs. Carlos Guzman)
3. Fuzzy Matching of Required Entity Types
• Entity Types: Can the system handle fuzzy matching for a variety of entity types beyond personal
names, such as:
o Organization
o Place
o Address
o Vehicle
o Email Address
Fresno CIE - Technical and Operational Plan
November 2024
Page 135
Attachment A
o Phone number
o Date
• CIE Fields: Ensure the system can handle the specific entity types associated with the reserved CIE
fields used for the Master Person Index matching.
4. Fuzzy Matching of Records with Multiple Fields
• Multiple Field Matching: Can the system match records that include multiple fields, such as:
o Name
o Date of Birth
o Place of Birth
o Nationality
o Spouse
o Address
• Intelligent Matching: Does the system intelligently consider the matching results of all relevant
fields to improve accuracy?
S. Providing a Matching Score
• Threshold Flexibility: Can the system provide a matching score to set cut-off thresholds for
matches?
• Accuracy Levels: Can you adjust the matching score to be more stringent or lenient depending on
the required accuracy for different use cases?
6.Accuracy of Fuzzy Name Matching
• Low False Positives and Negatives: Does the system minimize false positives and false negatives?
• Assessment Capability: Can you assess false negatives, ideally with an answer key for each name
variant in the database?
7. Speed and Scalability
• Real-Time Matching: Can the system handle real-time matching requirements, such as those needed
for security checks against a watch list?
• Batch Processing: Can it also efficiently handle batch processing for applications like marketing
database updates?
• Scalability: Can the system scale to handle peak loads and large datasets?
8. Customizability
• Specific Customizations: Can the system be customized to handle:
o Unconventional name aliases, nicknames, or abbreviations?
o Specific field values to be ignored for matching purposes?
o Adjusting the weights of fields to alter matching behaviors?
Evaluating fuzzy matching systems based on these criteria ensures that the chosen solution can effectively handle
the diverse and complex matching requirements of the CIE. By addressing these detailed requirements, the CIE
can maintain high data integrity and facilitate accurate and efficient data integration across all participating
organizations.
Data Flow, Interoperability, and Solution Architecture
Implementation of the CIE Platform will require data to be shared smoothly between systems and people
involved in the care of Fresno County residents. The data flow depicted in figure 2 is a high-level example
of where data entry, data integration, or system to system data exchange will occur within the CIE Home
Visitation pilot
Fresno CIE - Technical and Operational Plan
November 2024
Page 136
Attachment A
Fresno County CIE-Care Coordination Level 0 Data Flow Diagram
DPH
CCS
Client Records
CIE Microservices
1.API Gateway
2.Task Manager/Job Queue
3.Data Quality Service
4.Record Matching Service
DSS: DSS Data 5.Data Transformation DPH Client Case Management Data
Locally-hosted Service DPH:
Data Systems 6.Error Handler myAvatar
7.Logging Service
8.Data Storage and Access
9.User Interface
10.Role-based Access
11.Reporting and Analytics
Diagram key
Client Case Management
® F—Cmmy ClE Data
Partner system
CIE Ecosystem
Apricot 360
PDrdn9
Figure 2:Home Visitation Care Coordination Data Flow Diagram(Level 0)
Under this framework, systems of origin contributing to the CIE will send data through microservices
such as API's, flat files or other secure data exchange protocols that meet established standards.
Each system of origin would manage their own data submission in partnership with the CIE technical
backbone vendor.
Fresno CIE - Technical and Operational Plan
November 2024
Page 137
Attachment A
Overview CIE Microservices Processes and Data Flows
The proposed approach to the Fresno County Community Information Exchange (CIE) leverages a sophisticated
microservices framework to ensure robust, scalable, and flexible data integration, centralization, and service
delivery.This microservices architecture allows the CIE to efficiently manage and process the diverse data streams
from various systems of origin, providing a seamless and dynamic platform for information exchange. By adopting
a microservices framework, the CIE enhances its ability to respond to the evolving needs of the community,
ensuring that critical services are delivered promptly and effectively while maintaining the highest standards of
security and data integrity.
CIE Technical Components
Systems of Origin
Systems of origin of refers to the existing data systems of participating organizations that will send data to the CIE
centralized data exchange. This integration ensures that crucial information from health, social services, education,
and other sectors can be securely centralized and utilized within the CIE framework.
Systems of Origin Technical Considerations
Data Fields and Triggers
To ensure effective integration and timely data sharing within the Fresno County Community Information
Exchange (CIE), a process targeting specific data fields from systems of origin must be developed.These
targets will facilitate the process of capturing and transmitting relevant data changes to the CIE,
facilitating regular updates and accurate data flow.
Key Components
• Data Creation: These data represent new record creation in the system of origin.They capture
essential data fields relevant to the CIE and ensure the new information is shared in a timely way
with the CIE.
• Data Updates:These data are submitted to the CIE when an existing record is changed in the
system of origin. They monitor changes to specific data fields that are part of the common CIE
dataset and ensure that these updates are promptly communicated to the CIE.
• Dat Linkages:The CIE will connect records within and between organizational data sets to support
the basic functionality of data exchange between participating entities.
Data Fields to Monitor
• Personal Identifiers: Fields such as individual name, date of birth, and unique identification numbers
(e.g., social security number, student ID) that are crucial for accurately matching records across
systems.
• Contact Information: Updates to addresses, phone numbers, and email addresses to ensure that
communication remains effective and up-to-date.
• Service Eligibility and Enrollment: Changes in eligibility status or enrollment in services such as
healthcare programs, social services, and educational support.
• Health and Behavioral Information: Relevant health data, including diagnoses, treatment plans, and
mental health status, which are critical for coordinated care and intervention.
• Case Management Details: Updates related to case notes, service plans, and follow-up actions that
are essential for comprehensive case management.
Benefits
Fresno CIE - Technical and Operational Plan
November 2024
Page 138
Attachment A
Implementing data field triggers within the systems of origin provides several key benefits:
• Real-Time or Scheduled Data Sharing: Ensures that any changes in the data are promptly reflected
in the CIE, enabling real-time information access and decision-making.
• Accuracy and Consistency: Maintains the accuracy and consistency of data across all integrated
systems, reducing the risk of discrepancies and errors.
• Enhanced Coordination: Facilitates better coordination among various service providers by ensuring
that all parties have access to the most current and relevant information.
• Automation and Efficiency: Automates the data capture and sharing process, reducing the need for
manual data entry and minimizing the potential for human error.
Origin System API Development
To facilitate seamless data integration within the Fresno County Community Information Exchange (CIE),
there is a potential need to develop Application Programming Interfaces (APIs) for systems of origin that
currently lack this capability. APIs are needed to enable automated, secure, and efficient data
communication between diverse systems, though development of a workflow focused on the extraction
of data from systems of origin onto a flat file or other portable form is another viable method for data
exchange.
Key Aspects of API Development
• Seamless Data Integration: APIs enable the automated exchange of data between systems,
ensuring that information flows smoothly and accurately into the CIE without the need for manual
intervention.
• Real-Time Data Sharing: With APIs, data from the systems of origin can be shared in real-time,
providing up-to-date information to all CIE participants and enhancing decision-making processes.
• Standardization: APIs help standardize data formats and protocols, ensuring compatibility and
interoperability across various systems and platforms involved in the CIE.
• Scalability: Developing APIs allows the CIE to scale more effectively by facilitating the integration of
additional systems and data sources as the network of participating organizations expands.
• Efficiency and Automation: APIs reduce the need for manual data entry and processing, increasing
operational efficiency and minimizing the risk of human error.
Benefits of API Integration
• Enhanced Coordination: Facilitates better coordination among healthcare providers, social services,
educational institutions, and other stakeholders by ensuring they have access to accurate and timely
data.
• Improved Data Quality: Ensures that data shared with the CIE is consistent, reliable, and free from
discrepancies, thereby improving overall data quality.
• Streamlined Operations: Automates routine data exchange processes, freeing up resources and
allowing staff to focus on more critical tasks and interventions.
• Security and Compliance: APIs can be designed with robust security features to protect sensitive
information, ensuring compliance with data privacy regulations and standards.
Implementation Considerations
• Assessment: Conduct a thorough assessment of the current systems of origin to identify those that
lack API capabilities and require development.
• Development: Engage with IT professionals and API developers to design and build the necessary
APIs, ensuring they meet the specific needs of the CIE.
• Testing and Validation: Implement rigorous testing and validation procedures to ensure the APIs
function correctly and securely before full-scale deployment.
• Training and Support: Provide training and support to staff and partners to ensure they
Fresno CIE - Technical and Operational Plan
November 2024
Page 139
Attachment A
understand how to use the new APIs effectively.
CIE API Gateway
The API Gateway component services as a centralized entry point for managing and directing API requests
between external client systems of origin and the various microservices within the CIE framework.
Key Features
• Request Routing: The API Gateway efficiently routes incoming API requests to the appropriate
microservices, ensuring that data is accurately and promptly delivered to the right destinations.
• Security: Implements advanced security measures, including authentication and authorization protocols,
to protect sensitive data and ensure that only authorized users can access the system.
• Rate Limiting and Throttling: Manages and controls the flow of incoming requests to prevent system
overloads and ensure optimal performance and reliability.
• Data Transformation: Handles data transformation and formatting, ensuring compatibility between
different systems and facilitating seamless data exchange.
• Monitoring and Logging: Provides comprehensive monitoring and logging capabilities, enabling real-
time tracking of API requests and system performance, and assisting in troubleshooting and system
optimization.
Benefits
The API Gateway component enhances the efficiency, security, and scalability of the CIE microservices
architecture. By centralizing the management of API requests, it simplifies the integration of diverse data
systems and ensures consistent and reliable communication between all components. This facilitates a more
cohesive and responsive CIE, capable of delivering timely and effective services to meet the needs of Fresno
County residents.
Task Manager/Job Queue
The Task Manager/Job Queue orchestrates the scheduling, execution, and management of various tasks and
background jobs within the system.
Key Features
• Task Scheduling:Allows for the scheduling of tasks at specific times or intervals, ensuring that routine
processes such as data updates and synchronization are executed timely.
• Job Queue Management: Manages a queue of background jobs, prioritizing and distributing them
across available resources to ensure efficient processing.
• Scalability: Provides the ability to scale task execution dynamically based on system load and demand,
ensuring consistent performance even during peak times.
• Monitoring and Alerts: Includes monitoring capabilities to track task status and performance, with alerts
for any failures or issues requiring attention.
Benefits
By managing and optimizing the execution of tasks, the Task Manager/Job Queue ensures that the CIE operates
smoothly and efficiently, handling large volumes of data and complex workflows with reliability and precision.
Data Quality Service
Fresno CIE - Technical and Operational Plan
November 2024
Page 140
Attachment A
The Data Quality Service ensures the accuracy, consistency, and reliability of the data within the CIE. It performs
various checks and validations to maintain high data quality standards.
Key Features
• Data Validation: Validates incoming data against predefined rules and criteria to ensure accuracy and
completeness.
• Data Cleaning: Identifies and corrects errors, inconsistencies, and duplicates in the data, improving its
overall quality.
• Monitoring: Continuously monitors data quality and provides reports and alerts on any issues detected.
• Standardization: Ensures that data conforms to standard formats and protocols, facilitating seamless
integration and interoperability.
Benefits
The Data Quality Service enhances the integrity and reliability of the data within the CIE, ensuring that all
stakeholders can trust the information they receive and use it effectively for decision-making and service delivery.
Record Matching Service
The Record Matching Service identifies and links records belonging to the same entity across different data
sources.This service ensures that the CIE can provide a comprehensive and unified view of individual records.
Key Features
• Entity Resolution: Uses sophisticated algorithms to match records that refer to the same entity, such as a
person or organization, across multiple datasets.
• Duplicate Detection: Identifies and merges duplicate records to avoid redundancy and ensure data
accuracy.
• Confidence Scoring: Assigns confidence scores to matched records to indicate the likelihood of a correct
match, allowing for manual review if needed.
Benefits
By accurately linking related records, the Record Matching Service provides a holistic view of data, enhancing the
CIE's ability to deliver coordinated and comprehensive services.
Master Person Index (MPI)
The Master Person Index (MPI) is a fundamental component of the Fresno County Community Information
Exchange (CIE) microservices architecture. It serves as a centralized database that uniquely identifies and
maintains comprehensive records of individuals across various systems and data sources.The MPI ensures that
each individual has a unique identifier, facilitating accurate data integration, matching, and retrieval.
Key Features
• Unique Identifier Assignment:Assigns a unique identifier to each individual, ensuring consistent and
accurate identification across different systems and data sources.
• Data Integration: Consolidates data from multiple sources, including healthcare, social services,
education, and other sectors, to create a single, unified record for each individual.
• Record Matching and Linking: Utilizes advanced algorithms to match and link records that pertain to
Fresno CIE - Technical and Operational Plan
November 2024
Page 141
Attachment A
the same individual, even if the data is from disparate sources or contains variations in personal
information.
• Data Quality Management: Maintains high data quality standards by identifying and resolving duplicate
records, inaccuracies, and inconsistencies within the index.
• Scalability: Designed to handle large volumes of data and a growing number of records, ensuring it can
scale with the expanding needs of the CIE.
Benefits
The Master Person Index offers several key benefits to the Fresno County CIE:
• Enhanced Data Accuracy: By providing a single, authoritative source of truth for individual identities, the
MPI improves the accuracy and reliability of data used for service delivery and decision-making.
• Improved Service Coordination: Facilitates better coordination of services across different sectors by
ensuring that all partners have access to the same comprehensive and accurate individual records.
• Efficient Data Retrieval: Simplifies data retrieval processes by allowing partners to access a unified
record for each individual, reducing the time and effort required to gather and verify information.
• Privacy and Security: Enhances data privacy and security by ensuring that sensitive information is
consistently managed and protected across the CIE.
Data Transformation Service
The Data Transformation Service converts data from its original format into a standardized format compatible
with the CIE.This service ensures that data from diverse sources can be integrated and used effectively.
Key Features
• Format Conversion: Transforms data into the required format, ensuring compatibility with other systems
and services within the CIE.
• Data Mapping: Maps data fields from the source format to the destination format, preserving data
integrity and meaning.
• Normalization: Standardizes data values and structures to ensure consistency and facilitate seamless
integration.
Benefits
The Data Transformation Service ensures that data from various sources can be efficiently integrated into the CIE,
supporting interoperability and enhancing the overall functionality of the system.
Error Handler
The Error Handler is responsible for detecting, managing, and resolving errors within the CIE microservices
architecture. It ensures that the system can handle issues gracefully and maintain operational integrity.
Key Features
• Error Detection: Identifies errors in real-time, including data processing errors, system failures, and
integration issues.
• Logging and Alerts: Logs error details and sends alerts to administrators, enabling prompt response and
troubleshooting.
• Automated Recovery: Implements automated recovery procedures for certain types of errors,
minimizing downtime and service disruption.
• Detailed Reporting: Provides detailed error reports to assist in diagnosing and resolving issues.
Fresno CIE - Technical and Operational Plan
November 2024
Page 142
Attachment A
Benefits
The Error Handler enhances the resilience and reliability of the CIE, ensuring that the system can quickly recover
from issues and maintain continuous operation.
Logging Service
The Logging Service tracks and records system activities and events within the CIE microservices architecture. This
service provides valuable insights for monitoring, troubleshooting, and auditing purposes.
Key Features
• Activity Logging: Records detailed logs of all system activities and events, including data transactions,
user actions, and system operations.
• Centralized Log Management: Consolidates logs from various microservices into a centralized
repository for easy access and analysis.
• Real-Time Monitoring: Enables real-time monitoring of system performance and activities,with
capabilities to detect anomalies and issues.
• Audit Trails: Maintains comprehensive audit trails to support compliance, security, and forensic
investigations.
Benefits
The Logging Service ensures comprehensive visibility into the operations of the CIE, supporting effective
monitoring, troubleshooting, and compliance with regulatory requirements.
Data Storage and Access
Data Storage and Access is essential to ensure that all data within the Community Information Exchange (CIE) is
secured at rest and readily accessible to authorized users based on agreed parameters within a Service Level
Agreement or similar documentation.This component includes robust data management strategies to support
high availability, security, and efficient access across multiple user groups.
Key Features
• Data Centralization:All data is stored in a centralized repository that supports real-time and on-demand
data access for all integrated systems.
• Data Archiving: Archival solutions manage historical data efficiently, ensuring that older records are
stored in a way that remains accessible for long-term analysis and compliance purposes.
• Backup and Recovery: Redundant storage and regular backups protect data integrity and support
disaster recovery.
Benefits
• High Availability: Ensures data is accessible whenever needed by authorized users, supporting efficient
data-driven decision-making.
• Enhanced Security: Centralized storage supports enhanced security protocols, including encryption and
access controls, ensuring data is consistently protected.
• Scalability: Enables the system to handle expanding volumes of data as more organizations join the CIE.
Fresno CIE - Technical and Operational Plan
November 2024
Page 143
Attachment A
User Interface (UI)
The User Interface (UI) enables authorized users to view integrated data from multiple sources through a
streamlined, easy to access, and user-friendly portal.This centralized access point provides a comprehensive
view of client information, presented based on the role of the user, promoting coordinated care and informed
decision-making across sectors.
Key Components
• Linked Record Access:Allows authorized users to access a unified view of client records linked across
various systems, including health, social services, and education.
• Search and Filter Functionality: Robust search and filter tools allow users to quickly locate specific client
records and view relevant data based on parameters such as service type, date, or organization.
• Data Visualization:Visual dashboards and summaries present complex data in an accessible format,
allowing users to easily interpret information across multiple domains.
Benefits
• Enhanced Coordination: Provides a single access point to view comprehensive client information,
improving collaboration among service providers.
• Improved Decision-Making:Access to integrated client data enables providers to make well-informed
decisions and deliver tailored services.
• Time Efficiency:The UI design reduces time spent navigating disparate systems, allowing users to focus
on service delivery.
Role-Based Access to the Centralized System
Role-Based Access to the Centralized System ensures data security by controlling user access to sensitive
information based on their role within the CIE.This role-based approach supports data privacy, compliance,
and ensures that users only access data pertinent to their responsibilities.
Key Components
• Role Definitions and Permissions: Permissions are assigned based on predefined roles, ensuring users
only access data and functions necessary for their tasks.
• Access Control Policies: Enforces strict access control policies that align with privacy regulations, limiting
exposure of sensitive information to unauthorized users.
• Audit Trails: Comprehensive logging of user access and actions to maintain accountability and support
data governance practices.
Benefits
• Data Security: Role-based access minimizes exposure of sensitive data, protecting client privacy.
• Regulatory Compliance:Adheres to data privacy laws and regulations by enforcing role-specific access
restrictions.
• Customizable Access: Flexible role definitions accommodate various user roles, enabling tailored access
Fresno CIE - Technical and Operational Plan
November 2024
Page 144
Attachment A
based on organizational needs.
Reporting and Analytics
Reporting and Analytics capabilities enable data-driven insights by providing standardized report and
additional tools to access, analyze, and visualize data within the CIE.These tools help users monitor
performance, track trends, and make informed decisions to improve service delivery.
Key Components
• Data Visualization: Intuitive visual dashboards present data insights, allowing users to interpret complex
data easily and make informed decisions.
• Automated Reporting: Scheduled reports provide regular updates on key metrics, helping organizations
track progress and identify areas for improvement.
• Predictive Analytics:Advanced analytics enable forecasting and trend analysis, assisting in proactive
decision-making and resource allocation.
Benefits
• Enhanced Decision-Making:Analytics provide actionable insights, helping organizations tailor services
and respond to emerging trends.
• Resource Optimization: Data-driven insights allow for better resource allocation and prioritization of
services.
• Transparency and Accountability: Regular reporting fosters transparency, supports accountability, and
aids in meeting compliance and performance standards.
Technical View of Dataf lows and Technology Considerations
This section offers an in-depth view of the potential microservices which could facilitate the integration,
management, and exchange of data within the Fresno County CIE, along with proposed technologies currently in
the market which have capabilities to support the described functionality. By detailing the workflows for data
capture, processing, and dissemination, this section ensures that all stakeholders understand the critical pathways
and technologies that support efficient and secure information sharing. These workflows are designed to enhance
interoperability, maintain data integrity, and ensure timely access to accurate information, ultimately driving
better outcomes for the community.
Operational Data Flows at the System of Origin
System of Origin End Users will trigger the transaction of data to the CIE core system through the following
actions:
1. Creating a New Record: Adding a new entry that is relevant to the CIE dataset.
2. Updating an Existing Record: Modifying an existing entry within the fields that are part of the common
CIE dataset.
Upon execution of either of these triggering events, the internal system will initiate an HTTPS call to the CIE API
endpoint. This call will include:
1. Authentication Information: API key specific to the organization.
2. Record Data (in JSON format):
o Organization-Specific Unique Identifier: The unique identifier for the record within the
organization.
Fresno CIE - Technical and Operational Plan
November 2024
Page 145
Attachment A
o Complete Record (for new entries): Sent via HTTPS POST, this record will contain:
1. Reserved Fields: Data fields with definitions agreed upon by all CIE participants.
2. Custom Fields: Data unique to the submitting organization.
o Partial Record (for updates): Sent via HTTPS PATCH, containing only the fields that have been
updated.
o User Identifier: The specific User-ID of the end user who created or updated the record within
the organization.
o Timestamp: The exact time of the transaction, recorded in UNIX milliseconds.
This approach ensures that data is consistently and securely transmitted to the CIE core system, maintaining data
integrity and enabling effective interoperability among all participating entities.
CIE API Endpoint
When the CIE API endpoint receives an API call, it will undertake the following actions:
1. Logging Information: Send logging information to the Logging Service (Logs) at each stage of the API
endpoint process.
2. Basic Checks for Required Fields and Values:
o If checks pass, continue processing.
o If checks fail, route to the Exception Handler Service (EHS).
3. Authenticate API Key: Verify the API key to ensure the call is from an authorized source.
4. Technical Format Validation: Perform a basic check to ensure the correct technical formatting (HTTPS,
POST, PATCH, or GET).
5. Data Parsing: Parse the incoming data fields.
6. Data Validation on Reserved Fields: Validate the data against a pre-defined system mapping for:
o Content format (e.g., INT, varchar, JSON, timestamp, BLOB, BIT, etc.).
o Content length.
o Presence of required fields.
o Properly formed JSON payload.
7. Insert Organization-Specific Identifiers:
o Insert an Org_ID specific to the service provider of origin.
o Insert an Action value indicating the operation (Insert, Update).
8. Transaction Management:
o Insert a unique Transaction-ID into the payload for logging purposes.
9. Payload Routing:
o If there are no errors and the HTTP method is POST or PATCH, pass the payload to the Task
Master Job Queue (TMJQ), which then sends it to the Record Matching Service (RMS).
o If errors are detected, route the payload to the Exception Handler Service (EHS).
This process ensures secure, accurate, and efficient handling of data transactions within the CIE, maintaining data
integrity and providing robust error management.
Examples of Applicable API Gateways
To facilitate secure, efficient, and scalable data integration within the Fresno County Community Information
Exchange (CIE), a robust API Gateway is essential.The following are examples of applicable API Gateways that can
be considered for implementation:
1.WS02 API Manager
• Description: WS02 API Manager is an open-source API management solution that provides full
lifecycle API management, including API creation, publishing, lifecycle management, application
Fresno CIE - Technical and Operational Plan
November 2024
Page 146
Attachment A
development, access control, rate limiting, analytics, and monitoring.
• License: Apache 2.0
• Resource Link: WSO2 API Manager
2. Microsoft Azure API Management
• Description: Azure API Management is a fully managed service that enables enterprises to publish,
secure, transform, maintain, and monitor APIs. It offers a platform for API management, ensuring high
availability and scalability.
• Resource Link: Microsoft Azure API Management
3.Tyk API Gateway
• Description: Tyk is an open-source API Gateway and Management platform that provides API
analytics, developer portals, and security capabilities such as rate limiting and quota management. It
is available as both a commercial and open-source solution.
• Resource Link: Tyk API Gateway
4. Google API Gateway
• Description: Google API Gateway provides a fully managed gateway to deploy, secure, and monitor
APIs at scale. It is built on the same infrastructure as Google Cloud, offering security, high availability,
and low latency.
• Resource Link: Google API Gateway
5. KrakenD
• Description: KrakenD is an ultra-performant open-source API Gateway that provides high
throughput, low latency, and scalability. It is designed to aggregate multiple microservices into a
single endpoint and supports advanced security and transformation features.
• Resource Link: KrakenD
Task Master Job Queue (TMJQ)
When the Task Master Job Queue (TMJQ) receives the payload, it follows these steps to ensure proper task
management and data processing:
1. Logging Information: Sends log entries to the Logging Service (Logs) at each stage of the queue
process.
2. Basic Checks for Required Fields and Values:
o If checks pass, continue processing.
o If checks fail, route to the Exception Handler Service (EHS).
3. Task Ingestion:
o Task Creation: Create a new task by assigning it a unique Task-ID.
o Metadata Assignment: Record the Origin_Org_ld (Org_ID value), Created-At timestamp (Unix
milliseconds), Last_Modified timestamp (Unix milliseconds), Current-Stage, and Last-Stage.
o Task Payload Entry: Create an entry in the Tasks-Payload table, including:
■ Task_ID (from above).
■ Unique Payload_ID.
■ Payload field containing the data.
4. Microservices Coordination: Acts as the central point of control, sending the task to the following
microservices in order and processing their results:
o Data Quality Service (DQS): Ensures data integrity and accuracy.
o Record Matching Service (RMS): Matches and links records across datasets.
o Data Transformation Service (DTS): Transforms data into required formats.
o API Service - Outbound (API): Manages outbound communication with target systems.
■ Target Systems Integration: Supplies target URLs, authentication credentials, and other
necessary information for external data reception. Preferred method is via API endpoint,
Fresno CIE - Technical and Operational Plan
November 2024
Page 147
Attachment A
with an alternative option being an SFTP server.
5. Scheduled Tasks Initiation: Capable of initiating tasks on a scheduled basis to proactively fulfill CIE
technical requirements, such as:
o CSV Data Exports Retrieval: Sending tasks to retrieve CSV data exports from partner-controlled,
external SFTP servers for CIE processing.
o Updated Records Checking: Sending tasks to partner-built API endpoints to check for updated
records via local connectors (ODBC, direct SQL connection, etc.) and generate CIE-formatted
payloads for processing.
6. Integration with Existing Systems: Acts as an overlay for an existing task/job management queue
system or directly implements an existing task/job queue management system. The steps outlined above
are illustrative and may vary based on the specific system used.
This comprehensive process ensures efficient, accurate, and secure handling of tasks within the CIE, maintaining
data integrity and supporting coordinated service delivery.
Examples of applicable job queue systems:
For the effective management of tasks and queues within the Fresno County Community Information Exchange
(CIE), selecting a robust task and message queue system is essential.The following are examples of applicable
systems that can be considered for implementation:
1. BuIIMQ
• Description: BuIIMQ is a powerful, fast, and feature-rich job queue for Node.js applications. It is
designed to handlejobs and manage task scheduling, retries, and concurrency.
• License: GPL
• Resource Link: BuIIMQ
2.Amazon Simple Queue Service (SQS)
• Description: Amazon SQS is a fully managed message queuing service that enables the decoupling
and scaling of microservices, distributed systems, and serverless applications. It offers reliable, highly-
scalable, and secure message queuing.
• Resource Link: Amazon Simple Queue Service
3. Celery
• Description: Celery is an asynchronous task queue/job queue based on distributed message passing.
It is focused on real-time operation but supports scheduling as well. Celery is used in production
systems to process millions of tasks per day.
• License: BSD
• Resource Link: Celery
4. RabbitMQ
• Description: RabbitMQ is a widely-used open-source message broker that implements the Advanced
Message Queuing Protocol (AMQP). It is known for its reliability, flexibility, and support for multiple
messaging protocols.
• License: Apache License
• Resource Link: RabbitMQ
5.Apache Kafka
• Description: Apache Kafka is a distributed event streaming platform capable of handling trillions of
events a day. It is designed for high throughput, low latency, and fault-tolerant data streaming and
processing.
• Resource Link: Apache Kafka
Selecting the right task and message queue system is crucial for ensuring the efficient operation of the CIE. The
Fresno CIE - Technical and Operational Plan
November 2024
Page 148
Attachment A
systems listed above offer a variety of features and capabilities that can meet the needs of different components
within the CIE, including task scheduling, message passing, and real-time data processing. Each option provides
unique advantages, and the final choice should be based on specific project requirements, scalability needs, and
integration capabilities.
Data Quality Service (DQS)
When the Data Quality Service (DQS) receives the payload, it follows these steps to ensure the data meets quality
standards:
1. Logging Information: Sends log entries to the Logging Service (Logs) at each stage of the data quality
checking process.
2. Basic Checks for Required Fields and Values:
o If checks pass, continue processing.
o If checks fail, route to the Exception Handler Service (EHS) for non-transient error handling.
3. Data Cleaning Process:
o Typo Correction: Identifies and corrects common typographical errors.
o Standardization: Ensures consistent capitalization and formatting of entries.
o Invalid Entries Removal: Eliminates entries deemed not allowed within a multiple organization
dataset, such as "N/A" and "Not Applicable".
This structured process ensures that the data is accurate, standardized, and ready for further processing within
the CIE, enhancing the reliability and usability of the information shared across participating organizations.
Examples of existing applicable systems:
For the effective transformation and cleansing of data within the Fresno County Community Information Exchange
(CIE), selecting a data transformation system is essential.The following are examples of applicable systems that
can be considered for implementation:
1. Osmos
• Description: Osmos provides a comprehensive data transformation and integration platform that
simplifies the process of cleaning, transforming, and importing data from various sources. It offers a
user-friendly interface and powerful tools to automate data workflows, ensuring data is accurate and
ready for analysis.
• Resource Link: Osmos
2. First Logic
• Description: First Logic offers advanced data cleansing solutions designed to ensure the accuracy
and integrity of data.Their platform provides tools for data quality improvement, including
standardization, validation, and enrichment, helping organizations maintain high-quality data for
critical operations.
• Resource Link: First Logic
3. Databricks
• Description: Databricks is a unified data analytics platform that provides tools for data engineering,
machine learning, and collaborative analytics. It enables organizations to process large volumes of
data efficiently, perform complex transformations, and integrate data from various sources, facilitating
robust data workflows and analytics.
• Resource Link: Databricks
Selecting the right data transformation system is crucial for ensuring the accuracy, quality, and usability of
data within the CIE. The systems listed above offer a variety of features and capabilities that can meet the
diverse needs of the CIE, including data cleansing, transformation, and integration. Each option provides
Fresno CIE - Technical and Operational Plan
November 2024
Page 149
Attachment A
unique advantages, and the final choice should be based on specific project requirements, data volume, and
integration capabilities.
Record Matching Service (RMS)
When the Record Matching Service (RMS) receives a client payload from the Task Manager, it performs the
following steps to ensure accurate record matching and data integration:
1. Logging Information: Sends log entries to the Logging Service (Logs) at each stage of the record
matching process.
2. Basic Checks for Required Fields and Values:
o If checks pass, continue processing.
o If checks fail, route to the Exception Handler Service (EHS) for non-transient error handling.
3. Data Parsing:
o Parses the data fields specifically used for record matching.
4. System Fields Check:
o Ensures the presence of required system fields: Org_ID, Transaction-ID, Client-ID, Action.
5. Master Person Index (MPI) Search:
o Searches the MPI for a pre-existing instance of the Client-ID.
o If found:
■ Appends the MPI_ID field value and the Org_Client_ID field value (a JSON object with key
pairs of"Org_ID":"Client_ID" specific to each organization) to the current transaction
payload.
o If not found:
■ Calls the Fuzzy Matching Service (FMS), which:
■ Indexes fields with possible Personal Identifying Information (PII).
■ Initiates a search within the MPI for records with matching PII data.
6. Fuzzy Matching Process:
o Single Match Found:
■ If the FMS finds a single MPI record with 100% match fidelity:
■ Updates the Org_Client_ID field (JSON) by appending the Org_ID as a new entry
in the JSON object.
■ Updates the Last-Modified date with a Unix milliseconds timestamp.
• Appends the MPI_ID and Org_Client_ID field to the current transaction payload.
o Multiple Matches Found:
■ If the FMS finds multiple records with a high match score:
■ Places the highest scoring records into a manual review queue.
■ Alerts a CIE data specialist or the submitting user at the system of origin based
on the Org_ID/User_ID fields contained within the payload.
■ Awaits manual input by an end user on the action to take.The manual review
queue is managed within the FMS.
o No Matches Found:
■ If no records meet the match threshold:
■ Creates a new MPI record, including:
■ An automatically generated, unique MPI_ID.
■ The Org_Client_ID field (JSON) with the Org_ID key pair as a sole entry.
■ A Created-By field (JSON) to track the originating organization and user.
■ Created-On and Last-Modified dates with Unix milliseconds timestamps.
■ Appends the MPI_ID and Org_Client_ID field to the current transaction payload.
7. Completion: Once the RMS has processed the data, the new data payload, including the necessary
Fresno CIE - Technical and Operational Plan
November 2024
Page 150
Attachment A
identifiers and updates, is returned to the Task Manager for further handling.
Resources for Evaluation:
Selecting an effective fuzzy matching system is critical for ensuring accurate record matching and data integration
within the Fresno County Community Information Exchange (CIE). The following resources provide comprehensive
guidance and options for evaluating and choosing the right fuzzy matching solution.
Evaluation Guides
• Fuzzy Matching System Evaluation Requirements: This guide provides a detailed list of questions
and criteria to consider when evaluating fuzzy matching vendors. It helps organizations identify the
most suitable solution based on specific needs, capabilities, and performance requirements.
Open Source Projects
• GitHub: Data Matching Software: A repository of open source data matching projects available on
GitHub. These projects offer various tools and libraries for implementing fuzzy matching algorithms
and can be a valuable resource for developing custom solutions.
Commercial Vendors for Consideration
1.WinPure
• Description: WinPure Clean & Match API is a comprehensive data matching and cleansing
solution that provides advanced fuzzy matching capabilities. It is designed to handle large
datasets and deliver accurate, reliable results for data integration and record matching.
• Resource Link: WinPure Clean & Match API
2. First Logic
• Description: First Logic Match IQ is an advanced data matching solution that offers powerful
fuzzy matching algorithms. It helps organizations accurately match and deduplicate records,
improving data quality and consistency.
• Resource Link: First Logic Match IQ
3. Senzing
• Description: Senzing provides real-time entity resolution and fuzzy matching capabilities,
ensuring accurate and efficient data matching across various datasets. Its scalable platform is
designed to handle complex data matching scenarios, enhancing data quality and integration.
• Resource Link: Senzing
4. Databricks
• Description: Databricks Product Matching with ML offers machine learning-based fuzzy
matching solutions. It provides tools for advanced data matching, integration, and analysis,
leveraging the power of the Databricks platform to deliver high performance and accuracy.
• Resource Link: Databricks Product Matching with ML
Evaluating and selecting the right fuzzy matching system is crucial for the successful implementation of the CIE.
The resources and vendors listed above provide a range of options, from open source projects to advanced
commercial solutions, ensuring that the CIE can find a suitable match for its specific data matching needs. Each
option offers unique features and benefits, and the final choice should be based on thorough evaluation and
alignment with the CIE's operational requirements.
Data Transformation Service (DTS)
When the Data Transformation Service (DTS) receives the payload, it follows these steps to ensure the data is
correctly transformed and mapped to the appropriate organizational formats:
1. Logging Information: Sends log entries to the Logging Service (Logs) at each stage of the data
transformation process.
Fresno CIE - Technical and Operational Plan
November 2024
Page 151
Attachment A
2. Basic Checks for Required Fields and Values:
o If checks pass, continue processing.
o If checks fail, route to the Exception Handler Service (EHS) for non-transient error handling.
3. Data Transformation Process:
o Reading Org_ID Values: Reads each Org_ID value from the payload.
o Checking Data Access Rules:Verifies the data access rules for each Org_ID, which govern which
organizations accept what data from which other organizations. This ensures that data is only
shared according to established agreements and preferences.
■ Example Scenarios:
■ Organization A as Source: Organization A may act as the definitive source of
specific data for other organizations but does not ingest data in return.
Therefore, when Organization A pushes a record into the CIE, it is sent to all
other organizations. However, when other organizations push data, the DTS
disallows any payload creation for Organization A.
■ Updating Access Rules: If Organization A decides to consume data from
Organization C (a definitive source of a different dataset), the data access rules
can be updated to include Organization A in the DTS payload generation when
data comes from Organization C.
o Finding Data Maps: Locates the appropriate data map for each Org_ID that is accepting the
payload from the system of origin. This map provides a blueprint for the fields that the
organization will accept, their equivalent field names in the organization's data structure, and any
additional relevant information.
■ Field Acceptance: Some organizations may restrict overwriting certain fields (e.g., name,
address, DOB) to protect immutable or sensitive information.
o Building New Payloads: Constructs a new record payload for each organization based on the
data from the system of origin and the data mapping document. Fields without data are excluded
from the payload to ensure that default values or existing data handling procedures are
respected.
■ New vs. Existing Records: For new client records, the payload includes all relevant fields.
For existing records, the action taken is a PATCH() to update only changed fields, rather
than a PUT() which would replace the entire target record.
4. Returning DTS Payload:
o To TMJQ: Returns the transformed DTS payload to the Task Master Job Queue (TMJQ).
o MPI Update: If this is a new client record, upon receiving the DTS payload, the TMJQ sends an
update to the Master Person Index (MPI) within the Record Matching Service (RMS) to reflect
which organizations have the client within their systems and the corresponding matching fields
based on the DTS-generated payload.
Technical Notes on Data Transformation
• Common Technology: Data transformation systems are widely used within data pipelines. The CIE can
leverage existing solutions or commercial vendors for this service.
• Solutions for Evaluation:
o Osmos: Osmos Data Transformation
o Apache NiFi:Apache NiFi
o Databricks: Databricks
o Rapidfuzz (MIT License): Rapidfuzz
By following this detailed process, the DTS ensures that data is accurately transformed and mapped, facilitating
efficient and secure data sharing within the CIE while respecting the unique requirements and preferences of each
participating organization.
Fresno CIE - Technical and Operational Plan
November 2024
Page 152
Attachment A
Logging Service (LogS)
The centralized Logging Service (LogS) is an essential component of the CIE system, tasked with tracking various
metrics and events across the infrastructure. It ensures comprehensive monitoring and logging to maintain
system health, performance, and security.The LogS will perform the following functions:
Key Logging Areas
1. Client Records Tracking:
o Logs new or updated client records as they progress through the CIE system to completion.
2. Hardware and Operating System Metrics:
o Monitors health and performance metrics of hardware and operating systems.
3. Network Health Metrics:
o Tracks network health and performance to ensure reliable connectivity.
4. Service Health Metrics:
o Monitors the health and performance of critical services (API, TMJQ, DQS, FMS, and DTS).
5. Security Monitoring:
o Tracks security-related events and potential threats to ensure system integrity and compliance.
Minimum Functional Requirements for Logging Services
The Logging Service must be capable of accepting logging information from a diverse array of sources through
multiple interfaces. Additionally, it should include the following functionalities:
1. Secure User Logins:
o Implement Two-Factor Authentication (2FA) or other advanced methods to secure user logins.
2. User Roles and Access Levels:
o Provide fine-grained control over user roles and access levels to ensure appropriate permissions.
3. External Alerting:
o Enable alerting through external channels (email, SMS, Slack, etc.) based on user-defined criteria,
including but not limited to:
■ CPU, RAM, and Drive Space Usage: Alerts based on hardware resource utilization.
■ Overall Transaction Latency: Monitors the time it takes for an individual client record to
traverse the CIE.
■ Service Transaction Latency: Tracks latency for individual services.
■ CIE Error Rates: Alerts on error rates per second, minute, hour, and percentage.
• Service Error Rates: Monitors error rates for individual services.
■ Traffic Fluctuations:Alerts on significant increases or decreases in traffic into the CIE
system.
4. Live Visual Reporting Dashboards:
o Provide real-time dashboards displaying all metrics with additional filtering options, such as by
participating organization.
5. In-Depth Metric Analysis:
o Allow detailed inspection from any single reporting metric to specific time frames, individual
transactions, hardware, or software components.
6. Search-Based Filtering:
o Enable search-based filtering of logged data for easy retrieval and analysis.
7. Reporting Exports:
o Support exporting reports for further analysis and record-keeping.
8. Compliance:
Fresno CIE - Technical and Operational Plan
November 2024
Page 153
Attachment A
o Ensure compliance with relevant data standards such as HIPAA, FERPA, and other applicable
regulations.
Examples of Centralized Logging Services
Centralized logging services are essential for monitoring, troubleshooting, and maintaining the health and
performance of the Fresno County Community Information Exchange (CIE).These services provide comprehensive
logging, real-time analytics, and alerting capabilities to ensure the system operates smoothly and securely.The
following are examples of centralized logging services that can be considered for implementation:
1. Elasticsearch
• Description: Elasticsearch is a powerful open-source search and analytics engine designed for
scalability and high performance. It allows organizations to search, analyze, and visualize data in real-
time, making it ideal for centralized logging and monitoring.
• Resource Link: Elasticsearch
2. New Relic
• Description: New Relic offers a comprehensive suite of tools for application performance monitoring
and real-time analytics. It provides detailed insights into system performance, error tracking, and user
interactions, enabling proactive maintenance and troubleshooting.
• Resource Link: New Relic
3. Splunk
• Description: Splunk is a robust platform for searching, monitoring, and analyzing machine-generated
data. It offers powerful capabilities for log management, data visualization, and real-time analytics,
helping organizations to quickly identify and resolve issues.
• Resource Link: Splunk
4. Signoz
• Description: Signoz is an open-source observability platform designed for monitoring and analyzing
application performance and logs. It provides real-time metrics, traces, and logs, allowing
organizations to gain deep insights into their system's behavior and performance.
• Resource Link: Signoz
Choosing the right centralized logging service is critical for ensuring the effective monitoring and management of
the CIE system. The services listed above offer a variety of features and capabilities that can meet the diverse
needs of the CIE, including real-time analytics, error tracking, and data visualization. Each option provides unique
advantages, and the final choice should be based on specific project requirements, scalability, and integration
capabilities.
Error Handling Service (EHS)
The Error Handling Service (EHS) is a critical component in managing the complexities of a microservices
architecture within the CIE. Given the inherent scalability, robustness, and performance benefits of microservices,
there is an increased complexity in error handling. Errors can arise from typical system issues, such as
programmatic bugs or data exceptions, as well as from factors like network latency, system/vendor outages, or
hardware problems.These errors are classified into two types:
1. Non-Transient Errors: Persistent errors, such as software bugs, that continue to occur unless fixed.These
errors require immediate attention and resolution.
2. Transient Errors: Temporary errors that occur for a short duration due to issues like network outages or
high request loads. These errors are usually resolved by retrying the process.
Error Handling Methodologies
1. Non-Transient Errors
Non-transient errors are persistent and require logging and immediate resolution.
Fresno CIE - Technical and Operational Plan
November 2024
Page 154
Attachment A
• Logging: Log non-transient errors in the central logging service (Logs).
• No Retry: Do not retry the process that triggered the error.
• Severity-Based Alerts:
o Severity Level Classifications:
■ Severity Level 1 (Critical Impact/System Down): Complete microservice outage.
■ Severity Level 2 (Significant Impact/Severe Downgrade): Severe service degradation.
■ Severity Level 3 (Minor Impact): Most of the microservice is functioning properly.
■ Severity Level 4 (Low Impact/Informational): Informational issues with minimal
impact.
o Alerts: For Severity 1 and Severity 2 errors, send alerts via email, SMS, or instant messaging (e.g.,
Slack) to on-call engineers for immediate troubleshooting and resolution.
2.Transient Errors
Transient errors are temporary and often resolved through retry mechanisms.
• Logging: Log transient errors in the central logging service (Logs).
• Retry Mechanism:
o Initial Retry: The process or transaction that triggered the transient error is requeued in the Task
Master Job Queue (TMJQ) and resent to the specific microservice for processing.
o Second Retry: If the process fails again, it is requeued with an additional delay to avoid
overwhelming the microservice with retry attempts.
o Final Attempt: After a third failure, the error is marked as permanent, and the system of origin is
informed of the new status.
• Alerting on Repeated Failures: If a high number of transient failures occur for a specific microservice or
within the CIE system, the central logging service should alert on-call engineers for troubleshooting.
The Error Handling Service (EHS) provides a structured approach to managing both persistent and temporary
errors in a microservices architecture. By implementing comprehensive logging, severity-based alerts, and retry
mechanisms, the EHS ensures the resilience and reliability of the CIE system, enabling prompt resolution of issues
and maintaining system performance and availability.
Partner Technical Systems Review
myAvatar - Department of Public Health
myAvatarTI is a behavioral health EHR that offers a recovery-focused suite of solutions leveraging real-time
analytics, Al, and clinical decision support to drive value-based care.
Technical Capabilities and Considerations
• Data Standard: myAvatar's data schema adheres to the Fast Healthcare Interoperability Resources (FHIR)
standard, widely adopted across various agencies and systems, enhancing interoperability.
o Resource Link: FHIR Overview
• API Capabilities:
o Current on-premises installations lack inherent API capabilities. However, the Carefabric upgrade
enables an array of API connections.
o Without the upgrade, data access relies on third-party connections (e.g., ODBC) to extract, insert,
and update data within the InterSystems Cache database.This method, previously used by the
Department of Public Health, has been inactive for eight years.
Fresno CIE - Technical and Operational Plan
November 2024
Page 155
Attachment A
Use Case within CIE
• Data Integration: myAvatar will consume data pushed from CaISAWS via the Department of Social
Services' Data Systems.
Data Management
• Database System: InterSystems Cache (v2017.2), a high-performance system supporting dynamic data
objects (XML,JSON) and SQL querying.
o Resource Link: InterSystems Cache
• Custom Fields:
o Can create, export, and import custom fields.
Data Access and Permissions
• Supports data permissions down to the row and field level.
Data Security
• Uses built-in authentication for its user interface.Authentication for third-party/custom solutions is either
via operating system-level users or accounts within the myAvatar user base.
Integration Limitation
• Current on-premises installations lack inherent API capabilities. The Carefabric upgrade can enable API
connections. Otherwise, data access relies on third-party connections (e.g., ODBC) to the InterSystems
Cache database.
Department of Social Services Data Systems
DSS locally manages a suite of tools and applications designed to help organizations collect, analyze, and present
business data, enabling users to gather, process, and visualize data from various sources.
Technical Capabilities and Considerations
• Enterprise Level Application: DSS data systems provide robust capabilities for data analysis and
visualization.
• API Capabilities:
o Can make calls to external services.
o Can answer API calls from external services.
Use Cases
• Data Integration: DSS data systems have the capability to supply CaISAWS information to the CIE,
serving as a centralized data store.
Data Management
• Database System: Locally hosted databases with highly adaptable and scalable systems supporting SQL
querying.
• Custom Fields:
o Can create, export, and import custom fields.
Data Access and Permissions
• Supports data permissions down to the row and field level, configurable per group and user.
Fresno CIE - Technical and Operational Plan
November 2024
Page 156
Attachment A
Data Security
• The specifics of API authentication (LDAP, Fusion Middleware, etc.) depend on the Department of Social
Services' security implementation.
Integration Limitation
• DSS Data Bases can serve as a potential intermediate data store for CaISAWS.Adding new data fields
directly to CaISAWS requires regional and state approval, taking 8 months to 3 year, making changes to
source data a lengthy process.
Apricot 360 - Fresno County Superintendent of Schools
Apricot 360 is an enterprise system designed for small to mid-sized nonprofit organizations. It offers an all-in-one
platform allowing organizations to define their datasets, reporting, and dashboards to suit their missions.
Technical Capabilities and Considerations
• API Capabilities:
o Cannot make or answer API calls directly; relies on third-party systems (Workato, Zapier).
o Resource Links:
■ Apricot API Integration
■ Apricot SFTP Imports
• Automated SFTP Imports/Exports: Available as an add-on, based on customized reports scheduled
within Apricot 360.
o Resource Link: Scheduling Reports
Use Cases
• Reporting:Will be used for reporting, ingesting data from myAvatar but not from CaISAWS.
Data Management
• Custom Fields:
o Can create, export, and import custom fields.
Data Access and Permissions
• Supports data permissions down to the row and field level, configurable per group and user.
Data Security
• Uses built-in authentication for user interface access. SFTP integration requires an RSA SSH key for
import.
Integration Limitation
• Direct API calls are possible only through registered third-party vendors in Workato or Zapier, adding
complexity and cost.Automated SFTP imports cannot provide real-time updates, causing delays in data
integration.
CCS Community Health Record (CHR) System - Department of Public
Health
The CCS CHR is a CIE developed with data interoperability as a key component, aiming to provide a
Fresno CIE - Technical and Operational Plan
November 2024
Page 157
Attachment A
comprehensive view of client information to maximize positive outcomes. Fresno Department of Public Health has
150 end users and 2000+ clients in the system with relatively low traffic levels.
Technical Capabilities and Considerations
• Data Interoperability: Data is pre-cleaned by CCS, with a focus on interoperability.
• API Capabilities:
o Can initiate and receive API calls.
o Can perform scheduled data transmissions to API endpoints.
o Utilizes Redox middleware to adhere to HL7 standards.
o Prefers responding to external data requests via API calls due to system intensity of data update
triggers.
o Can send payloads containing only updated fields.
Use Cases
• Integration: The Department of Public Health will use CCS to manage data and case management for
multiple external CBOs, with identifying client information (non-PII) pulled into the Master Person Index
(MPI) for basic reporting.
Data Management
• Custom Fields:
o Can create, export, and import custom fields.
Data Access and Permissions
• Supports data permissions down to the row level, configurable by roles and users.
Data Security
• Uses OKTA SSO for individual user logins.
• API authentication is managed through API keys and SSL.
Integration Limitation
• No significant limitations identified.
These detailed system breakdowns highlight the technical capabilities, integration limitations, and specific use
cases for each system within the CIE.This comprehensive understanding is essential for ensuring seamless data
integration and management across all participating organizations.
Fresno CIE - Technical and Operational Plan
November 2024
Page 158
Attachment A
Implementing a Legal Framework for the Community
Information Exchange
This section outlines the legal framework and best practices for data sharing between community partners within
a Community Information Exchange framework, focusing on compliance with key privacy laws such as HIPAA
(Health Insurance Portability and Accountability Act) and FERPA (Family Educational Rights and Privacy Act).The
section is structured to assist healthcare systems, public health entities, human services, school districts, and
community-based organizations in California to support sharing data. It details the necessary legal instruments
and compliance measures, the operational roles of agents, and the process steps for legal data sharing.
Developing a Master Data Sharing Agreement Framework
A Master Data Sharing Agreement (MDSA) is a comprehensive document that outlines the overarching framework
for data sharing among all participating entities in a Community Information Exchange (CIE).This agreement
ensures that all parties adhere to standardized protocols and legal requirements, fostering trust and collaboration.
The MDSA serves as a foundational document that individual Data Use Agreements (DUAs), Data Sharing
Agreements (DSAs), and Business Associate Agreements (BAAs) can reference and build upon.
Objectives of the MDSA
1. Standardization: Establish uniform data sharing protocols and standards across all participating entities.
2. Compliance: Ensure adherence to applicable federal, state, and local laws, including HIPAA, FERPA, and
state-specific privacy laws.
3. Security: Define security measures to protect shared data from unauthorized access and breaches.
4. Governance: Outline the governance structure for managing data sharing and resolving disputes.
5. Transparency: Provide clear guidelines on data use, access, and participant responsibilities.
Key Components of the MDSA
1. Scope and Purpose
o Scope: Define the types of data covered by the agreement, including health, education, and
social service data.
o Purpose: Explain the objectives of data sharing, such as improving service coordination,
enhancing care delivery, and supporting community health initiatives.
2. Legal and Regulatory Compliance
o Applicable Laws: List the federal, state, and local laws that govern data sharing, including HIPAA,
FERPA, and any relevant state privacy laws.
o Compliance Obligations: Detail the obligations of each party to comply with these laws,
including obtaining necessary consents and maintaining data security.
3. Data Sharing Protocols
o Data Categories: Specify the categories of data that can be shared, such as demographic
information, health records, and service utilization data.
o Sharing Conditions: Define the conditions under which data can be shared, including permissible
uses and restrictions.
o Data Quality: Establish standards for data accuracy, completeness, and timeliness.
4. Security Measures
o Data Protection: Outline the administrative, technical, and physical safeguards to protect shared
data.
o Access Controls: Define who has access to shared data and the levels of access permitted.
Fresno CIE - Technical and Operational Plan
November 2024
Page 159
Attachment A
o Incident Response: Provide procedures for responding to data breaches and other security
incidents.
5. Governance Structure
o Steering Committee: Establish a governing body responsible for overseeing the implementation
and management of the MDSA.
o Roles and Responsibilities: Define the roles and responsibilities of each participating entity and
the steering committee.
o Dispute Resolution: Outline procedures for resolving conflicts related to data sharing.
6. Consent and Authorization
o Informed Consent: Require obtaining informed consent from individuals whose data will be
shared, detailing how their data will be used and protected.
o Revocation of Consent: Provide mechanisms for individuals to revoke their consent and for the
cessation of data sharing upon revocation.
7. Audit and Compliance Monitoring
o Regular Audits: Mandate regular audits to ensure compliance with the MDSA and applicable
laws.
o Reporting Requirements: Establish reporting requirements for data sharing activities and
compliance issues.
o Non-Compliance Consequences: Specify consequences for non-compliance, including
termination of the agreement or other legal actions.
MDSA Implementation Steps
1. Drafting the MDSA
o Collaborate with legal experts, stakeholders, and participating entities to draft the MDSA.
o Ensure the agreement aligns with existing policies, procedures, and legal requirements.
2. Stakeholder Engagement
o Engage all relevant stakeholders, including service providers, community organizations, and
individuals, to review and provide input on the MDSA.
o Address any concerns or suggestions to ensure broad support and understanding.
3. Approval and Adoption
o Obtain formal approval of the MDSA from all participating entities.
o Adopt the MDSA as the guiding framework for data sharing within the CIE.
4. Training and Awareness
o Conduct training sessions for all stakeholders to ensure understanding and compliance with the
MDSA.
o Provide ongoing education and support to address any questions or issues that arise.
5. Monitoring and Evaluation
o Regularly monitor the implementation of the MDSA to ensure compliance and effectiveness.
o Evaluate the impact of data sharing on service coordination and community outcomes, making
adjustments as needed.
The Master Data Sharing Agreement is a critical component of implementing a Community Information Exchange,
providing a standardized and legally compliant framework for data sharing. By clearly defining the roles,
responsibilities, and protocols,the MDSA fosters collaboration and trust among participating entities, ultimately
enhancing service delivery and community well-being.
Sharing Data Under HIPAA
Fresno CIE - Technical and Operational Plan
November 2024
Page 160
Attachment A
Sharing data under the Health Insurance Portability and Accountability Act (HIPAA) requires adherence to
stringent rules and guidelines to ensure the confidentiality, integrity, and security of Protected Health Information
(PHI). Here are the key components for compliantly sharing data under HIPAA:
1. Understanding PHI
• Definition of PHI: PHI includes any information held by a covered entity which concerns health
status, provision of health care, or payment for health care that can be linked to an individual.
• Scope of PHI:This covers a wide range of identifiers, not just medical records.
2. Privacy Rule Compliance
• Use and Disclosure of PHI: PHI should only be used or disclosed for treatment, payment, or
healthcare operations unless patient authorization is obtained or a specific exception applies.
• Minimum Necessary Standard:When PHI is disclosed, only the minimum necessary information
should be shared to achieve the purpose of the disclosure.
3. Security Rule Compliance
• Administrative Safeguards: Implement policies and procedures to manage the selection,
development, implementation, and maintenance of security measures.
• Physical Safeguards: Protect electronic systems, equipment, and data from physical threats.
• Technical Safeguards: Use technology to control access to PHI and protect communications
containing PHI transmitted electronically.
4. Business Associate Agreements (BAAs)
• Agreements with Third Parties: Covered entities must have BAAs in place with business associates
who handle PHI on their behalf.
• BAA Requirements: BAAs must outline the permissible uses of PHI by the business associate and
ensure that they will use appropriate safeguards.
5. Patient Rights
• Access and Amendment: Patients have rights to access and request amendments to their PHI.
• Accounting of Disclosures: Patients can request an accounting of certain types of disclosures of their
PHI.
6. Breach Notification Rule
• Reporting Requirements: Covered entities must report any breach of unsecured PHI to affected
individuals, the Department of Health and Human Services (HHS), and, in some cases, the media.
7.Training and Awareness
• Staff Training: Regular training of staff who handle PHI on HIPAA policies and procedures is crucial.
• Awareness: Maintaining awareness about the evolving nature of threats to data security and updates
in HIPAA regulations.
8. Record Keeping and Documentation
• Policies and Procedures Documentation: Maintain written privacy and security policies and
procedures.
• Compliance Records: Keep records of privacy and security practices, including risk analyses and
remediation plans.
Covered Entities
In the context of the Health Insurance Portability and Accountability Act (HIPAA), "Covered Entities" are defined as
organizations or individuals that engage in certain healthcare activities and are thus subject to HIPAA's
regulations. Typical examples of covered entities include:
1. Healthcare Providers:
• Doctors, clinics, psychologists, dentists, chiropractors, nursing homes, and pharmacies that
transmit any health information in electronic form in connection with a transaction for which the
U.S. Department of Health and Human Services has adopted a standard.
Fresno CIE - Technical and Operational Plan
November 2024
Page 161
Attachment A
2. Health Plans:
• Health insurance companies, HMOs (Health Maintenance Organizations), company health plans,
and government programs that pay for healthcare, such as Medicare, Medicaid, and the military
and veterans' healthcare programs.
3. Healthcare Clearinghouses:
• Entities that process nonstandard health information they receive from another entity into a
standard format or vice versa.
4. Medicare Prescription Drug Card Sponsors:
• Companies that provide Medicare-approved prescription drug cards, subject to certain
conditions.
Additionally, while not covered entities themselves, Business Associates of covered entities are also subject to
certain HIPAA regulations. These can include:
• Third-party administrators that assist health plans with claims processing.
• CPAs, attorneys, and IT consultants who have access to PHI (Protected Health Information) as part of the
services they provide to a covered entity.
• Billing and coding services, claims processing companies, and healthcare management services.
• Data analysis, processing, or administration services.
It's important to note that organizations can be a covered entity in one aspect of their operations but not in
others. For instance, a university may have a healthcare provider component (such as a university hospital)that is
a covered entity, while other parts of the university are not.
County Health and Human Services as Covered Entities
County health departments must comply with HIPAA if they are covered entities. HIPAA applies to any
organization or individual that creates, receives, maintains, or transmits electronic protected health information
(ePHI).
Covered entities include:
• State Medicaid programs
• Local public health departments
• Local governments that are covered entities
HIPAA's Privacy Rule recognizes the need for public health authorities to have access to protected health
information to carry out their public health mission.
Non-covered Entities
Some examples of organizations that do not have to follow HIPAA include:
• Auto insurance companies
• Schools and school districts
• Law enforcement agencies
• State agencies not involved in healthcare administration or services
• Life insurers
• Employers
• Workers compensation carriers
• Many state agencies like child protective service agencies
• Many municipal offices
Fresno CIE - Technical and Operational Plan
November 2024
Page 162
Attachment A
Requirements for the Execution of a Business Associate Agreement with Covered
Entities
In the context of HIPAA compliance, a Business Associate Agreement (BAA) is often part of a broader relationship
between a covered entity and a business associate (agent).While it's not strictly necessary for there to be a
separate service agreement in order to sign a BAA, it is common practice for several reasons:
1. Defining the Relationship and Scope of Services:A service agreement typically outlines the specific
services being provided by the business associate to the covered entity. This includes details on the scope
of work, performance expectations, payment terms, and other operational aspects of the relationship.
2. Compliance and Legal Requirements:The BAA, on the other hand, is specifically focused on ensuring
compliance with HIPAA's requirements regarding the use and protection of Protected Health Information
(PHI). It outlines the obligations and responsibilities of the business associate in relation to the handling
of PHI.
3. Operational Clarity: Having a service agreement in place alongside a BAA can provide clarity and prevent
misunderstandings about the nature of the work, the handling of PHI, and the responsibilities of each
party.
4. Risk Management: A service agreement can also include terms related to liability, indemnification,
dispute resolution, and other legal protections for both parties.
5. Regulatory Compliance: Sometimes, regulations or internal policies of the covered entity might
necessitate a formal service agreement in addition to a BAA.
6. Integration of Agreements: Often, the BAA is either attached as an addendum to the service agreement
or integrated into the service agreement as a section or clause, ensuring that all aspects of the
relationship are covered in a single, cohesive legal document.
7. Flexibility for Specific Arrangements: In some cases, particularly in smaller or less formal arrangements,
the BAA might be the only written agreement between the parties. However, this is less common and
generally not advisable due to the lack of detail regarding the broader scope of the relationship.
While a separate service agreement is not a legal prerequisite for a BAA under HIPAA, it is typically part of best
practices to have both. This ensures a clear, comprehensive, and compliant framework for the relationship
between a covered entity and a business associate. Legal counsel should be consulted to create these documents,
ensuring they meet all legal requirements and adequately protect the interests of both parties.
Service Agreements and Consideration Requirements
In contract law, for an agreement to be considered legally binding, it generally must contain certain elements, one
of which is often referred to as "consideration." Consideration is something of value that is exchanged between
the parties to a contract.This can include money, goods, services, promises, or other types of value. Key elements
of consideration include:
1. Remuneration as Consideration: In many contracts, remuneration (payment of money) is a common
form of consideration. One party agrees to provide a service or a product, and the other party agrees to
pay for that service or product.
2. Non-Monetary Consideration: However, consideration does not necessarily have to be monetary. It can
be anything of value to the parties involved. For example, in a barter agreement, goods or services are
exchanged without any money changing hands.
3. Mutuality of Obligation: The key aspect is that there must be a mutuality of obligation—each party is
obligated to give or do something in exchange for what they receive.A unilateral promise without such
an exchange is generally not enforceable as a contract.
4. Nominal Consideration: In some cases, contracts may include what is known as "nominal consideration"
(e.g., $1) to satisfy the legal requirement for consideration, even when the actual value of the exchange is
not balanced or is more symbolic.
Fresno CIE - Technical and Operational Plan
November 2024
Page 163
Attachment A
5. Exceptions and Specific Contexts: There are exceptions and specific contexts where contracts might be
valid without traditional consideration. For instance, certain promissory notes and charitable pledges can
sometimes be enforced without consideration, depending on jurisdiction and specific circumstances.
In summary, while remuneration is a common form of consideration, it is not the only form.A legally binding
service agreement must have consideration, but this consideration can take various forms, not just monetary
payment. The essential factor is that something of value is exchanged between the parties.
Use of a Memorandum of Understanding (MOU) in Lieu of a Service Agreement
A Memorandum of Understanding (MOU) can sometimes be used in place of a formal service agreement, but its
appropriateness and effectiveness depend on the specific circumstances and the level of detail in the MOU. In the
context of sharing data between a covered entity and a business associate under HIPAA, there are several
important considerations:
1. Nature of an MOU:An MOU is typically less formal than a service agreement. It is often used to outline
the intentions of the parties and the general terms of their agreement, but it might not include the
detailed terms and conditions that a formal contract would.
2. Legal Binding Nature:While MOUs can be legally binding if they contain all the elements of a contract
(such as offer, acceptance, intention to create legal relations, and consideration), they are often viewed as
expressions of understanding rather than enforceable contracts. The binding nature of an MOU depends
on its content and how it is worded.
3. Scope and Detail: For an MOU to effectively take the place of a service agreement, it should be
sufficiently detailed. This includes clearly defining the roles and responsibilities of each party, the scope of
the data to be shared, the purpose of data sharing, data protection measures, compliance with HIPAA and
other relevant laws, and procedures for breach notification, among other aspects.
4. HIPAA Compliance: Under HIPAA, covered entities must have a Business Associate Agreement (BAA)
with any business associate that creates, receives, maintains, or transmits Protected Health Information
(PHI) on their behalf. This is a specific requirement and an MOU, even if it covers other aspects of the
relationship, may not suffice if it does not meet the criteria of a BAA.
5. Specificity of Terms: Service agreements usually include specific terms regarding duration, termination,
dispute resolution, confidentiality, indemnification, and other legal clauses. If the MOU lacks these
specifics, it may not provide the same level of clarity and protection as a service agreement.
6. Interpretation and Enforcement: MOUs may be open to broader interpretation than formal contracts,
potentially leading to disputes or misunderstandings. The enforceability of an MOU can be a complex
legal question, often requiring judicial interpretation.
7. Legal and Regulatory Requirements: Given the regulatory environment, especially in healthcare, it's
crucial to ensure that any agreement, whether it's an MOU or a formal contract, meets all legal and
regulatory requirements.
In summary, while an MOU can sometimes serve the purpose of a service agreement, it's important to carefully
consider whether it includes all necessary details and legal requirements, especially in a regulated environment
like healthcare. In many cases, particularly where HIPAA compliance is concerned, a more formal service
agreement and a separate BAA might be necessary to fully address all legal obligations and ensure enforceability.
Sufficiency of a BAA vs. Data Sharing Agreement
In the context of HIPAA compliance, whether a Business Associate Agreement (BAA) suffices to support the
transmission of data to an agent or if an additional data-sharing agreement is needed depends on the specifics of
the relationship between the covered entity and the business associate, as well as the nature of the data being
shared. Here are key points to consider:
Fresno CIE - Technical and Operational Plan
November 2024
Page 164
Attachment A
Business Associate Agreement (BAA)
• Primary Purpose:The BAA is specifically designed to meet HIPAA requirements. It establishes the
permissible uses and disclosures of Protected Health Information (PHI) by the business associate, as
mandated by HIPAA.
• Contents: A BAA typically includes terms that cover the use, safeguarding, and disclosure of PHI, as well
as requirements for reporting breaches of unsecured PHI.
• Legally Required: For any entity that functions as a business associate, a BAA is a legal requirement
under HIPAA.
Data Sharing Agreement (DSA)
• Additional Specifics:A DSA can provide more detailed provisions regarding the handling, processing,
and management of data that may not be specifically related to PHI or covered under HIPAA.
• Scope: DSAs may cover broader types of data and additional obligations such as data quality, data
retention, and data destruction policies, which might not be extensively detailed in a BAA.
• Context-Specific Requirements: In certain contexts, a DSA might be necessary to address specific
requirements of a project or collaboration that are not fully covered in a BAA.
Deciding Between BAA and DSA
1. Nature of Data: If the data being shared is exclusively PHI and the relationship is covered under HIPAA, a
BAA may suffice.
2. Additional Data Types: If the business associate will handle other types of data beyond PHI, or if there
are specific requirements or risks associated with the data sharing that are not addressed in the BAA, a
separate DSA may be necessary.
3. Compliance with Other Laws: If other laws and regulations apply to the data (such as FERPA for
educational records or CCPA for consumer data in California), a DSA may be needed to ensure
compliance with those regulations.
4. Complex Projects: For more complex arrangements or projects that involve multiple types of data, a DSA
can provide the necessary legal framework to address all aspects of data handling and sharing.
While a BAA is essential for HIPAA compliance, whether an additional DSA is required depends on the nature of
the data shared and the specifics of the relationship. A BAA might suffice in many cases, but a DSA can be
beneficial or necessary in situations involving a broader scope of data or specific project requirements. Legal
advice should be sought to ensure appropriate and compliant data sharing arrangements.
Sharing Data Under FERPA
Key Components of Data Sharing Agreements Under FERPA
• Purpose of Data Sharing: Clearly define why the data is needed and how it will be used.
• Confidentiality and Privacy: Include clauses that ensure the protection of student data, consistent with
FERPA requirements.
• Access Controls: Stipulate who can access the data and under what circumstances.
• Data Retention and Destruction: Define how long the data can be retained and the process for securely
destroying the data when it's no longer needed.
• Parental Consent: If applicable, include procedures for obtaining parental consent.
• Audit and Compliance: Provision for regular audits to ensure compliance with the agreement and FERPA.
Considerations for Specific Data Types
Fresno CIE - Technical and Operational Plan
November 2024
Page 165
Attachment A
• Directory Information: Understand what constitutes directory information, which can be shared more
freely under FERPA.
• Non-directory Information: Requires stricter controls and often explicit consent for sharing.
State and Local Regulations
• Be aware of any additional state or local regulations that may apply to student data privacy beyond
FERPA.
Consultation with Legal Counsel
• Given the complexity and potential legal ramifications, it's crucial to work with legal counsel experienced
in education law to draft or review any agreements.
Training and Compliance
• Ensure that all personnel who will handle the data are trained in FERPA compliance and understand the
obligations under the agreement.
Operating as a School Official
Operating as a school official for a Local Education Agency (LEA) involves various legal and administrative
considerations, particularly when it comes to accessing and handling student records under the Family
Educational Rights and Privacy Act (FERPA). For a third-party, the necessity of an executed Service Agreement, or
similar legal document,which defines the business relationship between LEA and agent is typically required but
depends on several factors:
1. Role and Responsibilities
• Definition of a School Official: FERPA defines a school official as a person employed by the LEA as
an administrator, supervisor, instructor, or support staff member (including health or medical staff
and law enforcement unit personnel); a person serving on the school board; a person or company
with whom the LEA has contracted to perform a special task (such as an attorney, auditor, medical
consultant, or therapist); or a parent or student serving on an official committee, such as a disciplinary
or grievance committee, or assisting another school official in performing his or her tasks.
• Determination of "Legitimate Educational Interest":A school official has a legitimate educational
interest if the official needs to review an education record in order to fulfill his or her professional
responsibility.
2. Service Agreement or Contractual Relationship
• For external parties (not directly employed by the LEA) who operate as school officials, a formal
agreement or contract is typically necessary.
• This agreement should outline the nature of the service being provided, the responsibilities and
expectations of the school official, and compliance requirements with FERPA.
3. FERPA Compliance
• Any school official, whether internal or external, must comply with FERPA's requirements regarding
the protection of student education records.
• The agreement or contract should stipulate adherence to FERPA's privacy and data security standards.
4.Access to Education Records
• The agreement should specify the extent to which the school official has access to education records,
consistent with their role and responsibilities.
• Access should be limited to what is necessary for the performance of their duties.
S. Data Security and Confidentiality
Fresno CIE - Technical and Operational Plan
November 2024
Page 166
Attachment A
• The agreement should include provisions for ensuring the confidentiality and security of education
records.
• Policies regarding data breach notification should also be included.
6. Duration and Scope
• It should clearly state the duration of the agreement and the specific scope of services being
provided.
7. Legal and Ethical Considerations
• If the school official is handling sensitive or personal information, there may be additional legal and
ethical considerations to address in the agreement.
8. Review and Approval
• Such agreements should be reviewed and approved by the LEA's legal counsel to ensure compliance
with all applicable laws and regulations.
Recordation: FERPA (§ 99.32(d)(2)) does not require educational agencies and institutions to record disclosures of
PH from education records to school officials under § 99.31(a)(1).
In summary, while internal school officials (such as employees of the LEA) may not need a separate service
agreement to perform their roles, external parties acting as school officials typically require a formal agreement or
contract. This agreement should detail their role, responsibilities, and the scope of access to education records,
and ensure compliance with FERPA and other relevant laws. Legal consultation is recommended to ensure these
agreements meet all necessary legal standards.
Public Disclosure of FERPA data
"Disclosure" means to permit access to or the release, transfer, or other communication of PH by any means.
Disclosure can be authorized, such as when a parent or an eligible student gives written consent to share
education records with an authorized party or if the disclosure meets one or more of the conditions outlined in 20
U.S.C. § 1232g(b) and (h) — 0) and 34 CFR § 99.31. Disclosure can also be unauthorized or accidental.
An unauthorized disclosure can happen due to a data breach or a loss.
An accidental disclosure can occur when data released in public aggregate reports are unintentionally presented
in a manner that allows individual students to be identified. "Disclosure avoidance" refers to the efforts made to
reduce the risk of disclosure, such as applying statistical methods to protect PH in aggregate data tables.These
safeguards, often referred to as disclosure avoidance methods, can take many forms (e.g., data suppression,
rounding, recoding, etc.).
Standard to evaluate accidental disclosure risk
The FERPA standard for de-identification assesses whether a "reasonable person in the school community who
does not have personal knowledge of the relevant circumstances" could identify individual students based on
reasonably available information, including other public information released by an agency, such as a report
presenting detailed data in tables with small size cells (34 CFR §99.3 and §99.31(b)(1)).The "reasonable person"
standard should be used by State and local educational agencies and institutions to determine whether statistical
information or records have been sufficiently redacted prior to release such that a "reasonable person" (i.e., a
hypothetical, rational, prudent, average individual) in the school community should not be able to identify a
student because of some well-publicized event, communications, or other similar factor. School officials, including
teachers, administrators, coaches, and volunteers, are not considered in making the reasonable person
determination since they are presumed to have inside knowledge of the relevant circumstances and of the
identity of the students.
Fresno CIE - Technical and Operational Plan
November 2024
Page 167
Attachment A
Best practices in avoiding accidental disclosure
Commonly used disclosure avoidance methods include data suppression, blurring, and perturbation. When
deciding which method to apply in a specific situation, it is important to evaluate the different methods in terms
of their effects on the utility of the data and the risk of disclosure.
• Suppression involves removing data (e.g., from a cell or a row in a table) to prevent the identification of
individuals in small groups or those with unique characteristics.This method may often result in very little
data being produced for small populations, and it usually requires additional suppression of non-sensitive
data to ensure adequate protection of PH (e.g., complementary suppression of one or more non-sensitive
cells in a table so that the values of the suppressed cells may not be calculated by subtracting the
reported values from the row and column totals). Correct application of this technique generally results in
low risk of disclosure; however, it can be difficult to perform properly because of the necessary
calculations (especially for large multi-dimensional tables). Further, if additional information related to the
suppressed data is available elsewhere, the suppressed cells may potentially be re-calculated.
• Blurring is used to reduce the precision of the disclosed data to minimize the certainty of identification.
Examples of blurring include rounding, aggregating across different populations or geographies, and
reporting percentages and ranges instead of exact counts.This method may affect the utility of the data
by reducing users' ability to make inferences about small changes in the data. Similarly, blurring methods
that rely on aggregation across geographies or subgroups may interfere with time-series or cross-
sectional data analysis.Applying this technique generally ensures low risk of disclosure; however, if any
un-blurred cell counts or row and/or column totals are published (or are available elsewhere), it may be
possible to calculate the values of sensitive cells.
• Perturbation involves making small changes to the data to prevent identification of individuals from
unique or rare population groups. Examples of this technique include swapping data among individual
cells (this still preserves the marginal distributions, such as row totals) and introducing "noise," or errors
(e.g., by randomly reclassifying values of a categorical variable).This method helps to minimize the loss of
data utility as compared to other methods (e.g., compared to the complete loss of information due to
suppression); however, it also reduces the transparency and credibility of the data.Therefore, perturbation
is often considered inappropriate for public reporting of program data, from an accountability
perspective.Applying this technique generally ensures low risk of disclosure, as long as the rules used to
alter the data (e.g., the swapping rate) are protected. This requires securing the information about the
technique itself as well as restricting access to the original data, so that perturbation rules cannot be
reverse-engineered.
Use of small cells when displaying data
Reporting unrounded frequency counts in small cells, such as an exact number of students in a small group, does
not by itself constitute a disclosure; however, the smaller the cell size, the greater the likelihood that someone
might be able to identify an individual within that cell, and thus the greater the risk of disclosure. Many
statisticians consider a cell size of 3 to be the absolute minimum needed to prevent disclosure, though larger
minimums (e.g., 5 or 10) may be used to further mitigate disclosure risk (see below).
U.S. Department of Education recommendations for disclosure avoidance
The Department does not mandate a particular method, nor does it establish a particular threshold for what
constitutes sufficient disclosure avoidance.These decisions are left up to the individual State and local educational
agencies and institutions to determine what works best within their specific contexts.As a general
Fresno CIE - Technical and Operational Plan
November 2024
Page 168
Attachment A
recommendation, in aggregate publicly available reports, whenever possible, data about individual students (e.g.,
proficiency rates presented as cross-tabulated tables) should be combined with data from a sufficient number of
other students to disguise the attributes of a single student.When this is not possible, data about small numbers
of students should not be published. Moreover, under the ESEA, each State must establish a minimum sub-group
size (e.g., number of students in a table cell) below which it will not publicly report assessment data. This
threshold value and other reporting rules should be specified in the documents describing the State's data
reporting policies and practices implemented to protect student privacy. Minimum cell sizes adopted by the
States range from 5 to 30 students, with a majority of States using 10 as their minimum (NCES 2011-603). Please
note that simple suppression of small subgroups may not be sufficient to protect the privacy of all students, since
the suppressed numbers can often be easily calculated by subtracting the reported subgroups' totals from the all-
student totals or by comparing the school and district enrollment information. In some cases, complementary
suppression of additional non-sensitive cells may be necessary.
The Department strongly suggests using a computer software or algorithm to apply disclosure limitation
methods, as some techniques may be difficult to implement accurately by hand. In particular, to ensure correct
application of data suppression method, care should be taken when suppressing any complementary cells. Lastly,
it is preferable, from a data user perspective, to apply consistent methods year to year and to use the same
disclosure avoidance strategies for similar types of data releases.
Additional Resources
• Case Study#5: Minimizing Access to PII: Best Practices for Access Controls and Disclosure Avoidance
Techniques. Privacy Technical Assistance Center (Oct 2012): http://ptac.ed.gov/sites/default/files/case-
study5-minimizing-PII-access.pdf
• Code of Federal Regulations - Title 34: Education. Disaggregation of data. 34 CFR §200.7:
www.gpo.voq v/fdsys/pkg/CFR-2011-title34-volt/pdf/CFR-2011-title34-vol1-sec200-7.pdf
• FERPA regulations, U.S. Department of Education:www.ed.gov/policy/gen/reg/ferpa FERPA regulations
amendment. U.S. Department of Education (December 9, 2008):
www.ed.gov/leg islation/Fed Reg ister/finrule/2008-4/120908a.pdf
• FERPA regulations amendment. U.S. Department of Education (December 2, 2011):
www.cipo.ciov/fdsys/pkg/FR-2011-12-02/pdf/2011-30683.pdf
• Frequently Asked Questions—Disclosure Avoidance. Privacy Technical Assistance Center (Oct 2012):
http://ptac.ed.gov/sites/default/files/FAQs disclosure avoidance.pdf
• Privacy Technical Assistance Center (PTAC), U.S. Department of Education: http://ptac.ed.gov
• SLDS Technical Brief 3: Statistical Methods for Protecting Personally Identifiable Information in Aggregate
Reporting (NCES 2011-603): http://nces.ed.gov/pubs20ll/2011603.pdf
• Statistical Policy Working Paper 22 - Report on Statistical Disclosure Limitation Methodology. Federal
Committee on Statistical Methodology, Office of Management and Budget (1994):
http://fcsm.gov/working-papers/wp22.html
• Technical Brief: Statistical Methods for Protecting Personally Identifiable Information in Aggregate
Reporting (NCES 2011-603): http://nces.ed.gov/pubs20ll/2011603.pdf
• Statistical Policy Working Paper 22 - Report on Statistical Disclosure Limitation Methodology. Federal
Committee on Statistical Methodology, Office of Management and Budget (1994):
http://fcsm.gov/working-papers/wp22.html
• Technical Brief: Statistical Methods for Protecting Personally Identifiable Information in the Disclosure of
Graduation Rates of First-Time, Full-Time Degree- or Certificate-Seeking Undergraduate Students by 2-
Fresno CIE - Technical and Operational Plan
November 2024
Page 169
Attachment A
Year Degree-Granting Institutions of Higher Education (NCES 2012- 151):
httl2://nces.ed.gov/pubs20l2/2012151.pdf
Potential Legal Framework for Education Record Disclosure -
Demonstration of Legitimate Educational Interest
Overview
For a Local Education Agency (LEA) to share pupil records with a technical vendor, there must be legitimate
educational interest that supports the disclosure.To demonstrate this, a vendor must clearly show that their
services support the educational or administrative functions of the LEA.This is primarily achieved through a
detailed written agreement that specifies the nature of the services, the educational purposes they serve, and
strict data use and security protocols. By adhering to these requirements,vendors can align with FERPA and the
California Education Code, ensuring that they operate in the educational interest of students.
Definition of Legitimate Educational Interest
FERPA
FERPA defines "legitimate educational interest" as the need for a school official to review an education record in
order to fulfill their professional responsibilities. According to 34 CFR § 99.31(a)(1)(i)(13):
• A contractor, consultant,volunteer, or other party to whom an educational institution has outsourced
institutional services or functions may be considered a "school official" with legitimate educational
interest, provided that the contractor:
o Performs an institutional service or function for which the school would otherwise use employees.
o Is under the direct control of the school with respect to the use and maintenance of education
records.
o Uses education records only for authorized purposes and does not redisclose the information
without proper consent.
California Education Code
The California Education Code §49076 (a)(2)(G)(i) outlines similar provisions, emphasizing that contractors or
consultants must:
• A contractor or consultant with a legitimate educational interest who has a formal written
agreement or contract with the school district regarding the provision of outsourced institutional
services or functions by the contractor or consultant.
Demonstrating Legitimate Educational Interest
For a vendor providing technology services, demonstrating legitimate educational interest involves ensuring that
the services provided directly support the educational mission and administrative functions of the LEA. In order to
achieve this, practical steps should include:
1. Written Agreement:
o The LEA must have a detailed written contract with the vendor.This agreement should specify:
■ The exact nature of the services provided.
• How these services support the educational and/or administrative functions of the LEA.
■ The vendor's responsibilities in terms of data use, security, and confidentiality.
2. Data Use Policies:
o The vendor must use the data solely for the purposes outlined in the contract and must
implement strict data security measures.
Fresno CIE - Technical and Operational Plan
November 2024
Page 170
Attachment A
o The vendor should not use the data for any commercial purposes, such as targeted advertising or
creating student profiles for non-educational purposes.
3. Direct Control:
o The LEA must maintain direct control over the vendor's access to and use of student data. This
can include provisions for:
■ Regular audits and monitoring.
■ Clear protocols for data access and handling.
■ Immediate notification of any data breaches.
Examples in Practice
1. Learning Management Systems (LMS):
o Vendors like Canvas, Google Classroom, and Blackboard provide platforms that allow teachers to
manage coursework, track student progress, and facilitate online learning.These platforms are
directly tied to the instructional process and help schools achieve their educational objectives.
2. Student Information Systems (SIS):
o Companies like PowerSchool and Infinite Campus provide systems for managing student records,
attendance, grades, and other administrative functions. These systems are crucial for school
administration and directly support the management of student data.
3. Assessment Tools:
o Tools like i-Ready and NWEA MAP provide assessment services that help schools measure
student progress and identify areas for improvement.These assessments are integral to the
educational process and support data-driven decision-making in schools.
Demonstrating Legitimate Educational Interest for Technical Development of the
Fresno CIE Suicide Prevention Pilot
Conceptual Framework for Fresno CIE Vendor Statement of Service for the Suicide Prevention Pilot
A vendor will provide services to the Local Education Agency (LEA) that involves securely hosting student IDs.
These IDs will only be used to send alerts containing these student IDs to the LEA which submitted them in the
event of a match with a 5150 hold or similar event logged within a healthcare setting. The data will be securely
held solely for this purpose and will remain under the direct contractual control of the LEA. Services support the
LEA's educational and administrative functions by enabling timely intervention and support for students
experiencing traumatic events.
Elements of Legitimate Educational Benefit through the LEA
• Timely Response:
o The school can quickly mobilize counseling services, contact the student's family, and offer other
necessary supports, helping to address the student's needs effectively.
• Targeted Support:
o By receiving real-time alerts, the school can tailor its response to the specific situation, ensuring
the student gets the appropriate help.
Legal and Practical Justifications
• Emergency Situations:
o FERPA allows schools to share student records without consent in health or safety emergencies.
While this service primarily uses the "legitimate educational interest" rule, the urgent nature of a
5150 hold highlights the need for quick information sharing to protect the student.
• Supporting Student Health:
o The California Education Code supports sharing information necessary to protect a student's
health and safety. The vendor's role in providing real-time alerts fits within this protective scope,
Fresno CIE - Technical and Operational Plan
November 2024
Page 171
Attachment A
helping the school ensure the student's well-being.
Relevant Legal Requirements and Justification
Federal Law: FERPA
The Family Educational Rights and Privacy Act (FERPA) is a federal law that protects the privacy of student
education records. According to FERPA, schools can share student records with outside parties, like vendors,
under certain conditions:
1. Necessary Services:
o The vendor must provide a service that the school would otherwise perform using its own staff. In
this case, the service is hosting student IDs in order to provide alerts about mental health crises,
which supports the school's responsibility to care for student welfare.
2. Control and Use:
o The school must have direct control over the vendor regarding how the student records are used
and maintained.This means the school sets strict rules about what the vendor can do with the
information.
3. Purpose Limitation:
o The vendor can only use the student records for the specific purpose outlined in their agreement
with the school, which is to provide a student ID to participating LEAS after generating real-time
alerts for 5150 holds and not for any other purpose.
State Law: California Education Code
The California Education Code has similar requirements to FERPA:
1. Written Agreement:
o There must be a formal contract between the school district and the vendor specifying the service
to be provided, which in this case is generating alerts for LEAS to use during a student mental
health crises.
2. Educational Interest:
o The vendor's service must clearly support the educational mission. By providing timely alerts, the
school can quickly offer necessary support, helping the student stay on track academically despite
the crisis.
3. Data Security:
o The vendor must implement strong security measures to protect student information from
unauthorized access or disclosure.This includes measures like encryption and regular security
audits.
Summary Conclusion
The collaboration between a school district and a vendor to host student IDs and provide real-time alerts for
mental health crises complies with both federal and state laws. By ensuring the vendor operates under the
school's control, uses data only for its intended purpose, and protects the information with robust security
measures, the arrangement helps schools support their students during critical times while adhering to legal
requirements.This integration of technology into school services highlights a practical way to enhance student
support and well-being.
The
FCSS Legal Review Summary of Sharing School Data with the CIE
The primary legal consideration in sharing data with the CIE is whether submission of student ID numbers and
gender information for suicide prevention alerts or other purposes yet to be determined aligns with the concepts
Fresno CIE - Technical and Operational Plan
November 2024
Page 172
Attachment A
of"legitimate educational interest" and "outsourced institutional functions" under FERPA and California Education
Code.
The main legal challenge lies in whether an HIE (Health Information Exchange) hosting student data to provide
alerts on suicide-related events can be seen as fulfilling an LEA function that would typically require LEA
employees.This issue hinges on whether such alerts fall under educational functions or more accurately represent
behavioral health interests, which do not clearly fit FERPA's framework for "legitimate educational interest" or
"outsourced institutional functions." This limits data sharing from educational sources into a CIE environment to
directory information only.
FERPA's "emergency" exception is another example of a legal portal for sharing data, but is limited to ex post
facto applications, leaving gaps for ongoing data sharing without specific emergencies.
A legally viable approach for educational partners participation in the CIE is to use directory information, which
falls outside FERPA's "education records" and the California Education Code's "pupil records."With directory
information, LEAS can confirm student identity and residence without needing to apply"legitimate educational
interest" or"outsourced institutional function" arguments. This would enable data sharing within legal bounds,
avoiding the complexities of FERPA and Education Code requirements.
Key Recommendations for the Project:
1. Use of Directory Information: Instead of unique student IDs, directory information could confirm
student identity and district residency, serving the intended function without invoking FERPA or California
Education Code privacy restrictions.
This approach aims to balance legal compliance with the operational goals of the Fresno CIE Suicide Prevention
Pilot while minimizing potential regulatory obstacles for participating LEAS.
Fresno CIE - Technical and Operational Plan
November 2024
Page 173
Attachment A
Service Level Agreements (SLAB) or Data Sharing Agreements
(DSAs)
SLAB and DSAs are needed between any parties needing to share sensitive data. Work is needed to identify
specific SLA's and DSA's for entities involved in sharing of data for this effort as some do not currently exist
or if agreements exist, they are not sufficient to cover the needed scope of requirements. Samples of
considerations regarding, and elements of, SLAB and DSAs (including consent and privacy considerations),
include:
SLA: DSA:
• Business objectives • Authority
• Performance standards • Access provisions
• Reporting mechanisms • Confidentiality&disclaimers
• Critical failure processes • Timeframe for agreement
• Change processes • Authorized use and disclosure
• Uptime/Availability • Data retention and disposal
• Time to recovery and response
• Continuity of services
• Disaster recovery/failover
Example Industry Standard SLAs
Amazon Web Services (AWS)
• Link:AWS Service Level Agreement
• Overview:
o Service Availability: AWS guarantees a monthly uptime percentage of at least 99.99%for most
of its services, including EC2 (Elastic Compute Cloud) and S3 (Simple Storage Service).
o Performance Metrics:AWS defines performance metrics for various services, ensuring
predictable and reliable performance levels.
o Compensation: In the event of service outages or performance degradation,AWS offers service
credits as compensation, which can be used to offset future bills.
Microsoft Azure
• Link: Microsoft Azure SLA
• Overview:
o Service Availability: Azure provides a 99.9% uptime guarantee for most of its services, with some
services offering up to 99.99% availability.
o Downtime Definition: Clear definitions of what constitutes downtime, including planned
maintenance windows and unplanned service interruptions.
o Service Credits: Similar to AWS, Azure offers service credits based on the percentage of uptime
achieved in a billing month.
Recommended SLAs for CIE Launch
In the initial phase of the project, it is advisable to focus on a limited number of easily understood and
measurable metrics.As the system evolves and its performance becomes more predictable, the SLA terms can be
expanded and refined to include more detailed content and expectations. The following recommendations are
based on industry norms and professional experience. Final metrics and SLAB should be developed with input
from end-user stakeholders to ensure they align with user expectations for the CIE's performance.
Fresno CIE - Technical and Operational Plan
November 2024
Page 174
Attachment A
1. Uptime Requirements
• System Uptime: Ensure the CIE system and individual microservices maintain a high level of
availability.
o Suggested SLA Level: 99.9% uptime over a week (Monday to Sunday).
o Methodology: Uptime is often measured as a percentage of total available minutes. For
example, with a 99.9% SLA, the CIE can have a maximum of 45 minutes of downtime per
month (44,640 minutes in a 31-day month).
2. Sustainable Usage Estimates
• Performance Metrics: Establish baseline values for sustainable usage without significant
performance degradation, including average and peak requests per second/minute for the CIE system
and individual microservices.
o Peak Traffic/Hour Calculation: Aggregate peak user activity from all partner organizations
over the last 12 months, adding 25%to accommodate growth.
o Average Traffic/Hour Calculation: Calculate the average user activity over the last three
months, dividing the total by the number of systems and adding 25%for growth.
3. System Latency
• Latency Definition: Measure the time taken for a request to travel through the CIE microsystems,
starting and ending with the API service.
o Current Status: Initial latency metrics will be established post-build, following a series of load
tests simulating real-world traffic.
o Load Testing: Conduct load tests to simulate realistic payloads,volume, and velocity, and
plan for future growth over three years.
o Performance Optimization: Use load test results and logging data to identify and address
performance bottlenecks, such as software bugs or inefficient architectural choices.
• Latency Metrics:
o Average Latency: Set based on the 50-60% level of the final load test results.
o Maximum Latency: Set at no more than 95% of the maximum latency observed during the
final load test, subject to partner discussions.
4. Support SLAB
• Error Severity Classifications:
o Severity Level 1: Critical Impact/System Down (complete microservice outage).
o Severity Level 2: Significant Impact/Severe service degradation.
o Severity Level 3: Minor Impact/Most of the microservice functions properly.
o Severity Level 4: Low Impact/Informational.
• Support Systems:
o On-Call Support Paging Service: Utilize a third-party system (e.g., PagerDuty, Incident.io)
for immediate communication with on-call engineers via phone, SMS, instant messaging, or
email for Severity 1 or 2 issues.
o Support Ticketing System: Implement a system (e.g., Zendesk, Zoho Desk) for end users to
create support tickets, facilitating two-way communication and tracking resolution times.
• Response Times:
o Severity 1 Issues: < 15 minutes for acknowledgment by on-call engineer.
o Severity 2 Issues: < 30 minutes for acknowledgment by on-call engineer.
o Severity 3 Issues: < 24 hours (business day) for acknowledgment by support engineer.
o Severity 4 Issues: < 5 business days for acknowledgment by support engineer.
Establishing clear SLAB is essential for ensuring the reliability and performance of the CIE. These agreements set
Fresno CIE - Technical and Operational Plan
November 2024
Page 175
Attachment A
expectations for system availability, performance, and support, helping to maintain trust and satisfaction among
all stakeholders. By starting with foundational metrics and expanding them as the system matures, the CIE can
continuously improve its service quality and responsiveness.
Fresno County CIE Governance Framework
High-level governance of the Fresno County Community Information Exchange (CIE) will be developed in tandem
with the Technical and Operational Plan as a distinct but aligned process. Governance of the CIE is a foundational
aspect critical to its success and sustainability. Effective governance ensures that the CIE operates in a manner that
is transparent, inclusive, and accountable to the community it serves.This section outlines the steps necessary to
establish a robust governance framework that will guide the operations and evolution of the CIE, addressing the
following key areas:
1. Identify and Define Core Governance Principles Establishing core governance principles is essential for
setting the tone and direction of the Fresno CIE.These principles will prioritize community needs,
ensuring that the CIE operates transparently, inclusively, and with a strong sense of accountability. By
clearly defining these principles, the CIE can build a foundation that aligns with its mission and values,
fostering trust and collaboration among all stakeholders.
2. Establish a Customized Governance Framework The governance framework for the CIE must be
tailored to address the unique needs and priorities of the Fresno community.This involves developing a
structure that accommodates local dynamics and stakeholder expectations. A customized governance
framework will ensure that the CIE is responsive and adaptable, providing a solid structure for decision-
making and operational management.
3. Representative Joint Governance Team A key component of the governance framework is the
establishment of a Joint Governance Team.This team will be composed of representatives from various
organizations that share data and utilize the CIE. By involving diverse stakeholders in the governance
process, the CIE can ensure that multiple perspectives are considered, promoting fairness and inclusivity
in its operations.
4. Conflict Resolution Mechanisms Effective governance requires clear mechanisms for resolving conflicts
that may arise between CIE partners. Establishing well-defined conflict resolution processes will help
maintain harmony and collaboration within the CIE.These mechanisms should be transparent and
equitable, ensuring that all parties have a fair opportunity to present their concerns and reach mutually
agreeable solutions.
5. Data Stewardship and Privacy The governance model of the CIE must prioritize data stewardship and
privacy, particularly concerning Personally Identifiable Information (PII) and Protected Health Information
(PHI). Implementing stringent data protection measures will safeguard the privacy of individuals and
maintain the integrity of the CIE. This commitment to data stewardship will build trust among participants
and encourage broader participation in the CIE.
6. Legal and Regulatory Compliance Ensuring compliance with legal and regulatory requirements is crucial
for the CIE's credibility and functionality.The governance framework must include mechanisms to monitor
adherence to data sharing frameworks, policies, procedures, and guidelines.Additionally, it should outline
processes for addressing breaches or noncompliance to protect the interests of all CIE participants and
maintain the system's integrity.
7. Regular Governance Review and Adaptation Governance practices must evolve to remain effective and
relevant. Implementing a process for regular review and adaptation of governance practices will ensure
that the CIE continues to meet the changing needs of its participants and the community. Continuous
improvement efforts will help the CIE stay aligned with best practices and emerging trends in data
governance and community information exchange.
Fresno CIE - Technical and Operational Plan
November 2024
Page 176
Attachment A
Overview of Fresno CIE Field-Level Governance
The Fresno Community Information Exchange (CIE) is a framework designed to enable secure and efficient data
sharing among various organizations in Fresno at the field level. This governance structure ensures that each
partner in the network can share and receive specific data fields according to agreed-upon rules and protocols,
tailored to the specific needs and regulations of the Fresno CIE partnership. Field-level governance is essential for
maintaining data privacy, compliance, and the integrity of the information exchanged within the CIE network.
Field Sharing and Partner Agreements
• Field Sharing Decisions: Partners in the Fresno CIE must decide which data fields they will share with other
organizations.This process requires careful consideration:
• Fields may be shared only with specific partners.
• Certain fields may be shared with all partners in the system.
• Internal Governance Agreements: Each organization must establish internal governance policies to
determine what data can be shared.This involves creating rules and protocols within their own governance
structure to ensure data privacy and compliance with relevant regulations and organizational needs.
• Inter-Organizational Agreements: In addition to internal policies, organizations must agree on data sharing
terms with other partners in the Fresno CIE network.These agreements define:
• What data will be shared.
• With whom the data will be shared.
• The conditions under which the data can be accessed and used.
• The frequency with which data will be shared.
• Other parameters as defined by the partnership.
Governance for Changing Fields and Access
• Regular Reviews and Updates: Governance rules and data sharing agreements should be reviewed regularly
to ensure they remain relevant and effective.
• Approval Processes: Any changes to field sharing rules must go through a formal approval process within
each organization's governance structure.
• Technical Implementation: Once approved, changes must be implemented technically to reflect the new
rules. This involves updating data access rules, data maps, and payload configurations within the CIE system.
Technical Change Management
• Implementing Governance Changes:After governance decisions are made, technical teams must update
the system to reflect these changes.This includes:
• Adjusting data access rules to align with new agreements.
• Updating data maps to ensure fields are correctly shared and received.
• Modifying payload configurations to match the new field-sharing decisions.
• Data Quality and Timeliness: It is crucial to negotiate parameters such as data timeliness and quality:
• Timeliness of Data: Establishing standards for how quickly data should be shared and updated in the
system.
• Data Quality: Ensuring that the data being shared meets agreed-upon quality standards to be useful
and reliable for all partners.
Fresno CIE - Technical and Operational Plan
November 2024
Page 177
Attachment A
• System Testing and Validation: Before deploying changes, thorough testing and validation are required to
ensure that the new configurations work as intended and do not disrupt existing operations.
Technical Process Overview
The system will initiate a DTS process by:
• Checking Data Access Rules: Reviewing the data access rules per Org_ID that govern which organizations
accept what data from which other organizations. While a long-term goal is full CIE data model integration
between participating organizations, there should be room for self-determination for each organization
regarding what information they decide to accept. For example:
• Organization A: Acts as the definitive source of specific data for other organizations but does not ingest
data in return. When a record is pushed into the CIE by Organization A, it goes to all other organizations.
However, when others push data,the data accessibility rules within the DTS disallow any payload
creation for Organization A.
o If Organization A decides in the future to consume information from another organization,
Organization C, which acts as the definitive source of a different set of data, the data access rules
can be updated to reflect that Organization A will be added to the DTS payload generation if the
payload comes from Organization C.
• Finding Appropriate Data Maps: Identifying the data map per Org_ID that accepts the payload from the
system of origin. This supplies a blueprint for which payload fields that organization will accept, their
equivalent field name within the organization's data structure, and any additional, relevant information
required.
• Returning the DTS Payload:The DTS payload is returned to the TMJQ.
• Updating the Master Record: If this is a new client record, upon receiving the DTS payload, the TMJQ sends
an update to the MPI contained within the RMS.This update reflects which organizations have the client
within their systems and what their matching fields are based on the DTS-generated payload.
Importance of Fresno CIE Field-level Governance
Effective governance in the Fresno CIE ensures that data sharing is conducted in a controlled, secure, and
transparent manner. It allows organizations to collaborate and benefit from shared data while maintaining control
over their information. By establishing clear governance structures and robust technical processes, the Fresno CIE
network can enhance its data exchange capabilities and support improved outcomes for the communities it
serves.
Regularly negotiating key parameters such as data timeliness and quality allows the Fresno CIE to maintain high
standards and provide timely, accurate information to all participating organizations. This structured approach
ensures that the CIE adapts to changing needs and continues to serve its purpose effectively.
Maintenance and Operations Costs
Maintenance and operations costs cannot be determined until systems are architected, infrastructure is
determined,vendors are selected, and support for these components are defined. Future processes will
identify where the maintenance and operational costs would exist and, when possible, estimate the
associated costs with the specific technology solutions and platforms identified to meet all requirements.
Fresno CIE - Technical and Operational Plan
November 2024
Page 178
Attachment A
Data Analytics & Performance Metrics to be Required by System
System KPIs and other metrics will be established by the primary identified decisioning body for the CIE.
Fresno CIE - Technical and Operational Plan
November 2024
Page 179
Attachment A
Risks and Mitigation
Risks and mitigation strategies must be designed by the Core Team and Workgroups once final technical
requirements have been developed.
Fresno CIE - Technical and Operational Plan
November 2024
Page 180
Attachment A
Identified Limitations to the Technical and Operational
Plan
At present, there are several gaps and uncertainties regarding the technical solutions needed to support
implementation.
Uncertainties Regarding Systems of Origin
Additional business requirements and the overall conceptual plans are needed to support the integration
of data into the CIE.
Cross-System Analyses Needed
Data profiling analysis is needed to review the systems and understand what data will be shared in of CIE
development and support the accompanying governance and legal frameworks
Summary and Next Steps
Summary
The Draft Plan describes and summarizes what is known and what additional information is needed
regarding the technology and platforms required to implement integrated data to support the goals of
Fresno CIE
The Draft Plan identifies:
• Key systems and the need to further specify the technical features and requirements to
implement integration;
• Some of the potential roles for various system users;
• The need to specify privacy issues, considerations and requirements that would apply to each of
the systems and the various system users;
• Data management considerations related to the various systems;and
• Areas in which additional information is needed to create the Final Technical and Operational Plan.
Next Steps
Additional work is needed to create the Final Technical and Operational Plan,which will be gathered from
key stakeholders throughout the Fresno CIE system.This information will be used to describe the
technology and platforms requirements, including operational challenges in implementing the systems
needed.
Fresno CIE - Technical and Operational Plan
November 2024
Page 181
Attachment A
Appendix A: Fresno CIE Data Flow Mapping
Home Visitation
Fresno County CIE-Care Coordination Level 0 Data Flow Diagram
DPH
CCS
Client Records
CIE Microservices
1.API Gateway
2.Task Manager/Job Queue
3.Data Quality Service
4.Record Matching Service
DSS: DSS Data 5.Data Transformation DPH Client Case Management Data
Locally-hosted Service DPH:
Data Systems 6.Error Handler myAvatar
7.Logging Service
8.Data Storage and Access
9.User Interface
10.Role-based Access
11.Reporting and Analytics
Diagram key
Client Case Management
Fresno County CIE Data
PartnerSpl—
• Cl--ter,
Apricot 360
Reporting
Fresno CIE - Technical and Operational Plan
November 2024
Page 182
Attachment A
Suicide Prevention
Fresno CIE Suicide Prevention Pilot-Data Flow Diagram Level 1
( Tngenr ._
Ev t
{ (e.g.td) EHR
Hold)
Vas
—�— Match ADT nlen
alert to CIE Meld17 CI6 PaM ~ Gr,tca�irtll
ADTAIert
MX MR Panel
No
I II
I Proce55 smPr.
I
I I
SL4 krl fl
I
I I
I
I
Trigger
c Even[ UBH 1I
(e.g.515g Y ^f
Had) S J
n \_/
s
to
Fresno CIE - Technical and Operational Plan
November 2024
Page 183
Attachment A
Appendix 6: Fresno CIE Data Profiles and Analysis
This content is pending the execution of required data sharing agreements to perform the data profiling.
Fresno CIE - Technical and Operational Plan
November 2024
Page 184
Attachment A
Appendix C: Fresno CIE Data Models
This content is pending the execution of required data sharing agreements to perform the data profiling.
Fresno CIE - Technical and Operational Plan
November 2024
Page 185
Attachment A
Appendix D: Fresno CIE Key Questions Inventory
Why do key stakeholders want a Community Information Exchange?
• To connect sectors, to share information across various organizations to better serve students and their
families.
• Real-time CIE that can serve the whole person, enhance quality of life, and aid the connections to
resources/services. Increase prevention and response to SDOH needs that impact both individual and
community. CIE will help us understand urgent and long-term community needs.
Why do participating partners want a Community Information Exchange?
• Improve services, systems, and practices. Build stronger communities. Build more equitable resource
allocation, access, and outcomes.
What are the key success criteria for the Community Information Exchange?
• Meeting the requirements of partners/stakeholders, staying on budget and timeline, finding and agreeing
on a platform that can provide integration and interoperability across systems, commitment from
partners, and alignment of existing county and community efforts.
Who does the Community Information Exchange primarily serve? .
• The CIE serves providers/partners (social services sector and healthcare sector) whose primary use of the
CIE is to enhance their response, services, resources, and care coordination for both individual and
community.Anyone who needs the CIE to provide services or receive services in Fresno County is
primary.
What are the key questions we want the Community Information Exchange to answer?
• Infrastructure— Real time data exchange
• Need to show"what you get"for the investment in real-time.
• Need to be able to support those who are not yet ready to provide real time data
• Understanding what level of support does an individual need in Fresno County to be successful?
What are the fundamental risks to the success of the Community Information Exchange?
• Lack of understanding regarding the use of the data, legal limitations regarding data sharing,
bureaucracy, lack of organizational support to finish the project, funding.
• Alignment across different technologies, ongoing commitment to coordinating care, and governance
bodies.
How will the Community Information Exchange engage partners to achieve success?
• Conversations and meetings to begin but also through targeted work with relevant participants. For
example, working with the Health Department and a school district on a data sharing process based on
needs.
Fresno CIE - Technical and Operational Plan
November 2024
Page 186
Attachment A
Appendix E: Fresno CIE FAQ
What is the Fresno Community Information Exchange (CIE)?
The Fresno County Community Information Exchange (CIE) is an ambitious initiative aimed at transforming the
way data is used to improve the lives of Fresno County residents. It focuses on creating an interconnected and
data-driven community by enhancing data sharing technologies and cross-sector utilization for better care
coordination and overall community well-being. This transformation is not just about improving service delivery;
it's about fostering a collaborative environment where data can be used to address complex social and health
challenges effectively.
Why do we need a CIE in Fresno County?
A real-time CIE will enhance the quality of life by addressing social determinants of health, providing
comprehensive support to individuals, and ensuring timely access to resources and services.This interconnected
system will improve prevention and response efforts, allowing us to understand and address both urgent and
long-term community needs more effectively. By fostering collaboration and data-driven decision-making, the CIE
will significantly enhance the overall well-being of Fresno County residents.
What are the main goals of the CIE?
• Improving Care Coordination: Streamlining case management and access to client information.
• Reducing Duplication of Services: Minimizing redundant data entry across different systems.
• Enhancing Reporting and Data Access: Providing real-time insights and comprehensive data analysis.
• Suicide Prevention: Integrating data from key agencies to offer timely support and resources to
individuals at risk.
What are the two CIE pilots?
Within the CIE initiative, there are two upcoming pilot programs scheduled for 2024 that are set to make a
significant positive impact in the community:
• Suicide Prevention: Fresno County recognizes the severity of the suicide crisis, with approximately
800,000 lives lost nationally every year.The CIE is proactively addressing this issue by integrating data
from key agencies to provide timely support and resources to individuals at risk.This initiative marks a
crucial step towards comprehensive multi-agency mental health care and suicide prevention efforts.
• Home Visitation Services: Fresno County is revolutionizing its home visitation services, which were
previously hindered by inefficient data allocation. The CIE's cross-sector child and family data access pilot
aims to streamline these services, resulting in improved outcomes for families, including increased
kindergarten readiness, better maternal mental health, decreased trauma, and more effective service
delivery.
What technological functionalities will the CIE offer?
• Unified Integration Platform: Central platform integrating data across all relevant systems and partners.
• Advanced Data Analytics: Real-time insights and comprehensive data analysis capabilities.
• Alert System for Critical Health Indicators:Automated alerts will support an immediate response by
multiple agencies in times of great need.
• Streamlined Workflow Management: Optimized workflows, reducing redundancy and enhancing
efficiency.
Fresno CIE - Technical and Operational Plan
November 2024
Page 187
Attachment A
• Enhanced Support System: Centralized and comprehensive tool for managing billing, eligibility, and
coordination of care.
What is the phased implementation plan for the CIE?
The CIE has a carefully structured plan for gradually integrating new technologies into existing workflows.This
phased approach ensures minimal disruption and maximizes user adoption.
Which organizations are involved in the CIE?
• CIE Core Team: Fresno County, Fresno County Superintendent of Schools, Cradle-to-Career Fresno
County.
• Youth Suicide Prevention Workgroup: Fresno County Department of Behavioral Health, Central Unified
School District, Sanger Unified School District.
• Home Visitation Workgroup: Fresno County Department of Public Health, Fresno County Department of
Social Services, Fresno Home Visitation Network.
What are the expected benefits of the CIE?
• Improved Care Coordination: Better management of client information and reduced duplication of
services.
• Enhanced Data Access and Reporting: Real-time data insights and comprehensive analysis for better
decision-making.
• Streamlined Services: More efficient workflows and optimized resource allocation.
• Better Health Outcomes: Improved maternal mental health, increased kindergarten readiness, and
decreased trauma.
How does the CIE ensure data quality and compliance?
• Centralized Data Management System: Integrated case management and data sharing protocols.
• Enhanced Data Quality Control: Standardized documentation and outcome tracking.
• Legal and Regulatory Compliance:Adherence to all relevant laws and regulations for data handling and
sharing.
Who can benefit from the CIE?
• Service Providers: Better access to health and social service records for cross-care coordination between
multiple sectors. Improved tools for managing billing, eligibility, and coordination of care.
• Families and Children: More effective service delivery and improved health outcomes.
• Community Organizations: Streamlined workflows and enhanced data sharing for better resource
allocation.
• Community Leadership:Access to comprehensive data and insights to inform decision-making and
policy development, enhancing community-wide health and well-being.
Fresno CIE - Technical and Operational Plan
November 2024
Page 188
Attachment A
Appendix F: Fresno Example Narratives
Content under development by Fresno County team members and partners.
Fresno CIE - Technical and Operational Plan
November 2024
Page 189
Attachment A
Appendix G: Current State Flowchart for ED 5150 Holds
Emergency Departments Flowchart May8,2023
Person enters ED for
T Mental Illness
mig
gh the iP
r other esno County ED completes an evulation
No
the individual s individual need to be admitted to an inpa Coordinate care
edi-Cal beneficiary or psychiatric facility(involuntarily or voluntarily)and need immediately to the Crisis
N Ye Stabilization Center or an
uninsured with na or to go to a designated facility for evaluation and treatment inpatient psychiatric
low incomet er an application for 5150 involuntary ho
hospital/facility.
Yes
Access Line will:
•Verify/document ED staff identity
•Verify current contact info for the person-served(phone,
oes the individu Contact DBH Access address)
Line 24/7 •Review DBH electronic health record
c
have the
treatment N,^�determine current or •provide ED with information about current or pas[DBH
resources in place past DBH treatment: treatment(dates,program/provider info,medications if
Yes already?
(800)654-3937 known,etc.)
•If individual is currently assigned a treatment program/
provider,Access Line will send a notification by email to
Coordintcareand he treatment program/provider to alert them about ED
dischargevisit and requesturgent outpatient follow up
individ
Will seek further
clarification from r
the EDS. Inform the person served that the Access the individual alrea
Lin will contact the treatment program/ �Ye assigned[o a DBH treatment No
provider and request urgent follow up- rogram/provider?
I individual will o
consent to and accept a
Provide the person served with written N referral to DBH for an
reminder to follow up with their assigned essment of MH treatme
t=ent program/provider. needs?
No referral is made
to DBH.
•P se provide these instructions to the person-servedDCA
a to ,
-Please Note: aye access to a phone,please call(559)600.9180 theone fo Complete the referral form.The referring person
For individuals adults or(559)600-8918 for youth if you have any quere your and the person-served will both sign the referral
who do not have scheduled visit or if you need to cancel.You may also v 8-5 at: farm verifying consent for referral.Prepare the
a phone number following records to accompany the referral:
or email,DBH UCWC for Adults,4441 E.Kings Canyon RoadA 93702 O Discharge Note
will not be able HIOP for Youth,2719 N.Air Fresno Drive, 93727 o Admission Note
to initiate 0 Medications Record
contact. o Application for 5150 hold(if applicable)
o Any other notes or relevant records
Send referral form AND the ED records to:
For minors under age IS:
Provide the person served with a •DBHHIOP@fresnocountvca.eov or
copy of the referral form along
I-Fax:559-455-4607
with any ED discharge instructions
For adults age 16 and up:
•UCWCAccess(afresnocountvca.eov or
•Fax�cco-4S5-4706
Start/End Process/At3lon ecision
Fresno CIE - Technical and Operational Plan
November 2024
Page 190