The URL can be used to link to this page

Home My WebLink AboutDiamond Drugs Inc. dba Diamond Pharmacy Services-Pharmaceutical Prescriptions and Consultation Services_A-25-041.pdf COtj County of Fresno Hall of Records, Room 301 2281 Tulare Street Fresno,California 601 Board of Supervisors 93721-2198 O� 1$56 O Telephone: (559)600-3529 FRV,t' Minute Order Toll Free: 1-800-742-1011 www.fresnocountyca.gov January 28, 2025 Present: 5- Vice Chairman Garry Bredefeld, Supervisor Luis Chavez, Supervisor Nathan Magsig, Chairman Buddy Mendes, and Supervisor Brian Pacheco Agenda No. 54. Public Health File ID: 24-1433 Re: Approve and authorize the Chairman to execute an Agreement with Diamond Drugs, Inc., dba Diamond Pharmacy Services,for pharmaceutical prescriptions and consultation services, effective upon execution, not to exceed five consecutive years,which includes a three-year base contract and two optional one-year extensions, total not to exceed $1,000,000 A MOTION WAS MADE BY VICE CHAIRMAN BREDEFELD,SECONDED BY SUPERVISOR MAGSIG,THAT THIS MATTER BE APPROVED AS RECOMMENDED.THE MOTION CARRIED BY THE FOLLOWING VOTE: Ayes: 5- Bredefeld, Chavez, Magsig, Mendes, and Pacheco Agreement No. 25-041 County of Fresno Page 58 COZj��C Board Agenda Item 54 O 1856 O FRE`'� DATE: January 28, 2025 TO: Board of Supervisors SUBMITTED BY: David Luchini, RN, PHN, Director, Department of Public Health SUBJECT: Agreement with Diamond Drugs, Inc. RECOMMENDED ACTION(S): Approve and authorize the Chairman to execute an Agreement with Diamond Drugs, Inc., dba Diamond Pharmacy Services, for pharmaceutical prescriptions and consultation services, effective upon execution, not to exceed five consecutive years, which includes a three-year base contract and two optional one-year extensions, total not to exceed $1,000,000. Approval of the recommended action will allow the Department of Public Health (Department)to utilize Diamond Drugs, Inc. (Diamond)for pharmaceutical and consultation services to treat communicable diseases. Diamond was selected by the Department through negotiations due to their ability to fulfill the scope of work and their prior history working with the Department after no bids were received for a request for quotation (RFQ) process to provide medication and pharmacy services required by the California Department of Public Health (CDPH). The agreement will be funded by CDPH grants and Health Realignment funds, with no increase in Net County Cost. This item is countywide. ALTERNATIVE ACTION(S): There are no viable alternative actions. Should your Board not approve the recommended action, the Department would not be able to obtain medications required to treat communicable diseases in high-need patients. FISCAL IMPACT: There is no increase in Net County Cost associated with the recommended action. The maximum compensation is $1,000,000 for the term. The agreement will be funded by at least one CDPH grant(19%) and Health Realignment(81%). Sufficient appropriations and estimated revenues are included in the Department's Org 5620 FY 2024-25 Adopted Budget and will be included in subsequent budget requests for the duration of the term. DISCUSSION: The Department provides treatment for communicable diseases such as tuberculosis, meningitis and syphilis to high-need residents. This recommended agreement is instrumental to provide medications for the day-to-day clinic operations as well as specialty medications to treat health outbreaks. Consulting pharmacist services are included as required by the California State Board of Pharmacy. On August 19, 2024, the Internal Services Department- Purchasing Division sent RFQ No. 25-011 for Pharmacy and Consultation services to potential vendors who were identified by the Department. The RFQ County of Fresno page 1 File Number.24-1433 File Number:24-1433 required bidders to demonstrate the capabilities and qualifications required to execute the scope of work through at least five years of experience working with public health entities. The RFQ closed September 17, 2024 with no bids being received by Purchasing. With the approval of County Purchasing, the Department reached out to Diamond to negotiate a contract because of the history and good relationship the Department has working with Diamond. It was also already demonstrated Diamond has the necessary experience and capabilities to effectively execute the scope of work through their prior contracts with the Department. Diamond further informed the Department that their email system had accidently flagged the RFQ notification as spam and were thus unable to submit a bid and would look into how they could prevent the error in the future. Based on this criteria, the Department recommends entering into an agreement with Diamond. ATTACHMENTS INCLUDED AND/OR ON FILE: On file with Clerk-Agreement with Diamond Drugs, Inc. CAO ANALYST: Ron Alexander County of Fresno Page 2 File Number.24-1433 Agreement No. 25-041 1 SERVICE AGREEMENT 2 This Service Agreement ("Agreement") is dated January 28, 2025 and is between 3 Diamond Drugs, Inc., dba Diamond Pharmacy Services, a for profit Corporation whose address 4 is 645 Kolter Drive, Indiana, PA 15701-3570 ("Contractor"), and the County of Fresno, a political 5 subdivision of the State of California ("County"). 6 Recitals 7 A. The Department of Public Health (DPH), Community Health Division, requires 8 pharmaceutical prescriptions and related services for its Chest Clinic, Immunization Clinic, and 9 Specialty Services Program so that they may properly provide their services to clients and the 10 County. 11 B. The DPH Community Health division programs also require consulting pharmacist 12 services so that any questions regarding medications or interactions made be answered. 13 C. DPH and Diamond Pharmacy Services were previously contracted for these services 14 under Agreement A-19-123. After it expired an RFQ was done so that bids for a new contract 15 could be received. No bids were received in part due to an email issue, so DPH chose Diamond 16 Pharmacy Services for a new contract due to the good relationship the Department has with 17 them. 18 D. Diamond Pharmacy Services has been the longstanding provider of pharmaceutical 19 services and a consulting pharmacist to the DPH Community Health Division which has created 20 a healthy and trusted partnership between both parties. 21 The parties therefore agree as follows: 22 Article 1 23 Contractor's Services 24 1.1 Scope of Services. The Contractor shall perform all of the services provided in 25 Exhibit A to this Agreement, titled "Scope of Services." 26 1.2 Representation. The Contractor represents that it is qualified, ready, willing, and 27 able to perform all of the services provided in this Agreement. 28 1 1 1.3 Compliance with Laws. The Contractor shall, at its own cost, comply with all 2 applicable federal, state, and local laws and regulations in the performance of its obligations 3 under this Agreement, including but not limited to workers compensation, labor, and 4 confidentiality laws and regulations. 5 Article 2 6 County's Responsibilities 7 2.1 The County shall provide the consulting pharmacist access to all medication storage, 8 refrigerators to check temperature range, and documentation for how medications are 9 dispensed. 10 Article 3 11 Compensation, Invoices, and Payments 12 3.1 The County agrees to pay, and the Contractor agrees to receive, compensation for 13 the performance of its services under this Agreement as described in Exhibit B to this 14 Agreement, titled "Compensation." 15 3.2 Maximum Compensation. The maximum compensation payable to the Contractor 16 under this Agreement is $1,000,000, commencing as of the date of signing for the entire term of 17 the Agreement. In no event shall compensation paid for services performed under this 18 agreement exceed One Million Dollars ($1,000,000) for the entire term of this Agreement. The 19 Contractor acknowledges that the County is a local government entity, and does so with notice 20 that the County's powers are limited by the California Constitution and by State law, and with 21 notice that the Contractor may receive compensation under this Agreement only for services 22 performed according to the terms of this Agreement and while this Agreement is in effect, and 23 subject to the maximum amount payable under this section. The Contractor further 24 acknowledges that County employees have no authority to pay the Contractor except as 25 expressly provided in this Agreement. 26 3.3 Invoices. The Contractor shall submit monthly invoices to the County of Fresno, 27 Department of Public Health, P.O. Box 11867, Fresno, CA 93775, Attention: Business Office or 28 to jhboap(a)fresnocountyca.gox.. The Contractor shall submit each invoice within 60 days after 2 1 the month in which the Contractor performs services and in any case within 60 days after the 2 end of the term or termination of this Agreement. 3 3.4 Payment. The County shall pay each correctly completed and timely submitted 4 invoice within 45 days after receipt. The County shall remit any payment to the Contractor's 5 address specified in the invoice. 6 3.5 Incidental Expenses. The Contractor is solely responsible for all of its costs and 7 expenses that are not specified as payable by the County under this Agreement. 8 Article 4 9 Term of Agreement 10 4.1 Term. This Agreement is effective on the date that the parties sign this Agreement 11 and terminates on January 27, 2028, except as provided in section 4.2, "Extension," or Article 6, 12 "Termination and Suspension," below. 13 4.2 Extension. The term of this Agreement may be extended for no more than two, one- 14 year periods only upon written approval of both parties at least 30 days before the first day of 15 the next one-year extension period. The Director or his or her designee is authorized to sign the 16 written approval on behalf of the County based on the Contractor's satisfactory performance. 17 The extension of this Agreement by the County is not a waiver or compromise of any default or 18 breach of this Agreement by the Contractor existing at the time of the extension whether or not 19 known to the County. 20 Article 5 21 Notices 22 5.1 Contact Information. The persons and their addresses having authority to give and 23 receive notices provided for or permitted under this Agreement include the following: 24 For the County: 25 Director, Department of Public Health County of Fresno 26 P.O. Box 11867 Fresno, CA 93775 27 DPHContracts@fresnocountyca.gov 28 3 1 For the Contractor: Mark J. Zilner, President & CEO, Owner 2 Diamond Pharmacy Services 645 Kolter Drive 3 Indiana, PA 15701-3570 mzilner@diamondpharmacy.com 4 Fax: 724.599.3666 5 5.2 Change of Contact Information. Either party may change the information in section 6 5.1 by giving notice as provided in section 5.3. 7 5.3 Method of Delivery. Each notice between the County and the Contractor provided 8 for or permitted under this Agreement must be in writing, state that it is a notice provided under 9 this Agreement, and be delivered either by personal service, by first-class United States mail, by 10 an overnight commercial courier service, by telephonic facsimile transmission, or by Portable 11 Document Format (PDF) document attached to an email. 12 (A) A notice delivered by personal service is effective upon service to the recipient. 13 (B) A notice delivered by first-class United States mail is effective three County 14 business days after deposit in the United States mail, postage prepaid, addressed to the 15 recipient. 16 (C)A notice delivered by an overnight commercial courier service is effective one 17 County business day after deposit with the overnight commercial courier service, 18 delivery fees prepaid, with delivery instructions given for next day delivery, addressed to 19 the recipient. 20 (D)A notice delivered by telephonic facsimile transmission or by PDF document 21 attached to an email is effective when transmission to the recipient is completed (but, if 22 such transmission is completed outside of County business hours, then such delivery is 23 deemed to be effective at the next beginning of a County business day), provided that 24 the sender maintains a machine record of the completed transmission. 25 5.4 Claims Presentation. For all claims arising from or related to this Agreement, 26 nothing in this Agreement establishes, waives, or modifies any claims presentation 27 requirements or procedures provided by law, including the Government Claims Act (Division 3.6 28 of Title 1 of the Government Code, beginning with section 810). 4 1 Article 6 2 Termination and Suspension 3 6.1 Termination for Non-Allocation of Funds. The terms of this Agreement are 4 contingent on the approval of funds by the appropriating government agency. If sufficient funds 5 are not allocated, then the County, upon at least 30 days' advance written notice to the 6 Contractor, may: 7 (A) Modify the services provided by the Contractor under this Agreement; or 8 (B) Terminate this Agreement. 9 6.2 Termination for Breach. 10 (A) Upon determining that a breach (as defined in paragraph (C) below) has 11 occurred, the County may give written notice of the breach to the Contractor. The written 12 notice may suspend performance under this Agreement, and must provide at least 30 13 days for the Contractor to cure the breach. 14 (B) If the Contractor fails to cure the breach to the County's satisfaction within the 15 time stated in the written notice, the County may terminate this Agreement immediately. 16 (C) For purposes of this section, a breach occurs when, in the determination of the 17 County, the Contractor has: 18 (1) Obtained or used funds illegally or improperly; 19 (2) Failed to comply with any part of this Agreement; 20 (3) Submitted a substantially incorrect or incomplete report to the County; or 21 (4) Improperly performed any of its obligations under this Agreement. 22 6.3 Termination without Cause. In circumstances other than those set forth above, the 23 County may terminate this Agreement by giving at least 30 days advance written notice to the 24 Contractor. 25 6.4 No Penalty or Further Obligation. Any termination of this Agreement by the County 26 under this Article 6 is without penalty to or further obligation of the County. 27 6.5 County's Rights upon Termination. Upon termination for breach under this Article 28 6, the County may demand repayment by the Contractor of any monies disbursed to the 5 1 Contractor under this Agreement that, in the County's sole judgment, were not expended in 2 compliance with this Agreement. The Contractor shall promptly refund all such monies upon 3 demand. This section survives the termination of this Agreement. 4 Article 7 5 Funding Source 6 7.1 Services Funding Source. Funding for these services is provided by the one or 7 more of the following funding sources: California Department of Public Health Immunization 8 Local Assistance Grant Funds, Syphilis Outbreak Strategy Grant, Health Realignment, and/or 9 other additional funding made available through Federal, State, or Local legislation. 10 Article 8 11 Confidentiality 12 8.1 Confidentiality. All services performed by the Contractor under this Agreement 13 shall be in strict conformance with all applicable Federal, State of California and/or local laws 14 and regulations relating to confidentiality. In addition, Contractor agrees to abide by the terms 15 and conditions of the Business Associate Agreement attached hereto as Exhibit E. 16 Article 9 17 Independent Contractor 18 9.1 Status. In performing under this Agreement, the Contractor, including its officers, 19 agents, employees, and volunteers, is at all times acting and performing as an independent 20 contractor, in an independent capacity, and not as an officer, agent, servant, employee, joint 21 venturer, partner, or associate of the County. 22 9.2 Verifying Performance. The County has no right to control, supervise, or direct the 23 manner or method of the Contractor's performance under this Agreement, but the County may 24 verify that the Contractor is performing according to the terms of this Agreement. 25 9.3 Benefits. Because of its status as an independent contractor, the Contractor has no 26 right to employment rights or benefits available to County employees. The Contractor is solely 27 responsible for providing to its own employees all employee benefits required by law. The 28 Contractor shall save the County harmless from all matters relating to the payment of 6 1 Contractor's employees, including compliance with Social Security withholding and all related 2 regulations. 3 9.4 Services to Others. The parties acknowledge that, during the term of this 4 Agreement, the Contractor may provide services to others unrelated to the County. 5 Article 10 6 Indemnity and Defense 7 10.1 Indemnity. The Contractor shall indemnify and hold harmless and defend the 8 County (including its officers, agents, employees, and volunteers) against all claims, demands, 9 injuries, damages, costs, expenses (including attorney fees and costs), fines, penalties, and 10 liabilities of any kind to the County, the Contractor, or any third party that arise from or relate to 11 the performance or failure to perform by the Contractor (or any of its officers, agents, 12 subcontractors, or employees) under this Agreement. The County may conduct or participate in 13 its own defense without affecting the Contractor's obligation to indemnify and hold harmless or 14 defend the County. 15 10.2 Survival. This Article 10 survives the termination of this Agreement. 16 Article 11 17 Insurance 18 11.1 The Contractor shall comply with all the insurance requirements in Exhibit C to this 19 Agreement. 20 Article 12 21 Inspections, Audits, and Public Records 22 12.1 Inspection of Documents. The Contractor shall make available to the County, and 23 the County may examine at any time during business hours and as often as the County deems 24 necessary, all of the Contractor's records and data with respect to the matters covered by this 25 Agreement, excluding attorney-client privileged communications. The Contractor shall, upon 26 request by the County, permit the County to audit and inspect all of such records and data to 27 ensure the Contractor's compliance with the terms of this Agreement. 28 7 1 12.2 State Audit Requirements. If the compensation to be paid by the County under this 2 Agreement exceeds $10,000, the Contractor is subject to the examination and audit of the 3 California State Auditor, as provided in Government Code section 8546.7, for a period of three 4 years after final payment under this Agreement. This section survives the termination of this 5 Agreement. Additional Federal audit requirements may apply if any portion of the compensation 6 to be paid by the County under this Agreement is also provided by Federal funding. 7 12.3 Public Records. The County is not limited in any manner with respect to its public 8 disclosure of this Agreement or any record or data that the Contractor may provide to the 9 County. The County's public disclosure of this Agreement or any record or data that the 10 Contractor may provide to the County may include but is not limited to the following: 11 (A) The County may voluntarily, or upon request by any member of the public or 12 governmental agency, disclose this Agreement to the public or such governmental 13 agency. 14 (B) The County may voluntarily, or upon request by any member of the public or 15 governmental agency, disclose to the public or such governmental agency any record or 16 data that the Contractor may provide to the County, unless such disclosure is prohibited 17 by court order. 18 (C)This Agreement, and any record or data that the Contractor may provide to the 19 County, is subject to public disclosure under the Ralph M. Brown Act (California 20 Government Code, Title 5, Division 2, Part 1, Chapter 9, beginning with section 54950). 21 (D)This Agreement, and any record or data that the Contractor may provide to the 22 County, is subject to public disclosure as a public record under the California Public 23 Records Act (California Government Code, Title 1, Division 7, Chapter 3.5, beginning 24 with section 6250) ("CPRA"). 25 (E) This Agreement, and any record or data that the Contractor may provide to the 26 County, is subject to public disclosure as information concerning the conduct of the 27 people's business of the State of California under California Constitution, Article 1, 28 section 3, subdivision (b). 8 1 (F) Any marking of confidentiality or restricted access upon or otherwise made with 2 respect to any record or data that the Contractor may provide to the County shall be 3 disregarded and have no effect on the County's right or duty to disclose to the public or 4 governmental agency any such record or data. 5 12.4 Public Records Act Requests. If the County receives a written or oral request 6 under the CPRA to publicly disclose any record that is in the Contractor's possession or control, 7 and which the County has a right, under any provision of this Agreement or applicable law, to 8 possess or control, then the County may demand, in writing, that the Contractor deliver to the 9 County, for purposes of public disclosure, the requested records that may be in the possession 10 or control of the Contractor. Within five business days after the County's demand, the 11 Contractor shall (a) deliver to the County all of the requested records that are in the Contractor's 12 possession or control, together with a written statement that the Contractor, after conducting a 13 diligent search, has produced all requested records that are in the Contractor's possession or 14 control, or (b) provide to the County a written statement that the Contractor, after conducting a 15 diligent search, does not possess or control any of the requested records. The Contractor shall 16 cooperate with the County with respect to any County demand for such records. If the 17 Contractor wishes to assert that any specific record or data is exempt from disclosure under the 18 CPRA or other applicable law, it must deliver the record or data to the County and assert the 19 exemption by citation to specific legal authority within the written statement that it provides to 20 the County under this section. The Contractor's assertion of any exemption from disclosure is 21 not binding on the County, but the County will give at least 10 days' advance written notice to 22 the Contractor before disclosing any record subject to the Contractor's assertion of exemption 23 from disclosure. The Contractor shall indemnify the County for any court-ordered award of costs 24 or attorney's fees under the CPRA that results from the Contractor's delay, claim of exemption, 25 failure to produce any such records, or failure to cooperate with the County with respect to any 26 County demand for any such records. 27 28 9 1 Article 13 2 Disclosure of Self-Dealing Transactions 3 13.1 Applicability. This Article 13 applies if the Contractor is operating as a corporation, 4 or changes its status to operate as a corporation. 5 13.2 Duty to Disclose. If any member of the Contractor's board of directors is party to a 6 self-dealing transaction, he or she shall disclose the transaction by completing and signing a 7 "Self-Dealing Transaction Disclosure Form" (Exhibit D to this Agreement) and submitting it to 8 the County before commencing the transaction or immediately after. 9 13.3 Definition. "Self-dealing transaction" means a transaction to which the Contractor is 10 a party and in which one or more of its directors, as an individual, has a material financial 11 interest. 12 Article 14 13 General Terms 14 14.1 Modification. Except as provided in Article 6, "Termination and Suspension," this 15 Agreement may not be modified, and no waiver is effective, except by written agreement signed 16 by both parties. Notwithstanding the above, changes to object levels in the budget, attached 17 hereto as Exhibit B, that do not exceed ten percent (10%) of the maximum compensation 18 payable to the Contractor, may be made with the written approval of the County's Department of 19 Public Health Director, or designee. The ten percent (10%) budget modification maximum 20 applies to the cumulative adjustments made through the life of the Agreement. Additionally, 21 said budget changes shall not result in any change to the maximum compensation amount 22 payable to Contractor, nor shall it reduce the delivery of services or significantly modify the 23 scope of the services originally intended and approved under this Agreement, as stated herein. 24 The Contractor acknowledges that County employees have no authority to modify this 25 Agreement except as expressly provided in this Agreement. 26 14.2 Non-Assignment. Neither party may assign its rights or delegate its obligations 27 under this Agreement without the prior written consent of the other party. 28 10 1 14.3 Governing Law. The laws of the State of California govern all matters arising from 2 or related to this Agreement. 3 14.4 Jurisdiction and Venue. This Agreement is signed and performed in Fresno 4 County, California. Contractor consents to California jurisdiction for actions arising from or 5 related to this Agreement, and, subject to the Government Claims Act, all such actions must be 6 brought and maintained in Fresno County. 7 14.5 Construction. The final form of this Agreement is the result of the parties' combined 8 efforts. If anything in this Agreement is found by a court of competent jurisdiction to be 9 ambiguous, that ambiguity shall not be resolved by construing the terms of this Agreement 10 against either party. 11 14.6 Days. Unless otherwise specified, "days" means calendar days. 12 14.7 Headings. The headings and section titles in this Agreement are for convenience 13 only and are not part of this Agreement. 14 14.8 Severability. If anything in this Agreement is found by a court of competent 15 jurisdiction to be unlawful or otherwise unenforceable, the balance of this Agreement remains in 16 effect, and the parties shall make best efforts to replace the unlawful or unenforceable part of 17 this Agreement with lawful and enforceable terms intended to accomplish the parties' original 18 intent. 19 14.9 Nondiscrimination. During the performance of this Agreement, the Contractor shall 20 not unlawfully discriminate against any employee or applicant for employment, or recipient of 21 services, because of race, religious creed, color, national origin, ancestry, physical disability, 22 mental disability, medical condition, genetic information, marital status, sex, gender, gender 23 identity, gender expression, age, sexual orientation, military status or veteran status pursuant to 24 all applicable State of California and federal statutes and regulation. 25 14.10 No Waiver. Payment, waiver, or discharge by the County of any liability or obligation 26 of the Contractor under this Agreement on any one or more occasions is not a waiver of 27 performance of any continuing or other obligation of the Contractor and does not prohibit 28 enforcement by the County of any obligation on any other occasion. 11 1 14.11 Entire Agreement. This Agreement, including its exhibits, is the entire agreement 2 between the Contractor and the County with respect to the subject matter of this Agreement, 3 and it supersedes all previous negotiations, proposals, commitments, writings, advertisements, 4 publications, and understandings of any nature unless those things are expressly included in 5 this Agreement. If there is any inconsistency between the terms of this Agreement without its 6 exhibits and the terms of the exhibits, then the inconsistency will be resolved by giving 7 precedence first to the terms of this Agreement without its exhibits, and then to the terms of the 8 exhibits. 9 14.12 No Third-Party Beneficiaries. This Agreement does not and is not intended to 10 create any rights or obligations for any person or entity except for the parties. 11 14.13 Authorized Signature. The Contractor represents and warrants to the County that: 12 (A) The Contractor is duly authorized and empowered to sign and perform its 13 obligations under this Agreement. 14 (B) The individual signing this Agreement on behalf of the Contractor is duly 15 authorized to do so and his or her signature on this Agreement legally binds the 16 Contractor to the terms of this Agreement. 17 14.14 Electronic Signatures. The parties agree that this Agreement may be executed by 18 electronic signature as provided in this section. 19 (A) An "electronic signature" means any symbol or process intended by an individual 20 signing this Agreement to represent their signature, including but not limited to (1) a 21 digital signature; (2) a faxed version of an original handwritten signature; or (3) an 22 electronically scanned and transmitted (for example by PDF document) version of an 23 original handwritten signature. 24 (B) Each electronic signature affixed or attached to this Agreement (1) is deemed 25 equivalent to a valid original handwritten signature of the person signing this Agreement 26 for all purposes, including but not limited to evidentiary proof in any administrative or 27 judicial proceeding, and (2) has the same force and effect as the valid original 28 handwritten signature of that person. 12 1 (C) The provisions of this section satisfy the requirements of Civil Code section 2 1633.5, subdivision (b), in the Uniform Electronic Transaction Act (Civil Code, Division 3, 3 Part 2, Title 2.5, beginning with section 1633.1). 4 (D) Each party using a digital signature represents that it has undertaken and 5 satisfied the requirements of Government Code section 16.5, subdivision (a), 6 paragraphs (1) through (5), and agrees that each other party may rely upon that 7 representation. 8 (E) This Agreement is not conditioned upon the parties conducting the transactions 9 under it by electronic means and either party may sign this Agreement with an original 10 handwritten signature. 11 14.15 Counterparts. This Agreement may be signed in counterparts, each of which is an 12 original, and all of which together constitute this Agreement. 13 [SIGNATURE PAGE FOLLOWS] 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 13 1 The parties are signing this Agreement on the date stated in the introductory clause. 2 Diamond Pharmacy Services COUNTY OF FRESNO 3 5 Mark J. Zi , President 8� CEO, Owner Ernest Buddy Me des, Chairman of the 6 645 Kolter Dr,' a Board of Supervisors of the County of Fresno Indiana, PA 15701-3570 7 Attest: 8 Bernice E. Seidel Clerk of the Board of Supervisors 9 County of Fresno, State of California 10 By: - 11 For accounting use only: Deputy 12 Org No.: 5620 Account No.: 7295 13 Fund No.: 0001 Subclass No.: 10000 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 14 Exhibit A 1 Scope of Services 2 CONTRACTOR agrees to provide the supply of pharmaceutical prescriptions and consulting pharmacist services to the following Fresno County Programs: Department of Public Health (DPH) Community 3 Health Division—TB Control Program, Specialty Services Program, and the Immunization Program. 4 ESTIMATED MONTHLY VOLUME OF DOSES QUANTITY 5 DPH Community Health Division —TB Control Program 500—600 6 DPH Community Health Division —Specialty Services Program 100—200 7 DPH Community Health Division — Immunizations Program 44—54 8 9 A. Prescriptions are to be filled for thirty (30)day supply, unless otherwise indicated. B. The contractor and authorized facility staff shall agree in writing upon a time of day by which 10 written, telephone, and/or fax orders are to be received for same day delivery. Orders placed before 2:00 p.m. will be delivered the following day no later than 10:00 a.m. Orders placed after 11 2:00 p.m. shall be delivered the second day no later than 10:00 a.m. 12 C. Contractor must supply three (3) copies of the delivery manifest with all medication listing the full 13 name of the patient, date of birth, drug name and strength, quantity dispensed, physician name, and charges. All copies of the delivery record are to be signed by authorized program staff. One 14 (1) copy shall be kept by the contractor, one (1)copy is for authorized program staff, and one (1) copy will be sent with the billing invoice to the Fresno County Department of Public Health 15 Business Office at dphboap@fresnocountyca.gov. 16 D. Prescription for clients shall be prepared in same manner used for the general public using a bubble pack card whenever possible. Some programs may need prescriptions prepared in a 17 specific manner. Scored tablets are not to be used for medications prescribed to minors. 18 E. Each prescription shall be labeled in accordance with Business and Professions Code, Section 4076. 19 F. Contractor shall provide documentation demonstrating provision of services to County Public 20 Health program(s)as defined in California Health and Safety Code 1206(b)for a minimum of 5 years. 21 G. Contractor must complete the Sample List of Medications. Contractor must price out each item 22 and list generic prices when available. 23 H. Generic substitution in prescriptions is required unless specified otherwise by a physician or if the substituted drug is not AB rated or better by the US Food and Drug Administration. 24 I. Provisions shall be made for return credit of any unused medications, provided State and Federal 25 Laws and Regulations allow this procedure. It is estimated that returns will be approximately 15- 20% of total quantities ordered on an annual basis. Pharmaceuticals and non-opened topical, 26 drops, and inhalers will be collected for return on a weekly or biweekly basis for contractor to pick-up. 27 J. Contractor must have contracted distributor(s)to obtain medication(s)that may not be readily 28 available by contractor at the time of order. K. Billings for services will be submitted on a monthly statement and are to be organized by A-1 Exhibit A 1 program, listing patients full name, date of birth, date of service, prescription number, drug name and strength, quantity dispensed and charges. Invoices are to be sent to the Department of 2 Public Health Business Office via mail to P.O. Box 11867, Fresno, California, 93775, or emailed to dphboap@fresnocountyca.gov. Invoices will not be paid in a timely manner if information is 3 missing or incorrect. 4 L. Contracted pharmacy shall bill based on published pricing (i.e. Medical Economics, Drug Topics, 5 Red Book)Average Wholesale Price (AWP) minus a percentage. Any additional costs such as minimum per prescription, dispensing fees, and administrative fees should be included. Prices 6 should not be based on acquisition costs. The AWP must be written out and a complete detailed explanation of the AWP must be regularly updated and sent to the Department of Public Health, 7 Business Office, P.O. Box 11867, Fresno, CA 93775. 8 1. The contractor shall indicate whether they can invoice Medi-Cal (State Medicaid program) or Medicare. Contractor shall invoice third party payor sources when g appropriate and obtain TAR's (treatment authorization requests)when necessary and appropriate. 10 2. The contractor shall indicate if they are participants of the Federal 340B Drug Pricing Program. 11 M. Contractor shall provide consulting pharmacist services for the Department of Public Health, 12 Community Health Division's TB Control Program, Specialty Services Program, Immunization Program. 13 1. Consulting Pharmacist services must adhere to Business and Professions Code 4182, 14 which includes, but is not, limited to the following: a. The Consulting Pharmacist, in conjunction with the Director and/or Health Officer 15 of the Public Health Department, shall review, develop and implement the policies and procedures manual that detail the drug distribution service to ensure 16 that inventories, security procedures training, protocol development, record keeping, packaging, labeling, dispensing, and patient consultation adhere to laws 17 and regulations of the California Board of Pharmacy. b. The consulting Pharmacist shall be required to visit Fresno County's Department 18 of Public Health, Community Health division's programs regularly and at least quarterly to review the application of said policies and procedures. 19 c. The Consulting Pharmacist shall certify, in writing, at least twice a year to the Department of Public Health's Health Officer that the clinics and programs are or 20 are not operating in compliance with the requirements of the California State Board of Pharmacy. 21 N. Divisions may request quarterly staff in-services regarding pharmaceuticals. 22 O. Consumer Product Information (CPI) sheets for all medications are to be made available upon 23 request. If needed the contractor may be required to provide CPI sheets in English, Spanish, and other County of Fresno threshold languages, the contractor shall make arrangements to provide 24 CPI sheets in the required languages. 25 Specific report requirements are identified under the specific programs outlined herein. 26 27 28 A-2 Exhibit A 1 Program Specific Scopes of Work 2 TB Control Program 3 Cost Center/Billing I13#56201650 4 1221 Fulton Street, 1s' Floor 5 Fresno, CA 93721 6 The Community Health Division's TB Control Program requires the following unique service specifications: 7 The Community Health Division's TB Control Program provides diagnosis and treatment to patients with active tuberculosis disease and latent tuberculosis infection. Multi-drug resistant tuberculosis is 8 also treated within this clinical setting. The TB Control Program operates Monday through Friday 9 from 8:00 a.m. to 5:00 p.m. Prescriptions are to be delivered to licensed medical staff, with appropriate identification, between the 10 hours of 8:00 a.m. and 5:00 p.m. Monday through Friday. 11 A. If contractor does not have a prescribed medication of supply available, contractor will attempt to supply as soon as possible and will promptly(no later than 12 hours after request by medical 12 staff) advise medical staff via telephone communication of the expected delivery date. B. The TB Control Program requires routine delivery of prescriptions within 24 hours. However, 13 during emergencies, it is expected that orders placed with the contractor before noon, shall be delivered prior to 5:00 p.m. the same day. If orders are placed after noon, delivery shall occur 14 before noon the following working day. The TB Control Program rarely, if ever, requires STAT medications. 15 C. Prescriptions required will be delivered to staff at County facilities only. Prescriptions will not be delivered directly to patients. Deliveries will not be required at locations outside of County 16 facilities. D. The TB Control Program's monthly volume of prescriptions is 15-20 per month. 17 E. The TB Control Program requires patient-specific prescriptions for clients that shall be prepared in the same manner used for the general public, using a bubble pack card whenever possible. 18 F. Upon request by County staff, contractor will supply an agreed upon method or form for staff to use to record and verify information (i.e. patient name, description of medication, and remaining 19 quantity)for return of returnable bubble packs and issuance of applicable refund or credit by contractor. Any applicable refund or credit will be issued by contractor within forty-five (45)days 20 from County's requested return date. G. Billing for services/supplies provided will be submitted to the County on a monthly statement 21 listing patient name, date of birth, date of service, prescription number, medication name, strength, quantity dispensed, and charges. 22 H. Upon provision of the appropriate information, contractor is required to first invoice Medi-Cal or other payor source, if applicable, as the primary and preferred payor source prior to invoicing the 23 County. I. Upon request by County staff, provide appropriate patient medication information sheets. 24 J. Contractor shall provide monthly printouts of all ordered medications and supplies. Each item shall include patient information or indicate if item was for house stock. This information shall be 25 in a mutually acceptable format so the County may use it to verify against manifests received with the medications. 26 K. Contractor shall be available for consultation regarding pharmaceutical issues and make quarterly inspections of pharmaceutical dispensing areas. 27 28 A-3 Exhibit A 1 Program Specific Scopes of Work (continued) 2 Specialty Services Program 3 Cost Center/Billing I13#56201661 4 1221 Fulton Street, 111 Floor 5 Fresno, CA 93721 6 The Community Health Division's Specialty Services Program requires the following unique service specifications: 7 The Community Health Division's Specialty Services Program provides treatment to patients with Syphilis. The Specialty Services Program operates Monday through Friday from 8:00 a.m. to 5:00 8 p.m. 9 Prescriptions are to be delivered to licensed medical staff, with appropriate identification, between the hours of 8:00 a.m. and 5:00 p.m. Monday through Friday. 10 A. If contractor does not have a prescribed medication of supply available, contractor will attempt to 11 supply as soon as possible and will promptly(no later than 12 hours after request by medical staff) advise medical staff via telephone communication of the expected delivery date. 12 B. The Specialty Services Program requires routine delivery of prescriptions within 24 hours. However, during emergencies, it is expected that orders placed with the contractor before noon, 13 shall be delivered prior to 5:00 p.m. the same day. If orders are placed after noon, delivery shall occur before noon the following working day. The Specialty Services Program rarely, if ever, 14 requires STAT medications. C. Prescriptions required will be delivered to staff at County facilities only. Prescriptions will not be 15 delivered directly to patients. Deliveries will not be required at locations outside of County facilities. 16 D. The Specialty Services Program's monthly volume of prescriptions is 10-15 per month. E. The Specialty Services Program requires medications in a prefilled syringe of 1.2 mil units. 17 Current orders include 10 syringes per box. This may vary depending on national supply and availability. 18 F. Upon request by County staff, contractor will supply an agreed upon method or form for staff to use to record and verify information (i.e. patient name, description of medication, and remaining 19 quantity)for return of returnable medications and issuance of applicable refund or credit by contractor. Any applicable refund or credit will be issued by contractor within forty-five (45)days 20 from County's requested return date. G. Billing for services/supplies provided will be submitted to the County on a monthly statement 21 listing patient name, date of birth, date of service, prescription number, medication name, strength, and quantity dispensed, and charges. 22 H. Upon provision of the appropriate information, contractor is required to first invoice Medi-Cal or other payor source, if applicable, as the primary and preferred payor source prior to invoicing the 23 County. I. Upon request by County staff, provide appropriate patient medication information sheets. 24 J. Contractor shall provide monthly printouts of all ordered medications and supplies. Each item shall include patient information or indicate if item was for house stock. This information shall be 25 in a mutually acceptable format so the County may use it to verify against manifests received with the medications. 26 K. Contractor shall be available for consultation regarding pharmaceutical issues and make quarterly inspections of pharmaceutical dispensing areas. 27 28 A-4 Exhibit A 1 Program Specific Scopes of Work (continued) 2 Immunization Program 3 Cost Center/Billing I13#56201657 4 1221 Fulton Street, 1s' Floor 5 Fresno, CA 93721 6 The Community Health Division's Immunization Program requires the following unique service specifications: 7 The Community Health Division's Immunization Program provides vaccines which immunize against vaccine preventable diseases. The Immunization Program operates Monday through Friday from 8 8:00 a.m. to 5:00 p.m. 9 Prescriptions are to be delivered to licensed medical staff, with appropriate identification, between the hours of 8:00 a.m. and 5:00 p.m. Monday through Friday. 10 A. If contractor does not have a prescribed medication of supply available, contractor will attempt to 11 supply as soon as possible and will promptly(no later than 12 hours after request by medical staff) advise medical staff via telephone communication of the expected delivery date. 12 B. The Immunization Program requires routine delivery of prescriptions within 24 hours. However, during emergencies, it is expected that orders placed with the contractor before noon, shall be 13 delivered prior to 5:00 p.m. the same day. If orders are placed after noon, delivery shall occur before noon the following working day. The Immunization Program rarely, if ever, requires STAT 14 medications. C. Prescriptions required will be delivered to staff at County facilities only. Prescriptions will not be 15 delivered directly to patients. Deliveries will not be required at locations outside of County facilities. 16 D. The Immunization Program's monthly volume of prescriptions is 1-5 per month. E. The Immunization Program requires patient's specific prescriptions for clients be prepared in the 17 same manner used for the general public, using a bubble pack card whenever possible. F. Upon request by County staff, contractor will supply an agreed upon method or form for staff to 18 use to record and verify information (i.e. patient name, description of medication, and remaining quantity)for return of returnable bubble packs and issuance of applicable refund or credit by 19 contractor. Any applicable refund or credit will be issued by contractor within forty-five (45)days from County's requested return date. 20 G. Billing for services/supplies provided will be submitted to the County on a monthly statement listing patient name, date of birth, date of service, prescription number, medication name, 21 strength, and quantity dispensed, and charges. H. Upon provision of the appropriate information, contractor is required to first invoice Medi-Cal or 22 other payor source, if applicable, as the primary and preferred payor source prior to invoicing the County. 23 I. Upon request by County staff, provide appropriate patient medication information sheets. J. Contractor shall provide monthly printouts of all ordered medications and supplies. Each item 24 shall include patient information or indicate if item was for house stock. This information shall be in a mutually acceptable format so the County may use it to verify against manifests received with 25 the medications. K. Contractor shall be available for consultation regarding pharmaceutical issues and make quarterly 26 inspections of pharmaceutical dispensing areas. 27 28 A-5 Exhibit B 1 Compensation 2 3 October 1, 2024 4 5 Each prescription and stock piece is billed as follows 6 7 Brand-name and Single-source Medications =AWP less 20.5% 8 9 Generic Multi-source Medications — AWP less 82.5% 10 11 Regarding the AbovePrice 12 ♦ AWP is defined as Average Wholesale Price at the time of dispensing, as updated by 13 Medi-Span® 14 ♦ Since AWP is a published rate, it may fluctuate (increase and decrease); however, our 15 proposed discount to AWP will remain fixed and firm throughout the term of the contract 16 ♦ Actual Acquisition Cost(AAC) is defined as Diamond's direct upfront wholesaler 17 medication cost at the time of dispensing on patient specific and stock medications ♦ Single-source medications are generic entities that are provided from a single 18 manufacturer. 19 ♦ Maintenance medications are dispensed in a routine 30-day supply 20 ♦ Acute medications are dispensed in the quantity as written by the prescriber up to a 30- day supply 21 ♦ Patient specific medications are dispensed in 30-count blister cards with one (1)unit per 22 bubble whenever possible and not contraindicated by the manufacturer. Stock and OTC stock medications can be dispensed in manufacturer bottles. If stock is requested in 30- 23 count blister cards, there will be an additional repackaging fee of one dollar and eighty- 24 five cents ($1.85)per repackaged card. Non-oral solid stock medications are distributed 25 as the individual purchase quantity ♦ All rates are based on Diamond being DPH's exclusive pharmacy provider(other than 26 those medications sourced locally for urgent needs) for medication dispensing and 27 pharmacy program management services 28 B-1 Exhibit B 1 The AboveIncludes 2 ♦ Patient specific prescription dispensing,pharmacy benefit management, stock 3 distribution services, and standard medication delivery to a single delivery location at 4 DPH Chest Clinic from Diamond ♦ A Diamond pharmacist serving as the primary contact and account manager 5 ♦ A pharmacist for quarterly on-site inspections. Any other inspections are billed as a 6 pass-through cost for time and travel if provided by Diamond; or as billed to Diamond if provided by a local pharmacist 7 ♦ Pharmacist participation in P&T meetings via teleconference or webinar, if requested. 8 ♦ 24-hour a day, 7-day a week, and 365-day a year(24/7/365) telephone consulting 9 ♦ Medication cart(s)provided on loan for the duration of the contract(when all medications are purchased from Diamond) may be replaced if current cart(s) are unsafe 10 or have fallen into a state of disrepair as determined by Diamond. If providing carts,the 11 model, type, and number of carts will be based on the facility census and at the discretion of Diamond 12 ♦ A fax machine is provided on loan for the duration of the contract unless using an online 13 ordering program and may be replaced if it has fallen into a state of disrepair. Model and 14 number of fax machine(s)based on facility size and as determined by Diamond ♦ DPH can purchase replacement toner from Diamond or elsewhere at DPH's expense 15 ♦ Accurate and meaningful monthly, routine, and ad hoc reports 16 ♦ No additional software charges for electronic ordering and electronic medication administration records (eMARs) if you choose our Sapphire computerized physician 17 order entry(CPOE) and eMAR solution when all orders are submitted via Sapphire and 18 all medications are purchased from Diamond 19 ♦ No additional charges for Sapphire CPOE/eMAR routine software updates, initial jail management system QMS) interfacing, and 24/7 IT support. DPH will be responsible for 20 charges related to appropriate hardware, IndeTrust USB EPCS token(s) (for electronic 21 prescribing of controlled substances), and internet access ♦ No additional charges for Sapphire CPOE/eMAR initial training. Initial training consists 22 of virtual support by a trained Sapphire Implementation Specialist for a period of two (2) 23 hours the week before eMAR go-live. Additional training can be requested at the follow rates: $75.00 per hour for virtual training; and onsite training is billed at$3,000 per 24 trainer per week(40hrs over 5 days)plus expenses. 25 ♦ Access to Diamond's free web-based electronic reconciliation program 26 ♦ Access to Diamond's free web-based Online Reporting Program(ORP) and utilization dashboard 27 ♦ One handheld tethered scanner provided on loan at no charge-to be used for electronic 28 medication reconciliation (check-in) and medication return processing, if requested B-2 Exhibit B 1 ♦ Should the state board of pharmacy or other regulatory agencies prohibit Diamond from 2 providing any products or services at no charge, we will provide these services as a pass- through charge and renegotiate the bid rate, if necessary 3 4 Additionally 5 ♦ If DPH is seeking a comprehensive electronic health record(EHR)/electronic medical 6 record(EMR) solution, Diamond offers Sapphire EMR/EHR at a separate negotiable price 7 ♦ For any pharmacy interfaces, including those for prescription transmission, with 8 EMRs/EHRs other than Sapphire, or third-party vendors, Diamond will be responsible only for standard interface charges and standard programming required on Diamond's 9 end of the interface provided the requirements are in HL7 version 2.3 or NCPDP XML 10 accepted standards. Any other interfaces or requirements beyond these and other currently 11 established specifications and transmission fee charges will be mutually agreed upon and billed as a pass-through charge. Interfacing and other costs with automated dispensing 12 machines are outside the scope of this agreement and negotiated separately. 13 ♦ In the event an EHR/EMR, JMS company, switch company, or any other company charges a transmission, submission, or other fee or charge, it will be billed as a pass- 14 through charge 15 ♦ Diamond will retain and reserves all rights, title, use, control, interest in and ownership of its assets including,but not limited to, its software, reporting, packages, and user 16 documentation; operations,procedures, and strategies; formulary and clinical services; 17 manufacturer, wholesaler, group purchase, and vendor contracts and resultant data and 18 information; patient, drug dispensing claims, and drug utilization information; trademarks and service marks 19 ♦ Backup pharmacy services will be billed as a pass-through charge at the contracted 20 backup pharmacy's rate, as billed through a pharmacy benefit management(PBM) company,plus the backup pharmacy's delivery charge or on-call charge, or the taxi or 21 courier charge, if applicable 22 ♦ If DPH requires fewer days in your routine supply of maintenance medications or if you 23 require packaging other than blister cards, a higher rate will be negotiated ♦ If ever needed, durable medical equipment(DME) and medical supplies are billed at 24 Diamond's correctional pricing, and prices will be quoted on a case-by-case basis, when 25 requested and may require shipping to be billed as a pass-through cost on select items ♦ When needed, specialty pharmaceutical items -those items that are not available 26 through normal wholesale channels without manufacturer or FDA program authorization 27 or that must be ordered through specialty channels, drop shipped, and/or that require pharmacist or other intervention to procure, such as,but not limited to plasma products, 28 factor products, specialty vaccines, medications with REMS requirements, limited B-3 Exhibit B 1 distribution medications, and chemotherapy agents are invoiced at the price charged to 2 Diamond by our wholesaler or from the specialty pharmacy plus two-hundred and fifty dollars ($250)per prescription. 3 ♦ When needed, compounded IV Medications—those medications that are compounded 4 by a Diamond IV Specialist or that are prepared by a Diamond IV Specialist in kits (with dry powder vials and reconstitution liquids) for infusion at the facility are billed at the 5 Average Wholesale Price (AWP)per ingredient as published by Medi-Span,plus five- 6 dollars ($5.00)per piece 7 ♦ When needed, Total Parenteral Nutrition(TPN) Products will be billed at the AAC per ingredient plus a dispensing fee of seventy-five dollars ($75.00)per bag 8 ♦ When needed, non-sterile compounded medications will be billed at Diamond's Actual 9 Acquisition Cost per ingredient plus compounding labor plus twenty-five dollars (25.00) per piece 10 ♦ Medications will not be discounted and sold below cost. If the proposed discounts to 11 AWP cause a medication to fall below Diamond's actual acquisition cost, the 12 prescription will be billed at Diamond's actual acquisition cost of the medication at the time of dispensing plus a$10.00 dispensing fee per prescription 13 ♦ Diamond will work with any covered entity to establish and manage a 340B program 14 and will negotiate an agreement directly with the entity outside the scope of this agreement. Any medications moved to a 340B program during the term of this 15 agreement, must be mutually agreed upon by both parties. If any medications are 16 requested to be moved off-contract from a source other than Diamond during term of this agreement, it will be upon mutual agreement of DPH and Diamond and a higher 17 dispensing fee will be negotiated 18 ♦ If the services of a reverse distributor are needed for the disposition of controlled 19 substances or other medications or drug devices, those charges are at DPH's expense through a direct contract with DPH and the reverse distributor 20 ♦ If the services of a waste company become necessary for the disposition of hazardous 21 and non-hazardous pharmaceutical waste, those charges are at DPH's expense through a direct contract with DPH and the waste company 22 ♦ Shipping costs are included as part of our bid rate. Diamond utilizes a preferred shipping 23 partner, if a common carrier other than our preferred shipping partner is requested, or if 24 deliveries are required to multiple locations within a DPH complex, or if medications are shipped to clinics other than to DPH Chest Clinic, those shipping costs are billed a pass- 25 through charge 26 ♦ Any common carrier or courier fuel charges that are billed to Diamond are invoiced to DPH as a pass-through cost, without any additional markup from Diamond, on that 27 month's billing cycle. 28 ♦ DPH is responsible for damaged or lost equipment provided on loan by Diamond B-4 Exhibit B 1 ♦ Diamond will serve as the pharmacy benefit manager of record and will maintain a drug 2 formulary, will manage pharmaceutical expenditures, be in control of the prescription claims, and may benefit exclusively through any subsequent discounts, incentives, and 3 remunerations generated due to these services Credit on 4 Returns 5 6 Diamond will provide credit on oral solid medications in full and partial blister cards at one hundred percent(100%) of Diamond's wholesaler actual acquisition cost of the medication at the 7 time of dispensing less a one dollar and seventy-five cents ($1.75)processing fee per returned 8 card. 9 When and where permitted by the State Board of Pharmacy and the U.S. Food and Drug Administration(FDA), Diamond offers credit on oral solid medications in full and partial blister 10 cards returned to us, provided the medications: 11 ♦ Remain in their original sealed blister packs 12 ♦ Have been stored under proper conditions 13 ♦ Are not defaced or have been adulterated ♦ Are not within four(4)months of expiration 14 ♦ Are returned within four(4) months of the date dispensed by Diamond 15 ♦ Are packed as one full unit per blister 16 ♦ Have not been released to the inmate population or labeled/dispensed as keep on person ♦ Are not controlled substance medications 17 ♦ Are not refrigerated items 18 ♦ Are not dispensed in strip packaging 19 ♦ Are not specialty, REM's, or limited distribution medications ♦ Have not been billed to a private insurance, third party, USM, ICE, 340B, or Medicaid 20 ♦ Were originally purchased from Diamond 21 Diamond is responsible for ground shipping costs for all returned medications and provides your 22 facility(ies)with prepaid,preaddressed FedEx or UPS return labels. Theses labels are simply 23 affixed to the return box and handed to the FedEx or UPS delivery driver during their normal pickup/delivery to your facility(ies). 24 Controlled substance medications and opened partial stock medications cannot be credited per 25 federal regulations. Credits are issued on medications based upon the professional judgment of a 26 Diamond pharmacist and not exceeding the current market value of the medication. Liquids, injections, topicals, medications dispensed in vials, medications dispensed in strip packaging, 27 medications dispensed in the original manufacturer unit dose packaging, and inhalers are not 28 eligible for credit. Blister cards that are dispensed with half tablets or with more than one single unit per individual bubble of the blister card are not eligible for return. Brand name medications B-5 Exhibit B 1 previously dispensed will not be eligible for credit upon return to Diamond once a generic 2 equivalent has come to market or has been approved by the FDA. Oral solid medications dispensed as Brand Medically Necessary or Dispense as Written will be credited at the actual 3 acquisition cost of the generic equivalent. Brand name medications will not be eligible for credit 4 upon return to Diamond once a generic equivalent has come to market or has been approved by the FDA. Oral solid medications returned in sealed manufacturer bottles will be eligible for 5 credit in accordance with the policy above. 6 Credit will only be issued on medications that Diamond currently stocks and can be redistributed 7 to other clients for administration prior to expiring. Diamond will abide by all current and future 8 Board of Pharmacy and Federal provisions regarding medication reuse and will only credit medications that are permitted per reuse, these regulations will automatically amend what is 9 proposed in this agreement. Returns received at Diamond, during the term of the contract, by the 10 15th of each month will be credited on the next invoice for that calendar month. Credit memos will be deducted from payment of the oldest outstanding invoices. Medications ineligible for 11 credit will not be returned. 12 13 Payment Terms 14 ♦ Invoicing will occur monthly. Payment shall be made by check or EFT(Electronic Funds Transfer in the form of ACH or Wire) from DPH to Diamond within thirty days of receipt of 15 invoice by DPH.A finance charge of one and one quarter percent(1.25%)per month will be 16 charged on all amounts received thirty(30) days past the end of the billing cycle ♦ Hepatitis C medications are invoiced twice monthly and payment terms are net 30-days 17 ♦ DPH is responsible for all applicable sales,use, lease, ad valorem, and any other tax that may be 18 levied or assessed by reason of this transaction,unless DPH provides a tax exemption certificate 19 (blanket or transaction specific)to Diamond in a timely manner ♦ Payment by credit card or purchase card will be assessed a three percent(3%) convenience fee 20 ♦ Diamond's dispensing fees and return processing fee will remain fixed and firm through 21 September 30,2025, and will be increased on October 1,2025 and each October 1st thereafter by(3.5%) 22 ♦ Billing disputes must be requested within fifteen(15)days from the time invoiced was received 23 by DPH.Any items not in dispute are required to be paid and are not to be withheld 24 ♦ In the event that local, state, or federal laws,rules, or regulations change that affect the services offered either operationally or financially, the parties shall work together in good faith to 25 negotiate new rates 26 ♦ Services and programs outside the specifications of this document, including but not limited to, prescriptions billed via Medicaid, 340B, etc. will have any additional costs,management fees, or 27 dispensing fees,negotiated in good faith between DPH and Diamond for the provision of those 28 unique services that are not listed herein. B-6 Exhibit C Insurance Requirements 1. Required Policies Without limiting the County's right to obtain indemnification from the Contractor or any third parties, Contractor, at its sole expense, shall maintain in full force and effect the following insurance policies throughout the term of this Agreement. (A) Commercial General Liability. Commercial general liability insurance with limits of not less than Two Million Dollars ($2,000,000) per occurrence and an annual aggregate of Four Million Dollars ($4,000,000). This policy must be issued on a per occurrence basis. Coverage must include products, completed operations, property damage, bodily injury, personal injury, and advertising injury. The Contractor shall obtain an endorsement to this policy naming the County of Fresno, its officers, agents, employees, and volunteers, individually and collectively, as additional insureds, but only insofar as the operations under this Agreement are concerned. Such coverage for additional insureds will apply as primary insurance and any other insurance, or self-insurance, maintained by the County is excess only and not contributing with insurance provided under the Contractor's policy. (B) Automobile Liability. Automobile liability insurance with limits of not less than One Million Dollars ($1,000,000) per occurrence for bodily injury and for property damages. Coverage must include any auto used in connection with this Agreement. (C)Workers Compensation. Workers compensation insurance as required by the laws of the State of California with statutory limits. (D) Employer's Liability. Employer's liability insurance with limits of not less than One Million Dollars ($1,000,000) per occurrence for bodily injury and for disease. (E) Professional Liability. Professional liability insurance with limits of not less than One Million Dollars ($1,000,000) per occurrence and an annual aggregate of Three Million Dollars ($3,000,000). If this is a claims-made policy, then (1) the retroactive date must be prior to the date on which services began under this Agreement; (2) the Contractor shall maintain the policy and provide to the County annual evidence of insurance for not less than five years after completion of services under this Agreement; and (3) if the policy is canceled or not renewed, and not replaced with another claims-made policy with a retroactive date prior to the date on which services begin under this Agreement, then the Contractor shall purchase extended reporting coverage on its claims-made policy for a minimum of five years after completion of services under this Agreement. (F) Cyber Liability. Cyber liability insurance with limits of not less than Two Million Dollars ($2,000,000) per occurrence. Coverage must include claims involving Cyber Risks. The cyber liability policy must be endorsed to cover the full replacement value of damage to, alteration of, loss of, or destruction of intangible property (including but not limited to information or data) that is in the care, custody, or control of the Contractor. Definition of Cyber Risks. "Cyber Risks" include but are not limited to (i) Security Breach, which may include Disclosure of Personal Information to an Unauthorized Third Party; (ii) data breach; (iii) breach of any of the Contractor's obligations under Article 1 of this Agreement; (iv) system failure; (v) data recovery; (vi)failure to timely disclose data C-1 Exhibit C breach or Security Breach; (vii) failure to comply with privacy policy; (viii) payment card liabilities and costs; (ix) infringement of intellectual property, including but not limited to infringement of copyright, trademark, and trade dress; (x) invasion of privacy, including release of private information; (xi) information theft; (xii) damage to or destruction or alteration of electronic information; (xiii) cyber extortion; (xiv) extortion related to the Contractor's obligations under this Agreement regarding electronic information, including Personal Information; (xv) fraudulent instruction; (xvi)funds transfer fraud; (xvii) telephone fraud; (xviii) network security; (xix) data breach response costs, including Security Breach response costs; (xx) regulatory fines and penalties related to the Contractor's obligations under this Agreement regarding electronic information, including Personal Information; and (xxi) credit monitoring expenses. 2. Additional Requirements (A) Verification of Coverage. Within 30 days after the Contractor signs this Agreement, and at any time during the term of this Agreement as requested by the County's Risk Manager or the County Administrative Office, the Contractor shall deliver, or cause its broker or producer to deliver, to the County of Fresno, Department of Public Health, P.O. Box 11867, Fresno, CA 93775, Attention: Contracts Section — 6t" Floor, or email, DPHContracts@fresnocountyca.gov, certificates of insurance and endorsements for all of the coverages required under this Agreement. (i) Each insurance certificate must state that: (1) the insurance coverage has been obtained and is in full force; (2) the County, its officers, agents, employees, and volunteers are not responsible for any premiums on the policy; and (3) the Contractor has waived its right to recover from the County, its officers, agents, employees, and volunteers any amounts paid under any insurance policy required by this Agreement and that waiver does not invalidate the insurance policy. (ii) The commercial general liability insurance certificate must also state, and include an endorsement, that the County of Fresno, its officers, agents, employees, and volunteers, individually and collectively, are additional insureds insofar as the operations under this Agreement are concerned. The commercial general liability insurance certificate must also state that the coverage shall apply as primary insurance and any other insurance, or self-insurance, maintained by the County shall be excess only and not contributing with insurance provided under the Contractor's policy. (iii) The automobile liability insurance certificate must state that the policy covers any auto used in connection with this Agreement. (iv) The professional liability insurance certificate, if it is a claims-made policy, must also state the retroactive date of the policy, which must be prior to the date on which services began under this Agreement. (v) The technology professional liability insurance certificate must also state that coverage encompasses all of the Contractor's obligations under this Agreement, C-2 Exhibit C including but not limited to claims involving Cyber Risks, as that term is defined in this Agreement. (vi) The cyber liability insurance certificate must also state that it is endorsed, and include an endorsement, to cover the full replacement value of damage to, alteration of, loss of, or destruction of intangible property (including but not limited to information or data) that is in the care, custody, or control of the Contractor. (B) Acceptability of Insurers. All insurance policies required under this Agreement must be issued by admitted insurers licensed to do business in the State of California and possessing at all times during the term of this Agreement an A.M. Best, Inc. rating of no less than A: VI I. (C) Notice of Cancellation or Change. For each insurance policy required under this Agreement, the Contractor shall provide to the County, or ensure that the policy requires the insurer to provide to the County, written notice of any cancellation or change in the policy as required in this paragraph. For cancellation of the policy for nonpayment of premium, the Contractor shall, or shall cause the insurer to, provide written notice to the County not less than 10 days in advance of cancellation. For cancellation of the policy for any other reason, and for any other change to the policy, the Contractor shall, or shall cause the insurer to, provide written notice to the County not less than 30 days in advance of cancellation or change. The County in its sole discretion may determine that the failure of the Contractor or its insurer to timely provide a written notice required by this paragraph is a breach of this Agreement. (D) County's Entitlement to Greater Coverage. If the Contractor has or obtains insurance with broader coverage, higher limits, or both, than what is required under this Agreement, then the County requires and is entitled to the broader coverage, higher limits, or both. To that end, the Contractor shall deliver, or cause its broker or producer to deliver, to the County's Risk Manager certificates of insurance and endorsements for all of the coverages that have such broader coverage, higher limits, or both, as required under this Agreement. (E) Waiver of Subrogation. The Contractor waives any right to recover from the County, its officers, agents, employees, and volunteers any amounts paid under the policy of worker's compensation insurance required by this Agreement. The Contractor is solely responsible to obtain any policy endorsement that may be necessary to accomplish that waiver, but the Contractor's waiver of subrogation under this paragraph is effective whether or not the Contractor obtains such an endorsement. (F) County's Remedy for Contractor's Failure to Maintain. If the Contractor fails to keep in effect at all times any insurance coverage required under this Agreement, the County may, in addition to any other remedies it may have, suspend or terminate this Agreement upon the occurrence of that failure, or purchase such insurance coverage, and charge the cost of that coverage to the Contractor. The County may offset such charges against any amounts owed by the County to the Contractor under this Agreement. C-3 Exhibit C (G)Subcontractors. The Contractor shall require and verify that all subcontractors used by the Contractor to provide services under this Agreement maintain insurance meeting all insurance requirements provided in this Agreement. This paragraph does not authorize the Contractor to provide services under this Agreement using subcontractors. C-4 Exhibit D Self-Dealing Transaction Disclosure Form In order to conduct business with the County of Fresno ("County"), members of a contractor's board of directors ("County Contractor"), must disclose any self-dealing transactions that they are a party to while providing goods, performing services, or both for the County. A self-dealing transaction is defined below: "A self-dealing transaction means a transaction to which the corporation is a party and in which one or more of its directors has a material financial interest." The definition above will be used for purposes of completing this disclosure form. Instructions (1) Enter board member's name, job title (if applicable), and date this disclosure is being made. (2) Enter the board member's company/agency name and address. (3) Describe in detail the nature of the self-dealing transaction that is being disclosed to the County. At a minimum, include a description of the following: a. The name of the agency/company with which the corporation has the transaction; and b. The nature of the material financial interest in the Corporation's transaction that the board member has. (4) Describe in detail why the self-dealing transaction is appropriate based on applicable provisions of the Corporations Code. The form must be signed by the board member that is involved in the self-dealing transaction described in Sections (3) and (4). D-1 Exhibit D (1) Company Board Member Information: Name: Date: Job Title: (2) Company/Agency Name and Address: (3) Disclosure (Please describe the nature of the self-dealing transaction you are a party to) (4) Explain why this self-dealing transaction is consistent with the requirements of Corporations Code § 5233 (a) (5) Authorized Signature Signature: Date: D-2 Exhibit E Health Insurance Portability and Accountability Act (HIPAA) 1. The County is a "Covered Entity," and the Contractor is a "Business Associate," as these terms are defined by 45 CFR 160.103. In connection with providing services under the Agreement, the parties anticipate that the Contractor will create and/or receive Protected Health Information ("PHI")from or on behalf of the County. The parties enter into this Business Associate Agreement (BAA)to comply with the Business Associate requirements of HIPAA, to govern the use and disclosures of PHI under this Agreement. "HIPAA Rules" shall mean the Privacy, Security, Breach Notification, and Enforcement Rules at 45 CFR Parts 160 and 164. The parties to this Agreement shall be in strict conformance with all applicable federal and State of California laws and regulations, including, but not limited to California Welfare and Institutions Code sections 5328, 10850, and 14100.2 et seq.; 42 CFR 2; 42 CFR 431; California Civil Code section 56 et seq.; the Health Insurance Portability and Accountability Act of 1996, as amended ("HIPAA"), including, but not limited to, 45 CFR Parts160, 45 CFR 162, and 45 CFR 164; the Health Information Technology for Economic and Clinical Health Act ("HITECH") regarding the confidentiality and security of patient information, including, but not limited to 42 USC 17901 et seq.; and the Genetic Information Nondiscrimination Act ("GINA") of 2008 regarding the confidentiality of genetic information. Except as otherwise provided in this Agreement, the Contractor, as a business associate of the County, may use or disclose Protected Health Information ("PHI") to perform functions, activities or services for or on behalf of the County, as specified in this Agreement, provided that such use or disclosure shall not violate HIPAA Rules. The uses and disclosures of PHI may not be more expansive than those applicable to the County, as the "Covered Entity" under the HIPAA Rules, except as authorized for management, administrative or legal responsibilities of the Contractor. 2. The Contractor, including its subcontractors and employees, shall protect from unauthorized access, use, or disclosure of names and other identifying information, including genetic information, concerning persons receiving services pursuant to this Agreement, except where permitted in order to carry out data aggregation purposes for health care operations [45 E-1 Exhibit E Health Insurance Portability and Accountability Act (HIPAA) CFR§§ 164.504(e)(2)(i), 164.504(e)(2)(ii)(A), and 164.504(e)(4)(i)]. This pertains to any and all persons receiving services pursuant to a County-funded program. This requirement applies to electronic PHI. The Contractor shall not use such identifying information or genetic information for any purpose other than carrying out the Contractor's obligations under this Agreement. 3. The Contractor, including its subcontractors and employees, shall not disclose any such identifying information or genetic information to any person or entity, except as otherwise specifically permitted by this Agreement, authorized by Subpart E of 45 CFR Part 164 or other law, required by the Secretary of the United States Department of Health and Human Services ("Secretary"), or authorized by the client/patient in writing. In using or disclosing PHI that is permitted by this Agreement or authorized by law, the Contractor shall make reasonable efforts to limit PHI to the minimum necessary to accomplish intended purpose of use, disclosure or request. 4. For purposes of the above sections, identifying information shall include, but not be limited to, name, identifying number, symbol, or other identifying particular assigned to the individual, such as fingerprint or voiceprint, or photograph. 5. For purposes of the above sections, genetic information shall include genetic tests of family members of an individual or individual(s), manifestation of disease or disorder of family members of an individual, or any request for or receipt of genetic services by individual or family members. Family member means a dependent or any person who is first, second, third, or fourth degree relative. 6. The Contractor shall provide access, at the request of the County, and in the time and manner designated by the County, to PHI in a designated record set(as defined in 45 CFR§ 164.501), to an individual or to COUNTY in order to meet the requirements of 45 CFR§ 164.524 regarding access by individuals to their PHI. With respect to individual requests, access shall be provided within thirty (30) days from request. Access may be extended if the Contractor cannot provide access and provides the individual with the reasons for the delay and the date when access may be granted. PHI shall be provided in the form and format requested by the individual or the County. E-2 Exhibit E Health Insurance Portability and Accountability Act (HIPAA) The Contractor shall make any amendment(s) to PHI in a designated record set at the request of the County or individual, and in the time and manner designated by the County in accordance with 45 CFR § 164.526. The Contractor shall provide to the County or to an individual, in a time and manner designated by the County, information collected in accordance with 45 CFR § 164.528, to permit the County to respond to a request by the individual for an accounting of disclosures of PHI in accordance with 45 CFR § 164.528. 7. The Contractor shall report to the County, in writing, any knowledge or reasonable belief that there has been unauthorized access, viewing, use, disclosure, security incident, or breach of unsecured PHI not permitted by this Agreement of which the Contractor becomes aware, immediately and without reasonable delay and in no case later than two (2) business days of discovery. Immediate notification shall be made to the County's Information Security Officer and Privacy Officer and the County's Department of Public Health ("DPH") HIPAA Representative, within two (2) business days of discovery. The notification shall include, to the extent possible, the identification of each individual whose unsecured PHI has been, or is reasonably believed to have been, accessed, acquired, used, disclosed, or breached. The Contractor shall take prompt corrective action to cure any deficiencies and any action pertaining to such unauthorized disclosure required by applicable federal and State laws and regulations. The Contractor shall investigate such breach and is responsible for all notifications required by law and regulation or deemed necessary by the County and shall provide a written report of the investigation and reporting required to the County's Information Security Officer and Privacy Officer and the County's DPH HIPAA Representative. This written investigation and description of any reporting necessary shall be postmarked within the thirty (30) working days of the discovery of the breach to the addresses below: County of Fresno County of Fresno County of Fresno Department of Public Health Department of Public Health Department of Internal HIPAA Representative Privacy Officer Services (559) 600-6439 (559) 600-6403 Information Security Officer E-3 Exhibit E Health Insurance Portability and Accountability Act (HIPAA) P.O. Box 11867 P.O. Box 11867 (559) 600-5800 Fresno, California 93775 Fresno, California 93775 333 W. Pontiac Way Clovis, California 93612 8. The Contractor shall make its internal practices, books, and records relating to the use and disclosure of PHI received from the County, or created or received by the Contractor on behalf of the County, in compliance with HIPAA's Privacy Rule, including, but not limited to the requirements set forth in Title 45, CFR, Sections 160 and 164. The Contractor shall make its internal practices, books, and records relating to the use and disclosure of PHI received from the County, or created or received by the Contractor on behalf of the County, available to the Secretary upon demand. The Contractor shall cooperate with the compliance and investigation reviews conducted by the Secretary. PHI access to the Secretary must be provided during the Contractor's normal business hours; however, upon exigent circumstances access at any time must be granted. Upon the Secretary's compliance or investigation review, if PHI is unavailable to the Contractor and in possession of a subcontractor of the Contractor, the Contractor must certify to the Secretary its efforts to obtain the information from the subcontractor. 9. Safeguards The Contractor shall implement administrative, physical, and technical safeguards as required by the HIPAA Security Rule, Subpart C of 45 CFR Part 164, that reasonably and appropriately protect the confidentiality, integrity, and availability of PHI, including electronic PHI, that it creates, receives, maintains or transmits on behalf of the County and to prevent unauthorized access, viewing, use, disclosure, or breach of PHI other than as provided for by this Agreement. The Contractor shall conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity and availability of electronic PHI. The Contractor shall develop and maintain a written information privacy and security program that includes administrative, technical and physical safeguards appropriate to the size and complexity of the Contractor's operations and the nature and scope of its activities. Upon the County's request, the Contractor shall provide the County with information concerning such safeguards. E-4 Exhibit E Health Insurance Portability and Accountability Act (HIPAA) The Contractor shall implement strong access controls and other security safeguards and precautions in order to restrict logical and physical access to confidential, personal (e.g., PHI) or sensitive data to authorized users only. Said safeguards and precautions shall include the following administrative and technical password controls for all systems used to process or store confidential, personal, or sensitive data: A. Passwords must not be: (1) Shared or written down where they are accessible or recognizable by anyone else; such as taped to computer screens, stored under keyboards, or visible in a work area; (2) A dictionary word; or (3) Stored in clear text B. Passwords must be: (1) Eight (8) characters or more in length; (2) Changed every ninety (90) days; (3) Changed immediately if revealed or compromised; and (4) Composed of characters from at least three (3) of the following four (4) groups from the standard keyboard: a) Upper case letters (A-Z); b) Lowercase letters (a-z); c) Arabic numerals (0 through 9); and d) Non-alphanumeric characters (punctuation symbols). The Contractor shall implement the following security controls on each workstation or portable computing device (e.g., laptop computer) containing confidential, personal, or sensitive data: 1. Network-based firewall and/or personal firewall; 2. Continuously updated anti-virus software; and 3. Patch management process including installation of all operating system/software vendor security patches. E-5 Exhibit E Health Insurance Portability and Accountability Act (HIPAA) The Contractor shall utilize a commercial encryption solution that has received FIPS 140-2 validation to encrypt all confidential, personal, or sensitive data stored on portable electronic media (including, but not limited to, compact disks and thumb drives) and on portable computing devices (including, but not limited to, laptop and notebook computers). The Contractor shall not transmit confidential, personal, or sensitive data via e-mail or other internet transport protocol unless the data is encrypted by a solution that has been validated by the National Institute of Standards and Technology (NIST) as conforming to the Advanced Encryption Standard (AES) Algorithm. The Contractor must apply appropriate sanctions against its employees who fail to comply with these safeguards. The Contractor must adopt procedures for terminating access to PHI when employment of employee ends. 10. Mitigation of Harmful Effects The Contractor shall mitigate, to the extent practicable, any harmful effect that is suspected or known to the Contractor of an unauthorized access, viewing, use, disclosure, or breach of PHI by the Contractor or its subcontractors in violation of the requirements of these provisions. The Contractor must document suspected or known harmful effects and the outcome. 11. The Contractor's Subcontractors The Contractor shall ensure that any of its contractors, including subcontractors, if applicable, to whom the Contractor provides PHI received from or created or received by the Contractor on behalf of the County, agree to the same restrictions, safeguards, and conditions that apply to the Contractor with respect to such PHI and to incorporate, when applicable, the relevant provisions of these provisions into each subcontract or sub-award to such agents or subcontractors. Nothing in this section 11 or this Exhibit E authorizes the Contractor to perform services under this Agreement using subcontractors. 12. Employee Training and Discipline The Contractor shall train and use reasonable measures to ensure compliance with the requirements of these provisions by employees who assist in the performance of functions or E-6 Exhibit E Health Insurance Portability and Accountability Act (HIPAA) activities on behalf of the County under this Agreement and use or disclose PHI, and discipline such employees who intentionally violate any provisions of these provisions, which may include termination of employment. 13. Termination for Cause Upon the County's knowledge of a material breach of these provisions by the Contractor, the County will either: A. Provide an opportunity for the Contractor to cure the breach or end the violation, and the County may terminate this Agreement if the Contractor does not cure the breach or end the violation within the time specified by the County; or B. Immediately terminate this Agreement if the Contractor has breached a material term of this Exhibit E and cure is not possible, as determined by the County. C. If neither cure nor termination is feasible, the County's Privacy Officer will report the violation to the Secretary of the U.S. Department of Health and Human Services. 14. Judicial or Administrative Proceedings The County may terminate this Agreement if: (1) the Contractor is found guilty in a criminal proceeding for a violation of the HIPAA Privacy or Security Laws or the HITECH Act; or (2) there is a finding or stipulation in an administrative or civil proceeding in which the Contractor is a party that the Contractor has violated a privacy or security standard or requirement of the HITECH Act, HIPAA or other security or privacy laws. 15. Effect of Termination Upon termination or expiration of this Agreement for any reason, the Contractor shall return or destroy all PHI received from the County (or created or received by the Contractor on behalf of the County) that the Contractor still maintains in any form, and shall retain no copies of such PHI. If return or destruction of PHI is not feasible, the Contractor shall continue to extend the protections of these provisions to such information, and limit further use of such PHI to those purposes that make the return or destruction of such PHI infeasible. This provision applies to PHI that is in the possession of subcontractors or agents, if applicable, of the Contractor. If the Contractor destroys the PHI data, a certification of date and time of destruction shall be E-7 Exhibit E Health Insurance Portability and Accountability Act (HIPAA) provided to the County by the Contractor. 16. Compliance with Other Laws 14.16 To the extent that other state and/or federal laws provide additional, stricter and/or more protective privacy and/or security protections to PHI or other confidential information covered under this BAA, the Contractor agrees to comply with the more protective of the privacy and security standards set forth in the applicable state or federal laws to the extent such standards provide a greater degree of protection and security than HIPAA Rules or are otherwise more favorable to the individual. 17. Disclaimer The County makes no warranty or representation that compliance by the Contractor with these provisions, the HITECH Act, or the HIPAA Rules, will be adequate or satisfactory for the Contractor's own purposes or that any information in the Contractor's possession or control, or transmitted or received by the Contractor, is or will be secure from unauthorized access, viewing, use, disclosure, or breach. The Contractor is solely responsible for all decisions made by the Contractor regarding the safeguarding of PHI. 18. Amendment The parties acknowledge that Federal and State laws relating to electronic data security and privacy are rapidly evolving and that amendment of this Exhibit E may be required to provide for procedures to ensure compliance with such developments. The parties specifically agree to take such action as is necessary to amend this agreement in order to implement the standards and requirements of the HIPAA Rules, the HITECH Act and other applicable laws relating to the security or privacy of PHI. The County may terminate this Agreement upon thirty (30) days written notice in the event that the Contractor does not enter into an amendment providing assurances regarding the safeguarding of PHI that the County in its sole discretion, deems sufficient to satisfy the standards and requirements of the HIPAA Rules, and the HITECH Act. 19. No Third-Party Beneficiaries Nothing expressed or implied in the provisions of this Exhibit E is intended to confer, and E-8 Exhibit E Health Insurance Portability and Accountability Act (HIPAA) nothing in this Exhibit E does confer, upon any person other than the County or the Contractor and their respective successors or assignees, any rights, remedies, obligations or liabilities whatsoever. 20. Interpretation The provisions of this Exhibit E shall be interpreted as broadly as necessary to implement and comply with the HIPAA Rules, and applicable State laws. The parties agree that any ambiguity in the terms and conditions of these provisions shall be resolved in favor of a meaning that complies and is consistent with the HIPAA Rules. 21. Regulatory References A reference in the terms and conditions of these provisions to a section in the HIPAA Rules means the section as in effect or as amended. 22. Survival The respective rights and obligations of the Contractor as stated in this Exhibit E survive the termination or expiration of this Agreement. 23. No Waiver of Obligation Change, waiver or discharge by the County of any liability or obligation of the Contractor under this Exhibit E on any one or more occasions is not a waiver of performance of any continuing or other obligation of the Contractor and does not prohibit enforcement by the County of any obligation on any other occasion. E-9 Exhibit F Data Security 1. Definitions Capitalized terms used in this Exhibit F have the meanings set forth in this section 1. (A) "Authorized Employees" means the Contractor's employees who have access to Personal Information. (B) "Authorized Persons" means: (i) any and all Authorized Employees; and (ii) any and all of the Contractor's subcontractors, representatives, agents, outsourcers, and consultants, and providers of professional services to the Contractor, who have access to Personal Information and are bound by law or in writing by confidentiality obligations sufficient to protect Personal Information in accordance with the terms of this Exhibit F. (C) "Director" means the County's Director of the Department of Public Health or his or her designee. (D)"Disclose" or any derivative of that word means to disclose, release, transfer, disseminate, or otherwise provide access to or communicate all or any part of any Personal Information orally, in writing, or by electronic or any other means to any person. (E) "Person" means any natural person, corporation, partnership, limited liability company, firm, or association. (F) "Personal Information" means any and all information, including any data, provided, or to which access is provided, to the Contractor by or upon the authorization of the County, under this Agreement, including but not limited to vital records, that: (i) identifies, describes, or relates to, or is associated with, or is capable of being used to identify, describe, or relate to, or associate with, a person (including, without limitation, names, physical descriptions, signatures, addresses, telephone numbers, e-mail addresses, education, financial matters, employment history, and other unique identifiers, as well as statements made by or attributable to the person); (ii) is used or is capable of being used to authenticate a person (including, without limitation, employee identification numbers, government-issued identification numbers, passwords or personal identification numbers (PINs), financial account numbers, credit report information, answers to security questions, and other personal identifiers); or (iii) is personal information within the meaning of California Civil Code section 1798.3, subdivision (a), or 1798.80, subdivision (e). Personal Information does not include publicly available information that is lawfully made available to the general public from federal, state, or local government records. (G)"Privacy Practices Complaint" means a complaint received by the County relating to the Contractor's (or any Authorized Person's) privacy practices or alleging a Security Breach. Such complaint shall have sufficient detail to enable the Contractor to promptly investigate and take remedial action under this Exhibit F. (H) "Security Safeguards" means physical, technical, administrative or organizational security procedures and practices put in place by the Contractor (or any Authorized Persons) that relate to the protection of the security, confidentiality, value, or integrity of Personal Information. Security Safeguards shall satisfy the minimal requirements set forth in section 3(C) of this Exhibit F. (1) "Security Breach" means (i) any act or omission that compromises either the security, confidentiality, value, or integrity of any Personal Information or the Security Safeguards, F-1 Exhibit F Data Security or (ii) any unauthorized Use, Disclosure, or modification of, or any loss or destruction of, or any corruption of or damage to, any Personal Information. (J) "Use" or any derivative of that word means to receive, acquire, collect, apply, manipulate, employ, process, transmit, disseminate, access, store, disclose, or dispose of Personal Information. 2. Standard of Care (A) The Contractor acknowledges that, in the course of its engagement by the County under this Agreement, the Contractor, or any Authorized Persons, may Use Personal Information only as permitted in this Agreement. (B) The Contractor acknowledges that Personal Information is deemed to be confidential information of, or owned by, the County (or persons from whom the County receives or has received Personal Information) and is not confidential information of, or owned or by, the Contractor, or any Authorized Persons. The Contractor further acknowledges that all right, title, and interest in or to the Personal Information remains in the County (or persons from whom the County receives or has received Personal Information) regardless of the Contractor's, or any Authorized Person's, Use of that Personal Information. (C) The Contractor agrees and covenants in favor of the Country that the Contractor shall: (i) keep and maintain all Personal Information in strict confidence, using such degree of care under this section 2 as is reasonable and appropriate to avoid a Security Breach; (ii) Use Personal Information exclusively for the purposes for which the Personal Information is made accessible to the Contractor pursuant to the terms of this Exhibit F; (iii) not Use, Disclose, sell, rent, license, or otherwise make available Personal Information for the Contractor's own purposes or for the benefit of anyone other than the County, without the County's express prior written consent, which the County may give or withhold in its sole and absolute discretion; and (iv) not, directly or indirectly, Disclose Personal Information to any person (an "Unauthorized Third Party") other than Authorized Persons pursuant to this Agreement, without the Director's express prior written consent. (D) Notwithstanding the foregoing paragraph, in any case in which the Contractor believes it, or any Authorized Person, is required to disclose Personal Information to government regulatory authorities, or pursuant to a legal proceeding, or otherwise as may be required by applicable law, Contractor shall (i) immediately notify the County of the specific demand for, and legal authority for the disclosure, including providing County with a copy of any notice, discovery demand, subpoena, or order, as applicable, received by the Contractor, or any Authorized Person, from any government regulatory authorities, or in relation to any legal proceeding, and (ii) promptly notify the County before such Personal Information is offered by the Contractor for such disclosure so that the County may have sufficient time to obtain a court order or take any other action the F-2 Exhibit F Data Security County may deem necessary to protect the Personal Information from such disclosure, and the Contractor shall cooperate with the County to minimize the scope of such disclosure of such Personal Information. (E) The Contractor shall remain liable to the County for the actions and omissions of any Unauthorized Third Party concerning its Use of such Personal Information as if they were the Contractor's own actions and omissions. 3. Information Security (A) The Contractor covenants, represents and warrants to the County that the Contractor's Use of Personal Information under this Agreement does and will at all times comply with all applicable federal, state, and local, privacy and data protection laws, as well as all other applicable regulations and directives, including but not limited to California Civil Code, Division 3, Part 4, Title 1.81 (beginning with section 1798.80), and the Song- Beverly Credit Card Act of 1971 (California Civil Code, Division 3, Part 4, Title 1.3, beginning with section 1747). If the Contractor Uses credit, debit or other payment cardholder information, the Contractor shall at all times remain in compliance with the Payment Card Industry Data Security Standard ("PCI DSS") requirements, including remaining aware at all times of changes to the PCI DSS and promptly implementing and maintaining all procedures and practices as may be necessary to remain in compliance with the PCI DSS, in each case, at the Contractor's sole cost and expense. (B) The Contractor covenants, represents and warrants to the County that, as of the effective date of this Agreement, the Contractor has not received notice of any violation of any privacy or data protection laws, as well as any other applicable regulations or directives, and is not the subject of any pending legal action or investigation by, any government regulatory authority regarding same. (C)Without limiting the Contractor's obligations under section 3(A) of this Exhibit F, the Contractor's (or Authorized Person's) Security Safeguards shall be no less rigorous than accepted industry practices and, at a minimum, include the following: (i) limiting Use of Personal Information strictly to the Contractor's and Authorized Persons' technical and administrative personnel who are necessary for the Contractor's, or Authorized Persons', Use of the Personal Information pursuant to this Agreement; (ii) ensuring that all of the Contractor's connectivity to County computing systems will only be through the County's security gateways and firewalls, and only through security procedures approved upon the express prior written consent of the Director; (iii) to the extent that they contain or provide access to Personal Information, (a) securing business facilities, data centers, paper files, servers, back-up systems and computing equipment, operating systems, and software applications, including, but not limited to, all mobile devices and other equipment, operating systems, and software applications with information storage capability; (b) employing adequate controls and data security measures, both internally and externally, to protect (1) the Personal Information from potential loss or F-3 Exhibit F Data Security misappropriation, or unauthorized Use, and (2) the County's operations from disruption and abuse; (c) having and maintaining network, device application, database and platform security; (d) maintaining authentication and access controls within media, computing equipment, operating systems, and software applications; and (e) installing and maintaining in all mobile, wireless, or handheld devices a secure internet connection, having continuously updated anti-virus software protection and a remote wipe feature always enabled, all of which is subject to express prior written consent of the Director; (iv) encrypting all Personal Information at advance encryption standards of Advanced Encryption Standards (AES) of 128 bit or higher (a) stored on any mobile devices, including but not limited to hard disks, portable storage devices, or remote installation, or (b)transmitted over public or wireless networks (the encrypted Personal Information must be subject to password or pass phrase, and be stored on a secure server and transferred by means of a Virtual Private Network (VPN) connection, or another type of secure connection, all of which is subject to express prior written consent of the Director); (v) strictly segregating Personal Information from all other information of the Contractor, including any Authorized Person, or anyone with whom the Contractor or any Authorized Person deals so that Personal Information is not commingled with any other types of information; (vi) having a patch management process including installation of all operating system and software vendor security patches; (vii) maintaining appropriate personnel security and integrity procedures and practices, including, but not limited to, conducting background checks of Authorized Employees consistent with applicable law; and (viii) providing appropriate privacy and information security training to Authorized Employees. (D) During the term of each Authorized Employee's employment by the Contractor, the Contractor shall cause such Authorized Employees to abide strictly by the Contractor's obligations under this Exhibit F. The Contractor shall maintain a disciplinary process to address any unauthorized Use of Personal Information by any Authorized Employees. (E) The Contractor shall, in a secure manner, backup daily, or more frequently if it is the Contractor's practice to do so more frequently, Personal Information received from the County, and the County shall have immediate, real time access, at all times, to such backups via a secure, remote access connection provided by the Contractor, through the Internet. (F) The Contractor shall provide the County with the name and contact information for each Authorized Employee (including such Authorized Employee's work shift, and at least one alternate Authorized Employee for each Authorized Employee during such work shift) who shall serve as the County's primary security contact with the Contractor and shall be available to assist the County twenty-four (24) hours per day, seven (7) days per week F-4 Exhibit F Data Security as a contact in resolving the Contractor's and any Authorized Persons' obligations associated with a Security Breach or a Privacy Practices Complaint. (G)The Contractor shall not knowingly include or authorize any Trojan Horse, back door, time bomb, drop dead device, worm, virus, or other code of any kind that may disable, erase, display any unauthorized message within, or otherwise impair any County computing system, with or without the intent to cause harm. 4. Security Breach Procedures (A) Immediately upon the Contractor's awareness or reasonable belief of a Security Breach, the Contractor shall (i) notify the Director of the Security Breach, such notice to be given first by telephone at the following telephone number, followed promptly by email at the following email address: (559) 600-8900 / incidents@fresnocountyca.gov (which telephone number and email address the County may update by providing notice to the Contractor), and (ii) preserve all relevant evidence (and cause any affected Authorized Person to preserve all relevant evidence) relating to the Security Breach. The notification shall include, to the extent reasonably possible, the identification of each type and the extent of Personal Information that has been, or is reasonably believed to have been, breached, including but not limited to, compromised, or subjected to unauthorized Use, Disclosure, or modification, or any loss or destruction, corruption, or damage. (B) Immediately following the Contractor's notification to the County of a Security Breach, as provided pursuant to section 4(A) of this Exhibit F, the Parties shall coordinate with each other to investigate the Security Breach. The Contractor agrees to fully cooperate with the County, including, without limitation: (i) assisting the County in conducting any investigation; (ii) providing the County with physical access to the facilities and operations affected; (iii) facilitating interviews with Authorized Persons and any of the Contractor's other employees knowledgeable of the matter; and (iv) making available all relevant records, logs, files, data reporting and other materials required to comply with applicable law, regulation, industry standards, or as otherwise reasonably required by the County. To that end, the Contractor shall, with respect to a Security Breach, be solely responsible, at its cost, for all notifications required by law and regulation, or deemed reasonably necessary by the County, and the Contractor shall provide a written report of the investigation and reporting required to the Director within 30 days after the Contractor's discovery of the Security Breach. (C) County shall promptly notify the Contractor of the Director's knowledge, or reasonable belief, of any Privacy Practices Complaint, and upon the Contractor's receipt of that notification, the Contractor shall promptly address such Privacy Practices Complaint, including taking any corrective action under this Exhibit F, all at the Contractor's sole expense, in accordance with applicable privacy rights, laws, regulations and standards. In the event the Contractor discovers a Security Breach, the Contractor shall treat the F-5 Exhibit F Data Security Privacy Practices Complaint as a Security Breach. Within 24 hours of the Contractor's receipt of notification of such Privacy Practices Complaint, the Contractor shall notify the County whether the matter is a Security Breach, or otherwise has been corrected and the manner of correction, or determined not to require corrective action and the reason for that determination. (D)The Contractor shall take prompt corrective action to respond to and remedy any Security Breach and take mitigating actions, including but not limiting to, preventing any reoccurrence of the Security Breach and correcting any deficiency in Security Safeguards as a result of such incident, all at the Contractor's sole expense, in accordance with applicable privacy rights, laws, regulations and standards. The Contractor shall reimburse the County for all reasonable costs incurred by the County in responding to, and mitigating damages caused by, any Security Breach, including all costs of the County incurred relation to any litigation or other action described section 4(E) of this Exhibit F. (E) The Contractor agrees to cooperate, at its sole expense, with the County in any litigation or other action to protect the County's rights relating to Personal Information, including the rights of persons from whom the County receives Personal Information. 5. Oversight of Security Compliance (A) The Contractor shall have and maintain a written information security policy that specifies Security Safeguards appropriate to the size and complexity of the Contractor's operations and the nature and scope of its activities. (B) Upon the County's written request, to confirm the Contractor's compliance with this Exhibit F, as well as any applicable laws, regulations and industry standards, the Contractor grants the County or, upon the County's election, a third party on the County's behalf, permission to perform an assessment, audit, examination or review of all controls in the Contractor's physical and technical environment in relation to all Personal Information that is Used by the Contractor pursuant to this Agreement. The Contractor shall fully cooperate with such assessment, audit or examination, as applicable, by providing the County or the third party on the County's behalf, access to all Authorized Employees and other knowledgeable personnel, physical premises, documentation, infrastructure and application software that is Used by the Contractor for Personal Information pursuant to this Agreement. In addition, the Contractor shall provide the County with the results of any audit by or on behalf of the Contractor that assesses the effectiveness of the Contractor's information security program as relevant to the security and confidentiality of Personal Information Used by the Contractor or Authorized Persons during the course of this Agreement under this Exhibit F. (C)The Contractor shall ensure that all Authorized Persons who Use Personal Information agree to the same restrictions and conditions in this Exhibit F. that apply to the Contractor with respect to such Personal Information by incorporating the relevant provisions of these provisions into a valid and binding written agreement between the Contractor and such Authorized Persons, or amending any written agreements to provide same. F-6 Exhibit F Data Security 6. Return or Destruction of Personal Information. Upon the termination of this Agreement, the Contractor shall, and shall instruct all Authorized Persons to, promptly return to the County all Personal Information, whether in written, electronic or other form or media, in its possession or the possession of such Authorized Persons, in a machine readable form used by the County at the time of such return, or upon the express prior written consent of the Director, securely destroy all such Personal Information, and certify in writing to the County that such Personal Information have been returned to the County or disposed of securely, as applicable. If the Contractor is authorized to dispose of any such Personal Information, as provided in this Exhibit F, such certification shall state the date, time, and manner (including standard) of disposal and by whom, specifying the title of the individual. The Contractor shall comply with all reasonable directions provided by the Director with respect to the return or disposal of Personal Information and copies of Personal Information. If return or disposal of such Personal Information or copies of Personal Information is not feasible, the Contractor shall notify the County according, specifying the reason, and continue to extend the protections of this Exhibit F to all such Personal Information and copies of Personal Information. The Contractor shall not retain any copy of any Personal Information after returning or disposing of Personal Information as required by this section 6. The Contractor's obligations under this section 6 survive the termination of this Agreement and apply to all Personal Information that the Contractor retains if return or disposal is not feasible and to all Personal Information that the Contractor may later discover. 7. Equitable Relief. The Contractor acknowledges that any breach of its covenants or obligations set forth in this Exhibit F may cause the County irreparable harm for which monetary damages would not be adequate compensation and agrees that, in the event of such breach or threatened breach, the County is entitled to seek equitable relief, including a restraining order, injunctive relief, specific performance and any other relief that may be available from any court, in addition to any other remedy to which the County may be entitled at law or in equity. Such remedies shall not be deemed to be exclusive but shall be in addition to all other remedies available to the County at law or in equity or under this Agreement. 8. Indemnity. The Contractor shall defend, indemnify and hold harmless the County, its officers, employees, and agents, (each, a "County Indemnitee") from and against any and all infringement of intellectual property including, but not limited to infringement of copyright, trademark, and trade dress, invasion of privacy, information theft, and extortion, unauthorized Use, Disclosure, or modification of, or any loss or destruction of, or any corruption of or damage to, Personal Information, Security Breach response and remedy costs, credit monitoring expenses, forfeitures, losses, damages, liabilities, deficiencies, actions, judgments, interest, awards, fines and penalties (including regulatory fines and penalties), costs or expenses of whatever kind, including attorneys' fees and costs, the cost of enforcing any right to indemnification or defense under this Exhibit F and the cost of pursuing any insurance providers, arising out of or resulting from any third party claim or action against any County Indemnitee in relation to the Contractor's, its officers, employees, or agents, or any Authorized Employee's or Authorized Person's, performance or failure to perform under this Exhibit F or arising out of or resulting from the Contractor's failure to comply with any of its obligations under this section 8. The provisions of this section 8 do not apply to the acts or omissions of the County. The provisions of this section 8 are cumulative to any other obligation of the Contractor to, defend, indemnify, or hold harmless any County Indemnitee under this Agreement. The provisions of this section 8 shall survive the termination of this Agreement. F-7 Exhibit F Data Security 9. Survival. The respective rights and obligations of the Contractor and the County as stated in this Exhibit X shall survive the termination of this Agreement. 10. No Third Party Beneficiary. Nothing express or implied in the provisions of in this Exhibit F is intended to confer, nor shall anything in this Exhibit F confer, upon any person other than the County or the Contractor and their respective successors or assignees, any rights, remedies, obligations or liabilities whatsoever. 11. No County Warranty. The County does not make any warranty or representation whether any Personal Information in the Contractor's (or any Authorized Person's) possession or control, or Use by the Contractor (or any Authorized Person), pursuant to the terms of this Agreement is or will be secure from unauthorized Use, or a Security Breach or Privacy Practices Complaint. F-8