The URL can be used to link to this page

Home My WebLink AboutSTATE DPH Office of AIDS-HIV Surveillance Program_A-24-518.pdf COtj County of Fresno Hall of Records, Room 301 2281 Tulare Street Fresno,California 601 Board of Supervisors 93721-2198 O� 1$56 0 Telephone: (559)600-3529 FRV,t' Minute Order Toll Free: 1-800-742-1011 www.fresnocountyca.gov September 24, 2024 Present: 5- Supervisor Steve Brandau, Chairman Nathan Magsig,Vice Chairman Buddy Mendes, Supervisor Brian Pacheco, and Supervisor Sal Quintero Agenda No. 38. Public Health File ID: 24-0913 Re: Approve and authorize the Chairman to execute a retroactive revenue Agreement and related certifications with the California Department of Public Health for the Human Immunodeficiency Virus Surveillance Program, effective July 1, 2024 through June 30, 2029($479,950); and Approve and authorize the Director of the Department of Public Health to execute the Contractor's Release Form for submission with the final invoice APPROVED AS RECOMMENDED Ayes: 5- Brandau, Magsig, Mendes, Pacheco, and Quintero Agreement No. 24-518 County of Fresno Page 41 COZj��C Board Agenda Item 38 O 1856 O FRE`'� DATE: September 24, 2024 TO: Board of Supervisors SUBMITTED BY: David Luchini, Director, Department of Public Health SUBJECT: Retroactive Revenue Agreement with the California Department of Public Health for the HIV Surveillance Program RECOMMENDED ACTION(S): 1. Approve and authorize the Chairman to execute a retroactive revenue Agreement and related certifications with the California Department of Public Health for the Human Immunodeficiency Virus Surveillance Program, effective July 1, 2024 through June 30, 2029 ($479,950); and 2. Approve and authorize the Director of the Department of Public Health to execute the Contractor's Release Form for submission with the final invoice. There is no increase in Net County Cost associated with the recommended actions. The recommended revenue agreement with the California Department of Public Health, Office of AIDS (CDPH-OA)supports the Department's Human Immunodeficiency Virus (HIV)Surveillance Program. These funds will be used to maintain HIV/AIDS (acquired immunodeficiency syndrome) surveillance infrastructure to ensure timely and complete case reporting from medical settings, laboratories, and HIV testing sites. The grant funds salaries and benefits, general office expenses, and allows for indirect cost recovery. This item is countywide. ALTERNATIVE ACTION(S): Should your Board not approve the recommended actions, the Department's HIV Surveillance Program would be unable to provide HIV/AIDS surveillance and support local healthcare providers. RETROACTIVE AGREEMENT: The recommended revenue agreement was received from CDPH-OA on June 27, 2024 and is being brought to your Board in accordance with the agenda item processing timelines. FISCAL IMPACT: There is no increase in Net County Cost associated with the recommended actions. The maximum compensation for the recommended revenue agreement is $479,950 or$95,990 annually for five years. The recommended revenue agreement represents a 5.9% annual funding increase ($5,348), in comparison to the annual funding amount received in the prior fiscal year. Sufficient appropriations and estimated revenues are included in the Department's Org 5620 FY 2024-25 Recommended Budget and will be included in future budgets for the duration of the term. The recommended revenue agreement will fund one Communicable Disease Specialist at 0.50 FTE and one at 0.20 FTE allowing indirect cost recovery for salaries and benefits up to 25%. The agreement allows full indirect cost recovery at the Department's rate of 24.426%. County of Fresno page 1 File Number.24-0913 File Number:24-0913 DISCUSSION: The Department has received HIV Surveillance Program funds since 1985. CDPH-OA allocated $6.67 million in FY 2024-25 State General Fund to local health jurisdictions for local HIV Surveillance Programs, the allocation formula is based upon the following factors: new HIV/AIDS cases diagnosed between 2017-2021 and living cases at most recent year end (2021). The Department's HIV Surveillance Program analyzes HIV/AIDS data and prepares epidemiologic summaries in collaboration with CDPH-OA. The 2023 Summary of HIV/AIDS in Fresno County shows the number of newly reported HIV cases was 177 and newly reported AIDS cases reported was 57; these numbers are up from 172 (02.90%) and down from 66 (15.78%) respectively from 2022 (Attachment A). The recommended revenue agreement will allow the HIV Surveillance Program to: • Maintain HIV case surveillance infrastructure; • Collect, submit accurate and timely HIV surveillance data; • Maintain data security and confidentiality; • Conduct program management and coordination; • Collaborate with partners to respond to the HIV disease; and, • Receive HIV surveillance data for the CDPH-OA. REFERENCE MATERIAL: BAI #42, November 19, 2019 ATTACHMENTS INCLUDED AND/OR ON FILE: Attachment A On file with Clerk-Agreement with CDPH-OA CAO ANALYST: Dylan McCully County of Fresno Page 2 File Number.24-0913 State of California— Health and Human Services Agency—California Department of Public Health Agreement No. 24-518 CDPH 1229 (11/2023) California HIV Surveillance Program Awarded By THE CALIFORNIA DEPARTMENT OF PUBLIC HEALTH, hereinafter "Department" TO County of Fresno, hereinafter "Grantee" Implementing the "HIV Surveillance"," hereinafter "Project" GRANT AGREEMENT NUMBER 24-10277 The Department awards this Grant and the Grantee accepts and agrees to use the Grant funds as follows: AUTHORITY: The Department has authority to grant funds for the Project under Health and Safety Code. The Legislature authorized in the Health & Safety Code (HSC) Section 131019 the CDPH, Office of AIDS (OA) as the lead agency within the State responsible for coordinating state programs, services and activities related to HIV and Acquired Immune Deficiency Syndrome (AIDS). HSC 131085 (a) and (b) authorize the CDPH to enter into grants to perform public health activities. PURPOSE: The Department shall award this Grant Agreement to and for the benefit of the Grantee; the purpose of the Grant is for the Grantee to administer the HIV Surveillance Program (HSP) and to ensure the implementation of Human Immunodeficiency Virus (HIV) surveillance activities. The Grantee will plan, develop, and implement all aspects of HIV surveillance in their jurisdiction. GRANT AMOUNT: The maximum amount payable under this Grant Agreement shall not exceed the amount of $479,950.00 TERM OF GRANT AGREEMENT: The term of the Grant shall begin on July 1, 2024 and terminates on June 30, 2029. No funds may be requested or invoiced for services performed or costs incurred after June 30, 2029. Page 1 of 4 State of California— Health and Human Services Agency—California Department of Public Health CDPH 1229 (11/2023) PROJECT REPRESENTATIVES. The Project Representatives during the term of this Grant will be: California Department of Public Health County of Fresno Kimberly Ferreira, Assistant Chief Jena Adams, Supervising Communicable Surveillance and Prevention Evaluation and Disease Specialist Reporting Branch 1221 Fulton Street 1616 Capitol Avenue, Suite 616, MS 7700 Fresno CA 93721 Sacramento, CA, 95899-7426 Telephone: (559) 600-3042 Telephone: (916) 842-0965 Email: jadams@fresnocountyca.gov Email: kimberly.ferreira@cdph.ca.gov Direct all inquiries to the following representatives: California Department of Public Health County of Fresno Kimberly Ferreira, Assistant Chief Jena Adams, Supervising Communicable Surveillance and Prevention Evaluation and Disease Specialist Reporting Branch 1221 Fulton Street 1616 Capitol Avenue, Suite 616, MS 7700 Fresno CA 93721 Sacramento, CA, 95899-7426 Telephone: (559) 600-3042 Telephone: (916) 842-0965 Email: jadams@fresnocountyca.gov Email: kimberly.ferreira@cdph.ca.gov All payments from CDPH to the Grantee; shall be sent to the following address: Remittance Address County of Fresno DPH Business Office PO Box 11867 Fresno CA 93775 Telephone: (559) 600-6415 Email: dphboap@fresnocountyca.gov Either party may make changes to the Project Representatives, or remittance address, by giving a written notice to the other party, said changes shall not require an amendment to this agreement but must be maintained as supporting documentation. Note: Remittance address changes will require the Grantee to submit a completed CDPH 9083 Governmental Entity Taxpayer ID Form or STD 204 Payee Data Record Form and the STD 205 Payee Data Supplement which can be requested through the CDPH Project Representatives for processing. Page 2 of 4 State of California— Health and Human Services Agency—California Department of Public Health CDPH 1229 (11/2023) STANDARD GRANT PROVISIONS. The Grantee must adhere to all Exhibits listed and any subsequent revisions. The following Exhibits are attached hereto or attached by reference and made a part of this Grant Agreement: EXHIBIT A LETTER OF AWARD EXHIBIT Al LIST OF ALLOCATIONS EXHIBIT A2 FUNDING ALLOCATION PROCESS EXHIBIT B BUDGET DETAIL AND PAYMENT PROVISIONS EXHIBIT C STANDARD GRANT CONDITIONS* EXHIBIT D ADDITIONAL PROVISIONS EXHIBIT E INFORMATION PRIVACY AND SECURITY REQUIRMENTS EXHIBIT F CONTRACTOR'S RELEASE GRANTEE REPRESENTATIONS: The Grantee(s) accept all terms, provisions, and conditions of this grant, including those stated in the Exhibits incorporated by reference above. The Grantee(s) shall fulfill all assurances and commitments made in the application, declarations, other accompanying documents, and written communications (e.g., e-mail, correspondence) filed in support of the request for grant funding. The Grantee(s) shall comply with and require its subgrantee's to comply with all applicable laws, policies, and regulations. GRANT EXECUTION. Unless otherwise prohibited by law or Grantees policy, the parties agree that an electronic copy of a signed Grant agreement, or an electronically signed Grant agreement, has the same force and legal effect as a Grant agreement executed with an original ink signature. The term "electronic copy of a signed Grant" refers to a transmission by facsimile, electronic mail, or other electronic means of a copy of an original signed Grant in a portable document format. The term "electronically signed Grant" means a grant agreement that is executed by applying an electronic signature using technology approved by the Grantee. Page 3 of 4 State of California—Health and Human Services Agency—California Department of Public Health CDPH 1229 (11/2023) IN WITNESS THEREOF, the parties have executed this Grant on the dates set forth below. Executed By: Date: glzgI& Zc-f ATTEST: Nathan Magsig, Chairman BERNICE E.SEIDEL County of Fresno, Board of Supervisors Clerk of the Board of Supervisors 2281 Tulare St., Ste. 301 County of Fresno, State of California Fresno, CA 93721 By �cu - dl;— Deputy Date: 10-16-24 Ja r Sandoval, Chief Contracts Management Unit California Department of Public Health 1616 Capitol Avenue, Suite 74.262 P.O. Box 997377, MS 1800-1804 Sacramento, CA 95899-7377 Page 4 of 4 State of California—Health and Human Services Agency California Department of Public Health x I)COPH '`C'�LIFpRN�k� TOMAS J.ARAGON,M.D.,Dr.P.H. GAVIN NEWSOM Director and State Public Health Officer Governor March 1, 2024 TO: CALIFORNIA LOCAL HEALTH JURISDICTIONS SUBJECT: FY 2024-25 HIV SURVEILLANCE PROGRAM The California Department of Public Health, Center for Infectious Diseases, Office of AIDS (OA) is pleased to announce the availability of $6.67 million in State General Funds in fiscal year (FY) 2024-2025 for local HIV surveillance programs. HIV surveillance program activities focus on five goals: 1. Maintain infrastructure for HIV surveillance by establishing and maintaining HIV case surveillance in health, medical, public health, and social service settings, including laboratories and HIV testing sites such that HIV case reporting to the local health department occurs in a timely and complete fashion; 2. Collect and submit accurate, complete, and timely HIV surveillance data to Office of AIDS. Collect HIV surveillance data that meet all data requirements set forth by the OA and the Centers for Disease Control and Prevention (CDC), and submit those data to the OA in a timely fashion; 3. Maintain data security and confidentiality. Protect patient privacy and confidentiality by ensuring that protected health information is stored and disclosed only in a manner consistent with California and federal laws and regulations, and OA policies and procedures; 4. Program management and coordination. Conduct HIV surveillance activities in a manner consistent with administrative, fiscal, budgetary, and program guidance from CDPH, OA, and CDC that ensure program management and coordination; 5. Collaborate with partners to respond to the HIV epidemic to facilitate sharing data and resources to support progress toward meeting California's Integrated Plan goals and objectives. CDPH Office of AIDS, MS 7700 • P.O. Box 997426 • Sacramento, CA 95899-7426 (916) 449-5900 • (916) 449-5909 FAX Department Website (www.cdph.ca.gov) _ s These funds will be available to the HIV surveillance program on a yearly basis from July 1, 2024 — June 30, 2029. The amount of funding allocated is on an annual basis through a non-competitive formula. The Surveillance Program Funding Allocation Process includes the annual allocation amounts for specific jurisdictions. The funds must be used to provide allowable HIV surveillance program activities at the local level. For guidance, please see the HIV Surveillance Program Scope of Work. All Grantees must adhere to the Scope of Work, and any subsequent revisions, along with all instructions, policy memorandums, or directives issued by CDPH/OA. CDPH/OA will make any changes and/or additions to these guidelines in writing and, whenever possible, notification of such changes shall be made 30 days prior to implementation. In order to apply for these funds, you must return the required budget documents by June 1, 2024. The documents should be e-mailed to HIV.Surveillance(a)-cdph.ca.gov. Please note that no funds are secured until the contract is fully executed. We look forward to collaborating with you to conduct effective surveillance of the California HIV epidemic. If you have any questions, please email HIV.Surveillance(a�cdph.ca.gov or Kimberly Ferreira at Kimberly.Ferreira(a�cdph.ca.gov. Sincerely, 1 49� Deanna A. Sykes, PhD Chief, Surveillance and Prevention Evaluation and Reporting Branch Office of AIDS California Department of Public Health cc: Kimberly Ferreira Assistant Branch Chief Surveillance and Prevention Evaluation and Reporting Branch Office of AIDS California Department of Public Health Jamie Katayanagi, Chief Quality Management Unit Surveillance Section Surveillance and Prevention Evaluation and Reporting Branch Office of AIDS California Department of Public Health Exhibit Al List of Allocations FINAL FINAL FINAL FINAL FINAL FY 24/25 FY 25/26 FY 26/27 FY 27/28 FY 28/29 TOTAL Summary Adjusted Adjusted Adjusted Adjusted Adjusted Five(5)Year County/City Action Allocation Allocation Allocation Allocation Allocation Allocation Alameda Formula $ 271,514 $ 271,514 $ 271,514 $ 271,514 $ 271,514 $ 1,357,570 Alpine Minimum $ 3,000 $ 3,000 $ 3,000 $ 3,000 $ 3,000 $ 15,000 Amador HH $ 5,654 $ 5,654 $ 5,654 $ 5,654 $ 5,654 $ 28,270 IBerkeley JHH I $ 25,701 1 $ 25,701 $ 25,701 $ 25,701 $ 25,701 $ 128:505 Butte JHH $ 23,822 1 $ 23,822 $ 23,822 $ 23,822 $ 23,822 $ 119110 1Calaveras JHH I $ 5,0131 $ 5,0131 $ 5,0131 $ 5,0131 $ 5,013 1 $ 25,0651 1 Colusa I Minimum I $ 3,000 1 $ 3,000 1 $ 3,000 1 $ 3,000 1 $ 3,000 1 $ 15,0001 1Contra Costa JHH I $ 162,320 1 $ 162,320 1 $ 162,320 1 $ 162,320 1 $ 162,320 1 $ 811,600 1 IDel Norte JHH $ 3,133 1 $ 3,133 $ 3,133 3,1$ 3,133 $ 33 $ 15,665 El Dorado HH I $ 11,807 $ 11,807 $ 11,807 $ 11,807 $ 11,807 1 $ 59,035 Fresno Cap $ 95,990 1 $ 95,990 $ 95,990 $ 95,990 $ 95,990 $ 479,950 Glenn Minimum $ 3,000 $ 31000 $ 3,000 $ 3,000 $ 3,000 $ 15,000 Humboldt JHH 1 $ 11,2831 $ 11,2831 $ 11,2831 $ 11,283 1 $ 11,283 1 $ 56,415 1 Imperial I Cap I $ 20,325 1 $ 20,325 1 $ 20,325 1 $ 20,325 1 $ 20,325 1 $ 101,625 1 Inyo JHH I $ 4,387 1 $ 4,387 1 $ 4,387 I $ 4,387 I $ 4,387 I $ 21,935 1 Kern I Cap I $ 130,107 1 $ 130,107 1 $ 130,107 1 $ 130,107 1 $ 130,107 1 $ 650,535 1 Kings JHH I $ 16,926 1 $ 16,926 1 $ 16,926 1 $ 16,926 1 $ 16,926 1 $ 84,630 Lake HH $ 9,402 $ 9,402 $ 9,402 $ 9,402 $ 9,402 $ 47,010 Lassen HH $ 5,013 $ 5,013 $ 5,013 $ 5,013 $ 5,013 $ 25,065 Long Beach HH 1 $ 228,481 $ 228,481 $ 228,481 $ 228,481 $ 228,481 $ 1,142,405 1 Los Angeles JCap 1 $ 2,088,748 $ 2,088,748 I $ 2,088,748 $ 2,088,748 1 $ 2,088,748 $ 10,443,740 1 Madera JHH I $ 15,045 1 $ 15,045 1 $ 15,045 1 $ 15,045 1 $ 15,045 1 $ 75,2251 1 Marin JHH I $ 48,271 1 $ 48,271 I $ 48,271 I $ 48,271 I $ 48,271 I $ 241,3551 1 Mariposa Minimum $ 3,000 $ 3,000 1 $ 3,000 $ 3,000 1 $ 3,000 1 $ 15,000 1 Mendocino HH $ 12,536 $ 12,536 $ 12,536 $ 12,536 $ 12,536 $ 62,680 Merced Cap $ 19,113 $ 19,113 $ 19,113 $ 19,113 $ 19,113 $ 95,565 Modoc Minimum $ 3,000 $ 3,000 $ 3,000 $ 3,000 $ 3,000 $ 15,000 Mono Minimum $ 3,000 $ 3,000 $ 3,000 $ 3,000 $ 3,000 $ 15,000 Monterey H H $ 45,119 $ 45,119 $ 45,119 $ 45,119 $ 45,119 $ 225,595 Napa I Formula I $ 12,896 1 $ 12,896 1 $ 12,896 1 $ 12,896 1 $ 12,896 1 $ 64,480 l Nevada JHH I $ 6,268 1 $ 6,268 1 $ 6,268 1 $ 6,268 1 $ 6,268 1 $ 31,3401 Orange HH $ 399,971 $ 399,971 $ 399,971 $ 399,971 $ 399,971 $ 1,999,855 Pasadena Formula $ 27,169 $ 27,169 $ 27,169 $ 27,169 $ 27,169 $ 135,845 Placer Cap 1 $ 15,927 $ 15,927 $ 15,927 $ 15,927 $ 15,927 $ 79,635 IPlumas Minimum I $ 3,000 $ 3,000 $ 3,000 $ 3,000 $ 3,0OOJ $ 15,000 Riverside JCap $ 310,517 1 $ 310,517 $ 310,517 1 $ 310,517 $ 310,517 1 $ 1,552,585 1 Sacramento J Cap I $ 231,143 1 $ 231,143 1 $ 231,143 1 $ 231,143 1 $ 231,143 1 $ 1,155,7151 San Benito J Cap I $ 3,367 1 $ 3,367 1 $ 3,367 1 $ 3,367 1 $ 3,367 1 $ 16,8351 San Bernardino J Cap I $ 271,368 1 $ 271,368 1 $ 271,368 1 $ 271,368 1 $ 271,368 1 $ 1,356,840 1 (San Diego HH I $ 621,121 $ 621,121 $ 621,121 $ 621,121 $ 621,121 $ 3,105,605 San Francisco HH $ 672,178 $ 672,178 $ 672,178 $ 672,178 $ 672,178 $ 3,360,890 1San Joaquin Cap $ 88,404 $ 88,404 $ 88,404 $ 88,404 $ 88,404 $ 442,020 San Luis Obispo HH $ 31,344 $ 31,344 $ 31,344 $ 31,344 $ 31,344 $ 156,720 -San Mateo JHH $ 84,255 $ 84,255 $ 84,255 $ 84,255 $ 84,255 $ 421,275 1 Santa Barbara (Formula I $ 36,282 $ 36,282 $ 36,282 $ 36,282 $ 36,282 $ 181,4101 1Santa Clara JHH I $ 218,115 1 $ 218,115 1 $ 218,115 1 $ 218,115 1 $ 218,115 1 $ 1,090,5751 1 Santa Cruz JHH I $ 26,329 1 $ 26,329 1 $ 26,329 1 $ 26,329 1 $ 26,329 1 $ 131,6451 1 Shasta J H H I $ 13,145 1 $ 13,145 1 $ 13,145 1 $ 13,145 1 $ 13,145 1 $ 65,7251 1Sierra Minimum $ 3,000 $ 3,000 $ 3,000 $ 3,000 $ 3,000 $ 15,000 Siskiyou HH $ 4,387 $ 4,387 $ 4,387 $ 4,387 $ 4,387 $ 21,935 -Solano Formula 1 $ 63,988 $ 63,988 $ 63,988 $ 63,988 $ 63,988 $ 319,940 1Sonoma JHH I $ 69,587 1 $ 69,587 I $ 69,587 $ 69,587 1 $ 69,587 $ 347,935 1 Stanislaus J Cap I $ 47,785 1 $ 47,785 1 $ 47,785 1 $ 47,785 1 $ 47,785 1 $ 238,9251 1 Sutter Formula $ 7,527 $ 7,527 $ 7,527 $ 7,527 $ 7,527 1 $ 37,6351 1Tehama Minimum $ 3,000 $ 3,000 $ 3,000 $ 3,000 $ 3,000 1 $ 15,0001 Trinity Minimum $ 3,000 $ 3,000 $ 3,000 $ 3,000 $ 3,000 $ 15,000 Tulare Cap $ 31,855 $ 31,855 $ 31,855 $ 31,855 $ 31,855 $ 159,275 Tuolumne HH 1 $ 4,387 $ 4,387 $ 4,387 $ 4,387 $ 4,387 $ 21,935 (Ventura JCap I $ 69,656 1 $ 69,656 $ 69,656 $ 69,656 $ 69,656 $ 348,280 Yolo Cap $ 15,537 $ 15,537 $ 15,537 $ 15,537 $ 15,537 $ 77,685 iYuba JHH $ 5,654 1 $ 5,654 i $ 5,654 L $ 5,654 L $ 5,654 L $ 28,270 1TotaI I $ 6,679,8721 $ 6,679,872 $ 6,679,872 1 $ 6,679,872 1 $ 6,679,872 1 $ 33,399,360 Exhibit A2 Funding Allocation Process The Office of AIDS (OA) will allocate $6.67 million in Fiscal Year (FY) 2024-2025 State General Fund to local health jurisdictions (LHJs) for local HIV Surveillance Programs. OA will use the following formula for FY 2024-25: The allocation formula is based upon the following factors: • New diagnoses for past 5 years (2017-2021); and • Living cases at most recent year end (2021) Funding Minimum: OA will implement a minimum allocation of $3,000 for the rest of the LHJs. The ten LHJs receiving the minimum allocation: Alpine, Colusa, Glenn, Mariposa, Modoc, Mono, Plumas, Sierra, Tehama, and Trinity. OA will apply the following stabilization measures: 1. Funding Cap (CAP): OA will implement a funding cap, which is a maximum funding level placed on each LHJ, set at 106 percent of the FY 2023-24 allocation. The fifteen LHJs impacted by the funding cap: Fresno, Imperial, Kern, Los Angeles, Merced, Placer, Riverside, Sacramento, San Benito, San Bernardino, San Joaquin, Stanislaus, Tulare, Ventura and Yolo. 2. Hold Harmless Provision: OA will distribute funds to other LHJs so that the minimum funding level is 96 percent of the FY 2023-24 allocation. Thirty LHJs are allocated funds due to the hold harmless provision. Six LHJs receive their unadjusted formula amount: Alameda, Napa, Pasadena, Santa Barbara, Solano, and Sutter. FY 2024/25 HIV Surveillance Program Funding Allocation FY 24 25 Unadjusted FINAL FINAL Allocation via Unadjusted FINAL Adjusted Adjusted formula (no Allocation% FY 24/25 Allocation % Allocation% FY 23/24 cap, HH, or of FY 23/24 Adjusted of of FY 23/24 Summary County/City Allocation min.) Allocation Allocation Unadjusted Allocation Action Alameda $ 285,286 $ 272,692 95.6% $ 271,514 99.6% 95% Formula Alpine $ - $ 47 - $ 3,000 6383.0% - Minimum Amador $ 6,015 $ 4,994 83.0% $ 5,654 113.2% 94% HH Berkeley $ 27,342 I $ 18,292 66.90/61 $ 25,7011 140.5% 94%I HH Butte I $ 25,343 I $ 13,345 I 52.7%I $ 23,8221 178.5%I 94%I HH Calaveras $ 5,334 1 $ 2,452 1 46.0%1 $ 5,0131 204.4%1 94%1 HH Colusa $ 3,000 1 $ 2,2101 73.7%1 $ 3,0001 135.7%1 100%1 Minimum Contra Costa 1 $ 172,681 1 $ 140,330 1 81.3%1 $ 162,3201 115.7%1 94%1 HH Del Norte $ 3,334 1 $ 1,3821 41.5%1 $ 3,1331 226.7%1 94%1 HH El Dorado $ 12,561 1 $ 10,358 1 82.5%1 $ 11,8071 114.0%1 94%1 HH Fresno $ 90,643 1 $ 149,002 1 164.4%1 $ 95,9901 64.4%1 106%1 Cap Glenn $ 3,000 $ 913 30.4% $ 3,000 328.6% 100% Minimum Humboldt $ 12,004 $ 11,324 94.37/o $ 11,283 99.6% 94% HH Imperial $ 19,193 $ 31,459 163.9% $ 20,325 64.6% 106% Cap Inyo $ 4,668 $ 1,230 26.3% $ 4,387 356.7% 94% HH Kern $ 122,859 $ 174,105 141.7% $ 130,107 74.7% 106% Cap Kings $ 18,007 $ 12,834 71.3% $ 16,926 131.9% 94% HH Lake $ 10,003 $ 5,732 57.3% $ 9,402 164.0% 94% HH Lassen $ 5,334 $ 932 17.5% $ 5,013 537.9% 94% HH Long Beach 1 $ 243,065 $ 177,467 73.0% $ 228,481 1 128.7% 94% HH Los Angeles 1 $ 1,972,378 I $ 2,223,227 1 112.7%1 $ 2,088,7481 94.0% 106%I Cap Madera $ 16,006 1 $ 13,994 1 87.4%1 $ 15,0451 107.5%1 94%1 HH �Marin $ 51,353 1 $ 30,648 1 59.7%1 $ 48,2711 157.5%1 94%1HH Mariposa $ 3,000 1 $ 1,084 1 36.1%1 $ 3,0001 276.8%1 100%1 Minimum Mendocino $ 13,337 1 $ 7,536 1 56.5%1 $ 12,5361 166.3%1 94%1 HH Merced $ 18,049 1 $ 31,724 1 175.8%1 $ 19,1131 60.2%1 106%1 Cap Modoc $ 2,820 1 $ 71 1 2.5%1 $ 3,0001 4225.4%1 106%1 Minimum Mono $ 3,000 1 $ 336 1 11.2%1 $ 3,0001 892.9%1 100%1 Minimum Monterey $ 47,999 $ 43,119 89.8% $ 45,119 104.6% 94% HH Napa $ 13,251 $ 12,952 97.77/o $ 12,896 99.6% 97% Formula Nevada $ 6,669 $ 6,196 92.9% $ 6,268 101.2% 94% HH Orange $ 425,502 $ 382,602 89.9% $ 399,971 104.5% 94% HH Pasadena $ 26,792 $ 27,287 101.8%1 $ 27,169 99.6% 101% Formula Placer $ 15,040 $ 20,825 138.5% $ 15,927 76.5% 106% Cap Plumas $ 3,000 $ 1,008 33.6% $ 3,000 297.6% 100% Minimum Riverside $ 293,218 $ 441,763 150.7% $ 310,517 70.3% 106% Cap Sacramento $ 218,266 $ 239,914 109.9% $ 231,143 96.3% 106% Cap San Benito $ 3,180 I $ 4,062 1 127.7%1 $ 3,3671 82.9% 106%I Cap San Bernardino $ 256,250 1 $ 330,049 1 128.8%1 $ 271,3681 82.2%I 106%I Cap San Diego $ 660,768 1 $ 618,660 1 93.6%1 $ 621,1211 100.4%1 94%1 HH San Francisco $ 715,084 1 $ 433,268 1 60.6%1 $ 672,1781 155.1%1 94%1 HH San Joaquin $ 83,479 1 $ 95,300 1 114.2%1 $ 88,4041 92.8%1 106%l Cap San Luis Obispo $ 33,345 1 $ 18,3681 55.1%1 $ 31,3441 170.6%1 94%1 HH San Mateo $ 89,634 1 $ 77,919 1 86.9%1 $ 84,2551 108.1%1 94%1 HH Santa Barbara $ 34,678 1 $ 36,439 1 105.1%1 $ 36,2821 99.6%1 105%1 Formula Santa Clara $ 232,038 $ 194,348 83.8% $ 218,115 112.2% 94% HH Santa Cruz $ 28,010 $ 21,824 77.97/o $ 26,329 120.6% 94% HH Shasta $ 13,985 $ 7,849 56.1% $ 13,145 167.5% 94% HH ISierra $ 3,000 $ 217 7.2% $ 3,000 1382.5% 100% Minimum Siskiyou $ 4,668 $ 2,324 49.8% $ 4,387 188.8% 94% HH Solano $ 63,257 $ 64,265 101.6% $ 63,988 99.6% 101% Formula Sonoma $ 74,029 $ 56,681 76.6% $ 69,587 122.8% 94% HH Stanislaus $ 45,123 $ 53,998 119.7% $ 47,785 88.5% 106% Cap Sutter $ 7,520 $ 7,560 100.5% $ 7,527 99.6% 100% Formula Tehama $ 3,000 I $ 2,826 1 94.2%J $ 3,0001 106.2% 100%I Minimum Trinity $ 3,000 1 $ 454 1 15.1%1 $ 3,0001 660.8%1 100%1 Minimum Tulare 1 $ 30,081 1 $ 36,922 1 122.7%1 $ 31,8551 86.3%1 106%l Cap Tuolumne I $ 4,668 1 $ 1,7651 37.8%1 $ 4,3871 248.6%1 94%1 HH Ventura 1 $ 65,776 1 $ 70,890 1 107.8%1 $ 69,6561 98.3%1 106%l Cap IYolo I $ 14,672 I $ 18,572 I 126.E%I $ 15,5371 83.7%I 106%I Cap Yuba I $ 6,015 1 $ 4,639 I 77.1%1 $ 5,6541 121.9%I 94%I HH Total $ 6,674,612 [ $ 6,674,585 1 I $ 6,679,8721 1 0 No Case County/City Unadjusted 6 Formula County/City Funding 15 Cap County/City Minimum 10 Allocation County/City Hold 30 Harmless County/City Total 61 Counties/Cities County of Fresno 24-10277 Exhibit B Budget Detail and Payment Provisions 1. Invoicing and Payment A. Upon completion of project activities as provided in Exhibit A Grant Application/Attachment 1 Grantee Written Modification, and upon receipt and approval of the invoices, the State agrees to reimburse the Grantee for activities performed and expenditures incurred in accordance with the total amount of this agreement. B. Invoices shall include the Grant Number and shall be submitted electronically or in triplicate not more frequently than monthly in arrears to HIV.Surveillance(o)-cdph.ca.gov. C. Invoices shall: 1) Be prepared on Grantee letterhead. If invoices are not on produced letterhead invoices must be signed by an authorized official, employee or agent certifying that the expenditures claimed represent activities performed and are in accordance with Exhibit A Grant Application under this Grant. 2) Bear the Grantee's name as shown on the Grant. 3) Identify the billing and/or performance period covered by the invoice. 4) Itemize costs for the billing period in the same or greater level of detail as indicated in this Grant. Subject to the terms of this Grant, reimbursement may only be sought for those costs and/or cost categories expressly identified as allowable and approved by CDPH. D. Amount awarded under this Grant is identified in the CDPH 1229 Grant Agreement. 2. Budget Contingency Clause A. It is mutually agreed that if the Budget Act of the current year and/or any subsequent years covered under this Agreement does not appropriate sufficient funds for the program, this Agreement shall be of no further force and effect. In this event, the State shall have no liability to pay any funds whatsoever to Grantee or to furnish any other considerations under this Agreement and Grantee shall not be obligated to fulfill any provisions of this Agreement. B. If funding for any fiscal year is reduced or deleted by the Budget Act for purposes of this program, the State shall have the option to either cancel this Agreement with no liability occurring to the State or offer an agreement amendment to Grantee to reflect the reduced amount. 3. Prompt Payment Clause Payment will be made in accordance with, and within the time specified in, Government Code Chapter 4.5, commencing with Section 927. Page 1 of 2 County of Fresno 24-10277 Exhibit B Budget Detail and Payment Provisions 4. Timely Submission of Final Invoice A. A final undisputed invoice shall be submitted for payment no more than forty-five (45) calendar days following the expiration or termination date of this Grant, unless a later or alternate deadline is agreed to in writing by the program grant manager. Said invoice should be clearly marked "Final Invoice", indicating that all payment obligations of the State under this Grant have ceased and that no further payments are due or outstanding. B. The State may, at its discretion, choose not to honor any delinquent final invoice if the Grantee fails to obtain prior written State approval of an alternate final invoice submission deadline. 5. Travel and Per Diem Reimbursement Any reimbursement for necessary travel and per diem shall, unless otherwise specified in this Agreement, be at the rates currently in effect, as established by the California Department of Human Resources (Cal HR). If the Cal HR rates change during the term of the Agreement, the new rates shall apply upon their effective date and no amendment to this Agreement shall be necessary. No travel outside the State of California shall be reimbursed without prior authorization from the CDPH. Verbal authorization should be confirmed in writing. Written authorization may be in a form including fax or email confirmation. Page 2 of 2 County of Fresno 24-10277 Page 1 of 4 EXHIBIT C STANDARD GRANT CONDITIONS 1. APPROVAL: This Grant is of no force or effect until signed by both parties and approved by the Department of General Services, if required. The Grantee may not commence performance until such approval has been obtained 2. AMENDMENT: No amendment or variation of the terms of this Grant shall be valid unless made in writing, signed by the parties, and approved as required. No oral understanding or Agreement not incorporated in the Grant is binding on any of the parties. In no case shall the Department materially alter the scope of the Project set forth in Exhibit A. 3. ASSIGNMENT: This Grant is not assignable by the Grantee, either in whole or in part, without the written consent of the Grant Manager in the form of a written amendment to the Grant. 4. AUDIT: Grantee agrees that the Department, the Bureau of State Audits, or their designated representative shall have the right to review and to copy any records and supporting documentation pertaining to this Grant. Grantee agrees to maintain such records for a possible audit for a minimum of three (3) years after final payment or completion of the project funded with this Grant, unless a longer period of records retention is stipulated. Grantee agrees to allow the auditor(s) access to such records during normal business hours and to allow interviews of any employees who might reasonably have information related to such records. Further, Grantee agrees to include a similar right of the State to audit records and interview staff in any subcontract related to the project. 5. CONFLICT OF INTEREST: Grantee certifies that it is in compliance with all applicable state and/or federal conflict of interest laws. 6. INDEMNIFICATION: Grantee agrees to indemnify, defend and save harmless the State, its officers, agents and employees from any and all claims and losses accruing or resulting to any and all contractors, subcontractors, suppliers, laborers, and any other person, firm or corporation furnishing or supplying work services, materials, or supplies in connection with the project, and from any and all claims and losses accruing or resulting to any person, firm or corporation who may be injured or damaged by Grantee in the performance of any activities related to the Project. 7. FISCAL MANAGEMENT SYSTEMS AND ACCOUNTING STANDARDS: Grantee agrees that, at a minimum, its fiscal control and accounting procedures will be sufficient to permit tracing of all grant funds to a level of expenditure adequate to establish that such funds have not been used in violation of any applicable state or federal law, or the provisions of this Grant. Grantee further agrees that it will maintain separate Project accounts in accordance with generally accepted accounting principles. 8. GOVERNING LAW: This Grant is governed by and shall be interpreted in accordance with the laws of the State of California. County of Fresno 24-10277 Page 2 of 4 9. INCOME RESTRICTIONS: Grantee agrees that any refunds, rebates, credits, or other amounts (including any interest thereon) accruing to or received by the Grantee under this Grant shall be paid by the Grantee to the Department, to the extent that they are properly allocable to costs for which the Grantee has been reimbursed by the Department under this Grant. 10. INDEPENDENT CONTRACTOR: Grantee, and its agents and employees of Grantee, in the performance of the Project, shall act in an independent capacity and not as officers, employees or agents of the Department. 11. MEDIA EVENTS: Grantee shall notify the Department's Grant Manager in writing at least twenty (20)working days before any public or media event publicizing the accomplishments and/or results of the Project and provide the opportunity for attendance and participation by Department's representatives. 12. NO THIRD-PARTY RIGHTS: The Department and Grantee do not intend to create any rights or remedies for any third- party as a beneficiary of this Grant or the project. 13. NOTICE: Grantee shall promptly notify the Department's Grant Manager in writing of any events, developments or changes that could affect the completion of the project or the budget approved for this Grant. 14. PROFESSIONALS: Grantee agrees that only licensed professionals will be used to perform services under this Grant where such services are called for. 15. RECORDS: Grantee certifies that it will maintain Project accounts in accordance with generally accepted accounting principles. Grantee further certifies that it will comply with the following conditions for a grant award as set forth in the Request for Applications (Exhibit D) and the Grant Application (Exhibit A). A. Establish an official file for the Project which shall adequately document all significant actions relative to the Project; B. Establish separate accounts which will adequately and accurately depict all amounts received and expended on this Project, including all grant funds received under this Grant; C. Establish separate accounts which will adequately depict all income received which is attributable to the Project, especially including any income attributable to grant funds disbursed under this Grant; D. Establish an accounting system which will adequately depict final total costs of the Project, including both direct and indirect costs; and, E. Establish such accounts and maintain such records as may be necessary for the state to fulfill federal reporting requirements, including any and all reporting requirements under federal tax statutes or regulations. 16. RELATED LITIGATION: Under no circumstances may Grantee use funds from any disbursement under this Grant to pay for costs associated with any litigation between the Grantee and the Department. County of Fresno 24-10277 Page 3 of 4 17. RIGHTS IN DATA: Grantee and the Department agree that all data, plans, drawings, specifications, reports, computer programs, operating manuals, notes, and other written or graphic work submitted under Exhibit A in the performance of the Project funded by this Grant shall be in the public domain. Grantee may disclose, disseminate and use in whole or in part, any final form data and information received, collected, and developed under this Project, subject to appropriate acknowledgment of credit to the Department for financial support. Grantee shall not utilize the materials submitted to the Department (except data)for any profit making venture or sell or grant rights to a third-party who intends to do so. The Department has the right to use submitted data for all governmental purposes. 18. VENUE: The Department and Grantee agree that any action arising out of this Grant shall be filed and maintained in the Superior Court, California. Grantee waives any existing sovereign immunity for the purposes of this Grant, if applicable. 19. STATE-FUNDED RESEARCH GRANTS: A. Grantee shall provide for free public access to any publication of a department-funded invention or department-funded technology. Grantee further agrees to all terms and conditions required by the California Taxpayer Access to Publicly Funded Research Act (Chapter 2.5 (commencing with Section 13989) of Part 4.5 of Division 3 of Title 2 of the Government Code). B. As a condition of receiving the research grant, Grantee agrees to the following terms and conditions which are set forth in Government Code section 13989.6 ("Section 13989.E"): 1) Grantee is responsible for ensuring that any publishing or copyright agreements concerning submitted manuscripts fully comply with Section 13989.6. 2) Grantees shall report to the Department the final disposition of the research grant, including, but not limited to, if it was published, when it was published, where it was published, when the 12-month time period expires, and where the manuscript will be available for open access. 3) For a manuscript that is accepted for publication in a peer-reviewed journal, the Grantee shall ensure that an electronic version of the peer-reviewed manuscript is available to the department and on an appropriate publicly accessible database approved by the Department, including, but not limited to, the University of California's eScholarship Repository at the California Digital Library, PubMed Central, or the California Digital Open Source Library, to be made publicly available not later than 12 months after the official date of publication. Manuscripts submitted to the California Digital Open Source Library shall be exempt from the requirements in subdivision (b) of Section 66408 of the Education Code. Grantee shall make reasonable efforts to comply with this requirement by ensuring that their manuscript is accessible on an approved publicly accessible database, and notifying the Department that the manuscript is available on a department-approved database. If Grantee is unable to ensure that their manuscript is accessible on an approved publicly accessible database, Grantee may comply by providing the manuscript to the Department not later than 12 months after the official date of publication. County of Fresno 24-10277 Page 4 of 4 4) For publications other than those described inparagraph B.3 above„ including meeting abstracts, Grantee shall comply by providing the manuscript to the Department not later than 12 months after the official date of publication. 5) Grantee is authorized to use grant money for publication costs, including fees charged by a publisher for color and page charges, or fees for digital distribution. County of Fresno 24-10277 Page 1 of 3 Exhibit D Additional Provisions 1. Cancellation /Termination A. This Grant may be cancelled by CDPH without cause upon thirty (30) calendar days advance written notice to the Grantee. B. CDPH reserves the right to cancel or terminate this Grant immediately for cause. The Grantee may submit a written request to terminate this Grant only if CDPH substantially fails to perform its responsibilities as provided herein. C. The term "for cause" shall mean that the Grantee fails to meet the terms, conditions, and/or responsibilities of this agreement. Causes for termination include, but are not limited to the following occurrences: 1) If the Grantee knowingly furnishes any statement, representation, warranty, or certification in connection with the agreement, which representation is materially false, deceptive, incorrect, or incomplete. 2) If the Grantee fails to perform any material requirement of this Grant or defaults in performance of this agreement. 3) If the Grantee files for bankruptcy, or if CDPH determines that the Grantee becomes financially incapable of completing this agreement. D. Grant termination or cancellation shall be effective as of the date indicated in CDPH's notification to the Grantee. The notice shall stipulate any final performance, invoicing or payment requirements. E. In the event of early termination or cancellation, the Grantee shall be entitled to compensation for services performed satisfactorily under this agreement and expenses incurred up to the date of cancellation and any non-cancelable obligations incurred in support of this Grant. F. In the event of termination, and at the request of CDPH, the Grantee shall furnish copies of all proposals, specifications, designs, procedures, layouts, copy, and other materials related to the services or deliverables provided under this Grant, whether finished or in progress on the termination date. G. The Grantee will not be entitled to reimbursement for any expenses incurred for services and deliverables pursuant to this agreement after the effective date of termination. H. Upon receipt of notification of termination of this Grant, and except as otherwise specified by CDPH, the Grantee shall: 1) Place no further order or subgrants for materials, services, or facilities. 2) Settle all outstanding liabilities and all claims arising out of such termination of orders and subgrants. Page 1 of 3 County of Fresno 24-10277 Page 2 of 3 Exhibit D Additional Provisions 3) Upon the effective date of termination of the Grant and the payment by CDPH of all items properly changeable to CDPH hereunder, Grantee shall transfer, assign and make available to CDPH all property and materials belonging to CDPH, all rights and claims to any and all reservations, grants, and arrangements with owners of media/PR materials, or others, and shall make available to CDPH all written information regarding CDPH's media/PR materials, and no extra compensation is to be paid to Grantee for its services. 4) Take such action as may be necessary, or as CDPH may specify, to protect and preserve any property related to this agreement which is in the possession of the Grantee and in which CDPH has or may acquire an interest. I. CDPH may, at its discretion, require the Grantee to cease performance of certain components of the Scope of Work as designated by CDPH and complete performance of other components prior to the termination date of the Grant. 2. Avoidance of Conflicts of Interest by Grantee A. CDPH intends to avoid any real or apparent conflict of interest on the part of the Grantee, subgrants, or employees, officers and directors of the Grantee or subgrants. Thus, CDPH reserves the right to determine, at its sole discretion, whether any information, assertion or claim received from any source indicates the existence of a real or apparent conflict of interest; and, if a conflict is found to exist, to require the Grantee to submit additional information or a plan for resolving the conflict, subject to CDPH review and prior approval. B. Conflicts of interest include, but are not limited to: 1) An instance where the Grantee or any of its subgrants, or any employee, officer, or director of the Grantee or any subgrant or has an interest, financial or otherwise, whereby the use or disclosure of information obtained while performing services under the grant would allow for private or personal benefit or for any purpose that is contrary to the goals and objectives of the grant. 2) An instance where the Grantee's or any subgrant's employees, officers, or directors use their positions for purposes that are, or give the appearance of being, motivated by a desire for private gain for themselves or others, such as those with whom they have family, business or other ties. C. If CDPH is or becomes aware of a known or suspected conflict of interest, the Grantee will be given an opportunity to submit additional information or to resolve the conflict. A Grantee with a suspected conflict of interest will have five (5) working days from the date of notification of the conflict by CDPH to provide complete information regarding the suspected conflict. If a conflict of interest is determined to exist by CDPH and cannot be resolved to the satisfaction of CDPH, the conflict will be grounds for terminating the grant. CDPH may, at its discretion upon receipt of a written request from the Grantee, authorize an extension of the timeline indicated herein. Page 2of3 County of Fresno 24-10277 Page 3 of 3 Exhibit D Additional Provisions 3. Dispute Resolution Process A. A Grantee grievance exists whenever there is a dispute arising from CDPH's action in the administration of an agreement. If there is a dispute or grievance between the Grantee and CDPH, the Grantee must seek resolution using the procedure outlined below. 1) The Grantee should first informally discuss the problem with the CDPH Program Grant Manager. If the problem cannot be resolved informally, the Grantee shall direct its grievance together with any evidence, in writing, to the program Branch Chief. The grievance shall state the issues in dispute, the legal authority or other basis for the Grantee's position and the remedy sought. The Branch Chief shall render a decision within ten (10) working days after receipt of the written grievance from the Grantee. The Branch Chief shall respond in writing to the Grantee indicating the decision and reasons therefore. If the Grantee disagrees with the Branch Chief's decision, the Grantee may appeal to the second level. 2) When appealing to the second level, the Grantee must prepare an appeal indicating the reasons for disagreement with Branch Chief's decision. The Grantee shall include with the appeal a copy of the Grantee's original statement of dispute along with any supporting evidence and a copy of the Branch Chief's decision. The appeal shall be addressed to the Deputy Director of the division in which the branch is organized within ten (10) working days from receipt of the Branch Chief's decision. The Deputy Director of the division in which the branch is organized or his/her designee shall meet with the Grantee to review the issues raised. A written decision signed by the Deputy Director of the division in which the branch is organized or his/her designee shall be directed to the Grantee within twenty (20) working days of receipt of the Grantee's second level appeal. B. If the Grantee wishes to appeal the decision of the Deputy Director of the division in which the branch is organized or his/her designee, the Grantee shall follow the procedures set forth in Division 25.1 (commencing with Section 38050) of the Health and Safety Code and the regulations adopted thereunder. (Title 1, Division 2, Chapter 2, Article 3 (commencing with Section 1140) of the California Code of Regulations). C. Disputes arising out of an audit, examination of an agreement or other action not covered by subdivision (a) of Section 20204, of Chapter 2.1, Title 22, of the California Code of Regulations, and for which no procedures for appeal are provided in statute, regulation or the Agreement, shall be handled in accordance with the procedures identified in Sections 51016 through 51047, Title 22, California Code of Regulations. D. Unless otherwise stipulated in writing by CDPH, all dispute, grievance and/or appeal correspondence shall be directed to the CDPH Grant Manager. E. There are organizational differences within CDPH's funding programs and the management levels identified in this dispute resolution provision may not apply in every contractual situation. When a grievance is received and organizational differences exist, the Grantee shall be notified in writing by the CDPH Grant Manager of the level, name, and/or title of the appropriate management official that is responsible for issuing a decision at a given level. Page 3 of 3 County of Fresno 24-10277 Page 1 of 12 Exhibit E Information Privacy and Security Requirements This Information Privacy and Security Requirements Exhibit (Exhibit) sets forth the information privacy and security requirements Contractor is obligated to follow with respect to all personal and confidential information (as defined herein) disclosed to Contractor, or collected, created, maintained, stored, transmitted or used by Contractor for or on behalf of the California Department of Public Health (CDPH), pursuant to Contractor's agreement with CDPH. (Such personal and confidential information is referred to herein collectively as CDPH PCI.) CDPH and Contractor desire to protect the privacy and provide for the security of CDPH PCI pursuant to this Exhibit and in compliance with state and federal laws applicable to the CDPH PCI. I. Order of Precedence: With respect to information privacy and security requirements for all CDPH PCI, the terms and conditions of this Exhibit shall take precedence over any conflicting terms or conditions set forth in any other part of the agreement between Contractor and CDPH, including Exhibit A (Scope of Work), all other exhibits and any other attachments, and shall prevail over any such conflicting terms or conditions. II. Effect on lower tier transactions: The terms of this Exhibit shall apply to all contracts, subcontracts, and subawards, and the information privacy and security requirements Contractor is obligated to follow with respect to CDPH PCI disclosed to Contractor, or collected, created, maintained, stored, transmitted or used by Contractor for or on behalf of CDPH, pursuant to Contractor's agreement with CDPH. When applicable the Contractor shall incorporate the relevant provisions of this Exhibit into each subcontract or subaward to its agents, subcontractors, or independent consultants. III. Definitions: For purposes of the agreement between Contractor and CDPH, including this Exhibit, the following definitions shall apply: A. Breach: "Breach" means: 1. the unauthorized acquisition, access, use, or disclosure of CDPH PCI in a manner which compromises the security, confidentiality, or integrity of the information; or 2. the same as the definition of"breach of the security of the system" set forth in California Civil Code section 1798.29(f). B. Confidential Information: "Confidential information" means information that: 1. does not meet the definition of"public records" set forth in California Government code section 7920.530, or is exempt from disclosure under any of the provisions of Section 7920.000, et seq. of the California Government code or any other applicable state or federal laws; or 2. is contained in documents, files, folders, books, or records that are clearly labeled, marked or designated with the word "confidential" by CDPH. C. Disclosure: "Disclosure" means the release, transfer, provision of, access to, or divulging in any manner of information outside the entity holding the information. CDPH IPSR 10-23 County of Fresno 24-10277 Page 2 of 12 Exhibit E Information Privacy and Security Requirements D. PCI: "PCI" means "personal information" and "confidential information" (as these terms are defined herein: E. Personal Information: "Personal information" means information, in any medium (paper, electronic, oral) that: 1. directly or indirectly collectively identifies or uniquely describes an individual; or 2. could be used in combination with other information to indirectly identify or uniquely describe an individual, or link an individual to the other information; or 3. meets the definition of"personal information" set forth in California Civil Code section 1798.3, subdivision (a) or 4. is one of the data elements set forth in California Civil Code section 1798.29, subdivision (g)(1) or (g)(2); or 5. meets the definition of"medical information" set forth in either California Civil Code section 1798.29, subdivision (h)(2) or California Civil Code section 56.05, subdivision 0); or 6. meets the definition of"health insurance information" set forth in California Civil Code section 1798.29, subdivision (h)(3); or 7. is protected from disclosure under applicable state or federal law. F. Security Incident: "Security Incident" means: 1. an attempted breach; or 2. the attempted or successful unauthorized access or disclosure, modification, or destruction of CDPH PCI, in violation of any state or federal law or in a manner not permitted under the agreement between Contractor and CDPH, including this Exhibit; or 3. the attempted or successful modification or destruction of, or interference with, Contractor's system operations in an information technology system, that negatively impacts the confidentiality, availability, or integrity of CDPH PCI; or 4. any event that is reasonably believed to have compromised the confidentiality, integrity, or availability of an information asset, system, process, data storage, or transmission. Furthermore, an information security incident may also include an event that constitutes a violation or imminent threat of violation of information security policies or procedures, including acceptable use policies. G. Use: "Use" means the sharing, employment, application, utilization, examination, or analysis of information. IV. Disclosure Restrictions: The Contractor and its employees, agents, and subcontractors shall protect from unauthorized disclosure any CDPH PCI. The Contractor shall not disclose, except as otherwise specifically permitted by the agreement between Contractor and CDPH (including this Exhibit), any CDPH IPSR 10-23 County of Fresno 24-10277 Page 3 of 12 Exhibit E Information Privacy and Security Requirements CDPH PCI to anyone other than CDPH personnel or programs without prior written authorization from the CDPH Program Contract Manager, except if disclosure is required by State or Federal law. V. Use Restrictions: The Contractor and its employees, agents, and subcontractors shall not use any CDPH PCI for any purpose other than performing the Contractor's obligations under its agreement with CDPH. VI. Safeguards: The Contractor shall implement administrative, physical, and technical safeguards that reasonably and appropriately protect the privacy, confidentiality, security, integrity, and availability of CDPH PCI, including electronic or computerized CDPH PCI. At each location where CDPH PCI exists under Contractor's control, the Contractor shall develop and maintain a written information privacy and security program that includes administrative, technical and physical safeguards appropriate to the size and complexity of the Contractor's operations and the nature and scope of its activities in performing its agreement with CDPH, including this Exhibit, and which incorporates the requirements of Section VII, Security, below. Contractor shall provide CDPH with Contractor's current and updated policies within five (5) business days of a request by CDPH for the policies. VI I. Security: The Contractor shall take any and all steps reasonably necessary to ensure the continuous security of all computerized data systems containing CDPH PCI. These steps shall include, at a minimum, complying with all of the data system security precautions listed in the Contractor Data Security Standards set forth in Attachment 1 to this Exhibit. VIII. Security Officer: At each place where CDPH PCI is located, the Contractor shall designate a Security Officer to oversee its compliance with this Exhibit and to communicate with CDPH on matters concerning this Exhibit. IX. Training: The Contractor shall provide training on its obligations under this Exhibit, at its own expense, to all of its employees who assist in the performance of Contractor's obligations under Contractor's agreement with CDPH, including this Exhibit, or otherwise use or disclose CDPH PCI. A. The Contractor shall require each employee who receives training to certify, either in hard copy or electronic form, the date on which the training was completed. B. The Contractor shall retain each employee's certifications for CDPH inspection for a period of three years following contract termination or completion. C. Contractor shall provide CDPH with its employee's certifications within five (5) business days of a request by CDPH for the employee's certifications. X. Employee Discipline: Contractor shall impose discipline that it deems appropriate (in its sole discretion) on such employees and other Contractor workforce members under Contractor's direct control who intentionally or negligently violate any provisions of this Exhibit. CDPH IPSR 10-23 County of Fresno 24-10277 Page 4 of 12 Exhibit E Information Privacy and Security Requirements XI. Breach and Security Incident Responsibilities: A. Notification to CDPH of Breach or Security Incident: The Contractor shall notify CDPH immediately by telephone and email upon the discovery of a breach (as defined in this Exhibit), and within twenty-four (24) hours by email of the discovery of any security incident (as defined in this Exhibit), unless a law enforcement agency determines that the notification will impede a criminal investigation, in which case the notification required by this section shall be made to CDPH immediately after the law enforcement agency determines that such notification will not compromise the investigation. Notification shall be provided to the CDPH Program Contract Manager, the CDPH Privacy Officer and the CDPH Chief Information Security Officer, using the contact information listed in Section XI (F), below. If the breach or security incident is discovered after business hours or on a weekend or holiday and involves CDPH PCI in electronic or computerized form, notification to CDPH shall be provided by calling the CDPH Information Security Office at the telephone numbers listed in Section XI(F), below. For purposes of this Section, breaches and security incidents shall be treated as discovered by Contractor as of the first day on which such breach or security incident is known to the Contractor, or, by exercising reasonable diligence would have been known to the Contractor. Contractor shall be deemed to have knowledge of a breach if such breach is known, or by exercising reasonable diligence would have been known, to any person, other than the person committing the breach, who is an employee or agent of the Contractor. Contractor shall take: 1. prompt corrective action to mitigate any risks or damages involved with the breach or security incident and to protect the operating environment; and 2. any action pertaining to a breach required by applicable federal and state laws, including, specifically, California Civil Code section 1798.29. B. Investigation of Breach and Security Incidents: The Contractor shall immediately investigate such breach or security incident. As soon as the information is known and subject to the legitimate needs of law enforcement, Contractor shall inform the CDPH Program Contract Manager, the CDPH Privacy Officer, and the CDPH Chief Information Security Officer of: 1. what data elements were involved and the extent of the data disclosure or access involved in the breach, including, specifically, the number of individuals whose personal information was breached; 2. a description of the unauthorized persons known or reasonably believed to have improperly used the CDPH PCI and/or a description of the unauthorized persons known or reasonably believed to have improperly accessed or acquired the CDPH PCI, or to whom it is known or reasonably believed to have had the CDPH PCI improperly disclosed to them; 3. a description of where the CDPH PCI is believed to have been improperly used or disclosed; 4. a description of the probable and proximate causes of the breach or security incident; and 5. whether Civil Code section 1798.29 or any other federal or state laws requiring individual notifications of breaches have been triggered. CDPH IPSR 10-23 County of Fresno 24-10277 Page 5 of 12 Exhibit E Information Privacy and Security Requirements C. Written Report: The Contractor shall provide a written report of the investigation to the CDPH Program Contract Manager, the CDPH Privacy Officer, and the CDPH Chief Information Security Officer as soon as practicable after the discovery of the breach or security incident. The report shall include, but not be limited to, the information specified above, as well as a complete, detailed corrective action plan, including information on measures that were taken to halt and/or contain the breach or security incident, and measures to be taken to prevent the recurrence or further disclosure of data regarding such breach or security incident. D. Notification to Individuals: If notification to individuals whose information was breached is required under state or federal law, and regardless of whether Contractor is considered only a custodian and/or non-owner of the CDPH PCI, Contractor shall, at its sole expense, and at the sole election of CDPH, either: 1. make notification to the individuals affected by the breach (including substitute notification), pursuant to the content and timeliness provisions of such applicable state or federal breach notice laws. Contractor shall inform the CDPH Privacy Officer of the time, manner and content of any such notifications, prior to the transmission of such notifications to the individuals; or 2. cooperate with and assist CDPH in its notification (including substitute notification) to the individuals affected by the breach. E. Submission of Sample Notification to Attorney General: If notification to more than 500 individuals is required pursuant to California Civil Code section 1798.29, and regardless of whether Contractor is considered only a custodian and/or non-owner of the CDPH PCI, Contractor shall, at its sole expense, and at the sole election of CDPH, either: 1. electronically submit a single sample copy of the security breach notification, excluding any personally identifiable information, to the Attorney General pursuant to the format, content and timeliness provisions of Section 1798.29, subdivision (e). Contractor shall inform the CDPH Privacy Officer of the time, manner and content of any such submissions, prior to the transmission of such submissions to the Attorney General; or 2. cooperate with and assist CDPH in its submission of a sample copy of the notification to the Attorney General. F. CDPH Contact Information: To direct communications to the above referenced CDPH staff, the Contractor shall initiate contact as indicated herein. CDPH reserves the right to make changes to the contact information below by verbal or written notice to the Contractor. Said changes shall not require an amendment to this Exhibit or the agreement to which it is incorporated. CDPH IPSR 10-23 County of Fresno 24-10277 Page 6 of 12 Exhibit E Information Privacy and Security Requirements CDPH Program CDPH Privacy Officer CDPH Chief Information Security Contract Manager Officer See the Scope of Work Privacy Officer Chief Information Security Officer exhibit for Program Privacy Office Information Security Office Contract Manager c/o Office of Legal Services California Dept. of Public Health California Dept. of Public Health P.O. Box 997413, MS 6302 P.O. Box 997377, MS 0506 Sacramento, CA 95899-7413 Sacramento, CA 95899-7377 Email: Email: privacy(a)cdph.ca.gov CDPH.InfoSecurityOffice(a)cdph.ca.gov Telephone: (877) 421-9634 Telephone: (855) 500-0016 XI I. Documentation of Disclosures for Requests for Accounting: Contractor shall document and make available to CDPH or (at the direction of CDPH) to an Individual such disclosures of CDPH PCI, and information related to such disclosures, necessary to respond to a proper request by the subject Individual for an accounting of disclosures of personal information as required by Civil Code section 1798.25, or any applicable state or federal law. XIII. Requests for CDPH PCI by Third Parties: The Contractor and its employees, agents, or subcontractors shall promptly transmit to the CDPH Program Contract Manager all requests for disclosure of any CDPH PCI requested by third parties to the agreement between Contractor and CDPH (except from an Individual for an accounting of disclosures of the individual's personal information pursuant to applicable state or federal law), unless prohibited from doing so by applicable state or federal law. XIV. Audits, Inspection and Enforcement: CDPH may inspect the facilities, systems, books and records of Contractor to monitor compliance with this Exhibit. Contractor shall promptly remedy any violation of any provision of this Exhibit and shall certify the same to the CDPH Program Contract Manager in writing. XV. Return or Destruction of CDPH PCI on Expiration or Termination: Upon expiration or termination of the agreement between Contractor and CDPH for any reason, Contractor shall securely return or destroy the CDPH PCI. If return or destruction is not feasible, Contractor shall provide a written explanation to the CDPH Program Contract Manager, the CDPH Privacy Officer and the CDPH Chief Information Security Officer, using the contact information listed in Section XI (F), above. A. Retention Required by Law: If required by state or federal law, Contractor may retain, after expiration or termination, CDPH PCI for the time specified as necessary to comply with the law. B. Obligations Continue Until Return or Destruction: Contractor's obligations under this Exhibit shall continue until Contractor returns or destroys the CDPH PCI or returns the CDPH PCI to CDPH; provided however, that on expiration or termination of the agreement between Contractor and CDPH, Contractor shall not further use or disclose the CDPH PCI except as required by state or federal law. CDPH IPSR 10-23 County of Fresno 24-10277 Page 7 of 12 Exhibit E Information Privacy and Security Requirements C. Notification of Election to Destroy CDPH PCI: If Contractor elects to destroy the CDPH PCI, Contractor shall certify in writing, to the CDPH Program Contract Manager, the CDPH Privacy Officer and the CDPH Chief Information Security Officer, using the contact information listed in Section XI (F), above, that the CDPH PCI has been securely destroyed. The notice shall include the date and type of destruction method used. XVI. Amendment: The parties acknowledge that federal and state laws regarding information security and privacy rapidly evolves and that amendment of this Exhibit may be required to provide for procedures to ensure compliance with such laws. The parties specifically agree to take such action as is necessary to implement new standards and requirements imposed by regulations and other applicable laws relating to the security or privacy of CDPH PCI. The parties agree to promptly enter into negotiations concerning an amendment to this Exhibit consistent with new standards and requirements imposed by applicable laws and regulations. XVII. Assistance in Litigation or Administrative Proceedings: Contractor shall make itself and any subcontractors, workforce employees or agents assisting Contractor in the performance of its obligations under the agreement between Contractor and CDPH, available to CDPH at no cost to CDPH to testify as witnesses, in the event of litigation or administrative proceedings being commenced against CDPH, its director, officers or employees based upon claimed violation of laws relating to security and privacy, which involves inactions or actions by the Contractor, except where Contractor or its subcontractor, workforce employee or agent is a named adverse party. XVIII. No Third-Party Beneficiaries: Nothing express or implied in the terms and conditions of this Exhibit is intended to confer, nor shall anything herein confer, upon any person other than CDPH or Contractor and their respective successors or assignees, any rights, remedies, obligations, or liabilities whatsoever. XIX. Interpretation: The terms and conditions in this Exhibit shall be interpreted as broadly as necessary to implement and comply with regulations and applicable State laws. The parties agree that any ambiguity in the terms and conditions of this Exhibit shall be resolved in favor of a meaning that complies and is consistent with federal and state laws and regulations. XX. Survival: If Contractor does not return or destroy the CDPH PCI upon the completion or termination of the Agreement, the respective rights and obligations of Contractor under Sections VI, VII and XI of this Exhibit shall survive the completion or termination of the agreement between Contractor and CDPH. CDPH IPSR 10-23 County of Fresno 24-10277 Page 8 of 12 Exhibit E Information Privacy and Security Requirements Attachment 1 Contractor Data Security Standards I. Personnel Controls A. Workforce Members Training and Confidentiality. Before being allowed access to CDPH PCI, all Contractor's workforce members who will be granted access to CDPH PCI must be trained in their security and privacy roles and responsibilities at Contractor's expense and must sign a confidentiality and acceptable CDPH PCI use statement. Training must be on an annual basis. Acknowledgments of completed training and confidentiality statements, which have been signed and dated by workforce members must be retained by the Contractor for a period of three (3) years following contract termination. Contractor shall provide the acknowledgements within five (5) business days to CDPH if so requested. B. Workforce Members Discipline. Appropriate sanctions, including termination of employment where appropriate, must be applied against workforce members who fail to comply with privacy policies and procedures, acceptable use agreements, or any other provisions of these requirements. C. Workforce Member Assessment. Before being permitted access to CDPH PCI, Contractor must assure there is no indication its workforce member may present a risk to the security or integrity of CDPH PCI. Contractor shall retain the workforce member's assessment documentation for a period of three (3) years following contract termination. II. Technical Security Controls A. Encryption. • All desktop computers and mobile computing devices must be encrypted, in accordance with CDPH Cryptographic Standards or using the latest FIPS 140 validated cryptographic modules. • All electronic files that contain CDPH PCI must be encrypted when stored on any removable media type device (such as USB thumb drives, CD/DVD, tape backup, etc.), in accordance with CDPH Cryptographic Standards or using the latest FIPS 140 validated cryptographic modules. • CDPH PCI must be encrypted during data in-transit and at-rest on all public telecommunications and network systems, and at all points not in the direct ownership and control of the Department, in accordance with CDPH Cryptographic Standards or using the latest FIPS 140 validated cryptographic modules. B. Server Security. Servers containing unencrypted CDPH PCI must have sufficient local and network perimeter administrative, physical, and technical controls in place to protect the CDPH information asset, based upon a current risk assessment/system security review. C. Minimum Necessary. Only the minimum amount of CDPH PCI required to complete an authorized task or workflow may be copied, downloaded, or exported to any individual device. CDPH IPSR 10-23 County of Fresno 24-10277 Page 9 of 12 Exhibit E Information Privacy and Security Requirements D. Antivirus software. Contractor shall employ automatically updated malicious code protection mechanisms (anti-malware programs or other physical or software-based solutions) at its network perimeter and at workstations, servers, or mobile computing devices to continuously monitor and take action against system or device attacks, anomalies, and suspicious or inappropriate activities. E. Patch Management. All devices that process or store CDPH PCI must have a documented patch management process. Vulnerability patching for Common Vulnerability Scoring System (CVSS) "Critical" severity ratings (CVSS 9.0 — 10.0) shall be completed within forty-eight (48) hours of publication or availability of vendor supplied patch; "High" severity rated (CVSS 7.0- 8.9) shall be completed within seven (7) calendar days of publication or availability of vendor supplied patch; all other vulnerability ratings (CVSS 0.1 — 6.9) shall be completed within thirty (30) days of publication or availability of vendor supplied patch, unless prior ISO and PO variance approval is granted. F. User Identification andAccess Control. All Contractor workforce members must have a unique local and/or network user identification (ID)to access CDPH PCI. To access systems/applications that store, process, or transmit CDPH PCI, it must comply with SIMM 5360-C Multi-factor Authentication (MFA) Standard and NIST SP800-63B Digital Identity Guidelines. The SIMM 5350- C provides steps for determining the Authenticator Assurance Level (AAL), and a set of permitted authenticator types for each AAL (0-3). Note: MFA requirement does not apply to AAL 0. All Contractor workforce members are required to leverage FIDO authentication. The FIDO authentication is AAL 3 compliance. FIDO certified devices such as YubiKeys and Windows Hello for Business (WHfB) are the mechanism for user authentication in the Department. Should a workforce member no longer be authorized to access CDPH PCI, or an ID has been compromised, that ID shall be promptly disabled or deleted. User ID's must integrate with user role-based access controls to ensure that individual access to CDPH PCI is commensurate with job-related responsibilities. AAL 1 AAL 2 AAL 3 Permitted Memorized Secret Multi-Factor OTP Device Multi-Factor Cryptographic Device Authenticator Look-Up Secret Multi-Factor Single-Factor Cryptographic Device Types Out-of-Band Devices Cryptographic Software used in conjunction with Memorized Single-Factor One-Time Multi-Factor Secret Password(OTP)Device Cryptographic Device Multi-Factor OTP device(software Multi-Factor OTP Device Memorized Secret or hardware)used in conjunction Single-Factor with a Single-Factor Cryptographic Cryptographic Software plus: Device Single-Factor Look-Up Secret Multi-Factor OTP device(hardware Cryptographic Device Out-of-Band Device only)used in conjunction with a Multi-Factor Single-Factor OTP Single-Factor Cryptographic Cryptographic Software Device Software Multi-Factor Single-Factor Single-Factor OTP device Cryptographic Device Cryptographic Software (hardware only)used in conjunction Single-Factor with a Multi-Factor Cryptographic Cryptographic Device Software Authenticator - Single-Factor OTP device (hardware only)used in conjunction with a Single-Factor Cryptographic Software Authenticator and a Memorized Secret. CDPH IPSR 10-23 County of Fresno 24-10277 Page 10 of 12 Exhibit E Information Privacy and Security Requirements G. CDPH PCI Destruction. When no longer required for business needs or legal retention periods, all electronic and physical media holding CDPH PCI must be purged from Contractor's systems and facilities using the appropriate guidelines for each media type as described in the prevailing "National Institute of Standards and Technology — Special Publication 800-88" — "Media Sanitization Decision Matrix." H. Reauthentication. Contractor's computing devices holding, or processing CDPH PCI must comply the Reauthentication requirement, in which a session must be terminated (e.g., logged out) when the specified time is reached. Note: Reauthentication requirement does not apply to Authenticator Assurance Level (AAL) 0. AAL 1 AAL 2 AAL 3 Reauthentication 30 Days—Fix Period of 12 hours—Fix Period of Time, 12 hours—Fix Period of Time Time, regardless user regardless user activity; 30 regardless user activity; 15 minutes activity minutes inactivity inactivity May use one of the Must use both authenticators to authenticators to reauthenticate reauthenticate In addition, reauthentication of individuals is required in the following situations: • When authenticators change • When roles change • When the execution of privileged function occurs (e.g., performing a critical transaction) I. Warning Banners. During a user log-on process, all systems providing access to CDPH PCI, must display a warning banner stating that the CDPH PCI is confidential, system and user activities are logged, and system and CDPH PCI use is for authorized business purposes only. User must be directed to log-off the system if they do not agree with these conditions. J. System Logging. Contractor shall ensure its information systems and devices that hold or process CDPH PCI are capable of being audited and the events necessary to reconstruct transactions and support after-the-fact investigations are maintained. This includes the auditing necessary to cover related events, such as the various steps in distributed, transaction-based processes and actions in service-oriented architectures. Audit trail information with CDPH PCI must be stored with read-only permissions and be archived for six (6) years after event occurrence. There must protect audit information and audit logging tools from unauthorized access, modification, and deletion. There must also be a documented and routine procedure in place to review system logs for unauthorized access. K. Live Data Usage. Using live data (production data)for testing and training purposes is not allowed. Synthetic data must be used. If synthetic data cannot be generated and/or used, a de-identification process against the live data must be done to reduce privacy risks to individuals. The de- identification process removes identifying information from a dataset so that individual data cannot be linked with specific individuals. Refer to CHHS Data De-Identification Guidelines. L. Privileged Access Management (PAM). Contractor who responsible for setting up and maintaining privileged accounts related to CDPH electronic information resources shall comply with the CDPH PAM Security Standard. Information resources include user workstations as well as servers, databases, applications, and systems managed on-premises and on the cloud. CDPH IPSR 10-23 County of Fresno 24-10277 Page 11 of 12 Exhibit E Information Privacy and Security Requirements M. Intrusion Detection. All Contractor systems and devices holding, processing, or transporting CDPH PCI that interact with untrusted devices or systems via the Contractor intranet and/or the internet must be protected by a monitored comprehensive intrusion detection system and/or intrusion prevention system. III. Audit Controls A. System Security Review. Contractor, to assure that administrative, physical, and technical controls are functioning effectively and providing adequate levels of protection for CDPH PCI, shall conduct at least, an annual administrative assessment of risk, including the likelihood and magnitude of harm from the unauthorized access, use, disclosure, disruption, modification, or destruction of an information system or device holding processing, or transporting CDPH PCI, along with periodic technical security reviews using vulnerability scanning tools and other appropriate technical assessments. B. Change Control. All Contractor systems and devices holding, processing, or transporting CDPH PCI shall have a documented change control process for hardware, firmware, and software to protect the systems and assets against improper modification before, during, and after system implementation. IV. Business Continuity/ Disaster Recovery Controls A. Emergency Mode Operation Plan. Contractor shall develop and maintain technical recovery and business continuity plans for systems holding, processing, or transporting CDPH PCI to ensure the continuation of critical business processes and the confidentiality, integrity, and availability of CDPH PCI following an interruption or disaster event lasting more than twenty-four (24) hours. B. CDPH PCI Backup Plan. Contractor shall have a documented, tested, accurate, and regularly scheduled full backup process for systems and devices holding CDPH PCI. V. Paper Document Controls A. Supervision of CDPH PCI. CDPH PCI in any physical format shall not be left unattended at any time. When not under the direct observation of an authorized Contractor workforce member, the CDPH PCI must be stored in a locked file cabinet, desk, or room. It also shall not be left unattended at any time in private vehicles or common carrier transportation, and it shall not be placed in checked baggage on common carrier transportation. B. Escorting Visitors. Visitors who are not authorized to see CDPH PCI must be escorted by authorized workforce members when in areas where CDPH PCI is present, and CDPH PCI shall be kept out of sight of visitors. C. Removal of CDPH PCI. CDPH PCI in any format must not be removed from the secure computing environment or secure physical storage of the Contractor, except with express written permission of the CDPH PCI owner. D. Faxing and Printing. Contractor shall control access to information system output devices, such as printers and facsimile devices, to prevent unauthorized individuals from obtaining any output containing CDPH PCI. Fax numbers shall be verified with the intended recipient before transmittal. CDPH IPSR 10-23 County of Fresno 24-10277 Page 12 of 12 Exhibit E Information Privacy and Security Requirements E. Mailing. Mailings of CDPH PCI shall be sealed and secured from damage or inappropriate viewing to the extent possible. Mailings which include five hundred (500) or more individually identifiable records of CDPH PCI in a single package shall be sent using a tracked mailing method which includes verification of delivery and receipt, unless the prior written permission of CDPH to use another method is obtained. CDPH IPSR 10-23 State of California—Health and Human Services Agency California Department of Public Health Exhibit F Contractor's Release Instructions to Contractor: With final invoice(s)submit one(1) original and one(1)copy. The original must bear the original signature of a person authorized to bind the Contractor. The additional copy may bear photocopied signatures. Submission of Final Invoice Pursuant to contract number 24-10277 entered into between the California Department of Public Health (CDPH) and the Contractor(identified below),the Contractor does acknowledge that final payment has been requested via invoice number(s) , in the amount(s)of$ and dated If necessary, enter"See Attached"in the appropriate blocks and attach a list of invoice numbers, dollar amounts and invoice dates. Release of all Obligations By signing this form, and upon receipt of the amount specified in the invoice number(s) referenced above,the Contractor does hereby release and discharge the State, its officers, agents and employees of and from any and all liabilities, obligations, claims, and demands whatsoever arising from the above referenced contract. Repayments Due to Audit Exceptions/Record Retention By signing this form, Contractor acknowledges that expenses authorized for reimbursement does not guarantee final allowability of said expenses. Contractor agrees that the amount of any sustained audit exceptions resulting from any subsequent audit made after final payment will be refunded to the State. All expense and accounting records related to the above referenced contract must be maintained for audit purposes for no less than three years beyond the date of final payment, unless a longer term is stated in said contract. Recycled Product Use Certification By signing this form, Contractor certifies under penalty of perjury that a minimum of 0% unless otherwise specified in writing of post consumer material, as defined in the Public Contract Code Section 12200, in products, materials, goods, or supplies offered or sold to the State regardless of whether it meets the requirements of Public Contract Code Section 12209. Contractor specifies that printer or duplication cartridges offered or sold to the State comply with the requirements of Section 12156(e). Reminder to Return State Equipment/Property(If Applicable) (Applies only if equipment was provided by CDPH or purchased with or reimbursed by contract funds) Unless CDPH has approved the continued use and possession of State equipment(as defined in the above referenced contract)for use in connection with another CDPH agreement, Contractor agrees to promptly initiate arrangements to account for and return said equipment to CDPH, at CDPH's expense, if said equipment has not passed its useful life expectancy as defined in the above referenced contract. Patents/Other Issues By signing this form, Contractor further agrees, in connection with patent matters and with any claims that are not specifically released as set forth above,that it will comply with all of the provisions contained in the above referenced contract, including, but not limited to, those provisions relating to notification to the State and related to the defense or prosecution of litigation. ONLY SIGN AND DATE THIS DOCUMENT WHEN ATTACHING IT TO THE FINAL INVOICE Contractor's Legal Name (as on contract): County of Fresno Signature of Contractor or Official Designee: Date: Printed Name/Title of Person Signing: Distribution: Accounting(Original) Program CDPH 2352(7/07) Contractor Certification Clauses CCC 04/2017 CERTIFICATION I, the official named below, CERTIFY UNDER PENALTY OF PERJURY that I am duly authorized to legally bind the prospective Contractor to the clause(s) listed below. This certification is made under the laws of the State of California. Contractor/Bidder Firm Name (Printed) Federal ID Number County of Fresno By (Authorized Signature) ATTEST: BERNICE E.SEIDEL ...., Clerk of the Board of Supervisors "" .. County of Fresno,State of California Printed Name and Title of Person Signing By t/e__c . Deputy Nathan Magsig, Chairman of the Board of Supervisors of the County of Fresno Date Executed Executed in the County of Fresno CONTRACTOR CERTIFICATION CLAUSES 1. STATEMENT OF COMPLIANCE: Contractor has, unless exempted, complied with the nondiscrimination program requirements. (Gov. Code §12990 (a-f) and CCR, Title 2, Section 11102) (Not applicable to public entities.) 2. DRUG-FREE WORKPLACE REQUIREMENTS: Contractor will comply with the requirements of the Drug-Free Workplace Act of 1990 and will provide a drug-free workplace by taking the following actions: a. Publish a statement notifying employees that unlawful manufacture, distribution, dispensation, possession or use of a controlled substance is prohibited and specifying actions to be taken against employees for violations. b. Establish a Drug-Free Awareness Program to inform employees about: 1) the dangers of drug abuse in the workplace; 2) the person's or organization's policy of maintaining a drug-free workplace; 3) any available counseling, rehabilitation and employee assistance programs; and, 4) penalties that may be imposed upon employees -for drug abuse violations. c. Every employee who works on the proposed Agreement will: 1) receive a copy of the company's drug-free workplace policy statement; and, 2) agree to abide by the terms of the company's statement as a condition of employment on the Agreement. Failure to comply with these requirements may result in suspension of payments under the Agreement or termination of the Agreement or both and Contractor may be ineligible for award of any future State agreements if the department determines that any of the following has occurred: the Contractor has made false certification, or violated the certification by failing to carry out the requirements as noted above. (Gov. Code §8350 et seq.) 3. NATIONAL LABOR RELATIONS BOARD CERTIFICATION: Contractor certifies that no more than one (1) final unappealable finding of contempt of court by a Federal court has been issued against Contractor within the immediately preceding two-year period because of Contractor's failure to comply with an order of a Federal court, which orders Contractor to comply with an order of the National Labor Relations Board. (Pub. Contract Code §10296) (Not applicable to public entities.) 4. CONTRACTS FOR LEGAL SERVICES $50,000 OR MORE- PRO BONO REQUIREMENT: Contractor hereby certifies that Contractor will comply with the requirements of Section 6072 of the Business and Professions Code, effective January 1, 2003. Contractor agrees to make a good faith effort to provide a minimum number of hours of pro bono legal services during each year of the contract equal to the lessor of 30 multiplied by the number of full time attorneys in the firm's offices in the State, with the number of hours prorated on an actual day basis for any contract period of less than a full year or 10% of its contract with the State. Failure to make a good faith effort may be cause for non-renewal of a state contract for legal services, and may be taken into account when determining the award of future contracts with the State for legal services. 5. EXPATRIATE CORPORATIONS: Contractor hereby declares that it is not an expatriate corporation or subsidiary of an expatriate corporation within the meaning of Public Contract Code Section 10286 and 10286.1, and is eligible to contract with the State of California. 6. SWEATFREE CODE OF CONDUCT: a. All Contractors contracting for the procurement or laundering of apparel, garments or corresponding accessories, or the procurement of equipment, materials, or supplies, other than procurement related to a public works contract, declare under penalty of perjury that no apparel, garments or corresponding accessories, equipment, materials, or supplies furnished to the state pursuant to the contract have been laundered or produced in whole or in part by sweatshop labor, forced labor, convict labor, indentured labor under penal sanction, abusive forms of child labor or exploitation of children in sweatshop labor, or with the benefit of sweatshop labor, forced labor, convict labor, indentured labor under penal sanction, abusive forms of child labor or exploitation of children in sweatshop labor. The contractor further declares under penalty of perjury that they adhere to the Sweatfree Code of Conduct as set forth on the California Department of Industrial Relations website located at www.dir.ca.gov, and Public Contract Code Section 6108. b. The contractor agrees to cooperate fully in providing reasonable access to the contractor's records, documents, agents or employees, or premises if reasonably required by authorized officials of the contracting agency, the Department of Industrial Relations, or the Department of Justice to determine the contractor's compliance with the requirements under paragraph (a). 7. DOMESTIC PARTNERS: For contracts of$100,000 or more, Contractor certifies that Contractor is in compliance with Public Contract Code section 10295.3. 8. GENDER IDENTITY: For contracts of$100,000 or more, Contractor certifies that Contractor is in compliance with Public Contract Code section 10295.35. DOING BUSINESS WITH THE STATE OF CALIFORNIA The following laws apply to persons or entities doing business with the State of California. 1. CONFLICT OF INTEREST: Contractor needs to be aware of the following provisions regarding current or former state employees. If Contractor has any questions on the status of any person rendering services or involved with the Agreement, the awarding agency must be contacted immediately for clarification. Current State Employees (Pub. Contract Code §10410): 1). No officer or employee shall engage in any employment, activity or enterprise from which the officer or employee receives compensation or has a financial interest and which is sponsored or funded by any state agency, unless the employment, activity or enterprise is required as a condition of regular state employment. 2). No officer or employee shall contract on his or her own behalf as an independent contractor with any state agency to provide goods or services. Former State Employees (Pub. Contract Code §10411): 1). For the two-year period from the date he or she left state employment, no former state officer or employee may enter into a contract in which he or she engaged in any of the negotiations, transactions, planning, arrangements or any part of the decision-making process relevant to the contract while employed in any capacity by any state agency. 2). For the twelve-month period from the date he or she left state employment, no former state officer or employee may enter into a contract with any state agency if he or she was employed by that state agency in a policy-making position in the same general subject area as the proposed contract within the 12-month period prior to his or her leaving state service. If Contractor violates any provisions of above paragraphs, such action by Contractor shall render this Agreement void. (Pub. Contract Code §10420) Members of boards and commissions are exempt from this section if they do not receive payment other than payment of each meeting of the board or commission, payment for preparatory time and payment for per diem. (Pub. Contract Code §10430 (e)) 2. LABOR CODE/WORKERS' COMPENSATION: Contractor needs to be aware of the provisions which require every employer to be insured against liability for Worker's Compensation or to undertake self-insurance in accordance with the provisions, and Contractor affirms to comply with such provisions before commencing the performance of the work of this Agreement. (Labor Code Section 3700) 3. AMERICANS WITH DISABILITIES ACT: Contractor assures the State that it complies with the Americans with Disabilities Act (ADA) of 1990, which prohibits discrimination on the basis of disability, as well as all applicable regulations and guidelines issued pursuant to the ADA. (42 U.S.C. 12101 et seq.) 4. CONTRACTOR NAME CHANGE: An amendment is required to change the Contractor's name as listed on this Agreement. Upon receipt of legal documentation of the name change the State will process the amendment. Payment of invoices presented with a new name cannot be paid prior to approval of said amendment. 5. CORPORATE QUALIFICATIONS TO DO BUSINESS IN CALIFORNIA: a. When agreements are to be performed in the state by corporations, the contracting agencies will be verifying that the contractor is currently qualified to do business in California in order to ensure that all obligations due to the state are fulfilled. b. "Doing business" is defined in R&TC Section 23101 as actively engaging in any transaction for the purpose of financial or pecuniary gain or profit. Although there are some statutory exceptions to taxation, rarely will a corporate contractor performing within the state not be subject to the franchise tax. c. Both domestic and foreign corporations (those incorporated outside of California) must be in good standing in order to be qualified to do business in California. Agencies will determine whether a corporation is in good standing by calling the Office of the Secretary of State. 6. RESOLUTION: A county, city, district, or other local public body must provide the State with a copy of a resolution, order, motion, or ordinance of the local governing body which by law has authority to enter into an agreement, authorizing execution of the agreement. 7. AIR OR WATER POLLUTION VIOLATION: Under the State laws, the Contractor shall not be: (1) in violation of any order or resolution not subject to review promulgated by the State Air Resources Board or an air pollution control district; (2) subject to cease and desist order not subject to review issued pursuant to Section 13301 of the Water Code for violation of waste discharge requirements or discharge prohibitions; or (3) finally determined to be in violation of provisions of federal law relating to air or water pollution. 8. PAYEE DATA RECORD FORM STD. 204: This form must be completed by all contractors that are not another state agency or other governmental entity. STATE OF CALIFORNIA DEPARTMENT OF GENERAL SERVICES CALIFORNIA CIVIL RIGHTS LAWS ATTACHMENT OFFICE OF LEGAL SERVICES DGS OLS 04(Rev.01/17) Pursuant to Public Contract Code section 2010, a person that submits a bid or proposal to,or otherwise proposes to enter into or renew a contract with, a state agency with respect to any contract in the amount of$100,000 or above shall certify, under penalty of perjury, at the time the bid or proposal is submitted or the contract is renewed, all of the following: 1. CALIFORNIA CIVIL RIGHTS LAWS: For contracts executed or renewed after January 1, 2017, the contractor certifies compliance with the Unruh Civil Rights Act (Section 51 of the Civil Code) and the Fair Employment and Housing Act (Section 12960 of the Government Code); and 2. EMPLOYER DISCRIMINATORY POLICIES: For contracts executed or renewed after January 1, 2017, if a Contractor has an internal policy against a sovereign nation or peoples recognized by the United States government, the Contractor certifies that such policies are not used in violation of the Unruh Civil Rights Act (Section 51 of the Civil Code) or the Fair Employment and Housing Act (Section 12960 of the Government Code). CERTIFICATION I, the official named below, certify under penalty of perjury under the laws of the State of California that the foregoing is true and correct. Proposer/Bidder Firm Name (Printed) Federal ID Number County of Fresno I By (Authorized Signature) Printed Name and Title of Person Signing Nathan Magsig, Chairman of the Board of Supervisors of the County of Fresno Executed in the County of Executed in the State of Fresno CA Date Executed ATTEST: BERNICE E.SEIDEL Clerk of the Board of Supervisors V'7 / -L-f County of Fresno,state of California ByllC��- ��... Deputy California Department of Public Health Name/No.: HIV Surveillance Program Grant (State Grant Agreement No. 24-10277) Fund/Subclass: 0001/10000 Organization #: 56201644 Revenue Account #: 4380 At-A-Glance: A Summary of HIV/AIDS in Fresno County (2023) ■MSM Only Age ■MSM&IDU ■20-24 ■Heterosexual Contact Only ■25-29 —Heterosexual&MSM Contact ■30-34 MSM,IDU&Hetersexual Contact —35-39 ■Heterosexual Contact&IDU 40+ ■Unknown of I Figure 1. Fresno County Most Likely Route of Figure 2. Fresno County HIV Incident Cases by Age Transmission of HIV (2016-2023). Most of the HIV (2023). Under 35 years of age represents just over 50%of all transmission in the county has been linked to men who have sex new HIV cases occurring in Fresno County. with men(e.g.,MSM),representing over half of total new cases. Figure 3.Fresno County's HIV/AIDS Trends by Year(2016-2023).This Table 1.Fresno County HIV/AIDS Prevalence by Race&Ethnicity(2023). figure shows the number of new cases by year and its corresponding incidence The total number of cases is higher in the Hispanic and White categories.However, rate2. "Late Testers" are qualified as individuals who are diagnosed with AIDS the prevalence is highest amongst Blacks/African Americans, in both the HIV and within 12 months of their first HIV+diagnosis.Fresno County had 38 Late Testers AIDS categories. in the year 2023,down from 45 in 2021. 200 20 Prevalence'(N)2 Race/Ethnicity: HIV AIDS om 150 i ' 15 u American Indian/ u _ Alaskan Native 72 z 100 10 c Asian/Pacific Islander 54(60) 46 (51) — Black/African o 364 (171) 381 (179) — L � American E 50 5 Q Hispanic/Latino3 136 (753) 123 (683) z White 111 (308) 96 (265) 2016 2017 2018 2019 2020 2021 2022 2023 Note:Some numbers have been censored due to low counts.Race/Ethnicity was not specified for 1.9%of HIV cases and 2.9%of AIDS cases in the 2023 year.Rates were calculated using population Year data from the California Department of Finance. Prevalence is calculated per 100,000 persons �HIVCases AIDS Cases Late Testers 2N represents the total cases in that category 'Hispanic or Latino may include people from any races(i.e.American Indian/Alaskan Native,Asian/Pacific HIV Incidence AIDS Incidence Islander.Black.White.and Multi-Racial) 'Incidence is calculated per 100,000 persons Rates were calculated using population data from CA Dept.of Finance 160 35 140 , , 30 v Figure 4. Fresno County's Incident Cases u 120 25 u. of HIV by Gender and Year (2016-2023). z ) 100 20 This figure shows the number of new cases, by ,� 80 c year and gender, as well as its corresponding o 60 15 incidence ratiol•z. Of particular interest is the � 40 10 c upward trend of new HIV diagnoses in females. E Q Prior to 2018, females in Fresno County had a Z 20 — 5 relatively stable HIV incidence from year to year. 0 �� ■ ■ 0 'Incidence is calculated per 100,000 persons of that gender 2016 2017 2018 2019 2020 2021 2022 2023 Incidence was calculated using population data from CA Dept.of Finance Year Male Cases Female Cases Male Incidence Female Incidence ti COUP Department of Public Health I Epidemiology,Surveillance,&Data Management Division I Epidemiology Program Updated:5/2024 �.t https://www.fresnocountVca.gov/Departments/Public-Health �gS