The URL can be used to link to this page

Home My WebLink AboutAgreement A-26-006 with California Health and Recovery Solutions P.C.pdf Docusign Envelope ID:9200CFA6-7EEB-4A92-A28C-20983A5A13B0 Agreement No. 26-006 MEMORANDUM OF UNDERSTANDING THIS MEMORANDUM OF UNDERSTANDING ("MOU") by and between the County of Fresno, California, a political subdivision of the State of California(the"County"), and California Health and Recovery Solutions, P.C., a California corporation ("CHRS"), entered into on January 6, 2026 RECITALS WHEREAS, the California Department of State Hospitals has entered into an agreement (the "DSH Agreement") with CHRS for the provision of Early Access and Stabilization Services, (the "Services") in correctional facilities located throughout the State of California; and WHEREAS,the County operates a correctional facility in Fresno County, California(the "Facility"); and WHEREAS, CHRS and the County wish to enter into this MOU to establish the terms for CHRS's provision of Services at the Facility. NOW THEREFORE,in consideration of the mutual covenants contained herein and other good and valuable consideration, the receipt and sufficiency of which is hereby acknowledged, it is agreed by and between the Parties as follows: 1. Recitals: The parties hereto acknowledge and agree that the above recitals are true and correct and are hereby incorporated by this reference. 2. Term: The term of this MOU shall commence retroactive to July 1, 2022 ("the Effective Date") and continue in full force and effect for a period of four (4) years and shall be coterminous with the DSH Agreement. 3. Termination: a. This MOU shall terminate immediately upon the termination or expiration of the DSH Agreement. CHRS shall promptly provide written notice of any such termination or expiration. b. Any party may terminate this MOU for convenience and without cause by giving thirty (30) days' advance written notice to the other parties hereto. c. It is understood and agreed that this MOU shall be subject to annual appropriations by DSH. If future funds are not appropriated for this MOU, and upon exhaustion of existing funding, CHRS may terminate this MOU without penalty or liability by providing thirty (30) days' advance written notice to the County. 4. Party Responsibilities: The County shall provide the services of correctional officers (the "Corrections Services")to facilitate the provision of Services at the Facility, in accordance with the terms of the DSH Agreement. In exchange for the Corrections Services, CHRS shall make monthly payments to the County. The maximum annual reimbursement from July 1, 2022, to June 30, 2023, is $400,000 dollars or$33,333.33 monthly. The maximum annual reimbursement from July 1,2023,to June 30, 2024, $400,000 dollars or$33,333.33 monthly. The maximum annual reimbursement from July 1, 2024, to June 30, 2025, is $418,000 dollars or $34,833.33 monthly. The maximum annual reimbursement from July 1, 2025 to June 30, 2026 is $418,000 dollars, or$34,833.33 monthly. 1 Docusign Envelope ID:9200CFA6-7EEB-4A92-A28C-20983A5A13B0 5. Space at Facility: County shall provide space of approximately 100 square feet at the Facility, as defined below, for provision of the Services during the term of this Agreement. However, authorized County staff may enter this space, and any County facilities where Contractor is providing services, at any time. 6. Prison Rape Elimination Act (PREA) — Contractor shall train all employees on PREA, and will follow the Guidelines set forth by the Fresno County Sheriff's Office. The PREA policy and required acknowledgment are attached as Exhibit C. The Sheriffs Office has zero tolerance for any incidence of sexual assault,sexual harassment,or sexual misconduct, and makes every effort to comply with applicable components of the Federal Prison Rape Elimination Act of 2003. The Sheriffs Office is committed to providing a safe, humane, secure environment, free from sexual assault or abuse, and has implemented procedures for appropriate prevention, detection, intervention, and treatment for all victims of sexual assault. All reported incidents of sexual assault will be investigated. 7. No Hostage Policy - Contractor's employees shall be advised of the possibility that a hostage taking incident could occur at any time, and shall read and sign the "No Hostage" policy, as set forth in Exhibit D, attached and incorporated by this reference, which means that there shall be no bargaining for the release of hostages in exchange for the release of confined inmates or minors. 8. Consistent Federal Income Tax Position. Contractor acknowledges that the Facility has been acquired or improved (and is situated on land that has been acquired) using net proceeds of governmental tax-exempt bonds ("Bond-Financed Facilities"). Contractor agrees that,with respect to this Agreement and the Bond-Financed Facilities, Contractor is not entitled to take, and shall not take, any position (also known as a "tax position") with the Internal Revenue Service that is inconsistent with being a "service provider" to the County, as a "qualified user" with respect to the Bond-Financed Facilities, as "managed property," as all of those terms are used in Internal Revenue Service Revenue Procedure 2016-44 and 2017-13, as applicable, and to that end, for example, and not as a limitation, Contractor agrees that Contractor shall not, in connection with any federal income tax return that they file with the Internal Revenue Service or any other statement or information that it provides to the Internal Revenue Service, (a) claim ownership, or that it is a lessee, of any portion of the Bond-Financed Facility,or(b)claim any depreciation or amortization (as referenced in Internal Revenue Service Revenue Procedure 2016-44) or amortization deduction (as referenced in Internal Revenue Service Revenue Procedure 2017-13), investment tax credit, or deduction for any payment as rent with respect to the Bond- Financed Facilities. 9. Invoicing: The County shall submit invoices to CHRS monthly in arears. The County shall submit invoices for all services rendered and not previously billed. CHRS shall pay such invoices in full within ninety(90) days of its receipt of each such invoice. Invoices and all payment inquiries should be directed to: California Health and Recovery Solutions Attn: Accounts Payable 3340 Perimeter Hill Drive Nashville, TN 37211 accountspayable(&,wellpath.us 2 Docusign Envelope ID:9200CFA6-7EEB-4A92-A28C-20983A5A13B0 10. Confidentiality: All parties shall comply with all applicable federal and state laws governing the privacy and security of protected health information. The parties to this MOU will ensure there will be no exchange of patient information without specific written authorization by the patient or their legal representative, in accordance with all applicable state and federal laws, or unless required by state or federal law. Any exchange of patient information for the purposes of arranging or coordinating services will be conducted in a confidential environment such that the identity of the patient is protected. 11. Governing Law: This MOU and the rights and duties of the parties hereunder shall be governed by and interpreted in accordance with the laws of the State of California. 12. Compliance with Laws. CHRS shall, at its own cost, comply with all applicable federal, state, and local laws and regulations in the performance of its obligations under this MOU, including but not limited to workers compensation, labor, and confidentiality laws and regulations. 13. Jurisdiction and Venue. This MOU is signed and performed in Fresno County, California. CHRS consents to California jurisdiction for actions arising from or related to this MOU, and, subject to the Government Claims Act, all such actions must be brought and maintained in Fresno County. 14. Independent Contractor: In performing under this MOU, both parties, including their officers, agents, employees, and volunteers, are at all times acting and performing as an independent contractor, in an independent capacity, and not as an officer, agent, servant, employee,joint venturer,partner,or associate of the other party.Neither party has the right to control, supervise,or direct the manner or method of the other party's performance under this MOU, but may verify that the other party is performing according to the terms of this MOU. Because of each party's status as an independent contractor, the other party has no right to employment rights or benefits available to the other party's employees. Each party is solely responsible for providing to its own employees all employee benefits required by law. CHRS shall save the County harmless from all matters relating to the payment of CHRS's employees,including compliance with Social Security withholding and all related regulations. 15. Assignment: The MOU may not be assigned by any Party except with the prior written consent of the other Parties,which shall not unreasonably be withheld. Any assignment by a Party without the other Parties' prior written consent shall be null and void and without force and effect. 16. Insurance. CHRS shall, at all times during the Term of this MOU, comply with the insurance requirements set forth in Exhibit A, attached and incorporated by this reference, and the Data Security requirements, attached as Exhibit B and incorporated by this reference. 17. Nondiscrimination. During the performance of this MOU, CHRS shall not unlawfully discriminate against any employee or applicant for employment, or recipient of services, because of race,religious creed, color,national origin, ancestry,physical disability,mental disability,medical condition, genetic information,marital status, sex, gender, gender 3 Docusign Envelope ID:9200CFA6-7EEB-4A92-A28C-20983A5A13B0 identity, gender expression, age, sexual orientation,military status or veteran status pursuant to all applicable State of California and federal statutes and regulation. 18. Indemnity. CHRS shall indemnify and hold harmless and defend the County (including its officers, agents, employees, and volunteers) against all claims, demands, injuries, damages,costs,expenses(including attorney fees and costs),fines,penalties,and liabilities of any kind to the County, CHRS, or any third parry that arise from or relate to the performance or failure to perform by CHRS (or any of its officers, agents, subcontractors, or employees)under this MOU. The County may conduct or participate in its own defense without affecting CHRS's obligation to indemnify and hold harmless or defend the County. This Section 18 survives the termination or expiration of this MOU. 19. Notice: Whenever any notice, demand or consent is required or permitted under this MOU, such notice, demand or consent shall be written and shall be deemed given when sent by certified mail, return receipt requested, hand delivery, reputable overnight carrier (e.g. Fed Ex, UPS), or via email to the address set forth for each party below. For all claims arising from or related to this MOU, nothing in this MOU establishes, waives, or modifies any claims presentation requirements or procedures provided by law, including the Government Claims Act (Division 3.6 of Title I of the Government Code, beginning with section 810). 20. Modification: No modification of any of the provisions of this MOU shall be binding unless in writing and signed by all parties to this MOU. 21. Headings/Number, Gender: The headings contained in this MOU are for reference purposes only and shall not affect in any way the meaning or interpretation of this MOU. When the context requires, the gender of all words includes the masculine, feminine, and neuter, and the number of all words includes the singular and plural. 22. Severability: If any provision of this MOU is deemed to be invalid or unenforceable, the remainder of this MOU shall be valid and enforceable as though the invalid or unenforceable parts had not been included herein. 23. Counterparts: This MOU may be executed in two(2)or more counterparts,each of which together shall be deemed an original, but all of which together shall constitute one and the same instrument. In the event that any signature is delivered by facsimile transmission or by e-mail delivery, such signature shall create a valid and binding obligation of the party executing (or on whose behalf such signature is executed) with the same force and effect as if such signature page were an original thereof. 24. No Third-Party Beneficiaries. This MOU does not and is not intended to create any rights or obligations for any person or entity except for the parties. 25. Electronic Signatures. The parties agree that this MOU may be executed by electronic signature as provided in this section. a. An "electronic signature" means any symbol or process intended by an individual signing this MOU to represent their signature, including but not limited to (1) a digital signature; (2) a faxed version of an original handwritten signature; or (3) an electronically scanned and transmitted (for example by PDF document) version of an original handwritten signature. 4 Docusign Envelope ID:9200CFA6-7EEB-4A92-A28C-20983A5A13B0 b. Each electronic signature affixed or attached to this MOU (1) is deemed equivalent to a valid original handwritten signature of the person signing this MOU for all purposes, including but not limited to evidentiary proof in any administrative or judicial proceeding, and (2) has the same force and effect as the valid original handwritten signature of that person. c. The provisions of this section satisfy the requirements of Civil Code section 1633.5, subdivision (b), in the Uniform Electronic Transaction Act (Civil Code, Division 3, Part 2, Title 2.5, beginning with section 1633.1). d. Each party using a digital signature represents that it has undertaken and satisfied the requirements of Government Code section 16.5, subdivision (a), paragraphs (1) through (5), and agrees that each other party may rely upon that representation. e. This MOU is not conditioned upon the parties conducting the transactions under it by electronic means and either party may sign this MOU with an original handwritten signature. 26. Entire Agreement: This MOU, and all attachments and documents referenced herein, supersedes all previous contracts concerning the subject matter herein, and constitutes the entire agreement between the parties regarding the subject matter hereof. As between the parties,no oral statements or prior written material not specifically referenced in this MOU will be of any force and effect. 5 Docusign Envelope ID:9200CFA6-7EEB-4A92-A28C-20983A5A13B0 IN WITNESS WHEREOF, the parties have executed this MOU having read, understood, and agreed to all the terms, conditions, obligations, rights, covenants, representations, and warranties herein and intending to be bound as of the Effective Date. COUNTY OF FRESNO Address for Notice: 'Z4��7 - By: Name: Garry Bredefeld 2200 Fresno St Title: Chairman of the Board of Supervisors Fresno, CA 93721 of the County of Fresno Date: 1/06/2026 Attest: Bernice E. Seidel Clerk of the Board of Supervisors County of Fresno, State of California By: Vim_ Deputy CALIFORNIA HEALTH AND RECOVERY SOLUTIONS [PaAd Signed by: Address for Notice: By: Mauk/yi, Name: Dr. Richard Maenza Attn: Chief Leaal Officer Title: President 3340 Perimeter Hill Drive Date: 12/4/2025 Nashville, TN 37211 6 Docusign Envelope ID:9200CFA6-7EEB-4A92-A28C-20983A5A13B0 EXHIBIT A INSURANCE REQUIREMENTS 1. Required Policies Without limiting the County's right to obtain indemnification from the Contractor or any third parties, Contractor, at its sole expense, shall maintain in full force and effect the following insurance policies throughout the term of this Agreement. (A)Commercial General Liability. Commercial general liability insurance with limits of not less than Two Million Dollars ($2,000,000)per occurrence and an annual aggregate of Four Million Dollars ($4,000,000). This policy must be issued on a per occurrence basis. Coverage must include products, completed operations, property damage,bodily injury, personal injury, and advertising injury. The Contractor shall obtain an endorsement to this policy naming the County of Fresno, its officers, agents, employees, and volunteers, individually and collectively, as additional insureds, but only insofar as the operations under this Agreement are concerned. Such coverage for additional insureds will apply as primary insurance and any other insurance, or self-insurance, maintained by the County is excess only and not contributing with insurance provided under the Contractor's policy. (B)Automobile Liability.Automobile liability insurance with limits of not less than One Million Dollars ($1,000,000)per occurrence for bodily injury and for property damages. Coverage must include any auto used in connection with this Agreement. (C)Workers Compensation. Workers compensation insurance as required by the laws of the State of California with statutory limits. (D)Employer's Liability. Employer's liability insurance with limits of not less than One Million Dollars ($1,000,000)per occurrence for bodily injury and for disease. (E) Professional Liability. Professional liability insurance with limits of not less than One Million Dollars ($1,000,000)per occurrence and an annual aggregate of Three Million Dollars ($3,000,000). If this is a claims-made policy, then(1)the retroactive date must be prior to the date on which services began under this Agreement; (2)the Contractor shall maintain the policy and provide to the County annual evidence of insurance for not less than five years after completion of services under this Agreement; and(3) if the policy is canceled or not renewed, and not replaced with another claims-made policy with a retroactive date prior to the date on which services begin under this Agreement, then the Contractor shall purchase extended reporting coverage on its claims-made policy for a minimum of five years after completion of services under this Agreement. (F) Molestation Liability. Sexual abuse/molestation liability insurance with limits of not less than Two Million Dollars ($2,000,000)per occurrence, with an annual aggregate of Four Million Dollars ($4,000,000). This policy must be issued on a per occurrence basis. A-I Docusign Envelope ID:9200CFA6-7EEB-4A92-A28C-20983A5A13B0 (G)Cyber Liability. Cyber liability insurance with limits of not less than Two Million Dollars ($2,000,000)per occurrence. Coverage must include claims involving Cyber Risks. The cyber liability policy must be endorsed to cover the full replacement value of damage to, alteration of, loss of, or destruction of intangible property (including but not limited to information or data)that is in the care, custody, or control of the Contractor. Definition of Cyber Risks. "Cyber Risks" include but are not limited to (i) Security Breach, which may include Disclosure of Personal Information to an Unauthorized Third Party; (ii) data breach; (iii)breach of any of the Contractor's obligations under Exhibit B of this Agreement; (iv) system failure; (v) data recovery; (vi) failure to timely disclose data breach or Security Breach; (vii) failure to comply with privacy policy; (viii)payment card liabilities and costs; (ix) infringement of intellectual property, including but not limited to infringement of copyright, trademark, and trade dress; (x) invasion of privacy, including release of private information; (xi) information theft; (xii) damage to or destruction or alteration of electronic information; (xiii) cyber extortion; (xiv) extortion related to the Contractor's obligations under this Agreement regarding electronic information, including Personal Information; (xv) fraudulent instruction; (xvi) funds transfer fraud; (xvii) telephone fraud; (xviii) network security; (xix) data breach response costs, including Security Breach response costs; (xx) regulatory fines and penalties related to the Contractor's obligations under this Agreement regarding electronic information, including Personal Information; and (xxi) credit monitoring expenses. If the Contractor is a governmental entity, it may satisfy the policy requirements above through a program of self-insurance, including an insurance pooling arrangement or joint exercise of powers agreement. 2. Additional Requirements (A)Verification of Coverage.Within 30 days after the Contractor signs this Agreement, and at any time during the term of this Agreement as requested by the County's Risk Manager or the County Administrative Office, the Contractor shall deliver, or cause its broker or producer to deliver, to the County Risk Manager, at 2220 Tulare Street, 16th Floor, Fresno, California 93721, or HRRiskManagement@fresnocountyca.gov, and by mail or email to the person identified to receive notices under this Agreement, certificates of insurance and endorsements for all of the coverages required under this Agreement. (i) Each insurance certificate must state that: (1)the insurance coverage has been obtained and is in full force; (2) the County, its officers, agents, employees, and volunteers are not responsible for any premiums on the policy; and(3)the Contractor has waived its right to recover from the County, its officers, agents, employees, and volunteers any amounts paid under any insurance policy required by this Agreement and that waiver does not invalidate the insurance policy. (ii) The commercial general liability insurance certificate must also state, and include an endorsement, that the County of Fresno, its officers, agents, employees, and A-2 Docusign Envelope ID:9200CFA6-7EEB-4A92-A28C-20983A5A13B0 volunteers, individually and collectively, are additional insureds insofar as the operations under this Agreement are concerned. The commercial general liability insurance certificate must also state that the coverage shall apply as primary insurance and any other insurance, or self-insurance, maintained by the County shall be excess only and not contributing with insurance provided under the Contractor's policy. (iii) The automobile liability insurance certificate must state that the policy covers any auto used in connection with this Agreement. (iv) The professional liability insurance certificate, if it is a claims-made policy, must also state the retroactive date of the policy, which must be prior to the date on which services began under this Agreement. (v) The cyber liability insurance certificate must also state that it is endorsed, and include an endorsement, to cover the full replacement value of damage to, alteration of, loss of, or destruction of intangible property(including but not limited to information or data)that is in the care, custody, or control of the Contractor. (B)Acceptability of Insurers.All insurance policies required under this Agreement must be issued by admitted insurers licensed to do business in the State of California and possessing at all times during the term of this Agreement an A.M. Best, Inc. rating of no less than A: VII. (C)Notice of Cancellation or Change. For each insurance policy required under this Agreement, the Contractor shall provide to the County, or ensure that the policy requires the insurer to provide to the County, written notice of any cancellation or change in the policy as required in this paragraph. For cancellation of the policy for nonpayment of premium, the Contractor shall, or shall cause the insurer to,provide written notice to the County not less than 10 days in advance of cancellation. For cancellation of the policy for any other reason, and for any other change to the policy, the Contractor shall, or shall cause the insurer to,provide written notice to the County not less than 30 days in advance of cancellation or change. The County in its sole discretion may determine that the failure of the Contractor or its insurer to timely provide a written notice required by this paragraph is a breach of this Agreement. (D)County's Entitlement to Greater Coverage. If the Contractor has or obtains insurance with broader coverage, higher limits, or both, than what is required under this Agreement, then the County requires and is entitled to the broader coverage, higher limits, or both. To that end, the Contractor shall deliver, or cause its broker or producer to deliver, to the County's Risk Manager certificates of insurance and endorsements for all of the coverages that have such broader coverage, higher limits, or both, as required under this Agreement. A-3 Docusign Envelope ID:9200CFA6-7EEB-4A92-A28C-20983A5A13B0 (E)Waiver of Subrogation. The Contractor waives any right to recover from the County, its officers, agents, employees, and volunteers any amounts paid under the policy of worker's compensation insurance required by this Agreement. The Contractor is solely responsible to obtain any policy endorsement that may be necessary to accomplish that waiver, but the Contractor's waiver of subrogation under this paragraph is effective whether or not the Contractor obtains such an endorsement. (F) County's Remedy for Contractor's Failure to Maintain. If the Contractor fails to keep in effect at all times any insurance coverage required under this Agreement, the County may, in addition to any other remedies it may have, suspend or terminate this Agreement upon the occurrence of that failure, or purchase such insurance coverage, and charge the cost of that coverage to the Contractor. The County may offset such charges against any amounts owed by the County to the Contractor under this Agreement. (G)Subcontractors. The Contractor shall require and verify that all subcontractors used by the Contractor to provide services under this Agreement maintain insurance meeting all insurance requirements provided in this Agreement. This paragraph does not authorize the Contractor to provide services under this Agreement using subcontractors. A-4 Docusign Envelope ID:9200CFA6-7EEB-4A92-A28C-20983A5A13B0 EXHIBIT B DATA SECURITY 1. Definitions Capitalized terms used in this Exhibit B have the meanings set forth in this section 1. (A) "Authorized Employees"means the Contractor's employees who have access to Personal Information. (B) "Authorized Persons"means: (i) any and all Authorized Employees; and(ii) any and all of the Contractor's subcontractors, representatives, agents, outsourcers, and consultants, and providers of professional services to the Contractor, who have access to Personal Information and are bound by law or in writing by confidentiality obligations sufficient to protect Personal Information in accordance with the terms of this Exhibit B. (C)"Director"means the County's Director of Internal Services/Chief Information Officer or his or her designee. (D)"Disclose" or any derivative of that word means to disclose, release, transfer, disseminate, or otherwise provide access to or communicate all or any part of any Personal Information orally, in writing, or by electronic or any other means to any person. (E) "Person"means any natural person, corporation,partnership, limited liability company, firm, or association. (F) "Personal Information"means any and all information, including any data,provided, or to which access is provided, to the Contractor by or upon the authorization of the County, under this Agreement, including but not limited to vital records, that: (i) identifies, describes, or relates to, or is associated with, or is capable of being used to identify, describe, or relate to, or associate with, a person (including, without limitation, names, physical descriptions, signatures, addresses, telephone numbers, e-mail addresses, education, financial matters, employment history, and other unique identifiers, as well as statements made by or attributable to the person); (ii) is used or is capable of being used to authenticate a person(including, without limitation, employee identification numbers, government-issued identification numbers,passwords or personal identification numbers (PINS), financial account numbers, credit report information, answers to security questions, and other personal identifiers); or(iii) is personal information within the meaning of California Civil Code section 1798.3, subdivision(a), or 1798.80, subdivision (e). Personal Information does not include publicly available information that is lawfully made available to the general public from federal, state, or local government records. (G)"Privacy Practices Complaint"means a complaint received by the County relating to the Contractor's (or any Authorized Person's)privacy practices, or alleging a Security B-1 Docusign Envelope ID:9200CFA6-7EEB-4A92-A28C-20983A5A13B0 Breach. Such complaint shall have sufficient detail to enable the Contractor to promptly investigate and take remedial action under this Exhibit B. (H)"Security Safeguards"means physical, technical, administrative or organizational security procedures and practices put in place by the Contractor(or any Authorized Persons)that relate to the protection of the security, confidentiality, value, or integrity of Personal Information. Security Safeguards shall satisfy the minimal requirements set forth in section 3(C) of this Exhibit B. (1) "Security Breach"means (i) any act or omission that compromises either the security, confidentiality, value, or integrity of any Personal Information or the Security Safeguards, or(ii) any unauthorized Use, Disclosure, or modification of, or any loss or destruction of, or any corruption of or damage to, any Personal Information. (J) "Use" or any derivative of that word means to receive, acquire, collect, apply, manipulate, employ,process, transmit, disseminate, access, store, disclose, or dispose of Personal Information. 2. Standard of Care (A) The Contractor acknowledges that, in the course of its engagement by the County under this Agreement, the Contractor, or any Authorized Persons, may Use Personal Information only as permitted in this Agreement. (B) The Contractor acknowledges that Personal Information is deemed to be confidential information of, or owned by, the County (or persons from whom the County receives or has received Personal Information) and is not confidential information of, or owned or by, the Contractor, or any Authorized Persons. The Contractor further acknowledges that all right, title, and interest in or to the Personal Information remains in the County(or persons from whom the County receives or has received Personal Information)regardless of the Contractor's, or any Authorized Person's, Use of that Personal Information. (C)The Contractor agrees and covenants in favor of the Country that the Contractor shall: (i) keep and maintain all Personal Information in strict confidence,using such degree of care under this section 2 as is reasonable and appropriate to avoid a Security Breach; (ii) use Personal Information exclusively for the purposes for which the Personal Information is made accessible to the Contractor pursuant to the terms of this Exhibit B; (iii) not Use, Disclose, sell, rent, license, or otherwise make available Personal Information for the Contractor's own purposes or for the benefit of anyone other than the County, without the County's express prior written consent, which the County may give or withhold in its sole and absolute discretion; B-2 Docusign Envelope ID:9200CFA6-7EEB-4A92-A28C-20983A5A13B0 (iv) not, directly or indirectly, Disclose Personal Information to any person(an "Unauthorized Third Party") other than Authorized Persons pursuant to this Agreement, without the Director's express prior written consent; and (v) County has the authority to access Contractor's incident response plan or review IT security. (D)Notwithstanding the foregoing paragraph, in any case in which the Contractor believes it, or any Authorized Person, is required to disclose Personal Information to government regulatory authorities, or pursuant to a legal proceeding, or otherwise as may be required by applicable law, Contractor shall (i) immediately notify the County of the specific demand for, and legal authority for the disclosure, including providing County with a copy of any notice, discovery demand, subpoena, or order, as applicable, received by the Contractor, or any Authorized Person, from any government regulatory authorities, or in relation to any legal proceeding, and(ii)promptly notify the County before such Personal Information is offered by the Contractor for such disclosure so that the County may have sufficient time to obtain a court order or take any other action the County may deem necessary to protect the Personal Information from such disclosure, and the Contractor shall cooperate with the County to minimize the scope of such disclosure of such Personal Information. (E) The Contractor shall remain liable to the County for the actions and omissions of any Unauthorized Third Party concerning its Use of such Personal Information as if they were the Contractor's own actions and omissions. 3. Information Security (A) The Contractor covenants, represents and warrants to the County that the Contractor's Use of Personal Information under this Agreement does and will at all times comply with all applicable federal, state, and local, privacy and data protection laws, as well as all other applicable regulations and directives, including but not limited to California Civil Code, Division 3, Part 4, Title 1.81 (beginning with section 1798.80), and the Song- Beverly Credit Card Act of 1971 (California Civil Code, Division 3, Part 4, Title 1.3, beginning with section 1747). If the Contractor Uses credit, debit or other payment cardholder information, the Contractor shall at all times remain in compliance with the Payment Card Industry Data Security Standard("PCI DSS")requirements, including remaining aware at all times of changes to the PCI DSS and promptly implementing and maintaining all procedures and practices as may be necessary to remain in compliance with the PCI DSS, in each case, at the Contractor's sole cost and expense. (B) The Contractor covenants, represents and warrants to the County that, as of the effective date of this Agreement, the Contractor has not received notice of any violation of any privacy or data protection laws, as well as any other applicable regulations or directives, and is not the subject of any pending legal action or investigation by, any government regulatory authority regarding same. B-3 Docusign Envelope ID:9200CFA6-7EEB-4A92-A28C-20983A5A13B0 (C)Without limiting the Contractor's obligations under section 3(A) of this Exhibit B, the Contractor's (or Authorized Person's) Security Safeguards shall be no less rigorous than accepted industry practices and, at a minimum, include the following: (i) limiting Use of Personal Information strictly to the Contractor's and Authorized Persons' technical and administrative personnel who are necessary for the Contractor's, or Authorized Persons', Use of the Personal Information pursuant to this Agreement; (ii) ensuring that all of the Contractor's connectivity to County computing systems will only be through the County's security gateways and firewalls, and only through security procedures approved upon the express prior written consent of the Director; (iii) to the extent that they contain or provide access to Personal Information, (a) securing business facilities, data centers,paper files, servers, back-up systems and computing equipment, operating systems, and software applications, including, but not limited to, all mobile devices and other equipment, operating systems, and software applications with information storage capability; (b) employing adequate controls and data security measures, both internally and externally, to protect (1) the Personal Information from potential loss or misappropriation, or unauthorized Use, and(2) the County's operations from disruption and abuse; (c)having and maintaining network, device application, database and platform security; (d) maintaining authentication and access controls within media, computing equipment, operating systems, and software applications; and(e) installing and maintaining in all mobile, wireless, or handheld devices a secure internet connection, having continuously updated anti-virus software protection and a remote wipe feature always enabled, all of which is subject to express prior written consent of the Director; (iv) encrypting all Personal Information at advance encryption standards of Advanced Encryption Standards (AES) of 128 bit or higher(a) stored on any mobile devices, including but not limited to hard disks,portable storage devices, or remote installation, or(b) transmitted over public or wireless networks (the encrypted Personal Information must be subject to password or pass phrase, and be stored on a secure server and transferred by means of a Virtual Private Network (VPN) connection, or another type of secure connection, all of which is subject to express prior written consent of the Director); (v) strictly segregating Personal Information from all other information of the Contractor, including any Authorized Person, or anyone with whom the Contractor or any Authorized Person deals so that Personal Information is not commingled with any other types of information; (vi) having a patch management process including installation of all operating system and software vendor security patches; B-4 Docusign Envelope ID:9200CFA6-7EEB-4A92-A28C-20983A5A13B0 (vii) maintaining appropriate personnel security and integrity procedures and practices, including,but not limited to, conducting background checks of Authorized Employees consistent with applicable law; and (viii) providing appropriate privacy and information security training to Authorized Employees. (D)During the term of each Authorized Employee's employment by the Contractor, the Contractor shall cause such Authorized Employees to abide strictly by the Contractor's obligations under this Exhibit B. The Contractor shall maintain a disciplinary process to address any unauthorized Use of Personal Information by any Authorized Employees. (E) The Contractor shall, in a secure manner, backup daily, or more frequently if it is the Contractor's practice to do so more frequently, Personal Information received from the County, and the County shall have immediate, real time access, at all times, to such backups via a secure, remote access connection provided by the Contractor, through the Internet. (F) The Contractor shall provide the County with the name and contact information for each Authorized Employee (including such Authorized Employee's work shift, and at least one alternate Authorized Employee for each Authorized Employee during such work shift) who shall serve as the County's primary security contact with the Contractor and shall be available to assist the County twenty-four(24)hours per day, seven (7) days per week as a contact in resolving the Contractor's and any Authorized Persons' obligations associated with a Security Breach or a Privacy Practices Complaint. (G)The Contractor shall not knowingly include or authorize any Trojan Horse, back door, time bomb, drop dead device, worm, virus, or other code of any kind that may disable, erase, display any unauthorized message within, or otherwise impair any County computing system, with or without the intent to cause harm. 4. Security Breach Procedures (A) Immediately upon the Contractor's awareness or reasonable belief of a Security Breach, the Contractor shall (i) notify the Director of the Security Breach, such notice to be given first by telephone at the following telephone number, followed promptly by email at the following email address: (559) 600-8900/cybersecurity(ibfresnosheriff.org which telephone number and email address the County may update by providing notice to the Contractor), and(ii)preserve all relevant evidence (and cause any affected Authorized Person to preserve all relevant evidence) relating to the Security Breach. The notification shall include, to the extent reasonably possible, the identification of each type and the extent of Personal Information that has been, or is reasonably believed to have been, breached, including but not limited to, compromised, or subjected to unauthorized Use, Disclosure, or modification, or any loss or destruction, corruption, or damage. (B) Immediately following the Contractor's notification to the County of a Security Breach, as provided pursuant to section 4(A) of this Exhibit B, the Parties shall coordinate with B-5 Docusign Envelope ID:9200CFA6-7EEB-4A92-A28C-20983A5A13B0 each other to investigate the Security Breach. The Contractor agrees to fully cooperate with the County, including, without limitation: (i) assisting the County in conducting any investigation; (ii) providing the County with physical access to the facilities and operations affected; (iii) facilitating interviews with Authorized Persons and any of the Contractor's other employees knowledgeable of the matter; and (iv) making available all relevant records, logs, files, data reporting and other materials required to comply with applicable law, regulation, industry standards, or as otherwise reasonably required by the County. To that end, the Contractor shall, with respect to a Security Breach, be solely responsible, at its cost, for all notifications required by law and regulation, or deemed reasonably necessary by the County, and the Contractor shall provide a written report of the investigation and reporting required to the Director within 30 days after the Contractor's discovery of the Security Breach. (C)County shall promptly notify the Contractor of the Director's knowledge, or reasonable belief, of any Privacy Practices Complaint, and upon the Contractor's receipt of that notification, the Contractor shall promptly address such Privacy Practices Complaint, including taking any corrective action under this Exhibit B, all at the Contractor's sole expense, in accordance with applicable privacy rights, laws, regulations and standards. In the event the Contractor discovers a Security Breach, the Contractor shall treat the Privacy Practices Complaint as a Security Breach. Within 24 hours of the Contractor's receipt of notification of such Privacy Practices Complaint, the Contractor shall notify the County whether the matter is a Security Breach, or otherwise has been corrected and the manner of correction, or determined not to require corrective action and the reason for that determination. (D)The Contractor shall take prompt corrective action to respond to and remedy any Security Breach and take mitigating actions, including but not limiting to, preventing any reoccurrence of the Security Breach and correcting any deficiency in Security Safeguards as a result of such incident, all at the Contractor's sole expense, in accordance with applicable privacy rights, laws, regulations and standards. The Contractor shall reimburse the County for all reasonable costs incurred by the County in responding to, and mitigating damages caused by, any Security Breach, including all costs of the County incurred relation to any litigation or other action described section 4(E) of this Exhibit B. (E) The Contractor agrees to cooperate, at its sole expense, with the County in any litigation or other action to protect the County's rights relating to Personal Information, including the rights of persons from whom the County receives Personal Information. B-6 Docusign Envelope ID:9200CFA6-7EEB-4A92-A28C-20983A5A13B0 5. Oversight of Security Compliance (A) The Contractor shall have and maintain a written information security policy that specifies Security Safeguards appropriate to the size and complexity of the Contractor's operations and the nature and scope of its activities. (B) Upon the County's written request, to confirm the Contractor's compliance with this Exhibit B, as well as any applicable laws, regulations and industry standards, the Contractor grants the County or,upon the County's election, a third party on the County's behalf, permission to perform an assessment, audit, examination or review of all controls in the Contractor's physical and technical environment in relation to all Personal Information that is Used by the Contractor pursuant to this Agreement. The Contractor shall fully cooperate with such assessment, audit or examination, as applicable,by providing the County or the third party on the County's behalf, access to all Authorized Employees and other knowledgeable personnel, physical premises, documentation, infrastructure and application software that is Used by the Contractor for Personal Information pursuant to this Agreement. In addition, the Contractor shall provide the County with the results of any audit by or on behalf of the Contractor that assesses the effectiveness of the Contractor's information security program as relevant to the security and confidentiality of Personal Information Used by the Contractor or Authorized Persons during the course of this Agreement under this Exhibit B. (C)The Contractor shall ensure that all Authorized Persons who Use Personal Information agree to the same restrictions and conditions in this Exhibit B. that apply to the Contractor with respect to such Personal Information by incorporating the relevant provisions of these provisions into a valid and binding written agreement between the Contractor and such Authorized Persons, or amending any written agreements to provide same. 6. Return or Destruction of Personal Information.Upon the termination of this Agreement, the Contractor shall, and shall instruct all Authorized Persons to,promptly return to the County all Personal Information, whether in written, electronic or other form or media, in its possession or the possession of such Authorized Persons, in a machine readable form used by the County at the time of such return, or upon the express prior written consent of the Director, securely destroy all such Personal Information, and certify in writing to the County that such Personal Information have been returned to the County or disposed of securely, as applicable. If the Contractor is authorized to dispose of any such Personal Information, as provided in this Exhibit B, such certification shall state the date, time, and manner(including standard) of disposal and by whom, specifying the title of the individual. The Contractor shall comply with all reasonable directions provided by the Director with respect to the return or disposal of Personal Information and copies of Personal Information. If return or disposal of such Personal Information or copies of Personal Information is not feasible, the Contractor shall notify the County according, specifying the reason, and continue to extend the protections of this Exhibit B to all such Personal Information and copies of Personal Information. The Contractor shall not retain any copy of any Personal Information after returning or disposing of Personal Information as B-7 Docusign Envelope ID:9200CFA6-7EEB-4A92-A28C-20983A5A13B0 required by this section 6. The Contractor's obligations under this section 6 survive the termination of this Agreement and apply to all Personal Information that the Contractor retains if return or disposal is not feasible and to all Personal Information that the Contractor may later discover. 7. Equitable Relief. The Contractor acknowledges that any breach of its covenants or obligations set forth in this Exhibit B may cause the County irreparable harm for which monetary damages would not be adequate compensation and agrees that, in the event of such breach or threatened breach, the County is entitled to seek equitable relief, including a restraining order, injunctive relief, specific performance and any other relief that may be available from any court, in addition to any other remedy to which the County may be entitled at law or in equity. Such remedies shall not be deemed to be exclusive but shall be in addition to all other remedies available to the County at law or in equity or under this Agreement. 8. Indemnity. The Contractor shall defend, indemnify and hold harmless the County, its officers, employees, and agents, (each, a"County Indemnitee") from and against any and all infringement of intellectual property including, but not limited to infringement of copyright, trademark, and trade dress, invasion of privacy, information theft, and extortion,unauthorized Use, Disclosure, or modification of, or any loss or destruction of, or any corruption of or damage to, Personal Information, Security Breach response and remedy costs, credit monitoring expenses, forfeitures, losses, damages, liabilities, deficiencies, actions,judgments, interest, awards, fines and penalties (including regulatory fines and penalties), costs or expenses of whatever kind, including attorneys' fees and costs, the cost of enforcing any right to indemnification or defense under this Exhibit B and the cost of pursuing any insurance providers, arising out of or resulting from any third party claim or action against any County Indemnitee in relation to the Contractor's, its officers, employees, or agents, or any Authorized Employee's or Authorized Person's,performance or failure to perform under this Exhibit B or arising out of or resulting from the Contractor's failure to comply with any of its obligations under this section 8. The provisions of this section 8 do not apply to the acts or omissions of the County. The provisions of this section 8 are cumulative to any other obligation of the Contractor to, defend, indemnify, or hold harmless any County Indemnitee under this Agreement. The provisions of this section 8 shall survive the termination of this Agreement. 9. Survival. The respective rights and obligations of the Contractor and the County as stated in this Exhibit B shall survive the termination of this Agreement. 10. No Third Party Beneficiary.Nothing express or implied in the provisions of in this Exhibit B is intended to confer, nor shall anything in this Exhibit B confer,upon any person other than the County or the Contractor and their respective successors or assignees, any rights, remedies, obligations or liabilities whatsoever. 11. No County Warranty. The County does not make any warranty or representation whether any Personal Information in the Contractor's (or any Authorized Person's) possession or control, or Use by the Contractor(or any Authorized Person), pursuant to the terms of this Agreement is or will be secure from unauthorized Use, or a Security Breach or Privacy Practices Complaint. B-8 Docusign Envelope ID:9200CFA6-7EEB-4A92-A28C-20983A5A13B0 Exhibit C FRESNO COUNTY SHERIFF'S OFFICE F o POLICY ACKNOWLEDGEMENT �s PREA—SEXUAL MISCONDUCT AND ABUSE As part of the National Standards to Prevent,Detect, and Respond to Prison Rape,the Sheriff's Office is required to ensure that all employees, contractors, and volunteers who have contact with incarcerated people are aware of their responsibilities under the Sheriff's Office sexual abuse prevention, detection, and response policy and procedure. ZERO-TOLERANCE The Fresno County Sheriff's Office maintains a ZERO-TOLERANCE policy regarding sexual abuse and sexual harassment. Not only does this include incarcerated person-on-incarcerated person sexual assault, but also sexual abuse, sexual misconduct, and sexual harassment of an incarcerated person by a staff member, contractor, or volunteer. SEXUAL ABUSE -IMMEDIATE RESPONSE If the incarcerated person was sexually abused within a time period that still allows for the collection of physical evidence, request that the victim not take any actions that could destroy the evidence (e.g., showering, brushing teeth, changing clothes, using the restroom, eating, drinking), and then immediately notify correctional staff. REPORTING ALLEGATIONS An incarcerated person may report sexual abuse* to any employee, volunteer, or contractor. If the incarcerated person reports the sexual abuse to you,you are required to immediately notify your supervisor and report the information to the on-duty Jail Watch Commander(600-8440). *Incarcerated people may report any aspect of sexual abuse,sexual misconduct,and sexual harassment;retaliation by other incarcerated people or staff for reporting sexual abuse and sexual harassment; and staff neglect or violation of responsibilities that may have contributed to an incident of sexual abuse. Any allegation is a very serious situation and shall be treated with discretion and confidentiality. Apart from reporting to your supervisor and the Jail Watch Commander, do not reveal any information related to the sexual abuse to anyone other than those who "need to know" (i.e., those who need to make treatment, investigation, and other security and management decisions). SENSITIVITY Victims of sexual abuse may be seriously traumatized both physically and mentally. You are expected to be sensitive to the incarcerated person during your interactions with them. SEXUAL DISORDERLY CONDUCT By choosing to work in a jail environment,you have accepted the possibility that you may face inappropriate and socially deviant behavior. While it is not possible to stop all obscene comments and conduct by incarcerated people, neither shall it be accepted; acts of indecent exposure, sexual disorderly conduct and exhibitionist masturbation will not be tolerated. Any incarcerated person who engages in indecent exposure or sexual disorderly conduct shall be reported immediately to correctional staff, with a follow-up advisement to your supervisor. Sexually hostile conduct shall not be ignored. If you have any questions,please contact Please sign and return the attached Policy Acknowledgement form to your supervisor. C-1 Docusign Envelope ID:9200CFA6-7EEB-4A92-A28C-20983A5A13B0 FRESNO COUNTY SHERIFF'S OFFICEJAIL DIVISION POLICY ACKNOWLEDGEMENT PREA-SEXUAL MISCONDUCT AND ABUSE I hereby acknowledge that I received a copy of the Sexual Misconduct and Abuse policy for the Custody Division of the Fresno County Sheriff's Office and that I have read it, understand its meaning, and agree to conduct myself in accordance with it. Signed: Date: Print Name: Name of Employer: Name of Supervisor: C-2 Docusign Envelope ID:9200CFA6-7EEB-4A92-A28C-20983A5A13B0 Exhibit D COUNTY OF FRESNO SHERIFF'S OFFICE GUEST, OBSERVER, VOLUNTEER, OR NON- EMPLOYEEAGREEMENT ASSUMING RISK OF INJURY OR DAMAGEWAIVER AND RELEASE OF CLAIMS Whereas the undersigned, not being a member, employee, or agent of any law enforcement department, has made a voluntary request for permission to act as an observer, guest or volunteer in the Fresno County Detention Facilities and has requested permission to accompany and/or work with the assigned personnel of the Fresno County Jail Division during the performance of their official duties; And, whereas, the undersigned acknowledges that the work and activities of saidFresno County Jail Division at any time can be dangerous involving possible risk of injury, damage, expense, or loss to person or property. It is understood that the Fresno County Sheriff's Office has a strict "No Hostage" policy, which means that no inmate willbe allowed to leave a detention facility because of the taking of a hostage. Force may be necessary to rescue hostages. This policy will be applied in all cases without regard to the sex, age, or status of any hostage. Now,therefore,be it understood that the undersigned hereby agrees that the County of Fresno, the Fresno County Sheriff's Office and members of the Fresno County Sheriff's Office Jail Division and each of them shall not be held liable or responsible under any circumstances whatsoever by the undersigned, his or her estate, or heirs, for any injury, damage, expense, or loss to the person or property of the undersigned, incurred while acting as a guest-observer within the confines of the Fresno County Detention Facilities or while accompanying a staff member of the Fresno County Jail Division during the active performance of his/her official duties. *READ THIS DOCUMENT COMPLETELY BEFORE SIGNING* SIGNATURE: DATE: PARENT/GUARDIAN: ADDRESS: HOME PHONE: WORK PHONE: COMPLETE BACK OF FORM J-180 D-1 Docusign Envelope ID:9200CFA6-7EEB-4A92-A28C-20983A5A13B0 FRESNO COUNTY SHERIFF'S OFFICE GUEST, OBSERVER, VOLUNTEER, OR NON-EMPLOYEE NAME: SEX: M F Last First Middle (Circle one) ADDRESS: Number Street Apt.# City State ZIP DRIVER'S LICENSE#: STATE: D-2 Docusign Envelope ID:9200CFA6-7EEB-4A92-A28C-20983A5A13B0 BUSINESS/OCCUPATION/SCHOOL: RACE: HAIR: EYES: HEIGHT: WEIGHT: PLACE OF BIRTH: City State BIRTHDATE: IN CASE OF EMERGENCY/ACCIDENT (Nearest relative, parent/guardian): NAME: PHONE#: ADDRESS: Number Street Apt.# City State ZIP FAMILY DOCTOR/MEDICAL SERVICES REQUESTED BY OBSERVER IF INJUREDOR ILL: Received by: wAF Computer#: Date of Tour: D-3 For accounting use only: Org No.: 31114000 Account No.: 4975 Fund No.:0001 Subclass No.10000