HomeMy WebLinkAboutAgreement A-18-685-1 with Beacon Health Options.pdf- 1 -
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
AMENDMENT I TO AGREEMENT
THIS AMENDMENT, hereinafter referred to as “Amendment I”, is made and entered into
this ____ day of ___________, 2020, by and between the COUNTY OF FRESNO, a Political
Subdivision of the State of California, hereinafter referred to as “COUNTY”, BEACON HEALTH
OPTIONS OF CALIFORNIA, INC. formerly known as VALUEOPTIONS OF CALIFORNIA, INC., a
California For-Profit Organization, whose address is 5665 Plaza Drive, Suite 400 Cypress, CA 90630,
herein after referred to as "CONTRACTOR." Reference in this Agreement to "party" or "parties" shall be
understood to refer to COUNTY and CONTRACTOR, unless otherwise specified.
WHEREAS, the parties entered into that certain Agreement, identified as COUNTY Agreement
No. 18-685, effective December 11, 2018, hereinafter referred to as the Agreement, whereby
CONTRACTOR agreed to provide certain 24/7 Substance Use Disorder (SUD) Access Line, SUD
Residential Authorizations services to COUNTY’s Department of Behavioral Health (DBH); and
WHEREAS, ValueOptions of California, Inc. changed its name to Beacon Health Options of
California, Inc. on November 15, 2019; and
WHEREAS the parties desire to amend the Agreement, regarding changes as stated below and
restate the Agreement in its entirety.
NOW, THEREFORE, in consideration of the mutual covenants, terms and conditions herein
contained, the parties hereto agree as follows:
1.That all references in existing COUNTY Agreement No. 18-685 to “ValueOptions of
California, Inc.” shall be changed to “Beacon Health Options of California, Inc.”
2.That the existing COUNTY Agreement No. 18-685, Section Two (2) “TERM”, shall be
revised by adding the following at Page Three (3), Line Twenty-Six (26) after the word “herein”:
“This Agreement shall be extended for an additional twelve (12) month period beginning
July 1, 2020 through June 30, 2021.”
3. That the existing COUNTY Agreement No. 18-685, Section Four (4)
“COMPENSATION”, shall be revised by adding the following at Page Five (5), Line Twelve (12) after
the number “($2,600,000.00):
A greement No. 18-685-1
28th April
- 2 -
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
“The maximum compensation amount under this Agreement for the term July 1, 2020
through June 30, 2021 shall not exceed One Million, Two Hundred Thirty-Two Thousand, Nine Hundred
Twenty-Eight and No/100 Dollars ($1,232,928.00).
The maximum compensation amount under this Agreement for the term December 11,
2018 through June 30, 2021 shall not exceed Five Million, Three Hundred Thirty-Two Thousand, Nine
Hundred Thirty and No/100 Dollars ($5,332,930).”
4.That Exhibit B, “Budget,” to the existing COUNTY Agreement No. 18-685 shall be
replaced with “Exhibit B-1,” which is attached hereto and incorporated herein by reference.
5.That all references in existing COUNTY Agreement No. 18-685 to “Exhibit B” shall be
changed to read “Exhibit B-1.”
6.That Exhibit H, “Business Associated Agreement,” which is attached hereto and
incorporated by reference, shall be added to this Agreement.
7.COUNTY and CONTRACTOR agree that this Amendment I is sufficient to amend the
Agreement; and that upon execution of this Amendment I, the Agreement and Amendment I together
shall be considered the Agreement.
The Agreement, as hereby amended, is ratified and continued. All provisions, terms,
covenants, conditions, and promises contained in the Agreement and not amended herein shall remain
in full force and effect. This Amendment I shall be effective upon execution.
///
///
///
///
///
///
///
///
///
1 IN WITNESS WHEREOF, the parties hereto have executed this Amendment I to Agreement as
2 of the day and year first hereinabove written.
3 CONTRACTOR: COUNTY OF FRESNO:
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
BEACON HEAL TH OPTIONS OF CALIFORNIA, INC.
By----,-/) ': 0/~7t(;_;c> ~
Print Name: Daniel M. Risku
Title: _E_V_P_&_G_e_n_er_a_l C_o_u_n_se_l __ _
Chairman of the Board, or
President, or any Vice President
Date: __ 4_/2_7_/2_02_0 __ _
Mailing Address:
5665 Plaza Drive Suite 400, Cypress, CA
90630 Contact: Chief Executive Office
Fund/Subclass:
Organization:
Account#:
0001/10000
56302081 ($5,332,930.00)
7295
27 CR
28
-3 -
By£~~~ ErnesIBuddyMfies,
Chairman of the Board of Supervisors
of the County of Fresno
BERNICE E. SEIDEL,
Clerk of the Board of Supervisors
County of Fresno, State of California
By chd ro:) ~
Deputy
Exhibit B‐1
Beacon Health Options of California, Inc.
Budget
24/7 SUD Access Line and Prior/Concurrent Authorizations of SUD Residential Services
$200,002
January 1, 2019 ‐ June 30, 2020
Cost
$164,688
$28.80 /call
$61.50/authorization
See Exhibit D for rates
July 1, 2020 ‐ June 30, 2021
Cost
$100,244
$28.80 /call
$61.50/authorization
See Exhibit D for rates
$200,002
$1,300,000
$2,600,000
$1,232,928
$5,332,930
January 1, 2019 ‐ June 30, 2020
*Includes up to 700 calls made to the 24/7 SUD Access Line and up to 400 authorizations processed
**Per call received after initial 700 call volume has been reached
***Per authorization processed after initial 400 authorization has been reached
****Electronic Health Record charges are to be charged to COUNTY according to the rates set forth in Exhibit D
July 1, 2020 ‐ June 30, 2021
*Includes up to 350 calls made to the 24/7 SUD Access Line and up to 150 admissions processed.
**Per call received after initial 350 call volume has been reached
***Per admission processed after initial 150 authorization has been reached
****Electronic Health Record charges are to be charged to COUNTY according to the rates set forth in Exhibit D
Monthly
Base Charge*
24/7 SUD Access Line**
Prior/Concurrent Authorizations***
Electronic Health Record Charges****
Electronic Health Record Charges****
Implementation Costs (Agreement Execution through December 31, 2018)
Monthly
Base Charge*
24/7 SUD Access Line**
Prior/Concurrent Authorizations***
January 1, 2019 ‐ June 30, 2019
July 1, 2019 ‐ June 30, 2020
Annual maximums not to exceed:
CONTRACTOR is to invoice COUNTY according to the COMPENSATION and INVOICING sections of
this agreement based on the monthly charges included in this Exhibit B‐1
Total Agreement Maximum
Implementation Costs (Upon execution through December 31, 2018)
July 1, 2020 ‐ June 30, 2021
EXHIBIT H
HIPAA Business Associate provision (5/21/2018)
1. HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT
A. The parties to this Agreement shall be in strict conformance with all
applicable Federal and State of California laws and regulations, including but not limited to
Sections 5328, 10850, and 14100.2 et seq. of the Welfare and Institutions Code, Sections 2.1
and 431.300 et seq. of Title 42, Code of Federal Regulations (CFR), Section 56 et seq. of the
California Civil Code, and the Health Insurance Portability and Accountability Act (HIPAA),
including but not limited to Section 1320 D et seq. of Title 42, United States Code (USC) and its
implementing regulations, including, but not limited to Title 45, CFR, Sections 142, 160, 162,
and 164, The Health Information Technology for Economic and Clinical Health Act (HITECH)
regarding the confidentiality and security of patient information and the Genetic Information
Nondiscrimination Act (GINA) of 2008 regarding the confidentiality of genetic information.
Except as otherwise provided in this Agreement, CONTRACTOR, as a Business
Associate of COUNTY, may use or disclose Protected Health Information (PHI) to perform
functions, activities or services for or on behalf of COUNTY, as specified in this Agreement,
provided that such use or disclosure shall not violate the HIPAA, USC 1320d et seq. The uses
and disclosures of PHI may not be more expansive than those applicable to COUNTY, as the
“Covered Entity” under the HIPAA Privacy Rule (45 CFR 164.500 et seq), except as authorized
for management, administrative or legal responsibilities of the Business Associate.
Notwithstanding the previous paragraph, CONTRACTOR may use PHI for the
proper management and administration of CONTRACTOR or to carry out the legal
responsibilities of CONTRACTOR. Furthermore, CONTRACTOR may disclose PHI for the
above purposes, provided that such disclosures are required by law, or CONTRACTOR obtains
reasonable assurances from the person to whom the information is disclosed that it will remain
confidential and used or further disclosed only as required by law or for the purpose for which it
was disclosed to the person, and the person promptly notifies CONTRACTOR of any instances
of which it is aware in which the confidentiality of the information has been breached.
EXHIBIT H
To the extent that any PHI exchanged between the parties consists of “patient
identifying information” or “records” as defined in 42 C.F.R. § 2.11, originally provided to either
party pursuant to a written release, the parties agree that they are both fully bound by the
provisions of the federal regulations governing “Confidentiality of Substance Use Disorder
Patient Records” (42 C.F.R. Part 2), with respect to such information and records, including, but
not limited to, the provisions related to disclosure and re-disclosure thereof.
B. CONTRACTOR, including its subcontractors and employees, shall
protect, from unauthorized access, use, or disclosure of names and other identifying
information, including genetic information, concerning persons receiving services pursuant to
this Agreement, except where permitted in order to carry out data aggregation purposes for
health care operations [45 CFR Sections 164.504 (e)(2)(i), 164.504 (3)(2)(ii)(A), and 164.504
(e)(4)(i)]. This pertains to any and all persons receiving services pursuant to a COUNTY funded
program. This requirement applies to electronic PHI. CONTRACTOR shall not use such
identifying information or genetic information for any purpose other than carrying out
CONTRACTOR’s obligations under this Agreement.
C. CONTRACTOR, including its subcontractors and employees, shall not
disclose any such identifying information or genetic information to any person or entity, except
as otherwise specifically permitted by this Agreement, authorized by Subpart E of 45 CFR Part
164 or other law, required by the Secretary, or authorized by the client/patient in writing. In
using or disclosing PHI that is permitted by this Agreement or authorized by law,
CONTRACTOR shall make reasonable efforts to limit PHI to the minimum necessary to
accomplish intended purpose of use, disclosure or request.
D. For purposes of the above sections, identifying information shall include,
but not be limited to name, identifying number, symbol, or other identifying particular assigned to
the individual, such as finger or voice print, or a photograph.
E. For purposes of the above sections, genetic information shall include
genetic tests of family members of an individual or individual, manifestation of disease or
disorder of family members of an individual, or any request for or receipt of, genetic services by
EXHIBIT H
individual or family members. Family member means a dependent or any person who is first,
second, third, or fourth degree relative.
F. CONTRACTOR shall provide access, at the request of COUNTY, and in
the time and manner designated by COUNTY, to PHI in a designated record set (as defined in
45 CFR Section 164.501), to an individual or to COUNTY in order to meet the requirements of
45 CFR Section164.524 regarding access by individuals to their PHI. With respect to individual
requests, access shall be provided within thirty (30) days from request. Access may be
extended if CONTRACTOR cannot provide access and provide individual with the reasons for
the delay and the date when access may be granted. PHI shall be provided in the form and
format requested by the individual or COUNTY.
CONTRACTOR shall make any amendment(s) to PHI in a designated
record set at the request of COUNTY, or individual, and in the time and manner designated by
COUNTY in accordance with 45 CFR Section 164.526.
CONTRACTOR shall provide to COUNTY or to an individual, in a time
and manner designated by COUNTY, information collected in accordance with 45 CFR Section
164.528, to permit COUNTY to respond to a request by the individual for an accounting of
disclosures of PHI in accordance with 45 CFR Section 164.528.
G. CONTRACTOR shall report to COUNTY, in writing, any knowledge or
reasonable belief that there has been unauthorized access, viewing, use, disclosure, security
incident, or breach of unsecured PHI not permitted by this Agreement of which it becomes
aware, immediately and without reasonable delay and in no case later than two (2) business
days of discovery. Immediate notification shall be made to COUNTY’s Information Security
Officer and Privacy Officer and COUNTY’s DBH HIPAA Representative, within two (2) business
days of discovery. The notification shall include, to the extent possible, the identification of each
individual whose unsecured PHI has been, or is reasonably believed to have been, accessed,
acquired, used, disclosed, or breached.
CONTRACTOR shall take prompt corrective action to cure any
deficiencies and any action pertaining to such unauthorized disclosure required by applicable
EXHIBIT H
Federal and State Laws and regulations. CONTRACTOR shall investigate such breach and is
responsible for all notifications required by law and regulation or deemed necessary by
COUNTY and shall provide a written report of the investigation and reporting required to
COUNTY’s Information Security Officer and Privacy Officer and COUNTY’s DBH HIPAA
Representative. This written investigation and description of any reporting necessary shall be
postmarked within the thirty (30) working days of the discovery of the breach to the addresses
below:
County of Fresno County of Fresno County of Fresno
Department of Behavioral Health Dept. of Public Health Information Technology
Services
HIPAA Representative Privacy Officer Information Security Officer
(559) 600-6798 (559) 600-6405 (559) 600-5800
3147 N. Millbrook Ave (559) 600-6439 2048 N. Fine Ave
Fresno, CA 93703 P.O. Box 11867 Fresno, CA 93727
Fresno, CA 93721
H. CONTRACTOR shall make its internal practices, books, and records
relating to the use and disclosure of PHI received from COUNTY, or created or received by the
CONTRACTOR on behalf of COUNTY, in compliance with HIPAA’s Privacy Rule, including, but
not limited to the requirements set forth in Title 45, CFR, Sections 160 and 164.
CONTRACTOR shall make its internal practices, books, and records relating to the use and
disclosure of PHI received from COUNTY, or created or received by the CONTRACTOR on
behalf of COUNTY, available to the United States Department of Health and Human Services
(Secretary) upon demand.
CONTRACTOR shall cooperate with the compliance and investigation
reviews conducted by the Secretary. PHI access to the Secretary must be provided during the
CONTRACTOR’s normal business hours, however, upon exigent circumstances access at any
time must be granted. Upon the Secretary’s compliance or investigation review, if PHI is
unavailable to CONTRACTOR and in possession of a Subcontractor, it must certify efforts to
obtain the information to the Secretary.
I. Safeguards
CONTRACTOR shall implement administrative, physical, and technical
EXHIBIT H
safeguards as required by the HIPAA Security Rule, Subpart C of 45 CFR 164, that reasonably
and appropriately protect the confidentiality, integrity, and availability of PHI, including electronic
PHI, that it creates, receives, maintains or transmits on behalf of COUNTY and to prevent
unauthorized access, viewing, use, disclosure, or breach of PHI other than as provided for by
this Agreement. CONTRACTOR shall conduct an accurate and thorough assessment of the
potential risks and vulnerabilities to the confidential, integrity and availability of electronic PHI.
CONTRACTOR shall develop and maintain a written information privacy and security program
that includes administrative, technical and physical safeguards appropriate to the size and
complexity of CONTRACTOR’s operations and the nature and scope of its activities. Upon
COUNTY’s request, CONTRACTOR shall provide COUNTY with information concerning such
safeguards.
CONTRACTOR shall implement strong access controls and other
security safeguards and precautions in order to restrict logical and physical access to
confidential, personal (e.g., PHI) or sensitive data to authorized users only. Said safeguards
and precautions shall include the following administrative and technical password controls for all
systems used to process or store confidential, personal, or sensitive data:
1. Passwords must not be:
a. Shared or written down where they are accessible or
recognizable by anyone else; such as taped to computer screens, stored under keyboards, or
visible in a work area;
b. A dictionary word; or
c. Stored in clear text
2. Passwords must be:
a. Eight (8) characters or more in length;
b. Changed every ninety (90) days;
c. Changed immediately if revealed or compromised; and
d. Composed of characters from at least three of the following
four groups from the standard keyboard:
EXHIBIT H
1) Upper case letters (A-Z);
2) Lowercase letters (a-z);
3) Arabic numerals (0 through 9); and
4) Non-alphanumeric characters (punctuation
symbols).
CONTRACTOR shall implement the following security controls on each
workstation or portable computing device (e.g., laptop computer) containing confidential,
personal, or sensitive data:
1. Network-based firewall and/or personal firewall;
2. Continuously updated anti-virus software; and
3. Patch management process including installation of all operating
system/software vendor security patches.
CONTRACTOR shall utilize a commercial encryption solution that has
received FIPS 140-2 validation to encrypt all confidential, personal, or sensitive data stored on
portable electronic media (including, but not limited to, compact disks and thumb drives) and on
portable computing devices (including, but not limited to, laptop and notebook computers).
CONTRACTOR shall not transmit confidential, personal, or sensitive data
via e-mail or other internet transport protocol unless the data is encrypted by a solution that has
been validated by the National Institute of Standards and Technology (NIST) as conforming to
the Advanced Encryption Standard (AES) Algorithm. CONTRACTOR must apply appropriate
sanctions against its employees who fail to comply with these safeguards. CONTRACTOR
must adopt procedures for terminating access to PHI when employment of employee ends.
J. Mitigation of Harmful Effects
CONTRACTOR shall mitigate, to the extent practicable, any harmful
effect that is suspected or known to CONTRACTOR of an unauthorized access, viewing, use,
disclosure, or breach of PHI by CONTRACTOR or its subcontractors in violation of the
requirements of these provisions. CONTRACTOR must document suspected or known harmful
effects and the outcome.
EXHIBIT H
K. CONTRACTOR’s Subcontractors
CONTRACTOR shall ensure that any of its contractors, including
subcontractors, if applicable, to whom CONTRACTOR provides PHI received from or created or
received by CONTRACTOR on behalf of COUNTY, agree to the same restrictions, safeguards,
and conditions that apply to CONTRACTOR with respect to such PHI and to incorporate, when
applicable, the relevant provisions of these provisions into each subcontract or sub-award to
such agents or subcontractors.
L. Employee Training and Discipline
CONTRACTOR shall train and use reasonable measures to ensure
compliance with the requirements of these provisions by employees who assist in the
performance of functions or activities on behalf of COUNTY under this Agreement and use or
disclose PHI and discipline such employees who intentionally violate any provisions of these
provisions, including termination of employment.
M. Termination for Cause
Upon COUNTY’s knowledge of a material breach of these provisions by
CONTRACTOR, COUNTY shall either:
1. Provide an opportunity for CONTRACTOR to cure the breach or
end the violation and terminate this Agreement if CONTRACTOR does not cure the breach or
end the violation within the time specified by COUNTY; or
2. Immediately terminate this Agreement if CONTRACTOR has
breached a material term of these provisions and cure is not possible.
3. If neither cure nor termination is feasible, the COUNTY Privacy
Officer shall report the violation to the Secretary of the U.S. Department of Health and Human
Services.
N. Judicial or Administrative Proceedings
COUNTY may terminate this Agreement in accordance with the terms
and conditions of this Agreement as written hereinabove, if: (1) CONTRACTOR is found guilty
in a criminal proceeding for a violation of the HIPAA Privacy or Security Laws or the HITECH
EXHIBIT H
Act; or (2) a finding or stipulation that the CONTRACTOR has violated a privacy or security
standard or requirement of the HITECH Act, HIPAA or other security or privacy laws in an
administrative or civil proceeding in which the CONTRACTOR is a party.
O. Effect of Termination
Upon termination or expiration of this Agreement for any reason,
CONTRACTOR shall return or destroy all PHI received from COUNTY (or created or received
by CONTRACTOR on behalf of COUNTY) that CONTRACTOR still maintains in any form, and
shall retain no copies of such PHI. If return or destruction of PHI is not feasible, it shall continue
to extend the protections of these provisions to such information, and limit further use of such
PHI to those purposes that make the return or destruction of such PHI infeasible. This provision
shall apply to PHI that is in the possession of subcontractors or agents, if applicable, of
CONTRACTOR. If CONTRACTOR destroys the PHI data, a certification of date and time of
destruction shall be provided to the COUNTY by CONTRACTOR.
P. Disclaimer
COUNTY makes no warranty or representation that compliance by
CONTRACTOR with these provisions, the HITECH Act, HIPAA or the HIPAA regulations will be
adequate or satisfactory for CONTRACTOR’s own purposes or that any information in
CONTRACTOR’s possession or control, or transmitted or received by CONTRACTOR, is or will
be secure from unauthorized access, viewing, use, disclosure, or breach. CONTRACTOR is
solely responsible for all decisions made by CONTRACTOR regarding the safeguarding of PHI.
Q. Amendment
The parties acknowledge that Federal and State laws relating to
electronic data security and privacy are rapidly evolving and that amendment of these
provisions may be required to provide for procedures to ensure compliance with such
developments. The parties specifically agree to take such action as is necessary to amend this
agreement in order to implement the standards and requirements of HIPAA, the HIPAA
regulations, the HITECH Act and other applicable laws relating to the security or privacy of PHI.
COUNTY may terminate this Agreement upon thirty (30) days written notice in the event that
EXHIBIT H
CONTRACTOR does not enter into an amendment providing assurances regarding the
safeguarding of PHI that COUNTY in its sole discretion deems sufficient to satisfy the standards
and requirements of HIPAA, the HIPAA regulations and the HITECH Act.
R. No Third-Party Beneficiaries
Nothing express or implied in the terms and conditions of these provisions
is intended to confer, nor shall anything herein confer, upon any person other than COUNTY or
CONTRACTOR and their respective successors or assignees, any rights, remedies, obligations
or liabilities whatsoever.
S. Interpretation
The terms and conditions in these provisions shall be interpreted as
broadly as necessary to implement and comply with HIPAA, the HIPAA regulations and
applicable State laws. The parties agree that any ambiguity in the terms and conditions of these
provisions shall be resolved in favor of a meaning that complies and is consistent with HIPAA
and the HIPAA regulations.
T. Regulatory References
A reference in the terms and conditions of these provisions to a section in
the HIPAA regulations means the section as in effect or as amended.
U. Survival
The respective rights and obligations of CONTRACTOR as stated in this
Section shall survive the termination or expiration of this Agreement.
V. No Waiver of Obligations
No change, waiver or discharge of any liability or obligation hereunder on
any one or more occasions shall be deemed a waiver of performance of any continuing or other
obligation, or shall prohibit enforcement of any obligation on any other occasion.