Common use of Clinical Management for Behavioral Health Services Clause in Contracts

Clinical Management for Behavioral Health Services. (CMBHS) 1. Grantee shall ensure that it has appropriate internet access and a reasonable number of computers of sufficient capability to use CMBHS. If Grantee purchases equipment with System Agency funds, the equipment shall be inventoried, maintained in working order, and appropriately secured. 2. Grantee shall notify System Agency immediately if a security violation is detected, or if Grantee has any reason to suspect that the security or integrity of CMBHS data has been or may be compromised in any way. Grantee is required to update records on a daily basis to reflect any changes in CMBHS user account status. 3. Grantee shall ensure that adequate internal controls, security, and oversight are established for the approval and electronic transfer of information regarding payments and reporting requirements. Grantee shall ensure that the electronic payment requests and reports transmitted contain true, accurate, and complete information. 4. System Agency may limit or deny Grantee access to CMBHS at any time, at its sole discretion, and Grantee shall not incur any liability for failure to meet any Contract requirements resulting from such limited or denied access. 5. Grantee shall use the following CMBHS components/functionality, in accordance with System Agency’s instructions: a. Staff Member; b. User Profiles; c. Assign Roles; and d. Enrolled individuals Profile. 6. Grantee’s network monitoring shall include contracting or providing troubleshooting or assistance with Grantee-owned Wide Area Networks (WANs), Local Area Networks (LANs), router switches, network hubs or other equipment and Internet Service Provider (ISP). Grantee is responsible for maintaining local procedures to end-users and is responsible for data backup, data restoration, and contingency planning functions for all local data. Grantee shall: a. Create, delete, and modify end-user LAN-based accounts; b. Change/reset user local passwords as necessary; c. Administer security additions/changes and deletions for CMBHS; d. Install, maintain, monitor, and support Grantee LANs and WANs; and e. Select, purchase service from, and monitor performance of its ISP. 7. System Agency will provide support for CMBHS including problem tracking and problem resolution. System Agency will provide telephone numbers for Grantee to access expert assistance for CMBHS related problem resolution. System Agency will provide initial CMBHS training which Grantee is required to attend. Grantee shall provide subsequent ongoing end-user training, as needed. 8. Grantee shall designate a security administrator and a back-up security administrator. The security administrator is required to implement and maintain a system for management of user accounts/user roles to ensure that all the CMBHS user accounts are current. Grantee shall develop and maintain a written security policy that ensures adequate system security and protection of confidential information to prevent unauthorized disclosure and to respond to, notify participants of, and mitigate any unauthorized use or disclosure of confidential information. Grantee shall fulfill the following requirements: a. Grantee shall submit a signed Attachment A-2, Security Administrator Attestation and Authorized Users List to provide the names of employees and contracted laborers authorized to have access to secure data. Grantee shall ensure that access to CMBHS is restricted to currently authorized users only. System Agency shall, within 24 hours, remove access to users who are no longer authorized to have access to secure data. Grantee shall also use Attachment A-2, the name, phone number, and email address of the primary and secondary security administrators no later than two weeks following the effective date of the Contract and every six (6) months thereafter. Information will be submitted via e-mail to the following e-mail address: xxxxxxxxxxx@xxxx.xxxxx.xx.xx, as well as to the assigned Contract Manager. b. Grantee shall use Attachment A-2, Security Administrator Attestation and Authorized Users List to notify System Agency within ten (10) business days of any change to the designated security administrator or the back-up security administrator.

Clinical Management for Behavioral Health Services. (CMBHS) 1. Grantee shall ensure that it has appropriate internet access and a reasonable number of computers of sufficient capability to use CMBHS. If Grantee purchases equipment with System Agency funds, the equipment shall be inventoried, maintained in working order, and appropriately secured. 2. Grantee shall notify System Agency immediately if a security violation is detected, or if Grantee has any reason to suspect that the security or integrity of CMBHS data has been or may be compromised in any way. Grantee is required to update records on a daily basis to reflect any changes in CMBHS user account status. 3. Grantee shall ensure that adequate internal controls, security, and oversight are established for the approval and electronic transfer of information regarding payments and reporting requirements. Grantee shall ensure that the electronic payment requests and reports transmitted contain true, accurate, and complete information. 4. System Agency may limit or deny Grantee access to CMBHS at any time, at its sole discretion, and Grantee shall not incur any liability for failure to meet any Contract requirements resulting from such limited or denied access. 5. Grantee shall use the following CMBHS components/functionality, in accordance with System Agency’s instructions:accordance a. Staff Member; b. User Profiles; c. Assign Roles; and d. Enrolled individuals Profile. 6. Grantee’s network monitoring shall include contracting or providing troubleshooting or assistance with Grantee-owned Wide Area Networks (WANs), Local Area Networks (LANs), router switches, network hubs or other equipment and Internet Service Provider (ISP). Grantee is responsible for maintaining local procedures to end-users and is responsible for data backup, data restoration, and contingency planning functions for all local data. Grantee shall: a. Create, delete, and modify end-user LAN-based accounts; b. Change/reset user local passwords as necessary; c. Administer security additions/changes and deletions for CMBHS; d. Install, maintain, monitor, and support Grantee LANs and WANs; and e. Select, purchase service from, and monitor performance of its ISP. 7. System Agency will provide support for CMBHS including problem tracking and problem resolution. System Agency will provide telephone numbers for Grantee to access expert assistance for CMBHS related problem resolution. System Agency will provide initial CMBHS training which Grantee is required to attend. Grantee shall provide subsequent ongoing end-user training, as needed. 8. Grantee shall designate a security administrator and a back-up security administrator. The security administrator is required to implement and maintain a system for management of user accounts/user roles to ensure that all the CMBHS user accounts are current. Grantee shall develop and maintain a written security policy that ensures adequate system security and protection of confidential information to prevent unauthorized disclosure and to respond to, notify participants of, and mitigate any unauthorized use or disclosure of confidential information. Grantee shall fulfill the following requirements: a. Grantee shall submit a signed Attachment A-2, Security Administrator Attestation and Authorized Users List to provide the names of employees and contracted laborers authorized to have access to secure data. Grantee shall ensure that access to CMBHS is restricted to currently authorized users only. System Agency shall, within 24 hours, remove access to users who are no longer authorized to have access to secure data. Grantee shall also use Attachment A-2, the name, phone number, and email address of the primary and secondary security administrators no later than two weeks following the effective date of the Contract and every six (6) months thereafter. Information will be submitted via e-mail to the following e-mail address: xxxxxxxxxxx@xxxx.xxxxx.xx.xx, as well as to the assigned Contract Manager. b. Grantee shall use Attachment A-2, Security Administrator Attestation and Authorized Users List to notify System Agency within ten (10) business days of any change to the designated security administrator or the back-up security administrator.