Common use of DUPLICATE COUNTERPARTS Clause in Contracts

DUPLICATE COUNTERPARTS. 24 This Agreement may be executed in duplicate counterparts, each of which shall be deemed a 25 duplicate original. The Agreement shall be deemed executed when signed by both parties. COUNTY OF MERCED CONTRACTOR 3 A political Subdivision of the State of California By By 5 Chairman, Board of Supervisors 7 Date 9 APPROVED AS TO LEGAL FORM RECOMMENDED FOR APPROVAL: XXXXX X. XXXXXXX MERCED COUNTY MENTAL HEALTH 10 MERCED COUNTY COUNSEL By By 12 Deputy Xxxxx X. Xx Xxxx Acting Director, Mental Health 2 Addendum Number: 3 HIPAA BUSINESS ASSOCIATE ADDENDUM This Health Insurance Portability Accountability Act (hereafter referred to as “HIPAA”) Business Associate 5 Addendum supplements and is made a part of the parties underlying Agreement (Contract No.: ) by and between Merced County and the other contracting party (referred to hereafter as “Business Associate”). 7 requirements of HIPAA, codified at Title 42 USC 1320d et. seq., and its implementing regulations, including but not limited to Title 45 CFR, Parts 160 and 164, as amended from time to time, hereinafter 9 Privacy Rule and Security Rule. 1. Use and Disclosure of Protected Health Information: a. Except as otherwise provided in this Addendum, Business Associate may use or 11 disclose HIPAA protected health information (hereafter referred to as “PHI”) or electronic protected health information (hereinafter referred to as “EPHI”) to perform 12 functions, activities or services for or on behalf of the County, as specified in this Addendum, provided that such use or disclosure would not violate the Privacy Rule or 13 Security Rule if done by the County or the minimum necessary policies and procedures of the County component. 14 b. Except as otherwise limited in this Addendum, Business Associate may use and disclose PHI/EPHI for the proper management and administration of the Business 15 Associate or to carry out the legal responsibilities of the Business Associate, provided that such disclosures are required by law or Business Associate obtains reasonable 16 assurances from the person or entity to whom the information is disclosed that such PHI/EPHI will remain confidential and used or further disclosed only as required by law 17 or for the purpose for which it was disclosed to the person or entity, and that such person or entity notifies the Business Associate of any instances of which it is aware in 18 which the confidentiality of the information has been breeched.

DUPLICATE COUNTERPARTS. 24 This Agreement may be executed in duplicate counterparts, each of which shall be deemed a 25 duplicate original. The Agreement shall be deemed executed when signed by both parties. COUNTY OF MERCED CONTRACTOR 3 A political Political Subdivision of the State of California By: By By 5 Chairman, Board of Supervisors 7 Date 9 APPROVED AS TO LEGAL FORM FORM: RECOMMENDED FOR APPROVAL: APPROVAL XXXXX X. XXXXXXX MERCED COUNTY MENTAL HEALTH 10 MERCED COUNTY COUNSEL By By 12 Deputy Xxxxx X. Xx Xxxx Acting Director, Mental Health 2 Addendum NumberBudget Unit: 3 HIPAA BUSINESS ASSOCIATE ADDENDUM 41505 Expenditure Account: 21800 Mode of Service: 05 Service Function: N/A Provider #2415 Legal Entity #00024 This Health Insurance Portability Accountability Act (hereafter referred to as “HIPAA”) Business Associate 5 Addendum supplements and is made a part of the parties underlying Agreement (Contract No.: ) by and between Merced County and the other contracting party (referred to hereafter as “Business Associate”). 7 Business Associate shall comply with, and assist the County in complying with, the privacy and security requirements of HIPAA, codified at Title 42 USC 1320d et. seq., and its implementing regulations, including but not limited to Title 45 CFR, Parts 160 and 164, as amended from time to time, hereinafter 9 collectively referred to as the “Privacy Rule” or “Security Rule” as appropriate. Terms used but not otherwise defined in this Addendum shall have the same meaning as those terms that are used in the Privacy Rule and Security Rule. 1. Use and Disclosure of Protected Health Information: a. : Except as otherwise provided in this Addendum, Business Associate may use or 11 disclose HIPAA protected health information (hereafter referred to as “PHI”) or electronic protected health information (hereinafter referred to as “EPHI”) to perform 12 functions, activities or services for or on behalf of the County, as specified in this Addendum, provided that such use or disclosure would not violate the Privacy Rule or 13 Security Rule if done by the County or the minimum necessary policies and procedures of the County component. 14 b. . Except as otherwise limited in this Addendum, Business Associate may use and disclose PHI/EPHI for the proper management and administration of the Business 15 Associate or to carry out the legal responsibilities of the Business Associate, provided that such disclosures are required by law or Business Associate obtains reasonable 16 assurances from the person or entity to whom the information is disclosed that such PHI/EPHI will remain confidential and used or further disclosed only as required by law 17 or for the purpose for which it was disclosed to the person or entity, and that such person or entity notifies the Business Associate of any instances of which it is aware in 18 which the confidentiality of the information has been breeched. Except as otherwise limited by this Addendum, Business Associate may access PHI/EPHI to provide data aggregation services related to the health care operation of the County without disclosure of confidential information of individuals. Safeguard of PHI/EPHI: Business Associate shall use reasonable and appropriate safeguards to prevent the use or disclosure of PHI/EPHI not provided for by this Addendum, the Privacy Rule, or the Security Rule. Business Associate shall implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of EPHI that it creates, receives, maintains, or transmits on behalf of the County health care component as required by the HIPAA Security Rule. Unauthorized Use or Disclosure of PHI/EPHI: Business Associate shall report to the County health care component any use or disclosure of PHI/EPHI not provided for by this Addendum, the Privacy Rule or the Security Rule. Mitigation of Disallowed Uses and Disclosures: Business Associate shall mitigate, to the extent practicable, any harmful effects that are known to the Business Associate of a use or disclosure of PHI/EPHI by the Business Associate in violation of the requirements of this Addendum, the Privacy Rule or the Security Rule. Agents and Subcontractors of the Business Associate: Business Associate shall ensure that any agent, including but not limited to a subcontractor, to which the Business Associate provides PHI/EPHI either created or received by the Business Associate from or on behalf of the County health care component, shall comply with the same restrictions and conditions of this Addendum, the Privacy Rule, and the Security Rule. Access to PHI/EPHI: Business Associate shall provide access to any PHI/EPHI maintained by the Business Associate on behalf of the County health care component at the request of, and in a time and manner reasonably designated by the County health care component. The Business Associate shall also provide access to PHI/EPHI in accordance with the terms of the contractual Agreement hereunder in order for the County component to meet the requirements of the Privacy Rule and 45 CFR 164.524. Amendment(s) to PHI and Addendum: Business Associate shall make any amendment(s) to PHI/EPHI that the County health care component directs or at the request of the County, and in a time and manner designated by the County component in accordance with the Privacy Rule and 45 CFR 164.526. Not withstanding any provision to the contrary in the parties Agreement or this Addendum, the County health care component may amend this Addendum by providing ten (10) day prior written notice to Business Associate in order to maintain compliance with the Privacy Rule. Such amendment(s) shall be binding on the Business Associate at the end of the ten (10) day period and shall not require the further consent of the Business Associate. Business Associate may elect to discontinue the parties Agreement within the ten (10) day period, but the Business Associate’s duties hereunder to maintain the security and privacy of PHI shall survive such discontinuance or termination. County component and Business Associate may otherwise amend this Addendum by mutual written consent. Documentation of Uses and Disclosures: Business Associate shall document all disclosures of PHI/EPHI and information related to such disclosures in a manner as would be required for the County health care component to respond to a request by an individual for an accounting of disclosures of PHI/EPHI in accordance with the Privacy Rule and 45 CFR 164.528.

DUPLICATE COUNTERPARTS. 24 10 This Agreement may be executed in duplicate counterparts, each of which shall be deemed a 25 11 duplicate original. The Agreement shall be deemed executed when signed by both parties. 12 [Signature page follows] 13 15 16 17 18 19 20 21 22 23 24 25 26 27 28 1 COUNTY OF MERCED CONTRACTOR 3 2 A political Political Subdivision of the 3 State of California By 4 By: By 5 Chairman, Board of Supervisors 7 6 Date 9 8 APPROVED AS TO LEGAL FORM FORM: RECOMMENDED FOR APPROVAL: APPROVAL XXXXX X. XXXXXXX MERCED COUNTY MENTAL HEALTH 10 9 MERCED COUNTY COUNSEL 10 By By 12 11 Deputy Xxxxx X. Xx Xxxx Acting Director, Mental Health 12 Budget Unit: 41505 14 Expenditure Account: 21800 Mode of Service: 05 15 Service Function: N/A Provider #2415 16 Legal Entity #00024 17 18 19 20 21 22 23 24 25 26 27 28 2 Addendum Number: 3 HIPAA BUSINESS ASSOCIATE ADDENDUM 4 This Health Insurance Portability Accountability Act (hereafter referred to as “HIPAA”) Business Associate 5 Addendum supplements and is made a part of the parties underlying Agreement (Contract No.: ) by and between Merced County and the other contracting party (referred to hereafter as “Business Associate”). Business Associate shall comply with, and assist the County in complying with, the privacy and security 7 requirements of HIPAA, codified at Title 42 USC 1320d et. seq., and its implementing regulations, including but not limited to Title 45 CFR, Parts 160 and 164, as amended from time to time, hereinafter 8 collectively referred to as the “Privacy Rule” or “Security Rule” as appropriate. Terms used but not otherwise defined in this Addendum shall have the same meaning as those terms that are used in the 9 Privacy Rule and Security Rule. 10 1. Use and Disclosure of Protected Health Information: 11 a. Except as otherwise provided in this Addendum, Business Associate may use or 11 disclose HIPAA protected health information (hereafter referred to as “PHI”) or 12 electronic protected health information (hereinafter referred to as “EPHI”) to perform 12 functions, activities or services for or on behalf of the County, as specified in this 13 Addendum, provided that such use or disclosure would not violate the Privacy Rule or 13 Security Rule if done by the County or the minimum necessary policies and procedures 14 of the County component. 14 15 b. Except as otherwise limited in this Addendum, Business Associate may use and disclose PHI/EPHI for the proper management and administration of the Business 15 16 Associate or to carry out the legal responsibilities of the Business Associate, provided 18 that such disclosures are required by law or Business Associate obtains reasonable 16 assurances from the person or entity to whom the information is disclosed that such PHI/EPHI will remain confidential and used or further disclosed only as required by law 17 or for the purpose for which it was disclosed to the person or entity, and that such person or entity notifies the Business Associate of any instances of which it is aware in 18 in19 which the confidentiality of the information has been breeched. 20 c. Except as otherwise limited by this Addendum, Business Associate may access 21 PHI/EPHI to provide data aggregation services related to the health care operation of the County without disclosure of confidential information of individuals. 22 2. Safeguard of PHI/EPHI: 23 a. Business Associate shall use reasonable and appropriate safeguards to prevent the 24 use or disclosure of PHI/EPHI not provided for by this Addendum, the Privacy Rule, or the Security Rule. 25 b. Business Associate shall implement administrative, physical, and technical safeguards 26 that reasonably and appropriately protect the confidentiality, integrity, and availability of EPHI that it creates, receives, maintains, or transmits on behalf of the County health 27 care component as required by the HIPAA Security Rule. 28 3. Unauthorized Use or Disclosure of PHI/EPHI: Business Associate shall report to the County health care component any use or disclosure of PHI/EPHI not provided for by this Addendum, the Privacy Rule or the Security Rule.

DUPLICATE COUNTERPARTS. 24 This Agreement may be executed in duplicate counterparts, each of which shall be deemed a 25 duplicate original. The Agreement shall be deemed executed when signed by both parties. COUNTY OF MERCED CONTRACTOR 3 A political Political Subdivision of the State of California By By 5 By: By: Chairman, Board of Supervisors 7 Date 9 APPROVED AS TO LEGAL FORM FORM: RECOMMENDED FOR APPROVAL: APPROVAL XXXXX X. XXXXXXX MERCED COUNTY MENTAL HEALTH 10 MERCED COUNTY COUNSEL By By 12 By: By: Deputy Xxxxx X. Xx Xxxx Acting Director, Mental Health 2 Addendum Number: 3 HIPAA BUSINESS ASSOCIATE ADDENDUM This Health Insurance Portability Accountability Act (hereafter referred to as “HIPAA”) Business Associate 5 Addendum supplements and is made a part of the parties underlying Agreement (Contract No.: ) by and between Merced County and the other contracting party (referred to hereafter as “Business Associate”). 7 Business Associate shall comply with, and assist the County in complying with, the privacy and security requirements of HIPAA, codified at Title 42 USC 1320d et. seq., and its implementing regulations, including but not limited to Title 45 CFR, Parts 160 and 164, as amended from time to time, hereinafter 9 collectively referred to as the “Privacy Rule” or “Security Rule” as appropriate. Terms used but not otherwise defined in this Addendum shall have the same meaning as those terms that are used in the Privacy Rule and Security Rule. 1. Use and Disclosure of Protected Health Information: a. : Except as otherwise provided in this Addendum, Business Associate may use or 11 disclose HIPAA protected health information (hereafter referred to as “PHI”) or electronic protected health information (hereinafter referred to as “EPHI”) to perform 12 functions, activities or services for or on behalf of the County, as specified in this Addendum, provided that such use or disclosure would not violate the Privacy Rule or 13 Security Rule if done by the County or the minimum necessary policies and procedures of the County component. 14 b. . Except as otherwise limited in this Addendum, Business Associate may use and disclose PHI/EPHI for the proper management and administration of the Business 15 Associate or to carry out the legal responsibilities of the Business Associate, provided that such disclosures are required by law or Business Associate obtains reasonable 16 assurances from the person or entity to whom the information is disclosed that such PHI/EPHI will remain confidential and used or further disclosed only as required by law 17 or for the purpose for which it was disclosed to the person or entity, and that such person or entity notifies the Business Associate of any instances of which it is aware in 18 which the confidentiality of the information has been breeched. Except as otherwise limited by this Addendum, Business Associate may access PHI/EPHI to provide data aggregation services related to the health care operation of the County without disclosure of confidential information of individuals. Safeguard of PHI/EPHI: Business Associate shall use reasonable and appropriate safeguards to prevent the use or disclosure of PHI/EPHI not provided for by this Addendum, the Privacy Rule, or the Security Rule. Business Associate shall implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of EPHI that it creates, receives, maintains, or transmits on behalf of the County health care component as required by the HIPAA Security Rule. Unauthorized Use or Disclosure of PHI/EPHI: Business Associate shall report to the County health care component any use or disclosure of PHI/EPHI not provided for by this Addendum, the Privacy Rule or the Security Rule. Mitigation of Disallowed Uses and Disclosures: Business Associate shall mitigate, to the extent practicable, any harmful effects that are known to the Business Associate of a use or disclosure of PHI/EPHI by the Business Associate in violation of the requirements of this Addendum, the Privacy Rule or the Security Rule. Agents and Subcontractors of the Business Associate: Business Associate shall ensure that any agent, including but not limited to a subcontractor, to which the Business Associate provides PHI/EPHI either created or received by the Business Associate from or on behalf of the County health care component, shall comply with the same restrictions and conditions of this Addendum, the Privacy Rule, and the Security Rule. Access to PHI/EPHI: Business Associate shall provide access to any PHI/EPHI maintained by the Business Associate on behalf of the County health care component at the request of, and in a time and manner reasonably designated by the County health care component. The Business Associate shall also provide access to PHI/EPHI in accordance with the terms of the contractual Agreement hereunder in order for the County component to meet the requirements of the Privacy Rule and 45 CFR 164.524. Amendment(s) to PHI and Addendum: Business Associate shall make any amendment(s) to PHI/EPHI that the County health care component directs or at the request of the County, and in a time and manner designated by the County component in accordance with the Privacy Rule and 45 CFR 164.526. Notwithstanding any provision to the contrary in the parties Agreement or this Addendum, the County health care component may amend this Addendum by providing ten (10) day prior written notice to Business Associate in order to maintain compliance with the Privacy Rule. Such amendment(s) shall be binding on the Business Associate at the end of the ten (10) day period and shall not require the further consent of the Business Associate. Business Associate may elect to discontinue the parties Agreement within the ten (10) day period, but the Business Associate’s duties hereunder to maintain the security and privacy of PHI shall survive such discontinuance or termination. County component and Business Associate may otherwise amend this Addendum by mutual written consent. Documentation of Uses and Disclosures: Business Associate shall document all disclosures of PHI/EPHI and information related to such disclosures in a manner as would be required for the County health care component to respond to a request by an individual for an accounting of disclosures of PHI/EPHI in accordance with the Privacy Rule and 45 CFR 164.528.

DUPLICATE COUNTERPARTS. 24 This Agreement may be executed in duplicate counterparts, each of which shall be deemed a 25 duplicate original. The Agreement shall be deemed executed when signed by both parties. COUNTY OF MERCED CONTRACTOR 3 A political Subdivision of the State of California By By 5 Chairman, Board of Supervisors 7 Date 9 APPROVED AS TO LEGAL FORM RECOMMENDED FOR APPROVAL: XXXXX X. XXXXXXX MERCED COUNTY MENTAL HEALTH 10 MERCED COUNTY COUNSEL By By 12 Deputy Xxxxx X. Xx Xxxx Acting Director, Mental Health 2 Addendum Number: 3 HIPAA BUSINESS ASSOCIATE ADDENDUM This Health Insurance Portability Accountability Act (hereafter referred to as “HIPAA”) Business Associate 5 Addendum supplements and is made a part of the parties underlying Agreement (Contract No.: ) by and between Merced County and the other contracting party (referred to hereafter as “Business Associate”). 7 Business Associate shall comply with, and assist the County in complying with, the privacy and security requirements of HIPAA, codified at Title 42 USC 1320d et. seq., and its implementing regulations, including but not limited to Title 45 CFR, Parts 160 and 164, as amended from time to time, hereinafter 9 collectively referred to as the “Privacy Rule” or “Security Rule” as appropriate. Terms used but not otherwise defined in this Addendum shall have the same meaning as those terms that are used in the Privacy Rule and Security Rule. 1. Use and Disclosure of Protected Health Information: a. : Except as otherwise provided in this Addendum, Business Associate may use or 11 disclose HIPAA protected health information (hereafter referred to as “PHI”) or electronic protected health information (hereinafter referred to as “EPHI”) to perform 12 functions, activities or services for or on behalf of the County, as specified in this Addendum, provided that such use or disclosure would not violate the Privacy Rule or 13 Security Rule if done by the County or the minimum necessary policies and procedures of the County component. 14 b. . Except as otherwise limited in this Addendum, Business Associate may use and disclose PHI/EPHI for the proper management and administration of the Business 15 Associate or to carry out the legal responsibilities of the Business Associate, provided that such disclosures are required by law or Business Associate obtains reasonable 16 assurances from the person or entity to whom the information is disclosed that such PHI/EPHI will remain confidential and used or further disclosed only as required by law 17 or for the purpose for which it was disclosed to the person or entity, and that such person or entity notifies the Business Associate of any instances of which it is aware in 18 which the confidentiality of the information has been breeched. Except as otherwise limited by this Addendum, Business Associate may access PHI/EPHI to provide data aggregation services related to the health care operation of the County without disclosure of confidential information of individuals.. Safeguard of PHI/EPHI: Business Associate shall use reasonable and appropriate safeguards to prevent the use or disclosure of PHI/EPHI not provided for by this Addendum, the Privacy Rule, or the Security Rule. Business Associate shall implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of EPHI that it creates, receives, maintains, or transmits on behalf of the County health care component as required by the HIPAA Security Rule. Unauthorized Use or Disclosure of PHI/EPHI: Business Associate shall report to the County health care component any use or disclosure of PHI/EPHI not provided for by this Addendum, the Privacy Rule or the Security Rule. Mitigation of Disallowed Uses and Disclosures: Business Associate shall mitigate, to the extent practicable, any harmful effects that are known to the Business Associate of a use or disclosure of PHI/EPHI by the Business Associate in violation of the requirements of this Addendum, the Privacy Rule or the Security Rule. Agents and Subcontractors of the Business Associate: Business Associate shall ensure that any agent, including but not limited to a subcontractor, to which the Business Associate provides PHI/EPHI either created or received by the Business Associate from or on behalf of the County health care component, shall comply with the same restrictions and conditions of this Addendum, the Privacy Rule, and the Security Rule. Access to PHI/EPHI: Business Associate shall provide access to any PHI/EPHI maintained by the Business Associate on behalf of the County health care component at the request of, and in a time and manner reasonably designated by the County health care component. The Business Associate shall also provide access to PHI/EPHI in accordance with the terms of the contractual Agreement hereunder in order for the County component to meet the requirements of the Privacy Rule and 45 CFR 164.524. Amendment(s) to PHI and Addendum: Business Associate shall make any amendment(s) to PHI/EPHI that the County health care component directs or at the request of the County, and in a time and manner designated by the County component in accordance with the Privacy Rule and 45 CFR 164.526. Not withstanding any provision to the contrary in the parties Agreement or this Addendum, the County health care component may amend this Addendum by providing ten (10) day prior written notice to Business Associate in order to maintain compliance with the Privacy Rule. Such amendment(s) shall be binding on the Business Associate at the end of the ten (10) day period and shall not require the further consent of the Business Associate. Business Associate may elect to discontinue the parties Agreement within the ten (10) day period, but the Business Associate’s duties hereunder to maintain the security and privacy of PHI shall survive such discontinuance or termination. County component and Business Associate may otherwise amend this Addendum by mutual written consent. Documentation of Uses and Disclosures: Business Associate shall document all disclosures of PHI/EPHI and information related to such disclosures in a manner as would be required for the County health care component to respond to a request by an individual for an accounting of disclosures of PHI/EPHI in accordance with the Privacy Rule and 45 CFR 164.528.