Subcontractors and Delegation of Duty. The Contractor may enter into written subcontract(s) for performance of certain of its contract responsibilities listed in Article II of this Agreement. The Contractor must evaluate any prospective subcontractor's ability to perform the delegated contract responsibilities prior to assigning the activities. All subcontracts must be in writing and fulfill the requirements of 42 C.F.R. § 438.230 that are appropriate to the service or activity delegated under this Agreement. The Contractor shall make available all subcontracts for inspection by the State, upon request. The HIPAA Privacy Rule requires that a covered entity obtain satisfactory assurances from its subcontracted and delegated entities that they will appropriately safeguard the protected health information it receives or creates on behalf of the covered entity. The satisfactory assurances must be in writing, whether in the form of a contract or other business associate agreement between the covered entity and their business associate. The Contractor shall monitor the performance of all subcontractors on an ongoing basis. This include conducting formal reviews based on a schedule established by EOHHS and which is consistent with industry standards and State regulations. Both the Contractor and subcontract must take corrective action on any identified deficiencies or areas of improvement. The Contractor shall be wholly responsible for performance of the entire contract whether or not subcontractors are used. In compliance with 42 C.F.R. § 438.230(b) and (c), the Contractor must execute a written agreement with its subcontractors that specifies that Contractor’s right to revoke the subcontract, and outlines reasons for the revocation of the contract, or specify other remedies in instances where the State or the Contractor determines that the subcontractor has not performed satisfactorily. Contractor must also execute a written agreement which states that the Contractor may impose sanction on the subcontractor if the subcontractor’s performance is inadequate. The Contractor must also execute a written agreement which states that subcontractor agrees that the Rhode Island Executive Office of Health and Human Services, the Rhode Island Department of Health, State Auditor General of Rhode Island, the U.S. Department of Health and Human Services, Government Accountability Office, the Comptroller General of the United States, the
Subcontractors and Delegation of Duty. The Contractor may enter into written subcontract(s) for performance of certain of its contract responsibilities listed in Article II of this Agreement. The Contractor must evaluate any prospective subcontractor's ability to perform the delegated contract responsibilities prior to assigning the activities. All subcontracts must be in writing and fulfill the requirements of 42 CFR 438.230 that are appropriate to the service or activity delegated under this Agreement. The Contractor shall make available all subcontracts for inspection by the State, upon request. The HIPAA Privacy Rule requires that a covered entity obtain satisfactory assurances from its subcontracted and delegated entities that they will appropriately safeguard the protected health information it receives or creates on behalf of the covered entity. The satisfactory assurances must be in writing, whether in the form of a contract or other business associate agreement between the covered entity and their business associate. The Contractor shall monitor the performance of all subcontractors on an ongoing basis. This include conducting formal reviews based on a schedule established by EOHHS and which is consistent with industry standards and State regulations. Both the Contractor and subcontract must take corrective action on any identified deficiencies or areas of improvement.
