Common use of Additional Requirements Clause in Contracts

Additional Requirements. Premium Payments - The insurance companies shall have no recourse against the COUNTY and funding agencies, its officers and employees or any of them for payment of any premiums or assessments under any policy issued by a mutual insurance company. Policy Deductibles - The CONTRACTOR shall be responsible for all deductibles in all of the CONTRACTOR’s insurance policies. The maximum amount of allowable deductible for insurance coverage required herein shall be $25,000. CONTRACTOR’s Obligations - CONTRACTOR’S indemnity and other obligations shall not be limited by the foregoing insurance requirements and shall survive the expiration of this agreement. Verification of Coverage - CONTRACTOR shall furnish the County with original certificates and amendatory endorsements or copies of the applicable policy language effecting coverage required by this clause. All certificates and endorsements are to be received and approved by the County before work commences. However, failure to obtain the required documents prior to the work beginning shall not waive the CONTRACTOR’S obligation to provide them. The County reserves the right to require complete, certified copies of all required insurance policies, including endorsements required by these specifications, at any time. Material Breach - Failure of the CONTRACTOR to maintain the insurance required by this agreement, or to comply with any of the requirements of this section, shall constitute a material breach of the entire agreement. EXHIBIT D HIPAA BUSINESS ASSOCIATE AGREEMENT-ADDENDUM Whereas “COUNTY/Covered Entity” (“CE”) wishes to disclose certain information to “CONTRACTOR/Business Associate” (“BA”) pursuant to the terms of the Contract, some of which may constitute Protected Health Information (“PHI”) (defined below), and Whereas CE and BA intend to protect the privacy and provide for the security of PHI disclosed to BA pursuant to the Contract in compliance with the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191 (“HIPAA”), the Health Information Technology for Economic and Clinical Health Act, Public Law 111-005 (“the HITECH Act”), and regulations promulgated thereunder by the U.S. Department of Health and Human Services (“the HIPAA Regulations”) and other applicable laws, and Whereas BA shall comply with the Business Associate Provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act (Section 13001 of Public Law 111-5, the HITECH Act regulations located in 45 CFR 160 &164), including but not limited to Title 42, United States Code, Section 1320d et seq. and its implementing regulations (including but not limited to Title 45, Code of Federal Regulations (CFR), Parts 160, 162, and 164), and Whereas BA shall comply with the State of California regulations regarding the reporting of unauthorized releases of protected health information (PHI). The regulations are found in: Health and Safety Code Sections 1280.15, and Section 1280.18; and Civil Code Section 56.05, and Whereas as part of the HIPAA Regulations, the Privacy Rule and the Security Rule (defined below) require CE to enter into a contract containing specific requirements with BA prior to the disclosure of PHI, as set forth in, but not limited to, Title 45, Sections 164.314(a), 164.502(a) and (e) and 164.504(e) of the Code of Federal Regulations (“C.F.R.”) and contained in this Addendum, and Whereas CE will make available and/or be transferring to BA certain information, in conjunction with goods and services to be provided by BA as outlined in the Contract, that is confidential and must be afforded special treatment and protection, and Whereas BA will have access to and/or receive from CE certain information that can be used or disclosed only in accordance with this Business Associate Agreement-Addendum and the HHS privacy regulations, and Whereas BA does hereby assure CE that BA will appropriately safeguard protected health information made available to BA, in implementation of such assurance and without otherwise limiting the obligations of BA as set forth in the Contract. In consideration of the mutual promises below and the exchange of information pursuant to this Addendum, COUNTY/Covered Entity and CONTRACTOR/Business Associate agree as follows:

Additional Requirements. Premium Payments - The insurance companies shall have no recourse against the COUNTY and funding agencies, its officers and employees or any of them for payment of any premiums or assessments under any policy issued by a mutual insurance company. Policy Deductibles - The CONTRACTOR shall be responsible for all deductibles in all of the CONTRACTOR’s 'S insurance policies. The maximum amount of allowable deductible for insurance coverage required herein shall be $25,000. CONTRACTOR’s 'S Obligations - CONTRACTOR’S indemnity and other obligations shall not be limited by the foregoing insurance requirements and shall survive the expiration of this agreement. Verification of Coverage - CONTRACTOR shall furnish the County with original certificates and amendatory endorsements or copies of the applicable policy language effecting coverage required by this clause. All certificates and endorsements are to be received and approved by the County before work commences. However, failure to obtain the required documents prior to the work beginning shall not waive the CONTRACTOR’S obligation to provide them. The County reserves the right to require complete, certified copies of all required insurance policies, including endorsements required by these specifications, at any time. Material Breach - Failure of the CONTRACTOR to maintain the insurance required by this agreement, or to comply with any of the requirements of this section, shall constitute a material breach of the entire agreement. EXHIBIT D HIPAA BUSINESS ASSOCIATE AGREEMENT-ADDENDUM Whereas “COUNTY/Covered Entity” (“CE”) wishes to disclose certain information to “CONTRACTOR/Business Associate” (“BA”) pursuant to the terms of the Contract, some of which may constitute Protected Health Information (“PHI”) (defined below), and Whereas CE and BA intend to protect the privacy and provide for the security of PHI disclosed to BA pursuant to the Contract in compliance with the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191 (“HIPAA”), the Health Information Technology for Economic and Clinical Health Act, Public Law 111-005 (“the HITECH Act”), and regulations promulgated thereunder by the U.S. Department of Health and Human Services (“the HIPAA Regulations”) and other applicable laws, and Whereas BA shall comply with the Business Associate Provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act (Section 13001 of Public Law 111-5, the HITECH Act regulations located in 45 CFR 160 &164), including but not limited to Title 42, United States Code, Section 1320d et seq. and its implementing regulations (including but not limited to Title 45, Code of Federal Regulations (CFR), Parts 160, 162, and 164), and Whereas BA shall comply with the State of California regulations regarding the reporting of unauthorized releases of protected health information (PHI). The regulations are found in: Health and Safety Code Sections 1280.15, and Section 1280.18; and Civil Code Section 56.05, and Whereas as part of the HIPAA Regulations, the Privacy Rule and the Security Rule (defined below) require CE to enter into a contract containing specific requirements with BA prior to the disclosure of PHI, as set forth in, but not limited to, Title 45, Sections 164.314(a), 164.502(a) and (e) and 164.504(e) of the Code of Federal Regulations (“C.F.R.”) and contained in this Addendum, and Whereas CE will make available and/or be transferring to BA certain information, in conjunction with goods and services to be provided by BA as outlined in the Contract, that is confidential and must be afforded special treatment and protection, and Whereas BA will have access to and/or receive from CE certain information that can be used or disclosed only in accordance with this Business Associate Agreement-Addendum and the HHS privacy regulations, and Whereas BA does hereby assure CE that BA will appropriately safeguard protected health information made available to BA, in implementation of such assurance and without otherwise limiting the obligations of BA as set forth in the Contract. In consideration of the mutual promises below and the exchange of information pursuant to this Addendum, COUNTY/Covered Entity and CONTRACTOR/Business Associate agree as follows:

Additional Requirements. Premium Payments - The Contractor shall require any subcontractor at any tier, vendor, supplier, material dealer and others connected with the Work to provide and maintain insurance at all times during the period that their agreement related to Work under this Contract is in force and effect at the subcontractor’s, vendor’s, supplier’s, material dealer’s, or others’ own cost, with insurance limits and in form and issuing companies acceptable to Company. Contractor shall have no recourse against submit to Company at the COUNTY and funding agenciestime Contractor executes this Contract, its officers and employees or any a Certificate of them for payment of any premiums or assessments under any policy issued by a mutual insurance company. Policy Deductibles - The CONTRACTOR shall be responsible for all deductibles Insurance, in all form satisfactory to Company, evidencing that satisfactory coverages of the CONTRACTOR’s insurance policiestype and limits set forth hereinabove are in effect. The maximum amount of allowable deductible for insurance coverage required herein Policies providing such coverages shall be $25,000contain provisions that no cancellation or material changes in the policies shall become effective except on thirty (30) days advance written notice thereof to Company. CONTRACTOR’s Obligations - CONTRACTOR’S indemnity and other obligations shall not be limited by the foregoing insurance requirements and shall survive the expiration of this agreement. Verification of Coverage - CONTRACTOR shall furnish the County with original certificates and amendatory endorsements or copies of the applicable policy language effecting coverage required by this clause. All certificates and endorsements are to be received and approved by the County before work commences. However, failure to obtain the required documents prior to the work beginning shall not waive the CONTRACTOR’S obligation to provide them. The County reserves the right to require complete, certified copies of all required insurance policies, including endorsements required by these specifications, at any time. Material Breach - Failure of the CONTRACTOR to maintain the insurance required by this agreement, or to comply with any Irrespective of the requirements as to insurance to be carried as provided for herein, the insolvency, bankruptcy or failure of any insurance company carrying insurance of Contractor, the failure of any insurance company to pay claims accruing, or the inadequacy of the limits of the insurance, shall not affect, negate or waive any to the provisions of this sectionContract including, without exception, the indemnity obligations of Contractor. Contractor agrees to require any policies of insurance, except Workers Compensation and Professional Liability coverages, which are in any way related to the Work and that are secured and maintained by Contractor or its subcontractors, to include Company, its Affiliates and their directors, officers, employees and agents, as Additional Insured. Furthermore, Underwriters shall constitute a material breach waive all rights of recovery against Company, its Affiliates which Contractor may have or acquire because of deductible clauses in or inadequacy of limits of, any policies of insurance maintained by Contractor. Contractor agrees to require all such policies of insurance which are in any way related to the entire agreementWork and that are secured and maintained by Contractor or its subcontractors, to include clauses providing that each underwriter shall waive its rights of recovery, under subrogation or otherwise, against Company and its Affiliates and their directors, officers, employees and agents. EXHIBIT D HIPAA BUSINESS ASSOCIATE AGREEMENT-ADDENDUM Whereas “COUNTY/Covered Entity” (“CE”) wishes to disclose certain information to “CONTRACTOR/Business Associate” (“BA”) pursuant AFFIDAVIT AND RELEASE OF LIEN THE STATE OF ________ § COUNTY OF ___________ § hereby acknowledges the receipt and sufficiency of the sum of $ , ( and other good and valuable consideration, in full payment for furnishing including all labor, materials and services, for improvements known as to the terms following described property: hereby acknowledges and certifies that <Company> paid all sums owing and that it has no further claims against <Company>, or any subsidiary, affiliate, or parent of the Contract<Company>. In consideration for such full payment, some , on behalf of which may constitute Protected Health Information (“PHI”) (defined below)itself and its predecessors, employees, agents, officers, directors, shareholders, representatives, attorneys, successors, insurers and assigns, and Whereas CE and BA intend to protect the privacy and provide for the security on behalf of PHI disclosed to BA pursuant to the Contract in compliance with the Health Insurance Portability and Accountability Act of 1996any other persons claiming by, Public Law 104-191 (“HIPAA”)through or under , the Health Information Technology for Economic and Clinical Health Actdoes hereby waive, Public Law 111-005 (“the HITECH Act”)release, and regulations promulgated thereunder by the U.S. Department of Health relinquish its rights to and Human Services (“the HIPAA Regulations”) discharge, release and other applicable lawsacquit <Company>, its subsidiaries, affiliates, and Whereas BA shall comply with the Business Associate Provisions parent and its employees, agents, officers, directors, shareholders, representatives, attorneys, successors, insurers and assigns, from any and all causes of the Health Insurance Portability action, claims, demands, debts, liabilities, expenses or costs of any kind and Accountability Act of 1996 (HIPAA) every character and the Health Information Technology for Economic and Clinical Health (HITECH) Act (Section 13001 of Public Law 111-5, the HITECH Act regulations located in 45 CFR 160 &164)nature whatsoever, including but not limited to Title 42any lien claims or rights, United States Codewhether known or unknown, Section 1320d et seqcontingent or fixed, either in or arising out of the law of contracts, torts or property rights, whether arising under statutory law or common law, at law or in equity, with respect to the above-referenced property. Furthermore, agrees to indemnify and hold harmless <Company>, its implementing regulations subsidiaries, affiliates and parent and all other persons or entities released by above against the full amount of any liability, loss, claim, damage, or expense (including but not limited attorneys’ fees and any judgment required to Title 45be paid) in connection with any of the matters it has released in the event any person should assert against such released person or entity a claim under assignment or title derivative from and in connection with any claims made in connection with or relating to provision of labor, Code materials and/or service on the above-referenced property. EXECUTED this _________ day of Federal Regulations (CFR)______________________, Parts 160199___. <CONTRACTOR> By: _____________________________ Name: __________________________  Print or Type Title:_____________________________  SWORN TO AN SUBSCRIBED BEFORE ME, 162under my official hand and seal of office on this ____ day of ___________________, 199__.  Notary Public in and 164), and Whereas BA shall comply with for the State of California regulations regarding the reporting of unauthorized releases of protected health information (PHI). The regulations are found inof________________ My Commission Expires: Health and Safety Code Sections 1280.15, and Section 1280.18; and Civil Code Section 56.05, and Whereas as part of the HIPAA Regulations, the Privacy Rule and the Security Rule (defined below) require CE to enter into a contract containing specific requirements with BA prior to the disclosure of PHI, as set forth in, but not limited to, Title 45, Sections 164.314(a), 164.502(a) and (e) and 164.504(e) of the Code of Federal Regulations (“C.F.R.”) and contained in this Addendum, and Whereas CE will make available and/or be transferring to BA certain information, in conjunction with goods and services to be provided by BA as outlined in the Contract, that is confidential and must be afforded special treatment and protection, and Whereas BA will have access to and/or receive from CE certain information that can be used or disclosed only in accordance with this Business Associate Agreement-Addendum and the HHS privacy regulations, and Whereas BA does hereby assure CE that BA will appropriately safeguard protected health information made available to BA, in implementation of such assurance and without otherwise limiting the obligations of BA as set forth in the Contract. In consideration of the mutual promises below and the exchange of information pursuant to this Addendum, COUNTY/Covered Entity and CONTRACTOR/Business Associate agree as follows:_________________________

Additional Requirements. Premium Payments - The insurance companies shall have no recourse against the COUNTY and funding agencies, its officers and employees or any of them for payment of any premiums or assessments under any policy issued by a mutual insurance company. Policy Deductibles - The CONTRACTOR shall be responsible for all deductibles in all of the CONTRACTOR’s insurance policies. The maximum amount of allowable deductible for insurance coverage required herein shall be $25,000. CONTRACTOR’s Obligations - CONTRACTOR’S indemnity and other obligations shall not be limited by the foregoing insurance requirements and shall survive the expiration of this agreement. Verification of Coverage - CONTRACTOR shall furnish the County COUNTY with original certificates and amendatory endorsements or copies of the applicable policy language effecting coverage required by this clause. All certificates and endorsements are to be received and approved by the County COUNTY before work commences. However, failure to obtain the required documents prior to the work beginning shall not waive the CONTRACTOR’S obligation to provide them. The County COUNTY reserves the right to require complete, certified copies of all required insurance policies, including endorsements required by these specifications, at any time. Material Breach - Failure of the CONTRACTOR to maintain the insurance required by this agreement, or to comply with any of the requirements of this section, shall constitute a material breach of the entire agreement. EXHIBIT D HIPAA BUSINESS ASSOCIATE AGREEMENT-ADDENDUM Whereas “COUNTY/Covered Entity” (“CE”) wishes to disclose certain information to “CONTRACTOR/Business Associate” (“BA”) pursuant to the terms of the Contract, some of which may constitute Protected Health Information (“PHI”) (defined below), and Whereas CE and BA intend to protect the privacy and provide for the security of PHI disclosed to BA pursuant to the Contract in compliance with the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191 (“HIPAA”), the Health Information Technology for Economic and Clinical Health Act, Public Law 111-005 (“the HITECH Act”), and regulations promulgated thereunder by the U.S. Department of Health and Human Services (“the HIPAA Regulations”) and other applicable laws, and Whereas BA shall comply with the Business Associate Provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act (Section 13001 of Public Law 111-5, the HITECH Act regulations located in 45 CFR 160 &164), including but not limited to Title 42, United States Code, Section 1320d et seq. and its implementing regulations (including but not limited to Title 45, Code of Federal Regulations (CFR), Parts 160, 162, and 164), and Whereas BA shall comply with the State of California regulations regarding the reporting of unauthorized releases of protected health information (PHI). The regulations are found in: Health and Safety Code Sections 1280.15, and Section 1280.18; and Civil Code Section 56.05, and Whereas as part of the HIPAA Regulations, the Privacy Rule and the Security Rule (defined below) require CE to enter into a contract containing specific requirements with BA prior to the disclosure of PHI, as set forth in, but not limited to, Title 45, Sections 164.314(a), 164.502(a) and (e) and 164.504(e) of the Code of Federal Regulations (“C.F.R.”) and contained in this Addendum, and Whereas CE will make available and/or be transferring to BA certain information, in conjunction with goods and services to be provided by BA as outlined in the Contract, that is confidential and must be afforded special treatment and protection, and Whereas BA will have access to and/or receive from CE certain information that can be used or disclosed only in accordance with this Business Associate Agreement-Addendum and the HHS privacy regulations, and Whereas BA does hereby assure CE that BA will appropriately safeguard protected health information made available to BA, in implementation of such assurance and without otherwise limiting the obligations of BA as set forth in the Contract. In consideration of the mutual promises below and the exchange of information pursuant to this Addendum, COUNTY/Covered Entity and CONTRACTOR/Business Associate agree as follows:

Additional Requirements. Premium Payments - The insurance companies shall have no recourse against the COUNTY and funding agencies, its officers and employees or any of them for payment of any premiums or assessments under any policy issued by a mutual insurance company. Policy Deductibles - The CONTRACTOR shall be responsible for all deductibles in all of the CONTRACTOR’s insurance policies. The maximum amount of allowable deductible for insurance coverage required herein shall be $25,000. CONTRACTORC ONTRACTOR’s Obligations - CONTRACTOR’S indemnity and other obligations shall not be limited by the foregoing insurance requirements and shall survive the expiration of this agreement. Verification of Coverage - CONTRACTOR shall furnish the County with original certificates and amendatory endorsements or copies of the applicable policy language effecting coverage required by this clause. All certificates and endorsements are to be received and approved by the County before work commences. However, failure to obtain the required documents prior to the work beginning shall not waive the CONTRACTOR’S obligation to provide them. The County reserves the right to require complete, certified copies of all required insurance policies, including endorsements required by these specifications, at any time. Material Breach - Failure of the CONTRACTOR to maintain the insurance required by this agreement, or to comply with any of the requirements of this section, shall constitute a material breach of the entire agreement. EXHIBIT D HIPAA BUSINESS ASSOCIATE AGREEMENT-ADDENDUM Whereas “COUNTY/Covered Entity” (“CE”) wishes to disclose certain information to “CONTRACTOR/Business Associate” (“BA”) pursuant to the terms of the Contract, some of which may constitute Protected Health Information (“PHI”) (defined below), and Whereas CE and BA intend to protect the privacy and provide for the security of PHI disclosed to BA pursuant to the Contract in compliance with the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191 (“HIPAA”), the Health Information Technology for Economic and Clinical Health Act, Public Law 111-005 (“the HITECH Act”), and regulations promulgated thereunder by the U.S. Department of Health and Human Services (“the HIPAA Regulations”) and other applicable laws, and Whereas BA shall comply with the Business Associate Provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act (Section 13001 of Public Law 111-5, the HITECH Act regulations located in 45 CFR 160 &164), including but not limited to Title 42, United States Code, Section 1320d et seq. and its implementing regulations (including but not limited to Title 45, Code of Federal Regulations (CFR), Parts 160, 162, and 164), and Whereas BA shall comply with the State of California regulations regarding the reporting of unauthorized releases of protected health information (PHI). The regulations are found in: Health and Safety Code Sections 1280.15, and Section 1280.18; and Civil Code Section 56.05, and Whereas as part of the HIPAA Regulations, the Privacy Rule and the Security Rule (defined below) require CE to enter into a contract containing specific requirements with BA prior to the disclosure of PHI, as set forth in, but not limited to, Title 45, Sections 164.314(a), 164.502(a) and (e) and 164.504(e) of the Code of Federal Regulations (“C.F.R.”) and contained in this Addendum, and Whereas CE will make available and/or be transferring to BA certain information, in conjunction with goods and services to be provided by BA as outlined in the Contract, that is confidential and must be afforded special treatment and protection, and Whereas BA will have access to and/or receive from CE certain information that can be used or disclosed only in accordance with this Business Associate Agreement-Addendum and the HHS privacy regulations, and Whereas BA does hereby assure CE that BA will appropriately safeguard protected health information made available to BA, in implementation of such assurance and without otherwise limiting the obligations of BA as set forth in the Contract. In consideration of the mutual promises below and the exchange of information pursuant to this Addendum, COUNTY/Covered Entity and CONTRACTOR/Business Associate agree as follows:

Additional Requirements. Premium Payments - The insurance companies shall have no recourse against the COUNTY and funding agencies, its officers and employees or any of them for payment of any premiums or assessments under any policy issued by a mutual insurance company. Policy Deductibles - The CONTRACTOR shall be responsible for all deductibles in all of the CONTRACTOR’s 'S insurance policies. The maximum amount of allowable deductible for insurance coverage required herein shall be $25,000. CONTRACTOR’s 'S Obligations - CONTRACTOR’S indemnity and other obligations shall not be limited by the foregoing insurance requirements and shall survive the expiration of this agreement. Verification of Coverage - CONTRACTOR shall furnish the County with original certificates and amendatory endorsements or copies of the applicable policy language effecting coverage required by this clause. All certificates and endorsements are to be received and approved by the County before work commences. However, failure to obtain the required documents prior to the work beginning shall not waive the CONTRACTOR’S obligation to provide them. The County reserves the right to require complete, certified copies of all required insurance policies, including endorsements required by these specifications, at any time. DRAFT Material Breach - Failure of the CONTRACTOR to maintain the insurance required by this agreement, or to comply with any of the requirements of this section, shall constitute a material breach of the entire agreement. EXHIBIT D HIPAA BUSINESS ASSOCIATE AGREEMENT-ADDENDUM Whereas “COUNTY/Covered Entity” (“CE”) wishes to disclose certain information to “CONTRACTOR/Business Associate” (“BA”) pursuant to the terms of the Contract, some of which may constitute Protected Health Information (“PHI”) (defined below), and Whereas CE and BA intend to protect the privacy and provide for the security of PHI disclosed to BA pursuant to the Contract in compliance with the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191 (“HIPAA”), the Health Information Technology for Economic and Clinical Health Act, Public Law 111-005 (“the HITECH Act”), and regulations promulgated thereunder by the U.S. Department of Health and Human Services (“the HIPAA Regulations”) and other applicable laws, and Whereas BA shall comply with the Business Associate Provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act (Section 13001 of Public Law 111-5, the HITECH Act regulations located in 45 CFR 160 &164), including but not limited to Title 42, United States Code, Section 1320d et seq. and its implementing regulations (including but not limited to Title 45, Code of Federal Regulations (CFR), Parts 160, 162, and 164), and DRAFT Whereas BA shall comply with the State of California regulations regarding the reporting of unauthorized releases of protected health information (PHI). The regulations are found in: Health and Safety Code Sections 1280.15, and Section 1280.18; and Civil Code Section 56.05, and Whereas as part of the HIPAA Regulations, the Privacy Rule and the Security Rule (defined below) require CE to enter into a contract containing specific requirements with BA prior to the disclosure of PHI, as set forth in, but not limited to, Title 45, Sections 164.314(a), 164.502(a) and (e) and 164.504(e) of the Code of Federal Regulations (“C.F.R.”) and contained in this Addendum, and Whereas CE will make available and/or be transferring to BA certain information, in conjunction with goods and services to be provided by BA as outlined in the Contract, that is confidential and must be afforded special treatment and protection, and Whereas BA will have access to and/or receive from CE certain information that can be used or disclosed only in accordance with this Business Associate Agreement-Addendum and the HHS privacy regulations, and Whereas BA does hereby assure CE that BA will appropriately safeguard protected health information made available to BA, in implementation of such assurance and without otherwise limiting the obligations of BA as set forth in the Contract. In consideration of the mutual promises below and the exchange of information pursuant to this Addendum, COUNTY/Covered Entity and CONTRACTOR/Business Associate agree as follows:

Additional Requirements. Premium Payments - The insurance companies shall have no recourse against the COUNTY and funding agencies, its officers and employees or any of them for payment of any premiums or assessments under any policy issued by a mutual insurance company. Policy Deductibles - The CONTRACTOR shall be responsible for all deductibles in all of the CONTRACTOR’s insurance policies. The maximum amount of allowable deductible for insurance coverage required herein shall be $25,000. CONTRACTOR’s Obligations - CONTRACTOR’S ’s indemnity and other obligations shall not be limited by the foregoing insurance requirements and shall survive the expiration of this agreement. Verification of Coverage - CONTRACTOR shall furnish the County with original certificates and amendatory endorsements or copies of the applicable policy language effecting coverage required by this clause. All certificates and endorsements are to be received and approved by the County before work commences. However, failure to obtain the required documents prior to the work beginning shall not waive the CONTRACTOR’S ’s obligation to provide them. The County reserves the right to require complete, certified copies of all required insurance policies, including endorsements required by these specifications, at any time. Material Breach - Failure of the CONTRACTOR to maintain the insurance required by this agreement, or to comply with any of the requirements of this section, shall constitute a material breach of the entire agreement. EXHIBIT D HIPAA BUSINESS ASSOCIATE AGREEMENTCertificate Holder– Placer County subscribes to a service that monitors insurance certificates for compliance with the above requirements. The Certificate Holder on insurance certificates and related documents should read as follows: County of Placer c/o EXIGIS LLC XX Xxx 0000 XXX #00000 Xxx Xxxx, XX 00000-ADDENDUM Whereas “COUNTY/Covered Entity” (“CE”) wishes 0000 Fax: 000-000-0000 Email: xxxxxxxxxxxx-xxxxxx@xxxxxxxxx.xxx Upon initial award of a contract to disclose certain information to “CONTRACTOR/Business Associate” (“BA”) pursuant to your firm, Exigis will contact you with further instructions for providing insurance certificates which meet the terms of the Contract, some of contract. Certificates which may constitute Protected Health Information (“PHI”) (defined below), and Whereas CE and BA intend to protect amend or alter the privacy and provide for coverage during the security of PHI disclosed to BA pursuant to the Contract in compliance with the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191 (“HIPAA”), the Health Information Technology for Economic and Clinical Health Act, Public Law 111-005 (“the HITECH Act”), and regulations promulgated thereunder by the U.S. Department of Health and Human Services (“the HIPAA Regulations”) and other applicable laws, and Whereas BA shall comply with the Business Associate Provisions term of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act (Section 13001 of Public Law 111-5, the HITECH Act regulations located in 45 CFR 160 &164)contract, including but not limited updated certificates due to Title 42policy renewal, United States Code, Section 1320d et seq. and its implementing regulations (including but not limited should be sent directly to Title 45, Code of Federal Regulations (CFR), Parts 160, 162, and 164), and Whereas BA shall comply with the State of California regulations regarding the reporting of unauthorized releases of protected health information (PHI). The regulations are found in: Health and Safety Code Sections 1280.15, and Section 1280.18; and Civil Code Section 56.05, and Whereas Exigis via fax or email as part of the HIPAA Regulations, the Privacy Rule and the Security Rule (defined below) require CE to enter into a contract containing specific requirements with BA prior to the disclosure of PHI, as set forth in, but not limited to, Title 45, Sections 164.314(a), 164.502(a) and (e) and 164.504(e) of the Code of Federal Regulations (“C.F.R.”) and contained in this Addendum, and Whereas CE will make available and/or be transferring to BA certain information, in conjunction with goods and services to be provided by BA as outlined in the Contract, that is confidential and must be afforded special treatment and protection, and Whereas BA will have access to and/or receive from CE certain information that can be used or disclosed only in accordance with this Business Associate Agreement-Addendum and the HHS privacy regulations, and Whereas BA does hereby assure CE that BA will appropriately safeguard protected health information made available to BA, in implementation of such assurance and without otherwise limiting the obligations of BA as set forth in the Contract. In consideration of the mutual promises below and the exchange of information pursuant to this Addendum, COUNTY/Covered Entity and CONTRACTOR/Business Associate agree as follows:indicated above.

Additional Requirements. Premium Payments - The insurance companies shall have no recourse against the COUNTY and funding agencies, its officers and employees or any of them for payment of any premiums or assessments under any policy issued by a mutual insurance company. Policy Deductibles - The CONTRACTOR shall be responsible for all deductibles in all of the CONTRACTOR’s insurance policies. The maximum amount of allowable deductible for insurance coverage required herein shall be $25,000. CONTRACTOR’s Obligations - CONTRACTOR’S indemnity and other obligations shall not be limited by the foregoing insurance requirements and shall survive the expiration of this agreement. Verification of Coverage - CONTRACTOR shall furnish the County with original certificates and amendatory endorsements or copies of the applicable policy language effecting coverage required by this clause. All certificates and endorsements are to be received and approved by the County before work commences. However, failure to obtain the required documents prior to the work beginning shall not waive the CONTRACTOR’S Contractor’s obligation to provide them. The County reserves the right to require complete, certified copies of all required insurance policies, including endorsements required by these specifications, at any time. Material Breach - Failure of the CONTRACTOR to maintain the insurance required by this agreement, or to comply with any of the requirements of this section, shall constitute a material breach of the entire agreement. EXHIBIT D HIPAA BUSINESS ASSOCIATE AGREEMENT-ADDENDUM Whereas “COUNTY/Covered Entity” (“CE”) wishes to disclose certain information to “CONTRACTOR/Business Associate” (“BA”) pursuant to the terms of the Contract, some of which may constitute Protected Health Information (“PHI”) (defined below), and Whereas CE and BA intend to protect the privacy and provide for the security of PHI disclosed to BA pursuant to the Contract in compliance with the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191 (“HIPAA”), the Health Information Technology for Economic and Clinical Health Act, Public Law 111-005 (“the HITECH Act”), and regulations promulgated thereunder by the U.S. Department of Health and Human Services (“the HIPAA Regulations”) and other applicable laws, and Whereas BA shall comply with the Business Associate Provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act (Section 13001 of Public Law 111-5, the HITECH Act regulations located in 45 CFR 160 &164), including but not limited to Title 42, United States Code, Section 1320d et seq. and its implementing regulations (including but not limited to Title 45, Code of Federal Regulations (CFR), Parts 160, 162, and 164), and Whereas BA shall comply with the State of California regulations regarding the reporting of unauthorized releases of protected health information (PHI). The regulations are found in: Health and Safety Code Sections 1280.15, and Section 1280.18; and Civil Code Section 56.05, and Whereas as part of the HIPAA Regulations, the Privacy Rule and the Security Rule (defined below) require CE to enter into a contract containing specific requirements with BA prior to the disclosure of PHI, as set forth in, but not limited to, Title 45, Sections 164.314(a), 164.502(a) and (e) and 164.504(e) of the Code of Federal Regulations (“C.F.R.”) and contained in this Addendum, and Whereas CE will make available and/or be transferring to BA certain information, in conjunction with goods and services to be provided by BA as outlined in the Contract, that is confidential and must be afforded special treatment and protection, and Whereas BA will have access to and/or receive from CE certain information that can be used or disclosed only in accordance with this Business Associate Agreement-Addendum and the HHS privacy regulations, and Whereas BA does hereby assure CE that BA will appropriately safeguard protected health information made available to BA, in implementation of such assurance and without otherwise limiting the obligations of BA as set forth in the Contract. In consideration of the mutual promises below and the exchange of information pursuant to this Addendum, COUNTY/Covered Entity and CONTRACTOR/Business Associate agree as follows:

Additional Requirements. Premium Payments - The insurance companies shall have no recourse against the COUNTY and funding agencies, its officers and employees or any of them for payment of any premiums or assessments under any policy issued by a mutual insurance company. Policy Deductibles - The CONTRACTOR shall be responsible for all deductibles in all of the CONTRACTOR’s insurance policies. The maximum amount of allowable deductible for insurance coverage required herein shall be $25,000. CONTRACTOR’s Obligations - CONTRACTOR’S indemnity and other obligations shall not be limited by the foregoing insurance requirements and shall survive the expiration of this agreement. Verification of Coverage - CONTRACTOR shall furnish the County with original certificates and amendatory endorsements or copies of the applicable policy language effecting coverage required by this clause. All certificates and endorsements are to be received and approved by the County before work commences. However, failure to obtain the required documents prior to the work beginning shall not waive the CONTRACTOR’S obligation to provide them. The County reserves the right to require complete, certified copies of all required insurance policies, including endorsements required by these specifications, at any time. DRAFT Material Breach - Failure of the CONTRACTOR to maintain the insurance required by this agreement, or to comply with any of the requirements of this section, shall constitute a material breach of the entire agreement. EXHIBIT D HIPAA BUSINESS ASSOCIATE AGREEMENT-ADDENDUM Whereas “COUNTY/Covered Entity” (“CE”) wishes to disclose certain information to “CONTRACTOR/Business Associate” (“BA”) pursuant to the terms of the Contract, some of which may constitute Protected Health Information (“PHI”) (defined below), and Whereas CE and BA intend to protect the privacy and provide for the security of PHI disclosed to BA pursuant to the Contract in compliance with the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191 (“HIPAA”), the Health Information Technology for Economic and Clinical Health Act, Public Law 111-005 (“the HITECH Act”), and regulations promulgated thereunder by the U.S. Department of Health and Human Services (“the HIPAA Regulations”) and other applicable laws, and Whereas BA shall comply with the Business Associate Provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act (Section 13001 of Public Law 111-5, the HITECH Act regulations located in 45 CFR 160 &164), including but not limited to Title 42, United States Code, Section 1320d et seq. and its implementing regulations (including but not limited to Title 45, Code of Federal Regulations (CFR), Parts 160, 162, and 164), and Whereas BA shall comply with the State of California regulations regarding the reporting of unauthorized releases of protected health information (PHI). The regulations are found in: Health and Safety Code Sections 1280.15, and Section 1280.18; and Civil Code Section 56.05, and DRAFT Whereas as part of the HIPAA Regulations, the Privacy Rule and the Security Rule (defined below) require CE to enter into a contract containing specific requirements with BA prior to the disclosure of PHI, as set forth in, but not limited to, Title 45, Sections 164.314(a), 164.502(a) and (e) and 164.504(e) of the Code of Federal Regulations (“C.F.R.”) and contained in this Addendum, and Whereas CE will make available and/or be transferring to BA certain information, in conjunction with goods and services to be provided by BA as outlined in the Contract, that is confidential and must be afforded special treatment and protection, and Whereas BA will have access to and/or receive from CE certain information that can be used or disclosed only in accordance with this Business Associate Agreement-Addendum and the HHS privacy regulations, and Whereas BA does hereby assure CE that BA will appropriately safeguard protected health information made available to BA, in implementation of such assurance and without otherwise limiting the obligations of BA as set forth in the Contract. In consideration of the mutual promises below and the exchange of information pursuant to this Addendum, COUNTY/Covered Entity and CONTRACTOR/Business Associate agree as follows:

Additional Requirements. Premium Payments - The insurance companies shall have no recourse against the COUNTY and funding agencies, its officers and employees or any of them for payment of any premiums or assessments under any policy issued by a mutual insurance company. Policy Deductibles - The CONTRACTOR shall be responsible for all deductibles in all of the CONTRACTOR’s insurance policies. The maximum amount of allowable deductible for insurance coverage required herein shall be $25,0003,000,000. CONTRACTOR’s Obligations - CONTRACTOR’S ’s indemnity and other obligations shall not be limited by the foregoing insurance requirements and shall survive the expiration of this agreement. Verification of Coverage - CONTRACTOR shall furnish the County COUNTY with original certificates and amendatory endorsements or copies of the applicable policy language effecting coverage required by this clause. All certificates and endorsements are to be received and approved by the County COUNTY before work commences. However, failure to obtain the required documents prior to the work beginning shall not waive the CONTRACTOR’S ’s obligation to provide them. The County COUNTY reserves the right to require complete, certified copies of all required insurance policies, including endorsements required by these specifications, at any time. Material Breach - Failure of the CONTRACTOR to maintain the insurance required by this agreement, or to comply with any of the requirements of this section, shall constitute a material breach of the entire agreement. EXHIBIT D HIPAA BUSINESS ASSOCIATE AGREEMENTCertificate Holder –Placer COUNTY subscribes to a service that monitors insurance certificates for compliance with the above requirements. The Certificate Holder on insurance certificates and related documents should read as follows: COUNTY of Placer c/o EXIGIS LLC XX Xxx 0000 XXX #00000 Xxx Xxxx, XX 00000-ADDENDUM Whereas “COUNTY/Covered Entity” (“CE”) wishes 0000 Fax: 000-000-0000 Email: xxxxxxxxxxxx-xxxxxx@xxxxxxxxx.xxx Upon initial award of a contract to disclose certain information your firm, you may be instructed to “CONTRACTOR/Business Associate” (“BA”) pursuant send the actual documents to a COUNTY contact person for preliminary compliance review. The COUNTY will forward those documents to EXIGIS. Certificates which amend or alter the terms coverage during the term of the Contractcontract, some including updated certificates due to policy renewal, should be sent directly to EXIGIS via fax or email as indicated above. EXHIBIT E FTA ASSISTED REQUIRED CLAUSES FOR CAPITAL AND PROFESSIONAL SERVICE PROCUREMENTS The Federal Government requires that activities financed, in part, with Federal funds and performed by a third party Contractor and its sub-contractors on behalf of which may constitute Protected Health Information a Federal grantee must be carried out in accordance with Federal requirements. Activities performed resulting from the original contract to this and any other prior or subsequent contract amendments thereto are financed, in part, by a grant from the United States Department of Transportation (“PHI”) DOT), Federal Transit Administration (defined belowFTA), and Whereas CE and BA intend to protect the privacy and provide for the security of PHI disclosed to BA pursuant are therefore subject to the Contract in compliance with the Health Insurance Portability and Accountability Act of 1996applicable grant terms, Public Law 104-191 (“HIPAA”), the Health Information Technology for Economic and Clinical Health Act, Public Law 111-005 (“the HITECH Act”)conditions, and regulations promulgated thereunder by the U.S. Department of Health and Human Services (“the HIPAA Regulations”) and other applicable lawsregulations. Accordingly, and Whereas BA shall comply with the Business Associate Provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act (Section 13001 of Public Law 111-5, the HITECH Act regulations located in 45 CFR 160 &164), including but not limited to Title 42, United States Code, Section 1320d et seq. any Contractor and its implementing regulations (including but not limited to Title 45, Code of Federal Regulations (CFR), Parts 160, 162, and 164), and Whereas BA shall comply with the State of California regulations regarding the reporting of unauthorized releases of protected health information (PHI). The regulations are found in: Health and Safety Code Sections 1280.15, and Section 1280.18; and Civil Code Section 56.05, and Whereas as part of the HIPAA Regulations, the Privacy Rule and the Security Rule (defined below) require CE to enter into a contract containing specific requirements with BA prior sub-contractors performing activities under this Agreement must adhere to the disclosure Federal regulations stated herein as a condition of PHI, satisfactory performance. All subcontracts and sub-contractors employed as a result of this Agreement are subject to the same conditions and regulations as set forth in, but not limited to, Title 45, Sections 164.314(a), 164.502(a) herein unless specifically exempted. The Prime Contractor shall ensure that its subcontractors at all tiers are made aware of and (e) and 164.504(e) of comply with these Federal regulations. The Prime Contractor will be held liable for compliance failures by its subcontractors. Failure to comply will render the Code of Federal Regulations (“C.F.R.”) and contained in this Addendum, and Whereas CE will make available Prime Contractor responsible for damages and/or be transferring to BA certain information, in conjunction with goods and services to be provided by BA as outlined in the Contract, that is confidential and must be afforded special treatment and protection, and Whereas BA will have access to and/or receive from CE certain information that can be used or disclosed only in accordance with this Business Associate Agreement-Addendum and the HHS privacy regulations, and Whereas BA does hereby assure CE that BA will appropriately safeguard protected health information made available to BA, in implementation of such assurance and without otherwise limiting the obligations of BA as set forth in the Contract. In consideration of the mutual promises below and the exchange of information pursuant to this Addendum, COUNTY/Covered Entity and CONTRACTOR/Business Associate agree as follows:contract termination.

Additional Requirements. Premium Payments - The insurance companies shall have no recourse against the COUNTY and funding agencies, its officers and employees or any of them for payment of any premiums or assessments under any policy issued by a mutual insurance company. Policy Deductibles - The CONTRACTOR shall be responsible for all deductibles in all of the CONTRACTOR’s insurance policies. The maximum amount of allowable deductible for insurance coverage required herein shall be $25,000750,000. CONTRACTOR’s Obligations - CONTRACTOR’S indemnity and other obligations shall not be limited by the foregoing insurance requirements and shall survive the expiration of this agreement. Verification of Coverage - CONTRACTOR shall furnish the County with original certificates and amendatory endorsements or copies of the applicable policy language effecting coverage required by this clause. All certificates and endorsements are to be received and approved by the County before work commences. However, failure to obtain the required documents prior to the work beginning shall not waive the CONTRACTOR’S obligation to provide them. The County reserves the right to require complete, certified copies of all required insurance policies, including endorsements required by these specifications, at any time. Material Breach - Failure of the CONTRACTOR to maintain the insurance required by this agreement, or to comply with any of the requirements of this section, shall constitute a material breach of the entire agreement. EXHIBIT D HIPAA BUSINESS ASSOCIATE AGREEMENT-ADDENDUM Whereas “COUNTY/Covered Entity” (“CE”) wishes to disclose certain information to “CONTRACTOR/Business Associate” (“BA”) pursuant to the terms of the Contract, some of which may constitute Protected Health Information (“PHI”) (defined below), and Whereas CE and BA intend to protect the privacy and provide for the security of PHI disclosed to BA pursuant to the Contract in compliance with the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191 (“HIPAA”), the Health Information Technology for Economic and Clinical Health Act, Public Law 111-005 (“the HITECH Act”), and regulations promulgated thereunder by the U.S. Department of Health and Human Services (“the HIPAA Regulations”) and other applicable laws, and Whereas BA shall comply with the Business Associate Provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act (Section 13001 of Public Law 111-5, the HITECH Act regulations located in 45 CFR 160 &164), including but not limited to Title 42, United States Code, Section 1320d et seq. and its implementing regulations (including but not limited to Title 45, Code of Federal Regulations (CFR), Parts 160, 162, and 164), and Whereas BA shall comply with the State of California regulations regarding the reporting of unauthorized releases of protected health information (PHI). The regulations are found in: Health and Safety Code Sections 1280.15, and Section 1280.18; and Civil Code Section 56.05, and Whereas as part of the HIPAA Regulations, the Privacy Rule and the Security Rule (defined below) require CE to enter into a contract containing specific requirements with BA prior to the disclosure of PHI, as set forth in, but not limited to, Title 45, Sections 164.314(a), 164.502(a) and (e) and 164.504(e) of the Code of Federal Regulations (“C.F.R.”) and contained in this Addendum, and Whereas CE will make available and/or be transferring to BA certain information, in conjunction with goods and services to be provided by BA as outlined in the Contract, that is confidential and must be afforded special treatment and protection, and Whereas BA will have access to and/or receive from CE certain information that can be used or disclosed only in accordance with this Business Associate Agreement-Addendum and the HHS privacy regulations, and Whereas BA does hereby assure CE that BA will appropriately safeguard protected health information made available to BA, in implementation of such assurance and without otherwise limiting the obligations of BA as set forth in the Contract. In consideration of the mutual promises below and the exchange of information pursuant to this Addendum, COUNTY/Covered Entity and CONTRACTOR/Business Associate agree as follows:

Additional Requirements. Premium Payments - The insurance companies shall have no recourse against the COUNTY and funding agencies, its officers and employees or any of them for payment of any premiums or assessments under any policy issued by a mutual insurance company. Policy Deductibles - The CONTRACTOR shall be responsible for all deductibles in all of the CONTRACTOR’s insurance policies. The maximum amount of allowable deductible for insurance coverage required herein shall be $25,000. CONTRACTORC ONTRACTOR’s Obligations - CONTRACTOR’S ’s indemnity and other obligations shall not be limited by the foregoing insurance requirements and shall survive the expiration of this agreement. Verification of Coverage - CONTRACTOR shall furnish the County with original certificates and amendatory endorsements or copies of the applicable policy language effecting coverage required by this clause. All certificates and endorsements are to be received and approved by the County before work commences. However, failure to obtain the required documents prior to the work beginning shall not waive the CONTRACTOR’S ’s obligation to provide them. The County reserves the right to require complete, certified copies of all required insurance policies, including endorsements required by these specifications, at any time. Material Breach - Failure of the CONTRACTOR to maintain the insurance required by this agreement, or to comply with any of the requirements of this section, shall constitute a material breach of the entire agreement. EXHIBIT D HIPAA BUSINESS ASSOCIATE AGREEMENT-ADDENDUM Whereas “COUNTY/Covered Entity” (“CE”) wishes to disclose certain information to “CONTRACTOR/Business Associate” (“BA”) pursuant to the terms of the Contract, some of which may constitute Protected Health Information (“PHI”) (defined below), and Whereas CE and BA intend to protect the privacy and provide for the security of PHI disclosed to BA pursuant to the Contract in compliance with the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191 (“HIPAA”), the Health Information Technology for Economic and Clinical Health Act, Public Law 111-005 (“the HITECH Act”), and regulations promulgated thereunder by the U.S. Department of Health and Human Services (“the HIPAA Regulations”) and other applicable laws, and Whereas BA shall comply with the Business Associate Provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act (Section 13001 of Public Law 111-5, the HITECH Act regulations located in 45 CFR 160 &164), including but not limited to Title 42, United States Code, Section 1320d et seq. and its implementing regulations (including but not limited to Title 45, Code of Federal Regulations (CFR), Parts 160, 162, and 164), and Whereas BA shall comply with the State of California regulations regarding the reporting of unauthorized releases of protected health information (PHI). The regulations are found in: Health and Safety Code Sections 1280.15, and Section 1280.18; and Civil Code Section 56.05, and Whereas as part of the HIPAA Regulations, the Privacy Rule and the Security Rule (defined below) require CE to enter into a contract containing specific requirements with BA prior to the disclosure of PHI, as set forth in, but not limited to, Title 45, Sections 164.314(a), 164.502(a) and (e) and 164.504(e) of the Code of Federal Regulations (“C.F.R.”) and contained in this Addendum, and Whereas CE will make available and/or be transferring to BA certain information, in conjunction with goods and services to be provided by BA as outlined in the Contract, that is confidential and must be afforded special treatment and protection, and Whereas BA will have access to and/or receive from CE certain information that can be used or disclosed only in accordance with this Business Associate Agreement-Addendum and the HHS privacy regulations, and Whereas BA does hereby assure CE that BA will appropriately safeguard protected health information made available to BA, in implementation of such assurance and without otherwise limiting the obligations of BA as set forth in the Contract. In consideration of the mutual promises below and the exchange of information pursuant to this Addendum, COUNTY/Covered Entity and CONTRACTOR/Business Associate agree as follows:

Additional Requirements. Premium Payments - The insurance companies shall have no recourse against the COUNTY and funding agencies, its officers and employees or any of them for payment of any premiums or assessments under any policy issued by a mutual insurance company. Policy Deductibles - The CONTRACTOR shall be responsible for all deductibles in all of the CONTRACTOR’s insurance policies. The maximum amount of allowable deductible for insurance coverage required herein shall be $25,000. CONTRACTOR’s Obligations - CONTRACTOR’S indemnity and other obligations shall not be limited by the foregoing insurance requirements and shall survive the expiration of this agreement. Verification of Coverage - CONTRACTOR shall furnish the County with original certificates and amendatory endorsements or copies of the applicable policy language effecting coverage required by this clause. All certificates and endorsements are to be received and approved by the County before work commences. However, failure to obtain the required documents prior to the work beginning shall not waive the CONTRACTOR’S obligation to provide them. The County reserves the right to require complete, certified copies of all required insurance policies, including endorsements required by these specifications, at any time. Material Breach - Failure of the CONTRACTOR to maintain the insurance required by this agreement, or to comply with any of the requirements of this section, shall constitute a material breach of the entire agreement. EXHIBIT D C HIPAA BUSINESS ASSOCIATE AGREEMENT-ADDENDUM Whereas “COUNTY/Covered Entity” (“CE”) wishes to disclose certain information to “CONTRACTOR/Business Associate” (“BA”) pursuant to the terms of the Contract, some of which may constitute Protected Health Information (“PHI”) (defined below), and Whereas CE and BA intend to protect the privacy and provide for the security of PHI disclosed to BA pursuant to the Contract in compliance with the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191 (“HIPAA”), the Health Information Technology for Economic and Clinical Health Act, Public Law 111-005 (“the HITECH Act”), and regulations promulgated thereunder by the U.S. Department of Health and Human Services (“the HIPAA Regulations”) and other applicable laws, and Whereas BA shall comply with the Business Associate Provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act (Section 13001 of Public Law 111-5, the HITECH Act regulations located in 45 CFR 160 &164), including but not limited to Title 42, United States Code, Section 1320d et seq. and its implementing regulations (including but not limited to Title 45, Code of Federal Regulations (CFR), Parts 160, 162, and 164), and Whereas BA shall comply with the State of California regulations regarding the reporting of unauthorized releases of protected health information (PHI). The regulations are found in: Health and Safety Code Sections 1280.15, and Section 1280.18; and Civil Code Section 56.05, and Whereas as part of the HIPAA Regulations, the Privacy Rule and the Security Rule (defined below) require CE to enter into a contract containing specific requirements with BA prior to the disclosure of PHI, as set forth in, but not limited to, Title 45, Sections 164.314(a), 164.502(a) and (e) and 164.504(e) of the Code of Federal Regulations (“C.F.R.”) and contained in this Addendum, and Whereas CE will make available and/or be transferring to BA certain information, in conjunction with goods and services to be provided by BA as outlined in the Contract, that is confidential and must be afforded special treatment and protection, and Whereas BA will have access to and/or receive from CE certain information that can be used or disclosed only in accordance with this Business Associate Agreement-Addendum and the HHS privacy regulations, and Whereas BA does hereby assure CE that BA will appropriately safeguard protected health information made available to BA, in implementation of such assurance and without otherwise limiting the obligations of BA as set forth in the Contract. In consideration of the mutual promises below and the exchange of information pursuant to this Addendum, COUNTY/Covered Entity and CONTRACTOR/Business Associate agree as follows:

Additional Requirements. Premium Payments - The insurance companies shall have no recourse against the COUNTY and funding agencies, its officers and employees or any of them for payment of any premiums or assessments under any policy issued by a mutual insurance company. Policy Deductibles - The CONTRACTOR shall be responsible for all deductibles in all of the CONTRACTOR’s insurance policies. The maximum amount of allowable deductible for insurance coverage required herein shall be $25,000100,000. DRAFT CONTRACTOR’s Obligations - CONTRACTOR’S indemnity and other obligations shall not be limited by the foregoing insurance requirements and shall survive the expiration of this agreement. Verification of Coverage - CONTRACTOR shall furnish the County with original certificates and amendatory endorsements or copies of the applicable policy language effecting coverage required by this clause. All certificates and endorsements are to be received and approved by the County before work commences. However, failure to obtain the required documents prior to the work beginning shall not waive the CONTRACTOR’S obligation to provide them. The County reserves the right to require complete, certified copies of all required insurance policies, including endorsements required by these specifications, at any time. Material Breach - Failure of the CONTRACTOR to maintain the insurance required by this agreement, or to comply with any of the requirements of this section, shall constitute a material breach of the entire agreement. EXHIBIT D HIPAA BUSINESS ASSOCIATE AGREEMENT-ADDENDUM Whereas “COUNTY/Covered Entity” (“CE”) wishes to disclose certain information to “CONTRACTOR/Business Associate” (“BA”) pursuant to the terms of the Contract, some of which may constitute Protected Health Information (“PHI”) (defined below), and Whereas CE and BA intend to protect the privacy and provide for the security of PHI disclosed to BA pursuant to the Contract in compliance with the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191 (“HIPAA”), the Health Information Technology for Economic and Clinical Health Act, Public Law 111-005 (“the HITECH Act”), and regulations promulgated thereunder by the U.S. Department of Health and Human Services (“the HIPAA Regulations”) and other applicable laws, and Whereas BA shall comply with the Business Associate Provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act (Section 13001 of Public Law 111-5, the HITECH Act regulations located in 45 CFR 160 &164), including but not limited to Title 42, United States Code, Section 1320d et seq. and its implementing regulations (including but not limited to Title 45, Code of Federal Regulations (CFR), Parts 160, 162, and 164), and Whereas BA shall comply with the State of California regulations regarding the reporting of unauthorized releases of protected health information (PHI). The regulations are found in: Health and Safety Code Sections 1280.15, and Section 1280.18; and Civil Code Section 56.05, and DRAFT Whereas as part of the HIPAA Regulations, the Privacy Rule and the Security Rule (defined below) require CE to enter into a contract containing specific requirements with BA prior to the disclosure of PHI, as set forth in, but not limited to, Title 45, Sections 164.314(a), 164.502(a) and (e) and 164.504(e) of the Code of Federal Regulations (“C.F.R.”) and contained in this Addendum, and Whereas CE will make available and/or be transferring to BA certain information, in conjunction with goods and services to be provided by BA as outlined in the Contract, that is confidential and must be afforded special treatment and protection, and Whereas BA will have access to and/or receive from CE certain information that can be used or disclosed only in accordance with this Business Associate Agreement-Addendum and the HHS privacy regulations, and Whereas BA does hereby assure CE that BA will appropriately safeguard protected health information made available to BA, in implementation of such assurance and without otherwise limiting the obligations of BA as set forth in the Contract. In consideration of the mutual promises below and the exchange of information pursuant to this Addendum, COUNTY/Covered Entity and CONTRACTOR/Business Associate agree as follows:

Additional Requirements. Premium Payments - The insurance companies shall have no recourse against the COUNTY and funding agencies, its officers and employees or any of them for payment of any premiums or assessments under any policy issued by a mutual insurance company. Policy Deductibles - The CONTRACTOR shall be responsible for all deductibles in all of the CONTRACTOR’s insurance policies. The maximum amount of allowable deductible for insurance coverage required herein shall be $25,000. CONTRACTORC ONTRACTOR’s Obligations - CONTRACTOR’S indemnity and other obligations shall not be limited by the foregoing insurance requirements and shall survive the expiration of this agreement. Verification of Coverage - CONTRACTOR shall furnish the County with original certificates and amendatory endorsements or copies of the applicable policy language effecting coverage required by this clause. All certificates and endorsements are to be received and approved by the County before work commences. However, failure to obtain the required documents prior to the work beginning shall not waive the CONTRACTOR’S obligation to provide them. The County reserves the right to require complete, certified copies of all required insurance policies, including endorsements required by these specifications, at any time. Material Breach - Failure of the CONTRACTOR to maintain the insurance required by this agreement, or to comply with any of the requirements of this section, shall constitute a material breach of the entire agreement. Self-Insurance – CONTRACTOR shall have the right to use a program of self-insurance to meet its insurance obligations and, in such case, CONTRACTOR is not required to name COUNTY or any of COUNTY’s designees as additional insureds or loss payees. In the event that CONTRACTOR uses a program of self-insurance, any requirement pertaining to a rating or admission of the insurance company shall not apply and CONTRACTOR’s insurer need only endeavor to notify COUNTY in writing not less than thirty (30) days prior to any material change, reduction in coverage, cancellation or other termination thereof. EXHIBIT D HIPAA BUSINESS ASSOCIATE AGREEMENT-ADDENDUM Whereas “COUNTY/Covered Entity” (“CE”) wishes to disclose certain information to “CONTRACTOR/Business Associate” (“BA”) pursuant to the terms of the Contract, some of which may constitute Protected Health Information (“PHI”) (defined below), and Whereas CE and BA intend to protect the privacy and provide for the security of PHI disclosed to BA pursuant to the Contract in compliance with the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191 (“HIPAA”), the Health Information Technology for Economic and Clinical Health Act, Public Law 111-005 (“the HITECH Act”), and regulations promulgated thereunder by the U.S. Department of Health and Human Services (“the HIPAA Regulations”) and other applicable laws, and Whereas BA shall comply with the Business Associate Provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act (Section 13001 of Public Law 111-5, the HITECH Act regulations located in 45 CFR 160 &164), including but not limited to Title 42, United States Code, Section 1320d et seq. and its implementing regulations (including but not limited to Title 45, Code of Federal Regulations (CFR), Parts 160, 162, and 164), and Whereas BA shall comply with the State of California regulations regarding the reporting of unauthorized releases of protected health information (PHI). The regulations are found in: Health and Safety Code Sections 1280.15, and Section 1280.18; and Civil Code Section 56.05, and Whereas as part of the HIPAA Regulations, the Privacy Rule and the Security Rule (defined below) require CE to enter into a contract containing specific requirements with BA prior to the disclosure of PHI, as set forth in, but not limited to, Title 45, Sections 164.314(a), 164.502(a) and (e) and 164.504(e) of the Code of Federal Regulations (“C.F.R.”) and contained in this Addendum, and Whereas CE will make available and/or be transferring to BA certain information, in conjunction with goods and services to be provided by BA as outlined in the Contract, that is confidential and must be afforded special treatment and protection, and Whereas BA will have access to and/or receive from CE certain information that can be used or disclosed only in accordance with this Business Associate Agreement-Addendum and the HHS privacy regulations, and Whereas BA does hereby assure CE that BA will appropriately safeguard protected health information made available to BA, in implementation of such assurance and without otherwise limiting the obligations of BA as set forth in the Contract. In consideration of the mutual promises below and the exchange of information pursuant to this Addendum, COUNTY/Covered Entity and CONTRACTOR/Business Associate agree as follows:Federally Funded Contracts

Additional Requirements. Premium Payments - The insurance companies shall have no recourse against the COUNTY and funding agencies, its officers and employees or any of them for payment of any premiums or assessments under any policy issued by a mutual insurance company. Policy Deductibles - The CONTRACTOR shall be responsible for all deductibles in all of the CONTRACTOR’s insurance policies. The maximum amount of allowable deductible for insurance coverage required herein shall be $25,000. CONTRACTOR’s Obligations - CONTRACTOR’S indemnity and other obligations shall not be limited by the foregoing insurance requirements and shall survive the expiration of this agreement. Verification of Coverage - CONTRACTOR shall furnish the County COUNTY with original certificates and amendatory endorsements or copies of the applicable policy language effecting coverage required by this clause. All certificates and endorsements are to be received and approved by the County COUNTY before work commences. However, failure to obtain the required documents prior to the work beginning shall not waive the CONTRACTOR’S obligation to provide them. The County COUNTY reserves the right to require complete, certified copies of all required insurance policies, including endorsements required by these specifications, at any time. DRAFT Material Breach - Failure of the CONTRACTOR to maintain the insurance required by this agreement, or to comply with any of the requirements of this section, shall constitute a material breach of the entire agreement. EXHIBIT D HIPAA BUSINESS ASSOCIATE AGREEMENT-ADDENDUM Whereas “COUNTY/Covered Entity” (“CE”) wishes to disclose certain information to “CONTRACTOR/Business Associate” (“BA”) pursuant to the terms of the Contract, some of which may constitute Protected Health Information (“PHI”) (defined below), and Whereas CE and BA intend to protect the privacy and provide for the security of PHI disclosed to BA pursuant to the Contract in compliance with the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191 (“HIPAA”), the Health Information Technology for Economic and Clinical Health Act, Public Law 111-005 (“the HITECH Act”), and regulations promulgated thereunder by the U.S. Department of Health and Human Services (“the HIPAA Regulations”) and other applicable laws, and Whereas BA shall comply with the Business Associate Provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act (Section 13001 of Public Law 111-5, the HITECH Act regulations located in 45 CFR 160 &164), including but not limited to Title 42, United States Code, Section 1320d et seq. and its implementing regulations (including but not limited to Title 45, Code of Federal Regulations (CFR), Parts 160, 162, and 164), and DRAFT Whereas BA shall comply with the State of California regulations regarding the reporting of unauthorized releases of protected health information (PHI). The regulations are found in: Health and Safety Code Sections 1280.15, and Section 1280.18; and Civil Code Section 56.05, and Whereas as part of the HIPAA Regulations, the Privacy Rule and the Security Rule (defined below) require CE to enter into a contract containing specific requirements with BA prior to the disclosure of PHI, as set forth in, but not limited to, Title 45, Sections 164.314(a), 164.502(a) and (e) and 164.504(e) of the Code of Federal Regulations (“C.F.R.”) and contained in this Addendum, and Whereas CE will make available and/or be transferring to BA certain information, in conjunction with goods and services to be provided by BA as outlined in the Contract, that is confidential and must be afforded special treatment and protection, and Whereas BA will have access to and/or receive from CE certain information that can be used or disclosed only in accordance with this Business Associate Agreement-Addendum and the HHS privacy regulations, and Whereas BA does hereby assure CE that BA will appropriately safeguard protected health information made available to BA, in implementation of such assurance and without otherwise limiting the obligations of BA as set forth in the Contract. In consideration of the mutual promises below and the exchange of information pursuant to this Addendum, COUNTY/Covered Entity and CONTRACTOR/Business Associate agree as follows:

Additional Requirements. Premium Payments - The insurance companies shall have no recourse against the COUNTY and funding agencies, its officers and employees or any of them for payment of any premiums or assessments under any policy issued by a mutual insurance company. Policy Deductibles - The CONTRACTOR shall be responsible for all deductibles in all of the CONTRACTORCONSULTANT’s insurance policies. The maximum amount of allowable deductible for insurance coverage required herein shall be $25,000. CONTRACTORC ONTRACTOR’s Obligations - CONTRACTOR’S ’s indemnity and other obligations shall not be limited by the foregoing insurance requirements and shall survive the expiration of this agreement. Verification of Coverage - CONTRACTOR shall furnish the County with original certificates and amendatory endorsements or copies of the applicable policy language effecting coverage required by this clause. All certificates and endorsements are to be received and approved by the County before work commences. However, failure to obtain the required documents prior to the work beginning shall not waive the CONTRACTOR’S ’s obligation to provide them. The County reserves the right to require complete, certified copies of all required insurance policies, including endorsements required by these specifications, at any time. Material Breach - Failure of the CONTRACTOR to maintain the insurance required by this agreement, or to comply with any of the requirements of this section, shall constitute a material breach of the entire agreement. EXHIBIT D HIPAA BUSINESS ASSOCIATE AGREEMENT-ADDENDUM Whereas “COUNTY/Covered Entity” (“CE”) wishes agreement Certificate Holder – Placer County subscribes to disclose certain information to “CONTRACTOR/Business Associate” (“BA”) pursuant to the terms of the Contract, some of which may constitute Protected Health Information (“PHI”) (defined below), and Whereas CE and BA intend to protect the privacy and provide a service that monitors insurance certificates for the security of PHI disclosed to BA pursuant to the Contract in compliance with the Health Insurance Portability above requirements. The Certificate Holder on insurance certificates and Accountability Act related documents should read as follows: County of 1996Placer c/o EXIGIS LLC XX Xxx 0000 XXX #00000 Xxx Xxxx, Public Law 104XX 00000-191 0000 Fax: (“HIPAA”)000-000-0000 Email: xxxxxxxxxxxx-xxxxxx@xxxxxxxxx.xxx Upon initial award of a contract to your firm, you may be instructed to send the Health Information Technology actual documents to a County contact person for Economic and Clinical Health Act, Public Law 111-005 (“preliminary compliance review. The County will forward those documents to EXIGIS. Certificates which amend or alter the HITECH Act”), and regulations promulgated thereunder by coverage during the U.S. Department of Health and Human Services (“the HIPAA Regulations”) and other applicable laws, and Whereas BA shall comply with the Business Associate Provisions term of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act (Section 13001 of Public Law 111-5, the HITECH Act regulations located in 45 CFR 160 &164)contract, including but not limited updated certificates due to Title 42policy renewal, United States Code, Section 1320d et seq. and its implementing regulations (including but not limited should be sent directly to Title 45, Code of Federal Regulations (CFR), Parts 160, 162, and 164), and Whereas BA shall comply with the State of California regulations regarding the reporting of unauthorized releases of protected health information (PHI). The regulations are found in: Health and Safety Code Sections 1280.15, and Section 1280.18; and Civil Code Section 56.05, and Whereas EXIGIS via fax or email as part of the HIPAA Regulations, the Privacy Rule and the Security Rule (defined below) require CE to enter into a contract containing specific requirements with BA prior to the disclosure of PHI, as set forth in, but not limited to, Title 45, Sections 164.314(a), 164.502(a) and (e) and 164.504(e) of the Code of Federal Regulations (“C.F.R.”) and contained in this Addendum, and Whereas CE will make available and/or be transferring to BA certain information, in conjunction with goods and services to be provided by BA as outlined in the Contract, that is confidential and must be afforded special treatment and protection, and Whereas BA will have access to and/or receive from CE certain information that can be used or disclosed only in accordance with this Business Associate Agreement-Addendum and the HHS privacy regulations, and Whereas BA does hereby assure CE that BA will appropriately safeguard protected health information made available to BA, in implementation of such assurance and without otherwise limiting the obligations of BA as set forth in the Contract. In consideration of the mutual promises below and the exchange of information pursuant to this Addendum, COUNTY/Covered Entity and CONTRACTOR/Business Associate agree as follows:indicated above.

Additional Requirements. Premium Payments - The insurance companies shall have no recourse against the COUNTY and funding agencies, its officers and employees or any of them for payment of any premiums or assessments under any policy issued by a mutual insurance company. Policy Deductibles - The CONTRACTOR shall be responsible for all deductibles in all of the CONTRACTOR’s insurance policies. The maximum amount of allowable deductible for insurance coverage required herein shall be $25,000. CONTRACTOR’s Obligations - CONTRACTOR’S indemnity and other obligations shall not be limited by the foregoing insurance requirements and shall survive the expiration of this agreement. Verification of Coverage - CONTRACTOR shall furnish the County with original certificates and amendatory endorsements or copies of the applicable policy language effecting affecting coverage required by this clause. All certificates and endorsements are to be received and approved by the County before work commences. However, failure to obtain the required documents prior to the work beginning shall not waive the CONTRACTOR’S obligation to provide them. The County reserves the right to require complete, certified copies of all required insurance policies, including endorsements required by these specifications, at any time. Material Breach - Failure of the CONTRACTOR to maintain the insurance required by this agreement, or to comply with any of the requirements of this section, shall constitute a material breach of the entire agreement. EXHIBIT D HIPAA BUSINESS ASSOCIATE AGREEMENT-ADDENDUM Whereas “COUNTY/Covered Entity” (“CE”) wishes to disclose certain information to “CONTRACTOR/Business Associate” (“BA”) pursuant to the terms of the Contract, some of which may constitute Protected Health Information (“PHI”) (defined below), and Whereas CE and BA intend to protect the privacy and provide for the security of PHI disclosed to BA pursuant to the Contract in compliance with the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191 (“HIPAA”), the Health Information Technology for Economic and Clinical Health Act, Public Law 111-005 (“the HITECH Act”), and regulations promulgated thereunder by the U.S. Department of Health and Human Services (“the HIPAA Regulations”) and other applicable laws, and Whereas BA shall comply with the Business Associate Provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act (Section 13001 of Public Law 111-5, the HITECH Act regulations located in 45 CFR 160 &164), including but not limited to Title 42, United States Code, Section 1320d et seq. and its implementing regulations (including but not limited to Title 45, Code of Federal Regulations (CFR), Parts 160, 162, and 164), and Whereas BA shall comply with the State of California regulations regarding the reporting of unauthorized releases of protected health information (PHI). The regulations are found in: Health and Safety Code Sections 1280.15, and Section 1280.18; and Civil Code Section 56.05, and Whereas as part of the HIPAA Regulations, the Privacy Rule and the Security Rule (defined below) require CE to enter into a contract containing specific requirements with BA prior to the disclosure of PHI, as set forth in, but not limited to, Title 45, Sections 164.314(a), 164.502(a) and (e) and 164.504(e) of the Code of Federal Regulations (“C.F.R.”) and contained in this Addendum, and Whereas CE will make available and/or be transferring to BA certain information, in conjunction with goods and services to be provided by BA as outlined in the Contract, that is confidential and must be afforded special treatment and protection, and Whereas BA will have access to and/or receive from CE certain information that can be used or disclosed only in accordance with this Business Associate Agreement-Addendum and the HHS privacy regulations, and Whereas BA does hereby assure CE that BA will appropriately safeguard protected health information made available to BA, in implementation of such assurance and without otherwise limiting the obligations of BA as set forth in the Contract. In consideration of the mutual promises below and the exchange of information pursuant to this Addendum, COUNTY/Covered Entity and CONTRACTOR/Business Associate agree as follows:

Additional Requirements. Premium Payments - The insurance companies shall have no recourse against the COUNTY and funding agencies, its officers and employees or any of them for payment of any premiums or assessments under any policy issued by a mutual insurance company. Policy Deductibles - The CONTRACTOR shall be responsible for all deductibles in all of the CONTRACTOR’s 'S insurance policies. The maximum amount of allowable deductible for insurance coverage required herein shall be $25,000. CONTRACTOR’s 'S Obligations - CONTRACTOR’S indemnity and other obligations shall not be limited by the foregoing insurance requirements and shall survive the expiration of this agreement. Verification of Coverage - CONTRACTOR shall furnish the County with original certificates and amendatory endorsements or copies of the applicable policy language effecting coverage required by this clause. All certificates and endorsements are to be received and approved by the County before work commences. However, failure to obtain the required documents prior to the work beginning shall not waive the CONTRACTOR’S obligation to provide them. The County reserves the right to require complete, certified copies of all required insurance policies, including endorsements required by these specifications, at any time. Material Breach - Failure of the CONTRACTOR to maintain the insurance required by this agreement, or to comply with any of the requirements of this section, shall constitute a material breach of the entire agreement. EXHIBIT D HIPAA BUSINESS ASSOCIATE AGREEMENT-ADDENDUM Whereas “COUNTY/Covered Entity” (“CE”) wishes to disclose certain information to “CONTRACTOR/Business Associate” (“BA”) pursuant to the terms of the Contract, some of which may constitute Protected Health Information (“PHI”) (defined below), and Whereas CE and BA intend to protect the privacy and provide for the security of PHI disclosed to BA pursuant to the Contract in compliance with the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191 (“HIPAA”), the Health Information Technology for Economic and Clinical Health Act, Public Law 111-111- 005 (“the HITECH Act”), and regulations promulgated thereunder by the U.S. Department of Health and Human Services (“the HIPAA Regulations”) and other applicable laws, and Whereas BA shall comply with the Business Associate Provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act (Section 13001 of Public Law 111-5, the HITECH Act regulations located in 45 CFR 160 &164), including but not limited to Title 42, United States Code, Section 1320d et seq. and its implementing regulations (including but not limited to Title 45, Code of Federal Regulations (CFR), Parts 160, 162, and 164), and Whereas BA shall comply with the State of California regulations regarding the reporting of unauthorized releases of protected health information (PHI). The regulations are found in: Health and Safety Code Sections 1280.15, and Section 1280.18; and Civil Code Section 56.05, and Whereas as part of the HIPAA Regulations, the Privacy Rule and the Security Rule (defined below) require CE to enter into a contract containing specific requirements with BA prior to the disclosure of PHI, as set forth in, but not limited to, Title 45, Sections 164.314(a), 164.502(a) and (e) and 164.504(e) of the Code of Federal Regulations (“C.F.R.”) and contained in this Addendum, and Whereas CE will make available and/or be transferring to BA certain information, in conjunction with goods and services to be provided by BA as outlined in the Contract, that is confidential and must be afforded special treatment and protection, and Whereas BA will have access to and/or receive from CE certain information that can be used or disclosed only in accordance with this Business Associate Agreement-Addendum and the HHS privacy regulations, and Whereas BA does hereby assure CE that BA will appropriately safeguard protected health information made available to BA, in implementation of such assurance and without otherwise limiting the obligations of BA as set forth in the Contract. In consideration of the mutual promises below and the exchange of information pursuant to this Addendum, COUNTY/Covered Entity and CONTRACTOR/Business Associate agree as follows:

Additional Requirements. Premium Payments - The insurance companies shall have no recourse against the COUNTY and funding agencies, its officers and employees or any of them for payment of any premiums or assessments under any policy issued by a mutual insurance company. Policy Deductibles - The CONTRACTOR shall be responsible for all deductibles in all of the CONTRACTOR’s insurance policies. The maximum amount of allowable deductible for insurance coverage required herein shall be $25,000. CONTRACTOR’s Obligations - CONTRACTOR’S indemnity and other obligations shall not be limited by the foregoing insurance requirements and shall survive the expiration of this agreement. Verification of Coverage - CONTRACTOR shall furnish the County with original certificates and amendatory endorsements or copies of the applicable policy language effecting coverage required by this clause. All certificates and endorsements are to be received and approved by the County before work commences. However, failure to obtain the required documents prior to the work beginning shall not waive the CONTRACTOR’S obligation to provide them. The County reserves the right to require complete, certified copies of all required insurance policies, including endorsements required by these specifications, at any time. Material Breach - Failure of the CONTRACTOR to maintain the insurance required by this agreement, or to comply with any of the requirements of this section, shall constitute a material breach of the entire agreement. EXHIBIT D HIPAA BUSINESS ASSOCIATE AGREEMENT-ADDENDUM Whereas “COUNTY/Covered Entity” (“CE”) wishes REPORTING EXHIBIT CONTRACTOR agrees to disclose certain information to “CONTRACTOR/Business Associate” (“BA”) pursuant to the terms of the Contractprovide COUNTY with reports that may be required by County, some of which may constitute Protected Health Information (“PHI”) (defined below), and Whereas CE and BA intend to protect the privacy and provide State or Federal agencies for the security of PHI disclosed to BA pursuant to the Contract in compliance with the Health Insurance Portability this Agreement including and Accountability Act of 1996, Public Law 104-191 (“HIPAA”), the Health Information Technology for Economic and Clinical Health Act, Public Law 111-005 (“the HITECH Act”), and regulations promulgated thereunder by the U.S. Department of Health and Human Services (“the HIPAA Regulations”) and other applicable laws, and Whereas BA shall comply with the Business Associate Provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act (Section 13001 of Public Law 111-5, the HITECH Act regulations located in 45 CFR 160 &164), including but not limited to Title 42, United States Code, Section 1320d et seq. and its implementing regulations (including but not limited to Title 45, Code of Federal Regulations (CFR), Parts 160, 162, and 164), and Whereas BA shall comply with the State of California regulations regarding the reporting of unauthorized releases of protected health information (PHI). The regulations are found in: Health and Safety Code Sections 1280.15, and Section 1280.18; and Civil Code Section 56.05, and Whereas as part of the HIPAA Regulations, the Privacy Rule and the Security Rule (defined below) require CE to enter into a contract containing specific requirements with BA prior to the disclosure of PHI, as set forth in, but not limited to, Title 45, Sections 164.314(a), 164.502(a) : CONTRACTOR shall submit quarterly status reports and (e) a final annual report to COUNTY which reflect progress made in implementing the services and 164.504(e) of the Code of Federal Regulations (“C.F.R.”) and contained in this Addendum, and Whereas CE will make available and/or be transferring to BA certain information, in conjunction with goods and services to be provided by BA as outlined in the Contract, that is confidential and must be afforded special treatment and protection, and Whereas BA will have access to and/or receive from CE certain information that can be used or disclosed only in accordance with this Business Associate Agreement-Addendum and the HHS privacy regulations, and Whereas BA does hereby assure CE that BA will appropriately safeguard protected health information made available to BA, in implementation of such assurance and without otherwise limiting the obligations of BA as achieving any outcomes set forth in the ContractScope of Services Exhibit, and to assure CONTRACTOR’S compliance with contract terms. In consideration Said annual report shall be submitted by August 31 for the preceding fiscal year. CONTRACTOR shall make annual client outcome information available to COUNTY within 60 days of fiscal year end. Outcome data will be based upon the full array of services provided and how those services advanced the functional improvement of the mutual promises below and client. Functional improvement will be measured by the exchange disposition of information pursuant to this Addendum, COUNTY/Covered Entity and CONTRACTOR/Business Associate agree as follows:the client at discharge.

Additional Requirements. Premium Payments - The insurance companies shall have no recourse against the COUNTY and funding agencies, its officers and employees or any of them for payment of any premiums or assessments under any policy issued by a mutual insurance company. Policy Deductibles - The CONTRACTOR shall be responsible for all deductibles in all of the CONTRACTOR’s insurance policies. The maximum amount of allowable deductible for insurance coverage required herein shall be $25,000. CONTRACTOR’s Obligations - CONTRACTOR’S ’s indemnity and other obligations shall not be limited by the foregoing insurance requirements and shall survive the expiration of this agreement. Verification of Coverage - CONTRACTOR shall furnish the County with original certificates and amendatory endorsements or copies of the applicable policy language effecting coverage required by this clause. All certificates and endorsements are to be received and approved by the County before work commences. However, failure to obtain the required documents prior to the work beginning shall not waive the CONTRACTOR’S ’s obligation to provide them. The County reserves the right to require complete, certified copies of all required insurance policies, including endorsements required by these specifications, at any time. Material Breach - Failure of the CONTRACTOR to maintain the insurance required by this agreement, or to comply with any of the requirements of this section, shall constitute a material breach of the entire agreement. EXHIBIT D HIPAA BUSINESS ASSOCIATE AGREEMENTCertificate Holder– Placer County subscribes to a service that monitors insurance certificates for compliance with the above requirements. The Certificate Holder on insurance certificates and related documents should read as follows: County of Placer c/o EXIGIS LLC PO Bxx 0000 XXX #00000 Xxx Xxxx, XX 00000-ADDENDUM Whereas “COUNTY/Covered Entity” (“CE”) wishes 0000 Xxx: 000-000-0000 Email: xxxxxxxxxxxx-xxxxxx@xxxxxxxxx.xxx Upon initial award of a contract to disclose certain information to “CONTRACTOR/Business Associate” (“BA”) pursuant to your firm, Exigis will contact you with further instructions for providing insurance certificates which meet the terms of the Contract, some of contract. Certificates which may constitute Protected Health Information (“PHI”) (defined below), and Whereas CE and BA intend to protect amend or alter the privacy and provide for coverage during the security of PHI disclosed to BA pursuant to the Contract in compliance with the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191 (“HIPAA”), the Health Information Technology for Economic and Clinical Health Act, Public Law 111-005 (“the HITECH Act”), and regulations promulgated thereunder by the U.S. Department of Health and Human Services (“the HIPAA Regulations”) and other applicable laws, and Whereas BA shall comply with the Business Associate Provisions term of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act (Section 13001 of Public Law 111-5, the HITECH Act regulations located in 45 CFR 160 &164)contract, including but not limited updated certificates due to Title 42policy renewal, United States Code, Section 1320d et seq. and its implementing regulations (including but not limited should be sent directly to Title 45, Code of Federal Regulations (CFR), Parts 160, 162, and 164), and Whereas BA shall comply with the State of California regulations regarding the reporting of unauthorized releases of protected health information (PHI). The regulations are found in: Health and Safety Code Sections 1280.15, and Section 1280.18; and Civil Code Section 56.05, and Whereas Exigis via fax or email as part of the HIPAA Regulations, the Privacy Rule and the Security Rule (defined below) require CE to enter into a contract containing specific requirements with BA prior to the disclosure of PHI, as set forth in, but not limited to, Title 45, Sections 164.314(a), 164.502(a) and (e) and 164.504(e) of the Code of Federal Regulations (“C.F.R.”) and contained in this Addendum, and Whereas CE will make available and/or be transferring to BA certain information, in conjunction with goods and services to be provided by BA as outlined in the Contract, that is confidential and must be afforded special treatment and protection, and Whereas BA will have access to and/or receive from CE certain information that can be used or disclosed only in accordance with this Business Associate Agreement-Addendum and the HHS privacy regulations, and Whereas BA does hereby assure CE that BA will appropriately safeguard protected health information made available to BA, in implementation of such assurance and without otherwise limiting the obligations of BA as set forth in the Contract. In consideration of the mutual promises below and the exchange of information pursuant to this Addendum, COUNTY/Covered Entity and CONTRACTOR/Business Associate agree as follows:indicated above.

Additional Requirements. Premium Payments - The insurance companies shall have no recourse against the COUNTY and funding agencies, its officers and employees or any of them for payment of any premiums or assessments under any policy issued by a mutual insurance company. Policy Deductibles - The CONTRACTOR shall be responsible for all deductibles in all of the CONTRACTOR’s insurance policies. The maximum amount of allowable deductible for insurance coverage required herein shall be $25,000. CONTRACTOR’s Obligations - CONTRACTOR’S indemnity and other obligations shall not be limited by the foregoing insurance requirements and shall survive the expiration of this agreement. Verification of Coverage - CONTRACTOR shall furnish the County with original certificates and amendatory endorsements or copies of the applicable policy language effecting affecting coverage required by this clause. All certificates and endorsements are to be received and approved by the County before work commences. However, failure to obtain the required documents prior to the work beginning shall not waive the CONTRACTOR’S obligation to provide them. The County reserves the right to require complete, certified copies of all required insurance policies, including endorsements required by these specifications, at any time. DRAFT Material Breach - Failure of the CONTRACTOR to maintain the insurance required by this agreement, or to comply with any of the requirements of this section, shall constitute a material breach of the entire agreement. EXHIBIT D HIPAA BUSINESS ASSOCIATE AGREEMENT-ADDENDUM Whereas “COUNTY/Covered Entity” (“CE”) wishes to disclose certain information to “CONTRACTOR/Business Associate” (“BA”) pursuant to the terms of the Contract, some of which may constitute Protected Health Information (“PHI”) (defined below), and Whereas CE and BA intend to protect the privacy and provide for the security of PHI disclosed to BA pursuant to the Contract in compliance with the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191 (“HIPAA”), the Health Information Technology for Economic and Clinical Health Act, Public Law 111-005 (“the HITECH Act”), and regulations promulgated thereunder by the U.S. Department of Health and Human Services (“the HIPAA Regulations”) and other applicable laws, and Whereas BA shall comply with the Business Associate Provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act (Section 13001 of Public Law 111-5, the HITECH Act regulations located in 45 CFR 160 &164), including but not limited to Title 42, United States Code, Section 1320d et seq. and its implementing regulations (including but not limited to Title 45, Code of Federal Regulations (CFR), Parts 160, 162, and 164), and DRAFT Whereas BA shall comply with the State of California regulations regarding the reporting of unauthorized releases of protected health information (PHI). The regulations are found in: Health and Safety Code Sections 1280.15, and Section 1280.18; and Civil Code Section 56.05, and Whereas as part of the HIPAA Regulations, the Privacy Rule and the Security Rule (defined below) require CE to enter into a contract containing specific requirements with BA prior to the disclosure of PHI, as set forth in, but not limited to, Title 45, Sections 164.314(a), 164.502(a) and (e) and 164.504(e) of the Code of Federal Regulations (“C.F.R.”) and contained in this Addendum, and Whereas CE will make available and/or be transferring to BA certain information, in conjunction with goods and services to be provided by BA as outlined in the Contract, that is confidential and must be afforded special treatment and protection, and Whereas BA will have access to and/or receive from CE certain information that can be used or disclosed only in accordance with this Business Associate Agreement-Addendum and the HHS privacy regulations, and Whereas BA does hereby assure CE that BA will appropriately safeguard protected health information made available to BA, in implementation of such assurance and without otherwise limiting the obligations of BA as set forth in the Contract. In consideration of the mutual promises below and the exchange of information pursuant to this Addendum, COUNTY/Covered Entity and CONTRACTOR/Business Associate agree as follows:

Additional Requirements. Premium Payments - The insurance companies shall have no recourse against the COUNTY and funding agencies, its officers and employees or any of them for payment of any premiums or assessments under any policy issued by a mutual insurance company. Policy Deductibles - The CONTRACTOR shall be responsible for all deductibles in all of the CONTRACTOR’s insurance policies. The maximum amount of allowable deductible for insurance coverage required herein shall be $25,000. CONTRACTOR’s Obligations - CONTRACTOR’S ’s indemnity and other obligations shall not be limited by the foregoing insurance requirements and shall survive the expiration of this agreement. Verification of Coverage - CONTRACTOR shall furnish the County with original certificates and amendatory endorsements or copies of the applicable policy language effecting coverage required by this clause. All certificates and endorsements are to be received and approved by the County before work commences. However, failure to obtain the required documents prior to the work beginning shall not waive the CONTRACTOR’S ’s obligation to provide them. The County reserves the right to require complete, certified copies of all required insurance policies, including endorsements required by these specifications, at any time. Material Breach - Failure of the CONTRACTOR to maintain the insurance required by this agreement, or to comply with any of the requirements of this section, shall constitute a material breach of the entire agreement. EXHIBIT D HIPAA BUSINESS ASSOCIATE AGREEMENT-ADDENDUM Whereas “COUNTY/Covered Entity” (“CE”) wishes to disclose certain information to “CONTRACTOR/Business Associate” (“BA”) pursuant to the terms of the Contract, some of which may constitute Protected Health Information (“PHI”) (defined below), and Whereas CE and BA intend to protect the privacy and provide for the security of PHI disclosed to BA pursuant to the Contract in compliance with the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191 (“HIPAA”), the Health Information Technology for Economic and Clinical Health Act, Public Law 111-005 (“the HITECH Act”), and regulations promulgated thereunder by the U.S. Department of Health and Human Services (“the HIPAA Regulations”) and other applicable laws, and Whereas BA shall comply with the Business Associate Provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act (Section 13001 of Public Law 111-5, the HITECH Act regulations located in 45 CFR 160 &164), including but not limited to Title 42, United States Code, Section 1320d et seq. and its implementing regulations (including but not limited to Title 45, Code of Federal Regulations (CFR), Parts 160, 162, and 164), and Whereas BA shall comply with the State of California regulations regarding the reporting of unauthorized releases of protected health information (PHI). The regulations are found in: Health and Safety Code Sections 1280.15, and Section 1280.18; and Civil Code Section 56.05, and Whereas as part of the HIPAA Regulations, the Privacy Rule and the Security Rule (defined below) require CE to enter into a contract containing specific requirements with BA prior to the disclosure of PHI, as set forth in, but not limited to, Title 45, Sections 164.314(a), 164.502(a) and (e) and 164.504(e) of the Code of Federal Regulations (“C.F.R.”) and contained in this Addendum, and Whereas CE will make available and/or be transferring to BA certain information, in conjunction with goods and services to be provided by BA as outlined in the Contract, that is confidential and must be afforded special treatment and protection, and Whereas BA will have access to and/or receive from CE certain information that can be used or disclosed only in accordance with this Business Associate Agreement-Addendum and the HHS privacy regulations, and Whereas BA does hereby assure CE that BA will appropriately safeguard protected health information made available to BA, in implementation of such assurance and without otherwise limiting the obligations of BA as set forth in the Contract. In consideration of the mutual promises below and the exchange of information pursuant to this Addendum, COUNTY/Covered Entity and CONTRACTOR/Business Associate agree as follows:

Additional Requirements. Premium Payments - The insurance companies shall have no recourse against the COUNTY and funding agencies, its officers and employees or any of them for payment of any premiums or assessments under any policy issued by a mutual insurance company. Policy Deductibles - The CONTRACTOR shall be responsible for all deductibles in all of the CONTRACTOR’s ’S insurance policies. The maximum amount of allowable deductible for insurance coverage required herein shall be $25,000. CONTRACTOR’s ’S Obligations - CONTRACTOR’S indemnity and other obligations shall not be limited by the foregoing insurance requirements and shall survive the expiration of this agreement. Verification of Coverage - CONTRACTOR shall furnish the County with original certificates and amendatory endorsements or copies of the applicable policy language effecting coverage required by this clause. All certificates and endorsements are to be received and approved by the County before work commences. However, failure to obtain the required documents prior to the work beginning shall not waive the CONTRACTOR’S obligation to provide them. The County reserves the right to require complete, certified copies of all required insurance policies, including endorsements required by these specifications, at any time. Material Breach - Failure of the CONTRACTOR to maintain the insurance required by this agreement, or to comply with any of the requirements of this section, shall constitute a material breach of the entire agreement. EXHIBIT D HIPAA BUSINESS ASSOCIATE AGREEMENT-ADDENDUM Whereas “COUNTY/Covered Entity” (“CE”) wishes to disclose certain information to “CONTRACTOR/Business Associate” (“BA”) pursuant to the terms of the Contract, some of which may constitute Protected Health Information (“PHI”) (defined below), and Whereas CE and BA intend to protect the privacy and provide for the security of PHI disclosed to BA pursuant to the Contract in compliance with the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191 (“HIPAA”), the Health Information Technology for Economic and Clinical Health Act, Public Law 111-005 (“the HITECH Act”), and regulations promulgated thereunder by the U.S. Department of Health and Human Services (“the HIPAA Regulations”) and other applicable laws, and Whereas BA shall comply with the Business Associate Provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act (Section 13001 of Public Law 111-5, the HITECH Act regulations located in 45 CFR 160 &164), including but not limited to Title 42, United States Code, Section 1320d et seq. and its implementing regulations (including but not limited to Title 45, Code of Federal Regulations (CFR), Parts 160, 162, and 164), and Whereas BA shall comply with the State of California regulations regarding the reporting of unauthorized releases of protected health information (PHI). The regulations are found in: Health and Safety Code Sections 1280.15, and Section 1280.18; and Civil Code Section 56.05, and Whereas as part of the HIPAA Regulations, the Privacy Rule and the Security Rule (defined below) require CE to enter into a contract containing specific requirements with BA prior to the disclosure of PHI, as set forth in, but not limited to, Title 45, Sections 164.314(a), 164.502(a) and (e) and 164.504(e) of the Code of Federal Regulations (“C.F.R.”) and contained in this Addendum, and Whereas CE will make available and/or be transferring to BA certain information, in conjunction with goods and services to be provided by BA as outlined in the Contract, that is confidential and must be afforded special treatment and protection, and Whereas BA will have access to and/or receive from CE certain information that can be used or disclosed only in accordance with this Business Associate Agreement-Addendum and the HHS privacy regulations, and Whereas BA does hereby assure CE that BA will appropriately safeguard protected health information made available to BA, in implementation of such assurance and without otherwise limiting the obligations of BA as set forth in the Contract. In consideration of the mutual promises below and the exchange of information pursuant to this Addendum, COUNTY/Covered Entity and CONTRACTOR/Business Associate agree as follows: