Common use of SOV Cybersecurity Standard Clause in Contracts

SOV Cybersecurity Standard. 19-01 All products and service provided to or for the use of the State under this Contract shall be in compliance with State of Vermont Cybersecurity Standard 19-01, which Contractor acknowledges has been provided to it, and is available on-line at the following URL: xxxxx://xxxxxxxxxxxxxxx.xxxxxxx.xxx/cybersecurity/cybersecurity-standards-and-directives ATTACHMENT E BUSINESS ASSOCIATE AGREEMENT State Contractor Name: Xxxxx and Xxxxxxxx XX State Contract No. 39766 Contract Effective Date: April 1, 2020 THIS BUSINESS ASSOCIATE AGREEMENT (“AGREEMENT”) IS ENTERED INTO BY AND BETWEEN THE STATE OF VERMONT AGENCY OF HUMAN SERVICES, OPERATING BY AND THROUGH ITS DEPARTMENT OF VERMONT HEALTH ACCESS (“COVERED ENTITY”) AND PARTY IDENTIFIED IN THIS AGREEMENT AS CONTRACTOR OR GRANTEE ABOVE (“BUSINESS ASSOCIATE”). THIS AGREEMENT SUPPLEMENTS AND IS MADE A PART OF THE CONTRACT OR GRANT (“CONTRACT OR GRANT) TO WHICH IT IS ATTACHED. Covered Entity and Business Associate enter into this Agreement to comply with the standards promulgated under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), including the Standards for the Privacy of Individually Identifiable Health Information, at 45 CFR Parts 160 and 164 (“Privacy Rule”), and the Security Standards, at 45 CFR Parts 160 and 164 (“Security Rule”), as amended by Subtitle D of the Health Information Technology for Economic and Clinical Health Act (HITECH), and any associated federal rules and regulations. The parties agree as follows:

SOV Cybersecurity Standard. 19-01 All products and service provided to or for the use of the State under this Contract shall be in compliance with State of Vermont Cybersecurity Standard 19-01, which Contractor acknowledges has been provided to it, and is available on-line at the following URL: xxxxx://xxxxxxxxxxxxxxx.xxxxxxx.xxx/cybersecurity/cybersecurity-standards-and-directives ATTACHMENT E BUSINESS ASSOCIATE AGREEMENT State Contractor NameSOV CONTRACTOR: Xxxxx and Xxxxxxxx XX State Contract Health Management Associates SOV CONTRACT No. 39766 Contract Effective Date43613 CONTRACT EFFECTIVE DATE: April July 1, 2020 2022 THIS BUSINESS ASSOCIATE AGREEMENT (“AGREEMENT”) IS ENTERED INTO BY AND BETWEEN THE STATE OF VERMONT AGENCY OF HUMAN SERVICES, OPERATING BY AND THROUGH ITS DEPARTMENT AGENCY OF VERMONT HEALTH ACCESS HUMAN SERVICES (“COVERED ENTITY”) AND PARTY IDENTIFIED IN THIS AGREEMENT AS CONTRACTOR OR GRANTEE ABOVE (“BUSINESS ASSOCIATE”). THIS AGREEMENT SUPPLEMENTS AND IS MADE A PART OF THE CONTRACT OR GRANT (“CONTRACT OR GRANT”) TO WHICH IT IS ATTACHED. Covered Entity and Business Associate enter into this Agreement to comply with the standards promulgated under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), including the Standards for the Privacy of Individually Identifiable Health Information, at 45 CFR Parts 160 and 164 (“Privacy Rule”), and the Security Standards, at 45 CFR Parts 160 and 164 (“Security Rule”), as amended by Subtitle D of the Health Information Technology for Economic and Clinical Health Act (HITECH), and any associated federal rules and regulations. The parties agree as follows:

SOV Cybersecurity Standard. 19-01 All products and service provided to or for the use of the State under this Contract shall be in compliance with State of Vermont Cybersecurity Standard 19-01, which Contractor acknowledges has been provided to it, and is available on-line at the following URL: xxxxx://xxxxxxxxxxxxxxx.xxxxxxx.xxx/cybersecurity/cybersecurity-standards-and-directives ATTACHMENT E BUSINESS ASSOCIATE AGREEMENT State Contractor NameSOV CONTRACTOR: Xxxxx and Xxxxxxxx XX State Contract Strategic Solutions Group, LLC SOV CONTRACT No. 39766 Contract Effective Date41854 CONTRACT EFFECTIVE DATE: April July 1, 2020 2021 THIS BUSINESS ASSOCIATE AGREEMENT (“AGREEMENT”) IS ENTERED INTO BY AND BETWEEN THE STATE OF VERMONT AGENCY OF HUMAN SERVICES, OPERATING BY AND THROUGH ITS DEPARTMENT OF VERMONT HEALTH ACCESS (“COVERED ENTITY”) AND PARTY IDENTIFIED IN THIS AGREEMENT AS CONTRACTOR OR GRANTEE ABOVE (“BUSINESS ASSOCIATE”). THIS AGREEMENT SUPPLEMENTS AND IS MADE A PART OF THE CONTRACT OR GRANT (“CONTRACT OR GRANT”) TO WHICH IT IS ATTACHED. Covered Entity and Business Associate enter into this Agreement to comply with the standards promulgated under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), including the Standards for the Privacy of Individually Identifiable Health Information, at 45 CFR Parts 160 and 164 (“Privacy Rule”), and the Security Standards, at 45 CFR Parts 160 and 164 (“Security Rule”), as amended by Subtitle D of the Health Information Technology for Economic and Clinical Health Act (HITECH), and any associated federal rules and regulations. The parties agree as follows:

SOV Cybersecurity Standard. 19-01 All products and service provided to or for the use of the State under this Contract shall be in compliance with State of Vermont Cybersecurity Standard 19-01, which Contractor acknowledges has been provided to it, and is available on-line at the following URL: xxxxx://xxxxxxxxxxxxxxx.xxxxxxx.xxx/cybersecurity/cybersecurity-standards-and-directives ATTACHMENT E BUSINESS ASSOCIATE AGREEMENT SOV CONTRACTOR NTT Data State Contractor Name: Xxxxx and Xxxxxxxx XX State Contract Health Consulting, LLC SOV CONTRACT No. 39766 Contract 40435 CONTRACT Effective DateDATE: April September 1, 2020 THIS BUSINESS ASSOCIATE AGREEMENT (“AGREEMENT”) IS ENTERED INTO BY AND BETWEEN THE STATE OF VERMONT AGENCY OF HUMAN SERVICES, OPERATING BY AND THROUGH ITS DEPARTMENT OF VERMONT HEALTH ACCESS (“COVERED ENTITY”) AND PARTY IDENTIFIED IN THIS AGREEMENT AS CONTRACTOR OR GRANTEE ABOVE (“BUSINESS ASSOCIATE”). THIS AGREEMENT SUPPLEMENTS AND IS MADE A PART OF THE CONTRACT OR GRANT (“CONTRACT OR GRANT”) TO WHICH IT IS ATTACHED. Covered Entity and Business Associate enter into this Agreement to comply with the standards promulgated under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), including the Standards for the Privacy of Individually Identifiable Health Information, at 45 CFR Parts 160 and 164 (“Privacy Rule”), and the Security Standards, at 45 CFR Parts 160 and 164 (“Security Rule”), as amended by Subtitle D of the Health Information Technology for Economic and Clinical Health Act (HITECH), and any associated federal rules and regulations. The parties agree as follows:

SOV Cybersecurity Standard. 19-01 All products and service provided to or for the use of the State under this Contract shall be in compliance with State of Vermont Cybersecurity Standard 19-01, which Contractor acknowledges has been provided to it, and is available on-line at the following URL: xxxxx://xxxxxxxxxxxxxxx.xxxxxxx.xxx/cybersecurity/cybersecurity-standards-and-directives ATTACHMENT E BUSINESS ASSOCIATE AGREEMENT State Contractor NameSOV CONTRACTOR BUSINESS ASSOCIATE: Xxxxx and Xxxxxxxx XX State Contract NoXXXXXX CONSULTING GROUP, LLC AN HMA COMPANY SOV CONTRACT NO. 39766 Contract Effective Date43827 CONTRACT EFFECTIVE DATE: April 1JUNE 15, 2020 2022 THIS BUSINESS ASSOCIATE AGREEMENT (“AGREEMENT”) IS ENTERED INTO BY AND BETWEEN THE STATE OF VERMONT AGENCY OF HUMAN SERVICES, OPERATING BY AND THROUGH ITS DEPARTMENT OF VERMONT HEALTH ACCESS (“COVERED ENTITY”) AND PARTY IDENTIFIED IN THIS AGREEMENT AS CONTRACTOR OR GRANTEE ABOVE (“BUSINESS ASSOCIATE”). THIS AGREEMENT SUPPLEMENTS AND IS MADE A PART OF THE CONTRACT OR GRANT (“CONTRACT OR GRANT”) TO WHICH IT IS ATTACHED. Covered Entity and Business Associate enter into this Agreement to comply with the standards promulgated under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), including the Standards for the Privacy of Individually Identifiable Health Information, at 45 CFR Parts 160 and 164 (“Privacy Rule”), and the Security Standards, at 45 CFR Parts 160 and 164 (“Security Rule”), as amended by Subtitle D of the Health Information Technology for Economic and Clinical Health Act (HITECH), and any associated federal rules and regulations. The parties agree as follows:

SOV Cybersecurity Standard. 19-01 All products and service provided to or for the use of the State under this Contract shall be in compliance with State of Vermont Cybersecurity Standard 19-01, which Contractor acknowledges has been provided to it, and is available on-line at the following URL: xxxxx://xxxxxxxxxxxxxxx.xxxxxxx.xxx/cybersecurity/cybersecurity-standards-and-directives ATTACHMENT E BUSINESS ASSOCIATE AGREEMENT State Contractor NameSOV CONTRACTOR: Xxxxx and Xxxxxxxx XX State Contract HealthTech Solutions, LLC SOV CONTRACT No. 39766 Contract Effective Date41409 CONTRACT EFFECTIVE DATE: April 1March 22, 2020 2021 THIS BUSINESS ASSOCIATE AGREEMENT (“AGREEMENT”) IS ENTERED INTO BY AND BETWEEN THE STATE OF VERMONT AGENCY OF HUMAN SERVICES, OPERATING BY AND THROUGH ITS DEPARTMENT OF VERMONT HEALTH ACCESS (“COVERED ENTITY”) AND PARTY IDENTIFIED IN THIS AGREEMENT AS CONTRACTOR OR GRANTEE ABOVE (“BUSINESS ASSOCIATE”). THIS AGREEMENT SUPPLEMENTS AND IS MADE A PART OF THE CONTRACT OR GRANT (“CONTRACT OR GRANT”) TO WHICH IT IS ATTACHED. Covered Entity and Business Associate enter into this Agreement to comply with the standards promulgated under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), including the Standards for the Privacy of Individually Identifiable Health Information, at 45 CFR Parts 160 and 164 (“Privacy Rule”), and the Security Standards, at 45 CFR Parts 160 and 164 (“Security Rule”), as amended by Subtitle D of the Health Information Technology for Economic and Clinical Health Act (HITECH), and any associated federal rules and regulations. The parties agree as follows:

SOV Cybersecurity Standard. 19-01 All products and service provided to or for the use of the State under this Contract shall be in compliance with State of Vermont Cybersecurity Standard 19-01, which Contractor acknowledges has been provided to it, and is available on-line at the following URL: xxxxx://xxxxxxxxxxxxxxx.xxxxxxx.xxx/cybersecurity/cybersecurity-standards-and-directives ATTACHMENT E BUSINESS ASSOCIATE AGREEMENT State Contractor NameSOV CONTRACTOR: Xxxxx and Xxxxxxxx XX State Contract Consumers’ Checkbook/Center for the Study of Services SOV CONTRACT No. 39766 Contract 43575 CONTRACT Effective DateDATE: April July 1, 2020 2022 THIS BUSINESS ASSOCIATE AGREEMENT (“AGREEMENT”) IS ENTERED INTO BY AND BETWEEN THE STATE OF VERMONT AGENCY OF HUMAN SERVICES, OPERATING BY AND THROUGH ITS DEPARTMENT AGENCY OF VERMONT HEALTH ACCESS HUMAN SERVICES (“COVERED ENTITY”) AND PARTY IDENTIFIED IN THIS AGREEMENT AS CONTRACTOR OR GRANTEE ABOVE (“BUSINESS ASSOCIATE”). THIS AGREEMENT SUPPLEMENTS AND IS MADE A PART OF THE CONTRACT OR GRANT (“CONTRACT OR GRANT”) TO WHICH IT IS ATTACHED. Covered Entity and Business Associate enter into this Agreement to comply with the standards promulgated under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), including the Standards for the Privacy of Individually Identifiable Health Information, at 45 CFR Parts 160 and 164 (“Privacy Rule”), and the Security Standards, at 45 CFR Parts 160 and 164 (“Security Rule”), as amended by Subtitle D of the Health Information Technology for Economic and Clinical Health Act (HITECH), and any associated federal rules and regulations. The parties agree as follows:

SOV Cybersecurity Standard. 19-01 All products and service provided to or for the use of the State under this Contract shall be in compliance with State of Vermont Cybersecurity Standard 19-01, which Contractor acknowledges has been provided to it, and is available on-line at the following URL: xxxxx://xxxxxxxxxxxxxxx.xxxxxxx.xxx/cybersecurity/cybersecurity-standards-and-directives ATTACHMENT E BUSINESS ASSOCIATE AGREEMENT State Contractor NameSOV CONTRACTOR BUSINESS ASSOCIATE: Xxxxx and Xxxxxxxx XX State Contract COTIVITI INC. SOV CONTRACT No. 39766 Contract Effective Date41062 CONTRACT EFFECTIVE DATE: April 1December 13, 2020 THIS BUSINESS ASSOCIATE AGREEMENT (“AGREEMENT”) IS ENTERED INTO BY AND BETWEEN THE STATE OF VERMONT AGENCY OF HUMAN SERVICES, OPERATING BY AND THROUGH ITS DEPARTMENT OF VERMONT HEALTH ACCESS (“COVERED ENTITY”) AND PARTY IDENTIFIED IN THIS AGREEMENT AS CONTRACTOR OR GRANTEE ABOVE (“BUSINESS ASSOCIATE”). THIS AGREEMENT SUPPLEMENTS AND IS MADE A PART OF THE CONTRACT OR GRANT (“CONTRACT OR GRANT”) TO WHICH IT IS ATTACHED. Covered Entity and Business Associate enter into this Agreement to comply with the standards promulgated under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), including the Standards for the Privacy of Individually Identifiable Health Information, at 45 CFR Parts 160 and 164 (“Privacy Rule”), and the Security Standards, at 45 CFR Parts 160 and 164 (“Security Rule”), as amended by Subtitle D of the Health Information Technology for Economic and Clinical Health Act (HITECH), and any associated federal rules and regulations. The parties agree as follows:

SOV Cybersecurity Standard. 19-01 All products and service provided to or for the use of the State under this Contract shall be in compliance with State of Vermont Cybersecurity Standard 19-01, which Contractor acknowledges has been provided to it, and is available on-line at the following URL: xxxxx://xxxxxxxxxxxxxxx.xxxxxxx.xxx/cybersecurity/cybersecurity-standards-and-directives ATTACHMENT E BUSINESS ASSOCIATE AGREEMENT State Contractor NameSOV CONTRACTOR: Xxxxx and Xxxxxxxx XX State Contract Xxxxxxx Associates, Inc. SOV CONTRACT No. 39766 Contract Effective Date41851 CONTRACT EFFECTIVE DATE: April July 1, 2020 2021 THIS BUSINESS ASSOCIATE AGREEMENT (“AGREEMENT”) IS ENTERED INTO BY AND BETWEEN THE STATE OF VERMONT AGENCY OF HUMAN SERVICES, OPERATING BY AND THROUGH ITS DEPARTMENT OF VERMONT HEALTH ACCESS (“COVERED ENTITY”) AND PARTY IDENTIFIED IN THIS AGREEMENT AS CONTRACTOR OR GRANTEE ABOVE (“BUSINESS ASSOCIATE”). THIS AGREEMENT SUPPLEMENTS AND IS MADE A PART OF THE CONTRACT OR GRANT (“CONTRACT OR GRANT”) TO WHICH IT IS ATTACHED. Covered Entity and Business Associate enter into this Agreement to comply with the standards promulgated under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), including the Standards for the Privacy of Individually Identifiable Health Information, at 45 CFR Parts 160 and 164 (“Privacy Rule”), and the Security Standards, at 45 CFR Parts 160 and 164 (“Security Rule”), as amended by Subtitle D of the Health Information Technology for Economic and Clinical Health Act (HITECH), and any associated federal rules and regulations. The parties agree as follows:

SOV Cybersecurity Standard. 19-01 All products and service provided to or for the use of the State under this Contract shall be in compliance with State of Vermont Cybersecurity Standard 19-01, which Contractor acknowledges has been provided to it, and is available on-line at the following URL: xxxxx://xxxxxxxxxxxxxxx.xxxxxxx.xxx/cybersecurity/cybersecurity-standards-and-directives ATTACHMENT E BUSINESS ASSOCIATE AGREEMENT State Contractor Name: Xxxxx and Xxxxxxxx XX State Contract No. 39766 Contract Effective Date: April 1, 2020 THIS BUSINESS ASSOCIATE AGREEMENT (“AGREEMENT”) IS ENTERED INTO BY AND BETWEEN THE STATE OF VERMONT AGENCY OF HUMAN SERVICES, OPERATING BY AND THROUGH ITS CONTRACT # 43142 DEPARTMENT OF VERMONT HEALTH ACCESS PAGE 50 OF 71 Vermont Information Technology Leaders, Inc. ATTACHMENT E BUSINESS ASSOCIATE AGREEMENT‌ SOV CONTRACTOR/GRANTEE/BUSINESS ASSOCIATE: VERMONT INFORMATION TECHNOLOGY LEADERS, INC. SOV CONTRACT NO. 43142 CONTRACT EFFECTIVE DATE: 1/1/2022 This Business Associate Agreement (“COVERED ENTITYAgreement”) AND PARTY IDENTIFIED IN THIS AGREEMENT AS CONTRACTOR OR GRANTEE ABOVE is entered into by and between the State of Vermont Agency of Human Services, operating by and through its Department of Vermont Health Access (“BUSINESS ASSOCIATECovered Entity”) and Party identified in this Agreement as Contractor or Grantee above (“Business Associate”). THIS AGREEMENT SUPPLEMENTS AND IS MADE A PART OF THE CONTRACT OR GRANT This Agreement supplements and is made a part of the contract or grant (“CONTRACT OR GRANTContract or Grant”) TO WHICH IT IS ATTACHEDto which it is attached. Covered Entity and Business Associate enter into this Agreement to comply with the standards promulgated under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), including the Standards for the Privacy of Individually Identifiable Health Information, at 45 CFR Parts 160 and 164 (“Privacy Rule”), and the Security Standards, at 45 CFR Parts 160 and 164 (“Security Rule”), as amended by Subtitle D of the Health Information Technology for Economic and Clinical Health Act (HITECH), and any associated federal rules and regulations. The parties agree as follows:

SOV Cybersecurity Standard. 19-01 All products and service provided to or for the use of the State under this Contract shall be in compliance with State of Vermont Cybersecurity Standard 19-01, which Contractor acknowledges has been provided to it, and is available on-line at the following URL: xxxxx://xxxxxxxxxxxxxxx.xxxxxxx.xxx/cybersecurity/cybersecurity-standards-and-directives ATTACHMENT E BUSINESS ASSOCIATE AGREEMENT State Contractor NameSOV CONTRACTOR: Xxxxx and Xxxxxxxx XX State Contract Speridian Technologies, LLC SOV CONTRACT No. 39766 Contract Effective Date41853 CONTRACT EFFECTIVE DATE: April July 1, 2020 2021 THIS BUSINESS ASSOCIATE AGREEMENT (“AGREEMENT”) IS ENTERED INTO BY AND BETWEEN THE STATE OF VERMONT AGENCY OF HUMAN SERVICES, OPERATING BY AND THROUGH ITS DEPARTMENT OF VERMONT HEALTH ACCESS (“COVERED ENTITY”) AND PARTY IDENTIFIED IN THIS AGREEMENT AS CONTRACTOR OR GRANTEE ABOVE (“BUSINESS ASSOCIATE”). THIS AGREEMENT SUPPLEMENTS AND IS MADE A PART OF THE CONTRACT OR GRANT (“CONTRACT OR GRANT”) TO WHICH IT IS ATTACHED. Covered Entity and Business Associate enter into this Agreement to comply with the standards promulgated under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), including the Standards for the Privacy of Individually Identifiable Health Information, at 45 CFR Parts 160 and 164 (“Privacy Rule”), and the Security Standards, at 45 CFR Parts 160 and 164 (“Security Rule”), as amended by Subtitle D of the Health Information Technology for Economic and Clinical Health Act (HITECH), and any associated federal rules and regulations. The parties agree as follows: