Common use of Additional Requirements Clause in Contracts

Additional Requirements. Premium Payments - The insurance companies shall have no recourse against the COUNTY and funding agencies, its officers and employees or any of them for payment of any premiums or assessments under any policy issued by a mutual insurance company. Policy Deductibles - The CONTRACTOR shall be responsible for all deductibles in all of the CONTRACTOR’s insurance policies. The maximum amount of allowable deductible for insurance coverage required herein shall be $25,000. CONTRACTOR’s Obligations - CONTRACTOR’S indemnity and other obligations shall not be limited by the foregoing insurance requirements and shall survive the expiration of this agreement. Verification of Coverage - CONTRACTOR shall furnish the County with original certificates and amendatory endorsements or copies of the applicable policy language effecting coverage required by this clause. All certificates and endorsements are to be received and approved by the County before work commences. However, failure to obtain the required documents prior to the work beginning shall not waive the CONTRACTOR’S obligation to provide them. The County reserves the right to require complete, certified copies of all required insurance policies, including endorsements required by these specifications, at any time. Material Breach - Failure of the CONTRACTOR to maintain the insurance required by this agreement, or to comply with any of the requirements of this section, shall constitute a material breach of the entire agreement. EXHIBIT D HIPAA BUSINESS ASSOCIATE AGREEMENT-ADDENDUM Whereas “COUNTY/Covered Entity” (“CE”) wishes to disclose certain information to “CONTRACTOR/Business Associate” (“BA”) pursuant to the terms of the Contract, some of which may constitute Protected Health Information (“PHI”) (defined below), and Whereas CE and BA intend to protect the privacy and provide for the security of PHI disclosed to BA pursuant to the Contract in compliance with the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191 (“HIPAA”), the Health Information Technology for Economic and Clinical Health Act, Public Law 111-005 (“the HITECH Act”), and regulations promulgated thereunder by the U.S. Department of Health and Human Services (“the HIPAA Regulations”) and other applicable laws, and Whereas BA shall comply with the Business Associate Provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act (Section 13001 of Public Law 111-5, the HITECH Act regulations located in 45 CFR 160 &164), including but not limited to Title 42, United States Code, Section 1320d et seq. and its implementing regulations (including but not limited to Title 45, Code of Federal Regulations (CFR), Parts 160, 162, and 164), and Whereas BA shall comply with the State of California regulations regarding the reporting of unauthorized releases of protected health information (PHI). The regulations are found in: Health and Safety Code Sections 1280.15, and Section 1280.18; and Civil Code Section 56.05, and Whereas as part of the HIPAA Regulations, the Privacy Rule and the Security Rule (defined below) require CE to enter into a contract containing specific requirements with BA prior to the disclosure of PHI, as set forth in, but not limited to, Title 45, Sections 164.314(a), 164.502(a) and (e) and 164.504(e) of the Code of Federal Regulations (“C.F.R.”) and contained in this Addendum, and Whereas CE will make available and/or be transferring to BA certain information, in conjunction with goods and services to be provided by BA as outlined in the Contract, that is confidential and must be afforded special treatment and protection, and Whereas BA will have access to and/or receive from CE certain information that can be used or disclosed only in accordance with this Business Associate Agreement-Addendum and the HHS privacy regulations, and Whereas BA does hereby assure CE that BA will appropriately safeguard protected health information made available to BA, in implementation of such assurance and without otherwise limiting the obligations of BA as set forth in the Contract. In consideration of the mutual promises below and the exchange of information pursuant to this Addendum, COUNTY/Covered Entity and CONTRACTOR/Business Associate agree as follows:

Additional Requirements. Premium Payments - The insurance companies shall have no recourse against the COUNTY and funding agencies, its officers and employees or any of them for payment of any premiums or assessments under any policy issued by a mutual insurance company. Policy Deductibles - The CONTRACTOR shall be responsible for all deductibles in all of the CONTRACTOR’s 'S insurance policies. The maximum amount of allowable deductible for insurance coverage required herein shall be $25,000. CONTRACTOR’s 'S Obligations - CONTRACTOR’S indemnity and other obligations shall not be limited by the foregoing insurance requirements and shall survive the expiration of this agreement. Verification of Coverage - CONTRACTOR shall furnish the County with original certificates and amendatory endorsements or copies of the applicable policy language effecting coverage required by this clause. All certificates and endorsements are to be received and approved by the County before work commences. However, failure to obtain the required documents prior to the work beginning shall not waive the CONTRACTOR’S obligation to provide them. The County reserves the right to require complete, certified copies of all required insurance policies, including endorsements required by these specifications, at any time. Material Breach - Failure of the CONTRACTOR to maintain the insurance required by this agreement, or to comply with any of the requirements of this section, shall constitute a material breach of the entire agreement. EXHIBIT D HIPAA BUSINESS ASSOCIATE AGREEMENT-ADDENDUM Whereas “COUNTY/Covered Entity” (“CE”) wishes to disclose certain information to “CONTRACTOR/Business Associate” (“BA”) pursuant to the terms of the Contract, some of which may constitute Protected Health Information (“PHI”) (defined below), and Whereas CE and BA intend to protect the privacy and provide for the security of PHI disclosed to BA pursuant to the Contract in compliance with the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191 (“HIPAA”), the Health Information Technology for Economic and Clinical Health Act, Public Law 111-005 (“the HITECH Act”), and regulations promulgated thereunder by the U.S. Department of Health and Human Services (“the HIPAA Regulations”) and other applicable laws, and Whereas BA shall comply with the Business Associate Provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act (Section 13001 of Public Law 111-5, the HITECH Act regulations located in 45 CFR 160 &164), including but not limited to Title 42, United States Code, Section 1320d et seq. and its implementing regulations (including but not limited to Title 45, Code of Federal Regulations (CFR), Parts 160, 162, and 164), and Whereas BA shall comply with the State of California regulations regarding the reporting of unauthorized releases of protected health information (PHI). The regulations are found in: Health and Safety Code Sections 1280.15, and Section 1280.18; and Civil Code Section 56.05, and Whereas as part of the HIPAA Regulations, the Privacy Rule and the Security Rule (defined below) require CE to enter into a contract containing specific requirements with BA prior to the disclosure of PHI, as set forth in, but not limited to, Title 45, Sections 164.314(a), 164.502(a) and (e) and 164.504(e) of the Code of Federal Regulations (“C.F.R.”) and contained in this Addendum, and Whereas CE will make available and/or be transferring to BA certain information, in conjunction with goods and services to be provided by BA as outlined in the Contract, that is confidential and must be afforded special treatment and protection, and Whereas BA will have access to and/or receive from CE certain information that can be used or disclosed only in accordance with this Business Associate Agreement-Addendum and the HHS privacy regulations, and Whereas BA does hereby assure CE that BA will appropriately safeguard protected health information made available to BA, in implementation of such assurance and without otherwise limiting the obligations of BA as set forth in the Contract. In consideration of the mutual promises below and the exchange of information pursuant to this Addendum, COUNTY/Covered Entity and CONTRACTOR/Business Associate agree as follows:

Additional Requirements. Premium Payments - The insurance companies shall have no recourse against the COUNTY and funding agencies, its officers and employees or any of them for payment of any premiums or assessments under any policy issued by a mutual insurance company. Policy Deductibles - The CONTRACTOR shall be responsible for all deductibles in all of the CONTRACTOR’s insurance policies. The maximum amount of allowable deductible for insurance coverage required herein shall be $25,000. CONTRACTOR’s Obligations - CONTRACTOR’S indemnity and other obligations shall not be limited by the foregoing insurance requirements and shall survive the expiration of this agreement. Verification of Coverage - CONTRACTOR shall furnish the County COUNTY with original certificates and amendatory endorsements or copies of the applicable policy language effecting coverage required by this clause. All certificates and endorsements are to be received and approved by the County COUNTY before work commences. However, failure to obtain the required documents prior to the work beginning shall not waive the CONTRACTOR’S obligation to provide them. The County COUNTY reserves the right to require complete, certified copies of all required insurance policies, including endorsements required by these specifications, at any time. Material Breach - Failure of the CONTRACTOR to maintain the insurance required by this agreement, or to comply with any of the requirements of this section, shall constitute a material breach of the entire agreement. EXHIBIT D HIPAA BUSINESS ASSOCIATE AGREEMENT-ADDENDUM Whereas “COUNTY/Covered Entity” (“CE”) wishes to disclose certain information to “CONTRACTOR/Business Associate” (“BA”) pursuant to the terms of the Contract, some of which may constitute Protected Health Information (“PHI”) (defined below), and Whereas CE and BA intend to protect the privacy and provide for the security of PHI disclosed to BA pursuant to the Contract in compliance with the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191 (“HIPAA”), the Health Information Technology for Economic and Clinical Health Act, Public Law 111-005 (“the HITECH Act”), and regulations promulgated thereunder by the U.S. Department of Health and Human Services (“the HIPAA Regulations”) and other applicable laws, and Whereas BA shall comply with the Business Associate Provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act (Section 13001 of Public Law 111-5, the HITECH Act regulations located in 45 CFR 160 &164), including but not limited to Title 42, United States Code, Section 1320d et seq. and its implementing regulations (including but not limited to Title 45, Code of Federal Regulations (CFR), Parts 160, 162, and 164), and Whereas BA shall comply with the State of California regulations regarding the reporting of unauthorized releases of protected health information (PHI). The regulations are found in: Health and Safety Code Sections 1280.15, and Section 1280.18; and Civil Code Section 56.05, and Whereas as part of the HIPAA Regulations, the Privacy Rule and the Security Rule (defined below) require CE to enter into a contract containing specific requirements with BA prior to the disclosure of PHI, as set forth in, but not limited to, Title 45, Sections 164.314(a), 164.502(a) and (e) and 164.504(e) of the Code of Federal Regulations (“C.F.R.”) and contained in this Addendum, and Whereas CE will make available and/or be transferring to BA certain information, in conjunction with goods and services to be provided by BA as outlined in the Contract, that is confidential and must be afforded special treatment and protection, and Whereas BA will have access to and/or receive from CE certain information that can be used or disclosed only in accordance with this Business Associate Agreement-Addendum and the HHS privacy regulations, and Whereas BA does hereby assure CE that BA will appropriately safeguard protected health information made available to BA, in implementation of such assurance and without otherwise limiting the obligations of BA as set forth in the Contract. In consideration of the mutual promises below and the exchange of information pursuant to this Addendum, COUNTY/Covered Entity and CONTRACTOR/Business Associate agree as follows:

Additional Requirements. Premium Payments - The insurance companies shall have no recourse against the COUNTY and funding agencies, its officers and employees or any of them for payment of any premiums or assessments under any policy issued by a mutual insurance company. Policy Deductibles - The CONTRACTOR shall be responsible for all deductibles in all of the CONTRACTOR’s insurance policies. The maximum amount of allowable deductible for insurance coverage required herein shall be $25,000. CONTRACTORC ONTRACTOR’s Obligations - CONTRACTOR’S indemnity and other obligations shall not be limited by the foregoing insurance requirements and shall survive the expiration of this agreement. Verification of Coverage - CONTRACTOR shall furnish the County with original certificates and amendatory endorsements or copies of the applicable policy language effecting coverage required by this clause. All certificates and endorsements are to be received and approved by the County before work commences. However, failure to obtain the required documents prior to the work beginning shall not waive the CONTRACTOR’S obligation to provide them. The County reserves the right to require complete, certified copies of all required insurance policies, including endorsements required by these specifications, at any time. Material Breach - Failure of the CONTRACTOR to maintain the insurance required by this agreement, or to comply with any of the requirements of this section, shall constitute a material breach of the entire agreement. EXHIBIT D HIPAA BUSINESS ASSOCIATE AGREEMENT-ADDENDUM Whereas “COUNTY/Covered Entity” (“CE”) wishes to disclose certain information to “CONTRACTOR/Business Associate” (“BA”) pursuant to the terms of the Contract, some of which may constitute Protected Health Information (“PHI”) (defined below), and Whereas CE and BA intend to protect the privacy and provide for the security of PHI disclosed to BA pursuant to the Contract in compliance with the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191 (“HIPAA”), the Health Information Technology for Economic and Clinical Health Act, Public Law 111-005 (“the HITECH Act”), and regulations promulgated thereunder by the U.S. Department of Health and Human Services (“the HIPAA Regulations”) and other applicable laws, and Whereas BA shall comply with the Business Associate Provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act (Section 13001 of Public Law 111-5, the HITECH Act regulations located in 45 CFR 160 &164), including but not limited to Title 42, United States Code, Section 1320d et seq. and its implementing regulations (including but not limited to Title 45, Code of Federal Regulations (CFR), Parts 160, 162, and 164), and Whereas BA shall comply with the State of California regulations regarding the reporting of unauthorized releases of protected health information (PHI). The regulations are found in: Health and Safety Code Sections 1280.15, and Section 1280.18; and Civil Code Section 56.05, and Whereas as part of the HIPAA Regulations, the Privacy Rule and the Security Rule (defined below) require CE to enter into a contract containing specific requirements with BA prior to the disclosure of PHI, as set forth in, but not limited to, Title 45, Sections 164.314(a), 164.502(a) and (e) and 164.504(e) of the Code of Federal Regulations (“C.F.R.”) and contained in this Addendum, and Whereas CE will make available and/or be transferring to BA certain information, in conjunction with goods and services to be provided by BA as outlined in the Contract, that is confidential and must be afforded special treatment and protection, and Whereas BA will have access to and/or receive from CE certain information that can be used or disclosed only in accordance with this Business Associate Agreement-Addendum and the HHS privacy regulations, and Whereas BA does hereby assure CE that BA will appropriately safeguard protected health information made available to BA, in implementation of such assurance and without otherwise limiting the obligations of BA as set forth in the Contract. In consideration of the mutual promises below and the exchange of information pursuant to this Addendum, COUNTY/Covered Entity and CONTRACTOR/Business Associate agree as follows:

Additional Requirements. Premium Payments - The insurance companies shall have no recourse against the COUNTY and funding agencies, its officers and employees or any of them for payment of any premiums or assessments under any policy issued by a mutual insurance company. Policy Deductibles - The CONTRACTOR shall be responsible for all deductibles in all of the CONTRACTOR’s insurance policies. The maximum amount of allowable deductible for insurance coverage required herein shall be $25,000. CONTRACTOR’s Obligations - CONTRACTOR’S ’s indemnity and other obligations shall not be limited by the foregoing insurance requirements and shall survive the expiration of this agreement. Verification of Coverage - CONTRACTOR shall furnish the County with original certificates and amendatory endorsements or copies of the applicable policy language effecting coverage required by this clause. All certificates and endorsements are to be received and approved by the County before work commences. However, failure to obtain the required documents prior to the work beginning shall not waive the CONTRACTOR’S ’s obligation to provide them. The County reserves the right to require complete, certified copies of all required insurance policies, including endorsements required by these specifications, at any time. Material Breach - Failure of the CONTRACTOR to maintain the insurance required by this agreement, or to comply with any of the requirements of this section, shall constitute a material breach of the entire agreement. EXHIBIT D HIPAA BUSINESS ASSOCIATE AGREEMENTCertificate Holder– Placer County subscribes to a service that monitors insurance certificates for compliance with the above requirements. The Certificate Holder on insurance certificates and related documents should read as follows: County of Placer c/o EXIGIS LLC XX Xxx 0000 XXX #00000 Xxx Xxxx, XX 00000-ADDENDUM Whereas “COUNTY/Covered Entity” (“CE”) wishes 0000 Fax: 000-000-0000 Email: xxxxxxxxxxxx-xxxxxx@xxxxxxxxx.xxx Upon initial award of a contract to disclose certain information to “CONTRACTOR/Business Associate” (“BA”) pursuant to your firm, Exigis will contact you with further instructions for providing insurance certificates which meet the terms of the Contract, some of contract. Certificates which may constitute Protected Health Information (“PHI”) (defined below), and Whereas CE and BA intend to protect amend or alter the privacy and provide for coverage during the security of PHI disclosed to BA pursuant to the Contract in compliance with the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191 (“HIPAA”), the Health Information Technology for Economic and Clinical Health Act, Public Law 111-005 (“the HITECH Act”), and regulations promulgated thereunder by the U.S. Department of Health and Human Services (“the HIPAA Regulations”) and other applicable laws, and Whereas BA shall comply with the Business Associate Provisions term of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act (Section 13001 of Public Law 111-5, the HITECH Act regulations located in 45 CFR 160 &164)contract, including but not limited updated certificates due to Title 42policy renewal, United States Code, Section 1320d et seq. and its implementing regulations (including but not limited should be sent directly to Title 45, Code of Federal Regulations (CFR), Parts 160, 162, and 164), and Whereas BA shall comply with the State of California regulations regarding the reporting of unauthorized releases of protected health information (PHI). The regulations are found in: Health and Safety Code Sections 1280.15, and Section 1280.18; and Civil Code Section 56.05, and Whereas Exigis via fax or email as part of the HIPAA Regulations, the Privacy Rule and the Security Rule (defined below) require CE to enter into a contract containing specific requirements with BA prior to the disclosure of PHI, as set forth in, but not limited to, Title 45, Sections 164.314(a), 164.502(a) and (e) and 164.504(e) of the Code of Federal Regulations (“C.F.R.”) and contained in this Addendum, and Whereas CE will make available and/or be transferring to BA certain information, in conjunction with goods and services to be provided by BA as outlined in the Contract, that is confidential and must be afforded special treatment and protection, and Whereas BA will have access to and/or receive from CE certain information that can be used or disclosed only in accordance with this Business Associate Agreement-Addendum and the HHS privacy regulations, and Whereas BA does hereby assure CE that BA will appropriately safeguard protected health information made available to BA, in implementation of such assurance and without otherwise limiting the obligations of BA as set forth in the Contract. In consideration of the mutual promises below and the exchange of information pursuant to this Addendum, COUNTY/Covered Entity and CONTRACTOR/Business Associate agree as follows:indicated above.

Additional Requirements. Premium Payments - The insurance companies shall have no recourse against the COUNTY and funding agencies, its officers and employees or any of them for payment of any premiums or assessments under any policy issued by a mutual insurance company. Policy Deductibles - The CONTRACTOR shall be responsible for all deductibles in all of the CONTRACTOR’s insurance policies. The maximum amount of allowable deductible for insurance coverage required herein shall be $25,000. CONTRACTOR’s Obligations - CONTRACTOR’S indemnity and other obligations shall not be limited by the foregoing insurance requirements and shall survive the expiration of this agreement. Verification of Coverage - CONTRACTOR shall furnish the County with original certificates and amendatory endorsements or copies of the applicable policy language effecting coverage required by this clause. All certificates and endorsements are to be received and approved by the County before work commences. However, failure to obtain the required documents prior to the work beginning shall not waive the CONTRACTOR’S Contractor’s obligation to provide them. The County reserves the right to require complete, certified copies of all required insurance policies, including endorsements required by these specifications, at any time. Material Breach - Failure of the CONTRACTOR to maintain the insurance required by this agreement, or to comply with any of the requirements of this section, shall constitute a material breach of the entire agreement. EXHIBIT D HIPAA BUSINESS ASSOCIATE AGREEMENT-ADDENDUM Whereas “COUNTY/Covered Entity” (“CE”) wishes to disclose certain information to “CONTRACTOR/Business Associate” (“BA”) pursuant to the terms of the Contract, some of which may constitute Protected Health Information (“PHI”) (defined below), and Whereas CE and BA intend to protect the privacy and provide for the security of PHI disclosed to BA pursuant to the Contract in compliance with the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191 (“HIPAA”), the Health Information Technology for Economic and Clinical Health Act, Public Law 111-005 (“the HITECH Act”), and regulations promulgated thereunder by the U.S. Department of Health and Human Services (“the HIPAA Regulations”) and other applicable laws, and Whereas BA shall comply with the Business Associate Provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act (Section 13001 of Public Law 111-5, the HITECH Act regulations located in 45 CFR 160 &164), including but not limited to Title 42, United States Code, Section 1320d et seq. and its implementing regulations (including but not limited to Title 45, Code of Federal Regulations (CFR), Parts 160, 162, and 164), and Whereas BA shall comply with the State of California regulations regarding the reporting of unauthorized releases of protected health information (PHI). The regulations are found in: Health and Safety Code Sections 1280.15, and Section 1280.18; and Civil Code Section 56.05, and Whereas as part of the HIPAA Regulations, the Privacy Rule and the Security Rule (defined below) require CE to enter into a contract containing specific requirements with BA prior to the disclosure of PHI, as set forth in, but not limited to, Title 45, Sections 164.314(a), 164.502(a) and (e) and 164.504(e) of the Code of Federal Regulations (“C.F.R.”) and contained in this Addendum, and Whereas CE will make available and/or be transferring to BA certain information, in conjunction with goods and services to be provided by BA as outlined in the Contract, that is confidential and must be afforded special treatment and protection, and Whereas BA will have access to and/or receive from CE certain information that can be used or disclosed only in accordance with this Business Associate Agreement-Addendum and the HHS privacy regulations, and Whereas BA does hereby assure CE that BA will appropriately safeguard protected health information made available to BA, in implementation of such assurance and without otherwise limiting the obligations of BA as set forth in the Contract. In consideration of the mutual promises below and the exchange of information pursuant to this Addendum, COUNTY/Covered Entity and CONTRACTOR/Business Associate agree as follows:

Additional Requirements. Premium Payments - The insurance companies shall have no recourse against the COUNTY and funding agencies, its officers and employees or any of them for payment of any premiums or assessments under any policy issued by a mutual insurance company. Policy Deductibles - The CONTRACTOR shall be responsible for all deductibles in all of the CONTRACTOR’s 'S insurance policies. The maximum amount of allowable deductible for insurance coverage required herein shall be $25,000. CONTRACTOR’s 'S Obligations - CONTRACTOR’S indemnity and other obligations shall not be limited by the foregoing insurance requirements and shall survive the expiration of this agreement. Verification of Coverage - CONTRACTOR shall furnish the County with original certificates and amendatory endorsements or copies of the applicable policy language effecting coverage required by this clause. All certificates and endorsements are to be received and approved by the County before work commences. However, failure to obtain the required documents prior to the work beginning shall not waive the CONTRACTOR’S obligation to provide them. The County reserves the right to require complete, certified copies of all required insurance policies, including endorsements required by these specifications, at any time. DRAFT Material Breach - Failure of the CONTRACTOR to maintain the insurance required by this agreement, or to comply with any of the requirements of this section, shall constitute a material breach of the entire agreement. EXHIBIT D HIPAA BUSINESS ASSOCIATE AGREEMENT-ADDENDUM Whereas “COUNTY/Covered Entity” (“CE”) wishes to disclose certain information to “CONTRACTOR/Business Associate” (“BA”) pursuant to the terms of the Contract, some of which may constitute Protected Health Information (“PHI”) (defined below), and Whereas CE and BA intend to protect the privacy and provide for the security of PHI disclosed to BA pursuant to the Contract in compliance with the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191 (“HIPAA”), the Health Information Technology for Economic and Clinical Health Act, Public Law 111-005 (“the HITECH Act”), and regulations promulgated thereunder by the U.S. Department of Health and Human Services (“the HIPAA Regulations”) and other applicable laws, and Whereas BA shall comply with the Business Associate Provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act (Section 13001 of Public Law 111-5, the HITECH Act regulations located in 45 CFR 160 &164), including but not limited to Title 42, United States Code, Section 1320d et seq. and its implementing regulations (including but not limited to Title 45, Code of Federal Regulations (CFR), Parts 160, 162, and 164), and DRAFT Whereas BA shall comply with the State of California regulations regarding the reporting of unauthorized releases of protected health information (PHI). The regulations are found in: Health and Safety Code Sections 1280.15, and Section 1280.18; and Civil Code Section 56.05, and Whereas as part of the HIPAA Regulations, the Privacy Rule and the Security Rule (defined below) require CE to enter into a contract containing specific requirements with BA prior to the disclosure of PHI, as set forth in, but not limited to, Title 45, Sections 164.314(a), 164.502(a) and (e) and 164.504(e) of the Code of Federal Regulations (“C.F.R.”) and contained in this Addendum, and Whereas CE will make available and/or be transferring to BA certain information, in conjunction with goods and services to be provided by BA as outlined in the Contract, that is confidential and must be afforded special treatment and protection, and Whereas BA will have access to and/or receive from CE certain information that can be used or disclosed only in accordance with this Business Associate Agreement-Addendum and the HHS privacy regulations, and Whereas BA does hereby assure CE that BA will appropriately safeguard protected health information made available to BA, in implementation of such assurance and without otherwise limiting the obligations of BA as set forth in the Contract. In consideration of the mutual promises below and the exchange of information pursuant to this Addendum, COUNTY/Covered Entity and CONTRACTOR/Business Associate agree as follows:

Additional Requirements. Premium Payments - The insurance companies shall have no recourse against the COUNTY and funding agencies, its officers and employees or any of them for payment of any premiums or assessments under any policy issued by a mutual insurance company. Policy Deductibles - The CONTRACTOR shall be responsible for all deductibles in all of the CONTRACTOR’s insurance policies. The maximum amount of allowable deductible for insurance coverage required herein shall be $25,000. CONTRACTOR’s Obligations - CONTRACTOR’S indemnity and other obligations shall not be limited by the foregoing insurance requirements and shall survive the expiration of this agreement. Verification of Coverage - CONTRACTOR shall furnish the County with original certificates and amendatory endorsements or copies of the applicable policy language effecting coverage required by this clause. All certificates and endorsements are to be received and approved by the County before work commences. However, failure to obtain the required documents prior to the work beginning shall not waive the CONTRACTOR’S obligation to provide them. The County reserves the right to require complete, certified copies of all required insurance policies, including endorsements required by these specifications, at any time. DRAFT Material Breach - Failure of the CONTRACTOR to maintain the insurance required by this agreement, or to comply with any of the requirements of this section, shall constitute a material breach of the entire agreement. EXHIBIT D HIPAA BUSINESS ASSOCIATE AGREEMENT-ADDENDUM Whereas “COUNTY/Covered Entity” (“CE”) wishes to disclose certain information to “CONTRACTOR/Business Associate” (“BA”) pursuant to the terms of the Contract, some of which may constitute Protected Health Information (“PHI”) (defined below), and Whereas CE and BA intend to protect the privacy and provide for the security of PHI disclosed to BA pursuant to the Contract in compliance with the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191 (“HIPAA”), the Health Information Technology for Economic and Clinical Health Act, Public Law 111-005 (“the HITECH Act”), and regulations promulgated thereunder by the U.S. Department of Health and Human Services (“the HIPAA Regulations”) and other applicable laws, and Whereas BA shall comply with the Business Associate Provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act (Section 13001 of Public Law 111-5, the HITECH Act regulations located in 45 CFR 160 &164), including but not limited to Title 42, United States Code, Section 1320d et seq. and its implementing regulations (including but not limited to Title 45, Code of Federal Regulations (CFR), Parts 160, 162, and 164), and Whereas BA shall comply with the State of California regulations regarding the reporting of unauthorized releases of protected health information (PHI). The regulations are found in: Health and Safety Code Sections 1280.15, and Section 1280.18; and Civil Code Section 56.05, and DRAFT Whereas as part of the HIPAA Regulations, the Privacy Rule and the Security Rule (defined below) require CE to enter into a contract containing specific requirements with BA prior to the disclosure of PHI, as set forth in, but not limited to, Title 45, Sections 164.314(a), 164.502(a) and (e) and 164.504(e) of the Code of Federal Regulations (“C.F.R.”) and contained in this Addendum, and Whereas CE will make available and/or be transferring to BA certain information, in conjunction with goods and services to be provided by BA as outlined in the Contract, that is confidential and must be afforded special treatment and protection, and Whereas BA will have access to and/or receive from CE certain information that can be used or disclosed only in accordance with this Business Associate Agreement-Addendum and the HHS privacy regulations, and Whereas BA does hereby assure CE that BA will appropriately safeguard protected health information made available to BA, in implementation of such assurance and without otherwise limiting the obligations of BA as set forth in the Contract. In consideration of the mutual promises below and the exchange of information pursuant to this Addendum, COUNTY/Covered Entity and CONTRACTOR/Business Associate agree as follows:

Additional Requirements. Premium Payments - The insurance companies shall have no recourse against the COUNTY and funding agencies, its officers and employees or any of them for payment of any premiums or assessments under any policy issued by a mutual insurance company. Policy Deductibles - The CONTRACTOR shall be responsible for all deductibles in all of the CONTRACTORCONSULTANT’s insurance policies. The maximum amount of allowable deductible for insurance coverage required herein shall be $25,000. CONTRACTORC ONTRACTOR’s Obligations - CONTRACTOR’S ’s indemnity and other obligations shall not be limited by the foregoing insurance requirements and shall survive the expiration of this agreement. Verification of Coverage - CONTRACTOR shall furnish the County with original certificates and amendatory endorsements or copies of the applicable policy language effecting coverage required by this clause. All certificates and endorsements are to be received and approved by the County before work commences. However, failure to obtain the required documents prior to the work beginning shall not waive the CONTRACTOR’S ’s obligation to provide them. The County reserves the right to require complete, certified copies of all required insurance policies, including endorsements required by these specifications, at any time. Material Breach - Failure of the CONTRACTOR to maintain the insurance required by this agreement, or to comply with any of the requirements of this section, shall constitute a material breach of the entire agreement. EXHIBIT D HIPAA BUSINESS ASSOCIATE AGREEMENT-ADDENDUM Whereas “COUNTY/Covered Entity” (“CE”) wishes agreement Certificate Holder – Placer County subscribes to disclose certain information to “CONTRACTOR/Business Associate” (“BA”) pursuant to the terms of the Contract, some of which may constitute Protected Health Information (“PHI”) (defined below), and Whereas CE and BA intend to protect the privacy and provide a service that monitors insurance certificates for the security of PHI disclosed to BA pursuant to the Contract in compliance with the Health Insurance Portability above requirements. The Certificate Holder on insurance certificates and Accountability Act related documents should read as follows: County of 1996Placer c/o EXIGIS LLC XX Xxx 0000 XXX #00000 Xxx Xxxx, Public Law 104XX 00000-191 0000 Fax: (“HIPAA”)000-000-0000 Email: xxxxxxxxxxxx-xxxxxx@xxxxxxxxx.xxx Upon initial award of a contract to your firm, you may be instructed to send the Health Information Technology actual documents to a County contact person for Economic and Clinical Health Act, Public Law 111-005 (“preliminary compliance review. The County will forward those documents to EXIGIS. Certificates which amend or alter the HITECH Act”), and regulations promulgated thereunder by coverage during the U.S. Department of Health and Human Services (“the HIPAA Regulations”) and other applicable laws, and Whereas BA shall comply with the Business Associate Provisions term of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act (Section 13001 of Public Law 111-5, the HITECH Act regulations located in 45 CFR 160 &164)contract, including but not limited updated certificates due to Title 42policy renewal, United States Code, Section 1320d et seq. and its implementing regulations (including but not limited should be sent directly to Title 45, Code of Federal Regulations (CFR), Parts 160, 162, and 164), and Whereas BA shall comply with the State of California regulations regarding the reporting of unauthorized releases of protected health information (PHI). The regulations are found in: Health and Safety Code Sections 1280.15, and Section 1280.18; and Civil Code Section 56.05, and Whereas EXIGIS via fax or email as part of the HIPAA Regulations, the Privacy Rule and the Security Rule (defined below) require CE to enter into a contract containing specific requirements with BA prior to the disclosure of PHI, as set forth in, but not limited to, Title 45, Sections 164.314(a), 164.502(a) and (e) and 164.504(e) of the Code of Federal Regulations (“C.F.R.”) and contained in this Addendum, and Whereas CE will make available and/or be transferring to BA certain information, in conjunction with goods and services to be provided by BA as outlined in the Contract, that is confidential and must be afforded special treatment and protection, and Whereas BA will have access to and/or receive from CE certain information that can be used or disclosed only in accordance with this Business Associate Agreement-Addendum and the HHS privacy regulations, and Whereas BA does hereby assure CE that BA will appropriately safeguard protected health information made available to BA, in implementation of such assurance and without otherwise limiting the obligations of BA as set forth in the Contract. In consideration of the mutual promises below and the exchange of information pursuant to this Addendum, COUNTY/Covered Entity and CONTRACTOR/Business Associate agree as follows:indicated above.

Additional Requirements. Premium Payments - The insurance companies shall have no recourse against the COUNTY and funding agencies, its officers and employees or any of them for payment of any premiums or assessments under any policy issued by a mutual insurance company. Policy Deductibles - The CONTRACTOR shall be responsible for all deductibles in all of the CONTRACTOR’s insurance policies. The maximum amount of allowable deductible for insurance coverage required herein shall be $25,000. CONTRACTORC ONTRACTOR’s Obligations - CONTRACTOR’S ’s indemnity and other obligations shall not be limited by the foregoing insurance requirements and shall survive the expiration of this agreement. Verification of Coverage - CONTRACTOR shall furnish the County with original certificates and amendatory endorsements or copies of the applicable policy language effecting coverage required by this clause. All certificates and endorsements are to be received and approved by the County before work commences. However, failure to obtain the required documents prior to the work beginning shall not waive the CONTRACTOR’S ’s obligation to provide them. The County reserves the right to require complete, certified copies of all required insurance policies, including endorsements required by these specifications, at any time. Material Breach - Failure of the CONTRACTOR to maintain the insurance required by this agreement, or to comply with any of the requirements of this section, shall constitute a material breach of the entire agreement. EXHIBIT D HIPAA BUSINESS ASSOCIATE AGREEMENT-ADDENDUM Whereas “COUNTY/Covered Entity” (“CE”) wishes to disclose certain information to “CONTRACTOR/Business Associate” (“BA”) pursuant to the terms of the Contract, some of which may constitute Protected Health Information (“PHI”) (defined below), and Whereas CE and BA intend to protect the privacy and provide for the security of PHI disclosed to BA pursuant to the Contract in compliance with the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191 (“HIPAA”), the Health Information Technology for Economic and Clinical Health Act, Public Law 111-005 (“the HITECH Act”), and regulations promulgated thereunder by the U.S. Department of Health and Human Services (“the HIPAA Regulations”) and other applicable laws, and Whereas BA shall comply with the Business Associate Provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act (Section 13001 of Public Law 111-5, the HITECH Act regulations located in 45 CFR 160 &164), including but not limited to Title 42, United States Code, Section 1320d et seq. and its implementing regulations (including but not limited to Title 45, Code of Federal Regulations (CFR), Parts 160, 162, and 164), and Whereas BA shall comply with the State of California regulations regarding the reporting of unauthorized releases of protected health information (PHI). The regulations are found in: Health and Safety Code Sections 1280.15, and Section 1280.18; and Civil Code Section 56.05, and Whereas as part of the HIPAA Regulations, the Privacy Rule and the Security Rule (defined below) require CE to enter into a contract containing specific requirements with BA prior to the disclosure of PHI, as set forth in, but not limited to, Title 45, Sections 164.314(a), 164.502(a) and (e) and 164.504(e) of the Code of Federal Regulations (“C.F.R.”) and contained in this Addendum, and Whereas CE will make available and/or be transferring to BA certain information, in conjunction with goods and services to be provided by BA as outlined in the Contract, that is confidential and must be afforded special treatment and protection, and Whereas BA will have access to and/or receive from CE certain information that can be used or disclosed only in accordance with this Business Associate Agreement-Addendum and the HHS privacy regulations, and Whereas BA does hereby assure CE that BA will appropriately safeguard protected health information made available to BA, in implementation of such assurance and without otherwise limiting the obligations of BA as set forth in the Contract. In consideration of the mutual promises below and the exchange of information pursuant to this Addendum, COUNTY/Covered Entity and CONTRACTOR/Business Associate agree as follows:

Additional Requirements. Premium Payments - The insurance companies shall have no recourse against the COUNTY and funding agencies, its officers and employees or any of them for payment of any premiums or assessments under any policy issued by a mutual insurance company. Policy Deductibles - The CONTRACTOR shall be responsible for all deductibles in all of the CONTRACTOR’s insurance policies. The maximum amount of allowable deductible for insurance coverage required herein shall be $25,000. CONTRACTOR’s Obligations - CONTRACTOR’S indemnity and other obligations shall not be limited by the foregoing insurance requirements and shall survive the expiration of this agreement. Verification of Coverage - CONTRACTOR shall furnish the County with original certificates and amendatory endorsements or copies of the applicable policy language effecting affecting coverage required by this clause. All certificates and endorsements are to be received and approved by the County before work commences. However, failure to obtain the required documents prior to the work beginning shall not waive the CONTRACTOR’S obligation to provide them. The County reserves the right to require complete, certified copies of all required insurance policies, including endorsements required by these specifications, at any time. Material Breach - Failure of the CONTRACTOR to maintain the insurance required by this agreement, or to comply with any of the requirements of this section, shall constitute a material breach of the entire agreement. EXHIBIT D HIPAA BUSINESS ASSOCIATE AGREEMENT-ADDENDUM Whereas “COUNTY/Covered Entity” (“CE”) wishes to disclose certain information to “CONTRACTOR/Business Associate” (“BA”) pursuant to the terms of the Contract, some of which may constitute Protected Health Information (“PHI”) (defined below), and Whereas CE and BA intend to protect the privacy and provide for the security of PHI disclosed to BA pursuant to the Contract in compliance with the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191 (“HIPAA”), the Health Information Technology for Economic and Clinical Health Act, Public Law 111-005 (“the HITECH Act”), and regulations promulgated thereunder by the U.S. Department of Health and Human Services (“the HIPAA Regulations”) and other applicable laws, and Whereas BA shall comply with the Business Associate Provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act (Section 13001 of Public Law 111-5, the HITECH Act regulations located in 45 CFR 160 &164), including but not limited to Title 42, United States Code, Section 1320d et seq. and its implementing regulations (including but not limited to Title 45, Code of Federal Regulations (CFR), Parts 160, 162, and 164), and Whereas BA shall comply with the State of California regulations regarding the reporting of unauthorized releases of protected health information (PHI). The regulations are found in: Health and Safety Code Sections 1280.15, and Section 1280.18; and Civil Code Section 56.05, and Whereas as part of the HIPAA Regulations, the Privacy Rule and the Security Rule (defined below) require CE to enter into a contract containing specific requirements with BA prior to the disclosure of PHI, as set forth in, but not limited to, Title 45, Sections 164.314(a), 164.502(a) and (e) and 164.504(e) of the Code of Federal Regulations (“C.F.R.”) and contained in this Addendum, and Whereas CE will make available and/or be transferring to BA certain information, in conjunction with goods and services to be provided by BA as outlined in the Contract, that is confidential and must be afforded special treatment and protection, and Whereas BA will have access to and/or receive from CE certain information that can be used or disclosed only in accordance with this Business Associate Agreement-Addendum and the HHS privacy regulations, and Whereas BA does hereby assure CE that BA will appropriately safeguard protected health information made available to BA, in implementation of such assurance and without otherwise limiting the obligations of BA as set forth in the Contract. In consideration of the mutual promises below and the exchange of information pursuant to this Addendum, COUNTY/Covered Entity and CONTRACTOR/Business Associate agree as follows:

Additional Requirements. Premium Payments - The insurance companies shall have no recourse against the COUNTY and funding agencies, its officers and employees or any of them for payment of any premiums or assessments under any policy issued by a mutual insurance company. Policy Deductibles - The CONTRACTOR shall be responsible for all deductibles in all of the CONTRACTOR’s insurance policies. The maximum amount of allowable deductible for insurance coverage required herein shall be $25,000. CONTRACTOR’s Obligations - CONTRACTOR’S indemnity and other obligations shall not be limited by the foregoing insurance requirements and shall survive the expiration of this agreement. Verification of Coverage - CONTRACTOR shall furnish the County COUNTY with original certificates and amendatory endorsements or copies of the applicable policy language effecting coverage required by this clause. All certificates and endorsements are to be received and approved by the County COUNTY before work commences. However, failure to obtain the required documents prior to the work beginning shall not waive the CONTRACTOR’S obligation to provide them. The County COUNTY reserves the right to require complete, certified copies of all required insurance policies, including endorsements required by these specifications, at any time. DRAFT Material Breach - Failure of the CONTRACTOR to maintain the insurance required by this agreement, or to comply with any of the requirements of this section, shall constitute a material breach of the entire agreement. EXHIBIT D HIPAA BUSINESS ASSOCIATE AGREEMENT-ADDENDUM Whereas “COUNTY/Covered Entity” (“CE”) wishes to disclose certain information to “CONTRACTOR/Business Associate” (“BA”) pursuant to the terms of the Contract, some of which may constitute Protected Health Information (“PHI”) (defined below), and Whereas CE and BA intend to protect the privacy and provide for the security of PHI disclosed to BA pursuant to the Contract in compliance with the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191 (“HIPAA”), the Health Information Technology for Economic and Clinical Health Act, Public Law 111-005 (“the HITECH Act”), and regulations promulgated thereunder by the U.S. Department of Health and Human Services (“the HIPAA Regulations”) and other applicable laws, and Whereas BA shall comply with the Business Associate Provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act (Section 13001 of Public Law 111-5, the HITECH Act regulations located in 45 CFR 160 &164), including but not limited to Title 42, United States Code, Section 1320d et seq. and its implementing regulations (including but not limited to Title 45, Code of Federal Regulations (CFR), Parts 160, 162, and 164), and DRAFT Whereas BA shall comply with the State of California regulations regarding the reporting of unauthorized releases of protected health information (PHI). The regulations are found in: Health and Safety Code Sections 1280.15, and Section 1280.18; and Civil Code Section 56.05, and Whereas as part of the HIPAA Regulations, the Privacy Rule and the Security Rule (defined below) require CE to enter into a contract containing specific requirements with BA prior to the disclosure of PHI, as set forth in, but not limited to, Title 45, Sections 164.314(a), 164.502(a) and (e) and 164.504(e) of the Code of Federal Regulations (“C.F.R.”) and contained in this Addendum, and Whereas CE will make available and/or be transferring to BA certain information, in conjunction with goods and services to be provided by BA as outlined in the Contract, that is confidential and must be afforded special treatment and protection, and Whereas BA will have access to and/or receive from CE certain information that can be used or disclosed only in accordance with this Business Associate Agreement-Addendum and the HHS privacy regulations, and Whereas BA does hereby assure CE that BA will appropriately safeguard protected health information made available to BA, in implementation of such assurance and without otherwise limiting the obligations of BA as set forth in the Contract. In consideration of the mutual promises below and the exchange of information pursuant to this Addendum, COUNTY/Covered Entity and CONTRACTOR/Business Associate agree as follows:

Additional Requirements. Premium Payments - The insurance companies shall have no recourse against the COUNTY and funding agencies, its officers and employees or any of them for payment of any premiums or assessments under any policy issued by a mutual insurance company. Policy Deductibles - The CONTRACTOR shall be responsible for all deductibles in all of the CONTRACTOR’s insurance policies. The maximum amount of allowable deductible for insurance coverage required herein shall be $25,000. CONTRACTOR’s Obligations - CONTRACTOR’S indemnity and other obligations shall not be limited by the foregoing insurance requirements and shall survive the expiration of this agreement. Verification of Coverage - CONTRACTOR shall furnish the County with original certificates and amendatory endorsements or copies of the applicable policy language effecting coverage required by this clause. All certificates and endorsements are to be received and approved by the County before work commences. However, failure to obtain the required documents prior to the work beginning shall not waive the CONTRACTOR’S obligation to provide them. The County reserves the right to require complete, certified copies of all required insurance policies, including endorsements required by these specifications, at any time. Material Breach - Failure of the CONTRACTOR to maintain the insurance required by this agreement, or to comply with any of the requirements of this section, shall constitute a material breach of the entire agreement. EXHIBIT D C HIPAA BUSINESS ASSOCIATE AGREEMENT-ADDENDUM Whereas “COUNTY/Covered Entity” (“CE”) wishes to disclose certain information to “CONTRACTOR/Business Associate” (“BA”) pursuant to the terms of the Contract, some of which may constitute Protected Health Information (“PHI”) (defined below), and Whereas CE and BA intend to protect the privacy and provide for the security of PHI disclosed to BA pursuant to the Contract in compliance with the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191 (“HIPAA”), the Health Information Technology for Economic and Clinical Health Act, Public Law 111-005 (“the HITECH Act”), and regulations promulgated thereunder by the U.S. Department of Health and Human Services (“the HIPAA Regulations”) and other applicable laws, and Whereas BA shall comply with the Business Associate Provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act (Section 13001 of Public Law 111-5, the HITECH Act regulations located in 45 CFR 160 &164), including but not limited to Title 42, United States Code, Section 1320d et seq. and its implementing regulations (including but not limited to Title 45, Code of Federal Regulations (CFR), Parts 160, 162, and 164), and Whereas BA shall comply with the State of California regulations regarding the reporting of unauthorized releases of protected health information (PHI). The regulations are found in: Health and Safety Code Sections 1280.15, and Section 1280.18; and Civil Code Section 56.05, and Whereas as part of the HIPAA Regulations, the Privacy Rule and the Security Rule (defined below) require CE to enter into a contract containing specific requirements with BA prior to the disclosure of PHI, as set forth in, but not limited to, Title 45, Sections 164.314(a), 164.502(a) and (e) and 164.504(e) of the Code of Federal Regulations (“C.F.R.”) and contained in this Addendum, and Whereas CE will make available and/or be transferring to BA certain information, in conjunction with goods and services to be provided by BA as outlined in the Contract, that is confidential and must be afforded special treatment and protection, and Whereas BA will have access to and/or receive from CE certain information that can be used or disclosed only in accordance with this Business Associate Agreement-Addendum and the HHS privacy regulations, and Whereas BA does hereby assure CE that BA will appropriately safeguard protected health information made available to BA, in implementation of such assurance and without otherwise limiting the obligations of BA as set forth in the Contract. In consideration of the mutual promises below and the exchange of information pursuant to this Addendum, COUNTY/Covered Entity and CONTRACTOR/Business Associate agree as follows:

Additional Requirements. Premium Payments - The insurance companies shall have no recourse against the COUNTY and funding agencies, its officers and employees or any of them for payment of any premiums or assessments under any policy issued by a mutual insurance company. Policy Deductibles - The CONTRACTOR shall be responsible for all deductibles in all of the CONTRACTOR’s insurance policies. The maximum amount of allowable deductible for insurance coverage required herein shall be $25,000. CONTRACTOR’s Obligations - CONTRACTOR’S ’s indemnity and other obligations shall not be limited by the foregoing insurance requirements and shall survive the expiration of this agreement. Verification of Coverage - CONTRACTOR shall furnish the County with original certificates and amendatory endorsements or copies of the applicable policy language effecting coverage required by this clause. All certificates and endorsements are to be received and approved by the County before work commences. However, failure to obtain the required documents prior to the work beginning shall not waive the CONTRACTOR’S ’s obligation to provide them. The County reserves the right to require complete, certified copies of all required insurance policies, including endorsements required by these specifications, at any time. Material Breach - Failure of the CONTRACTOR to maintain the insurance required by this agreement, or to comply with any of the requirements of this section, shall constitute a material breach of the entire agreement. EXHIBIT D HIPAA BUSINESS ASSOCIATE AGREEMENT-ADDENDUM Whereas “COUNTY/Covered Entity” (“CE”) wishes to disclose certain information to “CONTRACTOR/Business Associate” (“BA”) pursuant to the terms of the Contract, some of which may constitute Protected Health Information (“PHI”) (defined below), and Whereas CE and BA intend to protect the privacy and provide for the security of PHI disclosed to BA pursuant to the Contract in compliance with the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191 (“HIPAA”), the Health Information Technology for Economic and Clinical Health Act, Public Law 111-005 (“the HITECH Act”), and regulations promulgated thereunder by the U.S. Department of Health and Human Services (“the HIPAA Regulations”) and other applicable laws, and Whereas BA shall comply with the Business Associate Provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act (Section 13001 of Public Law 111-5, the HITECH Act regulations located in 45 CFR 160 &164), including but not limited to Title 42, United States Code, Section 1320d et seq. and its implementing regulations (including but not limited to Title 45, Code of Federal Regulations (CFR), Parts 160, 162, and 164), and Whereas BA shall comply with the State of California regulations regarding the reporting of unauthorized releases of protected health information (PHI). The regulations are found in: Health and Safety Code Sections 1280.15, and Section 1280.18; and Civil Code Section 56.05, and Whereas as part of the HIPAA Regulations, the Privacy Rule and the Security Rule (defined below) require CE to enter into a contract containing specific requirements with BA prior to the disclosure of PHI, as set forth in, but not limited to, Title 45, Sections 164.314(a), 164.502(a) and (e) and 164.504(e) of the Code of Federal Regulations (“C.F.R.”) and contained in this Addendum, and Whereas CE will make available and/or be transferring to BA certain information, in conjunction with goods and services to be provided by BA as outlined in the Contract, that is confidential and must be afforded special treatment and protection, and Whereas BA will have access to and/or receive from CE certain information that can be used or disclosed only in accordance with this Business Associate Agreement-Addendum and the HHS privacy regulations, and Whereas BA does hereby assure CE that BA will appropriately safeguard protected health information made available to BA, in implementation of such assurance and without otherwise limiting the obligations of BA as set forth in the Contract. In consideration of the mutual promises below and the exchange of information pursuant to this Addendum, COUNTY/Covered Entity and CONTRACTOR/Business Associate agree as follows:

Additional Requirements. Premium Payments - The insurance companies shall have no recourse against the COUNTY and funding agencies, its officers and employees or any of them for payment of any premiums or assessments under any policy issued by a mutual insurance company. Policy Deductibles - The CONTRACTOR shall be responsible for all deductibles in all of the CONTRACTOR’s insurance policies. The maximum amount of allowable deductible for insurance coverage required herein shall be $25,0003,000,000. CONTRACTOR’s Obligations - CONTRACTOR’S ’s indemnity and other obligations shall not be limited by the foregoing insurance requirements and shall survive the expiration of this agreement. Verification of Coverage - CONTRACTOR shall furnish the County COUNTY with original certificates and amendatory endorsements or copies of the applicable policy language effecting coverage required by this clause. All certificates and endorsements are to be received and approved by the County COUNTY before work commences. However, failure to obtain the required documents prior to the work beginning shall not waive the CONTRACTOR’S ’s obligation to provide them. The County COUNTY reserves the right to require complete, certified copies of all required insurance policies, including endorsements required by these specifications, at any time. Material Breach - Failure of the CONTRACTOR to maintain the insurance required by this agreement, or to comply with any of the requirements of this section, shall constitute a material breach of the entire agreement. EXHIBIT D HIPAA BUSINESS ASSOCIATE AGREEMENTCertificate Holder –Placer COUNTY subscribes to a service that monitors insurance certificates for compliance with the above requirements. The Certificate Holder on insurance certificates and related documents should read as follows: COUNTY of Placer c/o EXIGIS LLC XX Xxx 0000 XXX #00000 Xxx Xxxx, XX 00000-ADDENDUM Whereas “COUNTY/Covered Entity” (“CE”) wishes 0000 Fax: 000-000-0000 Email: xxxxxxxxxxxx-xxxxxx@xxxxxxxxx.xxx Upon initial award of a contract to disclose certain information your firm, you may be instructed to “CONTRACTOR/Business Associate” (“BA”) pursuant send the actual documents to a COUNTY contact person for preliminary compliance review. The COUNTY will forward those documents to EXIGIS. Certificates which amend or alter the terms coverage during the term of the Contractcontract, some including updated certificates due to policy renewal, should be sent directly to EXIGIS via fax or email as indicated above. EXHIBIT E FTA ASSISTED REQUIRED CLAUSES FOR CAPITAL AND PROFESSIONAL SERVICE PROCUREMENTS The Federal Government requires that activities financed, in part, with Federal funds and performed by a third party Contractor and its sub-contractors on behalf of which may constitute Protected Health Information a Federal grantee must be carried out in accordance with Federal requirements. Activities performed resulting from the original contract to this and any other prior or subsequent contract amendments thereto are financed, in part, by a grant from the United States Department of Transportation (“PHI”) DOT), Federal Transit Administration (defined belowFTA), and Whereas CE and BA intend to protect the privacy and provide for the security of PHI disclosed to BA pursuant are therefore subject to the Contract in compliance with the Health Insurance Portability and Accountability Act of 1996applicable grant terms, Public Law 104-191 (“HIPAA”), the Health Information Technology for Economic and Clinical Health Act, Public Law 111-005 (“the HITECH Act”)conditions, and regulations promulgated thereunder by the U.S. Department of Health and Human Services (“the HIPAA Regulations”) and other applicable lawsregulations. Accordingly, and Whereas BA shall comply with the Business Associate Provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act (Section 13001 of Public Law 111-5, the HITECH Act regulations located in 45 CFR 160 &164), including but not limited to Title 42, United States Code, Section 1320d et seq. any Contractor and its implementing regulations (including but not limited to Title 45, Code of Federal Regulations (CFR), Parts 160, 162, and 164), and Whereas BA shall comply with the State of California regulations regarding the reporting of unauthorized releases of protected health information (PHI). The regulations are found in: Health and Safety Code Sections 1280.15, and Section 1280.18; and Civil Code Section 56.05, and Whereas as part of the HIPAA Regulations, the Privacy Rule and the Security Rule (defined below) require CE to enter into a contract containing specific requirements with BA prior sub-contractors performing activities under this Agreement must adhere to the disclosure Federal regulations stated herein as a condition of PHI, satisfactory performance. All subcontracts and sub-contractors employed as a result of this Agreement are subject to the same conditions and regulations as set forth in, but not limited to, Title 45, Sections 164.314(a), 164.502(a) herein unless specifically exempted. The Prime Contractor shall ensure that its subcontractors at all tiers are made aware of and (e) and 164.504(e) of comply with these Federal regulations. The Prime Contractor will be held liable for compliance failures by its subcontractors. Failure to comply will render the Code of Federal Regulations (“C.F.R.”) and contained in this Addendum, and Whereas CE will make available Prime Contractor responsible for damages and/or be transferring to BA certain information, in conjunction with goods and services to be provided by BA as outlined in the Contract, that is confidential and must be afforded special treatment and protection, and Whereas BA will have access to and/or receive from CE certain information that can be used or disclosed only in accordance with this Business Associate Agreement-Addendum and the HHS privacy regulations, and Whereas BA does hereby assure CE that BA will appropriately safeguard protected health information made available to BA, in implementation of such assurance and without otherwise limiting the obligations of BA as set forth in the Contract. In consideration of the mutual promises below and the exchange of information pursuant to this Addendum, COUNTY/Covered Entity and CONTRACTOR/Business Associate agree as follows:contract termination.

Additional Requirements. Premium Payments - The insurance companies shall have no recourse against the COUNTY and funding agencies, its officers and employees or any of them for payment of any premiums or assessments under any policy issued by a mutual insurance company. Policy Deductibles - The CONTRACTOR shall be responsible for all deductibles in all of the CONTRACTOR’s insurance policies. The maximum amount of allowable deductible for insurance coverage required herein shall be $25,000. CONTRACTOR’s Obligations - CONTRACTOR’S ’s indemnity and other obligations shall not be limited by the foregoing insurance requirements and shall survive the expiration of this agreement. Verification of Coverage - CONTRACTOR shall furnish the County with original certificates and amendatory endorsements or copies of the applicable policy language effecting coverage required by this clause. All certificates and endorsements are to be received and approved by the County before work commences. However, failure to obtain the required documents prior to the work beginning shall not waive the CONTRACTOR’S ’s obligation to provide them. The County reserves the right to require complete, certified copies of all required insurance policies, including endorsements required by these specifications, at any time. Material Breach - Failure of the CONTRACTOR to maintain the insurance required by this agreement, or to comply with any of the requirements of this section, shall constitute a material breach of the entire agreement. EXHIBIT D HIPAA BUSINESS ASSOCIATE AGREEMENTCertificate Holder– Placer County subscribes to a service that monitors insurance certificates for compliance with the above requirements. The Certificate Holder on insurance certificates and related documents should read as follows: County of Placer c/o EXIGIS LLC PO Bxx 0000 XXX #00000 Xxx Xxxx, XX 00000-ADDENDUM Whereas “COUNTY/Covered Entity” (“CE”) wishes 0000 Xxx: 000-000-0000 Email: xxxxxxxxxxxx-xxxxxx@xxxxxxxxx.xxx Upon initial award of a contract to disclose certain information to “CONTRACTOR/Business Associate” (“BA”) pursuant to your firm, Exigis will contact you with further instructions for providing insurance certificates which meet the terms of the Contract, some of contract. Certificates which may constitute Protected Health Information (“PHI”) (defined below), and Whereas CE and BA intend to protect amend or alter the privacy and provide for coverage during the security of PHI disclosed to BA pursuant to the Contract in compliance with the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191 (“HIPAA”), the Health Information Technology for Economic and Clinical Health Act, Public Law 111-005 (“the HITECH Act”), and regulations promulgated thereunder by the U.S. Department of Health and Human Services (“the HIPAA Regulations”) and other applicable laws, and Whereas BA shall comply with the Business Associate Provisions term of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act (Section 13001 of Public Law 111-5, the HITECH Act regulations located in 45 CFR 160 &164)contract, including but not limited updated certificates due to Title 42policy renewal, United States Code, Section 1320d et seq. and its implementing regulations (including but not limited should be sent directly to Title 45, Code of Federal Regulations (CFR), Parts 160, 162, and 164), and Whereas BA shall comply with the State of California regulations regarding the reporting of unauthorized releases of protected health information (PHI). The regulations are found in: Health and Safety Code Sections 1280.15, and Section 1280.18; and Civil Code Section 56.05, and Whereas Exigis via fax or email as part of the HIPAA Regulations, the Privacy Rule and the Security Rule (defined below) require CE to enter into a contract containing specific requirements with BA prior to the disclosure of PHI, as set forth in, but not limited to, Title 45, Sections 164.314(a), 164.502(a) and (e) and 164.504(e) of the Code of Federal Regulations (“C.F.R.”) and contained in this Addendum, and Whereas CE will make available and/or be transferring to BA certain information, in conjunction with goods and services to be provided by BA as outlined in the Contract, that is confidential and must be afforded special treatment and protection, and Whereas BA will have access to and/or receive from CE certain information that can be used or disclosed only in accordance with this Business Associate Agreement-Addendum and the HHS privacy regulations, and Whereas BA does hereby assure CE that BA will appropriately safeguard protected health information made available to BA, in implementation of such assurance and without otherwise limiting the obligations of BA as set forth in the Contract. In consideration of the mutual promises below and the exchange of information pursuant to this Addendum, COUNTY/Covered Entity and CONTRACTOR/Business Associate agree as follows:indicated above.

Additional Requirements. Premium Payments - The insurance companies shall have no recourse against the COUNTY and funding agencies, its officers and employees or any of them for payment of any premiums or assessments under any policy issued by a mutual insurance company. Policy Deductibles - The CONTRACTOR CITY shall be responsible for all deductibles in all of the CONTRACTOR’s CITY’S insurance policies. The maximum amount of allowable deductible for insurance coverage required herein shall be $25,000. CONTRACTOR’s Obligations - CONTRACTORCITY’S indemnity and other obligations shall not be limited by the foregoing insurance requirements and shall survive the expiration of this agreement. Verification of Coverage - CONTRACTOR CITY shall furnish the County COUNTY with original certificates and amendatory endorsements or copies of the applicable policy language effecting coverage required by this clause. All certificates and endorsements are to be received and approved by the County COUNTY before work commences. However, failure to obtain the required documents prior to the work beginning shall not waive the CONTRACTORCITY’S obligation to provide them. The County COUNTY reserves the right to require complete, certified copies of all required insurance policies, including endorsements required by these specifications, at any time. Material Breach - Failure of the CONTRACTOR CITY to maintain the insurance required by this agreement, or to comply with any of the requirements of this section, shall constitute a material breach of the entire agreement. EXHIBIT D HIPAA BUSINESS ASSOCIATE AGREEMENT-ADDENDUM Whereas “COUNTY/Covered Entity” (“CE”) wishes to disclose certain information to “CONTRACTORCITY/Business Associate” (“BA”) pursuant to the terms of the Contract, some of which may constitute Protected Health Information (“PHI”) (defined below), and Whereas CE and BA intend to protect the privacy and provide for the security of PHI disclosed to BA pursuant to the Contract in compliance with the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191 (“HIPAA”), the Health Information Technology for Economic and Clinical Health Act, Public Law 111-005 (“the HITECH Act”), and regulations promulgated thereunder by the U.S. Department of Health and Human Services (“the HIPAA Regulations”) and other applicable laws, and Whereas BA shall comply with the Business Associate Provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act (Section 13001 of Public Law 111-5, the HITECH Act regulations located in 45 CFR 160 &164), including but not limited to Title 42, United States Code, Section 1320d et seq. and its implementing regulations (including but not limited to Title 45, Code of Federal Regulations (CFR), Parts 160, 162, and 164), and Whereas BA shall comply with the State of California regulations regarding the reporting of unauthorized releases of protected health information (PHI). The regulations are found in: Health and Safety Code Sections 1280.15, and Section 1280.18; and Civil Code Section 56.05, and Whereas as part of the HIPAA Regulations, the Privacy Rule and the Security Rule (defined below) require CE to enter into a contract containing specific requirements with BA prior to the disclosure of PHI, as set forth in, but not limited to, Title 45, Sections 164.314(a), 164.502(a) and (e) and 164.504(e) of the Code of Federal Regulations (“C.F.R.”) and contained in this Addendum, and Whereas CE will make available and/or be transferring to BA certain information, in conjunction with goods and services to be provided by BA as outlined in the Contract, that is confidential and must be afforded special treatment and protection, and Whereas BA will have access to and/or receive from CE certain information that can be used or disclosed only in accordance with this Business Associate Agreement-Addendum and the HHS privacy regulations, and Whereas BA does hereby assure CE that BA will appropriately safeguard protected health information made available to BA, in implementation of such assurance and without otherwise limiting the obligations of BA as set forth in the Contract. In consideration of the mutual promises below and the exchange of information pursuant to this Addendum, COUNTY/Covered Entity and CONTRACTORCITY/Business Associate agree as follows:

Additional Requirements. Premium Payments - The insurance companies shall have no recourse against the COUNTY and funding agencies, its officers and employees or any of them for payment of any premiums or assessments under any policy issued by a mutual insurance company. Policy Deductibles - The CONTRACTOR shall be responsible for all deductibles in all of the CONTRACTOR’s insurance policies. The maximum amount of allowable deductible for insurance coverage required herein shall be $25,000100,000. DRAFT CONTRACTOR’s Obligations - CONTRACTOR’S indemnity and other obligations shall not be limited by the foregoing insurance requirements and shall survive the expiration of this agreement. Verification of Coverage - CONTRACTOR shall furnish the County with original certificates and amendatory endorsements or copies of the applicable policy language effecting coverage required by this clause. All certificates and endorsements are to be received and approved by the County before work commences. However, failure to obtain the required documents prior to the work beginning shall not waive the CONTRACTOR’S obligation to provide them. The County reserves the right to require complete, certified copies of all required insurance policies, including endorsements required by these specifications, at any time. Material Breach - Failure of the CONTRACTOR to maintain the insurance required by this agreement, or to comply with any of the requirements of this section, shall constitute a material breach of the entire agreement. EXHIBIT D HIPAA BUSINESS ASSOCIATE AGREEMENT-ADDENDUM Whereas “COUNTY/Covered Entity” (“CE”) wishes to disclose certain information to “CONTRACTOR/Business Associate” (“BA”) pursuant to the terms of the Contract, some of which may constitute Protected Health Information (“PHI”) (defined below), and Whereas CE and BA intend to protect the privacy and provide for the security of PHI disclosed to BA pursuant to the Contract in compliance with the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191 (“HIPAA”), the Health Information Technology for Economic and Clinical Health Act, Public Law 111-005 (“the HITECH Act”), and regulations promulgated thereunder by the U.S. Department of Health and Human Services (“the HIPAA Regulations”) and other applicable laws, and Whereas BA shall comply with the Business Associate Provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act (Section 13001 of Public Law 111-5, the HITECH Act regulations located in 45 CFR 160 &164), including but not limited to Title 42, United States Code, Section 1320d et seq. and its implementing regulations (including but not limited to Title 45, Code of Federal Regulations (CFR), Parts 160, 162, and 164), and Whereas BA shall comply with the State of California regulations regarding the reporting of unauthorized releases of protected health information (PHI). The regulations are found in: Health and Safety Code Sections 1280.15, and Section 1280.18; and Civil Code Section 56.05, and DRAFT Whereas as part of the HIPAA Regulations, the Privacy Rule and the Security Rule (defined below) require CE to enter into a contract containing specific requirements with BA prior to the disclosure of PHI, as set forth in, but not limited to, Title 45, Sections 164.314(a), 164.502(a) and (e) and 164.504(e) of the Code of Federal Regulations (“C.F.R.”) and contained in this Addendum, and Whereas CE will make available and/or be transferring to BA certain information, in conjunction with goods and services to be provided by BA as outlined in the Contract, that is confidential and must be afforded special treatment and protection, and Whereas BA will have access to and/or receive from CE certain information that can be used or disclosed only in accordance with this Business Associate Agreement-Addendum and the HHS privacy regulations, and Whereas BA does hereby assure CE that BA will appropriately safeguard protected health information made available to BA, in implementation of such assurance and without otherwise limiting the obligations of BA as set forth in the Contract. In consideration of the mutual promises below and the exchange of information pursuant to this Addendum, COUNTY/Covered Entity and CONTRACTOR/Business Associate agree as follows:

Additional Requirements. Premium Payments - The insurance companies shall have no recourse against the COUNTY and funding agencies, its officers and employees or any of them for payment of any premiums or assessments under any policy issued by a mutual insurance company. Policy Deductibles - The CONTRACTOR shall be responsible for all deductibles in all of the CONTRACTOR’s insurance policies. The maximum amount of allowable deductible for insurance coverage required herein shall be $25,000. CONTRACTOR’s Obligations - CONTRACTOR’S indemnity and other obligations shall not be limited by the foregoing insurance requirements and shall survive the expiration of this agreement. Verification of Coverage - CONTRACTOR shall furnish the County with original certificates and amendatory endorsements or copies of the applicable policy language effecting coverage required by this clause. All certificates and endorsements are to be received and approved by the County before work commences. However, failure to obtain the required documents prior to the work beginning shall not waive the CONTRACTOR’S obligation to provide them. The County reserves the right to require complete, certified copies of all required insurance policies, including endorsements required by these specifications, at any time. Material Breach - Failure of the CONTRACTOR to maintain the insurance required by this agreement, or to comply with any of the requirements of this section, shall constitute a material breach of the entire agreement. EXHIBIT D HIPAA BUSINESS ASSOCIATE AGREEMENT-ADDENDUM Whereas “COUNTY/Covered Entity” (“CE”) wishes REPORTING EXHIBIT CONTRACTOR agrees to disclose certain information to “CONTRACTOR/Business Associate” (“BA”) pursuant to the terms of the Contractprovide COUNTY with reports that may be required by County, some of which may constitute Protected Health Information (“PHI”) (defined below), and Whereas CE and BA intend to protect the privacy and provide State or Federal agencies for the security of PHI disclosed to BA pursuant to the Contract in compliance with the Health Insurance Portability this Agreement including and Accountability Act of 1996, Public Law 104-191 (“HIPAA”), the Health Information Technology for Economic and Clinical Health Act, Public Law 111-005 (“the HITECH Act”), and regulations promulgated thereunder by the U.S. Department of Health and Human Services (“the HIPAA Regulations”) and other applicable laws, and Whereas BA shall comply with the Business Associate Provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act (Section 13001 of Public Law 111-5, the HITECH Act regulations located in 45 CFR 160 &164), including but not limited to Title 42, United States Code, Section 1320d et seq. and its implementing regulations (including but not limited to Title 45, Code of Federal Regulations (CFR), Parts 160, 162, and 164), and Whereas BA shall comply with the State of California regulations regarding the reporting of unauthorized releases of protected health information (PHI). The regulations are found in: Health and Safety Code Sections 1280.15, and Section 1280.18; and Civil Code Section 56.05, and Whereas as part of the HIPAA Regulations, the Privacy Rule and the Security Rule (defined below) require CE to enter into a contract containing specific requirements with BA prior to the disclosure of PHI, as set forth in, but not limited to, Title 45, Sections 164.314(a), 164.502(a) : CONTRACTOR shall submit quarterly status reports and (e) a final annual report to COUNTY which reflect progress made in implementing the services and 164.504(e) of the Code of Federal Regulations (“C.F.R.”) and contained in this Addendum, and Whereas CE will make available and/or be transferring to BA certain information, in conjunction with goods and services to be provided by BA as outlined in the Contract, that is confidential and must be afforded special treatment and protection, and Whereas BA will have access to and/or receive from CE certain information that can be used or disclosed only in accordance with this Business Associate Agreement-Addendum and the HHS privacy regulations, and Whereas BA does hereby assure CE that BA will appropriately safeguard protected health information made available to BA, in implementation of such assurance and without otherwise limiting the obligations of BA as achieving any outcomes set forth in the ContractScope of Services Exhibit, and to assure CONTRACTOR’S compliance with contract terms. In consideration Said annual report shall be submitted by August 31 for the preceding fiscal year. CONTRACTOR shall make annual client outcome information available to COUNTY within 60 days of fiscal year end. Outcome data will be based upon the full array of services provided and how those services advanced the functional improvement of the mutual promises below and client. Functional improvement will be measured by the exchange disposition of information pursuant to this Addendum, COUNTY/Covered Entity and CONTRACTOR/Business Associate agree as follows:the client at discharge.

Additional Requirements. Premium Payments - The insurance companies shall have no recourse against the COUNTY and funding agencies, its officers and employees or any of them for payment of any premiums or assessments under any policy issued by a mutual insurance company. Policy Deductibles - The CONTRACTOR shall be responsible for all deductibles in all of the CONTRACTOR’s insurance policies. The maximum amount of allowable deductible for insurance coverage required herein shall be $25,000. CONTRACTORC ONTRACTOR’s Obligations - CONTRACTOR’S indemnity and other obligations shall not be limited by the foregoing insurance requirements and shall survive the expiration of this agreement. Verification of Coverage - CONTRACTOR shall furnish the County with original certificates and amendatory endorsements or copies of the applicable policy language effecting coverage required by this clause. All certificates and endorsements are to be received and approved by the County before work commences. However, failure to obtain the required documents prior to the work beginning shall not waive the CONTRACTOR’S obligation to provide them. The County reserves the right to require complete, certified copies of all required insurance policies, including endorsements required by these specifications, at any time. Material Breach - Failure of the CONTRACTOR to maintain the insurance required by this agreement, or to comply with any of the requirements of this section, shall constitute a material breach of the entire agreement. Self-Insurance – CONTRACTOR shall have the right to use a program of self-insurance to meet its insurance obligations and, in such case, CONTRACTOR is not required to name COUNTY or any of COUNTY’s designees as additional insureds or loss payees. In the event that CONTRACTOR uses a program of self-insurance, any requirement pertaining to a rating or admission of the insurance company shall not apply and CONTRACTOR’s insurer need only endeavor to notify COUNTY in writing not less than thirty (30) days prior to any material change, reduction in coverage, cancellation or other termination thereof. EXHIBIT D HIPAA BUSINESS ASSOCIATE AGREEMENT-ADDENDUM Whereas “COUNTY/Covered Entity” (“CE”) wishes to disclose certain information to “CONTRACTOR/Business Associate” (“BA”) pursuant to the terms of the Contract, some of which may constitute Protected Health Information (“PHI”) (defined below), and Whereas CE and BA intend to protect the privacy and provide for the security of PHI disclosed to BA pursuant to the Contract in compliance with the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191 (“HIPAA”), the Health Information Technology for Economic and Clinical Health Act, Public Law 111-005 (“the HITECH Act”), and regulations promulgated thereunder by the U.S. Department of Health and Human Services (“the HIPAA Regulations”) and other applicable laws, and Whereas BA shall comply with the Business Associate Provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act (Section 13001 of Public Law 111-5, the HITECH Act regulations located in 45 CFR 160 &164), including but not limited to Title 42, United States Code, Section 1320d et seq. and its implementing regulations (including but not limited to Title 45, Code of Federal Regulations (CFR), Parts 160, 162, and 164), and Whereas BA shall comply with the State of California regulations regarding the reporting of unauthorized releases of protected health information (PHI). The regulations are found in: Health and Safety Code Sections 1280.15, and Section 1280.18; and Civil Code Section 56.05, and Whereas as part of the HIPAA Regulations, the Privacy Rule and the Security Rule (defined below) require CE to enter into a contract containing specific requirements with BA prior to the disclosure of PHI, as set forth in, but not limited to, Title 45, Sections 164.314(a), 164.502(a) and (e) and 164.504(e) of the Code of Federal Regulations (“C.F.R.”) and contained in this Addendum, and Whereas CE will make available and/or be transferring to BA certain information, in conjunction with goods and services to be provided by BA as outlined in the Contract, that is confidential and must be afforded special treatment and protection, and Whereas BA will have access to and/or receive from CE certain information that can be used or disclosed only in accordance with this Business Associate Agreement-Addendum and the HHS privacy regulations, and Whereas BA does hereby assure CE that BA will appropriately safeguard protected health information made available to BA, in implementation of such assurance and without otherwise limiting the obligations of BA as set forth in the Contract. In consideration of the mutual promises below and the exchange of information pursuant to this Addendum, COUNTY/Covered Entity and CONTRACTOR/Business Associate agree as follows:Federally Funded Contracts

Additional Requirements. Premium Payments - The insurance companies shall have no recourse against the COUNTY and funding agencies, its officers and employees or any of them for payment of any premiums or assessments under any policy issued by a mutual insurance company. Policy Deductibles - The CONTRACTOR shall be responsible for all deductibles in all of the CONTRACTOR’s ’S insurance policies. The maximum amount of allowable deductible for insurance coverage required herein shall be $25,000. CONTRACTOR’s ’S Obligations - CONTRACTOR’S indemnity and other obligations shall not be limited by the foregoing insurance requirements and shall survive the expiration of this agreement. Verification of Coverage - CONTRACTOR shall furnish the County with original certificates and amendatory endorsements or copies of the applicable policy language effecting coverage required by this clause. All certificates and endorsements are to be received and approved by the County before work commences. However, failure to obtain the required documents prior to the work beginning shall not waive the CONTRACTOR’S obligation to provide them. The County reserves the right to require complete, certified copies of all required insurance policies, including endorsements required by these specifications, at any time. Material Breach - Failure of the CONTRACTOR to maintain the insurance required by this agreement, or to comply with any of the requirements of this section, shall constitute a material breach of the entire agreement. EXHIBIT D HIPAA BUSINESS ASSOCIATE AGREEMENT-ADDENDUM Whereas “COUNTY/Covered Entity” (“CE”) wishes REPORTING EXHIBIT CONTRACTOR agrees to disclose certain information to “CONTRACTOR/Business Associate” (“BA”) pursuant to the terms of the Contractprovide COUNTY with reports that are required by County, some of which may constitute Protected Health Information (“PHI”) (defined below), and Whereas CE and BA intend to protect the privacy and provide State or Federal agencies for the security of PHI disclosed to BA pursuant to the Contract in compliance with the Health Insurance Portability and Accountability Act this Agreement, prior to payment of 1996, Public Law 104-191 (“HIPAA”), the Health Information Technology for Economic and Clinical Health Act, Public Law 111-005 (“the HITECH Act”), and regulations promulgated thereunder by the U.S. Department of Health and Human Services (“the HIPAA Regulations”) and other applicable laws, and Whereas BA shall comply with the Business Associate Provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act (Section 13001 of Public Law 111-5, the HITECH Act regulations located in 45 CFR 160 &164)invoices, including but not limited to Title 42, United States Code, Section 1320d et seq. and its implementing regulations (including but not limited to Title 45, Code of Federal Regulations (CFR), Parts 160, 162, and 164), and Whereas BA shall comply with the State of California regulations regarding the reporting of unauthorized releases of protected health information (PHI). The regulations are found in: Health and Safety Code Sections 1280.15, and Section 1280.18; and Civil Code Section 56.05, and Whereas as part of the HIPAA Regulations, the Privacy Rule and the Security Rule (defined below) require CE to enter into a contract containing specific requirements with BA prior to the disclosure of PHI, as set forth in, but not limited to, Title 45, Sections 164.314(a), 164.502(a) : CONTRACTOR shall submit quarterly status reports to COUNTY which reflect progress made in implementing the services and (e) and 164.504(e) of the Code of Federal Regulations (“C.F.R.”) and contained in this Addendum, and Whereas CE will make available and/or be transferring to BA certain information, in conjunction with goods and services to be provided by BA as outlined in the Contract, that is confidential and must be afforded special treatment and protection, and Whereas BA will have access to and/or receive from CE certain information that can be used or disclosed only in accordance with this Business Associate Agreement-Addendum and the HHS privacy regulations, and Whereas BA does hereby assure CE that BA will appropriately safeguard protected health information made available to BA, in implementation of such assurance and without otherwise limiting the obligations of BA as achieving any outcomes set forth in the ContractScope of Services exhibit, and to assure CONTRACTOR’S compliance with contract terms. In consideration Said quarterly reports will be due by October 31st, January 31st, April 30th, and July 31st. Invoices will not be paid without quarterly reports being submitted as required. CONTRACTOR agrees to provide quarterly reporting on the following indicators: • Number of caregivers served in prior quarter and year to date; • Number of youth served in prior quarter and year to date; • Demographics for each case-managed caregiver and youth served, including gender, age and ethnicity. • Services provided (e.g. emergency assistance, guardianship, transportation, tutoring, clothes); • Number of support groups and participants provided in prior quarter and year to date; • Number of outreach presentations provided in prior quarter and year to date; • Number of referrals received, including referral sources, in prior quarter and year to date; • Number of enrichment activities and events for the quarter, including number of attendees. • Aggregated results of customer satisfaction surveys and program outcomes for the prior quarter and year to date; and • A narrative describing the activities the agency conducted, including success stories and any collaborations made with other entities to provide services (e.g. “Parent Liaison participated in collaborative meetings with CWS to support family voice and choice.”) for the prior quarter. • Number of families referred and served in RFL Program in prior quarter; • Number of families connected by RFL to KSSP in prior quarter. EXHIBIT E FEDERALLY FUNDED CONTRACTS COUNTY will inform CONTRACTOR of any changes related to funding sources or amounts in this agreement as a result of COUNTY’S Quarterly funding reviews. If changes are needed to reflect updated Federal Funding, this Exhibit is subject to modification with written approval of the mutual promises below County Contract Administrator and the exchange of information pursuant to this AddendumRevenue and Budget Manager, COUNTY/Covered Entity and CONTRACTOR/Business Associate agree as follows:CONTRACTOR will receive the updated Exhibit.

Additional Requirements. Premium Payments - The insurance companies shall have no recourse against the COUNTY and funding agencies, its officers and employees or any of them for payment of any premiums or assessments under any policy issued by a mutual insurance company. Policy Deductibles - The CONTRACTOR shall be responsible for all deductibles in all of the CONTRACTOR’s insurance policies. The maximum amount of allowable deductible for insurance coverage required herein shall be $25,000750,000. CONTRACTOR’s Obligations - CONTRACTOR’S indemnity and other obligations shall not be limited by the foregoing insurance requirements and shall survive the expiration of this agreement. Verification of Coverage - CONTRACTOR shall furnish the County with original certificates and amendatory endorsements or copies of the applicable policy language effecting coverage required by this clause. All certificates and endorsements are to be received and approved by the County before work commences. However, failure to obtain the required documents prior to the work beginning shall not waive the CONTRACTOR’S obligation to provide them. The County reserves the right to require complete, certified copies of all required insurance policies, including endorsements required by these specifications, at any time. Material Breach - Failure of the CONTRACTOR to maintain the insurance required by this agreement, or to comply with any of the requirements of this section, shall constitute a material breach of the entire agreement. EXHIBIT D HIPAA BUSINESS ASSOCIATE AGREEMENT-ADDENDUM Whereas “COUNTY/Covered Entity” (“CE”) wishes to disclose certain information to “CONTRACTOR/Business Associate” (“BA”) pursuant to the terms of the Contract, some of which may constitute Protected Health Information (“PHI”) (defined below), and Whereas CE and BA intend to protect the privacy and provide for the security of PHI disclosed to BA pursuant to the Contract in compliance with the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191 (“HIPAA”), the Health Information Technology for Economic and Clinical Health Act, Public Law 111-005 (“the HITECH Act”), and regulations promulgated thereunder by the U.S. Department of Health and Human Services (“the HIPAA Regulations”) and other applicable laws, and Whereas BA shall comply with the Business Associate Provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act (Section 13001 of Public Law 111-5, the HITECH Act regulations located in 45 CFR 160 &164), including but not limited to Title 42, United States Code, Section 1320d et seq. and its implementing regulations (including but not limited to Title 45, Code of Federal Regulations (CFR), Parts 160, 162, and 164), and Whereas BA shall comply with the State of California regulations regarding the reporting of unauthorized releases of protected health information (PHI). The regulations are found in: Health and Safety Code Sections 1280.15, and Section 1280.18; and Civil Code Section 56.05, and Whereas as part of the HIPAA Regulations, the Privacy Rule and the Security Rule (defined below) require CE to enter into a contract containing specific requirements with BA prior to the disclosure of PHI, as set forth in, but not limited to, Title 45, Sections 164.314(a), 164.502(a) and (e) and 164.504(e) of the Code of Federal Regulations (“C.F.R.”) and contained in this Addendum, and Whereas CE will make available and/or be transferring to BA certain information, in conjunction with goods and services to be provided by BA as outlined in the Contract, that is confidential and must be afforded special treatment and protection, and Whereas BA will have access to and/or receive from CE certain information that can be used or disclosed only in accordance with this Business Associate Agreement-Addendum and the HHS privacy regulations, and Whereas BA does hereby assure CE that BA will appropriately safeguard protected health information made available to BA, in implementation of such assurance and without otherwise limiting the obligations of BA as set forth in the Contract. In consideration of the mutual promises below and the exchange of information pursuant to this Addendum, COUNTY/Covered Entity and CONTRACTOR/Business Associate agree as follows:

Additional Requirements. Premium Payments - The insurance companies shall have no recourse against the COUNTY and funding agencies, its officers and employees or any of them for payment of any premiums or assessments under any policy issued by a mutual insurance company. Policy Deductibles - The CONTRACTOR shall be responsible for all deductibles in all of the CONTRACTOR’s insurance policies. The maximum amount of allowable deductible for insurance coverage required herein shall be $25,000. CONTRACTOR’s Obligations - CONTRACTOR’S indemnity and other obligations shall not be limited by the foregoing insurance requirements and shall survive the expiration of this agreement. Verification of Coverage - CONTRACTOR shall furnish the County with original certificates and amendatory endorsements or copies of the applicable policy language effecting affecting coverage required by this clause. All certificates and endorsements are to be received and approved by the County before work commences. However, failure to obtain the required documents prior to the work beginning shall not waive the CONTRACTOR’S obligation to provide them. The County reserves the right to require complete, certified copies of all required insurance policies, including endorsements required by these specifications, at any time. DRAFT Material Breach - Failure of the CONTRACTOR to maintain the insurance required by this agreement, or to comply with any of the requirements of this section, shall constitute a material breach of the entire agreement. EXHIBIT D HIPAA BUSINESS ASSOCIATE AGREEMENT-ADDENDUM Whereas “COUNTY/Covered Entity” (“CE”) wishes to disclose certain information to “CONTRACTOR/Business Associate” (“BA”) pursuant to the terms of the Contract, some of which may constitute Protected Health Information (“PHI”) (defined below), and Whereas CE and BA intend to protect the privacy and provide for the security of PHI disclosed to BA pursuant to the Contract in compliance with the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191 (“HIPAA”), the Health Information Technology for Economic and Clinical Health Act, Public Law 111-005 (“the HITECH Act”), and regulations promulgated thereunder by the U.S. Department of Health and Human Services (“the HIPAA Regulations”) and other applicable laws, and Whereas BA shall comply with the Business Associate Provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act (Section 13001 of Public Law 111-5, the HITECH Act regulations located in 45 CFR 160 &164), including but not limited to Title 42, United States Code, Section 1320d et seq. and its implementing regulations (including but not limited to Title 45, Code of Federal Regulations (CFR), Parts 160, 162, and 164), and DRAFT Whereas BA shall comply with the State of California regulations regarding the reporting of unauthorized releases of protected health information (PHI). The regulations are found in: Health and Safety Code Sections 1280.15, and Section 1280.18; and Civil Code Section 56.05, and Whereas as part of the HIPAA Regulations, the Privacy Rule and the Security Rule (defined below) require CE to enter into a contract containing specific requirements with BA prior to the disclosure of PHI, as set forth in, but not limited to, Title 45, Sections 164.314(a), 164.502(a) and (e) and 164.504(e) of the Code of Federal Regulations (“C.F.R.”) and contained in this Addendum, and Whereas CE will make available and/or be transferring to BA certain information, in conjunction with goods and services to be provided by BA as outlined in the Contract, that is confidential and must be afforded special treatment and protection, and Whereas BA will have access to and/or receive from CE certain information that can be used or disclosed only in accordance with this Business Associate Agreement-Addendum and the HHS privacy regulations, and Whereas BA does hereby assure CE that BA will appropriately safeguard protected health information made available to BA, in implementation of such assurance and without otherwise limiting the obligations of BA as set forth in the Contract. In consideration of the mutual promises below and the exchange of information pursuant to this Addendum, COUNTY/Covered Entity and CONTRACTOR/Business Associate agree as follows:

Additional Requirements. Premium Payments - The insurance companies shall have no recourse against the COUNTY and funding agencies, its officers and employees or any of them for payment of any premiums or assessments under any policy issued by a mutual insurance company. Policy Deductibles - The CONTRACTOR shall be responsible for all deductibles in all of the CONTRACTOR’s 'S insurance policies. The maximum amount of allowable deductible for insurance coverage required herein shall be $25,000. CONTRACTOR’s 'S Obligations - CONTRACTOR’S indemnity and other obligations shall not be limited by the foregoing insurance requirements and shall survive the expiration of this agreement. Verification of Coverage - CONTRACTOR shall furnish the County with original certificates and amendatory endorsements or copies of the applicable policy language effecting coverage required by this clause. All certificates and endorsements are to be received and approved by the County before work commences. However, failure to obtain the required documents prior to the work beginning shall not waive the CONTRACTOR’S obligation to provide them. The County reserves the right to require complete, certified copies of all required insurance policies, including endorsements required by these specifications, at any time. Material Breach - Failure of the CONTRACTOR to maintain the insurance required by this agreement, or to comply with any of the requirements of this section, shall constitute a material breach of the entire agreement. EXHIBIT D HIPAA BUSINESS ASSOCIATE AGREEMENT-ADDENDUM Whereas “COUNTY/Covered Entity” (“CE”) wishes to disclose certain information to “CONTRACTOR/Business Associate” (“BA”) pursuant to the terms of the Contract, some of which may constitute Protected Health Information (“PHI”) (defined below), and Whereas CE and BA intend to protect the privacy and provide for the security of PHI disclosed to BA pursuant to the Contract in compliance with the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191 (“HIPAA”), the Health Information Technology for Economic and Clinical Health Act, Public Law 111-111- 005 (“the HITECH Act”), and regulations promulgated thereunder by the U.S. Department of Health and Human Services (“the HIPAA Regulations”) and other applicable laws, and Whereas BA shall comply with the Business Associate Provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act (Section 13001 of Public Law 111-5, the HITECH Act regulations located in 45 CFR 160 &164), including but not limited to Title 42, United States Code, Section 1320d et seq. and its implementing regulations (including but not limited to Title 45, Code of Federal Regulations (CFR), Parts 160, 162, and 164), and Whereas BA shall comply with the State of California regulations regarding the reporting of unauthorized releases of protected health information (PHI). The regulations are found in: Health and Safety Code Sections 1280.15, and Section 1280.18; and Civil Code Section 56.05, and Whereas as part of the HIPAA Regulations, the Privacy Rule and the Security Rule (defined below) require CE to enter into a contract containing specific requirements with BA prior to the disclosure of PHI, as set forth in, but not limited to, Title 45, Sections 164.314(a), 164.502(a) and (e) and 164.504(e) of the Code of Federal Regulations (“C.F.R.”) and contained in this Addendum, and Whereas CE will make available and/or be transferring to BA certain information, in conjunction with goods and services to be provided by BA as outlined in the Contract, that is confidential and must be afforded special treatment and protection, and Whereas BA will have access to and/or receive from CE certain information that can be used or disclosed only in accordance with this Business Associate Agreement-Addendum and the HHS privacy regulations, and Whereas BA does hereby assure CE that BA will appropriately safeguard protected health information made available to BA, in implementation of such assurance and without otherwise limiting the obligations of BA as set forth in the Contract. In consideration of the mutual promises below and the exchange of information pursuant to this Addendum, COUNTY/Covered Entity and CONTRACTOR/Business Associate agree as follows:

Additional Requirements. Premium Payments - The insurance companies shall have no recourse against the COUNTY and funding agencies, its officers and employees or any of them for payment of any premiums or assessments under any policy issued by a mutual insurance company. Policy Deductibles - The CONTRACTOR shall be responsible for all deductibles in all of the CONTRACTOR’s ’S insurance policies. The maximum amount of allowable deductible for insurance coverage required herein shall be $25,000. CONTRACTOR’s ’S Obligations - CONTRACTOR’S indemnity and other obligations shall not be limited by the foregoing insurance requirements and shall survive the expiration of this agreement. Verification of Coverage - CONTRACTOR shall furnish the County with original certificates and amendatory endorsements or copies of the applicable policy language effecting coverage required by this clause. All certificates and endorsements are to be received and approved by the County before work commences. However, failure to obtain the required documents prior to the work beginning shall not waive the CONTRACTOR’S obligation to provide them. The County reserves the right to require complete, certified copies of all required insurance policies, including endorsements required by these specifications, at any time. Material Breach - Failure of the CONTRACTOR to maintain the insurance required by this agreement, or to comply with any of the requirements of this section, shall constitute a material breach of the entire agreement. EXHIBIT D HIPAA BUSINESS ASSOCIATE AGREEMENT-ADDENDUM Whereas “COUNTY/Covered Entity” (“CE”) wishes REPORTING EXHIBIT CONTRACTOR agrees to disclose certain information to “CONTRACTOR/Business Associate” (“BA”) pursuant to the terms of the Contractprovide COUNTY with reports that may be required by County, some of which may constitute Protected Health Information (“PHI”) (defined below), and Whereas CE and BA intend to protect the privacy and provide State or Federal agencies for the security of PHI disclosed to BA pursuant to the Contract in compliance with the Health Insurance Portability this Agreement including and Accountability Act of 1996, Public Law 104-191 (“HIPAA”), the Health Information Technology for Economic and Clinical Health Act, Public Law 111-005 (“the HITECH Act”), and regulations promulgated thereunder by the U.S. Department of Health and Human Services (“the HIPAA Regulations”) and other applicable laws, and Whereas BA shall comply with the Business Associate Provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act (Section 13001 of Public Law 111-5, the HITECH Act regulations located in 45 CFR 160 &164), including but not limited to Title 42, United States Code, Section 1320d et seq. and its implementing regulations (including but not limited to Title 45, Code of Federal Regulations (CFR), Parts 160, 162, and 164), and Whereas BA shall comply with the State of California regulations regarding the reporting of unauthorized releases of protected health information (PHI). The regulations are found in: Health and Safety Code Sections 1280.15, and Section 1280.18; and Civil Code Section 56.05, and Whereas as part of the HIPAA Regulations, the Privacy Rule and the Security Rule (defined below) require CE to enter into a contract containing specific requirements with BA prior to the disclosure of PHI, as set forth in, but not limited to, Title 45, Sections 164.314(a), 164.502(a) : • CONTRACTOR shall submit quarterly status reports and (e) a final annual report to COUNTY which reflect progress made in implementing the services and 164.504(e) of the Code of Federal Regulations (“C.F.R.”) and contained in this Addendum, and Whereas CE will make available and/or be transferring to BA certain information, in conjunction with goods and services to be provided by BA as outlined in the Contract, that is confidential and must be afforded special treatment and protection, and Whereas BA will have access to and/or receive from CE certain information that can be used or disclosed only in accordance with this Business Associate Agreement-Addendum and the HHS privacy regulations, and Whereas BA does hereby assure CE that BA will appropriately safeguard protected health information made available to BA, in implementation of such assurance and without otherwise limiting the obligations of BA as achieving any outcomes set forth in the ContractScope of Services exhibit, and to assure CONTRACTOR’S compliance with contract terms. In consideration Said annual report shall be submitted by August 31 for the preceding fiscal year. • CONTRACTOR shall make annual client outcome information available to COUNTY within 60 days of fiscal year end. Outcome data will be based upon the full array of services provided and how those services advanced the functional improvement of the mutual promises below client. Functional improvement will be measured by the disposition of the client at discharge. Reporting CONTRACTOR will submit monthly National Youth in Transition Database (NYTD) reports to COUNTY Administrator to include number of youth served and type of service provided. CONTRACTOR shall complete an Annual Report as required by CDSS. XXXXXXXXXX agrees to meet quarterly with county ILP Program Manager to review progress of achieving shared goals. CONTRACTOR to submit quarterly reports to county by the exchange 15th of information pursuant the month following the quarter to this Addenduminclude the following: number of youth seen at Sierra College campus; work with CAPC personnel as appropriate to meet youth needs, COUNTY/Covered Entity number of Tahoe-placed youth receiving ILP services, any activities of engagement with Student Support Services, and CONTRACTOR/Business Associate agree as follows:other parties. CONTRACTOR will submit an annual report summarizing pre- and post-outcome data from the XXXXXX- XXXXX measurements taken during that time period.

Additional Requirements. Premium Payments - The insurance companies shall have no recourse against the COUNTY and funding agencies, its officers and employees or any of them for payment of any premiums or assessments under any policy issued by a mutual insurance company. Policy Deductibles - The CONTRACTOR shall be responsible for all deductibles in all of the CONTRACTOR’s ’S insurance policies. The maximum amount of allowable deductible for insurance coverage required herein shall be $25,000. CONTRACTOR’s ’S Obligations - CONTRACTOR’S indemnity and other obligations shall not be limited by the foregoing insurance requirements and shall survive the expiration of this agreement. Verification of Coverage - CONTRACTOR shall furnish the County with original certificates and amendatory endorsements or copies of the applicable policy language effecting coverage required by this clause. All certificates and endorsements are to be received and approved by the County before work commences. However, failure to obtain the required documents prior to the work beginning shall not waive the CONTRACTOR’S obligation to provide them. The County reserves the right to require complete, certified copies of all required insurance policies, including endorsements required by these specifications, at any time. Material Breach - Failure of the CONTRACTOR to maintain the insurance required by this agreement, or to comply with any of the requirements of this section, shall constitute a material breach of the entire agreement. EXHIBIT D HIPAA BUSINESS ASSOCIATE AGREEMENT-ADDENDUM Whereas “COUNTY/Covered Entity” (“CE”) wishes to disclose certain information to “CONTRACTOR/Business Associate” (“BA”) pursuant to the terms of the Contract, some of which may constitute Protected Health Information (“PHI”) (defined below), and Whereas CE and BA intend to protect the privacy and provide for the security of PHI disclosed to BA pursuant to the Contract in compliance with the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191 (“HIPAA”), the Health Information Technology for Economic and Clinical Health Act, Public Law 111-005 (“the HITECH Act”), and regulations promulgated thereunder by the U.S. Department of Health and Human Services (“the HIPAA Regulations”) and other applicable laws, and Whereas BA shall comply with the Business Associate Provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act (Section 13001 of Public Law 111-5, the HITECH Act regulations located in 45 CFR 160 &164), including but not limited to Title 42, United States Code, Section 1320d et seq. and its implementing regulations (including but not limited to Title 45, Code of Federal Regulations (CFR), Parts 160, 162, and 164), and Whereas BA shall comply with the State of California regulations regarding the reporting of unauthorized releases of protected health information (PHI). The regulations are found in: Health and Safety Code Sections 1280.15, and Section 1280.18; and Civil Code Section 56.05, and Whereas as part of the HIPAA Regulations, the Privacy Rule and the Security Rule (defined below) require CE to enter into a contract containing specific requirements with BA prior to the disclosure of PHI, as set forth in, but not limited to, Title 45, Sections 164.314(a), 164.502(a) and (e) and 164.504(e) of the Code of Federal Regulations (“C.F.R.”) and contained in this Addendum, and Whereas CE will make available and/or be transferring to BA certain information, in conjunction with goods and services to be provided by BA as outlined in the Contract, that is confidential and must be afforded special treatment and protection, and Whereas BA will have access to and/or receive from CE certain information that can be used or disclosed only in accordance with this Business Associate Agreement-Addendum and the HHS privacy regulations, and Whereas BA does hereby assure CE that BA will appropriately safeguard protected health information made available to BA, in implementation of such assurance and without otherwise limiting the obligations of BA as set forth in the Contract. In consideration of the mutual promises below and the exchange of information pursuant to this Addendum, COUNTY/Covered Entity and CONTRACTOR/Business Associate agree as follows: