The URL can be used to link to this page

Home My WebLink AboutResolution - 2023-R0233 - DSHS Contract HHS001311200019, Emergency Preparedness & Response GrantResolution No. 2023-RO233 Item No. 6.13 May 9, 2023 RESOLUTION BE IT RESOLVED BY THE CITY COUNCIL OF THE CITY OF LUBBOCK: THAT the Mayor of the City of Lubbock is hereby authorized and directed to execute, on behalf of the City of Lubbock, the Department of State Health Services Grant Agreement Contract No. HHS001311200019 under the Center for Health Emergency Preparedness & Response (CHEPR) Grant Program, by and between the City of Lubbock and the State of Texas' Department of State Health Services, and all related documents. Said Grant Agreement Contract is attached hereto and incorporated in this resolution as if fully set forth herein and shall be included in the minutes of the City Council. Passed by the City Council on Courtney Paz, City APPROVED AS TO CONTENT: APPROVED AS TO FORM: Foster, AhsiAnt City Attorney RES.DSHS Contract No. HHS001311200019 5.2.23 May 9, 2023 uocuwgn tnveiope w: aan;ibus-ts4�a�sat-Asti-ituatsotssc:tit Resolution No. 2023-RO233 SIGNATURE DOCUMENT FOR DEPARTMENT OF STATE HEALTH SERVICES GRANT AGREEMENT, CONTRACT No. HHS001311200019 UNDER THE CENTER FOR HEALTH EMERGENCY PREPAREDNESS AND RESPONSE GRANT PROGRAM The parties to this agreement ("Grant Agreement" or "Contract") are Department of State Health Services ("System Agency"), a pass -through entity, and "City of Lubbock" ("Grantee"), having its principal office at 806 18th Street, Lubbock, Texas 79401 (each a "Party" and collectively the "Parties"). I. PURPOSE The purpose of this Grant Agreement is to perform activities in support of the Public Health Emergency Preparedness ("PHEP") Cooperative Agreement between the Centers for Disease Control and Prevention ("CDC") and the Department of State Health Services to advance public health preparedness. II. LEGAL AUTHORITY This Grant Agreement is entered into pursuant to the authority granted by and in compliance with the Interlocal Cooperation Act, Texas Government Code Chapter 791 and Texas Health and Safety Code Title 12 Chapter 1001 and Title 2 Chapter 12. III. DURATION This Grant Agreement is effective on July 1, 2023 and expires on June 30, 2024, unless sooner terminated or renewed or extended. System Agency, at its sole discretion, may extend this Grant Agreement for up to four (4) years for a maximum term of five (5) years. Notwithstanding the limitation in the preceding paragraph and with at least 30 calendar days' advance written notice to Grantee, at the end of the initial term or any renewal period, System Agency at its sole discretion, may extend this Grant Agreement as necessary to ensure the continuity of service, for purposes of transition, or as otherwise determined by System Agency to serve the best interest of the State for up to six (6) months, in one -month intervals, at the then - current contract rate or rates (if applicable) as modified during the term of the Grant Agreement. IV. STATEMENT OF WORK The Scope of Grant Project to which Grantee is bound is incorporated into and made a part of this Grant Agreement for all purposes and included as ATTACHMENT A, FY2024 STATEMENT OF WORK. System Agency Grant Agreement, Contract # HHS001311200019 Page 1 of 6 HHS Signature Document - Grantee v 3.1 Effective: August 2022 uocubign tnveiope iu: ao��.�oureu+�a�oac-r+�ci-icua0000;.r-ic V. BUDGET The total amount of this Grant Agreement will not exceed TOTAL CONTRACT AMOUNT $288,016.00. This includes the System Agency share of $261,833.00 and Grantee's required match amount of $26,183.00. The total not -to -exceed amount includes the following: Total Federal Funds: $261,833.00 All expenditures under the Grant Agreement will be in accordance with ATTACHMENT B, FY2024 BUDGET. VI. NOTICE TO PROCEED Funding for this Contract is dependent on the award of the applicable federal grant. No activities may commence, and no expenses incurred prior to the issuance of a written Notice to Proceed by System Agency. The Notice to Proceed may include an amended or ratified budget which will be incorporated into this Contract by a subsequent amendment, as necessary. Notwithstanding the preceding, at the discretion of System Agency, Grantee may be eligible to receive reimbursement for eligible expenses incurred during the period of performance as defined by 2 CFR §200.309. VII. REPORTING REQUIREMENTS Grantee shall submit the reports outlined in ATTACHMENT C, FY2024 PREP CONTRACTUAL REQUIREMENTS SCHEDULE by the due dates and submission methods specified therein. DSHS may add contractual requirements and revise reporting due dates throughout the term of this grant agreement to comply with modifications made to the grant award by the CDC. DSHS will notify Grantee of these modifications through a Technical Guidance Letter. A Technical Guidance Letter will become effective as of the date indicated in the Letter and will be attached to the Contract and incorporated as if fully set forth therein. VIII. CONTRACT REPRESENTATIVES The following will act as the representative authorized to administer activities under this Grant Agreement on behalf of their respective Party. System Agency Grant Agreement, Contract # HHS001311200019 Page 2 of 6 uocu6ign tnvelope IU: bb/C76U3-5429-439E-A7E1-7ED98683CE1E System Agency Grantee Beverly Taylor Katherine Wells Department of State Health Services City of Lubbock 1100 W. 49t' Street MC 1990 806 18t' Street Austin, Texas 78756 Lubbock, Texas 79401 Beverly.taylortu dshs.texas.gov kwells(a-),mylubbock.us IX. NOTICE REQUIREMENTS A. All notices given by Grantee shall be in writing, include the Contract number, comply with all terms and conditions of the Grant Agreement, and be delivered to the System Agency's Contract Representative identified above. B. Grantee shall send legal notices to System Agency at the address below and provide a copy to the System Agency's Contract Representative: Health and Human Services Commission Attn: Office of Chief Counsel 4601 W. Guadalupe, Mail Code 1100 Austin, Texas 78751 with a copy to: Department of State Health Services Attention: General Counsel 1100 W. 49`h Street, Mail Code 1919 Austin, Texas 78756 C. Notices given by System Agency to Grantee may be emailed, mailed or sent by common carrier. Email notices shall be deemed delivered when sent by System Agency. Notices sent by mail shall be deemed delivered when deposited by the System Agency in the United States mail, postage paid, certified, return receipt requested. Notices sent by common carrier shall be deemed delivered when deposited by the System Agency with a common carrier, overnight, signature required. D. Notices given by Grantee to System Agency shall be deemed delivered when received by System Agency. E. Either Party may change its Contract Representative or Legal Notice contact by providing written notice to the other Party. System Agency Grant Agreement, Contract # HHS001311200019 Page 3 of 6 uocuaign tnveiope iu: i-irua0000trir X. FEDERAL AWARD INFORMATION GRANTEE'S UNIQUE ENTITY IDENTIFIER IS: LXDNEKWRVKJ6 Federal funding under this Grant Agreement is a subaward under the following federal award. Federal Award Identification Number (FAIN): NU90TP922045 A. Assistance Listings Title, Number, and Dollar Amount: Centers for Disease Control and Prevention, Public Health Emergency Preparedness (PHEP) Cooperative Agreement, 93.069 — TBD B. Federal Award Date: TBD C. Federal Award Period: 7/l/2023-6/30/2024 D. Name of Federal Awarding Agency: Centers for Disease Control and Prevention E. Federal Award Project Description: Public Health Emergency Preparedness (PHEP) Cooperative Agreement F. Awarding Official Contact Information: TBD G. Total Amount of Federal Funds Awarded to System Agency: TBD H. Amount of Funds Awarded to Grantee: $261,833.00 I. Identification of Whether the Award is for Research and Development: No XI. CONTRACT DOCUMENTS The following documents are incorporated by reference and made a part of this Grant Agreement for all purposes. ATTACHMENT A — FY2024 STATEMENT OF WORK ATTACHMENT A-1 - SUPPLEMENTAL GRANT GUIDANCE ATTACHMENT B — FY2024 BUDGET ATTACHMENT C — FY2024 PHEP CONTRACTUAL REQUIREMENTS SCHEDULE ATTACHMENT D — HHS CONTRACT AFFIRMATIONS -V. 2.2 (MAY 2022) ATTACHMENT E — HHS UNIFORM TERMS AND CONDITIONS — GRANT V. 3.2 (JULY 2022) ATTACHMENT F — HHS DATA USE AGREEMENT ATTACHMENT F-1— DATA USE AGREEMENT -SECURITY AND PRIVACY INQUIRY ATTACHMENT G — ADDITIONAL PROVISIONS -GRANT ATTACHMENT H— FEDERAL ASSURANCES — V. 1.1 ATTACHMENT I — CERTIFICATION REGARDING LOBBYING ATTACHMENT J — FFATA CERTIFICATION FORM ATTACHMENT K — WORK PLAN System Agency Grant Agreement, Contract # HHS001311200019 Page 4 of 6 DocuSign Envelope ID: 551EBB26-E393-4B49-934C-BOB164C5A623 In the event of conflict, ambiguity or inconsistency between the terms and conditions set forth in the documents that comprise this Grant Agreement, the controlling documents shall be this Signature Document, the remaining documents in the following order of precedence: ATTACHMENT F — HHS DATA USE AGREEMENT ATTACHMENT F-1-DATA USE AGREEMENT -SECURITY AND PRIVACY INQUIRY ATTACHMENT A — FY2024 STATEMENT OF WORK ATTACHMENT C — FY2024 PHEP CONTRACTUAL REQUIREMENTS SCHEDULE ATTACHMENT K— WORK PLAN ATTACHMENT E — HHS UNIFORM TERMS AND CONDITIONS — GRANT V. 3.2 (JULY 2022) ATTACHMENT D — HHS CONTRACT AFFIRMATIONS -V. 2.2 (MAY 2022) ATTACHMENT G—ADDITIONAL PROVISIONS -GRANT ATTACHMENT A-1 - SUPPLEMENTAL GRANT GUIDANCE ATTACHMENT B — FY2024 BUDGET ATTACHMENT L — INDIRECT COST RATE ATTACHMENT H — FEDERAL ASSURANCES — V. 1.1 ATTACHMENT I — CERTIFICATION REGARDING LOBBYING ATTACHMENT J — FFATA CERTIFICATION FORM XII. SIGNATURE AUTHORITY Each Party represents and warrants that the person executing this Grant Agreement on its behalf has full power and authority to enter into this Grant Agreement. Any services or work performed by Grantee before this Grant Agreement is effective or after it ceases to be effective are performed at the sole risk of Grantee. SIGNATURE PAGE FOLLOWS System Agency Grant Agreement, Contract # HHS001311200019 Page 5 of 6 DocuSign Envelope ID: 551EBB26-E393-4B49-934C-BOB164C5A623 SIGNATURE PAGE FOR SYSTEM AGENCY GRANT AGREEMENT, CONTRACT No. HHS001311200019 DEPARTMENT OF STATE HEALTH SERVICES r— DocuSigned by: � t"j- WA 'SjgWfffftCFEC4CE Printed Name: David Gruber Title: Associate Commissioner for RLHS Date of Signature: May 19, 2023 CITY OF LUBBOCK DocuSiyned by: Ik,e br 1-rw, Da�,lnt. f�@1148D . Printed Name: Tray Payne Title: Date of Signature: May 19, 2023 System Agency Grant Agreement, Contract # HHS001311200019 Page 6 of 6 DocuSign Envelope ID: 557C76D3-B429-439E-A7E1-7ED98683CE1E ATTACHMENT A FY2024 STATEMENT OF WORK July 1, 2023, through June 30, 2024 I. GRANTEE RESPONSIBILITIES Grantee shall: A. Perform activities in support of the Public Health Emergency Preparedness ("PHEP") Cooperative Agreement between the Centers for Disease Control and Prevention ("CDC") and the Department of State Health Services ("System Agency") to advance public health emergency preparedness. B. Perform the activities required under this Contract in the following cities, counties or groups of counties: Lubbock (Grantee's "Jurisdiction"). C. Provide System Agency with situational awareness data generated through interoperable networks of electronic data systems. D. Coordinate with System Agency program staff to develop a preparedness activity plan for Grantee's jurisdiction. At minimum, Grantee shall ensure at least three of the following public health emergency preparedness capabilities are achieved on an annual basis: 1. Capability 1 — Community preparedness is the ability of communities to prepare for, withstand, and recover from public health incidents in both the short- and long-term. 2. Capability 2 — Community recovery is the ability of communities to identify critical assets, facilities, and other services within public health, emergency management, health care, human services, mental/behavioral health, and environmental health sectors that can guide and prioritize recovery operations. 3. Capability 3 — Emergency operations coordination is the ability to coordinate with emergency management and to direct and support an incident or event with public health or health care implications by establishing a standardized, scalable system of oversight, organization, and supervision that is consistent with jurisdictional standards and practices and the National Incident Management System ("NIMS"). 4. Capability 4 — Emergency public information and warning is the ability to develop, coordinate, and disseminate information, alerts, warnings, and notifications to the public and incident management personnel. 5. Capability 5 — Fatality management is the ability to coordinate with partner organizations and agencies to provide fatality management services to ensure the proper recovery and preservation of remains; identification of the deceased; determination of cause and manner of death; release of remains to an authorized individual; and provision of mental/behavioral health assistance for the grieving. The role also may include supporting activities for the identification, collection, documentation, retrieval, and transportation of human remains, personal effects, and evidence to the examination location or incident morgue. 6. Capability 6 — Information sharing is the ability to conduct multijurisdictional and System Agency Contract No. HHS001311200019 Page 1 DocuSign Envelope ID: 557C76D3-B429-439E-A7E1-7EU9bbd3C:E1E ATTACHMENT A FY2024 STATEMENT OF WORK July 1, 2023, through June 30, 2024 multidisciplinary exchange of health -related information and situational awareness data among federal, state, local, tribal, and territorial levels of government and the private sector. This capability includes the routine sharing of information as well as issuing of public health alerts to all levels of government and the private sector in preparation for and in response to events or incidents of public health significance. 7. Capability 7 — Mass care is the ability of public health agencies to coordinate with and support partner agencies to address, within a congregate location (excluding shelter -in - place locations), the public health, health care, mental/behavioral health, and human services needs of those impacted by an incident. This capability includes coordinating ongoing surveillance and public health assessments to ensure that health needs continue to be met as the incident evolves. 8. Capability 8 — Medical countermeasure dispensing and administration is the ability to provide medical countermeasures to targeted population(s) to prevent, mitigate, or treat the adverse health effects of a public health incident, according to public health guidelines. This capability focuses on dispensing and administering medical countermeasures, such as vaccines, antiviral drugs, antibiotics, and antitoxins. 9. Capability 9 — Medical materiel management and distribution is the ability to acquire, manage, transport, and track medical materiel during a public health incident or event and the ability to recover and account for unused medical materiel, such as pharmaceuticals, vaccines, gloves, masks, ventilators, or medical equipment after an incident. 10. Capability 10 — Medical surge is the ability to provide adequate medical evaluation and care during events that exceed the limits of the normal medical infrastructure of an affected community. It encompasses the ability of the health care system to endure a hazard impact, maintain or rapidly recover operations that were compromised, and support the delivery of medical care and associated public health services, including disease surveillance, epidemiological inquiry, laboratory diagnostic services, and environmental health assessments. 11. Capability 11 — Nonpharmaceutical interventions are actions that people and communities can take to help slow the spread of illness or reduce the adverse impact of public health emergencies. This capability focuses on communities, community partners, and stakeholders recommending and implementing nonpharmaceutical interventions in response to the needs of an incident, event, or threat. Nonpharmaceutical interventions may include isolation; quarantine; restrictions on movement and travel advisories or warnings; social distancing; external decontamination; hygiene; and precautionary protective behaviors. 12. Capability 12 — Public health laboratory testing is the ability to implement and perform methods to detect, characterize, and confirm public health threats. It also includes the ability to report timely data, provide investigative support, and use partnerships to address actual or potential exposure to threat agents in multiple matrices, including clinical specimens and food, water, and other environmental samples. This capability supports passive and active surveillance when preparing for, responding to, and recovering from System Agency Contract No. HHS001311200019 Page 2 DocuSign Envelope ID: 557C76D3-5429-439E-A7E1-7ED98683CE1E ATTACHMENT A FY2024 STATEMENT OF WORK July 1, 2023, through June 30, 2024 biological, chemical, and radiological (if a Radiological Laboratory Response Network is established) public health threats and emergencies. 13. Capability 13 — Public health surveillance and epidemiological investigation is the ability to create, maintain, support, and strengthen routine surveillance and detection systems and epidemiological investigation processes. It also includes the ability to expand these systems and processes in response to incidents of public health significance. 14. Capability 14 — Responder safety and health is the ability to protect public health and other emergency responders during pre -deployment, deployment, and post -deployment. 15. Capability 15 — Volunteer management is the ability to coordinate with emergency management and partner agencies to identify, recruit, register, verify, train, and engage volunteers to support the jurisdictional public health agency's preparedness, response, and recovery activities during pre -deployment, deployment, and post -deployment. E. In the event of a local, state, or federal emergency, utilize approximately five percent (5%) of the Grantee's staff s time supporting this Contract for response efforts. System Agency will reimburse Grantee up to five percent of the total Contract award for personnel costs in responding to an emergency event. Grantee shall maintain records to document the personnel time spent on response efforts for audit purposes. Within five (5) calendar days of the onset of the emergency, Grantee shall notify the assigned System Agency Contract Representative as identified in the Signature Document in writing of its implementation of this provision. F. In the event of a public health emergency involving a portion of the state; mobilize and dispatch staff or equipment purchased with funds from previous PHEP cooperative agreements, and not currently performing critical duties in the jurisdiction served, to the affected area of the state upon receipt of a written request from System Agency. G. Coordinate activities and response plans within Grantee's jurisdiction with the state, regional, and other local jurisdictions, among local agencies, and with hospitals and major health care entities, jurisdictional Metropolitan Medical Response Systems, and Councils of Government. H. Inform System Agency in writing if Grantee will not continue performance under this Contract within thirty (30) days of receipt of System Agency's notification of an amended standard(s) or guideline(s). System Agency may terminate this Contract immediately or within a reasonable period of time as determined by System Agency. I. Develop, implement, and maintain a timekeeping system for accurately documenting staff time and salary expenditures for all staff funded through this Contract, including partial full-time employees and temporary staff. J. Have plans, processes, and training in place to meet NIMS compliance requirements. System Agency Contract No. HHS001311200019 Page 3 Docu5ign Envelope ID: 557C7603-B429-439E-A7E1-7ED9l3b83CE1 E ATTACHMENT A FY2024 STATEMENT OF WORK July 1, 2023, through June 30, 2024 IC When using volunteers during the Contract term, designate a Texas Disaster Volunteer Registry ("TDVR") State Emergency System for the Advanced Registration of Volunteer Health Professionals ("ESAR-VHP") System Administrator, participate in required administrator trainings, and utilize the system to identify volunteers. L. To ensure consistency and coordination of requirements at the local level and eliminate duplication of effort between the various domestic preparedness funding sources in the state, the Grantee shall coordinate all planning, training and exercises performed under this Contract with other Local Health Entities, Texas Division of Emergency Management ("TDEM"), or other points of contact at the discretion of System Agency. M. Coordinate all risk communication activities with System Agency Communications Unit by using System Agency's core messages posted on the System Agency website and submitting copies of draft risk communication materials to System Agency for coordination prior to dissemination. N. Work with the Regional Health Care Coalition to develop comprehensive preparedness strategies. Plans shall be submitted to System Agency via the Operational Readiness Review. O. Incorporate Access and Functional Needs ("AFN") partners in an annual PHEP exercise. Local jurisdictions can fulfill this requirement by incorporating at least one AFN partner in a tabletop, a functional, or a full-scale exercise, or during an incident or public health event in which the AFN partner participates. P. Designate a member of the PHEP program to attend two regional healthcare coalition meetings during the Contract term. II. REPORTING REQUIREMENTS Grantee shall: A. Complete and submit the programmatic reports outlined in ATTACHMENT C, FY2024 PHEP CONTRACTUAL REQUIREMENTS SCHEDULE and as needed to satisfy the information -sharing requirements set forth in Texas Government Code, Sections 421.071 and 421.072 (b) and (c). Grantee shall provide System Agency with other reports, including financial reports, that System Agency determines necessary to accomplish the objectives of this Contract and to monitor compliance. B. Submit the Vulnerable Populations Plan to the Department of State Health Services ("DSHS") Center for Health Emergency Preparedness and Response ("CHEPR") System Agency Contract No. HHS001311200019 Page 4 DocuSign Envelope ID: 557C76D3-B429-439E-A7E1-7ED98683CE1E ATTACHMENT A FY2024 STATEMENT OF WORK July 1, 2023, through June 30, 2024 according to the established due date and submission method outlined in ATTACHMENT C, FY2024 PHEP CONTRACTUAL REQUIREMENTS SCHEDULE. C. Prepare and submit a Work Plan with a Budget to System Agency. The Work Plan will be attached to and incorporated into the Contract as ATTACHMENT K. Revisions to the approved Work Plan are subject to System Agency prior written approval. D. Prepare and submit a current Integrated Preparedness Plan ("IPP"), which must include at least four years of progressive exercise, planning and training to System Agency according to the due date and submission method outlined in ATTACHMENT C, FY2024 PHEP CONTRACTUAL REQUIREMENTS SCHEDULE. The IPP must be based on the results of the Grantee's training needs assessment and the evaluations of previous exercises and responses, including the AAR submitted in Section II. F of this document. The IPP must include a description of: 1. The proposed location, month(s), and year(s) of future exercise(s); 2. The type of future exercise(s) that will take place; and 3. The expected departmental participants and partner organizations. E. Submit documentation of AFN participation according to the due date and submission method outlined in ATTACHMENT C, FY2024 PHEP CONTRACTUAL REQUIREMENTS SCHEDULE. F. Prepare and submit an After -Action Review/Improvement Plan ("AAR/IP") for the annual PHEP exercise with Access and Functional Needs. All AAR/IPs must be submitted to System Agency within 60 calendar days, or 120 calendar days of a Real -World Incident ("RWI"), of the completion of the exercise/response according to the due date and submission method outlined in ATTACHMENT C, FY2024 PHEP CONTRACTUAL REQUIREMENTS SCHEDULE. G. Complete and submit specific forms identified by the System Agency from the Operational Readiness Review ("ORR") to System Agency by uploading supporting documentation to System Agency according to the due date and submission method outlined in ATTACHMENT C, FY2024 PHEP CONTRACTUAL REQUIREMENTS SCHEDULE. H. Prepare and submit a Programmatic Mid -Year and End -of -Year Performance Report to System Agency according to the due date and submission method outlined in ATTACHMENT C, FY2024 PHEP CONTRACTUAL REQUIREMENTS SCHEDULE. 1. Submit evidence of attendance at two regional healthcare coalition meetings during the Contract term according to the due date and submission method outlined in ATTACHMENT System Agency Contract No. HHS001311200019 Page 5 UoCU51gn envelope ID: bb/(:tliu:i-b4Z9-43Ut-Aftl-(tU9t$bt$s5Utlt ATTACHMENT A FY2024 STATEMENT OF WORK July 1, 2023, through June 30, 2024 C, FY2024 PREP CONTRACTUAL REQUIREMENTS SCHEDULE. J. Submit a Financial Status Report (FSR) in accordance with the due dates and submission methods outlined in ATTACHMENT C, FY2024 PHEP CONTRACTUAL REQUIREMENTS SCHEDULE. The first FSR (for the period July 1, 2023, through December 31, 2023) is due by January 31, 2024. The second FSR (for the period January 1, 2024, through June 30, 2024) is due by August 15, 2024. Grantee shall electronically submit Financial Status Reports (FSR) to invoices(a—),dshs.texas.gov and FSRGrants(c�dshs.texas.ggv, with a copy to the assigned System Agency Contract Representative identified in the Signature Document. K. If System Agency determines Grantee needs to submit reports by mail or fax, Grantee shall send the required information to one of the following: For submission by mail, use address below: Department of State Health Services Claims Processing Unit P.O. Box 149347 Austin, TX 78714-9347 2. For submission by fax, use number below: (512) 458-7442 L. Immediately notify System Agency in writing if Grantee is legally prohibited from providing any report required under this Contract. Grantee shall: A. Comply with all applicable federal and state laws, rules, and regulations, as amended, including, but not limited to, the following: 1. Texas Government Code Chapter 418 (§418.074); 2. Public Law 109-417, Pandemic and All -Hazards Preparedness and Advancing Innovation Act ("PAHPAI"); 3. Texas Health and Safety Code Chapter 81; and 4. Section 319C-1 of the Public Health Service (PHS) Act (47 USC § 247d-3a), as amended. System Agency Contract No. HHS001311200019 Page 6 DocuSign Envelope ID: 557C76D3-B429-439E-A7E1-7ED98683CE1E ATTACHMENT A FY2024 STATEMENT OF WORK July 1, 2023, through June 30, 2024 IV. PERFORMANCE MEASURES A. System Agency will monitor the Grantee's performance of the requirements in this Statement of Work and compliance with the Contract's terms and conditions. B. Grantee must adhere to PHEP reporting deadlines and the capability to receive, stage, store, distribute, and dispense material during a public health emergency. Failure to meet these requirements may result in System Agency withholding a portion of the current fiscal year PHEP base award. C. Upon request by System Agency, Grantee shall reasonably revise any performance measure to System Agency's satisfaction and in accordance with the requirements set forth in this Contract. V. INVOICE AND PAYMENT A. Grantee shall request monthly payments by the 30`h day following the service month using the State of Texas Purchase Vouchers (Form B-13 and Form B-13A) at hqp://www.dshs.texas.gov grants forms.shtm. System Agency will issue reimbursement payments to Grantee on a monthly basis for reported actual cash disbursements which are supported by adequate documentation. Invoice approval and payment is contingent upon receipt of adequate supporting documentation and submitting acceptable supporting documentation by electronic mail to invoices(a dshs.texas.gov and CMSInvoices(a-),dshs.texas.gov, with a copy to the assigned —System Agency Contract Representative identified in the Signature Document. At a minimum, every invoice should include: 1. Grantee name, address, email address, vendor identification number and telephone number; 2. DSHS Contract or Purchase Order number; 3. Identification of service(s) provided; 4. The total invoice amount; and 5. Any additional supporting documentation which is required by this Statement of Work or as requested by System Agency. B. Grantee shall electronically submit all invoices with supporting documentation to invoices(@,dshs.texas.gov and CMSInvoices(a-)dshs.texas.gov and a copy to the assigned System Agency Contract Representative identified in the Signature Document. Alternative submission arrangements must be approved by the assigned System Agency Contract Representative identified in the Signature Document. System Agency Contract No. HHS001311200019 Page 7 UOCU51gn tnveiope iu: it ATTACHMENT A FY2024 STATEMENT OF WORK July 1, 2023, through June 30, 2024 C. System Agency will pay Grantee monthly on a cost reimbursement basis. System Agency will reimburse Grantee only for allowable and reported expenses incurred within the grant term. System Agency Contract No. HHS001311200019 Page 8 DocuSign Envelope ID: 557C76D3-B429-439E-A7E1-7ED98683CE1E ATTACHMENT A- 1 PUBLIC HEALTH EMERGENCY PREPAREDNESS COOPERATIVE AGREEMENT (PHEP) GRANT GUIDANCE The Assistance Listing Number (ALN) for the PHEP is 93.069, and the award period is July 1, 2023 through June 30, 2024. As a subrecipient of the PHEP Grant, Grantee must adhere to each of the following requirements: I. PHEP GRANT A. Grantee may not use funds for research, clinical care, fundraising activities or lobbying, construction or major renovations, reimbursement of pre -award costs, to supplant existing state or federal funds for activities, payment or reimbursement of backfilling costs for staff, purchase of vehicles of any kind, uniforms, buildings or real property, or funding an award to another party or provider who is ineligible. B. None of the funds made available under this Contract may be used to promote or advocate the legalization or practice of prostitution or sex trafficking. Nothing in the preceding sentence shall be construed to preclude the provision to individuals of palliative care, treatment, or post -exposure pharmaceutical prophylaxis, and necessary pharmaceuticals and commodities, including test kits, condoms, and, when proven effective, microbicides. C. Grantee must initiate the purchase of all equipment approved in writing by System Agency, as applicable. Failure to timely initiate the purchase of equipment may result in the loss of availability of funds for the purchase of equipment. Requests to purchase equipment must be submitted to the assigned System Agency Contract Manager. D. Grantee must maintain an inventory of equipment, supplies defined as Controlled Assets, and real property. Grantee shall submit an annual cumulative report of the equipment and other property on HHS System Agency Grantee's Property Inventory Report (Form GC-1 1) according to the due dates and submission methods outlined in ATTACHMENT C, FY2024 REQUIREMENTS SCHEDULE. Controlled Assets include firearms, regardless of the acquisition cost, and the following assets with an acquisition cost of $500 or more, but less than $5,000: desktop and laptop computers (including notebooks, tablets and similar devices), non -portable printers and copiers, emergency management equipment, communication devices and systems, and medical and laboratory equipment. Controlled Assets are considered Supplies in the categorical budget. E. At the expiration or termination of this Contract for any reason, title to any remaining equipment and supplies purchased with funds under this Contract reverts to System Agency. Title may be also transferred to another party at the sole discretion of System Agency. System Agency may, at its option and to the extent allowed by law, transfer the reversionary interest to such property to Grantee. System Agency Grant Agreement, Contract # HHS001311200019 Page 1 of 3 HHS Signature Document - Grantee v 3.0 Effective: October 2021 uocubign tnveiope iu: it F. Grantee shall not use System Agency funds to lease buildings or real property without prior written approval from System Agency. G. System Agency reserves the right to redirect funds in the event of financial shortfalls. System Agency will monitor Grantee's expenditures on a biannual basis. If expenditures are below that projected in Grantee's total Contract amount, Grantee's budget may be subject to a decrease for the remainder of the Contract term. Vacant positions existing after ninety (90) days may result in a decrease in funds. H. Grantee may request a one-time working capital advance not to exceed twelve percent (12%) of the total amount of the Contract. All advances must be expended by the end of the Contract term. Advances not expended by the end of the Contract term must be refunded to System Agency. System Agency may require Grantee to repay all or part of advance funds at any time during the Contract's term. However, if the advance has not been repaid prior to the last three months of the Contract term, the Grantee must deduct at least one-third of the remaining advance from each of the last three months' reimbursement requests. If the advance is not repaid prior to the last three months of the Contract term, System Agency will reduce the reimbursement request by one-third of the remaining balance of the advance. II. MATCHING FUNDS A. Grantee shall match funds awarded under this Contract with costs or third -party contributions that are not paid by the federal government under another award, except where authorized by federal statute to be used for cost -sharing or matching. The non- federal contributions ("match") may be provided directly or through donations from public or private entities and may be in cash or in -kind donations, fairly evaluated, including plant, equipment, or services. The costs that the Grantee incurs in fulfilling the matching or cost -sharing requirement are subject to the same requirements, including the cost principles, that are applicable to the use of federal funds, including prior approval requirements and other rules for allowable costs as described in 45 CFR 74.23 and 45 CFR 92.24, as amended. B. Grantee shall provide matching funds in the amount of ten percent (10%) of the DSHS Direct Costs and Indirect Costs amount as set forth in ATTACHMENT B, FY2024 BUDGET. Cash match is defined as an expenditure of cash by the Grantee on allowable costs of this Contract that are borne by the Grantee. In -kind match is defined as the dollar value of non -cash contributions by a third party given in goods, commodities, or services that are used in activities that benefit this Contract's project and that are contributed by non-federal third parties without charge to the Grantee. The criteria for match must: 1. Be an allowable cost under the applicable federal cost principle; 2. Be necessary and reasonable for the efficient accomplishment of project or program objectives; System Agency Grant Agreement, Contract # HHS001311200019 Page 2 of 3 HAS Signature Document - Grantee v 3.0 Effective: October 2021 DocuSign Envelope ID: 557C76D3-B429-439E-A7E1-7ED98683CE1E 3. Be verifiable within the Grantee's (or subgrantee's) records; 4. Be documented, including methods and sources, in the approved budget (applies only to cost reimbursement contracts); 5. Not be included as contributions toward any other federally -assisted project or program (match can count only once); 6. Not be paid by the federal government under another award, except where authorized by federal statute to be used for cost -sharing or match; 7. Conform to other provisions of governing circulars/statutes/regulations as applicable for the Contract; 8. Be adequately documented; 9. Follow procedures for generally accepted accounting practices as well as meet audit requirements; and 10. Value the in -kind contributions reported and be supported by documentation reflecting the use of goods and/or services during the Contract term. III. AUDIT REQUIREMENTS Grantee shall adhere to the following requirements: 1. If Grantee expends $750,000.00 or more in federal financial assistance during the program's fiscal year, an independent financial and compliance audit must be completed by a Certified Public Accounting firm in accordance with 2 CFR 200 (Uniform Grant Guidance). Grantee must submit two (2) copies of the audit report to the Texas Health and Human Services Commission within thirty (30) calendar days of receipt of the audit reports required by the Independent Single or Program - Specific Audit section of Attachment E, HHS Uniform Terms and Conditions - Grant v. 3.2 (July 2022). (See Article IV, Section 4.2.) Grantee must submit one (1) copy of these documents electronically via https://hhsportal.hhs.state.tx.us/heartwebextrSau as described in instructions that the Texas Health and Human Services Commission shall provide. 2. If the Certified Public Accounting firm's audit report includes findings or questioned costs, Grantee must submit updates on the implementation of the corrective action plan to the Texas Health and Human Services Commission at Single Audit Reportnhhs.texas.gov no later than the date designated by the Texas Health and Human Services Commission. 3. Grantee must retain records to support expenditures and make those records available for review or audit by appropriate officials of the awarding agency, the General Accountability Office and/or their representatives. System Agency Grant Agreement, Contract # HHS001311200019 Page 3 of 3 HAS Signature Document - Grantee v 3.0 Effective: October 2021 UocuSign tnvelope U 557C;7tiUJ-b419-4J5t-Aitl-itU96bdsl;tlt ATTACHMENT B FY2024 Budget July 1, 2023, through June 30, 2024 A. Funding Source: Federal B. Compliance with the following Grant requirements is required: 1. Grant Technical Assistance Guide located at System Agency website: https://hhs.texas.gov/doing-business-hhs/ ants; 2. Texas Grant Management Standards 3. 2 C.F.R. Part 200 C. System Agency total reimbursement for the grant term will not exceed $261,833.00 for the period July 1, 2023 through June 30, 2024. Grantee is required to provide a match amount of 10% of the total grant award. All expenditures under this Grant Agreement shall be in accordance with the following cost categories: Budget Categories DSHS Funding Personnel $162,066.00 Fringe Benefits $73,902.00 Travel $4,063.00 Equipment $0.00 Supplies $17,783.00 Contractual $0.00 Other $4,019.00 Sum of DSHS Direct Costs $261,833.00 Indirect Costs $0.00 Sum of DSHS Direct Costs and Indirect Costs $261,833.00 Plus Required Match Cash or In -Kind) $26,183.00 Total Contract Amount $288,016.00 D. Cost Reimbursement Budget: 1. Grantee's approved cost reimbursement budget documents all approved and allowable expenditures. 2. Grantee shall only utilize the funding for approved and allowable costs. If Grantee requests to utilize funds for an expense not documented on the approved cost reimbursement budget, Grantee shall notify System Agency assigned contract manager, in writing, and request approval prior to utilizing the funds. System Agency shall provide written notification if the requested expense is approved. 3. If needed, Grantee may revise the System Agency -approved cost reimbursement budget. Revision requirements are as follows: DocuSign Envelope ID: 557C76D3-B429-439E-A7E1-7ED98683CE1E ATTACHMENT B FY2024 Budget July 1, 2023, through June 30, 2024 a. System Agency approves Grantee's transfer of up to twenty-five (25) percent of funds from budgeted direct cost categories only, excluding the "Equipment" category. Budget revisions exceeding twenty-five (25) percent requirement require System Agency's written approval. b. Grantee may request revisions to the approved annual cost reimbursement budget direct cost categories that exceed the twenty-five (25) percent requirement, excluding "Equipment" and "Indirect Cost" categories, by submitting a written request to the System Agency assigned contract manager. This change will require a formal contract amendment. System Agency will amend the Contract if Grantee's revision request is approved. Grantee's budget revision is not authorized, and funds cannot be utilized until the contract amendment is executed. c. Grantee may revise the annual cost reimbursement budget "Equipment" and/or "Indirect Cost" categories, however a formal contract amendment is required. Grantee shall submit to the System Agency assigned contract manager a written request to revise the budget, which includes a justification for the revisions. System Agency will amend the Contract if Grantee's revision request is approved. Grantee's budget revision is not authorized, and funds cannot be utilized until the contract amendment is executed. DocuSign Envelope ID: 557C76D3-B429-439E-A7E1-7ED98683CE1E ATTACHMENT C - FY2024 PHEP CONTRACTUAL REQUIREMENTS SCHEDULE MONTH DAY CONTRACTUAL REQUIREMENT SUBMIT TO: 2023 July 1 Start of new FY24 contract year August 31 July B-13 Involces@dshs.texas.govcund CMSlnvoices@dshstexes.gov July Support Documentation September 30 August B-13 Invoices@dshs.texas.gov and CMSlnvoices@jdshs.texas.gov Au ust Support Documentation 18 1 FY24 Vulnerable Populations Work Plan DSHS CHEPR External Sharepoint Site 18 Contractor's Property Inventory Report (GC-11) PHEP@dshs.texas.gov and Assigned Contract Manager October 24-25 HPP PHEP Joint Meetings - Tentative Date Norris Conference Center 31 September B-13 Invoices@dshs.texas.govand imoices@dshs.texas.gov September Support Documentation November 30 October B-13 Invoices@dshs.texas.gov and CMSlnvoices@dshs.texas.gov October Support Documentation December Y9 November B-13 Invoices@dshs.texas.gov and CMSfnvoices@dshs.texas.gov November Support Documentation 2024 December B-13 Invoices@dshs.texas.govandCMSlnvoices@dshs.texas.gov December Support Documentation January 31 let Biannual FSR FSRGren shs.texas. ov and invo dshs.texas. v Programmatic Mid -Year Performance Report DSHS CHEPR External SharePoint Site January1343 Invoices@dshs.texas.gov and CMSlnvoices@dshs.texas.gov February 28 January Support Documentation March 31 February B-13 February Support Documentation Invoices(@dshs.texes.gov and CMSlnvoices@dshs.texas.gov 23-24 HPP PHEP Joint Meetings - Tentative Date Norris Conference Center April March B-13 30 Irwoloes@dshs.texasgovandCMSInvoices@dshs.texas.gov March Support Documentation 1 Integrated Preparedness Plan (IPP) SchedulelPlan DSHS CHEPR External SharePoint Site May 31 April B-13 Invoices@dshs.texas.govcund CMSlnvoices@dshs.texas.gov April Support Documentation MayB-13 June 30 May Support Documentation lnvolces@dshs.texas.gov and CMSlnvoices@dshs.texas.gov Submit proof of attendance of two (2) regional healthcare coalition meetings from the contract period DSHS CHEPR External SharePoint Site Annual PHEP Exercise with Access and Functional Needs (AFN) Partners DSHS CHEPR External SharePoint Site July 1 Start of new FY25 contract year June B-13 (Final) Invoices@dshs.texas.gov and CMSlnvoices@dshs.texas.gov June Support Documentation (Final) August 15 2nd Biannual FSR FSRGmnts@dshs.texas.gov and Invoices@tdshs.texas.gov 4th Quarter B-13A (Final) Invoi shs.texas. ov and CMSinvoicos@dshs.texas.gov Programmatic End -of -Year Performance Report DSHS CHEPR External SharePoint Site NON-SPECIFIC DATE DEADLINES Performance Measures due to DSHS In a format speckled by DSHS pending release of the report template from CDC. DSHS CHEPR External SharePoint Site Complete and submit the Operational Readiness Review (ORR) and all supporting documentation twenty (20) business days prior to the review in a format specified by DSHS. [OCIPHER for CRI and a Word Document for Non- CRI Jurisdictions] - Most forms are waived. Workforce Development and Training (WDT) and Access and Functional Needs (AFN) forms will be used to evaluate the PHEP Annual Exercise and the DSHS External CHEPR SharePoint Site IPP. DSHS may add contractual requirements and revise reporting due dates in this FY2024 PHEP Contractual Reporting Schedule to comply with modifications made to the grant award by the CDC. DSHS will notify Grantee of these modifications through a Technical Guidance Letter. PHEP Inbox - phep@dshs.texas.gov Preparedness Exercise Inbox - Preparednessexercise@dshs.texas.gov Attachment C- FY2024 PHEP Contractual Requirements Schedule DocuSign Envelope ID: 557C76D3-B429-439E-A7E1-7ED98683CE1E HEALTH AND HUMAN SERVICES Contract: HHS001311200019 Attachment D CONTRACT AFFIRMATIONS For purposes of these Contract Affirmations, HHS includes both the Health and Human Services Commission (HHSC) and the Department of State Health Services (DSHS). System Agency refers to HHSC, DSHS, or both, that will be a party to this Contract. These Contract Affirmations apply to all Contractors and Grantees (referred to as "Contractor") regardless of their business form (e.g., individual, partnership, corporation). By entering into this Contract, Contractor affirms, without exception, understands, and agrees to comply with the following items through the life of the Contract: 1. Contractor represents and warrants that these Contract Affirmations apply to Contractor and all of Contractor's principals, officers, directors, shareholders, partners, owners, agents, employees, subcontractors, independent contractors, and any other representatives who may provide services under, who have a financial interest in, or otherwise are interested in this Contract and any related Solicitation. 2. Complete and Accurate Information Contractor represents and warrants that all statements and information provided to HHS are current, complete, and accurate. This includes all statements and information in this Contract and any related Solicitation Response. 3. Public Information Act Contractor understands that HHS will comply with the Texas Public Information Act (Chapter 552 of the Texas Government Code) as interpreted by judicial rulings and opinions of the Attorney General of the State of Texas. Information, documentation, and other material prepared and submitted in connection with this Contract or any related Solicitation may be subject to public disclosure pursuant to the Texas Public Information Act. In accordance with Section 2252.907 of the Texas Government Code, Contractor is required to make any information created or exchanged with the State pursuant to the Contract, and not otherwise excepted from disclosure under the Texas Public Information Act, available in a format that is accessible by the public at no additional charge to the State. 4. Contracting Information Requirements Contractor represents and warrants that it will comply with the requirements of Section 552.372(a) of the Texas Government Code. Except as provided by Section 552.374(c) of the Texas Government Code, the requirements of Subchapter J (Additional Provisions Related to Contracting Information), Chapter 552 of the Government Code, may apply to the Contract and the Contractor agrees that the Contract can be terminated if the Contractor knowingly or intentionally fails to comply with a requirement of that subchapter. Health and Human Services Contract Affirmations v. 2.2 Effective May 2022 Page I of 13 uocuoign cnvewpe iu. our %,i c 5. Assignment A. Contractor shall not assign its rights under the Contract or delegate the performance of its duties under the Contract without prior written approval from System Agency. Any attempted assignment in violation of this provision is void and without effect. B. Contractor understands and agrees the System Agency may in one or more transactions assign, pledge, or transfer the Contract. Upon receipt of System Agency's notice of assignment, pledge, or transfer, Contractor shall cooperate with System Agency in giving effect to such assignment, pledge, or transfer, at no cost to System Agency or to the recipient entity. 6. Terms and Conditions Contractor accepts the Solicitation terms and conditions unless specifically noted by exceptions advanced in the form and manner directed in the Solicitation, if any, under which this Contract was awarded. Contractor agrees that all exceptions to the Solicitation, as well as terms and conditions advanced by Contractor that differ in any manner from HHS' terms and conditions, if any, are rejected unless expressly accepted by System Agency in writing. 7. HHS Right to Use Contractor agrees that HHS has the right to use, produce, and distribute copies of and to disclose to HHS employees, agents, and contractors and other governmental entities all or part of this Contract or any related Solicitation Response as HHS deems necessary to complete the procurement process or comply with state or federal laws. 8. Release from Liability Contractor generally releases from liability and waives all claims against any party providing information about the Contractor at the request of System Agency. 9. Dealings with Public Servants Contractor has not given, has not offered to give, and does not intend to give at any time hereafter any economic opportunity, future employment, gift, loan, gratuity, special discount, trip, favor, or service to a public servant in connection with this Contract or any related Solicitation, or related Solicitation Response. 10. Financial Participation Prohibited Under Section 2155.004, Texas Government Code (relating to financial participation in preparing solicitations), Contractor certifies that the individual or business entity named in this Contract and any related Solicitation Response is not ineligible to receive this Contract and acknowledges that this Contract may be terminated and payment withheld if this certification is inaccurate. 11. Prior Disaster Relief Contract Violation Under Sections 2155.006 and 2261.053 of the Texas Government Code (relating to convictions and penalties regarding Hurricane Rita, Hurricane Katrina, and other disasters), the Contractor certifies that the individual or business entity named in this Contract and any related Solicitation Response is not ineligible to receive this Contract Health and Human Services Contract Affirmations v. 2.2 Effective May 2022 Page 2 of 13 DocuSign Envelope ID: 557C76D3-B429-439E-A7E1-7ED98683CE1E and acknowledges that this Contract may be terminated and payment withheld if this certification is inaccurate. 12. Child Support Obligation Under Section 231.006(d) of the Texas Family Code regarding child support, Contractor certifies that the individual or business entity named in this Contract and any related Solicitation Response is not ineligible to receive the specified payment and acknowledges that the Contract may be terminated and payment may be withheld if this certification is inaccurate. If the certification is shown to be false, Contractor may be liable for additional costs and damages set out in 231.006(f). 13. Suspension and Debarment Contractor certifies that it and its principals are not suspended or debarred from doing business with the state or federal government as listed on the State of Texas Debarred Vendor List maintained by the Texas Comptroller of Public Accounts and the System for Award Management (SAM) maintained by the General Services Administration. This certification is made pursuant to the regulations implementing Executive Order 12549 and Executive Order 12689, Debarment and Suspension, 2 C.F.R. Part 376, and any relevant regulations promulgated by the Department or Agency funding this project. This provision shall be included in its entirety in Contractor's subcontracts, if any, if payment in whole or in part is from federal funds. 14. Excluded Parties Contractor certifies that it is not listed in the prohibited vendors list authorized by Executive Order 13224, "Blocking Property and Prohibiting Transactions with Persons Who Commit, Threaten to Commit, or Support Terrorism, " published by the United States Department of the Treasury, Office of Foreign Assets Control.' 15. Foreign Terrorist Organizations Contractor represents and warrants that it is not engaged in business with Iran, Sudan, or a foreign terrorist organization, as prohibited by Section 2252.152 of the Texas Government Code. 16. Executive Head of a State Agency In accordance with Section 669.003 of the Texas Government Code, relating to contracting with the executive head of a state agency, Contractor certifies that it is not (1) the executive head of an HHS agency, (2) a person who at any time during the four years before the date of this Contract was the executive head of an HHS agency, or (3) a person who employs a current or former executive head of an HHS agency. 17. Human Trafficking Prohibition Under Section 2155.0061 of the Texas Government Code, Contractor certifies that the individual or business entity named in this Contract is not ineligible to receive this Contract and acknowledges that this Contract may be terminated and payment withheld if this certification is inaccurate. Health and Human Services Contract Affirmations v. 2.2 Effective May 2022 Page 3 of 13 DocuSign Envelope ID: 557C76D3-B429-439E-A7E1-7ED98683CE1E 18. Franchise Tax Status Contractor represents and warrants that it is not currently delinquent in the payment of any franchise taxes owed the State of Texas under Chapter 171 of the Texas Tax Code. 19. Debts and Delinquencies Contractor agrees that any payments due under this Contract shall be applied towards any debt or delinquency that is owed to the State of Texas. 20. Lobbying Prohibition Contractor represents and warrants that payments to Contractor and Contractor's receipt of appropriated or other funds under this Contract or any related Solicitation are not prohibited by Sections 556.005, 556.0055, or 556.008 of the Texas Government Code (relating to use of appropriated money or state funds to employ or pay lobbyists, lobbying expenses, or influence legislation). 21. Buy Texas Contractor agrees to comply with Section 2155.4441 of the Texas Government Code, requiring the purchase of products and materials produced in the State of Texas in performing service contracts. 22. Disaster Recovery Plan Contractor agrees that upon request of System Agency, Contractor shall provide copies of its most recent business continuity and disaster recovery plans. 23. Computer Equipment Recycling Program If this Contract is for the purchase or lease of computer equipment, then Contractor certifies that it is in compliance with Subchapter Y, Chapter 361 of the Texas Health and Safety Code related to the Computer Equipment Recycling Program and the Texas Commission on Environmental Quality rules in 30 TAC Chapter 328. 24. Television Equipment Recycling Program If this Contract is for the purchase or lease of covered television equipment, then Contractor certifies that it is compliance with Subchapter Z, Chapter 361 of the Texas Health and Safety Code related to the Television Equipment Recycling Program. 25. Cybersecurity Training A. Contractor represents and warrants that it will comply with the requirements of Section 2054.5192 of the Texas Government Code relating to cybersecurity training and required verification of completion of the training program. B. Contractor represents and warrants that if Contractor or Subcontractors, officers, or employees of Contractor have access to any state computer system or database, the Contractor, Subcontractors, officers, and employees of Contractor shall complete cybersecurity training pursuant to and in accordance with Government Code, Section 2054.5192. Health and Human Services Contract Affirmations v. 2.2 Effective May 2022 Page 4 of 13 DocuSign Envelope ID: 557C76D3-6429-439E-A7E1-7ED98683CE1E 26. Restricted Employment for Certain State Personnel Contractor acknowledges that, pursuant to Section 572.069 of the Texas Government Code, a former state officer or employee of a state agency who during the period of state service or employment participated on behalf of a state agency in a procurement or contract negotiation involving Contractor may not accept employment from Contractor before the second anniversary of the date the Contract is signed or the procurement is terminated or withdrawn. 27. No Conflicts of Interest A. Contractor represents and warrants that it has no actual or potential conflicts of interest in providing the requested goods or services to System Agency under this Contract or any related Solicitation and that Contractor's provision of the requested goods and/or services under this Contract and any related Solicitation will not constitute an actual or potential conflict of interest or reasonably create an appearance of impropriety. B. Contractor agrees that, if after execution of the Contract, Contractor discovers or is made aware of a Conflict of Interest, Contractor will immediately and fully disclose such interest in writing to System Agency. In addition, Contractor will promptly and fully disclose any relationship that might be perceived or represented as a conflict after its discovery by Contractor or by System Agency as a potential conflict. System Agency reserves the right to make a final determination regarding the existence of Conflicts of Interest, and Contractor agrees to abide by System Agency's decision. 28. Fraud, Waste, and Abuse Contractor understands that HHS does not tolerate any type of fraud, waste, or abuse. Violations of law, agency policies, or standards of ethical conduct will be investigated, and appropriate actions will be taken. Pursuant to Texas Government Code, Section 321.022, if the administrative head of a department or entity that is subject to audit by the state auditor has reasonable cause to believe that money received from the state by the department or entity or by a client or contractor of the department or entity may have been lost, misappropriated, or misused, or that other fraudulent or unlawful conduct has occurred in relation to the operation of the department or entity, the administrative head shall report the reason and basis for the belief to the Texas State Auditor's Office (SAO). All employees or contractors who have reasonable cause to believe that fraud, waste, or abuse has occurred (including misconduct by any HHS employee, Grantee officer, agent, employee, or subcontractor that would constitute fraud, waste, or abuse) are required to immediately report the questioned activity to the Health and Human Services Commission's Office of Inspector General. Contractor agrees to comply with all applicable laws, rules, regulations, and System Agency policies regarding fraud, waste, and abuse including, but not limited to, HHS Circular C-027. A report to the SAO must be made through one of the following avenues: • SAO Toll Free Hotline: 1-800-TX-AUDIT • SAO website: http://sao.fraud.state.tx.us All reports made to the OIG must be made through one of the following avenues: Health and Human Services Contract Affirmations v. 2.2 Effective May 2022 Page 5 of 13 DocuSign Envelope ID: 557C76D3-B429-439E-A7E1 -7ED98683CE1 E • OIG Toll Free Hotline 1-800-436-6184 • OIG Website: ReportTexasFraud.com • Internal Affairs Email: IntemalAffairsReferral@hhsc.state.tx.us • OIG Hotline Email: OIGFraudHotline@hhsc.state.tx.us. • OIG Mailing Address: Office of Inspector General Attn: Fraud Hotline MC 1300 P.O. Box 85200 Austin, Texas 78708-5200 29. Antitrust The undersigned affirms under penalty of perjury of the laws of the State of Texas that: A. in connection with this Contract and any related Solicitation Response, neither I nor any representative of the Contractor has violated any provision of the Texas Free Enterprise and Antitrust Act, Tex. Bus. & Comm. Code Chapter 15; B. in connection with this Contract and any related Solicitation Response, neither I nor any representative of the Contractor has violated any federal antitrust law; and C. neither I nor any representative of the Contractor has directly or indirectly communicated any of the contents of this Contract and any related Solicitation Response to a competitor of the Contractor or any other company, corporation, firm, partnership or individual engaged in the same line of business as the Contractor. 30. Legal and Regulatory Actions Contractor represents and warrants that it is not aware of and has received no notice of any court or governmental agency proceeding, investigation, or other action pending or threatened against Contractor or any of the individuals or entities included in numbered paragraph 1 of these Contract Affirmations within the five (5) calendar years immediately preceding execution of this Contract or the submission of any related Solicitation Response that would or could impair Contractor's performance under this Contract, relate to the contracted or similar goods or services, or otherwise be relevant to System Agency's consideration of entering into this Contract. If Contractor is unable to make the preceding representation and warranty, then Contractor instead represents and warrants that it has provided to System Agency a complete, detailed disclosure of any such court or governmental agency proceeding, investigation, or other action that would or could impair Contractor's performance under this Contract, relate to the contracted or similar goods or services, or otherwise be relevant to System Agency's consideration of entering into this Contract. In addition, Contractor acknowledges this is a continuing disclosure requirement. Contractor represents and warrants that Contractor shall notify System Agency in writing within five (5) business days of any changes to the representations or warranties in this clause and understands that failure to so timely update System Agency shall constitute breach of contract and may result in immediate contract termination. Health and Human Services Contract Affirmations v. 2.2 Effective May 2022 Page 6 of 13 DocuSign Envelope ID: 557C76D3-B429-439E-A7E1-7ED98683CE1E 31. No Felony Criminal Convictions Contractor represents that neither Contractor nor any of its employees, agents, or representatives, including any subcontractors and employees, agents, or representative of such subcontractors, have been convicted of a felony criminal offense or that if such a conviction has occurred Contractor has fully advised System Agency in writing of the facts and circumstances surrounding the convictions. 32. Unfair Business Practices Contractor represents and warrants that it has not been the subject of allegations of Deceptive Trade Practices violations under Chapter 17 of the Texas Business and Commerce Code, or allegations of any unfair business practice in any administrative hearing or court suit and that Contractor has not been found to be liable for such practices in such proceedings. Contractor certifies that it has no officers who have served as officers of other entities who have been the subject of allegations of Deceptive Trade Practices violations or allegations of any unfair business practices in an administrative hearing or court suit and that such officers have not been found to be liable for such practices in such proceedings. 33. Entities that Boycott Israel Contractor represents and warrants that (1) it does not, and shall not for the duration of the Contract, boycott Israel or (2) the verification required by Section 2271.002 of the Texas Government Code does not apply to the Contract. If circumstances relevant to this provision change during the course of the Contract, Contractor shall promptly notify System Agency. 34. E-Verify Contractor certifies that for contracts for services, Contractor shall utilize the U.S. Department of Homeland Security's E-Verify system during the term of this Contract to determine the eligibility of: 1. all persons employed by Contractor to perform duties within Texas; and 2. all persons, including subcontractors, assigned by Contractor to perform work pursuant to this Contract within the United States of America. 35. Former Agency Employees — Certain Contracts If this Contract is an employment contract, a professional services contract under Chapter 2254 of the Texas Government Code, or a consulting services contract under Chapter 2254 of the Texas Government Code, in accordance with Section 2252.901 of the Texas Government Code, Contractor represents and warrants that neither Contractor nor any of Contractor's employees including, but not limited to, those authorized to provide services under the Contract, were former employees of an HHS Agency during the twelve (12) month period immediately prior to the date of the execution of the Contract. Health and Human Services Contract Affirmations v. 2.2 Effective May 2022 Page 7 of 13 DocuSign Envelope ID: 557C76D3-B429-439E-A7E1-7ED98683CE1E 36. Disclosure of Prior State Employment — Consulting Services If this Contract is for consulting services, A. In accordance with Section 2254.033 of the Texas Government Code, a Contractor providing consulting services who has been employed by, or employs an individual who has been employed by, System Agency or another State of Texas agency at any time during the two years preceding the submission of Contractor's offer to provide services must disclose the following information in its offer to provide services. Contractor hereby certifies that this information was provided and remains true, correct, and complete: 1. Name of individual(s) (Contractor or employee(s)); 2. Status; 3. The nature of the previous employment with HHSC or the other State of Texas agency; 4. The date the employment was terminated and the reason for the termination; and 5. The annual rate of compensation for the employment at the time of its termination. B. If no information was provided in response to Section A above, Contractor certifies that neither Contractor nor any individual employed by Contractor was employed by System Agency or any other State of Texas agency at any time during the two years preceding the submission of Contractor's offer to provide services. 37. Abortion Funding Limitation Contractor understands, acknowledges, and agrees that, pursuant to Article IX of the General Appropriations Act (the Act), to the extent allowed by federal and state law, money appropriated by the Texas Legislature may not be distributed to any individual or entity that, during the period for which funds are appropriated under the Act: 1. performs an abortion procedure that is not reimbursable under the state's Medicaid program; 2. is commonly owned, managed, or controlled by an entity that performs an abortion procedure that is not reimbursable under the state's Medicaid program; or 3. is a franchise or affiliate of an entity that performs an abortion procedure that is not reimbursable under the state's Medicaid program. The provision does not apply to a hospital licensed under Chapter 241, Health and Safety Code, or an office exempt under Section 245.004(2), Health and Safety Code. Contractor represents and warrants that it is not ineligible, nor will it be ineligible during the term of this Contract, to receive appropriated funding pursuant to Article IX. 38. Funding Eligibility Contractor understands, acknowledges, and agrees that, pursuant to Chapter 2272 (eff. Sept. 1, 2021, Ch. 2273) of the Texas Government Code, except as exempted under that Chapter, HHSC cannot contract with an abortion provider or an affiliate of an abortion provider. Contractor certifies that it is not ineligible to contract with HHSC under the terms of Chapter 2272 (eff. Sept. 1, 2021, Ch. 2273) of the Texas Government Code. Health and Human Services Contract Affirmations v. 2.2 Effective May 2022 Page 8 of 13 DocuSign Envelope ID: 557C76D3-B429-439E-A7E1-7ED98683CE1E 39. Prohibition on Certain Telecommunications and Video Surveillance Services or Equipment (2 CFR 200.216) Contractor certifies that the individual or business entity named in this Response or Contract is not ineligible to receive the specified Contract or funding pursuant to 2 CFR 200.216. 40. COVID-19 Vaccine Passports Pursuant to Texas Health and Safety Code, Section 161.0085(c), Contractor certifies that it does not require its customers to provide any documentation certifying the customer's COVID-19 vaccination or post -transmission recovery on entry to, to gain access to, or to receive service from the Contractor's business. Contractor acknowledges that such a vaccine or recovery requirement would make Contractor ineligible for a state -funded contract. 41. Entities that Boycott Energy Companies In accordance with Senate Bill 13, Acts 2021, 87th Leg., R.S., pursuant to Section 2274.002 of the Texas Government Code (relating to prohibition on contracts with companies boycotting certain energy companies), Contractor represents and warrants that: (1) it does not, and will not for the duration of the Contract, boycott energy companies or (2) the verification required by Section 2274.002 of the Texas Government Code does not apply to the Contract. If circumstances relevant to this provision change during the course of the Contract, Contractor shall promptly notify System Agency. 42. Entities that Discriminate Against Firearm and Ammunition Industries In accordance with Senate Bill 19, Acts 2021, 87th Leg., R.S., pursuant to Section 2274.002 of the Texas Government Code (relating to prohibition on contracts with companies that discriminate against firearm and ammunition industries), Contractor verifies that: (1) it does not, and will not for the duration of the Contract, have a practice, policy, guidance, or directive that discriminates against a firearm entity or firearm trade association or (2) the verification required by Section 2274.002 of the Texas Government Code does not apply to the Contract. If circumstances relevant to this provision change during the course of the Contract, Contractor shall promptly notify System Agency. 43. Security Controls for State Agency Data In accordance with Senate Bill 475, Acts 2021, 87th Leg., R.S., pursuant to Texas Government Code, Section 2054.138, Contractor understands, acknowledges, and agrees that if, pursuant to this Contract, Contractor is or will be authorized to access, transmit, use, or store data for System Agency, Contractor is required to meet the security controls the System Agency determines are proportionate with System Agency's risk under the Contract based on the sensitivity of System Agency's data and that Contractor must periodically provide to System Agency evidence that Contractor meets the security controls required under the Contract. Health and Human Services Contract Affirmations v. 2.2 Effective May 2022 Page 9 of 13 DocuSign Envelope ID: 557C76D3-B429-439E-A7E1-7ED98683CE1E 44. Cloud Computing State Risk and Authorization Management Program (TX -RAMP) In accordance with Senate Bill 475, Acts 2021, 87th Leg., R.S., pursuant to Texas Government Code, Section 2054.0593, Contractor acknowledges and agrees that, if providing cloud computing services for System Agency, Contractor must comply with the requirements of the state risk and authorization management program and that System Agency may not enter or renew a contract with Contractor to purchase cloud computing services for the agency that are subject to the state risk and authorization management program unless Contractor demonstrates compliance with program requirements. If providing cloud computing services for System Agency that are subject to the state risk and authorization management program, Contractor certifies it will maintain program compliance and certification throughout the term of the Contract. 45. Office of Inspector General Investigative Findings Expert Review In accordance with Senate Bill 799, Acts 2021, 87th Leg., R.S., if Texas Government Code, Section 531.102(m-1)(2) is applicable to this Contract, Contractor affirms that it possesses the necessary occupational licenses and experience. 46. Contract for Professional Services of Physicians, Optometrists, and Registered Nurses In accordance with Senate Bill 799, Acts 2021, 87th Leg., R.S., if Texas Government Code, Section 2254.008(a)(2) is applicable to this Contract, Contractor affirms that it possesses the necessary occupational licenses and experience. 47. Foreign -Owned Companies in Connection with Critical Infrastructure If Texas Government Code, Section 2274.0102(a)(1) (relating to prohibition on contracts with certain foreign -owned companies in connection with critical infrastructure) is applicable to this Contract, pursuant to Government Code Section 2274.0102, Contractor certifies that neither it nor its parent company, nor any affiliate of Contractor or its parent company, is: (1) majority owned or controlled by citizens or governmental entities of China, Iran, North Korea, Russia, or any other country designated by the Governor under Government Code Section 2274.0103, or (2) headquartered in any of those countries. 48. Critical Infrastructure Subcontracts For purposes of this Paragraph, the designated countries are China, Iran, North Korea, Russia, and any countries lawfully designated by the Governor as a threat to critical infrastructure. Pursuant to Section 113.002 of the Business and Commerce Code, Contractor shall not enter into a subcontract that will provide direct or remote access to or control of critical infrastructure, as defined by Section 113.001 of the Texas Business and Commerce Code, in this state, other than access specifically allowed for product warranty and support purposes to any subcontractor unless (i) neither the subcontractor nor its parent company, nor any affiliate of the subcontractor or its parent company, is majority owned or controlled by citizens or governmental entities of a designated country; and (ii) neither the subcontractor nor its parent company, nor any affiliate of the subcontractor or its parent company, is headquartered in a designated country. Contractor will notify the System Agency before entering into any subcontract that will provide direct or remote Health and Human Services Contract Affirmations v. 2.2 Effective May 2022 Page 10 of 13 DocuSign Envelope ID: 557C76D3-B429-439E-A7E1-7ED98683CE1E access to or control of critical infrastructure, as defined by Section 113.001 of the Texas Business & Commerce Code, in this state. 49. Enforcement of Certain Federal Firearms Laws Prohibited In accordance with House Bill 957, Acts 2021, 87th Leg., R.S., if Texas Government Code, Section 2.101 is applicable to Contractor, Contractor certifies that it is not ineligible to receive state grant funds pursuant to Texas Government Code, Section 2.103. 50. Prohibition on Abortions Contractor understands, acknowledges, and agrees that, pursuant to Article II of the General Appropriations Act, (1) no funds shall be used to pay the direct or indirect costs (including marketing, overhead, rent, phones, and utilities) of abortion procedures provided by contractors of HHSC; and (2) no funds appropriated for Medicaid Family Planning, Healthy Texas Women Program, or the Family Planning Program shall be distributed to individuals or entities that perform elective abortion procedures or that contract with or provide funds to individuals or entities for the performance of elective abortion procedures. Contractor represents and warrants that it is not ineligible, nor will it be ineligible during the term of this Contract, to receive appropriated funding pursuant to Article II. 51. False Representation Contractor understands, acknowledges, and agrees that any false representation or any failure to comply with a representation, warranty, or certification made by Contractor is subject to all civil and criminal consequences provided at law or in equity including, but not limited to, immediate termination of this Contract. 52. False Statements Contractor represents and warrants that all statements and information prepared and submitted by Contractor in this Contract and any related Solicitation Response are current, complete, true, and accurate. Contractor acknowledges any false statement or material misrepresentation made by Contractor during the performance of this Contract or any related Solicitation is a material breach of contract and may void this Contract. Further, Contractor understands, acknowledges, and agrees that any false representation or any failure to comply with a representation, warranty, or certification made by Contractor is subject to all civil and criminal consequences provided at law or in equity including, but not limited to, immediate termination of this Contract. 53. Permits and License Contractor represents and warrants that it will comply with all applicable laws and maintain all permits and licenses required by applicable city, county, state, and federal rules, regulations, statutes, codes, and other laws that pertain to this Contract. 54. Equal Employment Opportunity Contractor represents and warrants its compliance with all applicable duly enacted state and federal laws governing equal employment opportunities. Health and Human Services Contract Affirmations v. 2.2 Effective May 2022 Page 11 of 13 DocuSign Envelope ID: 557C76D3-B429-439E-A7E1-7ED98683CE1E 55. Federal Occupational Safety and Health Law Contractor represents and warrants that all articles and services shall meet or exceed the safety standards established and promulgated under the Federal Occupational Safety and Health Act of 1970, as amended (29 U.S.C. Chapter 15). 56. Signature Authority Contractor represents and warrants that the individual signing this Contract Affirmations document is authorized to sign on behalf of Contractor and to bind the Contractor. Signature Page Follows Health and Human Services Contract Affirmations v. 2.2 Effective May 2022 Page 12 of 13 DocuSign Envelope ID: 551 EBB26-E393-4B49-934C-BOB1 64C5A623 Authorized representative on behalf of Contractor must complete and sign the following: City of Lubbock Legal Name of Contractor NA Assumed Business Name of Contractor, if applicable (d/b/a or `doing business as') N/A Texas County(s) for Assumed Business Name (d/b/a or `doing business as') Attach Assumed Name Certificate(s) filed with the Texas Secretary of State and Assumed Name Certificate(s), if any, for each Texas County Where Assumed Name Certificate(s) has been filed. DocuSigned by: Qwt�t,Y' Q/�lu�AY' i#ii1i%Y-FFd%f Authorized Representative Amber Aguilar Printed Name of Authorized Representative First, Middle Name or Initial, and Last Name Amber N Aguilar Physical Street Address PO BOX 2000 Mailing Address, if different 806-775-2149 Phone Number aaguilar@mylubbock.us mylubbock.us Email Address aaguilar@mylubbock.us Federal Employer Identification Number N/A Texas Franchise Tax Number LXDNEKWRVKJ6 SAM.gov Unique Entity Identifier (UEI) May 3.2023 Date Signed 5/3/2023 Title of Authorized Representative Senior Grant Accountant City, State, Zip Code LUBBOCK, TX, 79457 City, State, Zip Code 806-775-3273 Fax Number 058213893 DUNS Number 17560005906 Texas Identification Number (TIN) 75-6000590 Texas Secretary of State Filing Number Health and Human Services Contract Affirmations v. 2.2 Effective May 2022 Page 13 of 13 DocuSign Envelope ID: 551EBB26-E393-4B49-934C-BOB164C5A623 Attachment E TEXAS Health and Human Services Health and Human Services (HHS) Uniform Terms and Conditions - Grant Version 3.2 Published and Effective — July 2022 Responsible Office: Chief Counsel DocuSign Envelope ID: 557C76D3-B429-439E-A7E1-7ED98683CE1E ABOUT THIS DOCUMENT In this document, Grantees (also referred to in this document as subrecipients or contractors) will find requirements and conditions applicable to grant funds administered and passed -through by both the Texas Health and Human Services Commission (HHSC) and the Department of State Health Services (DSHS). These requirements and conditions are incorporated into the Grant Agreement through acceptance by Grantee of any funding award by HHSC or DSHS. The terms and conditions in this document are in addition to all requirements listed in the RFA, if any, under which applications for this grant award are accepted, as well as all applicable federal and state laws and regulations. Applicable federal and state laws and regulations may include, but are not limited to: 2 CFR Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards; requirements of the entity that awarded the funds to HHS; Chapter 783 of the Texas Government Code; Texas Comptroller of Public Accounts' agency rules (including Uniform Grant and Contract Standards set forth in Title 34, Part 1, Chapter 20, Subchapter E, Division 4 of the Texas Administrative Code); the Texas Grant Management Standards (TxGMS) developed by the Texas Comptroller of Public Accounts; and the Funding Announcement, Solicitation, or other instrument/documentation under which HHS was awarded funds. HHS, in its sole discretion, reserves the right to add requirements, terms, or conditions. HHS Uniform Terms and Conditions — Grant v 3.2 Effective July 2022 Page 2 of 29 DocuSign Envelope ID: 557C76D3-B429-439E-A7E1-7ED98683CE1E TABLE OF CONTENTS ARTICLE I. DEFINITIONS AND INTERPRETIVE PROVISIONS ........................... 6 1.1 DEFINITIONS......................................................................................................... 6 1.2 INTERPRETIVE PROVISIONS.................................................................................. 7 ARTICLE II. PAYMENT PROVISIONS......................................................................... 8 2.1 PROMPT PAYMENT................................................................................................ 8 2.2 TAXES.................................................................................................................... 8 2.3 ANCILLARY AND TRAVEL EXPENSES................................................................... 9 2.4 BILLING.................................................................................................................9 2.5 USE OF FUNDS....................................................................................................... 9 2.6 USE FOR MATCH PROHIBITED.............................................................................. 9 2.7 PROGRAM INCOME ............................................................................................... 9 2.8 NONSUPPLANTING.................................................................................................9 2.9 INDIRECT COST RATES....................................................................................... 10 ARTICLE III. STATE AND FEDERAL FUNDING.....................................................10 3.1 EXCESS OBLIGATIONS PROHIBITED................................................................... 10 3.2 NO DEBT AGAINST THE STATE........................................................................... 10 3.3 DEBTS AND DELINQUENCIES.............................................................................. 10 3.4 REFUNDS AND OVERPAYMENTS......................................................................... 10 ARTICLE IV. ALLOWABLE COSTS AND AUDIT REQUIREMENTS ..................11 4.1 ALLOWABLE COSTS............................................................................................ 11 4.2 AUDITS AND FINANCIAL STATEMENTS............................................................... 11 4.3 SUBMISSION OF AUDITS AND FINANCIAL STATEMENTS .................................... 12 ARTICLE V. WARRANTY, AFFIRMATIONS, ASSURANCES AND CERTIFICATIONS...........................................................................................................12 5.1 WARRANTY......................................................................................................... 12 5.2 GENERAL AFFIRMATIONS................................................................................... 13 5.3 FEDERAL ASSURANCES....................................................................................... 13 5.4 FEDERAL CERTIFICATIONS................................................................................ 13 5.5 STATE ASSURANCES............................................................................................ 13 HHS Uniform Terms and Conditions — Grant v 3.2 Effective July 2022 Page 3 of 29 DocuSign Envelope ID: 557C76D3-B429-439E-A7El-7ED98683CElE ARTICLE VI. INTELLECTUAL PROPERTY.............................................................13 6.1 OWNERSHIP OF WORK PRODUCT....................................................................... 13 6.2 GRANTEE'S PRE-EXISTING WORKS................................................................... 14 6.3 THIRD PARTY IP................................................................................................. 14 6.4 AGREEMENTS WITH EMPLOYEES AND SUBCONTRACTORS ............................... 14 6.5 DELIVERY UPON TERMINATION OR EXPIRATION .............................................. 15 6.6 SURVIVAL............................................................................................................ 15 6.7 SYSTEM AGENCY DATA...................................................................................... 15 ARTICLEVII. PROPERTY............................................................................................15 7.1 USE OF STATE PROPERTY................................................................................... 15 7.2 DAMAGE TO STATE PROPERTY.......................................................................... 16 7.3 PROPERTY RIGHTS UPON TERMINATION OR EXPIRATION OF CONTRACT ....... 16 7.4 EQUIPMENT AND PROPERTY............................................................................... 16 ARTICLE VIII. RECORD RETENTION, AUDIT, AND CONFIDENTIALITY ..... 17 8.1 RECORD MAINTENANCE AND RETENTION......................................................... 17 8.2 AGENCY'S RIGHT TO AUDIT............................................................................... 17 8.3 RESPONSEXOMPLIANCE WITH AUDIT OR INSPECTION FINDINGS ................... 18 8.4 STATE AUDITOR'S RIGHT TO AUDIT.................................................................. 18 8.5 CONFIDENTIALITY.............................................................................................. 18 ARTICLE IX. GRANT REMEDIES, TERMINATION AND PROHIBITED ACTIVITIES......................................................................................................................19 9.1 REMEDIES............................................................................................................19 9.2 TERMINATION FOR CONVENIENCE.................................................................... 19 9.3 TERMINATION FOR CAUSE................................................................................. 19 9.4 GRANTEE RESPONSIBILITY FOR SYSTEM AGENCY'S TERMINATION COSTS.... 20 9.5 INHERENTLY RELIGIOUS ACTIVITIES................................................................ 20 9.6 POLITICAL ACTIVITIES....................................................................................... 20 ARTICLEX. INDEMNITY.............................................................................................. 21 10.1 GENERAL INDEMNITY......................................................................................... 21 10.2 INTELLECTUAL PROPERTY................................................................................. 21 10.3 ADDITIONAL INDEMNITY PROVISIONS............................................................... 22 ARTICLE XI. GENERAL PROVISIONS...................................................................... 22 11.1 AMENDMENTS..................................................................................................... 22 11.2 NO QUANTITY GUARANTEES.............................................................................. 22 HHS Uniform Terms and Conditions — Grant v 3.2 Effective July 2022 Page 4 of 29 DocuSign Envelope ID: 557C76D3-B429-439E-A7E1-7ED98683CE1E 11.3 CHILD ABUSE REPORTING REQUIREMENTS...................................................... 22 11.4 CERTIFICATION OF MEETING OR EXCEEDING TOBACCO -FREE WORKPLACE POLICY MINIMUM STANDARDS.......................................................................... 23 11.5 INSURANCE AND BONDS...................................................................................... 23 11.6 LIMITATION ON AUTHORITY.............................................................................. 23 11.7 CHANGE IN LAWS AND COMPLIANCE WITH LAWS ............................................ 24 11.8 SUBCONTRACTORS.............................................................................................. 24 11.9 PERMITTING AND LICENSURE............................................................................ 24 11.10 INDEPENDENT CONTRACTOR............................................................................. 24 11.11 GOVERNING LAW AND VENUE........................................................................... 25 11.12 SEVERABILITY.....................................................................................................25 11.13 SURVIVABILITY................................................................................................... 25 11.14 FORCE MAJEURE................................................................................................ 25 11.15 NO IMPLIED WAIVER OF PROVISIONS............................................................... 26 11.16 FUNDING DISCLAIMERS AND LABELING............................................................ 26 11.17 MEDIA RELEASES............................................................................................... 26 11.18 PROHIBITION ON NON -COMPETE RESTRICTIONS ............................................. 26 11.19 SOVEREIGN IMMUNITY....................................................................................... 26 11.20 ENTIRE CONTRACT AND MODIFICATION........................................................... 27 11.21 COUNTERPARTS.................................................................................................. 27 11.22 PROPER AUTHORITY........................................................................................... 27 11.23 E-VERIFY PROGRAM.......................................................................................... 27 11.24 CIvIL RIGHTS...................................................................................................... 27 11.25 ENTERPRISE INFORMATION MANAGEMENT STANDARDS ................................. 28 11.26 DISCLOSURE OF LITIGATION.............................................................................. 28 11.27 NO THIRD PARTY BENEFICIARIES..................................................................... 29 11.28 BINDING EFFECT................................................................................................. 29 HHS Uniform Terms and Conditions — Grant v 3.2 Effective July 2022 Page 5 of 29 DocuSign Envelope ID: 557C76D3-l3429-439E-A7E1 -7ED98683CE1 E ARTICLE I. DEFINITIONS AND INTERPRETIVE PROVISIONS 1.1 DEFINITIONS As used in this Grant Agreement, unless a different definition is specified, or the context clearly indicates otherwise, the following terms and conditions have the meanings assigned below: "Amendment" means a written agreement, signed by the Parties, which documents changes to the Grant Agreement. "Contract" or "Grant Agreement" means the agreement entered into by the Parties, including the Signature Document, these Uniform Terms and Conditions, along with any attachments and amendments that may be issued by the System Agency. "Deliverables" means the goods, services, and work product, including all reports and project documentation, required to be provided by Grantee to the System Agency. "DSHS" means the Department of State Health Services. "Effective Date" means the date on which the Grant Agreement takes effect. "Federal Fiscal Year" means the period beginning October 1 and ending September 30 each year, which is the annual accounting period for the United States government. "GAAP" means Generally Accepted Accounting Principles. "GASB" means the Governmental Accounting Standards Board. "Grantee" means the Party receiving funds under this Grant Agreement. May also be referred to as "subrecipient" or "contractor" in this document. "HHSC" means the Texas Health and Human Services Commission. "Health and Human Services" or "HHS" includes HHSC and DSHS. "Intellectual PropeM Rights" means the worldwide proprietary rights or interests, including patent, copyright, trade secret, and trademark rights, as such right may be evidenced by or embodied in: i. any idea, design, concept, personality right, method, process, technique, apparatus, invention, discovery, or improvement; ii. any work of authorship, including any compilation, computer code, website or web page design, literary work, pictorial work, or graphic work; iii. any trademark, service mark, trade dress, trade name, branding, or other indicia of source or origin; iv. domain name registrations; and v. any other proprietary or similar rights. The Intellectual Property Rights of a Party include all worldwide proprietary rights or interests that the Party may have acquired by assignment, by exclusive license, or by license with the right to grant sublicenses. "Parties" means the System Agency and Grantee, collectively. "Part 'means either the System Agency or Grantee, individually. HHS Uniform Terms and Conditions — Grant v. 3.2 Effective July 2022 Page 6 of 29 DocuSign Envelope ID: 557C76D3-B429-439E-A7E1 -7ED98683CE1 E "Project" means specific activities of the Grantee that are supported by funds provided under this Grant Agreement. "Signature Document" means the document executed by all Parties for this Grant Agreement. "Solicitation," "Funding Announcement" or "Request for Applications WAY' means the document (including all exhibits, attachments, and published addenda), issued by the System Agency under which applications for grant funds were requested, which is incorporated by reference in the Grant Agreement for all purposes in its entirety. "Solicitation Response" or "Application" means Grantee's full and complete Solicitation response (including any attachments and addenda), which is incorporated by reference in the Grant Agreement for all purposes in its entirety. "State Fiscal Year" means the period beginning September 1 and ending August 31 each year, which is the annual accounting period for the State of Texas. "State of Texas Textravel" means the Texas Comptroller of Public Accounts' state travel rules, policies, and guidelines. "Statement of Work" means the description of activities Grantee must perform to complete the Project, as specified in the Grant Agreement and as may be amended. "System Agency" means HHSC or DSHS, as applicable. "Work Product" means any and all works, including work papers, notes, materials, approaches, designs, specifications, systems, innovations, improvements, inventions, software, programs, source code, documentation, training materials, audio or audiovisual recordings, methodologies, concepts, studies, reports, whether finished or unfinished, and whether or not included in the deliverables, that are developed, produced, generated or provided by Grantee in connection with Grantee's performance of its duties under the Grant Agreement or through use of any funding provided under this Grant Agreement. "Texas Grant Management Standards" or "TxGMS" means uniform grant and contract administration procedures, developed under the authority of Chapter 783 of the Texas Government Code, to promote the efficient use of public funds in local government and in programs requiring cooperation among local, state, and federal agencies. Under this Grant Agreement, TxGMS applies to Grantee except as otherwise provided by applicable law or directed by System Agency. Additionally, except as otherwise provided by applicable law, in the event of a conflict between TxGMS and applicable federal or state law, federal law prevails over state law and state law prevails over TxGMS. 1.2 INTERPRETIVE PROVISIONS A. The meanings of defined terms include the singular and plural forms. B. The words "hereof," "herein," "hereunder," and similar words refer to this Grant Agreement as a whole and not to any particular provision, section, attachment, or schedule of this Grant Agreement unless otherwise specified. C. The term "including" is not limiting and means "including without limitation" and, unless otherwise expressly provided in this Grant Agreement, (i) references to contracts HHS Uniform Terms and Conditions — Grant v. 3.2 Effective July 2022 Page 7 of 29 DocuSign Envelope ID: 557C76D3-B429-439E-A7E1-7ED98683CE1E (including this Grant Agreement) and other contractual instruments shall be deemed to include all subsequent Amendments and other modifications, but only to the extent that such Amendments and other modifications are not prohibited by the terms of this Grant Agreement, and (ii) references to any statute or regulation are to be construed as including all statutory and regulatory provisions consolidating, amending, replacing, supplementing, or interpreting the statute or regulation. D. Any references to agreements, contracts, statutes, or administrative rules or regulations in the Grant Agreement are references to these documents as amended, modified, or supplemented during the term of the Grant Agreement. E. The captions and headings of this Grant Agreement are for convenience of reference only and do not affect the interpretation of this Grant Agreement. F. All attachments, including those incorporated by reference, and any Amendments are considered part of the terms of this Grant Agreement. G. This Grant Agreement may use several different limitations, regulations, or policies to regulate the same or similar matters. All such limitations, regulations, and policies are cumulative. H. Unless otherwise expressly provided, reference to any action of the System Agency or by the System Agency by way of consent, approval, or waiver will be deemed modified by the phrase "in its sole discretion." I. Time is of the essence in this Grant Agreement. J. Prior to execution of the Grant Agreement, Grantee must notify System Agency's designated contact in writing of any ambiguity, conflict, discrepancy, omission, or other error. If Grantee fails to notify the System Agency designated contact of any ambiguity, conflict, discrepancy, omission or other error in the Grant Agreement prior to Grantee's execution of the Grant Agreement, Grantee: i. Shall have waived any claim of error or ambiguity in the Grant Agreement; and ii. Shall not contest the interpretation by the System Agency of such provision(s). No grantee will be entitled to additional reimbursement, relief, or time by reason of any ambiguity, conflict, discrepancy, exclusionary specification, omission, or other error or its later correction. ARTICLE II. PAYMENT PROVISIONS 2.1 PROMPT PAYMENT Payment shall be made in accordance with Chapter 2251 of the Texas Government Code, commonly known as the Texas Prompt Payment Act. Chapter 2251 of the Texas Government Code shall govern remittance of payment and remedies for late payment and non-payment. 2.2 TAxEs Grantee represents and warrants that it shall pay all taxes or similar amounts resulting from the Grant Agreement, including, but not limited to, any federal, State, or local income, sales or excise taxes of Grantee or its employees. System Agency shall not be liable for any taxes resulting from the Grant Agreement. HHS Uniform Terms and Conditions — Grant v. 3.2 Effective July 2022 Page 8 of 29 DocuSign Envelope ID: 557C76D3-B429-439E-A7E1-7ED98683CE1E 2.3 ANCILLARY AND TRAVEL EXPENSES A. Except as otherwise provided in the Grant Agreement, no ancillary expenses incurred by the Grantee in connection with its provision of the services or deliverables will be reimbursed by the System Agency. Ancillary expenses include, but are not limited to, costs associated with transportation, delivery, and insurance for each deliverable. B. Except as otherwise provided in the Grant Agreement, when the reimbursement of travel expenses is authorized by the Grant Agreement, all such expenses will be reimbursed in accordance with the rates set by the Texas Comptroller's Textravel guidelines, which can currently be accessed at: https:Hfmx.cpa.texas.gov/finx/travel/textravel/. 2.4 BILLING Unless otherwise provided in the Grant Agreement, Grantee shall bill the System Agency in accordance with the Grant Agreement. Unless otherwise specified in the Grant Agreement, Grantee shall submit requests for reimbursement or payment monthly by the last business day of the month following the month in which expenses were incurred or services provided. Grantee shall maintain all documentation that substantiates invoices and make the documentation available to the System Agency upon request. 2.5 USE OF FUNDS Grantee shall expend funds under this Grant Agreement only for approved services and for reasonable and allowable expenses directly related to those services. 2.6 USE FOR MATCH PROHIBITED Grantee shall not use funds provided under this Grant Agreement for matching purposes in securing other funding without the written approval of the System Agency. 2.7 PROGRAM INCOME Program income refers to gross income directly generated by a supporting activity during the period of performance. Unless otherwise required under the Grant Agreement, Grantee shall use Program Income, as provided in TxGMS, to further the Project, and Grantee shall spend the Program Income on the Project. Grantee shall identify and report Program Income in accordance with the Grant Agreement, applicable law, and any programmatic guidance. Grantee shall expend Program Income during the Grant Agreement term, when earned, and may not carry Program Income forward to any succeeding term. Grantee shall refund Program Income to the System Agency if the Program Income is not expended in the term in which it is earned. The System Agency may base future funding levels, in part, upon Grantee's proficiency in identifying, billing, collecting, and reporting Program Income, and in using Program Income for the purposes and under the conditions specified in this Grant Agreement. 2.8 NONSUPPLANTING Grant funds must be used to supplement existing, new or corresponding programming and related activities. Grant funds may not be used to supplant (replace) existing funds that have been appropriated, allocated, or disbursed for the same purpose. System Agency may conduct Grant monitoring or audits may be conducted to review, among other things, Grantee's compliance with this provision. HHS Uniform Terms and Conditions — Grant v. 3.2 Effective July 2022 Page 9 of 29 DocuSign Envelope ID: 557C76D3-B429-439E-A7E1-7ED98683CE1E 2.9 INDIRECT COST RATES The System Agency may acknowledge an indirect cost rate for Grantees that is utilized for all applicable Grant Agreements. For subrecipients receiving federal funds, indirect cost rates will be determined in accordance with applicable law including, but not limited to, 2 CFR 200.414(f). For recipients receiving state funds, indirect costs will be determined in accordance with applicable law including, but not limited to, TxGMS. Grantees funded with blended federal and state funding will be subject to both state and federal requirements when determining indirect costs. In the event of a conflict between TxGMS and applicable federal law or regulation, the provisions of federal law or regulation will apply. Grantee will provide any necessary financial documents to determine the indirect cost rate in accordance with the Uniform Grant Guidance (UGG) and TxGMS. ARTICLE III. STATE AND FEDERAL FUNDING 3.1 EXCESS OBLIGATIONS PROHIBITED This Grant Agreement is subject to termination or cancellation, without penalty to System Agency, either in whole or in part, subject to the availability and actual receipt by System Agency of state or federal funds. System Agency is a state agency whose authority and appropriations are subject to actions of the Texas Legislature. If System Agency becomes subject to a legislative change, revocation of statutory authority, or lack of appropriated funds that would render either System Agency's or Grantee's delivery or performance under the Grant Agreement impossible or unnecessary, the Grant Agreement will be terminated or cancelled and be deemed null and void. In the event of a termination or cancellation under this Section, System Agency will not be liable to Grantee for any damages that are caused or associated with such termination or cancellation, and System Agency will not be required to give prior notice. Additionally, System Agency will not be liable to Grantee for any remaining unpaid funds under this Grant Agreement at time of termination. 3.2 NO DEBT AGAINST THE STATE This Grant Agreement will not be construed as creating any debt by or on behalf of the State of Texas. 3.3 DEBTS AND DELINQUENCIES Grantee agrees that any payments due under the Grant Agreement shall be directly applied towards eliminating any debt or delinquency it has to the State of Texas including, but not limited to, delinquent taxes, delinquent student loan payments, and delinquent child support during the entirety of the Grant Agreement term. 3.4 REFUNDS AND OVERPAYMENTS A. At its sole discretion, the System Agency may (i) withhold all or part of any payments to Grantee to offset overpayments, unallowable or ineligible costs made to the Grantee, or if any required financial status report(s) is not submitted by the due date(s); or (ii) require Grantee to promptly refund or credit - within thirty (30) calendar days of written notice — to System Agency any funds erroneously paid by System Agency which are not expressly authorized under the Grant Agreement. HHS Uniform Terms and Conditions — Grant v. 3.2 Effective July 2022 Page 10 of 29 DocuSign Envelope ID: 557C76D3-B429-439E-A7E1-7ED98683CE1E B. "Overpayments" as used in this Section include payments (i) made by the System Agency that exceed the maximum allowable rates; (ii) that are not allowed under applicable laws, rules, or regulations; or (iii) that are otherwise inconsistent with this Grant Agreement, including any unapproved expenditures. Grantee understands and agrees that it shall be liable to the System Agency for any costs disallowed pursuant to financial and compliance audit(s) of funds received under this Grant Agreement. Grantee further understands and agrees that reimbursement of such disallowed costs shall be paid by Grantee from funds which were not provided or otherwise made available to Grantee under this Grant Agreement. ARTICLE IV. ALLOWABLE COSTS AND AUDIT REQUIREMENTS 4.1 ALLOWABLE COSTS A. Allowable Costs are restricted to costs that are authorized under Texas Uniform Grant Management Standards (TxGMS) and applicable state and federal rules and laws. This Grant Agreement is subject to all applicable requirements of TxGMS, including the criteria for Allowable Costs. Additional federal requirements apply if this Grant Agreement is funded, in whole or in part, with federal funds. B. System Agency will reimburse Grantee for actual, allowable, and allocable costs incurred by Grantee in performing the Project, provided the costs are sufficiently documented. Grantee must have incurred a cost prior to claiming reimbursement and within the applicable term to be eligible for reimbursement under this Grant Agreement. At its sole discretion, the System Agency will determine whether costs submitted by Grantee are allowable and eligible for reimbursement. The System Agency may take repayment (recoup) from remaining funds available under this Grant Agreement in amounts necessary to fulfill Grantee's repayment obligations. Grantee and all payments received by Grantee under this Grant Agreement are subject to applicable cost principles, audit requirements, and administrative requirements including applicable provisions under 2 CFR 200, 48 CFR Part 31, and TxGMS. C. OMB Circulars will be applied with the modifications prescribed by TxGMS with effect given to whichever provision imposes the more stringent requirement in the event of a conflict. 4.2 AUDITS AND FINANCIAL STATEMENTS A. Audits i. Grantee understands and agrees that Grantee is subject to any and all applicable audit requirements found in state or federal law or regulation or added by this Grant Agreement ii. HHS Single Audit Unit will notify Grantee to complete the Single Audit Determination Form. If Grantee fails to complete the form within thirty (30) calendar days after receipt of notice, Grantee maybe subject to sanctions and remedies for non-compliance. iii. If Grantee, within Grantee's fiscal year, expends at least SEVEN HUNDRED FIFTY THOUSAND DOLLARS ($750,000) in federal funds awarded, Grantee shall have a single audit or program -specific audit in accordance with 2 CFR 200. The federal HHS Uniform Terms and Conditions — Grant v. 3.2 Effective July 2022 Page 11 of 29 DocuSign Envelope ID: 557C7603-B429-439E-A7El-7ED98683CElE threshold amount includes federal funds passed through by way of state agency awards. iv. If Grantee, within Grantee's fiscal year, expends at least SEVEN HUNDRED FIFTY THOUSAND DOLLARS ($750,000) in state funds awarded, Grantee shall have a single audit or program -specific audit in accordance with TxGMS. The audit must be conducted by an independent certified public accountant and in accordance with 2 CFR 200, Government Auditing Standards, and TxGMS. v. For -profit Grantees whose expenditures meet or exceed the federal or state expenditure thresholds stated above shall follow the guidelines in 2 CFR 200 or TxGMS, as applicable, for their program -specific audits. vi. Each Grantee required to obtain a single audit must competitively re -procure single audit services once every six years. Grantee shall procure audit services in compliance with this section, state procurement procedures, as well as with applicable provisions of 2 CFR 200 and TxGMS. B. Financial Statements. Each Grantee that does not meet the expenditure threshold for a single audit or program - specific audit, must provide financial statements for the audit period. 4.3 SUBMISSION OF AUDITS AND FINANCIAL STATEMENTS A. Audits. Due the earlier of 30 days after receipt of the independent certified public accountant's report or nine months after the end of the fiscal year, Grantee shall submit one electronic copy of the single audit or program -specific audit to the System Agency via: i. HHS portal at https•//hhsl)ortal.hhs.state.tx.us/heartwebextr/hhscSau or, ii. Email to: single audit_ report(ahhsc.state.tx.us. B. Financial Statements. Due no later than nine months after the Grantee's fiscal year-end, Grantees not required to submit an audit, shall submit one electronic copy of their financial statements via: i. HHS portal at https•//hhsi)ortal.hhs.state.tx.us/heartwebextr/hhscSau; or, ii. Email to: single audit report,hhsc.state.tx.us. ARTICLE V. WARRANTY, AFFIRMATIONS, ASSURANCES AND CERTIFICATIONS 5.1 WARRANTY Grantee warrants that all work under this Grant Agreement shall be completed in a manner consistent with standards under the terms of this Grant Agreement, in the applicable trade, profession, or industry; shall conform to or exceed the specifications set forth in the Grant Agreement; and all deliverables shall be fit for ordinary use, of good quality, and with no material defects. If System Agency, in its sole discretion, determines Grantee has failed to complete work timely or to perform satisfactorily under conditions required by this Grant Agreement, the System Agency may require Grantee, at its sole expense, to: i. Repair or replace all defective or damaged work; I Refund any payment Grantee received from System Agency for all defective or damaged work and, in conjunction therewith, require Grantee to accept the return of such work; and, HHS Uniform Terms and Conditions — Grant v. 3.2 Effective July 2022 Page 12 of 29 DocuSign Envelope ID: 557C76D3-B429-439E-A7E1-7ED98683CE1E iii. Take necessary action to ensure that Grantee's future performance and work conform to the Grant Agreement requirements. 5.2 GENERAL AFFIRMATIONS Grantee certifies that, to the extent affirmations are incorporated into the Grant Agreement, the Grantee has reviewed the affirmations and that Grantee is in compliance with all requirements. 5.3 FEDERAL ASSURANCES Grantee further certifies that, to the extent federal assurances are incorporated into the Grant Agreement, the Grantee has reviewed the federal assurances and that Grantee is in compliance with all requirements. 5.4 FEDERAL CERTIFICATIONS Grantee further certifies that, to the extent federal certifications are incorporated into the Grant Agreement, the Grantee has reviewed the federal certifications and that Grantee is in compliance with all requirements. In addition, Grantee certifies that it is in compliance with all applicable federal laws, rules, and regulations, as they may pertain to this Grant Agreement. 5.5 STATE ASSURANCES Except to the extent of any conflict under applicable law or requirements or guidelines of any federal awarding agency from which funding for this Grant Agreement originated, the Grantee must comply with the applicable state assurances included within the TxGMS which are incorporated here by reference. ARTICLE VI. INTELLECTUAL PROPERTY 6.1 OWNERSHIP OF WORK PRODUCT A. All right, title, and interest in the Work Product, including all Intellectual Property Rights therein, is exclusively owned by System Agency. Grantee and Grantee's employees will have no rights in or ownership of the Work Product or any other property of System Agency. B. Any and all Work Product that is copyrightable under United States copyright law is deemed to be "work made for hire" owned by System Agency, as provided by Title 17 of the United States Code. To the extent that Work Product does not qualify as a "work made for hire" under applicable federal law, Grantee hereby irrevocably assigns and transfers to System Agency, its successors and assigns, the entire right, title, and interest in and to the Work Product, including any and all Intellectual Property Rights embodied therein or associated therewith, and in and to all works based upon, derived from, or incorporating the Work Product, and in and to all income, royalties, damages, claims and payments now or hereafter due or payable with respect thereto, and in and to all causes of action, either in law or in equity for past, present or future infringement based on the copyrights, and in and to all rights corresponding to the foregoing. C. Grantee agrees to execute all papers and to perform such other acts as System Agency may deem necessary to secure for System Agency or its designee the rights herein assigned. HHS Uniform Terms and Conditions — Grant v. 3.2 Effective July 2022 Page 13 of 29 DocuSign Envelope ID: 557C76D3-B429-439E-A7E1-7ED98683CE1E D. In the event that Grantee has any rights in and to the Work Product that cannot be assigned to System Agency, Grantee hereby grants to System Agency an exclusive, worldwide, royalty -free, transferable, irrevocable, and perpetual license, with the right to sublicense, to reproduce, distribute, modify, create derivative works of, publicly perform and publicly display, make, have made, use, sell and offer for sale the Work Product and any products developed by practicing such rights. E. The foregoing does not apply to Incorporated Pre-existing Works or Third Party IP that are incorporated in the Work Product by Grantee. Grantee shall provide System Agency access during normal business hours to all Grantee materials, premises, and computer files containing the Work Product. 6.2 GRANTEE'S PRE-EXISTING WORKS A. To the extent that Grantee incorporates into the Work Product any works of Grantee that were created by Grantee or that Grantee acquired rights in prior to the Effective Date of this Grant Agreement ("Incorporated Pre-existing Works"), Grantee retains ownership of such Incorporated Pre-existing Works. B. Grantee hereby grants to System Agency an irrevocable, perpetual, non-exclusive, royalty -free, transferable, worldwide right and license, with the right to sublicense, to use, reproduce, modify, copy, create derivative works of, publish, publicly perform and display, sell, offer to sell, make and have made, the Incorporated Pre-existing Works, in any medium, with or without the associated Work Product. C. Grantee represents, warrants, and covenants to System Agency that Grantee has all necessary right and authority to grant the foregoing license in the Incorporated Pre- existing Works to System Agency. 6.3 THIRD PARTY IP A. To the extent that any Third Party IP is included or incorporated in the Work Product by Grantee, Grantee hereby grants to System Agency, or shall obtain from the applicable third party for System Agency's benefit, the irrevocable, perpetual, non-exclusive, worldwide, royalty -free right and license, for System Agency's internal business or governmental purposes only, to use, reproduce, display, perform, distribute copies of, and prepare derivative works based upon such Third Party IP and any derivative works thereof embodied in or delivered to System Agency in conjunction with the Work Product, and to authorize others to do any or all of the foregoing. B. Grantee shall obtain System Agency's advance written approval prior to incorporating any Third Party IP into the Work Product, and Grantee shall notify System Agency on delivery of the Work Product if such materials include any Third Party IP. C. Grantee shall provide System Agency all supporting documentation demonstrating Grantee's compliance with this Section 6.3, including without limitation documentation indicating a third parry's written approval for Grantee to use any Third Party IP that may be incorporated in the Work Product. 6.4 AGREEMENTS WITH EMPLOYEES AND SUBCONTRACTORS Grantee shall have written, binding agreements with its employees and subcontractors that include provisions sufficient to give effect to and enable Grantee's compliance with Grantee's obligations under this Article VI, Intellectual Property. HHS Uniform Terms and Conditions — Grant v. 3.2 Effective July 2022 Page 14 of 29 DocuSign Envelope ID: 557C76D3-B429-439E-A7E1-7ED98683CE1E 6.5 DELIVERY UPON TERMINATION OR EXPIRATION No later than the first calendar day after the termination or expiration of the Grant Agreement or upon System Agency's request, Grantee shall deliver to System Agency all completed, or partially completed, Work Product, including any Incorporated Pre-existing Works, and any and all versions thereof. Grantee's failure to timely deliver such Work Product is a material breach of the Grant Agreement. Grantee will not retain any copies of the Work Product or any documentation or other products or results of Grantee's activities under the Grant Agreement without the prior written consent of System Agency. 6.6 SURVIVAL The provisions and obligations of this Article survive any termination or expiration of the Grant Agreement. 6.7 SYSTEM AGENCY DATA A. As between the Parties, all data and information acquired, accessed, or made available to Grantee by, through, or on behalf of System Agency or System Agency contractors, including all electronic data generated, processed, transmitted, or stored by Grantee in the course of providing data processing services in connection with Grantee's performance hereunder (the "System Agency Data"), is owned solely by System Agency. B. Grantee has no right or license to use, analyze, aggregate, transmit, create derivatives of, copy, disclose, or process the System Agency Data except as required for Grantee to fulfill its obligations under the Grant Agreement or as authorized in advance in writing by System Agency. C. For the avoidance of doubt, Grantee is expressly prohibited from using, and from permitting any third party to use, System Agency Data for marketing, research, or other non -governmental or commercial purposes, without the prior written consent of System Agency. D. Grantee shall make System Agency Data available to System Agency, including to System Agency's designated vendors, as directed in writing by System Agency. The foregoing shall be at no cost to System Agency. E. Furthermore, the proprietary nature of Grantee's systems that process, store, collect, and/or transmit the System Agency Data shall not excuse Grantee's performance of its obligations hereunder. ARTICLE VII. PROPERTY 7.1 USE OF STATE PROPERTY A. Grantee is prohibited from using State Property for any purpose other than performing Services authorized under the Grant Agreement. B. State Property includes, but is not limited to, System Agency's office space, identification badges, System Agency information technology equipment and networks (e.g., laptops, portable printers, cell phones, iPads or tablets, external hard drives, data storage devices, any System Agency -issued software, and the System Agency Virtual Private Network (VPN client)), and any other resources of System Agency. HHS Uniform Terms and Conditions — Grant v. 3.2 Effective July 2022 Page 15 of 29 DocuSign Envelope ID: 557C76D3-B429-439E-A7E1-7ED98683CE1E C. Grantee shall not remove State Property from the continental United States. In addition, Grantee may not use any computing device to access System Agency's network or e- mail while outside of the continental United States. D. Grantee shall not perform any maintenance services on State Property unless the Grant Agreement expressly authorizes such Services. E. During the time that State Property is in the possession of Grantee, Grantee shall be responsible for: i. all repair and replacement charges incurred by State Agency that are associated with loss of State Property or damage beyond normal wear and tear, and ii. all charges attributable to Grantee's use of State Property that exceeds the Grant Agreement scope. Grantee shall fully reimburse such charges to System Agency within ten (10) calendar days of Grantee's receipt of System Agency's notice of amount due. Use of State Property for a purpose not authorized by the Grant Agreement shall constitute breach of contract and may result in termination of the Grant Agreement and the pursuit of other remedies available to System Agency under contract, at law, or in equity. 7.2 DAMAGE TO STATE PROPERTY A. In the event of loss, destruction, or damage to any System Agency or State of Texas owned, leased, or occupied property or equipment by Grantee or Grantee's employees, agents, Subcontractors, or suppliers, Grantee shall be liable to System Agency and the State of Texas for the full cost of repair, reconstruction, or replacement of the lost, destroyed, or damaged property. B. Grantee shall notify System Agency of the loss, destruction, or damage of equipment or property within one (1) business day. Grantee shall reimburse System Agency and the State of Texas for such property damage within ten (10) calendar days after Grantee's receipt of System Agency's notice of amount due. 7.3 PROPERTY RIGHTS UPON TERMINATION OR EXPIRATION OF CONTRACT In the event the Grant Agreement is terminated for any reason or expires, State Property remains the property of the System Agency and must be returned to the System Agency by the earlier of the end date of the Grant Agreement or upon System Agency's request. 7.4 EQUIPMENT AND PROPERTY A The Grantee must ensure equipment with a per -unit cost of $5,000 or greater purchased with grant funds under this award is used solely for the purpose of this Grant or is properly pro -rated for use under this Grant. Grantee must have control systems to prevent loss, damage, or theft of property funded under this Grant. Grantee shall maintain equipment management and inventory procedures for equipment, whether acquired in part or whole with grant funds, until disposition occurs. B. When equipment acquired by Grantee under this Grant Agreement is no longer needed for the original project or for other activities currently supported by System Agency, the Grantee must properly dispose of the equipment pursuant to 2 CFR and/or TxGMS, as applicable. Upon termination of this Grant Agreement, use and disposal of equipment by the Grantee shall conform with TxGMS requirements. C Grantee shall initiate the purchase of all equipment approved in writing by the System Agency in accordance with the schedule approved by System Agency, as applicable. HHS Uniform Terms and Conditions — Grant v. 3.2 Effective July 2022 Page 16 of 29 DocuSign Envelope ID: 557C76D3-B429-439E-A7E1-7ED98683CE1E Failure to timely initiate the purchase of equipment may result in the loss of availability of funds for the purchase of equipment. Requests to purchase previously approved equipment after the first quarter in the Grant Agreement must be submitted to the assigned System Agency contract manager. D. Controlled Assets include firearms, regardless of the acquisition cost, and the following assets with an acquisition cost of $500 or more, but less than $5,000: desktop and laptop computers (including notebooks, tablets and similar devices), non -portable printers and copiers, emergency management equipment, communication devices and systems, medical and laboratory equipment, and media equipment. Controlled Assets are considered supplies. E System Agency funds must not be used to purchase buildings or real property without prior written approval from System Agency. Any costs related to the initial acquisition of the buildings or real property are not allowable without written pre -approval. ARTICLE VIII. RECORD RETENTION, AUDIT, AND CONFIDENTIALITY 8.1 RECORD MAINTENANCE AND RETENTION A. Grantee shall keep and maintain under GAAP or GASB, as applicable, full, true, and complete records necessary to fully disclose to the System Agency, the Texas State Auditor's Office, the United States Government, and their authorized representatives sufficient information to determine compliance with the terms and conditions of this Grant Agreement and all state and federal rules, regulations, and statutes. B. Grantee shall maintain and retain legible copies of this Grant Agreement and all records relating to the performance of the Grant Agreement, including supporting fiscal documents adequate to ensure that claims for grant funds are in accordance with applicable State of Texas requirements. These records shall be maintained and retained by the Grantee for a minimum of seven (7) years after the Grant Agreement expiration date or seven (7) years after all audits, claims, litigation or disputes involving the Grant Agreement are resolved, whichever is later. 8.2 AGENCY's RIGHT TO AUDIT A. Grantee shall make available at reasonable times and upon reasonable notice, and for reasonable periods, work papers, reports, books, records, supporting documents kept current by Grantee pertaining to the Grant Agreement for purposes of inspecting, monitoring, auditing, or evaluating by System Agency and the State of Texas. B. In addition to any right of access arising by operation of law, Grantee and any of Grantee's affiliate or subsidiary organizations, or Subcontractors shall permit the System Agency or any of its duly authorized representatives, as well as duly authorized federal, state or local authorities, unrestricted access to and the right to examine any site where business is conducted or services are performed, and all records, which includes but is not limited to financial, client and patient records, books, papers or documents related to this Grant Agreement. If the Grant Agreement includes federal funds, federal agencies that shall have a right of access to records as described in this section include: the federal agency providing the funds, the Comptroller General of the United States, the General Accounting Office, the Office of the Inspector General, and any of their authorized HHS Uniform Terms and Conditions — Grant v. 3.2 Effective July 2022 Page 17 of 29 DocuSign Envelope ID: 557C76D3-B429-439E-A7E1-7ED98683CE1E representatives. In addition, agencies of the State of Texas that shall have a right of access to records as described in this section include: the System Agency, HHS's contracted examiners, the State Auditor's Office, the Office of the Texas Attorney General, and any successor agencies. Each of these entities may be a duly authorized authority. C. If deemed necessary by the System Agency or any duly authorized authority, for the purpose of investigation or hearing, Grantee shall produce original documents related to this Grant Agreement. D. The System Agency and any duly authorized authority shall have the right to audit billings both before and after payment, and all documentation that substantiates the billings. E. Grantee shall include this provision concerning the right of access to, and examination of, sites and information related to this Grant Agreement in any Subcontract it awards. 8.3 RESPONSE/COMPLIANCE WITH AUDIT OR INSPECTION FINDINGS A. Grantee must act to ensure its and its Subcontractors' compliance with all corrections necessary to address any finding of noncompliance with any law, regulation, audit requirement, or generally accepted accounting principle, or any other deficiency identified in any audit, review, or inspection of the Grant Agreement and the services and Deliverables provided. Any such correction will be at Grantee's or its Subcontractor's sole expense. Whether Grantee's action corrects the noncompliance shall be solely the decision of the System Agency. B. As part of the services, Grantee must provide to HHS upon request a copy of those portions of Grantee's and its Subcontractors' internal audit reports relating to the services and Deliverables provided to the State under the Grant Agreement. 8.4 STATE AUDITOR'S RIGHT TO AUDIT The state auditor may conduct an audit or investigation of any entity receiving funds from the state directly under the Grant Agreement or indirectly through a subcontract under the Grant Agreement. The acceptance of funds directly under the Grant Agreement or indirectly through a subcontract under the Grant Agreement acts as acceptance of the authority of the state auditor, under the direction of the legislative audit committee, to conduct an audit or investigation in connection with those funds. Under the direction of the legislative audit committee, an entity that is the subject of an audit or investigation by the state auditor must provide the state auditor with access to any information the state auditor considers relevant to the investigation or audit. 8.5 CONFIDENTIALITY Grantee shall maintain as confidential and shall not disclose to third parties without System Agency's prior written consent, any System Agency information including but not limited to System Agency's business activities, practices, systems, conditions and services. This section will survive termination or expiration of this Grant Agreement. This requirement must be included in all subcontracts awarded by Grantee. HHS Uniform Terms and Conditions — Grant v. 3.2 Effective July 2022 Page 18 of 29 DocuSign Envelope ID: 557C76D3-B429-439E-A7E1-7ED98683CE1E ARTICLE IX. GRANT REMEDIES, TERMINATION AND PROHIBITED ACTIVITIES 9.1 REMEDIES A To ensure Grantee's full performance of the Grant Agreement and compliance with applicable law, System Agency reserves the right to hold Grantee accountable for breach of contract or substandard performance and may take remedial or corrective actions, including, but not limited to the following: i. temporarily withholding cash disbursements or reimbursements pending correction of the deficiency; ii. disallowing or denying use of funds for the activity or action deemed not to be in compliance; iii. disallowing claims for reimbursement that may require a partial or whole return of previous payments or reimbursements; iv. suspending all or part of the Grant Agreement; v. requiring the Grantee to take specific actions in order to remain in compliance with the Grant Agreement; vi. recouping payments made by the System Agency to the Grantee found to be in error; vii. suspending, limiting, or placing conditions on the Grantee's continued performance of the Project; viii. prohibiting the Grantee from receiving additional funds for other grant programs administered by the System Agency until satisfactory compliance resolution is obtained; ix. withholding release of new grant agreements; and x. imposing any other remedies, sanctions or penalties authorized under this Grant Agreement or permitted by federal or state statute, law, regulation or rule. R Unless expressly authorized by System Agency, Grantee may not be entitled to reimbursement for expenses incurred while the Grant Agreement is suspended. C No action taken by System Agency in exercising remedies or imposing sanctions will constitute or operate as a waiver of any other rights or remedies available to System Agency under the Grant Agreement or pursuant to law. Additionally, no action taken by System Agency in exercising remedies or imposing sanctions will constitute or operate as an acceptance, waiver, or cure of Grantee's breach. Unless expressly authorized by System Agency, Grantee may not be entitled to reimbursement for expenses incurred while the Grant Agreement is suspended or after termination. 9.2 TERMINATION FOR CONVENIENCE The System Agency may terminate the Grant Agreement, in whole or in part, at any time when, in its sole discretion, the System Agency determines that termination is in the best interests of the State of Texas. The termination will be effective on the date specified in the System Agency's notice of termination. 9.3 TERMINATION FOR CAUSE A. Except as otherwise provided by the U.S. Bankruptcy Code, or any successor law, the System Agency may terminate the Grant Agreement, in whole or in part, upon either of the following conditions: HHS Uniform Terms and Conditions — Grant v. 3.2 Effective July 2022 Page 19 of 29 DocuSign Envelope ID: 557C76D3-B429-439E-A7E1-7ED98683CE1E i. Material Breach The System Agency may terminate the Grant Agreement, in whole or in part, if the System Agency determines, in its sole discretion, that Grantee has materially breached the Grant Agreement or has failed to adhere to any laws, ordinances, rules, regulations or orders of any public authority having jurisdiction, whether or not such violation prevents or substantially impairs performance of Grantee's duties under the Grant Agreement. Grantee's misrepresentation in any aspect including, but not limited to, of Grantee's Solicitation Application, if any, or Grantee's addition to the SAM exclusion list (identification in SAM as an excluded entity) may also constitute a material breach of the Grant Agreement. ii. Failure to Maintain Financial Viability The System Agency may terminate the Grant Agreement if the System Agency, in its sole discretion, determines that Grantee no longer maintains the financial viability required to complete the services and deliverables, or otherwise fully perform its responsibilities under the Grant Agreement. B. System Agency will specify the effective date of such termination in the notice to Grantee. If no effective date is specified, the Grant Agreement will terminate on the date of the notification. 9.4 GRANTEE RESPONSIBILITY FOR SYSTEM AGENCY'S TERMINATION COSTS If the System Agency terminates the Grant Agreement for cause, the Grantee shall be responsibleto the System Agency for all costs incurred by the System Agency and the State of Texas to replace the Grantee. These costs include, but are not limited to, the costs of procuring a substitute grantee and the cost of any claim or litigation attributable to Grantee's failure to perform any work in accordance with the terms of the Grant Agreement. 9.5 INHERENTLY RELIGIOUS ACTIVITIES Grantee may not use grant funding to engage in inherently religious activities, such as proselytizing, scripture study, or worship. Grantees may engage in inherently religious activities; however, these activities must be separate in time or location from the grant - funded program. Moreover, grantees must not compel program beneficiaries to participate in inherently religious activities. These requirements apply to all grantees, not just faith -based organizations. 9.6 POLITICAL ACTIVITIES Grant funds cannot be used for the following activities: A. Grantees and their relevant sub -grantees or subcontractors are prohibited from using grant funds directly or indirectly for political purposes, including lobbying, advocating for legislation, campaigning for, endorsing, contributing to, or otherwise supporting political candidates or parties, and voter registration campaigns. Grantees may use private, or non -System Agency money or contributions for political purposes but may not charge to, or be reimbursed from, System Agency contracts or grants for the costs of such activities. B. Grant -funded employees may not use official authority or influence to achieve any political purpose and grant funds cannot be used for the salary, benefits, or any other compensation of an elected official. HHS Uniform Terms and Conditions — Grant v. 3.2 Effective July 2022 Page 20 of 29 DocuSign Envelope ID: 557C76D3-B429-439E-A7E1-7ED98683CE1E C. Grant funds may not be used to employ, in any capacity, a person who is required by Chapter 305 of the Texas Government Code to register as a lobbyist. Additionally, grant funds cannot be used to pay membership dues to an organization that partially or wholly pays the salary of a person who is required by Chapter 305 of the Texas Government Code to register as a lobbyist. D. As applicable, Grantee will comply with 31 USC § 1352, relating to the limitation on use of appropriated funds to influence certain Federal contracting and financial transactions. ARTICLE X. INDEMNITY 10.1 GENERAL INDEMNITY A. GRANTEE SHALL DEFEND, INDEMNIFY AND HOLD HARMLESS THE STATE OF TEXAS AND SYSTEM AGENCY, AND/OR THEIR OFFICERS, AGENTS, EMPLOYEES, REPRESENTATIVES, CONTRACTORS, ASSIGNEES, AND/OR DESIGNEES FROM ANY AND ALL LIABILITY, ACTIONS, CLAIMS, DEMANDS, OR SUITS, AND ALL RELATED COSTS, ATTORNEYS' FEES, AND EXPENSES ARISING OUT OF OR RESULTING FROM ANY ACTS OR OMISSIONS OF GRANTEE OR ITS AGENTS, EMPLOYEES, SUBCONTRACTORS, ORDER FULFILLERS, OR SUPPLIERS OF SUBCONTRACTORS IN THE EXECUTION OR PERFORMANCE OF THE GRANT AGREEMENT AND ANY PURCHASE ORDERS ISSUED UNDER THE GRANT AGREEMENT. B. THIS PARAGRAPH IS NOT INTENDED TO AND WILL NOT BE CONSTRUED TO REQUIRE GRANTEE TO INDEMNIFY OR HOLD HARMLESS THE STATE OR THE SYSTEM AGENCY FOR ANY CLAIMS OR LIABILITIES RESULTING FROM THE NEGLIGENT ACTS OR OMISSIONS OF THE SYSTEM AGENCY OR ITS EMPLOYEES. C. For the avoidance of doubt, System Agency shall not indemnify Grantee or any other entity under the Grant Agreement. 10.2 INTELLECTUAL PROPERTY GRANTEE SHALL DEFEND, INDEMNIFY, AND HOLD HARMLESS THE SYSTEM AGENCY AND THE STATE OF TEXAS FROM AND AGAINST ANY AND ALL CLAIMS, VIOLATIONS, MISAPPROPRIATIONS, OR INFRINGEMENT OF ANY PATENT, TRADEMARK, COPYRIGHT, TRADE SECRET, OR OTHER INTELLECTUAL PROPERTY RIGHTS AND/OR OTHER INTANGIBLE PROPERTY, PUBLICITY OR PRIVACY RIGHTS, AND/OR IN CONNECTION WITH OR ARISING FROM: i THE PERFORMANCE OR ACTIONS OF GRANTEE PURSUANT TO THIS GRANT AGREEMENT; ii ANY DELIVERABLE, WORK PRODUCT, CONFIGURED SERVICE OR OTHER SERVICE PROVIDED HEREUNDER; AND/OR K SYSTEM AGENCY'S AND/OR GRANTEE'S USE OF OR ACQUISITION OF ANY REQUESTED SERVICES OR OTHER ITEMS PROVIDED TO SYSTEM AGENCY BY GRANTEE OR OTHERWISE TO WHICH SYSTEM HHS Uniform Terms and Conditions — Grant v. 3.2 Effective July 2022 Page 21 of 29 DocuSign Envelope ID: 557C76D3-B429-439E-A7E1-7ED98683CE1E AGENCY HAS ACCESS AS A RESULT OF GRANTEE'S PERFORMANCE UNDER THE GRANT AGREEMENT. 10.3 ADDITIONAL INDEMNITY PROVISIONS A. GRANTEE AND SYSTEM AGENCY AGREE TO FURNISH TIMELY WRITTEN NOTICE TO EACH OTHER OF ANY INDEMNITY CLAIM. GRANTEE SHALL BE LIABLE TO PAY ALL COSTS OF DEFENSE, INCLUDING ATTORNEYS' FEES. B. THE DEFENSE SHALL BE COORDINATED BY THE GRANTEE WITH THE OFFICE OF THE TEXAS ATTORNEY GENERAL WHEN TEXAS STATE AGENCIES ARE NAMED DEFENDANTS IN ANY LAWSUIT AND GRANTEE MAY NOT AGREE TO ANY SETTLEMENT WITHOUT FIRST OBTAINING THE CONCURRENCE FROM THE OFFICE OF THE TEXAS ATTORNEY GENERAL. C. GRANTEE SHALL REIMBURSE SYSTEM AGENCY AND THE STATE OF TEXAS FOR ANY CLAIMS, DAMAGES, COSTS, EXPENSES OR OTHER AMOUNTS, INCLUDING, BUT NOT LIMITED TO, ATTORNEYS' FEES AND COURT COSTS, ARISING FROM ANY SUCH CLAIM. IF THE SYSTEM AGENCY DETERMINES THAT A CONFLICT EXISTS BETWEEN ITS INTERESTS AND THOSE OF GRANTEE OR IF SYSTEM AGENCY IS REQUIRED BY APPLICABLE LAW TO SELECT SEPARATE COUNSEL, SYSTEM AGENCY WILL BE PERMITTED TO SELECT SEPARATE COUNSEL AND GRANTEE SHALL PAY ALL REASONABLE COSTS OF SYSTEM AGENCY'S COUNSEL. ARTICLE XI. GENERAL PROVISIONS 11.1 AMENDMENTS Except as otherwise expressly provided, the Grant Agreement may only be amended by a written Amendment executed by both Parties. 11.2 NO QUANTITY GUARANTEES The System Agency makes no guarantee of volume or usage of work under this Grant Agreement. All work requested may be on an irregular and as needed basis throughout the Grant Agreement term. 11.3 CHILD ABUSE REPORTING REQUIREMENTS A. Grantees shall comply with child abuse and neglect reporting requirements in Texas Family Code Chapter 261. This section is in addition to and does not supersede any other legal obligation of the Grantee to report child abuse. B. Grantee shall use the Texas Abuse Hotline Website located at httys://www.txabusehotline.org/Login/Default.aspx as required by the System Agency. Grantee shall retain reporting documentation on site and make it available for inspection by the System Agency. HHS Uniform Terms and Conditions — Grant v. 3.2 Effective July 2022 Page 22 of 29 DocuSign Envelope ID: 557C76D3-B429-439E-A7E1-7ED98683CE1E 11.4 CERTIFICATION OF MEETING OR EXCEEDING TOBACCO -FREE WORKPLACE POLICY MINIMUM STANDARDS A. Grantee certifies that it has adopted and enforces a Tobacco -Free Workplace Policy that meets or exceeds all of the following minimum standards of: i. Prohibiting the use of all forms of tobacco products, including but not limited to cigarettes, cigars, pipes, water pipes (hookah), bidis, kreteks, electronic cigarettes, smokeless tobacco, snuff and chewing tobacco; ii. Designating the property to which this Policy applies as a "designated area," which must at least comprise all buildings and structures where activities funded under this Grant Agreement are taking place, as well as Grantee owned, leased, or controlled sidewalks, parking lots, walkways, and attached parking structures immediately adjacent to this designated area; iii. Applying to all employees and visitors in this designated area; and iv. Providing for or referring its employees to tobacco use cessation services. B. If Grantee cannot meet these minimum standards, it must obtain a waiver from the System Agency. 11.5 INSURANCE AND BONDS Unless otherwise specified in this Contract, Grantee shall acquire and maintain, for the duration of this Contract, insurance coverage necessary to ensure proper fulfillment of this Contract and potential liabilities thereunder with financially sound and reputable insurers licensed by the Texas Department of Insurance, in the type and amount customarily carried within the industry as determined by the System Agency. Grantee shall provide evidence of insurance as required under this Contract, including a schedule of coverage or underwriter's schedules establishing to the satisfaction of the System Agency the nature and extent of coverage granted by each such policy, upon request by the System Agency. In the event that any policy is determined by the System Agency to be deficient to comply with the terms of this Contract, Grantee shall secure such additional policies or coverage as the System Agency may reasonably request or that are required by law or regulation. If coverage expires during the term of this Contract, Grantee must produce renewal certificates for each type of coverage. In addition, if required by System Agency, Grantee must obtain and have on file a blanket fidelity bond that indemnifies System Agency against the loss or theft of any grant funds, including applicable matching funds. The fidelity bond must cover the entirety of the grant term and any subsequent renewals. The failure of Grantee to comply with these requirements may subject Grantee to remedial or corrective actions detailed in section 10.1, General Indemnity, above. These and all other insurance requirements under the Grant apply to both Grantee and its Subcontractors, if any. Grantee is responsible for ensuring its Subcontractors' compliance with all requirements. 11.6 LIMITATION ON AUTHORITY A. Grantee shall not have any authority to act for or on behalf of the System Agency or the State of Texas except as expressly provided for in the Grant Agreement; no other authority, power, or use is granted or implied. Grantee may not incur any debt, HHS Uniform Terms and Conditions — Grant v. 3.2 Effective July 2022 Page 23 of 29 DocuSign Envelope ID: 557C76D3-B429-439E-A7E1-7ED98683CE1E obligation, expense, or liability of any kind on behalf of System Agency or the State of Texas. B. Grantee may not rely upon implied authority and is not granted authority under the Grant Agreement to: i. Make public policy on behalf of the System Agency; ii. Promulgate, amend, or disregard administrative regulations or program policy decisions made by State and federal agencies responsible for administration of a System Agency program; or iii. Unilaterally communicate or negotiate with any federal or state agency or the Texas Legislature on behalf of the System Agency regarding System Agency programs or the Grant Agreement. However, upon System Agency request and with reasonable notice from System Agency to the Grantee, the Grantee shall assist the System Agency in communications and negotiations regarding the Work under the Grant Agreement with state and federal governments. 11.7 CHANGE IN LAWS AND COMPLIANCE WITH LAWS Grantee shall comply with all laws, regulations, requirements and guidelines applicable to a Grantee providing services and products required by the Grant Agreement to the State of Texas, as these laws, regulations, requirements and guidelines currently exist and as amended throughout the term of the Grant Agreement. Notwithstanding Section 11.1, Amendments, above, System Agency reserves the right, in its sole discretion, to unilaterally amend the Grant Agreement to incorporate any modifications necessary for System Agency's compliance, as an agency of the State of Texas, with all applicable state and federal laws, regulations, requirements and guidelines. 11.8 SUBCONTRACTORS Grantee may not subcontract any or all of the Work and/or obligations under the Grant Agreement without prior written approval of the System Agency. Subcontracts, if any, entered into by the Grantee shall be in writing and be subject to the requirements of the Grant Agreement. Should Grantee subcontract any of the services required in the Grant Agreement, Grantee expressly understands and acknowledges System Agency is in no manner liable to any subcontractor(s) of Grantee. In no event shall this provision relieve Grantee of the responsibility for ensuring that the services performed under all subcontracts are rendered in compliance with the Grant Agreement. 11.9 PERMITTING AND LICENSURE At Grantee's sole expense, Grantee shall procure and maintain for the duration of this Grant Agreement any state, county, city, or federal license, authorization, insurance, waiver, permit, qualification or certification required by statute, ordinance, law, or regulation to be held by Grantee to provide the goods or services required by this Grant Agreement. Grantee shall be responsible for payment of all taxes, assessments, fees, premiums, permits, and licenses required by law. Grantee shall be responsible for payment of any such government obligations not paid by its Subcontractors during performance of this Grant Agreement. 11.10 INDEPENDENT CONTRACTOR Grantee and Grantee's employees, representatives, agents, Subcontractors, suppliers, and third -party service providers shall serve as independent contractors in providing the services HFIS Uniform Terms and Conditions — Grant v. 3.2 Effective July 2022 Page 24 of 29 DocuSign Envelope ID: 557C76D3-B429-439E-A7E1-7ED98683CE1E under the Grant Agreement. Neither Grantee nor System Agency is an agent of the other and neither may make any commitments on the other party's behalf. The Grantee is not a "governmental body" solely by virtue of this Grant Agreement or receipt of grant funds under this Grant Agreement. Grantee shall have no claim against System Agency for vacation pay, sick leave, retirement benefits, social security, worker's compensation, health or disability benefits, unemployment insurance benefits, or employee benefits of any kind. The Grant Agreement shall not create any joint venture, partnership, agency, or employment relationship between Grantee and System Agency. 11.11 GOVERNING LAW AND VENUE The Grant Agreement shall be governed by and construed in accordance with the laws of the State of Texas, without regard to the conflicts of law provisions. The venue of any suit arising under the Grant Agreement is fixed in any court of competent jurisdiction of Travis County, Texas, unless the specific venue is otherwise identified in a statute which directly names or otherwise identifies its applicability to the System Agency. 11.12 SEVERABILITY If any provision contained in this Grant Agreement is held to be unenforceable by a court of law or equity, such construction will not affect the legality, validity, or enforceability of any other provision or provisions of this Grant Agreement. It is the intent and agreement of the Parties this Grant Agreement shall be deemed amended by modifying such provision to the extent necessary to render it valid, legal and enforceable while preserving its intent or, if such modification is not possible, by substituting another provision that is valid, legal and enforceable and that achieves the same objective. All other provisions of this Grant Agreement will continue in full force and effect. 11.13 SURVIVABILITY Expiration or termination of the Grant Agreement for any reason does not release Grantee from any liability or obligation set forth in the Grant Agreement that is expressly stated to survive any such expiration or termination, that by its nature would be intended to be applicable following any such expiration or termination, or that is necessary to fulfill the essential purpose of the Grant Agreement, including without limitation the provisions regarding return of grant funds, audit requirements, records retention, public information, warranty, indemnification, confidentiality, and rights and remedies upon termination. 11.14 FORCE MAJEURE Neither Grantee nor System Agency shall be liable to the other for any delay in, or failure of performance, of any requirement included in the Grant Agreement caused by force majeure. The existence of such causes of delay or failure shall extend the period of performance until after the causes of delay or failure have been removed provided the non -performing party exercises all reasonable due diligence to perform. Force majeure is defined as acts of God, war, fires, explosions, hurricanes, floods, failure of transportation, or other causes that are beyond the reasonable control of either party and that by exercise of due foresight such party could not reasonably have been expected to avoid, and which, by the exercise of all reasonable due diligence, such party is unable to overcome. HHS Uniform Terms and Conditions — Grant v. 3.2 Effective July 2022 Page 25 of 29 3ocuSign Envelope ID: 557C76D3-B429-439E-A7E1 -7ED98683CE1 E 11.15 NO IMPLIED WAIVER OF PROVISIONS The failure of the System Agency to object to or to take affirmative action with respect to any conduct of the Grantee which is in violation or breach of the terms of the Grant Agreement shall not be construed as a waiver of the violation or breach, or of any future violation or breach. 11.16 FUNDING DISCLAIMERS AND LABELING A. Grantee shall not use System Agency's name or refer to System Agency directly or indirectly in any media appearance, public service announcement, or disclosure relating to this Grant Agreement including any promotional material without first obtaining written consent from System Agency. The foregoing prohibition includes, without limitation, the placement of banners, pop-up ads, or other advertisements promoting Grantee's or a third party's products, services, workshops, trainings, or other commercial offerings on any website portal or internet-based service or software application hosted or managed by Grantee. This does not limit the Grantee's responsibility to comply with obligations related to the Texas Public Information Act or Texas Open Meetings Act. B. In general, no publication (including websites, reports, projects, etc.) may convey System Agency's recognition or endorsement of the Grantee's project without prior written approval from System Agency. Publications funded in part or wholly by HHS grant funding must include a statement that "HHS and neither any of its components operate, control, are responsible for, or necessarily endorse, this publication (including, without limitation, its content, technical infrastructure, and policies, and any services or tools provided)" at HHS's request. 11.17 MEDIA RELEASES A. Grantee shall not use System Agency's name, logo, or other likeness in any press release, marketing material or other announcement without System Agency's prior written approval. System Agency does not endorse any vendor, commodity, or service. Grantee is not authorized to make or participate in any media releases or public announcements pertaining to this Grant Agreement or the Services to which they relate without System Agency's prior written consent, and then only in accordance with explicit written instruction from System Agency. B. Grantee may publish, at its sole expense, results of Grantee performance under the Grant Agreement with the System Agency's prior review and approval, which the System Agency may exercise at its sole discretion. Any publication (written, visual, or sound) will acknowledge the support received from the System Agency and any Federal agency, as appropriate. 11.18 PROHIBITION ON NON -COMPETE RESTRICTIONS Grantee shall not require any employees or Subcontractors to agree to any conditions, such as non -compete clauses or other contractual arrangements, that would limit or restrict such persons or entities from employment or contracting with the State of Texas. 11.19 SOVEREIGN IMMUNITY Nothing in the Grant Agreement will be construed as a waiver of the System Agency's or the State's sovereign immunity. This Grant Agreement shall not constitute or be construed as a waiver of any of the privileges, rights, defenses, remedies, or immunities available to the HHS Uniform Terms and Conditions — Grant v. 3.2 Effective July 2022 Page 26 of 29 DocuSign Envelope ID: 557C76D3-B429-439E-A7E1-7ED98683CE1E System Agency or the State of Texas. The failure to enforce, or any delay in the enforcement, of any privileges, rights, defenses, remedies, or immunities available to the System Agency or the State of Texas under the Grant Agreement or under applicable law shall not constitute a waiver of such privileges, rights, defenses, remedies, or immunities or be considered as a basis for estoppel. System Agency does not waive any privileges, rights, defenses, or immunities available to System Agency by entering into the Grant Agreement or by its conduct prior to or subsequent to entering into the Grant Agreement. 11.20 ENTIRE CONTRACT AND MODIFICATION The Grant Agreement constitutes the entire agreement of the Parties and is intended as a complete and exclusive statement of the promises, representations, negotiations, discussions, and other agreements that may have been made in connection with the subject matter hereof. Any additional or conflicting terms in any future document incorporated into the Grant Agreement will be harmonized with this Grant Agreement to the extent possible. 11.21 COUNTERPARTS This Grant Agreement may be executed in any number of counterparts, each of which will be an original, and all such counterparts will together constitute but one and the same Grant Agreement. 11.22 PROPER AUTHORITY Each Party represents and warrants that the person executing this Grant Agreement on its behalf has full power and authority to enter into this Grant Agreement. 11.23 E-VERIFY PROGRAM Grantee certifies that it utilizes and will continue to utilize the U.S. Department of Homeland Security's E-Verify system to determine the eligibility of: A. all persons employed to perform duties within Texas during the term of the Grant Agreement; and B. all persons, (including subcontractors) assigned by the Grantee to perform work pursuant to the Grant Agreement within the United States of America. 11.24 CIVIL RIGHTS A. Grantee agrees to comply with state and federal anti -discrimination laws, including: i. Title VI of the Civil Rights Act of 1964 (42 U.S.C. §2000d et seq.); ii. Section 504 of the Rehabilitation Act of 1973 (29 U.S.C. §794); iii. Americans with Disabilities Act of 1990 (42 U.S.C. § 12101 et seq.); iv. Age Discrimination Act of 1975 (42 U.S.C. §§6101-6107); v. Title IX of the Education Amendments of 1972 (20 U.S.C. §§1681-1688); vi. Food and Nutrition Act of 2008 (7 U.S.C. §2011 et seq.); and vii. The System Agency's administrative rules, as set forth in the Texas Administrative Code, to the extent applicable to this Grant Agreement. B. Grantee agrees to comply with all amendments to the above -referenced laws, and all requirements imposed by the regulations issued pursuant to these laws. These laws provide in part that no persons in the United States may, on the grounds of race, color, national origin, sex, age, disability, political beliefs, or religion, be excluded from HHS Uniform Terms and Conditions — Grant v. 3.2 Effective July 2022 Page 27 of 29 DocuSign Envelope ID: 557C76D3-B429-439E-A7E1-7ED98683CE1E participation in or denied any aid, care, service or other benefits provided by Federal or State funding, or otherwise be subjected to discrimination. C. Grantee agrees to comply with Title VI of the Civil Rights Act of 1964, and its implementing regulations at 45 C.F.R. Part 80 or 7 C.F.R. Part 15, prohibiting a contractor from adopting and implementing policies and procedures that exclude or have the effect of excluding or limiting the participation of clients in its programs, benefits, or activities on the basis of national origin. State and federal civil rights laws require contractors to provide alternative methods for ensuring access to services for applicants and recipients who cannot express themselves fluently in English. Grantee agrees to take reasonable steps to provide services and information, both orally and in writing, in appropriate languages other than English, in order to ensure that persons with limited English proficiency are effectively informed and can have meaningful access to programs, benefits, and activities. D. Grantee agrees to post applicable civil rights posters in areas open to the public informing clients of their civil rights and including contact information for the HHS Civil Rights Office. The posters are available on the HHS website at: https•//hbs texas.gov/about-hhs/your-rights/civil-rights-office/civil-rights-posters. E. Grantee agrees to comply with Executive Order 13279, and its implementing regulations at 45 C.F.R. Part 87 or 7 C.F.R. Part 16. These provide in part that any organization that participates in programs funded by direct financial assistance from the United States Department of Agriculture or the United States Department of Health and Human Services shall not discriminate against a program beneficiary or prospective program beneficiary on the basis of religion or religious belief. F. Upon request, Grantee shall provide HHSC's Civil Rights Office with copies of the Grantee's civil rights policies and procedures. G. Grantee must notify HHSC's Civil Rights Office of any complaints of discrimination received relating to its performance under this Grant Agreement. This notice must be delivered no more than ten (10) calendar days after receipt of a complaint. Notice provided pursuant to this section must be directed to: HHSC Civil Rights Office 701 W. 51 st Street, Mail CodeW206 Austin, Texas 78751 Phone Toll Free: (888) 388-6332 Phone: (512) 438-4313 Fax: (512) 438-5885 Email: HHSCivilRightsOffice@hhsc.state.tx.us. 11.25 ENTERPRISE INFORMATION MANAGEMENT STANDARDS Grantee shall conform to HHS standards for data management as described by the policies of the HHS Office of Data, Analytics, and Performance. These include, but are not limited to, standards for documentation and communication of data models, metadata, and other data definition methods that are required by HHS for ongoing data governance, strategic portfolio analysis, interoperability planning, and valuation of HHS System data assets. 11.26 DISCLOSURE OF LITIGATION A. The Grantee must disclose in writing to the contract manager assigned to this Grant Agreement any material civil or criminal litigation or indictment either threatened or HHS Uniform Terms and Conditions — Grant v. 3.2 Effective July 2022 Page 28 of 29 DocuSign Envelope ID: 557C76D3-5429-439E-A7E1-7ED98683CE1E pending involving the Grantee. "Threatened litigation" as used herein shall include governmental investigations and civil investigative demands. "Litigation" as used herein shall include administrative enforcement actions brought by governmental agencies. The Grantee must also disclose any material litigation threatened or pending involving Subcontractors, consultants, and/or lobbyists. For purposes of this section, "material" refers, but is not limited, to any action or pending action that a reasonable person knowledgeable in the applicable industry would consider relevant to the Work under the Grant Agreement or any development such a person would want to be aware of in order to stay fully apprised of the total mix of information relevant to the Work, together with any litigation threatened or pending that may result in a substantial change in the Grantee's financial condition. B. This is a continuing disclosure requirement; any litigation commencing after Grant Agreement Award must be disclosed in a written statement to the assigned contract manager within seven calendar days of its occurrence. 11.27 No THIRD PARTY BENEFICIARIES The Grant Agreement is made solely and specifically among and for the benefit of the Parties named herein and their respective successors and assigns, and no other person shall have any right, interest, or claims hereunder or be entitled to any benefits pursuant to or on account of the Grant Agreement as a third -party beneficiary or otherwise. 11.28 BINDING EFFECT The Grant Agreement shall inure to the benefit of, be binding upon, and be enforceable against each Party and their respective permitted successors, assigns, transferees, and delegates. HHS Uniform Terms and Conditions — Grant v. 3.2 Effective July 2022 Page 29 of 29 DocuSign Envelope ID: 557C76D3-B429-439E-A7E1-7ED98683CE1E ATTACHMENT F HHS DATA USE AGREEMENT This Data Use Agreement ("DUA"), effective as of the date the Base Contract into which it is incorporated is signed ("Effective Date"), is entered into by and between a Texas Health and Human Services Enterprise agency ("HHS"), and the Contractor identified in the Base Contract, a political subdivision of the State of Texas ("CONTRACTOR. ARTICLE 1. PURPOSE; APPLICABILITY; ORDER OF PRECEDENCE The purpose of this DUA is to facilitate creation, receipt, maintenance, use, disclosure or access to Confidential Information with CONTRACTOR, and describe CONTRACTOR's rights and obligations with respect to the Confidential Information. 45 CFR 164.504(e)(1)-(3). This DUA also describes HHS's remedies in the event of CONTRACTOR's noncompliance with its obligations under this DUA. This DUA applies to both Business Associates and contractors who are not Business Associates who create, receive, maintain, use, disclose or have access to Confidential Information on behalf of HHS, its programs or clients as described in the Base Contract. As of the Effective Date of this DUA, if any provision of the Base Contract, including any General Provisions or Uniform Terms and Conditions, conflicts with this DUA, this DUA controls. ARTICLE 2. DEFINITIONS For the purposes of this DUA, capitalized, underlined terms have the meanings set forth in the following: Health Insurance Portability and Accountability Act of 1996, Public Law 104-191 (42 U.S.C. § 1320d, et seq.) and regulations thereunder in 45 CFR Parts 160 and 164, including all amendments, regulations and guidance issued thereafter; The Social Security Act, including Section 1137 (42 U.S.C. §§ 1320b-7), Title XVI of the Act; The Privacy Act of 1974, as amended by the Computer Matching and Privacy Protection Act of 1988, 5 U.S.C. § 552a and regulations and guidance thereunder; Internal Revenue Code, Title 26 of the United States Code and regulations and publications adopted under that code, including IRS Publication 1075; OMB Memorandum 07-18; Texas Business and Commerce Code Ch. 521; Texas Government Code, Ch. 552, and Texas Government Code §2054.1125. In addition, the following terms in this DUA are defined as follows: "Authorized Purpose" means the specific purpose or purposes described in the Statement of Work of the Base Contract for CONTRACTOR to fulfill its obligations under the Base Contract, or any other purpose expressly authorized by HHS in writing in advance. "Authorized User" means a Person: (1) Who is authorized to create, receive, maintain, have access to, process, view, handle, examine, interpret, or analyze Confidential Information pursuant to this DUA; HHS Data Use Agreement TACCHO VERSION (Local City and County Entities) October 23, 2019 Page 1 of 15 DocuSign Envelope ID: 557C76D3-B429-439E-A7E7-7ED98683CE1E (2) For whom CONTRACTOR warrants and represents has a demonstrable need to create, receive, maintain, use, disclose or have access to the Confidential Information; and (3) Who has agreed in writing to be bound by the disclosure and use limitations pertaining to the Confidential Information as required by this DUA. "Confidential Information" means any communication or record (whether oral, written, electronically stored or transmitted, or in any other form) provided to or made available to CONTRACTOR, or that CONTRACTOR may, for an Authorized Purpose, create, receive, maintain, use, disclose or have access to, that consists of or includes any or all of the following: (1) Client Information; (2) Protected Health Information in any form including without limitation, Electronic Protected Health Information or Unsecured Protected Health Information (herein "PHI"); (3) Sensitive Personal Information defined by Texas Business and Commerce Code Ch. 521; (4) Federal Tax Information; (5) Individually Identifiable Health Information as related to HIPAA, Texas HIPAA and Personal Identifying Information under the Texas Identity Theft Enforcement and Protection Act; (6) Social Security Administration Data, including, without limitation, Medicaid information; (7) All privileged work product; (8) All information designated as confidential under the constitution and laws of the State of Texas and of the United States, including the Texas Health & Safety Code and the Texas Public Information Act, Texas Government Code, Chapter 552. "Legally Authorized Representative" of the Individual, as defined by Texas law, including as provided in 45 CFR 435.923 (Medicaid); 45 CFR 164.502(g)(1) (HIPAA); Tex. Occ. Code § 151.002(6); Tex. H. & S. Code § 166.164; and Estates Code Ch. 752. ARTICLE 3. CONTRACTOR'S DUTIES REGARDING CONFIDENTIAL INFORMATION 3.01 Obligations of CONTRACTOR CONTRACTOR agrees that: (A) CONTRACTOR will exercise reasonable care and no less than the same degree of care CONTRACTOR uses to protect its own confidential, proprietary and trade secret information to prevent any portion of the Confidential Information from being used in HHS Data Use Agreement TACCHO VERSION (Local City and County Entities) October 23, 2019 Page 2 of 15 DocuSign Envelope ID: 557C76D3-B429-439E-A7E1-7ED98683CE1E a manner that is not expressly an Authorized Purpose under this DUA or as Required by Law. 45 CFR 164.502(b)(1); 45 CFR 164.514(d) (B) Except as Required by Law, CONTRACTOR will not disclose or allow access to any portion of the Confidential Information to any Person or other entity, other than Authorized User's Workforce or Subcontractors (as defined in 45 C.F.R 160.103) of CONTRACTOR who have completed training in confidentiality, privacy, security and the importance of promptly reporting any Event or Breach to CONTRACTOR's management, to carry out CONTRACTOR's obligations in connection with the Authorized Purpose. HHS, at its election, may assist CONTRACTOR in training and education on specific or unique HHS processes, systems and/or requirements. CONTRACTOR will produce evidence of completed training to HHS upon request. 45 C.F.R. 164.308(a)(5)(i); Texas Health & Safety Code §181.101 All of CONTRACTOR's Authorized Users. Workforce and Subcontractors with access to a state computer system or database will complete a cybersecurity training program certified under Texas Government Code Section 2054.519 by the Texas Department of Information Resources. (C) CONTRACTOR will establish, implement and maintain appropriate sanctions against any member of its Workforce or Subcontractor who fails to comply with this DUA, the Base Contract or applicable law. CONTRACTOR will maintain evidence of sanctions and produce it to HHS upon request.45 CFR 164.308(a)(1)(ri)(C); 164.530(e); 164.410(b); 164.530(b)(1) (D) CONTRACTOR will not, except as otherwise permitted by this DUA, disclose or provide access to any Confidential Information on the basis that such act is Required by Law without notifying either HHS or CONTRACTOR's own legal counsel to determine whether CONTRACTOR should object to the disclosure or access and seek appropriate relief. CONTRACTOR will maintain an accounting of all such requests for disclosure and responses and provide such accounting to HHS within 48 hours of HHS' request. 45 CFR 164.504(e)(2)(ii)(A) (E) CONTRACTOR will not attempt to re -identify or further identify Confidential Information or De -identified Information, or attempt to contact any Individuals whose records are contained in the Confidential Information, except for an Authorized L'Itaose, without express written authorization from HHS or as expressly permitted by the Base Contract. 45 CFR 164.502(d)(2)(1) and (ii) CONTRACTOR will not engage in prohibited marketing or sale of Confidential Information. 45 CFR 164.501, 164.508(a)(3) and (4); Texas Health & Safety Code Ch. 181.002 (F) CONTRACTOR will not permit, or enter into any agreement with a Subcontractor to, create, receive, maintain, use, disclose, have access to or transmit Confidential Information to carry out CONTRACTOR's obligations in connection with the Authorized Purpose on behalf of CONTRACTOR, unless Subcontractor agrees to comply with all applicable laws, rules and regulations. 45 CFR 164.502(e)(1)(ii); 164.504(e)(1)(i) and (2). HHS Data Use Agreement TACCHO VERSION (Local City and County Entities) October 23, 2019 Page 3 of 15 DocuSign Envelope ID: 557C7603-B429-439E-A7E1-7ED98683CE1E (G) CONTRACTOR is directly responsible for compliance with, and enforcement of, all conditions for creation, maintenance, use, disclosure, transmission and Destruction of Confidential Information and the acts or omissions of Subcontractors as may be reasonably necessary to prevent unauthorized use. 45 CFR 164.504(e)(5); 42 CFR 43L300, et seq. (H) If CONTRACTOR maintains PHI in a Designated Record Set which is Confidential Information and subject to this Agreement, CONTRACTOR will make PHI available to HHS in a Designated Record Set upon request. CONTRACTOR will provide PHI to an Individual, or Legally Authorized Representative of the Individual who is requesting PHI in compliance with the requirements of the HIPAA Privacy Regulations. CONTRACTOR will release PHI in accordance with the HIPAA Privacy _Regulations upon receipt of a valid written authorization. CONTRACTOR will make other Confidential Information in CONTRACTOR's possession available pursuant to the requirements of HIPAA or other applicable law upon a determination of a Breach of Unsecured PHI as defined in HIPAA. CONTRACTOR will maintain an accounting of all such disclosures and provide it to HHS within 48 hours of HHS' request. 45 CFR 164.524and 164.504(e)(2)(U)(E). (I) If PHI is subject to this Agreement, CONTRACTOR will make PHI as required by HIPAA available to HHS for review subsequent to CONTRACTOR's incorporation of any amendments requested pursuant to HIPAA. 45 CFR 164.504(e)(2)(ii)(E) and (F). (J) If PHI is subject to this Agreement, CONTRACTOR will document and make available to HHS the PHI required to provide access, an accounting of disclosures or amendment in compliance with the requirements of the HIPAA Privacy Regulations. 45 CFR 164.504(e)(2)(U)(G) and 164.528. (K) If CONTRACTOR receives a request for access, amendment or accounting of PHI from an individual with a right of access to information subject to this DUA, it will respond to such request in compliance with the HIPAA Privacy Regulations. CONTRACTOR will maintain an accounting of all responses to requests for access to or amendment of PHI and provide it to HHS within 48 hours of HHS' request. 45 CFR 164.504(e) (2). (L) CONTRACTOR will provide, and will cause its Subcontractors and agents to provide, to HHS periodic written certifications of compliance with controls and provisions relating to information privacy, security and breach notification, including without limitation information related to data transfers and the handling and disposal of Confidential Information. 45 CFR 164.308; 164.530(c); I TA 202. (M) Except as otherwise limited by this DUA, the Base Contract, or law applicable to the Confidential Information, CONTRACTOR may use PHI for the proper management and administration of CONTRACTOR or to carry out CONTRACTOR's legal responsibilities. Except as otherwise limited by this DUA, the Base Contract, or law applicable to the Confidential Information, CONTRACTOR may disclose PHI for the HHS Data Use Agreement TACCHO VERSION (Local City and County Entities) October 23, 2019 Page 4 of 15 DocuSign Envelope ID: 557C76D3-B429-439E-A7E1-7ED98683CE1E proper management and administration of CONTRACTOR, or to carry out CONTRACTOR's legal responsibilities, if: 45 CFR 164.504(e)(4)(A). (1) Disclosure is Required by Law, provided that CONTRACTOR complies with Section 3.01(D); or (2) CONTRACTOR obtains reasonable assurances from the person or entity to which the information is disclosed that the person or entity will: (a)Maintain the confidentiality of the Confidential Information in accordance with this DUA; (b) Use or further disclose the information only as Required by Law or for the Authorized Purpose for which it was disclosed to the Person; and (c)Notify CONTRACTOR in accordance with Section 4.01 of any Event or Breach of Confidential Information of which the Person discovers or should have discovered with the exercise of reasonable diligence. 45 CFR 164.5 04 (e) (4) (ii) (B). (1) Except as otherwise limited by this DUA, CONTRACTOR will, if required by law and requested by HHS, use commercially reasonable efforts to use PHI to provide data aggregation services to HHS, as that term is defined in the HIPAA, 45 C.F.R. § 164.501 and permitted by HIPAA. 45 CFR 164.504(e)(2)(i)(B) (0) CONTRACTOR will, on the termination or expiration of this DUA or the Base Contract, at its expense, send to HHS or Destroy, at HHS's election and to the extent reasonably feasible and permissible by law, all Confidential Information received from HHS or created or maintained by CONTRACTOR or any of CONTRACTOR's agents or Subcontractors on HHS's behalf if that data contains Confidential Information. CONTRACTOR will certify in writing to HHS that all the Confidential Information that has been created, received, maintained, used by or disclosed to CONTRACTOR, has been Destroyed or sent to HHS, and that CONTRACTOR and its agents and Subcontractors have retained no copies thereof. Notwithstanding the foregoing, HHS acknowledges and agrees that CONTRACTOR is not obligated to send to HHSC and/or Destroy any Confidential Information if federal law, state law, the Texas State Library and Archives Commission records retention schedule, and/or a litigation hold notice prohibit such delivery or Destruction. If such delivery or Destruction is not reasonably feasible, or is impermissible by law, CONTRACTOR will immediately notify HHS of the reasons such delivery or Destruction is not feasible, and agree to extend indefinitely the protections of this DUA to the Confidential Information and limit its further uses and disclosures to the purposes that make the return delivery or Destruction of the Confidential Information not feasible for as long as CONTRACTOR maintains such Confidential Information. 45 CFR 164.504(e)(2)(ii)(J) (P) CONTRACTOR will create, maintain, use, disclose, transmit or Destroy Confidential Information in a secure fashion that protects against any reasonably anticipated HHS Data Use Agreement TACCHO VERSION (Local City and County Entities) October 23, 2019 Page 5 of 15 DocuSign Envelope ID: 557C76D3-B429-439E-A7E1-7ED98683CE1E threats or hazards to the security or integrity of such information or unauthorized uses. 45 CFR 164.306, 164.530(c) (Q) If CONTRACTOR accesses, transmits, stores, and/or maintains Confidential Information, CONTRACTOR will complete and return to HHS at infosecurity@hhsc.state.tx.us the HHS information security and privacy initial inquiry (SPI) at Attachment 1 . The SPI identifies basic privacy and security controls with which CONTRACTOR must comply to protect HHS Confidential Information. CONTRACTOR will comply with periodic security controls compliance assessment and monitoring by HHS as required by state and federal law, based on the type of Confidential Information CONTRACTOR creates, receives, maintains, uses, discloses or has access to and the Authorized Purpose and level of risk. CONTRACTOR's security controls will be based on the National Institute of Standards and Technology (MIST) Special Publication 800-53. CONTRACTOR will update its security controls assessment whenever there are significant changes in security controls for HHS Confidential Information and will provide the updated document to HHS. HHS also reserves the right to request updates as needed to satisfy state and federal monitoring requirements. 45 CFR 164.306. (R) CONTRACTOR will establish, implement and maintain reasonable procedural, administrative, physical and technical safeguards to preserve and maintain the confidentiality, integrity, and availability of the Confidential Information, and with respect to PHI, as described in the HIPAA Privacv and Security Regulations, or other applicable laws or regulations relating to Confidential Information, to prevent any unauthorized use or disclosure of Confidential Information as long as CONTRACTOR has such Confidential Information in its actual or constructive possession. 45 CFR 164.308 (administrative safeguards); 164.310 (physical safeguards); 164.312 (technical safeguards); 164.530(c)(privacy safeguards). (S) CONTRACTOR will designate and identify, a Person or Persons, as Privacy Official 45 CFR 164.530(a)(1) and Information Security Official, each of whom is authorized to act on behalf of CONTRACTOR and is responsible for the development and implementation of the privacy and security requirements in this DUA. CONTRACTOR will provide name and current address, phone number and e-mail address for such designated officials to HHS upon execution of this DUA and prior to any change. If such persons fail to develop and implement the requirements of the DUA, CONTRACTOR will replace them upon HHS request. 45 CFR 164.308(a)(2). (T) CONTRACTOR represents and warrants that its Authorized Users each have a demonstrated need to know and have access to Confidential Information solely to the minimum extent necessary to accomplish the Authorized Purpose pursuant to this DUA and the Base Contract, and further, that each has agreed in writing to be bound by the disclosure and use limitations pertaining to the Confidential Information contained in this DUA. 45 CFR 164.502; 164.514(d). (U) CONTRACTOR and its Subcontractors will maintain an updated, complete, accurate and numbered list of Authorized Users, their signatures, titles and the date they HHS Data Use Agreement TACCHO VERSION (Local City and County Entities) October 23, 2019 Page 6 of 15 DocuSign Envelope ID: 557C76D3-B429-439E-A7E1-7ED98683CE1E agreed to be bound by the terms of this DUA, at all times and supply it to HHS, as directed, upon request. (V) CONTRACTOR will implement, update as necessary, and document reasonable and appropriate policies and procedures for privacy, security and Breach of Confidential Information and an incident response plan for an Event or Breach, to comply with the privacy, security and breach notice requirements of this DUA prior to conducting work under the Statement of Work. 45 CFR 164.308; 164.316, 164.514(d); 164.530(i)(1). (W) CONTRACTOR will produce copies of its information security and privacy policies and procedures and records relating to the use or disclosure of Confidential Information received from, created by, or received, used or disclosed by CONTRACTOR for an Authorized Purpose for HHS's review and approval within 30 days of execution of this DUA and upon request by HHS the following business day or other agreed upon time frame. 45 CFR 164.308, 164.514(d). (X) CONTRACTOR will make available to HHS any information HHS requires to fulfill HHS's obligations to provide access to, or copies of, PHI in accordance with HIPAA and other applicable laws and regulations relating to Confidential Information. CONTRACTOR will provide such information in a time and manner reasonably agreed upon or as designated by the SecrejM of the U.S. Department of Health and Human Services, or other federal or state law. 45 CFR 164.504(e)(2)(t)(I). (Y) CONTRACTOR will only conduct secure transmissions of Confidential Information whether in paper, oral or electronic form, in accordance with applicable rules, regulations and laws. A secure transmission of electronic Confidential Information in motion includes, but is not limited to, Secure File Transfer Protocol (SFTP) or Encryption at an appropriate level. If required by rule, regulation or law, HHS Confidential Information at rest requires Encryption unless there is other adequate administrative, technical, and physical security. All electronic data transfer and communications of Confidential Information will be through secure systems. Proof of system, media or device security and/or Encryption must be produced to HHS no later than 48 hours after HHS's written request in response to a compliance investigation, audit or the Discovery of an Event or Breach. Otherwise, requested production of such proof will be made as agreed upon by the parties. De -identification of HHS Confidential Information is a means of security. With respect to de -identification of PHI, "secure" means de -identified according to HIPAA Privgo standards and regulatory guidance. 45 CFR 164.312, 164.530(d). (Z) For each type of Confidential Information CONTRACTOR creates, receives, maintains, uses, discloses, has access to or transmits in the performance of the Statement of Work, CONTRACTOR will comply with the following laws rules and regulations, only to the extent applicable and required by law: • Title 1, Part 10, Chapter 202, Subchapter B, Texas Administrative Code; The Privacy Act of 1974; HHS Data Use Agreement TACCHO VERSION (Local City and County Entities) October 23, 2019 Page 7 of 15 DocuSign Envelope ID: 557C76D3-B429-439E-A7E1-7ED98683CE1E • OMB Memorandum 07-16; • The Federal Information Security Management Act of 2002 (FISMA); • The Health Insurance Portability and Accountability Act of 1996 (HIPAA) as defined in the DUA; • Internal Revenue Publication 1075 — Tax Information Security Guidelines for Federal, State and Local Agencies; • National Institute of Standards and Technology (MIST) Special Publication 800-66 Revision 1— An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule; • NIST Special Publications 800-53 and 800-53A — Recommended Security Controls for Federal Information Systems and Organizations, as currently revised; • NIST Special Publication 800-47 — Security Guide for Interconnecting Information Technology Systems; • NIST Special Publication 800-88, Guidelines for Media Sanitization; • NIST Special Publication 800-111, Guide to Storage of Encryption Technologies for End User Devices containing PHI; and Any other State or Federal law, regulation, or administrative rule relating to the specific HHS program area that CONTRACTOR supports on behalf of HHS. (AA) Notwithstanding anything to the contrary herein, CONTRACTOR will treat any Personal Identifjg, Information it creates, receives, maintains, uses, transmits, destroys and/or discloses in accordance with Texas Business and Commerce Code, Chapter 521 and other applicable regulatory standards identified in Section 3.01(Z), and Individually Identifiable Health Information CONTRACTOR creates, receives, maintains, uses, transmits, destroys and/or discloses in accordance with HIPAA and other applicable regulatory standards identified in Section 3.01(Z). ARTICLE 4. BREACH NOTICE, REPORTING AND CORRECTION REQUIREMENTS 4.01 Breach or Event Notification to HHS. 45 CFR 164.400414. (A) CONTRACTOR will cooperate fully with HHS in investigating, mitigating to the extent practicable and issuing notifications directed by HHS, for any Event or Breach of Confidential Information to the extent and in the manner determined by HHS. HHS Data Use Agreement TACCHO VERSION (Local City and County Entities) October 23, 2019 Page 8 of 15 DocuSign Envelope ID: 557C76D3-B429-439E-A7E1-7ED98683CE1E (B) CONTRACTOR'S obligation begins at the Discovery of an Event or Breach and continues as long as related activity continues, until all effects of the Event are mitigated to HHS's reasonable satisfaction (the "incident response period"). 45 CFR 164.404. (C) Breach Notice: (1) Initial Notice. (a) For federal information, including without limitation, Federal Tax Information, Social Security Administration Data, and Medicaid Client Information, within the first, consecutive clock hour of Discovery, and for all other types of Confidential Information not more than 24 hours after Discovery, or in a timefi-ame otherwise approved by HHS in writing, initially report to HHS's Privacy and Security Officers via email at: privacy@HHSC.state.tx.us and to the HHS division responsible for this DUA; and IRS Publication 1075; Privacy Act of 1974, as amended by the Computer Matching and Privacy Protection Act of 1988, 5 U.S.C. § 552a; OMB Memorandum 07-16 as cited in HHSC-CMS Contracts for information exchange. (b) Report all information reasonably available to CONTRACTOR about the Event or Breach of the privacy or security of Confidential Information. 45 CFR 164.410. (c) Name, and provide contact information to HHS for, CONTRACTORS single point of contact who will communicate with HHS both on and off business hours during the incident response period. (2) Formal Notice. No later than two business days after the Initial Notice above, provide formal notification to privacy@HHSC.state.tx.us and to the HHS division responsible for this DUA, including all reasonably available information about the Event or Breach, and CONTRACTOR's investigation, including without limitation and to the extent available: For (a) - (m) below: 45 CFR 164.400414. (a) The date the Event or Breach occurred; (b) The date of CONTRACTOR's and, if applicable, Subcontractor's Discovery; (c) A brief description of the Event or Breach; including how it occurred and who is responsible (or hypotheses, if not yet determined); (d) A brief description of CONTRACTOR's investigation and the status of the investigation; (e) A description of the types and amount of Confidential Information involved; HHS Data Use Agreement TACCHO VERSION (Local City and County Entities) October 23, 2019 Page 9 of 15 DocuSign Envelope ID: 557C76D3-B429-439E-A7E1-7ED98683CE1E (f) Identification of and number of all Individuals reasonably believed to be affected, including first and last name of the Individual and if applicable the, Legally Authorized Representative, last known address, age, telephone number, and email address if it is a preferred contact method, to the extent known or can be reasonably determined by CONTRACTOR at that time; (g) CONTRACTOR's initial risk assessment of the Event or Breach demonstrating whether individual or other notices are required by applicable law or this DUA for HHS approval, including an analysis of whether there is a low probability of compromise of the Confidential Information or whether any legal exceptions to notification apply; (h) CONTRACTOR's recommendation for HHS's approval as to the steps Individuals and/or CONTRACTOR on behalf of Individuals, should take to protect the Individuals from potential harm, including without limitation CONTRACTOR's provision of notifications, credit protection, claims monitoring, and any specific protections for a Legally Authorized Representative to take on behalf of an Individual with special capacity or circumstances; (i) The steps CONTRACTOR has taken to mitigate the harm or potential harm caused (including without limitation the provision of sufficient resources to mitigate); 0) The steps CONTRACTOR has taken, or will take, to prevent or reduce the likelihood of recurrence of a similar Event or Breach; (k) Identify, describe or estimate the Persons, Workforce, Subcontractor, or Individuals and any law enforcement that may be involved in the Event or Breach; (1) A reasonable schedule for CONTRACTOR to provide regular updates during normal business hours to the foregoing in the future for response to the Event or Breach, but no less than every three (3) business days or as otherwise directed by HHS, including information about risk estimations, reporting, notification, if any, mitigation, corrective action, root cause analysis and when such activities are expected to be completed; and (m) Any reasonably available, pertinent information, documents or reports related to an Event or Breach that HHS requests following Discovery. 4.02 Investigation, Response and Mitigation. 45 CFR 164.308, 310 and 312; 164.530 (A) CONTRACTOR will immediately conduct a full and complete investigation, respond to the Event or Breach, commit necessary and appropriate staff and resources to HHS Data Use Agreement TACCHO VERSION (Local City and County Entities) October 23, 2019 Page 10 of 15 DocuSign Envelope ID: 557C76D3-B429-439E-A7E1-7ED98683CE1E expeditiously respond, and report as required to and by HHS for incident response purposes and for purposes of HHS's compliance with report and notification requirements, to the reasonable satisfaction of HHS. (B) CONTRACTOR will complete or participate in a risk assessment as directed by HHS following an Event or Breach, and provide the final assessment, corrective actions and mitigations to HHS for review and approval. (C) CONTRACTOR will fully cooperate with HHS to respond to inquiries and/or proceedings by state and federal authorities, Persons and/or Individuals about the Event or Breach. (D) CONTRACTOR will fully cooperate with HHS's efforts to seek appropriate injunctive relief or otherwise prevent or curtail such Event or Breach, or to recover or protect any Confidential Information, including complying with reasonable corrective action or measures, as specified by HHS in a Corrective Action Plan if directed by HHS under the Base Contract. 4.03 Breach Notification to Individuals and Reporting to Authorities. Tex. Bus. & Comm. Code §521.053; 45 CFR 164.404 (Individuals), 164.406 (Media); 164.408 (Authorities) (A) HHS may direct CONTRACTOR to provide Breach notification to Individuals, regulators or third -parties, as specified by HHS following a Breach. (B) CONTRACTOR shall give HHS an opportunity to review and provide feedback to CONTRACTOR and to confirm that CONTRACTOR's notice meets all regulatory requirements regarding the time, manner and content of any notification to Individuals, regulators or third -parties, or any notice required by other state or federal authorities, including without limitation, notifications required by Texas Business and Commerce Code, Chapter 521.053(b) and HIPAA. HHS shall have ten (10) business days to provide said feedback to CONTRACTOR. Notice letters will be in CONTRACTOR's name and on CONTRACTOR's letterhead, unless otherwise directed by HHS, and will contain contact information, including the name and title of CONTRACTOR's representative, an email address and a toll -free telephone number, if required by applicable law, rule, or regulation, for the Individual to obtain additional information. (C) CONTRACTOR will provide HHS with copies of distributed and approved communications. (D) CONTRACTOR will have the burden of demonstrating to the reasonable satisfaction of HHS that any notification required by HHS was timely made. If there are delays outside of CONTRACTOR's control, CONTRACTOR will provide written documentation of the reasons for the delay. HHS Data Use Agreement TACCHO VERSION (Local City and County Entities) October 23, 2019 Page I 1 of 15 DocuSign Envelope ID: 557C76D3-B429-439E-A7E1-7ED98683CE1E (E) If HHS delegates notice requirements to CONTRACTOR, HHS shall, in the time and manner reasonably requested by CONTRACTOR, cooperate and assist with CONTRACTOR's information requests in order to make such notifications and reports. ARTICLE 5. STATEMENT OF WORK "Statement of Work" means the services and deliverables to be performed or provided by CONTRACTOR, or on behalf of CONTRACTOR by its Subcontractors or agents for HHS that are described in detail in the Base Contract. The Statement of Work, including any future amendments thereto, is incorporated by reference in this DUA as if set out word-for-word herein. ARTICLE 6. GENERAL PROVISIONS 6.01 Oversight of Confidential Information CONTRACTOR acknowledges and agrees that HHS is entitled to oversee and monitor CONTRACTOR's access to and creation, receipt, maintenance, use, disclosure of the Confidential Information to confirm that CONTRACTOR is in compliance with this DUA. 6.02 HHS Commitment and Obligations HHS will not request CONTRACTOR to create, maintain, transmit, use or disclose PHI in any manner that would not be permissible under applicable law if done by HHS. 6.03 HHS Right to Inspection At any time upon reasonable notice to CONTRACTOR, or if HHS determines that CONTRACTOR has violated this DUA, HHS, directly or through its agent, will have the right to inspect the facilities, systems, books and records of CONTRACTOR to monitor compliance with this DUA. For purposes of this subsection, HHS's agent(s) include, without limitation, the HHS Office of the Inspector General or the Office of the Attorney General of Texas, outside consultants or legal counsel or other designee. 6.04 Term; Termination of DUA; Survival This DUA will be effective on the date on which CONTRACTOR executes the DUA, and will terminate upon termination of the Base Contract and as set forth herein. If the Base Contract is extended or amended, this DUA shall be extended or amended concurrent with such extension or amendment. (A) HHS may immediately terminate this DUA and Base Contract upon a material violation of this DUA. HHS Data Use Agreement TACCHO VERSION (Local City and County Entities) October 23, 2019 Page 12 of 15 DocuSign Envelope ID: 557C76D3-B429-439E-A7E1-7ED98683CE1E (B) Termination or Expiration of this DUA will not relieve CONTRACTOR of its obligation to return or Destroy the Confidential Information as set forth in this DUA and to continue to safeguard the Confidential Information until such time as determined by HHS. (C) If HHS determines that CONTRACTOR has violated a material term of this DUA; HHS may in its sole discretion: (1) Exercise any of its rights including but not limited to reports, access and inspection under this DUA and/or the Base Contract; or (2) Require CONTRACTOR to submit to a Corrective Action Plan, including a plan for monitoring and plan for reporting, as HHS may determine necessary to maintain compliance with this DUA; or (3) Provide CONTRACTOR with a reasonable period to cure the violation as determined by HHS; or (4) Terminate the DUA and Base Contract immediately, and seek relief in a court of competent jurisdiction in Texas. Before exercising any of these options, HHS will provide written notice to CONTRACTOR describing the violation, the requested corrective action CONTRACTOR may take to cure the alleged violation, and the action HHS intends to take if the alleged violated is not timely cured by CONTRACTOR. (D) If neither termination nor cure is feasible, HHS shall report the violation to the Secretary of the U.S. Department of Health and Human Services. (E) The duties of CONTRACTOR or its Subcontractor under this DUA survive the expiration or termination of this DUA until all the Confidential Information is Destroyed or returned to HHS, as required by this DUA. 6.05 Governing Law, Venue and Litigation (A) The validity, construction and performance of this DUA and the legal relations among the Parties to this DUA will be governed by and construed in accordance with the laws of the State of Texas. (B) The Parties agree that the courts of Texas, will be the exclusive venue for any litigation, special proceeding or other proceeding as between the parties that may be brought, or arise out of, or in connection with, or by reason of this DUA. 6.06 Injunctive Relief (A) CONTRACTOR acknowledges and agrees that HHS may suffer irreparable injury if CONTRACTOR or its Subcontractor fails to comply with any of the terms of this HHS Data Use Agreement TACCHO VERSION (Local City and County Entities) October 23, 2019 Page 13 of 15 DocuSign Envelope ID: 557C76D3-B429-439E-A7E1-7ED98683CE1E DUA with respect to the Confidential Information or a provision of HIPAA or other laws or regulations applicable to Confidential Information. (B) CONTRACTOR further agrees that monetary damages may be inadequate to compensate HHS for CONTRACTOR's or its Subcontractor's failure to comply. Accordingly, CONTRACTOR agrees that HHS will, in addition to any other remedies available to it at law or in equity, be entitled to seek injunctive relief without posting a bond and without the necessity of demonstrating actual damages, to enforce the terms of this DUA. 6.07 Responsibility. To the extent permitted by the Texas Constitution, laws and rules, and without waiving any immunities or defenses available to CONTRACTOR as a governmental entity, CONTRACTOR shall be solely responsible for its own acts and omissions and the acts and omissions of its employees, directors, officers, Subcontractors and agents. HHS shall be solely responsible for its own acts and omissions. 6.08 Insurance (A) As a governmental entity, and in accordance with the limits of the Texas Tort Claims Act, Chapter 101 of the Texas Civil Practice and Remedies Code, CONTRACTOR either maintains commercial insurance or self -insures with policy limits in an amount sufficient to cover CONTRACTOR's liability arising under this DUA. CONTRACTOR will request that HHS be named as an additional insured. HHSC reserves the right to consider alternative means for CONTRACTOR to satisfy CONTRACTOR's financial responsibility under this DUA. Nothing herein shall relieve CONTRACTOR of its financial obligations set forth in this DUA if CONTRACTOR fails to maintain insurance. (B) CONTRACTOR will provide HHS with written proof that required insurance coverage is in effect, at the request of HHS. 6.08 Fees and Costs Except as otherwise specified in this DUA or the Base Contract, if any legal action or other proceeding is brought for the enforcement of this DUA, or because of an alleged dispute, contract violation, Event, Breach, default, misrepresentation, or injunctive action, in connection with any of the provisions of this DUA, each party will bear their own legal expenses and the other cost incurred in that action or proceeding. 6.09 Entirety of the Contract This DUA is incorporated by reference into the Base Contract as an amendment thereto and, together with the Base Contract, constitutes the entire agreement between the parties. No change, waiver, or discharge of obligations arising under those documents will be valid unless in writing and executed by the party against whom such change, waiver, or discharge is sought to be enforced. If any provision of the Base Contract, including any General Provisions or Uniform Terms and Conditions, conflicts with this DUA, this DUA controls. HHS Data Use Agreement TACCHO VERSION (Local City and County Entities) October 23, 2019 Page 14 of 15 DocuSign Envelope ID: 551EBB26-E393-4B49-934C-BOB164C5A623 6.10 Automatic Amendment and Interpretation If there is (i) a change in any law, regulation or rule, state or federal, applicable to HIPPA and/or Confidential Information, or (ii) any change in the judicial or administrative interpretation of any such law, regulation or rule„ upon the effective date of such change, this DUA shall be deemed to have been automatically amended, interpreted and read so that the obligations imposed on HHS and/or CONTRACTOR remain in compliance with such changes. Any ambiguity in this DUA will be resolved in favor of a meaning that permits HHS and CONTRACTOR to comply with HIPAA or any other law applicable to Confidential Information. HHS Data Use Agreement TACCHO VERSION (Local City and County Entities) October 23, 2019 Page 15 of 15 r)—OZi— Cm. I— In•r.F1FRR9R-FZQZ-ARdQ-QZar`-RnR1rAr.-r AA9Z TEXAS Texas HHS System - Data Use Agreement - Attachment 2 SECURITY AND PRIVACY INQUIRY (SPI) Health and Human Services If you are a bidder for a new procurement/contract, in order to participate in the bidding process, you must have corrected any "No" responses (except A9a) prior to the contract award date. If you are an applicant for an open enrollment, you must have corrected any "No" answers (except A9a and A11) prior to performing any work on behalf of any Texas HHS agency. For any questions answered "No" (except A9a and A11), an Action Plan for Compliance with a Timeline must be documented in the designated area below the question. The timeline for compliance with HIPAA-related requirements for safeguarding Protected Health Information is 30 calendar days from the date this form is signed. Compliance with requirements related to other types of Confidential Information must be confirmed within 90 calendar days from the date the form is signed. SECTION A: APPLICANT/BIDDER INFORMATION (To be completed by Applicant/Bidder) 1. Does the applicant/bidder access, create, disclose, receive, transmit, maintain, or store Texas Q Yes HHS Confidential Information in electronic systems (e.g., laptop, personal use computer, Q No mobile device, database, server, etc.)? IF NO, STOP. THE SPI FORM IS NOT REQUIRED. 2- Entity or Applicant/Bidder Legal Name Legal Name: City of Lubbock City of Lubbock Legal Entity Tax Identification Number (TIN) (Last Four Numbers Only): 5906 Procurement/Contract#: HCl Grant, HHS000436300019 Address: PO BOX 2000 City: LUBBOCK State: TX ZIP: 79457 Telephone #: 806-775-2941 Email Address: kwells@rnylubbock.us 3. Number of Employees, at all locations, in Total Employees: 2500 Applicant/Bidder's Workforce "Workforce" means all employees, volunteers, trainees, and other Persons whose conduct is under the direct control of Applicant/Bidder, whether or not they are paid by Applicant/ Bidder. If Applicant/Bidder is a sole proprietor, the workforce may be only one employee. 4. Number of Subcontractors Total Subcontractors: o (if Applicant/Bidder will not use subcontractors, enter "0") S. Name of Information Technology Security Official A. Security Official: and Name of Privacy Official for Applicant/Bidder Legal Name: Christopher wade Nelson (Privacy and Security Official may be the same person.) Address: PO BOX 2000 City: LUBBOCK State: TX ZIP: 79457 Telephone #: 806-775-2390 Email Address: cwnelson mylubbock.us B. Privacy Official: Legal Name: Christopher Wade Nelson Address: PO BOX 2000 City: LUBBOCK State: TX ZIP: 79457 Telephone #: 806-775-2390 Email Address: cwnelson@rnylubbock.us SPI Version 2.1 (06/2018) Texas HHS System - Data Use Agreement - Attachment 2: Page 1 of 18 SECURITY AND PRIVACY INQUIRY (SPI) DocuSign Envelope [D: 55itt�t�zatsas-atsaa-asap-csurs�oa�SHo�s 6. Type(s) of Texas HHS Confidential Information the HIPAA CAS IRS FTI CMS SSA PH Applicant/Bidder will create, receive, maintain, use, ❑ ❑ ❑ ❑ disclose or have access to: (Check all that apply) Other (Please List) • Health Insurance Portability and Accountability Act (HIPAA) data None • Criminal Justice Information Services (CIIS) data • Internal Revenue Service Federal Tax Information (IRS FTI) data • Centers for Medicare & Medicaid Services (CMS) • Social Security Administration (SSA) • Personally Identifiable Information (PII) 7. Number of Storage Devices for Texas HHS Confidential Information (as defined in the Total # Texas HHS System Data Use Agreement (DUA)) (Sum a-d) Cloud Services involve using a network of remote servers hosted on the Internet to store, 495 manage, and process data, rather than a local server or a personal computer. A Data Center is a centralized repository, either physical or virtual, for the storage, management, and dissemination of data and information organized around a particular body of knowledge or pertaining to a particular business. a. Devices. Number of personal user computers, devices or drives, including mobile 4900 devices and mobile drives. b. Servers. Number of Servers that are not in a data center or using Cloud Services. 2 c. Cloud Services. Number of Cloud Services in use. 20 d. Data Centers. Number of Data Centers in use. 3 8. Number of unduplicated individuals for whom Applicant/Bidder reasonably expects to Select Option handle Texas HHS Confidential Information during one year: (a-d) a. 499 individuals or less ® a• b. 500 to 999 individuals © b• c. 1,000 to 99,999 individuals ® C. d. 100,000 individuals or more © d• 9. HIPAA Business Associate Agreement a. Will Applicant/Bidder use, disclose, create, receive, transmit or maintain protected © Yes health information on behalf of a HIPAA-covered Texas HHS agency for a HIPAA- Q No covered function? b. Does Applicant/Bidder have a Privacy Notice prominently displayed on a Webpage or a 0 Yes Public Office of Applicant/Bidder's business open to or that serves the public? (This is a ® No HIPAA requirement. Answer "N/A" if not applicable, such as for agencies not covered ® N/A by HIPAA.) Action Plan for Compliance with a Timeline: Compliance Date: 10. Subcontractors. If the Applicant/Bidder responded "0" to Question 4 (indicating no subcontractors), check "N/A" for both 'a.' and'b.' a. Does Applicant/Bidder require subcontractors to execute the DUA Attachment 1 0 Yes Subcontractor Agreement Form? ® No Q N/A Action Plan for Compliance with a Timeline: Compliance Date: SPI Version 2.1 (06/2018) Texas HHS System - Data Use Agreement - Attachment 2: Page 2 of 18 SECURITY AND PRIVACY INQUIRY (SPI) nnniRinn FnvelnnP in. 551FRR2fi-E393-4R49-934C-808164C5A623 b. Will Applicant/Bidder agree to require subcontractors who will access Confidential Information to comply with the terms of the DUA, not disclose any Confidential Information to them until they have agreed in writing to the same safeguards and to discontinue their access to the Confidential Information if they fail to comply? 0 Yes 0 No (� N/A Action Plan for Compliance with a Timeline: Compliance Date: 11. Does Applicant/Bidder have any Optional Insurance currently in place? ® Yes Optional Insurance provides coverage for: (1) Network Security and Privacy; (2) Data Breach; (3) Cyber 0 No Liability (lost data, lost use or delay/suspension in business, denial of service with e-business, the Internet, ®N/A networks and informational assets, such as privacy, intellectual property, virus transmission, extortion, sabotage or web activities); (4) Electronic Media Liability; (5) Crime/Theft; (6) Advertising Injury and Personal Injury Liability; and (7) Crisis Management and Notification Expense Coverage. SPI Version 2.1 (06/2018) Texas HHS System - Data Use Agreement - Attachment 2: Page 3 of 18 SECURITY AND PRIVACY INQUIRY (SPI) �n nnnec�ncneno ,VV4VNV11 ulvo vFw 1 - - SECTION - PRIVACY ANALYSIS , • • ' completed by • • • • ' For any questions answered "No," an Action Plan for Compliance with a Timeline must be documented in the designated area below the question. The timeline for compliance with HIPAA-related requirements for safeguarding Protected Health Information is 30 calendar days from the date this form is signed. Compliance with requirements related to other types of Confidential Information must be confirmed within 90 calendar days from the date the form is signed. 1. Written Policies & Procedures. Does Applicant/Bidder have current written privacy and Yes or No security policies and procedures that, at a minimum: a. Does Applicant/Bidder have current written privacy and security policies and ® Yes procedures that identify Authorized Users and Authorized Purposes (as defined in the O No DUA) relating to creation, receipt, maintenance, use, disclosure, access or transmission of Texas HHS Confidential Information? Action Plan for Compliance with a Timeline: Compliance Date: b. Does Applicant/Bidder have current written privacy and security policies and Q Yes procedures that require Applicant/Bidder and its Workforce to comply with the 0 No applicable provisions of HIPAA and other laws referenced in the DUA, relating to creation, receipt, maintenance, use, disclosure, access or transmission of Texas HHS Confidential Information on behalf of a Texas HHS agency? Action Plan for Compliance with a Timeline: Compliance Date: c. Does Applicant/Bidder have current written privacy and security policies and procedures G Yes that limit use or disclosure of Texas HHS Confidential Information to the minimum that is No necessary to fulfill the Authorized Purposes? Action Plan for Compliance with a Timeline: Compliance Date: d. Does Applicant/Bidder have current written privacy and security policies and procedures ®Yes that respond to an actual or suspected breach of Texas HHS Confidential Information, to "No" "No" O No include at a minimum (if any responses are check for all three): i. Immediate breach notification to the Texas HHS agency, regulatory authorities, and other required Individuals or Authorities, in accordance with Article 4 of the DUA; ii. Following a documented breach response plan, in accordance with the DUA and applicable law; & iii. Notifying Individuals and Reporting Authorities whose Texas HHS Confidential Information has been breached, as directed by the Texas HHS agency? SPI Version 2.1 (06/2018) Texas HHS System - Data Use Agreement - Attachment 2: Page 4 of 18 SECURITY AND PRIVACY INQUIRY (SPI) DocuSign Envelope ID: 551EBB26-E393-4649-934G-BUblb4c5Atizs Action Plan for Compliance with a Timeline: Compliance Date: e. Does Applicant/Bidder have current written privacy and security policies and procedures () Yes that conduct annual workforce training and monitoring for and correction of any training NO delinquencies? Action Plan for Compliance with a Timeline: Compliance Date: f. Does Applicant/Bidder have current written privacy and security policies and () Yes procedures that permit or deny individual rights of access, and amendment ®No or correction, when appropriate? Action Plan for Compliance with a Timeline: Compliance Date: g. Does Applicant/Bidder have current written privacy and security policies and procedures ® Yes that permit only Authorized Users with up-to-date privacy and security training, and © No with a reasonable and demonstrable need to use, disclose, create, receive, maintain, access or transmit the Texas HHS Confidential Information, to carry out an obligation under the DUA for an Authorized Purpose, unless otherwise approved in writing by a Texas HHS agency? Action Plan for Compliance with a Timeline: Compliance Date: h. Does Applicant/Bidder have current written privacy and security policies and procedures ® Yes that establish, implement and maintain proof of appropriate sanctions against any ©No Workforce or Subcontractors who fail to comply with an Authorized Purpose or who is not an Authorized User, and used or disclosed Texas HHS Confidential Information in violation of the DUA, the Base Contract or applicable law? Action Plan for Compliance with a Timeline: Compliance Date: L Does Applicant/Bidder have current written privacy and security policies and () Yes procedures that require updates to policies, procedures and plans following major o No changes with use or disclosure of Texas HHS Confidential Information within 60 days of identification of a need for update? Action Plan for Compliance with a Timeline: Compliance Date: SPI Version 2.1 (06/2018) Texas HHS System - Data Use Agreement - Attachment 2: Page 5 of 18 SECURITYAND PRIVACY INQUIRY (SPI) DocuSign Envelope ID: 551EBB26-E393-4B49-934C;-t$Ub1ML;5AUJ j. Does Applicant/Bidder have current written privacy and security policies and ® Yes procedures that restrict permissions or attempts to re -identify or further identify 0 No de -identified Texas HHS Confidential Information, or attempt to contact any Individuals whose records are contained in the Texas HHS Confidential Information, except for an Authorized Purpose, without express written authorization from a Texas HHS agency or as expressly permitted by the Base Contract? Action Plan for Compliance with a Timeline: Compliance Date: k. If Applicant/Bidder intends to use, disclose, create, maintain, store or transmit Texas HHS () Yes Confidential Information outside of the United States, will Applicant/Bidder obtain the © No express prior written permission from the Texas HHS agency and comply with the Texas HHS agency conditions for safeguarding offshore Texas HHS Confidential Information? Action Plan for Compliance with a Timeline: Compliance Date: I. Does Applicant/Bidder have current written privacy and security policies and procedures () Yes that require cooperation with Texas HHS agencies' or federal regulatory inspections, ®No audits or investigations related to compliance with the DUA or applicable law? Action Plan for Compliance with a Timeline: Compliance Date: m. Does Applicant/Bidder have current written privacy and security policies and C) Yes procedures that require appropriate standards and methods to destroy or dispose of © No Texas HHS Confidential Information? Action Plan for Compliance with a Timeline: Compliance Date: n. Does Applicant/Bidder have current written privacy and security policies and procedures 0 Yes that prohibit disclosure of Applicant/Bidder's work product done on behalf of Texas HHS ® No pursuant to the DUA, or to publish Texas HHS Confidential Information without express prior approval of the Texas HHS agency? Action Plan for Compliance with a Timeline: Compliance Date: 2. Does Applicant/Bidder have a current Workforce training program? () Yes Training of Workforce must occur at least once every year, and within 30 days of date of hiring a new ® NO Workforce member who will handle Texas HHS Confidential Information. Training must include: (1) privacy and security policies, procedures, plans and applicable requirements for handling Texas HHS Confidential Information, (2) a requirement to complete training before access is given to Texas HHS Confidential Information, and (3) written proof of training and a procedure for monitoring timely completion of training. SPI Version 2.1 (06/2018) Texas HHS System - Data Use Agreement - Attachment 2: Page 6 of 18 SECURITY AND PRIVACY INQUIRY (SPI) DocuSign Envelope ID: 551EBB26-E393-4649-934c-6061b4G5Abz3 Action Plan for Compliance with a Timeline: Compliance Date: 3. Does Applicant/Bidder have Privacy Safeguards to protect Texas HHS Confidential 0 Yes Information in oral, paper and/or electronic form? 0 No "Privacy Safeguards" means protection of Texas HHS Confidential Information by establishing, implementing and maintaining required Administrative, Physical and Technical policies, procedures, processes and controls, required by the DUA, HIPAA (45 CFR 164.530), Social Security Administration, Medicaid and laws, rules or regulations, as applicable. Administrative safeguards include administrative protections, policies and procedures for matters such as training, provision of access, termination, and review of safeguards, incident management, disaster recovery plans, and contract provisions. Technical safeguards include technical protections, policies and procedures, such as passwords, logging, emergencies, how paper is faxed or mailed, and electronic protections such as encryption of data. Physical safeguards include physical protections, policies and procedures, such as locks, keys, physical access, physical storage and trash. Action Plan for Compliance with a Timeline: Compliance Date: 4. Does Applicant/Bidder and all subcontractors (if applicable) maintain a current list of 0 Yes Authorized Users who have access to Texas HHS Confidential Information, whether oral, o No written or electronic? Action Plan for Compliance with a Timeline: Compliance Date: 5. Does Applicant/Bidder and all subcontractors (if applicable) monitor for and remove ® Yes terminated employees or those no longer authorized to handle Texas HHS 0 No Confidential Information from the list of Authorized Users? Action Plan for Compliance with a Timeline: Compliance Date: SPI Version 2.1 (06/2018) Texas HHS System - Data Use Agreement - Attachment 2: Page 7 of 18 SECURITY AND PRIVACY INQUIRY (SPI) DOCUSIgn tnvelope w: bblttsli"Lb-tsas 4t34a-as4V-rsuesln4VONOLs 0r1,1. . . R. • .11 . t (to be completed by Applicant/Bidder) This section is about your electronic system. If your business DOES NOT store, access, or No Electronic transmit Texas HHS Confidential Information in electronic systems (e.g., laptop, personal Systems use computer, mobile device, database, server, etc.) select the box to the right, and "YES" will be entered for all questions in this section. For any questions answered "No," an Action Plan for Compliance with a Timeline must be documented in the designated area below the question. The timeline for compliance with HIPAA-related items is 30 calendar days, PII-related items is 90 calendar days. 1. Does the Applicant/Bidder ensure that services which access, create, disclose, receive, ® Yes transmit, maintain, or store Texas HHS Confidential Information are maintained IN the ® No United States (no offshoring) unless ALL of the following requirements are met? a. The data is encrypted with FIPS 140-2 validated encryption b. The offshore provider does not have access to the encryption keys c. The Applicant/Bidder maintains the encryption key within the United States d. The Application/Bidder has obtained the express prior written permission of the Texas HHS agency For more information regarding FIPS 140-2 encryption products, please refer to: hup.-I csrc.nisi.goy/publications/fips Action Plan for Compliance with a Timeline: Compliance Date: 2. Does Applicant/Bidder utilize an IT security -knowledgeable person or company to maintain G Yes or oversee the configurations of Applicant/Bidder's computing systems and devices? () No Action Plan for Compliance with a Timeline: Compliance Date: 3. Does Applicant/Bidder monitor and manage access to Texas HHS Confidential Information ® Yes (e.g., a formal process exists for granting access and validating the need for users to access No Texas HHS Confidential Information, and access is limited to Authorized Users)? Action Plan for Compliance with a Timeline: Compliance Date: 4. Does Applicant/Bidder a) have a system for changing default passwords, b) require user ( Yes password changes at least every 90 calendar days, and c) prohibit the creation of weak No passwords (e.g., require a minimum of 8 characters with a combination of uppercase, lowercase, special characters, and numerals, where possible) for all computer systems that access or store Texas HHS Confidential Information. If yes, upon request must provide evidence such as a screen shot or a system report. Action Plan for Compliance with a Timeline: Compliance Date: SPI Version 2.1 (06/2018) Texas HHS System - Data Use Agreement - Attachment 2: Page 8 of 18 SECURITY AND PRIVACY INQUIRY (SPI) DocuSign Envelope ID: 551EB626-E393-4649-9314U-BU61ti4L;OAG[s 5. Does each member of Applicant/Bidder's Workforce who will use, disclose, create, receive, Q Yes transmit or maintain Texas HHS Confidential Information have a unique user name No (account) and private password? Action Plan for Compliance with a Timeline: Compliance Date: 6. Does Applicant/Bidder lock the password after a certain number of failed attempts and ® Yes after 15 minutes of user inactivity in all computing devices that access or store Texas O No HHS Confidential Information? Action Plan for Compliance with a Timeline: Compliance Date: 7. Does Applicant/Bidder secure, manage and encrypt remote access (including wireless () Yes access) to computer systems containing Texas HHS Confidential Information? (e.g., a formal C) No process exists for granting access and validating the need for users to remotely access Texas HHS Confidential Information, and remote access is limited to Authorized Users). Encryption is required for all Texas HHS Confidential Information. Additionally, FIPS 140-2 validated encryption is required for Health Insurance Portability and Accountability Act (HIPAA) data, Criminal Justice Information Services (CIIS) data, Internal Revenue Service Federal Tax Information (IRS FTI) data, and Centers for Medicare & Medicaid Services (CMS) data. For more information regarding FIPS 140-2 encryption products, please refer to: http://csrc. nisi. aov/publications/tips Action Plan for Compliance with a Timeline: Compliance Date: S. Does Applicant/Bidder implement computer security configurations or settings for all 0 Yes computers and systems that access or store Texas HHS Confidential Information? O No (e.g., non -essential features or services have been removed or disabled to reduce the threat of breach and to limit exploitation opportunities for hackers or intruders, etc.) Action Plan for Compliance with a Timeline: Compliance Date: 9. Does Applicant/Bidder secure physical access to computer, paper, or other systems Q Yes containing Texas HHS Confidential Information from unauthorized personnel and theft O No (e.g., door locks, cable locks, laptops are stored in the trunk of the car instead of the passenger area, etc.)? Action Plan for Compliance with a Timeline: Compliance Date: SPI Version 2.1 (06/2018) Texas HHS System - Data Use Agreement - Attachment 2: Page 9 of 18 SECURITY AND PRIVACY INQUIRY (SPI) DocuSign Envelope ID: 551EBB26-E393-4849-934G-6o61W;5A6z3 10. Does Applicant/Bidder use encryption products to protect Texas HHS Confidential ® Yes Information that is transmitted over a public network (e.g., the Internet, WiFi, etc.)? No If yes, upon request must provide evidence such as a screen shot or a system report. Encryption is required for all HHS Confidential Information. Additionally, FIPS 140-2 validated encryption is required for Health Insurance Portability and Accountability Act (HIPAA) data, Criminal Justice Information Services (CJIS) data, Internal Revenue Service Federal Tax Information (IRS FTI) data, and Centers for Medicare & Medicaid Services (CMS) data. For more information regarding FIPS 140-2 encryption products, please refer to: h ttp://csrc. nist. aov/publications/figs Action Plan for Compliance with a Timeline: Compliance Date: 11. Does Applicant/Bidder use encryption products to protect Texas HHS Confidential ( Yes Information stored on end user devices (e.g., laptops, USBs, tablets, smartphones, external No hard drives, desktops, etc.)? If yes, upon request must provide evidence such as a screen shot or a system report. Encryption is required for all Texas HHS Confidential Information. Additionally, FIPS 140-2 validated encryption is required for Health Insurance Portability and Accountability Act (HIPAA) data, Criminal Justice Information Services (CIIS) data, Internal Revenue Service Federal Tax Information (IRS FTI) data, and Centers for Medicare & Medicaid Services (CMS) data. For more information regarding FIPS 140-2 encryption products, please refer to: h ttp://csrc. nist. aov/publics tions/fips Action Plan for Compliance with a Timeline: Compliance Date: 12. Does Applicant/Bidder require Workforce members to formally acknowledge rules outlining ® Yes their responsibilities for protecting Texas HHS Confidential Information and associated No systems containing HHS Confidential Information before their access is provided? Action Plan for Compliance with a Timeline: Compliance Date: 13. Is Applicant/Bidder willing to perform or submit to a criminal background check on Yes Authorized Users? o No Action Plan for Compliance with a Timeline: Compliance Date: 14. Does Applicant/Bidder prohibit the access, creation, disclosure, reception, transmission, Q Yes maintenance, and storage of Texas HHS Confidential Information with a subcontractor No (e.g., cloud services, social media, etc.) unless Texas HHS has approved the subcontractor agreement which must include compliance and liability clauses with the same requirements as the Applicant/Bidder? Action Plan for Compliance with a Timeline: Compliance Date: SPI Version 2.1 (06/2018) Texas HHS System - Data Use Agreement - Attachment 2: Page 10 of 18 SECURITY AND PRIVACY INQUIRY (SPI) DocuSign Envelope ID: 551EBB26-E393-4649-934U-BOB164G5A6Z3 15. Does Applicant/Bidder keep current on security updates/patches (including firmware, ® Yes software and applications) for computing systems that use, disclose, access, create, No transmit, maintain or store Texas HHS Confidential Information? Action Plan for Compliance with a Timeline: Compliance Date: 16. Do Applicant/Bidder's computing systems that use, disclose, access, create, transmit, Yes maintain or store Texas HHS Confidential Information contain up-to-date anti- No malware and antivirus protection? Action Plan for Compliance with a Timeline: Compliance Date: 17. Does the Applicant/Bidder review system security logs on computing systems that access ® Yes or store Texas HHS Confidential Information for abnormal activity or security concerns on No a regular basis? Action Plan for Compliance with a Timeline: Compliance Date: 18. Notwithstanding records retention requirements, does Applicant/Bidder's disposal ® Yes processes for Texas HHS Confidential Information ensure that Texas HHS Confidential No Information is destroyed so that it is unreadable or undecipherable? Action Plan for Compliance with a Timeline: Compliance Date: 19. Does the Applicant/Bidder ensure that all public facing websites and mobile ® Yes applications containing Texas HHS Confidential Information meet security testing No standards set forth within the Texas Government Code (TGC), Section 2054.516; including requirements for implementing vulnerability and penetration testing and addressing identified vulnerabilities? For more information regarding TGC, Section 2054.516 DATA SECURITY PLAN FOR ONLINEAND MOBILE APPLICATIONS, please refer to: https:1/leQiscan.coml7x/text/HB812017 Action Plan for Compliance with a Timeline: Compliance Date: SPI Version 2.1 (06/2018) Texas HHS System - Data Use Agreement - Attachment 2: Page it of 18 SECURITYAND PRIVACY INQUIRY (SPI) ._�___ In. erAC�Dnr COnQ ADAA n4Arl DnD4MA!1GAL2912 - SECTION D: SIGNATURE AND SUBMISSION (to be completed by Applicant/Bidder) Please sign the form digitally, if possible. If you can't, provide a handwritten signature. 1.1 certify that all of the information provided in this form is truthful and correct to the best of my knowledge. If I learn that any such information was not correct, I agree to notify Texas HHS of this immediately. 2. Signature Doausignedby: 3. Title . Date: E4Senior Accountant May 3. 2023 22AE1181117RE1 To submit the completed, signed form: • Email the form as an attachment to the appropriate Texas HHS Contract Manager(s). SectionCompleted by Agency Agency(s): Requesting De artment(s): HHSC: � DFPS: � DSHS: Legal Entity Tax Identification Number (TIN) (Last four Only): PO/Contract(s) #: Contract Manager: Contract Manager Email Address: Contract Manager Telephone #: Contract Manager: Contract Manager Email Address: Contract Manager Telephone #: Contract Manager: Contract Manager Email Address: Contract Manager Telephone #: Contract Manager: Contract Manager Email Address: Contract Manager Telephone #: Contract Manager: Contract Manager Email Address: Contract Manager Telephone #: Contract Manager: Contract Manager Email Address: Contract Manager Telephone #: Contract Manager: Contract Manager Email Address: Contract Manager Telephone #: Contract Manager: Contract Manager Email Address: Contract Manager Telephone #: SPI Version 2.1 (06/2018) Texas HHS System - Data Use Agreement - Attachment 2: Page 12 of 18 SECURITY AND PRIVACY INQUIRY (SPI) DocuSign Envelope ID: 551EB626-E393-4849-934C-606164C5A623 iiv3 i nu%. i iurva rUK %.uivirLc i nvu THE SECURITY AND PRIVACY INQUIRY (SPI) Below are instructions for Applicants, Bidders and Contractors for Texas Health and Human Services requiring the Attachment 2, Security and Privacy Inquiry (SPI) to the Data Use Agreement (DUA). Instruction item numbers below correspond to sections on the SPI form. If you are a bidder for a new procurement/contract, in order to participate in the bidding process, you must have corrected any "No" responses (except A9a) prior to the contract award date. If you are an applicant for an open enrollment, you must have corrected any "No" answers (except A9a and A11) prior to performing any work on behalf of any Texas HHS agency. For any questions answered "No" (except A9a and A11), an Action Plan for Compliance with a Timeline must be documented in the designated area below the question. The timeline for compliance with HIPAA-related requirements for safeguarding Protected Health Information is 30 calendar days from the date this form is signed. Compliance with requirements related to other types of Confidential Information must be confirmed within 90 calendar days from the date the form is signed. SECTION A. APPLICANT /BIDDER INFORMATION Item #1. Only contractors that access, transmit, store, and/or maintain Texas HHS Confidential Information will complete and email this form as an attachment to the appropriate Texas HHS Contract Manager. Item #2. Entity or Applicant/Bidder Legal Name. Provide the legal name of the business (the name used for legal purposes, like filing a federal or state tax form on behalf of the business, and is not a trade or assumed named "dbo "), the legal tax identification number (last four numbers only) of the entity or applicant/bidder, the address of the corporate or main branch of the business, the telephone number where the business can be contacted regarding questions related to the information on this form and the website of the business, if a website exists. Item #3. Number of Employees, at all locations, in Applicant/Bidder's workforce. Provide the total number of individuals, including volunteers, subcontractors, trainees, and other persons who work for the business. If you are the only employee, please answer "1." Item #4. Number of Subcontractors. Provide the total number of subcontractors working for the business. If you have none, please answer "0"zero. Item #5. Number of unduplicated individuals for whom Applicant/Bidder reasonably expects to handle HHS Confidential Information during one year. Select the radio button that corresponds with the number of clients/consumers for whom you expect to handle Texas HHS Confidential Information during a year. Only count clients/consumers once, no matter how many direct services the client receives during a year. Item #5. Name of Information Technology Security Official and Name of Privacy Official for Applicant/Bidder. As with all other fields on the SPI, this is a required field. This may be the same person and the owner of the business if such person has the security and privacy knowledge that is required to implement the requirements of the DUA and respond to questions related to the SPI. In 4.A. provide the name, address, telephone number, and email address of the person whom you have designated to answer any security questions found in Section C and in 4.B. provide this information for the person whom you have designated as the person to answer any privacy questions found in Section B. The business may contract out for this expertise; however, designated individual(s) must have knowledge of the business's devices, systems and methods for use, disclosure, creation, receipt, transmission and maintenance of Texas HHS Confidential Information and be willing to be the point of contact for privacy and security questions. Item #6. Type(s) of HHS Confidential Information the Entity or Applicant/Bidder Will Create, Receive, Maintain, Use, Disclose or Have Access to: Provide a complete listing of all Texas HHS Confidential Information that the Contractor will create, receive, maintain, use, disclose or have access to. The DUA section Article 2, Definitions, defines Texas HHS Confidential Information as: "Confidential Information" means any communication or record (whether oral, written, electronically stored or transmitted, or in any other form) provided to or made available to CONTRACTOR or that CONTRACTOR may create, receive, maintain, use, disclose or have access to on behalf of Texas HHS that consists of or includes any or all of the following: (1) Client Information; (2) Protected Health Information in any form including without limitation, Electronic Protected Health Information or Unsecured Protected Health Information; (3) Sensitive Personal Information defined by Texas Business and Commerce Code Ch. 521; SPI Version 2.1 (06/2018) Texas HHS System - Data Use Agreement - Attachment 2: Page 13 of 18 SECURITY AND PRIVACY INQUIRY (SPI) DocuSign Envelope ID: 557C76D3-B429-439E-A7E1-7ED98683CE1E (4) reaerai iax information; (5) Personally Identifiable Information; (6) Social Security Administration Data, including, without limitation, Medicaid information; (7) All privileged work product; (8) All information designated as confidential under the constitution and laws of the State of Texas and of the United States, including the Texas Health & Safety Code and the Texas Public Information Act, Texas Government Code, Chapter 552. Definitions for the following types of confidential information can be found the following sites: • Health Insurance Portability and Accountability Act (HIPAA) - http://www.hhs.gov/hipaa/index.html • Criminal Justice Information Services (CJIS) - https•//www W qov/services/ciis/ciis-security-policy-resource-center • Internal Revenue Service Federal Tax Information (IRS FTI) - https.11www.irs.gov/pub/irs-pdflp1075.pdf • Centers for Medicare & Medicaid Services (CMS) - https.//www cros gov/Regulations-and-Guidance/Regulations-and- Guidance.html • Social Security Administration (SSA) - https://www.sso.gov/regulations/ • Personally Identifiable Information (Pll) - http //csrc nist qov/publications/nistpubs/800-122/sp800-122.pdf Item #7. Number of Storage devices for Texas HHS Confidential Information. The total number of devices is automatically calculated by exiting the fields in lines a - d. Use the <Tab> key when exiting the field to prompt calculation, if it doesn't otherwise sum correctly. • Item 7a. Devices. Provide the number of personal user computers, devices, and drives (including mobile devices, laptops, USB drives, and external drives) on which your business stores or will store Texas HHS Confidential Information. • Item 7b. Servers. Provide the number of servers not housed in a data center or "in the cloud, "on which Texas HHS Confidential Information is stored or will be stored. A server is a dedicated computer that provides data or services to other computers. It may provide services or data to systems on a local area network (LAN) or a wide area network (WAN) over the Internet. If none, answer "0" (zero). • Item 7c. Cloud Services. Provide the number of cloud services to which Texas HHS Confidential Information is stored. Cloud Services involve using a network of remote servers hosted on the Internet to store, manage, and process data, rather than on a local server or a personal computer. If none, answer "0" (zero.) • Item 7d. Data Centers. Provide the number of data centers in which you store Texas HHS Confidential Information. A Data Center is a centralized repository, either physical or virtual, for the storage, management, and dissemination of data and information organized around a particular body of knowledge or pertaining to a particular business. If none, answer "0" (zero). Item #8. Number of unduplicated individuals for whom the Applicant/Bidder reasonably expects to handle Texas HHS Confidential Information during one year. Select the radio button that corresponds with the number of clients/consumers for whom you expect to handle Confidential Information during a year. Only count clients/consumers once, no matter how many direct services the client receives during a year. Item #9. HIPAA Business Associate Agreement. • Item #9a. Answer "Yes" if your business will use, disclose, create, receive, transmit, or store information relating to a client/consumer's healthcare on behalf of the Department of State Health Services, the Department of Disability and Aging Services, or the Health and Human Services Commission for treatment, payment, or operation of Medicaid or Medicaid clients. If your contract does not include HIPAA covered information, respond "no." If "no," a compliance plan is not required. • Item #9b. Answer "Yes" if your business has a notice of privacy practices (a document that explains how you protect and use a client/consumer's healthcare information) displayed either on a website (if one exists for your business) or in your place of business (if that location is open to clients/consumers or the public). If your contract does not include HIPAA covered information, respond "N/A." Item #10. Subcontractors. If your business responded "0" to question 4 (number of subcontractors), Answer "N/A" to Items 10a and 10b to indicate not applicable. • Item #10a. Answer "Yes" if your business requires that all subcontractors sign Attachment 1 of the DUA. • Item #10b. Answer "Yes" if your business obtains Texas HHS approval before permitting subcontractors to handle Texas HHS Confidential Information on your business's behalf. Item #11. Optional Insurance. Answer "yes" if applicant has optional insurance in place to provide coverage for a Breach or any Texas HHS System - Data Use Agreement - Attachment 2: Page 14 of 18 SPI Version 2.1 (06/2018) SECURITY AND PRIVACY INQUIRY (SPI) DocuSign Envelope ID: 557C76D3-B429-439E-A7E1-7ED98683CE1E other situations ustea in this question. If you are not required to have this optional coverage, answer "NIA "A compliance plan is not required. SECTION B. PRIVACY RISK ANALYSIS AND ASSESSMENT Reasonable and appropriate written Privacy and Security policies and procedures are required, even for sole proprietors who are the only employee, to demonstrate how your business will safeguard Texas HHS Confidential Information and respond in the event of a Breach of Texas HHS Confidential Information. To ensure that your business is prepared, all of the items below must be addressed in your written Privacy and Security policies and procedures. Item #1. Answer "Yes" if you have written policies in place for each of the areas (a-o). • Item #la. Answer "yes" if your business has written policies and procedures that identify everyone, including subcontractors, who are authorized to use Texas HHS Confidential Information. The policies and procedures should also identify the reason why these Authorized Users need to access the Texas HHS Confidential Information and this reason must align with the Authorized Purpose described in the Scope of Work or description of services in the Base Contract with the Texas HHS agency. • Item #1b. Answer "Yes" if your business has written policies and procedures that require your employees (including yourself), your volunteers, your trainees, and any other persons whose work you direct, to comply with the requirements of HIPAA, if applicable, and other confidentiality laws as they relate to your handling of Texas HHS Confidential Information. Refer to the laws and rules that apply, including those referenced in the DUA and Scope of Work or description of services in the Base Contract. • Item #1c. Answer "Yes" if your business has written policies and procedures that limit the Texas HHS Confidential Information you disclose to the minimum necessary for your workforce and subcontractors (if applicable) to perform the obligations described in the Scope of Work or service description in the Base Contract. (e.g., if a client/consumer's Social Security Number is not required for a workforce member to perform the obligations described in the Scope of Work or service description in the Base Contract, then the Social Security Number will not be given to them.) If you are the only employee for your business, policies and procedures must not include a request for, or use of, Texas HHS Confidential Information that is not required for performance of the services. • Item #1d. Answer "Yes" if your business has written policies and procedures that explain how your business would respond to an actual or suspected breach of Texas HHS Confidential Information. The written policies and procedures, at a minimum, must include the three items below. If any response to the three items below are no, answer "no." O Item #1di. Answer "Yes" if your business has written policies and procedures that require your business to immediately notify Texas HHS, the Texas HHS Agency, regulatory authorities, or other required Individuals or Authorities of a Breach as described in Article 4, Section 4 of the DUA. Refer to Article 4, Section 4.01: Initial Notice of Breach must be provided in accordance with Texas HHS and DUA requirements with as much information as possible about the Event/Breach and a name and contact who will serve as the single point of contact with HHS both on and off business hours. Time frames related to Initial Notice include: • within one hour of Discovery of on Event or Breach of Federal Tax Information, Social Security Administration Data, or Medicaid Client Information • within 24 hours of all other types of Texas HHS Confidential Information 48-hour Formal Notice must be provided no later than 48 hours after Discoveryfor protected health information, sensitive personal information or other non-public information and must include applicable information as referenced in Section 4.01 (C) 2. of the DUA. O Item #1dii. Answer "Yes" if your business has written policies and procedures require you to have and follow a written breach response plan as described in Article 4 Section 4.02 of the DUA. O Item #ldiii. Answer "Yes" if your business has written policies and procedures require you to notify Reporting Authorities and Individuals whose Texas HHS Confidential Information has been breached as described in Article 4 Section 4.03 of the DUA. • Item #le. Answer "Yes" if your business has written policies and procedures requiring annual training of your entire workforce on matters related to confidentiality, privacy, and security, stressing the importance of promptly reporting any Event or Breach, outlines the process that you will use to require attendance and track completion for employees who failed to complete annual training. SPI Version 2.1 (06/2018) Texas HHS System - Data Use Agreement - Attachment 2: Page 15 of 18 SECURITY AND PRIVACY INQUIRY (SPI) DocuSign Envelope ID: 557C76D3-B429-439E-A7E1-7ED98683CE1E • Item W. Answer "Yes" if your business has written policies and procedures requiring you to allow individuals (clients/consumers) to access their individual record of Texas HHS Confidential Information, and allow them to amend or correct that information, if applicable. • Item #1g. Answer "Yes" if your business has written policies and procedures restricting access to Texas HHS Confidential Information to only persons who have been authorized and trained on how to handle Texas HHS Confidential Information • Item #1h. Answer "Yes" if your business has written policies and procedures requiring sanctioning of any subcontractor, employee, trainee, volunteer, or anyone whose work you direct when they have accessed Texas HHS Confidential Information but are not authorized to do so, and that you have a method of proving that you have sanctioned such an individuals. If you are the only employee, you must demonstrate how you will document the noncompliance, update policies and procedures if needed, and seek additional training or education to prevent future occurrences. • Item #1i. Answer "Yes" if your business has written policies and procedures requiring you to update your policies within 60 days after you have made changes to how you use or disclose Texas HHS Confidential Information. • Item #1j. Answer "Yes" if your business has written policies and procedures requiring you to restrict attempts to take de -identified data and re -identify it or restrict any subcontractor, employee, trainee, volunteer, or anyone whose work you direct, from contacting any individuals for whom you have Texas HHS Confidential Information except to perform obligations under the contract, or with written permission from Texas HHS. • Item #1k. Answer "Yes" if your business has written policies and procedures prohibiting you from using, disclosing, creating, maintaining, storing or transmitting Texas HHS Confidential Information outside of the United States. • Item #11. Answer "Yes" if your business has written policies and procedures requiring your business to cooperate with HHS agencies or federal regulatory entities for inspections, audits, or investigations related to compliance with the DUA or applicable law. • Item #1m. Answer "Yes" if your business has written policies and procedures requiring your business to use appropriate standards and methods to destroy or dispose of Texas HHS Confidential Information. Policies and procedures should comply with Texas HHS requirements for retention of records and methods of disposal. • Item #1n. Answer "Yes" if your business has written policies and procedures prohibiting the publication of the work you created or performed on behalf of Texas HHS pursuant to the DUA, or other Texas HHS Confidential Information, without express prior written approval of the HHS agency. Item #2. Answer "Yes" if your business has a current training program that meets the requirements specified in the SPI for you, your employees, your subcontractors, your volunteers, your trainees, and any other persons under you direct supervision. Item #3. Answer "Yes" if your business has privacy safeguards to protect Texas HHS Confidential Information as described in the SPI. Item #4. Answer "Yes" if your business maintains current lists of persons in your workforce, including subcontractors (if applicable), who are authorized to access Texas HHS Confidential Information. If you are the only person with access to Texas HHS Confidential Information, please answer "yes." Item #5. Answer "Yes" if your business and subcontractors (if applicable) monitor for and remove from the list of Authorized Users, members of the workforce who are terminated or are no longer authorized to handle Texas HHS Confidential Information. If you are the only one with access to Texas HHS Confidential Information, please answer "Yes." SECTION C. SECURITY RISK ANALYSIS AND ASSESSMENT This section is about your electronic systems. If you DO NOT store Texas HHS Confidential Information in electronic systems (e.g., laptop, personal computer, mobile device, database, server, etc.), select the "No Electronic Systems" box and respond "Yes" for all questions in this section. Item #1. Answer "Yes" if your business does not "offshore" or use, disclose, create, receive, transmit or maintain Texas HHS Confidential Information outside of the United States. If you are not certain, contact your provider of technology services (application, cloud, data center, network, etc.) and request confirmation that they do not off- shore their data. SPI Version 2.1 (06/2018) Texas HHS System - Data Use Agreement - Attachment 2: Page 16 of 18 SECURITY AND PRIVACY INQUIRY (SPI) DocuSign Envelope ID: 557C76D3-B429-439E-A7E1 -7ED98683CE1 E Item NZ. Answer "yes" it your business uses a person or company who is knowledgeable in IT security to maintain or oversee the configurations of your business's computing systems and devices. You may be that person, or you may hire someone who can provide that service for you. Item #3. Answer "Yes" if your business monitors and manages access to Texas HHS Confidential Information (i.e., reviews systems to ensure that access is limited to Authorized Users; has formal processes for granting, validating, and reviews the need for remote access to Authorized Users to Texas HHS Confidential Information, etc.). If you are the only employee, answer "Yes" if you have implemented a process to periodically evaluate the need for accessing Texas HHS Confidential Information to fulfill your Authorized Purposes. Item #4. Answer "Yes" if your business has implemented a system for changing the password a system initially assigns to the user (also known as the default password), and requires users to change their passwords at least every 90 days, and prohibits the creation of weak passwords for all computer systems that access or store Texas HHS Confidential Information (e.g., a strong password has a minimum of 8 characters with a combination of uppercase, lowercase, special characters, and numbers, where possible). If your business uses a Microsoft Windows system, refer to the Microsoft website on how to do this, see example: https.Ildocs. microsoft. com/en-us/windows/security/threat-protection/security-policy-settings/password-policy Item #5. Answer "Yes" if your business assigns a unique user name and private password to each of your employees, your subcontractors, your volunteers, your trainees and any other persons under your direct control who will use, disclose, create, receive, transmit or maintain Texas HHS Confidential Information. Item #6. Answer "Yes" if your business locks the access after a certain number of failed attempts to login and after 15 minutes of user inactivity on all computing devices that access or store Texas H H S Confidential Information. If your business uses a Microsoft Windows system, refer to the Microsoft website on how to do this, see example: https://docs. microsoft. com/en-us/windows/security/threat-protection/security-policy-settings/account-lockout-policy Item #7. Answer "Yes" if your business secures, manages, and encrypts remote access, such as: using Virtual Private Network (VPN) software on your home computer to access Texas HHS Confidential Information that resides on a computer system at a business location or, if you use wireless, ensuring that the wireless is secured using a password code. If you do not access systems remotely or over wireless, answer "Yes." Item #8. Answer "Yes" if your business updates the computer security settings for all your computers and electronic systems that access or store Texas HHS Confidential Information to prevent hacking or breaches (e.g., non -essential features or services have been removed or disabled to reduce the threat of breach and to limit opportunities for hackers or intruders to access your system). For example, Microsoft's Windows security checklist: https.11docs. microsoft. com/en-us/windows/security/threat-protection/security-policy-settings/how-to-configure-security-policy-settings Item #9. Answer "Yes" if your business secures physical access to computer, paper, or other systems containing Texas HHS Confidential Information from unauthorized personnel and theft (e.g., door locks, cable locks, laptops are stored in the trunk of the car instead of the passenger area, etc.). If you are the only employee and use these practices for your business, answer "Yes." Item #10. Answer "Yes" if your business uses encryption products to protect Texas HHS Confidential Information that is transmitted over a public network (e.g., the Internet, WIFI, etc.) or that is stored on a computer system that is physically or electronically accessible to the public (FIPS 140-2 validated encryption is required for Health Insurance Portability and Accountability Act (HIPAA) data, Criminal Justice Information Services (CJIS) data, Internal Revenue Service Federal Tax Information (IRS FTI) data, and Centers for Medicare & Medicaid Services (CMS) data.) For more information regarding FIPS 140-2 encryption products, please refer to: http://csrc.nist.gov/publications/figs). Item #11. Answer "Yes" if your business stores Texas HHS Confidential Information on encrypted end -user electronic devices (e.g., laptops, USBs, tablets, smartphones, external hard drives, desktops, etc.) and can produce evidence of the encryption, such as, a screen shot or a system report (FIPS 140-2 encryption is required for Health Insurance Portability and Accountability Act (HIPAA) data, Criminal Justice Information Services (CJIS) data, Internal Revenue Service Federal Tax Information (IRS FTI) data, and Centers for Medicare & Medicaid Services (CMS) data). For more information regarding FIPS 140-2 validated encryption products, please refer to: http://csrc.nist.govlpublications/fips). If you do not utilize end -user electronic devices for storing Texas HHS Confidential Information, answer "Yes." SPI Version 2.1 (06/2018) Texas HHS System - Data Use Agreement - Attachment 2: Page 17 of 18 SECURITY AND PRIVACY INQUIRY (SPI) 7ocuSign Envelope ID: 557C76D3-B429-439E-A7E1-7ED98683CE1E Item #12. Answer "Yes" if your business requires employees, volunteers, trainees and other workforce members to sign a document that clearly outlines their responsibilities for protecting Texas HHS Confidential Information and associated systems containing Texas HHS Confidential Information before they can obtain access. If you are the only employee answer "Yes" if you have signed or are willing to sign the DUA, acknowledging your adherence to requirements and responsibilities. Item #13. Answer "Yes" if your business is willing to perform a criminal background check on employees, subcontractors, volunteers, or trainees who access Texas HHS Confidential Information. If you are the only employee, answer "Yes" if you are willing to submit to a background check. Item #14. Answer "Yes" if your business prohibits the access, creation, disclosure, reception, transmission, maintenance, and storage of Texas HHS Confidential Information on Cloud Services or social media sites if you use such services or sites, and there is a Texas HHS approved subcontractor agreement that includes compliance and liability clauses with the same requirements as the Applicant/Bidder. If you do not utilize Cloud Services or media sites for storing Texas HHS Confidential Information, answer "Yes." Item #15. Answer "Yes" if your business keeps current on security updates/patches (including firmware, software and applications) for computing systems that use, disclose, access, create, transmit, maintain or store Texas HHS Confidential Information. If you use a Microsoft Windows system, refer to the Microsoft website on how to ensure your system is automatically updating, see example: h ttps://portal. msrc. microsoft. com/en-us/ Item #16. Answer "Yes" if your business's computing systems that use, disclose, access, create, transmit, maintain or store Texas HHS Confidential Information contain up-to-date anti-malware and antivirus protection. If you use a Microsoft Windows system, refer to the Microsoft website on how to ensure your system is automatically updating, see example: https•//docs microsoft.com/en-us/windows/security/threat-protection/ Item #17. Answer "Yes" if your business reviews system security logs on computing systems that access or store Texas HHS Confidential Information for abnormal activity or security concerns on a regular basis. If you use a Microsoft Windows system, refer to the Microsoft website for ensuring your system is logging security events, see example: https•//docs microsoft com/en-us/windows/security/threat-protection/auditing/basic-security-audit-policies Item #18. Answer "Yes" if your business disposal processes for Texas HHS Confidential Information ensures that Texas HHS Confidential Information is destroyed so that it is unreadable or undecipherable. Simply deleting data or formatting the hard drive is not enough; ensure you use products that perform a secure disk wipe. Please see NIST SP 800-88 R1, Guidelines for Media Sanitization and the applicable laws and regulations for the information type for further guidance. Item #19. Answer "Yes" if your business ensures that all public facing websites and mobile applications containing HHS Confidential Information meet security testing standards set forth within the Texas Government Code (TGC), Section 2054.516 SECTION D. SIGNATURE AND SUBMISSION Click on the signature area to digitally sign the document. Email the form as an attachment to the appropriate Texas HHS Contract Manager. SPI Version 2.1 (06/2018) Texas HHS System - Data Use Agreement - Attachment 2: Page 18 of 18 SECURITY AND PRIVACY INQUIRY (SPI) DocuSign Envelope ID: 557C76D3-B429-439E-A7E1-7ED98683CE1E ATTACHMENT G TEXAS Health and Human Services Health and Human Services (HHS) Additional Provisions — Grant Funding Version 1.0 Effective: February 2021 Health and Human Services Additional Provisions V.1.0 — Grant Funding Effective: February 2021 Page 1 of 7 )ocuSign Envelope ID: 557C76D3-B429-439E-A7E1-7ED98683CE1E CONTENTS 1. ELECTRICAL ITEMS........................................................................................................ 3 2. DISASTER SERVICES....................................................................................................... 3 3. SERVICES AND INFORMATION FOR PERSONS WITH LIMITED ENGLISH PROFICIENCY.................................................................................................................... 3 4. INTERIM EXTENSION AMENDMENT.......................................................................... 4 5. NOTICE OF CRIMINAL ACTIVITY AND DISCIPLINARY ACTIONS .................... 4 6. NOTICE OF GRANT AGREEMENT/CONTRACT ACTION ....................................... 4 7. NOTICE OF BANKRUPTCY............................................................................................. 5 8. NOTICE OF CHANGE OF CONTACT PERSON OR KEY PERSONNEL ................. 5 9. BYRD ANTI -LOBBYING AMENDMENT....................................................................... 5 10. CLEAN AIR ACT and FEDERAL WATER POLLUTION ACT ......... ................5 11. COMPLIANCE WITH LAWS, RULES, AND REQUIREMENTS ................................ 5 12. DISCLOSURE OF VIOLATIONS OF FEDERAL CRIMINAL LAW .......................... 5 13. EXCLUDED PARTIES........................................................................................................ 6 14. NO CONFLICTS OF INTEREST (FEDERAL)................................................................ 6 15. OPEN MEETINGS............................................................................................................... 6 16. RECORDS RETENTION (FEDERAL)............................................................................. 6 17. SUBAWARD MONITORING............................................................................................. 6 Health and Human Services Additional Provisions V.1.0 — Grant Funding Effective: February 2021 Page 2 of 7 DocuSign Envelope ID: 557C76D3-B429-439E-A7E1-7ED98683CE1E ADDITIONAL PROVISIONS The terms and conditions of these Additional Provisions are incorporated into and made a part of the Grant Agreement. Terms included in these Additional Provisions and not otherwise defined have the meanings assigned to them in HHS UNIFORM TERMS AND CONDITIONS, ATTACHMENT E. 1. ELECTRICAL ITEMS All electrical items purchased under this Grant Agreement or used in the performance of approved and eligible grant -funded activities must meet all applicable Occupational Safety and Health Administration (OSHA) standards and regulations, and bear the appropriate listing from Underwriters Laboratory (UL), Factory Mutual Resource Corporation (FMRC), or National Electrical Manufacturers Association (NEMA). 2. DISASTER SERVICES In the event of a local, state, or federal emergency, including natural, man-made, criminal, terrorist, and/or bioterrorism events, declared as a state disaster by the Governor, or a federal disaster declared by the appropriate federal official, Grantee/Contractor may be called upon to assist the System Agency in providing the following services: i. Community evacuation; ii. Health and medical assistance; iii. Assessment of health and medical needs; iv. Health surveillance; v. Medical care personnel; vi. Health and medical equipment and supplies; vii. Patient evacuation; viii. In -hospital care and hospital facility status; ix. Food, drug and medical device safety; x. Worker health and safety; xi. Mental health and substance abuse; xii. Public health information; xiii. Vector control and veterinary services; and xiv. Victim identification and mortuary services. 3. SERVICES AND INFORMATION FOR PERSONS WITH LIMITED ENGLISH PROFICIENCY A. Grantee shall take reasonable steps to provide services and information both orally and in writing, in appropriate languages other than English, to ensure that persons with limited English proficiency are effectively informed and can have meaningful access to programs, benefits and activities. Meaningful access may entail providing language assistance services, including oral interpretation and written translation, if necessary. More information can be found at https://www.lep.gov/. B. Grantee shall identify and document on the client records the primary language/dialect of a client who has limited English proficiency and the need for translation or interpretation services and shall not require a client to provide or pay for the services of a translator or interpreter. Health and Human Services Additional Provisions V.1.0 — Grant Funding Effective: February 2021 Page 3 of 7 DocuSign Envelope ID: 557C76D3-B429-439E-A7E1-7ED98683CE1E C. Grantee shall make every effort to avoid use of any persons under the age of 18 or any family member or friend of the client as an interpreter for essential communications with a client with limited English proficiency, unless the client has requested that person and using the person would not compromise the effectiveness of services or violate the client's confidentiality and the client is advised that a free interpreter is available. 4. INTERIM EXTENSION AMENDMENT A. Prior to or on the expiration date of this Grant Agreement, the Parties agree that this Grant Agreement can be extended as provided under this section. B. The System Agency shall provide written notice of interim extension amendment to the Grantee under one of the following circumstances: i. Continue provision of services in response to a disaster declared by the governor; or ii. To ensure that services are provided to clients without interruption. C. The System Agency will provide written notice of the interim extension amendment that specifies the reason for it and period of time for the extension. D. Grantee will provide and invoice for services in the same manner that is stated in the Grant Agreement. E. An interim extension under subsection (B)(i) of this section shall extend the term of the Grant Agreement not longer than 30 days after governor's disaster declaration is declared unless the Parties agree to a shorter period of time. F. An interim extension under subsection (B)(i) of this section shall be a one-time extension for a period of time determined by the System Agency. 5. NOTICE OF CRIMINAL ACTIVITY AND DISCIPLINARY ACTIONS A. Grantee shall immediately report in writing to its assigned System Agency contract manager when Grantee learns of or has any reason to believe it or any person with ownership or controlling interest in Grantee, or their agent, employee, subcontractor or volunteer who is providing services under this Grant Agreement has been placed on community supervision, received deferred adjudication, or been indicted for or convicted of a criminal offense relating to involvement in any financial matter, federal or state program or felony sex crime. B. Grantee shall not permit any person who engaged, or was alleged to have engaged, in any activity subject to reporting under this section to perform direct client services or have direct contact with clients, unless otherwise directed in writing by the System Agency. 6. NOTICE OF GRANT AGREEMENT/CONTRACT ACTION Grantee shall notify the assigned System Agency contract manager if Grantee has any grant agreement or contract suspended or terminated for cause by any local, state or federal department or agency or nonprofit entity within five business days of becoming aware of the action and include the following: i. Reason for such action; ii. Name and contact information of the local, state or federal department or agency or entity; iii. Effective start date of the grant agreement/contract; Health and Human Services Additional Provisions V.1.0 — Grant Funding Effective: February 2021 Page 4 of 7 DocuSign Envelope ID: 557C76D3-B429-439E-A7E1-7ED98683CE1E iv. Date of suspension or termination; and V. Grant agreement/contract or case reference number. 7. NOTICE OF BANKRUPTCY Grantee shall notify in writing the assigned System Agency contract manager of its plan to seek bankruptcy protection within five business days of such action by Grantee. 8. NOTICE OF CHANGE OF CONTACT PERSON OR KEY PERSONNEL The Grantee shall notify in writing the assigned System Agency contract manager within ten business days of any change to the Grantee's Contact Person or Key Personnel. 9. BYRD ANTI -LOBBYING AMENDMENT Grantee certifies that no federal appropriated funds have been paid or will be paid to any persons or organization for influencing or attempting to influence an officer or employee of any agency, a member of Congress, an officer or employee of Congress, or an employee of a member of Congress on its behalf to obtain, extend, or modify this contract or grant. If non-federal funds are used by Grantee to conduct such lobbying activities, Grantee shall promptly file the prescribed disclosure form. In accordance with 31 U.S.C. §1352(b)(5), Grantee acknowledges and agrees that it is responsible for ensuring that each subrecipient and subcontractor certifies its compliance with the expenditures prohibition and the declaration requirement. 10. CLEAN AIR ACT AND FEDERAL WATER POLLUTION CONTROL ACT Grantee represents and warrants that it will comply with all applicable standards, orders, or regulations issued pursuant to the Clean Air Act (42 U.S.C. 7401-7671q) and the Federal Water Pollution Control Act as amended (33 U.S.C. 1251-1387). 11. COMPLIANCE WITH LAWS, RULES, AND REQUIREMENTS Grantee represents and warrants that it will comply, and assure the compliance of all its subrecipients and contractors, with all applicable federal and state laws, rules, regulations, and policies in effect or hereafter established. In addition, Grantee represents and warrants that it will comply with all requirements imposed by the awarding agency concerning special requirements of law, program requirements, and other administrative requirements. In instances where multiple requirements apply to Grantee, the more restrictive requirement applies. 12. DISCLOSURE OF VIOLATIONS OF FEDERAL CRIMINAL LAW Health and Human Services Additional Provisions V.1.0 — Grant Funding Effective: February 2021 Page 5 of 7 DocuSign Envelope ID: 557C76D3-B429-439E-A7E1-7ED98683CE1E Grantee represents and warrants its compliance with 2 CFR §200.113 which requires the disclosure in writing of violations of federal criminal law involving fraud, bribery, and gratuity and the reporting of certain civil, criminal, or administrative proceedings to SAM. 13. EXCLUDED PARTIES Grantee certifies that it is not listed in the prohibited vendors list authorized by Executive Order No. 13224, "Blocking Property and Prohibiting Transactions with Persons Who Commit, Threaten to Commit, or Support Terrorism" published by the United States Department of Treasury, Office of Foreign Assets Control. 14. NO CONFLICTS OF INTEREST (FEDERAL) Grantee represents and warrants its compliance with the Federal awarding agency's conflict of interest policies in accordance with 2 CFR § 200.112. 15. OPEN MEETINGS If the Grantee is a governmental entity, Grantee represents and warrants its compliance with Chapter 551 of the Texas Government Code which requires all regular, special, and called meetings of a governmental body to be open to the public, except as otherwise provided by law. 16. RECORDS RETENTION (FEDERAL) Grantee represents and warrants its compliance with the records retention requirements of 2 CFR §200.333. System Agency reserves the right to direct Grantee to retain documents for a longer period of time or transfer certain records to System Agency's custody when it is determined the records possess longer term retention value. Grantee must include the substance of this clause in all subaward and subcontracts. 17. SUBAWARD MONITORING Grantee represents and warrants that it will monitor the activities of the subrecipient as necessary to ensure that the subaward is used for authorized purposes, in compliance with applicable statutes, regulations, and the terms and conditions of the subaward, and that subaward performance goals are achieved. Health and Human Services Additional Provisions V.1.0 — Grant Funding Effective: February 2021 Page 6 of 7 DocuSlgn Envelope ID: 557C76D3-B429-439E-A7E1-7ED98683CE1E REMAINDER OF PAGE INTENTIONALLY LEFT BLANK Health and Human Services Additional Provisions V.1.0 — Grant Funding Effective: February 2021 Page 7 of 7 DocuSign Envelope ID: 551 EBB26-E393-4B49-934C-BOB1 64C5A623 OMB Number. 4040-0007 Expiration Date: 02/28/2025 ASSURANCES - NON -CONSTRUCTION PROGRAMS Public reporting burden for this collection of information is estimated to average 15 minutes per response, including time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing the collection of information. Send comments regarding the burden estimate or any other aspect of this collection of information, including suggestions for reducing this burden, to the Office of Management and Budget, Paperwork Reduction Project (0348-0040), Washington, DC 20503. PLEASE DO NOT RETURN YOUR COMPLETED FORM TO THE OFFICE OF MANAGEMENT AND BUDGET. SEND IT TO THE ADDRESS PROVIDED BY THE SPONSORING AGENCY. NOTE: Certain of these assurances may not be applicable to your project or program. If you have questions, please contact the awarding agency. Further, certain Federal awarding agencies may require applicants to certify to additional assurances. If such is the case, you will be notified. As the duly authorized representative of the applicant, I certify that the applicant: 1. Has the legal authority to apply for Federal assistance and the institutional, managerial and financial capability (including funds sufficient to pay the non -Federal share of project cost) to ensure proper planning, management and completion of the project described in this application. 2. Will give the awarding agency, the Comptroller General of the United States and, if appropriate, the State, through any authorized representative, access to and the right to examine all records, books, papers, or documents related to the award; and will establish a proper accounting system in accordance with generally accepted accounting standards or agency directives. 3. Will establish safeguards to prohibit employees from using their positions for a purpose that constitutes or presents the appearance of personal or organizational conflict of interest, or personal gain. 4. Will initiate and complete the work within the applicable time frame after receipt of approval of the awarding agency. 5. Will comply with the Intergovernmental Personnel Act of 1970 (42 U.S.C. §§4728-4763) relating to prescribed standards for merit systems for programs funded under one of the 19 statutes or regulations specified in Appendix A of OPM's Standards for a Merit System of Personnel Administration (5 C.F.R. 900, Subpart F). 6. Will comply with all Federal statutes relating to nondiscrimination. These include but are not limited to: (a) Title VI of the Civil Rights Act of 1964 (P.L. 88-352) which prohibits discrimination on the basis of race, color or national origin; (b) Title IX of the Education Amendments of 1972, as amended (20 U.S.C.§§1681- 1683, and 1685-1686), which prohibits discrimination on the basis of sex; (c) Section 504 of the Rehabilitation Act of 1973, as amended (29 U.S.C. §794), which prohibits discrimination on the basis of handicaps; (d) the Age Discrimination Act of 1975, as amended (42 U. S.C. §§6101-6107), which prohibits discrimination on the basis of age; (e) the Drug Abuse Office and Treatment Act of 1972 (P.L. 92-255), as amended, relating to nondiscrimination on the basis of drug abuse; (f) the Comprehensive Alcohol Abuse and Alcoholism Prevention, Treatment and Rehabilitation Act of 1970 (P.L. 91-616), as amended, relating to nondiscrimination on the basis of alcohol abuse or alcoholism; (g) §§523 and 527 of the Public Health Service Act of 1912 (42 U.S.C. §§290 dd-3 and 290 ee- 3), as amended, relating to confidentiality of alcohol and drug abuse patient records; (h) Title VIII of the Civil Rights Act of 1968 (42 U.S.C. §§3601 et seq.), as amended, relating to nondiscrimination in the sale, rental or financing of housing; (i) any other nondiscrimination provisions in the specific statute(s) under which application for Federal assistance is being made; and, 0) the requirements of any other nondiscrimination statute(s) which may apply to the application. Will comply, or has already complied, with the requirements of Titles II and III of the Uniform Relocation Assistance and Real Property Acquisition Policies Act of 1970 (P.L. 91-646) which provide for fair and equitable treatment of persons displaced or whose property is acquired as a result of Federal or federally -assisted programs. These requirements apply to all interests in real property acquired for project purposes regardless of Federal participation in purchases. 8. Will comply, as applicable, with provisions of the Hatch Act (5 U.S.C. §§1501-1508 and 7324-7328) which limit the political activities of employees whose principal employment activities are funded in whole or in part with Federal funds. Previous Edition Usable Standard Form 424B (Rev. 7-97) Authorized for Local Reproduction Prescribed by OMB Circular A-102 DocuSign Envelope ID: 551EBB26-E393-4B49-934C-BOB164C5A623 9. Will comply, as applicable, with the provisions of the Davis- 13. Will assist the awarding agency in assuring compliance Bacon Act (40 U.S.C. §§276a to 276a-7), the Copeland Act with Section 106 of the National Historic Preservation (40 U.S.C. §276c and 18 U.S.C. §874), and the Contract Act of 1966, as amended (16 U.S.C. §470), EO 11593 Work Hours and Safety Standards Act (40 U.S.C. §§327- (identification and protection of historic properties), and 333), regarding labor standards for federally -assisted the Archaeological and Historic Preservation Act of construction subagreements. 1974 (16 U.S.C. §§469a-1 et seq.). 10. Will comply, if applicable, with flood insurance purchase requirements of Section 102(a) of the Flood Disaster Protection Act of 1973 (P.L. 93-234) which requires recipients in a special flood hazard area to participate in the program and to purchase flood insurance if the total cost of insurable construction and acquisition is $10,000 or more. 11. Will comply with environmental standards which may be prescribed pursuant to the following: (a) institution of environmental quality control measures under the National Environmental Policy Act of 1969 (P.L. 91-190) and Executive Order (EO) 11514; (b) notification of violating facilities pursuant to EO 11738; (c) protection of wetlands pursuant to EO 11990; (d) evaluation of flood hazards in floodplains in accordance with EO 11988; (e) assurance of project consistency with the approved State management program developed under the Coastal Zone Management Act of 1972 (16 U.S.C. §§1451 et seq.); (f) conformity of Federal actions to State (Clean Air) Implementation Plans under Section 176(c) of the Clean Air Act of 1955, as amended (42 U.S.C. §§7401 et seq.); (g) protection of underground sources of drinking water under the Safe Drinking Water Act of 1974, as amended (P.L. 93-523); and, (h) protection of endangered species under the Endangered Species Act of 1973, as amended (P.L. 93- 205). 12. Will comply with the Wild and Scenic Rivers Act of 1968 (16 U.S.C. §§1271 et seq.) related to protecting components or potential components of the national wild and scenic rivers system. SIGNATURE OF AUTHORIZED CERTIFYING OFFICIAL 5 DocuSipned by: APPLICANT ORGANIZATION 14. Will comply with P.L. 93-348 regarding the protection of human subjects involved in research, development, and related activities supported by this award of assistance. 15. Will comply with the Laboratory Animal Welfare Act of 1966 (P.L. 89-544, as amended, 7 U.S.C. §§2131 et seq.) pertaining to the care, handling, and treatment of warm blooded animals held for research, teaching, or other activities supported by this award of assistance. 16. Will comply with the Lead -Based Paint Poisoning Prevention Act (42 U.S.C. §§4801 et seq.) which prohibits the use of lead -based paint in construction or rehabilitation of residence structures. 17. Will cause to be performed the required financial and compliance audits in accordance with the Single Audit Act Amendments of 1996 and OMB Circular No. A-133, "Audits of States, Local Governments, and Non -Profit Organizations." 18. Will comply with all applicable requirements of all other Federal laws, executive orders, regulations, and policies governing this program. 19. Will comply with the requirements of Section 106(g) of the Trafficking Victims Protection Act (TVPA) of 2000, as amended (22 U.S.C. 7104) which prohibits grant award recipients or a sub -recipient from (1) Engaging in severe forms of trafficking in persons during the period of time that the award is in effect (2) Procuring a commercial sex act during the period of time that the award is in effect or (3) Using forced labor in the performance of the award or subawards under the award. TITLE Senior Accountant I DATE SUBMITTED City Of Lubbock I I F=Y ' Standard Form 424B (Rev. 7-97) Back DocuSign Envelope ID: 551EBB26-E393-4B49-934C-BOB164C5A623 CERTIFICATION REGARDING LOBBYING Certification for Contracts, Grants, Loans, and Cooperative Agreements The undersigned certifies, to the best of his or her knowledge and belief, that: (1) No Federal appropriated funds have been paid or will be paid, by or on behalf of the undersigned, to any person for influencing or attempting to influence an officer or employee of an agency, a Member of Congress, an officer or employee of Congress, or an employee of a Member of Congress in connection with the awarding of any Federal contract, the making of any Federal grant, the making of any Federal loan, the entering into of any cooperative agreement, and the extension, continuation, renewal, amendment, or modification of any Federal contract, grant, loan, or cooperative agreement. (2) If any funds other than Federal appropriated funds have been paid or will be paid to any person for influencing or attempting to influence an officer or employee of any agency, a Member of Congress, an officer or employee of Congress, or an employee of a Member of Congress in connection with this Federal contract, grant, loan, or cooperative agreement, the undersigned shall complete and submit Standard Form-LLL, "Disclosure of Lobbying Activities," in accordance with its instructions. (3) The undersigned shall require that the language of this certification be included in the award documents for all subawards at all tiers (including subcontracts, subgrants, and contracts under grants, loans, and cooperative agreements) and that all subrecipients shall certify and disclose accordingly. This certification is a material representation of fact upon which reliance was placed when this transaction was made or entered into. Submission of this certification is a prerequisite for making or entering into this transaction imposed by section 1352, title 31, U.S. Code. Any person who fails to file the required certification shall be subject to a civil penalty of not less than $10,000 and not more than $100,000 for each such failure. Statement for Loan Guarantees and Loan Insurance The undersigned states, to the best of his or her knowledge and belief, that: If any funds have been paid or will be paid to any person for influencing or attempting to influence an officer or employee of any agency, a Member of Congress, an officer or employee of Congress, or an employee of a Member of Congress in connection with this commitment providing for the United States to insure or guarantee a loan, the undersigned shall complete and submit Standard Form-LLL, "Disclosure of Lobbying Activities," in accordance with its instructions. Submission of this statement is a prerequisite for making or entering into this transaction imposed by section 1352, title 31, U.S. Code. Any person who fails to file the required statement shall be subject to a civil penalty of not less than $10,000 and not more than $100,000 for each such failure. APPLICANT'S ORGANIZATION City of Lubbock PRINTED NAME AND TITLE OF AUTHORIZED REPRESENTATIVE Prefix: I I ` First Name: I Amber Middle Name: " Last Name: I Aguilar Suffix: • Title: Senior Accountant SIGNATURE: oocusigned by: " DATE: JMay r�K,�W 94w,btr DocuSign Envelope ID: 551EBB26-E393-4B49-934C-B013164C5A623 TEXAS XealthandXuman Texas DeparonentofState L� SenWK Health Services Fiscal Federal Funding Accountability and Transparency Act (FFATA) The certifications enumerated below represent material facts upon which DSHS relies when reporting information to the federal government required under federal law. If the Department later determines that the Contractor knowingly rendered an erroneous certification, DSHS may pursue all available remedies in accordance with Texas and U.S. law. Signor further agrees that it will provide immediate written notice to DSHS if at any time Signor learns that any of the certifications provided for below were erroneous when submitted or have since become erroneous by reason of changed circumstances. If the Signor cannot certify all of the statements contained in this section, Signor must provide written notice to DSHS detailing which of the below statements it cannot certify and why. Legal Name of Contractor: FFATA Contact: (Name, Email and Phone Number): City of Lubbock Amber Aguilar aaguilar. r mylubbock.us 806-775-2149 Primary Address of Contractor: Zip Code: 9-digits required www.usDs.com PO BOX 2000 79457-0001 Unique Entity ID (UEI): This number replaces the DUNS State of Texas Comptroller Vendor Identification Number www.sam.gov (VIN) — 14 digits: LXDNEKWRVKJ6 17560005906 Printed Name of Authorized Representative: Signature of Authorized Representative Amber Aguilar DocuSipnedd by: 1 ._ 522AE1181117F4E1. Title of Authorized Representative Date Signed Senior Grant Accountant May 3, 2023 1 Department of State Health Services Form 4734 — April 2022 Contract Management Section DocuSign Envelope ID: 557C76D3-B429-439E-A7E1-7ED98683CE1E Fiscal Federal Funding Accountability and Transparency Act (FFATA) CERTIFICATION As the duly authorized representative (Signor) of the Contractor, I hereby certify that the statements made by me in this certification form are true, complete, and correct to the best of my knowledge. Did your organization have a gross income, from all sources, of less than $300,000 in your previous tax year? Yes No If your answer is "Yes", skip questions "A", "B", and "C" and finish the certification. If your answer is "No", answer questions "A" and "B". A. Certification Regarding % of Annual Gross from Federal Awards. Did your organization receive 80% or more of its annual gross revenue from federal awards during the preceding fiscal year? Yes No B. Certification Regarding Amount of Annual Gross from Federal Awards. Did your organization receive $25 million or more in annual gross revenues from federal awards in the preceding fiscal year? Yes ❑ No If your answer is Yes to both question A and B , you must answer question "C". If your answer is "No" to either question "A" or "B", skip question "C" and finish the certification. C. Certification Regarding Public Access to Compensation Information. Does the public have access to information about the compensation of the senior executives in your business or organization (including parent organization, all branches, and all affiliates worldwide) through periodic reports filed under section 13(a) or 15(d) of the Securities Exchange Act of 1934 (15 U.S.C. 78m(a), 78o(d)) or section 6104 of the Internal Revenue Code of 1986? Yes 0 No If your answer is "Yes" to this question, where can this information be accessed? If your answer is "No" to this question, you must provide the names and total compensation of the top five highly compensated officers below. Provide compensation information here: Department of State Health Services Form 4734 - April 2022 Contract Management Section DocuSign Envelope ID: 557C7603-B429-439E-A7E1-7ED98683CE1E TE.v,,A-,S Texas Department of State Health and Human P Services Health Services Public Health Emergency Preparedness Work Plan and Vulnerable Populations Plan Template Budget Period (BP) 5- FY24 Term: 7/1/2023- 6/30/2024 Due: February 3, 2023 Local Health Department/Jurisdiction: Lubbock Report Completed by: Rachel Dolan Email: rdolan@mylubbock.us Phone: 806-775-2917 Instructions: This template should be used to outline the work plan for Budget Period (BP) 5 - FY24 and provide a general summary of planned activities. Jurisdiction should: • Select three (3) or more capabilities to work on in BP5- FY24. • Develop the work plan by identifying jurisdictional needs within a capability, assessing current resources, and developing a plan to address identified gaps. Work Plan tasks and activities. • Carrying capabilities forward from previous budget periods: Capabilities for BP5- FY24may be the same as prior year selections. If the jurisdiction intends to carry work forward from BP4 - FY23 to BP5 - FY24, please mark this on page 3. • Changing capabilities: Capabilities can be changed during the budget period. If there is a change to capabilities, please email a notification to the PHEP email inbox (PH EP@dshs.texas. gov). • Medical Countermeasures: If Capabilities 8 and/or 9 (medical countermeasures) are selected, jurisdictions must select at least one (1) additional capability. • Complete the Vulnerable Populations Planning Module. Please email the completed jurisdictional work plan to the PHEP email inbox (PHEPOdshs.texas.gov) by PAGE DocuSion Envelope ID: 557C76D3-B429-439E-A7E1-7ED98683CE1E Public Health Emergency Preparedness Work Plan Template Work Plan Executive Summary: Please provide a very brief overview of the jurisdiction's goals for BPS — PY24. Lubbock Public Health has chosen Community Preparedness, Information Sharing, and Emergency Operations Coordination to work on during FY24. The general theme of our activities will be redeveloping relationships lost during COVID (due to turnover) and increasing our ability to effectively and efficiently share information. We will hold conferences/meetings, participate in several exercises, and revise plans as needed. 21Page DocuSign Envelope ID: 557C76D3-B429-439E-A7E1-7ED98683CE1E Capabilities FY23: Please mark the capabilities that were addressed during BP4- FY23 in the column labeled FY23. FY24: Please mark three (3) capabilities that will be addressed during BP5 - FY24 in the column labeled FY24. COVID-19 Carryover: Please mark if capabilities that will be carried over to FY24 due to COVD-19 response activities in the column labeled COVID-19 Carryover. CAPABILITY FY22 FY24 Community Preparedness X X Community Recovery ❑ ❑ Emergency Operations Coordination ❑ X Emergency Public Information and Warning ❑ ❑ Fatality Management ❑ ❑ Information Sharing ❑ X Mass Care ❑ ❑ Medical Countermeasures Dispensing and Administration ❑ ❑ Medical Materiel Management and Distribution ❑ ❑ Medical Surge X ❑ Non pharmaceutical Intervention ❑ ❑ Public Health Laboratory Testing ❑ ❑ Public Health Surveillance and Epidemiological Investigation X ❑ Responder Safety and Health ❑ ❑ Volunteer Management ❑ ❑ 31Page DocuSign Envelope ID: 557C76D3-B429-439E-A7E1-7ED98683CE1E Capability X Capability 1: Community Preparedness j ❑ Capability 2: Community Recovery ❑ Capability 3: Emergency Operations Coordination ❑ Capability 4: Emergency Public Information and Warning ` ❑ Capability 5: Fatality Management ! ❑ Capability 6: Information Sharing ❑ Capability 7: Mass Care ❑ Capability 8: Medical Countermeasure Dispensing and Administration ❑ Capability 9: Medical Materiel Management and Distribution ❑ Capability 10: Medical Surge I ❑ Capability 11: Nonpharmaceutical Interventions k` I ❑ Capability 12: Public Health Laboratory Testing ❑ Capability 13: Public Health Surveillance and Epidemiological Investigation ❑ Capability 14: Responder Safety and Health n 1 r, - \/nliintcor mnnanamant Assessment of Current relationships with local hospitals and long-term care current relevant facilities resources: Identified Need to engage new staff at those facilities and foster relationships needs/ a s: with additional facilities Objective(s) : Foster relationships with healthcare facilities through training and conferences in order to enhance overall communit pLeearedness. Outcome(s): Better relationships with healthcare facilities and facilities that are better pMared to withstand disasters Enfectious disease or other Output(s): EPIC Conference, Tabletop exercise (TTX) and full-scale exercise FSE templates for healthcare facilities Supporting Activities Activity Description Lead Assigned Contributing Consultant Estimated Personnel Partners (if any) Date of if an Completion Meet with hospital partners Rachel Dolan Hospitals None Every other every other month for planning month meetings Meet to begin planning annual Rachel Dolan Hospitals, None July 2023 Emergency Preparedness and Office of Infection Control Conference Emergency Management (OEM), Epi Manager ` Create training topics for Rachel Dolan OEM None July 2023 Preparedness track Tiffany Torres Amy Gearhart 4 1 Page DocuSign Envelope ID: 557C76D3-B429-439E-A7E1 -7ED98683CE 1 E Gather facility/agency Amy Gearhart None None July 2023 information for invitations Tiffany Torres Send out "save the date" Rachel Dolan None None August Tiffany Torres 2023 Amy Gearhart Develop training and exercise Rachel Dolan OEM None September materials 2023 Hold Conference Rachel Dolan OEM, hospital None October or Tiffany Torres and November healthcare 2023 partners Capability _ ❑ Capability 1: Community Preparedness ❑ Capability 2: Community Recovery ❑ Capability 3: Emergency Operations Coordination ❑ Capability 4: Emergency Public Information and Warning ❑ Capability 5: Fatality Management X Capability 6: Information Sharing ❑ Capability 7: Mass Care ❑ Capability 8: Medical Countermeasure Dispensing and Administration ❑ Capability 9: Medical Materiel Management and Distribution ❑ Capability 10: Medical Surge ❑ Capability 11: Nonpharmaceutical Interventions ❑ Capability 12: Public Health Laboratory Testing ❑ Capability 13: Public Health Surveillance and Epidemiological Investigation ❑ Capability 14: Responder Safety and Health ❑ Capability 15: Volunteer Management Assessment of Use of Microsoft Teams between hospitals during Emergency current relevant Operations Center (EOC) activations, outdated Information Sharing resources: Standard Operating Procedures (SOP) Identified Needs to develop procedures for the use of different features and needs/ as: sharing of information Objective(s): Develop the ability to have a common operating procedure with healthcare facilities by improving information sharing capabilities. Outcome(s): Better information flow between hospitals/EOC/Public Health during disasters outputs): Information Sharing SOP, usable communication platform Supporting ACUVities Activity Description Lead Assigned Contributing Consultant Estimated Personnel Partners (if any) Date of if an Completion 51Page DocuSign Envelope ID: 557C7603-B429-439E-A7E1-7ED98683CE1E Meet with hospital partners to Rachel Dolan Hospitals None August discuss the needs for each 2023 agency confidentiali etc. Determine procedures for using Rachel Dolan Hospitals None September the chat function for situational 2023 awareness Determine needs for different Rachel Dolan Hospitals None October group chats 2023 Create and train partners on Daniel Hilario Hospitals None January the use of the Teams board s 2024 Exercise the boards during any Rachel Dolan Hospitals None June 2024 upcoming exercise, specifically Daniel Hilario the Active Shooter Exercise in June 2024 Capability ❑ Capability 1: Community Preparedness ❑ Capability 2: Community Recovery X Capability 3: Emergency Operations Coordination ❑ Capability 4: Emergency Public Information and Warning ❑ Capability 5: Fatality Management ❑ Capability 6: Information Sharing ❑ Capability 7: Mass Care ❑ Capability 8: Medical Countermeasure Dispensing and Administration ❑ Capability 9: Medical Materiel Management and Distribution ❑ Capability 10: Medical Surge ❑ Capability 11: Nonpharmaceutical Interventions ❑ Capability 12: Public Health Laboratory Testing ❑ Capability 13: Public Health Surveillance and Epidemiological Investigation ❑ Capability 14: Responder Safety and Health ❑ Capability 15: Volunteer Management Assessment of Current Regional Medical Operations Center (BMOC) procedures current relevant resources: Identified Integration of Pulsara patient tracking systems needs/gaps: Objective(s): Enhanced functionality of the RMOC and the ability to assist with mass casualty incidents or mass fatality incidents by having cleared patient tracking information. Outcome(s): Improved ability to track patients during a mass casualty incident or mass fatality incident 61 Page UOcuSign Envelope IU: 557G76U3-t34Ly�3yt-AIt1-ItUytStitSsc:tlt Output(s): Pulsara access for public health view, After Action Report (AAR) Supporting AcIrncities Activity Description Lead Assigned Contributing Consultant Estimated Personnel Partners (if any) Date of if an Corn letion Participate in OEM planning OEM OEM, March 2024 meetings for the active shooter Rachel Dolan hospitals FSE Coordinate with hospitals on P Rachel Dolan Hospitals, P Aril 2024 P FSE planning OEM Participate in FSE, leading the Rachel Dolan Hospitals, June 2024 BMOC and facilitating OEM communications and patient tracking Contribute to the AAR Rachel Dolan Hospitals, June 2024 OEM OEM 71Page