The URL can be used to link to this page

Home My WebLink AboutResolution - 2023-R0327 - DSHS Contract No. HHS001331300015 Immunization Locals Grant Program 6.27.23Resolution No. 2023-RO327 Item No. 0327 June 27, 2023 RESOLUTION BE IT RESOLVED BY THE CITY COUNCIL OF THE CITY OF LUBBOCK: THAT the Mayor of the City of Lubbock is hereby authorized and directed to execute for and on behalf of the City of Lubbock, Department of State Health Services Contract No. HHS001331300015 under the Immunization Locals Grant Program, by and between the City of Lubbock and the State of Texas' Department of State Health Services (DSHS), and all related documents. Said Contract is attached hereto and incorporated in this resolution as if fully set forth herein and shall be included in the minutes of the City Council. Passed by the City Council on June 27, 2023 APPROVED AS TO Bill HowAorl, Deputy City APPROVED AS TO FORM: Foster, A sdsiant City Attorney RESMI-IS-1-11-IS001331300015 Immunization Locals Grant Program 6.5.23 DocuSign Envelope ID: 840D3DFE-E919-447C-871D-17373C8C6C32 TEXAS • Texas Department of State Health Services `t. Health and Human Services Jennifer A. Shuford, M.D., M.P.H. Commissioner Resolution No. 2023-RO327 The Honorable Tray Payne, Mayor City of Lubbock PO Box 2000 Lubbock, Texas 79408 Subject: IMM/LOCALS Contract Number: HHS001331300015 Contract Amount: $232,115.00 Contract Term: September 1, 2023, through August 31, 2024 Dear Mayor Payne: Enclosed is the IMM/LOCALS contract between the Department of State Health Services and City of Lubbock. The purpose of this contract is to prevent and control the transmission of vaccine - preventable diseases in children and adults, with emphasis on accelerating strategic interventions to improve their vaccine coverage levels. Please let me know if you have any questions or need additional information. Sincerely, Shelva Mays, CTCM Contract Manager Shelva.mays@dshs.texas.gov P.O. Box 149347 • Austin, Texas 78714-9347 • Phone: 888-963-7111 • TTY: 800-735-2989 • dshs.texas.gov DocuSign Envelope ID: 840D3DFE-E919-447C-871D-17373C8C6C32 Total State Funds: $128,839.00 All expenditures under the Grant Agreement will be in accordance with ATTACHMENT B, BUDGET. VI. REPORTING REQUIREMENTS Grantee shall submit reports in accordance with the requirements specified in ATTACHMENT A, STATEMENT OF WORK. VII. CONTRACT REPRESENTATIVES The following will act as the representative authorized to administer activities under this Grant Agreement on behalf of their respective Party. System Auncy Grantee Shelva Mays Katherine Wells Department of State Health Services City of Lubbock P.O. Box 149347 — Mail Code 1990 PO Box 2000 Austin, Texas 78714-9347 Lubbock, Texas 79408 cros covidimm(Rdshs.texas. gov kwells(@mylubbock.us VIII. NOTICE REQUIREMENTS A. All notices given by Grantee shall be in writing, include the Grant Agreement contract number, comply with all terms and conditions of the Grant Agreement, and be delivered to the System Agency's Contract Representative identified above. B. Grantee shall send legal notices to System Agency at the address below and provide a copy to the System Agency's Contract Representative: Health and Human Services Commission 4601 W. Guadalupe, Mail Code 1100 Austin, Texas 78751 Attn: Office of Chief Counsel With a copy to: Department of State Health Services 1100 W. 49th Street, Mail Code 1919 Austin, Texas 78756 Attention: Office of General Counsel C. Notices given by System Agency to Grantee may be emailed, mailed or sent by common carrier. Email notices shall be deemed delivered when sent by System Agency. Notices sent System Agency Grant Agreement, Contract # HHS001331300015 Page 2 of 5 DocuSign Envelope ID: 840D3DFE-E919-447C-871 D-1 7373C8C6C32 ATTACHMENT A —STATEMENT OF WORK ATTACHMENT B — BUDGET ATTACHMENT C — HHS CONTRACT AFFIRMATIONS V. 2.2 (MAY 2022) ATTACHMENT D — HHS UNIFORM TERMS AND CONDITIONS — GRANT V. 3.2 (JULY 2022) ATTACHMENT E — DATA USE AGREEMENT-TACCHO VERSION (OCTOBER 23, 2019) ATTACHMENT E-1 DATA USE AGREEMENT -SECURITY AND PRIVACY INQUIRY ATTACHMENT F — ADDITIONAL PROVISIONS ATTACHMENT G — FEDERAL ASSURANCES ATTACHMENT H — CERTIFICATION REGARDING LOBBYING ATTACHMENT I — DISCLOSURE OF LOBBYING ACTIVITIES (SF-LLL) ATTACHMENT J — FFATA CERTIFICATION FORM XI. SIGNATURE AUTHORITY Each Party represents and warrants that the person executing this Grant Agreement on its behalf has full power and authority to enter into this Grant Agreement. Any services or work performed by Grantee before this Grant Agreement is effective or after it ceases to be effective is performed at the sole risk of Grantee. SIGNATURE PAGE FOLLOWS System Agency Grant Agreement, Contract # HHS001331300015 Page 4 of 5 DocuSign Envelope ID: 840D3DFE-E919-447C-871D-17373C8C6C32 ATTACHMENT A STATEMENT OF WORK I. GRANTEE RESPONSIBILITIES Grantee shall: A. Implement and operate an immunization program for children, adolescents, and adults, with special emphasis on accelerating interventions to improve the immunization coverage of children three (3) years of age or younger (birth to 35 months of age). Grantee shall incorporate traditional and non-traditional systematic approaches designed to eliminate barriers, expand immunization capacity, and establish uniform operating policies, as described herein. B. Be enrolled as a provider in the Texas Vaccines for Children (TVFC) and the Adult Safety Net (ASN) Programs by the effective date of this Contract. This includes a signed Deputization Addendum Form (EFI1-13999). C. Maintain staffing levels to meet required activities of the Contract and ensure staff funded by this Contract attend required training. D. Report all notifiable conditions as specified in Texas Administrative Code (TAC) Title 25, Part I § § 97.1-97.6, as amended, and as otherwise required by law. E. Report all vaccine adverse event occurrences in accordance with the 1986 National Childhood Vaccine Injury Act (NCVIA) 42 U.S.C. § 300aa-25 (located at http://vaers.hhs.gov/ or 1-800-822-7967, as amended. F. Sustain a network of TVFC/ASN providers to administer vaccines to program -eligible populations by conducting the following activities: 1. Ensuring New Provider Checklist is completed; 2. Conducting quality assurance reviews; 3. Ensuring annual influenza pre -book survey is completed; 4. Conducting compliance site visits; 5. Conducting unannounced storage and handling visits; and 6. Ensuring providers adhere to the vaccine borrowing procedure. G. Participate in audits and assessments through the following activities: 1. Completing and submitting through Child Health Reporting System (CHRS) all audits and assessments conducted on childcare facilities and Head Start Centers; 2. Completing audits, assessments and retrospective surveys of public and private schools; 3. Reviewing monthly reports to ensure data quality; 4. Reviewing the monthly Provider Activity Reports; DSHS Contract No. HHS001331300015 Page 1 of 5 DocuSign Envelope ID: 840D3DFE-E919-447C-871D-17373C8C6C32 A. Report the number of doses administered to underinsured children monthly, as directed by DSHS. B. Report the number of unduplicated underinsured clients served, as directed by DSHS. C. Complete and submit Immunization Inter -Local Agreement (ILA) Quarterly Report form, utilizing the format provided by the DSHS Immunization Section and available at https://dshs.texas.gov immunize/lhd.shtm by the report due date. If the due date falls on a weekend or state approved holiday, the report is due the next business day. Report Type Reporting Period Report Due Date Programmatic 09/01/2023 to 11/30/2023 12/31/2023 Programmatic 12/01/2023 to 02/29/2024 03/31/2024 Programmatic 03/01/2024 to 05/31/2024 06/30/2024 Programmatic 06/01/2024 to 08/31/2024 09/30/2024 Submit quarterly reports electronically through an online tool according to the timeframes stated above. DSHS Immunization Section will provide instructions at the beginning of each state fiscal year through CMS. Supplemental report documents (PEAR and AFIX reports, vacancy letters, etc.) should be sent to dshsimmunizationcontracts@,dshs.texas.gov. D. Submit the Financial Status Report (FSR-269A) biannually as outlined below. Grantee shall email the Financial Status Report (FSR-269A) to the following email address: FSR rg ants(@dshs.texas.gov. Period Covered Due Date September 1, 2023 — February 29, 2024 February 29, 2024 March 1, 2024 - August 31, 2024 September 31, 2024 E. Maintain an inventory of equipment, supplies defined as Controlled Assets, and real property. Submit an annual cumulative report of the equipment and other property on HHS System Agency Grantee's Property Inventory Report to the designated DSHS Contract Manager and fsoequip(@dshs.texas.gov by email not later than October 15 of each year. Controlled Assets include firearms, regardless of the acquisition cost, and the following assets with an acquisition cost of $500 or more, but less than $5,000: desktop and laptop computers (including notebooks, tablets and similar devices), non -portable printers and copiers, emergency management equipment, communication devices and systems, medical and laboratory equipment, and media equipment. Controlled Assets are considered Supplies. F. Provide written notification of budget transfers by submission of a revised Categorical Budget Form to the designated DSHS Contract Manager, highlighting the areas affected by the budget transfer. Grantee is advised as follows: DSHS Contract No. HHS001331300015 Page 3 of 5 DocuSign Envelope ID: 840D3DFE-E919-447C-871 D-1 7373C8C6C32 close-out invoice and final financial status report no later than 45 days following the end of the Contract term. Invoices received more than 45 days after the end of the Contract term are subject to denial of payment. Grantee shall electronically submit all invoices with supporting documentation to: invoices()dshs.texas. gov and CMSinvoices(a,dshs.texas.gov and a copy to the assigned DSHS Contract Representative identified in the Signature Document. A. At a minimum, voucher should include: 1. Grantee name, address, email address, vendor identification number, and telephone number; 2. DSHS Contract or Purchase Order number; 3. Dates services were completed and/or products were delivered; 4. The total invoice amount; and 5. Any additional supporting documentation which is required by the Statement of Work or as requested by DSHS. Failure to submit required information may result in delay of payment or return of invoice. Billing invoices must be legible. Illegible or incomplete invoices which cannot be verified will be disallowed for payment. B. DSHS will pay Grantee monthly on a cost reimbursement basis and in accordance with ATTACHMENT B, BUDGET, of this Contract. DSHS will reimburse Grantee only for allowable and reported expenses incurred within the grant term. DSHS Contract No. HHS001331300015 Page 5 of 5 DocuSign Envelope ID: 840D3DFE-E9l9-447C-871D-17373C8C6C32 HEALTH AND HUMAN SERVICES Contract Number HHS001331300015 Attachment C CONTRACT AFFIRMATIONS For purposes of these Contract Affirmations, HHS includes both the Health and Human Services Commission (HHSC) and the Department of State Health Services (DSHS). System Agency refers to HHSC, DSHS, or both, that will be a party to this Contract. These Contract Affirmations apply to all Contractors and Grantees (referred to as "Contractor") regardless of their business form (e.g., individual, partnership, corporation). By entering into this Contract, Contractor affirms, without exception, understands, and agrees to comply with the following items through the life of the Contract: 1. Contractor represents and warrants that these Contract Affirmations apply to Contractor and all of Contractor's principals, officers, directors, shareholders, partners, owners, agents, employees, subcontractors, independent contractors, and any other representatives who may provide services under, who have a financial interest in, or otherwise are interested in this Contract and any related Solicitation. 2. Complete and Accurate Information Contractor represents and warrants that all statements and information provided to HHS are current, complete, and accurate. This includes all statements and information in this Contract and any related Solicitation Response. 3. Public Information Act Contractor understands that HHS will comply with the Texas Public Information Act (Chapter 552 of the Texas Government Code) as interpreted by judicial rulings and opinions of the Attorney General of the State of Texas. Information, documentation, and other material prepared and submitted in connection with this Contract or any related Solicitation may be subject to public disclosure pursuant to the Texas Public Information Act. In accordance with Section 2252.907 of the Texas Government Code, Contractor is required to make any information created or exchanged with the State pursuant to the Contract, and not otherwise excepted from disclosure under the Texas Public Information Act, available in a format that is accessible by the public at no additional charge to the State. 4. Contracting Information Requirements Contractor represents and warrants that it will comply with the requirements of Section 552.372(a) of the Texas Government Code. Except as provided by Section 552.374(c) of the Texas Government Code, the requirements of Subchapter J (Additional Provisions Related to Contracting Information), Chapter 552 of the Government Code, may apply to the Contract and the Contractor agrees that the Contract can be terminated if the Contractor knowingly or intentionally fails to comply with a requirement of that subchapter. Health and Human Services Contract Affirmations v. 2.2 Effective May 2022 Page 1 of 13 DocuSign Envelope ID: 840D3DFE-E919-447C-871 D-1 7373C8C6C32 and acknowledges that this Contract may be terminated and payment withheld if this certification is inaccurate. 12. Child Support Obligation Under Section 231.006(d) of the Texas Family Code regarding child support, Contractor certifies that the individual or business entity named in this Contract and any related Solicitation Response is not ineligible to receive the specified payment and acknowledges that the Contract may be terminated and payment may be withheld if this certification is inaccurate. If the certification is shown to be false, Contractor may be liable for additional costs and damages set out in 231.006(f). 13. Suspension and Debarment Contractor certifies that it and its principals are not suspended or debarred from doing business with the state or federal government as listed on the State of Texas Debarred Vendor List maintained by the Texas Comptroller of Public Accounts and the System for Award Management (SAM) maintained by the General Services Administration. This certification is made pursuant to the regulations implementing Executive Order 12549 and Executive Order 12689, Debarment and Suspension, 2 C.F.R. Part 376, and any relevant regulations promulgated by the Department or Agency funding this project. This provision shall be included in its entirety in Contractor's subcontracts, if any, if payment in whole or in part is from federal funds. 14. Excluded Parties Contractor certifies that it is not listed in the prohibited vendors list authorized by Executive Order 13224, "Blocking Property and Prohibiting Transactions with Persons Who Commit, Threaten to Commit, or Support Terrorism, " published by the United States Department of the Treasury, Office of Foreign Assets Control.' 15. Foreign Terrorist Organizations Contractor represents and warrants that it is not engaged in business with Iran, Sudan, or a foreign terrorist organization, as prohibited by Section 2252.152 of the Texas Government Code. 16. Executive Head of a State Agency In accordance with Section 669.003 of the Texas Government Code, relating to contracting with the executive head of a state agency, Contractor certifies that it is not (1) the executive head of an HHS agency, (2) a person who at any time during the four years before the date of this Contract was the executive head of an HHS agency, or (3) a person who employs a current or former executive head of an HHS agency. 17. Human Trafficking Prohibition Under Section 2155.0061 of the Texas Government Code, Contractor certifies that the individual or business entity named in this Contract is not ineligible to receive this Contract and acknowledges that this Contract may be terminated and payment withheld if this certification is inaccurate. Health and Human Services Contract Affirmations v. 2.2 Effective May 2022 Page 3 of 13 DocuSign Envelope ID: 840D3DFE-E9l9-447C-871D-17373C8C6C32 26. Restricted Employment for Certain State Personnel Contractor acknowledges that, pursuant to Section 572.069 of the Texas Government Code, a former state officer or employee of a state agency who during the period of state service or employment participated on behalf of a state agency in a procurement or contract negotiation involving Contractor may not accept employment from Contractor before the second anniversary of the date the Contract is signed or the procurement is terminated or withdrawn. 27. No Conflicts of Interest A. Contractor represents and warrants that it has no actual or potential conflicts of interest in providing the requested goods or services to System Agency under this Contract or any related Solicitation and that Contractor's provision of the requested goods and/or services under this Contract and any related Solicitation will not constitute an actual or potential conflict of interest or reasonably create an appearance of impropriety. B. Contractor agrees that, if after execution of the Contract, Contractor discovers or is made aware of a Conflict of Interest, Contractor will immediately and fully disclose such interest in writing to System Agency. In addition, Contractor will promptly and fully disclose any relationship that might be perceived or represented as a conflict after its discovery by Contractor or by System Agency as a potential conflict. System Agency reserves the right to make a final determination regarding the existence of Conflicts of Interest, and Contractor agrees to abide by System Agency's decision. 28. Fraud, Waste, and Abuse Contractor understands that HHS does not tolerate any type of fraud, waste, or abuse. Violations of law, agency policies, or standards of ethical conduct will be investigated, and appropriate actions will be taken. Pursuant to Texas Government Code, Section 321.022, if the administrative head of a department or entity that is subject to audit by the state auditor has reasonable cause to believe that money received from the state by the department or entity or by a client or contractor of the department or entity may have been lost, misappropriated, or misused, or that other fraudulent or unlawful conduct has occurred in relation to the operation of the department or entity, the administrative head shall report the reason and basis for the belief to the Texas State Auditor's Office (SAO). All employees or contractors who have reasonable cause to believe that fraud, waste, or abuse has occurred (including misconduct by any HHS employee, Grantee officer, agent, employee, or subcontractor that would constitute fraud, waste, or abuse) are required to immediately report the questioned activity to the Health and Human Services Commission's Office of Inspector General. Contractor agrees to comply with all applicable laws, rules, regulations, and System Agency policies regarding fraud, waste, and abuse including, but not limited to, HHS Circular C-027. A report to the SAO must be made through one of the following avenues: • SAO Toll Free Hotline: 1-800-TX-AUDIT • SAO website: http://sao.fraud.state.tx.us All reports made to the OIG must be made through one of the following avenues: Health and Human Services Contract Affirmations v. 2.2 Effective May 2022 Page 5 of 13 DocuSign Envelope ID: 840D3DFE-E919-447C-871D-17373C8C6C32 31. No Felony Criminal Convictions Contractor represents that neither Contractor nor any of its employees, agents, or representatives, including any subcontractors and employees, agents, or representative of such subcontractors, have been convicted of a felony criminal offense or that if such a conviction has occurred Contractor has fully advised System Agency in writing of the facts and circumstances surrounding the convictions. 32. Unfair Business Practices Contractor represents and warrants that it has not been the subject of allegations of Deceptive Trade Practices violations under Chapter 17 of the Texas Business and Commerce Code, or allegations of any unfair business practice in any administrative hearing or court suit and that Contractor has not been found to be liable for such practices in such proceedings. Contractor certifies that it has no officers who have served as officers of other entities who have been the subject of allegations of Deceptive Trade Practices violations or allegations of any unfair business practices in an administrative hearing or court suit and that such officers have not been found to be liable for such practices in such proceedings. 33. Entities that Boycott Israel Contractor represents and warrants that (1) it does not, and shall not for the duration of the Contract, boycott Israel or (2) the verification required by Section 2271.002 of the Texas Government Code does not apply to the Contract. If circumstances relevant to this provision change during the course of the Contract, Contractor shall promptly notify System Agency. 34. E-Verify Contractor certifies that for contracts for services, Contractor shall utilize the U.S. Department of Homeland Security's E-Verify system during the term of this Contract to determine the eligibility of: 1. all persons employed by Contractor to perform duties within Texas; and 2. all persons, including subcontractors, assigned by Contractor to perform work pursuant to this Contract within the United States of America. 35. Former Agency Employees — Certain Contracts If this Contract is an employment contract, a professional services contract under Chapter 2254 of the Texas Government Code, or a consulting services contract under Chapter 2254 of the Texas Government Code, in accordance with Section 2252.901 of the Texas Government Code, Contractor represents and warrants that neither Contractor nor any of Contractor's employees including, but not limited to, those authorized to provide services under the Contract, were former employees of an HHS Agency during the twelve (12) month period immediately prior to the date of the execution of the Contract. Health and Human Services Contract Affirmations v. 2.2 Effective May 2022 Page 7 of 13 DocuSign Envelope ID: 840D3DFE-E919-447C-871 D-1 7373C8C6C32 39. Prohibition on Certain Telecommunications and Video Surveillance Services or Equipment (2 CFR 200.216) Contractor certifies that the individual or business entity named in this Response or Contract is not ineligible to receive the specified Contract or funding pursuant to 2 CFR 200.216. 40. COVID-19 Vaccine Passports Pursuant to Texas Health and Safety Code, Section 161.0085(c), Contractor certifies that it does not require its customers to provide any documentation certifying the customer's COVID-19 vaccination or post -transmission recovery on entry to, to gain access to, or to receive service from the Contractor's business. Contractor acknowledges that such a vaccine or recovery requirement would make Contractor ineligible for a state -funded contract. 41. Entities that Boycott Energy Companies In accordance with Senate Bill 13, Acts 2021, 87th Leg., R.S., pursuant to Section 2274.002 of the Texas Government Code (relating to prohibition on contracts with companies boycotting certain energy companies), Contractor represents and warrants that: (1) it does not, and will not for the duration of the Contract, boycott energy companies or (2) the verification required by Section 2274.002 of the Texas Government Code does not apply to the Contract. If circumstances relevant to this provision change during the course of the Contract, Contractor shall promptly notify System Agency. 42. Entities that Discriminate Against Firearm and Ammunition Industries In accordance with Senate Bill 19, Acts 2021, 87th Leg., R.S., pursuant to Section 2274.002 of the Texas Government Code (relating to prohibition on contracts with companies that discriminate against firearm and ammunition industries), Contractor verifies that: (1) it does not, and will not for the duration of the Contract, have a practice, policy, guidance, or directive that discriminates against a firearm entity or firearm trade association or (2) the verification required by Section 2274.002 of the Texas Government Code does not apply to the Contract. If circumstances relevant to this provision change during the course of the Contract, Contractor shall promptly notify System Agency. 43. Security Controls for State Agency Data In accordance with Senate Bill 475, Acts 2021, 87th Leg., R.S., pursuant to Texas Government Code, Section 2054.138, Contractor understands, acknowledges, and agrees that if, pursuant to this Contract, Contractor is or will be authorized to access, transmit, use, or store data for System Agency, Contractor is required to meet the security controls the System Agency determines are proportionate with System Agency's risk under the Contract based on the sensitivity of System Agency's data and that Contractor must periodically provide to System Agency evidence that Contractor meets the security controls required under the Contract. Health and Human Services Contract Affirmations v. 2.2 Effective May 2022 Page 9 of 13 DocuSign Envelope ID: 840D3DFE-E919-447C-871D-17373C8C6C32 access to or control of critical infrastructure, as defined by Section 113.001 of the Texas Business & Commerce Code, in this state. 49. Enforcement of Certain Federal Firearms Laws Prohibited In accordance with House Bill 957, Acts 2021, 87th Leg., R.S., if Texas Government Code, Section 2.101 is applicable to Contractor, Contractor certifies that it is not ineligible to receive state grant funds pursuant to Texas Government Code, Section 2.103. 50. Prohibition on Abortions Contractor understands, acknowledges, and agrees that, pursuant to Article II of the General Appropriations Act, (1) no funds shall be used to pay the direct or indirect costs (including marketing, overhead, rent, phones, and utilities) of abortion procedures provided by contractors of HHSC; and (2) no funds appropriated for Medicaid Family Planning, Healthy Texas Women Program, or the Family Planning Program shall be distributed to individuals or entities that perform elective abortion procedures or that contract with or provide funds to individuals or entities for the performance of elective abortion procedures. Contractor represents and warrants that it is not ineligible, nor will it be ineligible during the term of this Contract, to receive appropriated funding pursuant to Article 11. 51. False Representation Contractor understands, acknowledges, and agrees that any false representation or any failure to comply with a representation, warranty, or certification made by Contractor is subject to all civil and criminal consequences provided at law or in equity including, but not limited to, immediate termination of this Contract. 52. False Statements Contractor represents and warrants that all statements and information prepared and submitted by Contractor in this Contract and any related Solicitation Response are current, complete, true, and accurate. Contractor acknowledges any false statement or material misrepresentation made by Contractor during the performance of this Contract or any related Solicitation is a material breach of contract and may void this Contract. Further, Contractor understands, acknowledges, and agrees that any false representation or any failure to comply with a representation, warranty, or certification made by Contractor is subject to all civil and criminal consequences provided at law or in equity including, but not limited to, immediate termination of this Contract. 53. Permits and License Contractor represents and warrants that it will comply with all applicable laws and maintain all permits and licenses required by applicable city, county, state, and federal rules, regulations, statutes, codes, and other laws that pertain to this Contract. 54. Equal Employment Opportunity Contractor represents and warrants its compliance with all applicable duly enacted state and federal laws governing equal employment opportunities. Health and Human Services Contract Affirmations v. 2.2 Effective May 2022 Page 11 of 13 DocuSign Envelope ID: 840D3DFE-E919-447C-871D-17373C8C6C32 Authorized representative on behalf of Contractor must complete and sign the following: Legal Name of Contractor Assumed Business Name of Contractor, if applicable (d/b/a or `doing business as') Texas County(s) for Assumed Business Name (d/b/a or `doing business as') Attach Assumed Name Certificate(s) filed with the Texas Secretary of State and Assumed Name Certificate(s), if any, for each Texas County Where Assumed Name Certificate(s) has been filed. Signature of Authorized Representative Date Signed Printed Name of Authorized Representative Title of Authorized Representative First, Middle Name or Initial, and Last Name Physical Street Address City, State, Zip Code Mailing Address, if different City, State, Zip Code Phone Number Fax Number Email Address DUNS Number Federal Employer Identification Number Texas Identification Number (TIN) Texas Franchise Tax Number Texas Secretary of State Filing Number SAM.gov Unique Entity Identifier (UEI) Health and Human Services Contract Affirmations v. 2.2 Effective May 2022 Page 13 of 13 DocuSign Envelope ID: 840D3DFE-E919-447C-871D-17373C8C6C32 ABOUT THIS DOCUMENT In this document, Grantees (also referred to in this document as subrecipients or contractors) will find requirements and conditions applicable to grant funds administered and passed -through by both the Texas Health and Human Services Commission (HHSC) and the Department of State Health Services (DSHS). These requirements and conditions are incorporated into the Grant Agreement through acceptance by Grantee of any funding award by HHSC or DSHS. The terms and conditions in this document are in addition to all requirements listed in the RFA, if any, under which applications for this grant award are accepted, as well as all applicable federal and state laws and regulations. Applicable federal and state laws and regulations may include, but are not limited to: 2 CFR Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards; requirements of the entity that awarded the funds to HHS; Chapter 783 of the Texas Government Code; Texas Comptroller of Public Accounts' agency rules (including Uniform Grant and Contract Standards set forth in Title 34, Part 1, Chapter 20, Subchapter E, Division 4 of the Texas Administrative Code); the Texas Grant Management Standards (TxGMS) developed by the Texas Comptroller of Public Accounts; and the Funding Announcement, Solicitation, or other instrument/documentation under which HHS was awarded funds. HHS, in its sole discretion, reserves the right to add requirements, terms, or conditions. HHS Uniform Terms and Conditions — Grant v 3.2 Effective July 2022 Page 2 of 29 DocuSign Envelope ID: 840D3DFE-E919-447C-871D-17373C8C6C32 ARTICLE VI. INTELLECTUAL PROPERTY............................................................. 13 6.1 OWNERSHIP OF WORK PRODUCT....................................................................... 13 6.2 GRANTEE'S PRE-EXISTING WORKS................................................................... 14 6.3 THIRD PARTY IP................................................................................................. 14 6.4 AGREEMENTS WITH EMPLOYEES AND SUBCONTRACTORS ............................... 14 6.5 DELIVERY UPON TERMINATION OR EXPIRATION .............................................. 15 6.6 SURVIVAL............................................................................................................15 6.7 SYSTEM AGENCY DATA...................................................................................... 15 ARTICLE VII. PROPERTY............................................................................................ 15 7.1 USE OF STATE PROPERTY................................................................................... 15 7.2 DAMAGE TO STATE PROPERTY.......................................................................... 16 7.3 PROPERTY RIGHTS UPON TERMINATION OR EXPIRATION OF CONTRACT ....... 16 7.4 EQUIPMENT AND PROPERTY............................................................................... 16 ARTICLE VIII. RECORD RETENTION, AUDIT, AND CONFIDENTIALITY ..... 17 8.1 RECORD MAINTENANCE AND RETENTION......................................................... 17 8.2 AGENCY'S RIGHT TO AUDIT............................................................................... 17 8.3 RESPONSE/COMPLIANCE WITH AUDIT OR INSPECTION FINDINGS ................... 18 8.4 STATE AUDITOR'S RIGHT TO AUDIT.................................................................. 18 8.5 CONFIDENTIALITY.............................................................................................. 18 ARTICLE IX. GRANT REMEDIES, TERMINATION AND PROHIBITED ACTIVITIES......................................................................................................................19 9.1 REMEDIES............................................................................................................19 9.2 TERMINATION FOR CONVENIENCE.................................................................... 19 9.3 TERMINATION FOR CAUSE ................................... :............................................. 19 9.4 GRANTEE RESPONSIBILITY FOR SYSTEM AGENCY'S TERMINATION COSTS.... 20 9.5 INHERENTLY RELIGIOUS ACTIVITIES................................................................ 20 9.6 POLITICAL ACTIVITIES....................................................................................... 20 ARTICLE X. INDEMNITY.............................................................................................. 21 10.1 GENERAL INDEMNITY......................................................................................... 21 10.2 INTELLECTUAL PROPERTY................................................................................. 21 10.3 ADDITIONAL INDEMNITY PROVISIONS............................................................... 22 ARTICLE XI. GENERAL PROVISIONS...................................................................... 22 11.1 AMENDMENTS..................................................................................................... 22 11.2 NO QUANTITY GUARANTEES.............................................................................. 22 HHS Uniform Terms and Conditions — Grant v 3.2 Effective July 2022 Page 4 of 29 DocuSign Envelope ID: 840D3DFE-E919-447C-871D-17373C8C6C32 ARTICLE I. DEFINITIONS AND INTERPRETIVE PROVISIONS 1.1 DEFINITIONS As used in this Grant Agreement, unless a different definition is specified, or the context clearly indicates otherwise, the following terms and conditions have the meanings assigned below: "Amendment" means a written agreement, signed by the Parties, which documents changes to the Grant Agreement. "Contract" or "Grant Agreement" means the agreement entered into by the Parties, including the Signature Document, these Uniform Terms and Conditions, along with any attachments and amendments that may be issued by the System Agency. "Deliverables" means the goods, services, and work product, including all reports and project documentation, required to be provided by Grantee to the System Agency. "DSHS" means the Department of State Health Services. "Effective Date" means the date on which the Grant Agreement takes effect. "Federal Fiscal Year" means the period beginning October 1 and ending September 30 each year, which is the annual accounting period for the United States government. " (;AAP" means Generally Accepted Accounting Principles. "GASB" means the Governmental Accounting Standards Board. "Grantee" means the Party receiving funds under this Grant Agreement. May also be referred to as "subrecipient" or "contractor" in this document. "HHSC" means the Texas Health and Human Services Commission. "Health and Human Services" or "HHS" includes HHSC and DSHS. "Intellectual Property Rights" means the worldwide proprietary rights or interests, including patent, copyright, trade secret, and trademark rights, as such right may be evidenced by or embodied in: i. any idea, design, concept, personality right, method, process, technique, apparatus, invention, discovery, or improvement; ii. any work of authorship, including any compilation, computer code, website or web page design, literary work, pictorial work, or graphic work; iii. any trademark, service mark, trade dress, trade name, branding, or other indicia of source or origin; iv. domain name registrations; and v. any other proprietary or similar rights. The Intellectual Property Rights of a Party include all worldwide proprietary rights or interests that the Party may have acquired by assignment, by exclusive license, or by license with the right to grant sublicenses. "Parties" means the System Agency and Grantee, collectively. "Party" means either the System Agency or Grantee, individually. HHS Uniform Terms and Conditions — Grant v. 3.2 Effective July 2022 Page 6 of 29 DocuSign Envelope ID: 840D3DFE-E919-447C-871D-17373C8C6C32 (including this Grant Agreement) and other contractual instruments shall be deemed to include all subsequent Amendments and other modifications, but only to the extent that such Amendments and other modifications are not prohibited by the terms of this Grant Agreement, and (ii) references to any statute or regulation are to be construed as including all statutory and regulatory provisions consolidating, amending, replacing, supplementing, or interpreting the statute or regulation. D. Any references to agreements, contracts, statutes, or administrative rules or regulations in the Grant Agreement are references to these documents as amended, modified, or supplemented during the term of the Grant Agreement. E. The captions and headings of this Grant Agreement are for convenience of reference only and do not affect the interpretation of this Grant Agreement. F. All attachments, including those incorporated by reference, and any Amendments are considered part of the terms of this Grant Agreement. G. This Grant Agreement may use several different limitations, regulations, or policies to regulate the same or similar matters. All such limitations, regulations, and policies are cumulative. H. Unless otherwise expressly provided, reference to any action of the System Agency or by the System Agency by way of consent, approval, or waiver will be deemed modified by the phrase "in its sole discretion." I. Time is of the essence in this Grant Agreement. J. Prior to execution of the Grant Agreement, Grantee must notify System Agency's designated contact in writing of any ambiguity, conflict, discrepancy, omission, or other error. If Grantee fails to notify the System Agency designated contact of any ambiguity, conflict, discrepancy, omission or other error in the Grant Agreement prior to Grantee's execution of the Grant Agreement, Grantee: i. Shall have waived any claim of error or ambiguity in the Grant Agreement; and ii. Shall not contest the interpretation by the System Agency of such provision(s). No grantee will be entitled to additional reimbursement, relief, or time by reason of any ambiguity, conflict, discrepancy, exclusionary specification, omission, or other error or its later correction. ARTICLE II. PAYMENT PROVISIONS 2.1 PROMPT PAYMENT Payment shall be made in accordance with Chapter 2251 of the Texas Government Code, commonly known as the Texas Prompt Payment Act. Chapter 2251 of the Texas Government Code shall govern remittance of payment and remedies for late payment and non-payment. 2.2 TAXES Grantee represents and warrants that it shall pay all taxes or similar amounts resulting from the Grant Agreement, including, but not limited to, any federal, State, or local income, sales or excise taxes of Grantee or its employees. System Agency shall not be liable for any taxes resulting from the Grant Agreement. HHS Uniform Terms and Conditions — Grant v. 3.2 Effective July 2022 Page 8 of 29 DocuSign Envelope ID: 840D3DFE-E919-447C-871D-17373C8C6C32 2.9 INDIRECT COST RATES The System Agency may acknowledge an indirect cost rate for Grantees that is utilized for all applicable Grant Agreements. For subrecipients receiving federal funds, indirect cost rates will be determined in accordance with applicable law including, but not limited to, 2 CFR 200.414(f). For recipients receiving state funds, indirect costs will be determined in accordance with applicable law including, but not limited to, TxGMS. Grantees funded with blended federal and state funding will be subject to both state and federal requirements when determining indirect costs. In the event of a conflict between TxGMS and applicable federal law or regulation, the provisions of federal law or regulation will apply. Grantee will provide any necessary financial documents to determine the indirect cost rate in accordance with the Uniform Grant Guidance (UGG) and TxGMS. ARTICLE III. STATE AND FEDERAL FUNDING 3.1 EXCESS OBLIGATIONS PROHIBITED This Grant Agreement is subject to termination or cancellation, without penalty to System Agency, either in whole or in part, subject to the availability and actual receipt by System Agency of state or federal funds. System Agency is a state agency whose authority and appropriations are subject to actions of the Texas Legislature. If System Agency becomes subject to a legislative change, revocation of statutory authority, or lack of appropriated funds that would render either System Agency's or Grantee's delivery or performance under the Grant Agreement impossible or unnecessary, the Grant Agreement will be terminated or cancelled and be deemed null and void. In the event of a termination or cancellation under this Section, System Agency will not be liable to Grantee for any damages that are caused or associated with such termination or cancellation, and System Agency will not be required to give prior notice. Additionally, System Agency will not be liable to Grantee for any remaining unpaid funds under this Grant Agreement at time of termination. 3.2 NO DEBT AGAINST THE STATE This Grant Agreement will not be construed as creating any debt by or on behalf of the State of Texas. 3.3 DEBTS AND DELINQUENCIES Grantee agrees that any payments due under the Grant Agreement shall be directly applied towards eliminating any debt or delinquency it has to the State of Texas including, but not limited to, delinquent taxes, delinquent student loan payments, and delinquent child support during the entirety of the Grant Agreement term. 3.4 REFUNDS AND OVERPAYMENTS A. At its sole discretion, the System Agency may (i) withhold all or part of any payments to Grantee to offset overpayments, unallowable or ineligible costs made to the Grantee, or if any required financial status report(s) is not submitted by the due date(s); or (ii) require Grantee to promptly refund or credit - within thirty (30) calendar days of written notice — to System Agency any funds erroneously paid by System Agency which are not expressly authorized under the Grant Agreement. HHS Uniform Terms and Conditions — Grant v. 3.2 Effective July 2022 Page 10 of 29 DocuSign Envelope ID: 840D3DFE-Eglg-447C-871D-17373C8C6C32 threshold amount includes federal funds passed through by way of state agency awards. iv. If Grantee, within Grantee's fiscal year, expends at least SEVEN HUNDRED FIFTY THOUSAND DOLLARS ($750,000) in state funds awarded, Grantee shall have a single audit or program -specific audit in accordance with TxGMS. The audit must be conducted by an independent certified public accountant and in accordance with 2 CFR 200, Government Auditing Standards, and TxGMS. v. For -profit Grantees whose expenditures meet or exceed the federal or state expenditure thresholds stated above shall follow the guidelines in 2 CFR 200 or TxGMS, as applicable, for their program -specific audits. vi. Each Grantee required to obtain a single audit must competitively re -procure single audit services once every six years. Grantee shall procure audit services in compliance with this section, state procurement procedures, as well as with applicable provisions of 2 CFR 200 and TxGMS. B. Financial Statements. Each Grantee that does not meet the expenditure threshold for a single audit or program - specific audit, must provide financial statements for the audit period. 4.3 SUBMISSION OF AUDITS AND FINANCIAL STATEMENTS A. Audits. Due the earlier of 30 days after receipt of the independent certified public accountant's report or nine months after the end of the fiscal year, Grantee shall submit one electronic copy of the single audit or program -specific audit to the System Agency via: i. HHS portal at https:Hhhsportal.hhs.state.tx.us/heartwebextr/hhscSau or, ii. Email to: single audit rgporQahhsc.state.tx.us. B. Financial Statements. Due no later than nine months after the Grantee's fiscal year-end, Grantees not required to submit an audit, shall submit one electronic copy of their financial statements via: i. HHS portal at httl2s:Hhhsportal.hhs.state.tx.us/heartwebextr/hhscSau; or, ii. Email to: single audit report(d) hhsc. state. tx.us. ARTICLE V. WARRANTY, AFFIRMATIONS, ASSURANCES AND CERTIFICATIONS 5.1 WARRANTY Grantee warrants that all work under this Grant Agreement shall be completed in a manner consistent with standards under the terms of this Grant Agreement, in the applicable trade, profession, or industry; shall conform to or exceed the specifications set forth in the Grant Agreement; and all deliverables shall be fit for ordinary use, of good quality, and with no material defects. If System Agency, in its sole discretion, determines Grantee has failed to complete work timely or to perform satisfactorily under conditions required by this Grant Agreement, the System Agency may require Grantee, at its sole expense, to: i. Repair or replace all defective or damaged work; ii. Refund any payment Grantee received from System Agency for all defective or damaged work and, in conjunction therewith, require Grantee to accept the return of such work; and, HHS Uniform Terms and Conditions — Grant v. 3.2 Effective July 2022 Page 12 of 29 DocuSign Envelope ID: 840D3DFE-E919-447C-871 D-1 7373C8C6C32 D. In the event that Grantee has any rights in and to the Work Product that cannot be assigned to System Agency, Grantee hereby grants to System Agency an exclusive, worldwide, royalty -free, transferable, irrevocable, and perpetual license, with the right to sublicense, to reproduce, distribute, modify, create derivative works of, publicly perform and publicly display, make, have made, use, sell and offer for sale the Work Product and any products developed by practicing such rights. E. The foregoing does not apply to Incorporated Pre-existing Works or Third Party IP that are incorporated in the Work Product by Grantee. Grantee shall provide System Agency access during normal business hours to all Grantee materials, premises, and computer files containing the Work Product. 6.2 GRANTEE'S PRE-EXISTING WORKS A. To the extent that Grantee incorporates into the Work Product any works of Grantee that were created by Grantee or that Grantee acquired rights in prior to the Effective Date of this Grant Agreement ("Incorporated Pre-existing Works"), Grantee retains ownership of such Incorporated Pre-existing Works. B. Grantee hereby grants to System Agency an irrevocable, perpetual, non-exclusive, royalty -free, transferable, worldwide right and license, with the right to sublicense, to use, reproduce, modify, copy, create derivative works of, publish, publicly perform and display, sell, offer to sell, make and have made, the Incorporated Pre-existing Works, in any medium, with or without the associated Work Product. C. Grantee represents, warrants, and covenants to System Agency that Grantee has all necessary right and authority to grant the foregoing license in the Incorporated Pre- existing Works to System Agency. 6.3 THIRD PARTY IP A. To the extent that any Third Party IP is included or incorporated in the Work Product by Grantee, Grantee hereby grants to System Agency, or shall obtain from the applicable third party for System Agency's benefit, the irrevocable, perpetual, non-exclusive, worldwide, royalty -free right and license, for System Agency's internal business or governmental purposes only, to use, reproduce, display, perform, distribute copies of, and prepare derivative works based upon such Third Party IP and any derivative works thereof embodied in or delivered to System Agency in conjunction with the Work Product, and to authorize others to do any or all of the foregoing. B. Grantee shall obtain System Agency's advance written approval prior to incorporating any Third Party IP into the Work Product, and Grantee shall notify System Agency on delivery of the Work Product if such materials include any -Third Party IP. C. Grantee shall provide System Agency all supporting documentation demonstrating Grantee's compliance with this Section 6.3, including without limitation documentation indicating a third party's written approval for Grantee to use any Third Party IP that may be incorporated in the Work Product. 6.4 AGREEMENTS WITH EMPLOYEES AND SUBCONTRACTORS Grantee shall have written, binding agreements with its employees and subcontractors that include provisions sufficient to give effect to and enable Grantee's compliance with Grantee's obligations under this Article VI, Intellectual Property. HHS Uniform Terms and Conditions — Grant v. 3.2 Effective July 2022 Page 14 of 29 DocuSign Envelope ID: 840D3DFE-E919-447C-871D-17373C8C6C32 C. Grantee shall not remove State Property from the continental United States. In addition, Grantee may not use any computing device to access System Agency's network or e- mail while outside of the continental United States. D. Grantee shall not perform any maintenance services on State Property unless the Grant Agreement expressly authorizes such Services. E. During the time that State Property is in the possession of Grantee, Grantee shall be responsible for: i. all repair and replacement charges incurred by State Agency that are associated with loss of State Property or damage beyond normal wear and tear, and ii. all charges attributable to Grantee's use of State Property that exceeds the Grant Agreement scope. Grantee shall fully reimburse such charges to System Agency within ten (10) calendar days of Grantee's receipt of System Agency's notice of amount due. Use of State Property for a purpose not authorized by the Grant Agreement shall constitute breach of contract and may result in termination of the Grant Agreement and the pursuit of other remedies available to System Agency under contract, at law, or in equity. 7.2 DAMAGE TO STATE PROPERTY A. In the event of loss, destruction, or damage to any System Agency or State of Texas owned, leased, or occupied property or equipment by Grantee or Grantee's employees, agents, Subcontractors, or suppliers, Grantee shall be liable to System Agency and the State of Texas for the full cost of repair, reconstruction, or replacement of the lost, destroyed, or damaged property. B. Grantee shall notify System Agency of the loss, destruction, or damage of equipment or property within one (1) business day. Grantee shall reimburse System Agency and the State of Texas for such property damage within ten (10) calendar days after Grantee's receipt of System Agency's notice of amount due. 7.3 PROPERTY RIGHTS UPON TERMINATION OR EXPIRATION OF CONTRACT In the event the Grant Agreement is terminated for any reason or expires, State Property remains the property of the System Agency and must be returned to the System Agency by the earlier of the end date of the Grant Agreement or upon System Agency's request. 7.4 EQUIPMENT AND PROPERTY A The Grantee must ensure equipment with a per -unit cost of $5,000 or greater purchased with grant funds under this award is used solely for the purpose of this Grant or is properly pro -rated for use under this Grant. Grantee must have control systems to prevent loss, damage, or theft of property funded under this Grant. Grantee shall maintain equipment management and inventory procedures for equipment, whether acquired in part or whole with grant funds, until disposition occurs. B. When equipment acquired by Grantee under this Grant Agreement is no longer needed for the original project or for other activities currently supported by System Agency, the Grantee must properly dispose of the equipment pursuant to 2 CFR and/or TxGMS, as applicable. Upon termination of this Grant Agreement, use and disposal of equipment by the Grantee shall conform with TxGMS requirements. C. Grantee shall initiate the purchase of all equipment approved in writing by the System Agency in accordance with the schedule approved by System Agency, as applicable. HHS Uniform Terms and Conditions — Grant v. 3.2 Effective July 2022 Page 16 of 29 DocuSign Envelope ID: 840D3DFE-Eglg-447C-871D-17373C8C6C32 representatives. In addition, agencies of the State of Texas that shall have a right of access to records as described in this section include: the System Agency, HHS's contracted examiners, the State Auditor's Office, the Office of the Texas Attorney General, and any successor agencies. Each of these entities may be a duly authorized authority. C. If deemed necessary by the System Agency or any duly authorized authority, for the purpose of investigation or hearing, Grantee shall produce original documents related to this Grant Agreement. D. The System Agency and any duly authorized authority shall have the right to audit billings both before and after payment, and all documentation that substantiates the billings. E. Grantee shall include this provision concerning the right of access to, and examination of, sites and information related to this Grant Agreement in any Subcontract it awards. 8.3 RESPONSE/COMPLIANCE WITH AUDIT OR INSPECTION FINDINGS A. Grantee must act to ensure its and its Subcontractors' compliance with all corrections necessary to address any finding of noncompliance with any law, regulation, audit requirement, or generally accepted accounting principle, or any other deficiency identified in any audit, review, or inspection of the Grant Agreement and the services and Deliverables provided. Any such correction will be at Grantee's or its Subcontractor's sole expense. Whether Grantee's action corrects the noncompliance shall be solely the decision of the System Agency. B. As part of the services, Grantee must provide to HHS upon request a copy of those portions of Grantee's and its Subcontractors' internal audit reports relating to the services and Deliverables provided to the State under the Grant Agreement. 8.4 STATE AUDITOR'S RIGHT TO AUDIT The state auditor may conduct an audit or investigation of any entity receiving funds from the state directly under the Grant Agreement or indirectly through a subcontract under the Grant Agreement. The acceptance of funds directly under the Grant Agreement or indirectly through a subcontract under the Grant Agreement acts as acceptance of the authority of the state auditor, under the direction of the legislative audit committee, to conduct an audit or investigation in connection with those funds. Under the direction of the legislative audit committee, an entity that is the subject of an audit or investigation by the state auditor must provide the state auditor with access to any information the state auditor considers relevant to the investigation or audit. 8.5 CONFIDENTIALITY Grantee shall maintain as confidential and shall not disclose to third parties without System Agency's prior written consent, any System Agency information including but not limited to System Agency's business activities, practices, systems, conditions and services. This section will survive termination or expiration of this Grant Agreement. This requirement must be included in all subcontracts awarded by Grantee. HHS Uniform Terms and Conditions — Grant v. 3.2 Effective July 2022 Page 18 of 29 DocuSign Envelope ID: 840D3DFE-E919-447C-871D-17373C8C6C32 i. Material Breach The System Agency may terminate the Grant Agreement, in whole or in part, if the System Agency determines, in its sole discretion, that Grantee has materially breached the Grant Agreement or has failed to adhere to any laws, ordinances, rules, regulations or orders of any public authority having jurisdiction, whether or not such violation prevents or substantially impairs performance of Grantee's duties under the Grant Agreement. Grantee's misrepresentation in any aspect including, but not limited to, of Grantee's Solicitation Application, if any, or Grantee's addition to the SAM exclusion list (identification in SAM as an excluded entity) may also constitute a material breach of the Grant Agreement. ii. Failure to Maintain Financial Viability The System Agency may terminate the Grant Agreement if the System Agency, in its sole discretion, determines that Grantee no longer maintains the financial viability required to complete the services and deliverables, or otherwise fully perform its responsibilities under the Grant Agreement. B. System Agency will specify the effective date of such termination in the notice to Grantee. If no effective date is specified, the Grant Agreement will terminate on the date of the notification. 9.4 GRANTEE RESPONSIBILITY FOR SYSTEM AGENCY'S TERMINATION COSTS If the System Agency terminates the Grant Agreement for cause, the Grantee shall be responsibleto the System Agency for all costs incurred by the System Agency and the State of Texas to replace the Grantee. These costs include, but are not limited to, the costs of procuring a substitute grantee and the cost of any claim or litigation attributable to Grantee's failure to perform any work in accordance with the terms of the Grant Agreement. 9.5 INHERENTLY RELIGIOUS ACTIVITIES Grantee may not use grant funding to engage in inherently religious activities, such as proselytizing, scripture study, or worship. Grantees may engage in inherently religious activities; however, these activities must be separate in time or location from the grant - funded program. Moreover, grantees must not compel program beneficiaries to participate in inherently religious activities. These requirements apply to all grantees, not just faith -based organizations. 9.6 POLITICAL ACTIVITIES Grant funds cannot be used for the following activities: A. Grantees and their relevant sub -grantees or subcontractors are prohibited from using grant funds directly or indirectly for political purposes, including lobbying, advocating for legislation, campaigning for, endorsing, contributing to, or otherwise supporting political candidates or parties, and voter registration campaigns. Grantees may use private, or non -System Agency money or contributions for political purposes but may not charge to, or be reimbursed from, System Agency contracts or grants for the costs of such activities. B. Grant -funded employees may not use official authority or influence to achieve any political purpose and grant funds cannot be used for the salary, benefits, or any other compensation of an elected official. HHS Uniform Terms and Conditions — Grant v. 3.2 Effective July 2022 Page 20 of 29 DocuSign Envelope ID: 840D3DFE-E919-447C-871D-17373C8C6C32 AGENCY HAS ACCESS AS A RESULT OF GRANTEE'S PERFORMANCE UNDER THE GRANT AGREEMENT. 10.3 ADDITIONAL INDEMNITY PROVISIONS A. GRANTEE AND SYSTEM AGENCY AGREE TO FURNISH TIMELY WRITTEN NOTICE TO EACH OTHER OF ANY INDEMNITY CLAIM. GRANTEE SHALL BE LIABLE TO PAY ALL COSTS OF DEFENSE, INCLUDING ATTORNEYS' FEES. B. THE DEFENSE SHALL BE COORDINATED BY THE GRANTEE WITH THE OFFICE OF THE TEXAS ATTORNEY GENERAL WHEN TEXAS STATE AGENCIES ARE NAMED DEFENDANTS IN ANY LAWSUIT AND GRANTEE MAY NOT AGREE TO ANY SETTLEMENT WITHOUT FIRST OBTAINING THE CONCURRENCE FROM THE OFFICE OF THE TEXAS ATTORNEY GENERAL. C. GRANTEE SHALL REIMBURSE SYSTEM AGENCY AND THE STATE OF TEXAS FOR ANY CLAIMS, DAMAGES, COSTS, EXPENSES OR OTHER AMOUNTS, INCLUDING, BUT NOT LIMITED TO, ATTORNEYS' FEES AND COURT COSTS, ARISING FROM ANY SUCH CLAIM. IF THE SYSTEM AGENCY DETERMINES THAT A CONFLICT EXISTS BETWEEN ITS INTERESTS AND THOSE OF GRANTEE OR IF SYSTEM AGENCY IS REQUIRED BY APPLICABLE LAW TO SELECT SEPARATE COUNSEL, SYSTEM AGENCY WILL BE PERMITTED TO SELECT SEPARATE COUNSEL AND GRANTEE SHALL PAY ALL REASONABLE COSTS OF SYSTEM AGENCY'S COUNSEL. ARTICLE XI. GENERAL PROVISIONS 11.1 AMENDMENTS Except as otherwise expressly provided, the Grant Agreement may only be amended by a written Amendment executed by both Parties. 11.2 NO QUANTITY GUARANTEES The System Agency makes no guarantee of volume or usage of work under this Grant Agreement. All work requested may be on an irregular and as needed basis throughout the Grant Agreement term. 11.3 CHILD ABUSE REPORTING REQUIREMENTS A. Grantees shall comply with child abuse and neglect reporting requirements in Texas Family Code Chapter 261. This section is in addition to and does not supersede any other legal obligation of the Grantee to report child abuse. B. Grantee shall use the Texas Abuse Hotline Website located at https: www.txabusehotline.org Login/Default.aspx as required by the System Agency. Grantee shall retain reporting documentation on site and make it available for inspection by the System Agency. HHS Uniform Terms and Conditions — Grant v. 3.2 Effective July 2022 Page 22 of 29 DocuSign Envelope ID: 840D3DFE-E919-447C-871D-17373C8C6C32 obligation, expense, or liability of any kind on behalf of System Agency or the State of Texas. B. Grantee may not rely upon implied authority and is not granted authority under the Grant Agreement to: i. Make public policy on behalf of the System Agency; ii. Promulgate, amend, or disregard administrative regulations or program policy decisions made by State and federal agencies responsible for administration of a System Agency program; or iii. Unilaterally communicate or negotiate with any federal or state agency or the Texas Legislature on behalf of the System Agency regarding System Agency programs or the Grant Agreement. However, upon System Agency request and with reasonable notice from System Agency to the Grantee, the Grantee shall assist the System Agency in communications and negotiations regarding the Work under the Grant Agreement with state and federal governments. 11.7 CHANGE IN LAWS AND COMPLIANCE WITH LAWS Grantee shall comply with all laws, regulations, requirements and guidelines applicable to a Grantee providing services and products required by the Grant Agreement to the State of Texas, as these laws, regulations, requirements and guidelines currently exist and as amended throughout the term of the Grant Agreement. Notwithstanding Section 11.1, Amendments, above, System Agency reserves the right, in its sole discretion, to unilaterally amend the Grant Agreement to incorporate any modifications necessary for System Agency's compliance, as an agency of the State of Texas, with all applicable state and federal laws, regulations, requirements and guidelines. 11.8 SUBCONTRACTORS Grantee may not subcontract any or all of the Work and/or obligations under the Grant Agreement without prior written approval of the System Agency. Subcontracts, if any, entered into by the Grantee shall be in writing and be subject to the requirements of the Grant Agreement. Should Grantee subcontract any of the services required in the Grant Agreement, Grantee expressly understands and acknowledges System Agency is in no manner liable to any subcontractor(s) of Grantee. In no event shall this provision relieve Grantee of the responsibility for ensuring that the services performed under all subcontracts are rendered in compliance with the Grant Agreement. 11.9 PERMITTING AND LICENSURE At Grantee's sole expense, Grantee shall procure and maintain for the duration of this Grant Agreement any state, county, city, or federal license, authorization, insurance, waiver, permit, qualification or certification required by statute, ordinance, law, or regulation to be held by Grantee to provide the goods or services required by this Grant Agreement. Grantee shall be responsible for payment of all taxes, assessments, fees, premiums, permits, and licenses required by law. Grantee shall be responsible for payment of any such government obligations not paid by its Subcontractors during performance of this Grant Agreement. 11.10 INDEPENDENT CONTRACTOR Grantee and Grantee's employees, representatives, agents, Subcontractors, suppliers, and third -party service providers shall serve as independent contractors in providing the services HHS Uniform Terms and Conditions — Grant v. 3.2 Effective July 2022 Page 24 of 29 DocuSign Envelope ID: 840D3DFE-E919-447C-871 D-1 7373C8C6C32 11.15 NO IMPLIED WAIVER OF PROVISIONS The failure of the System Agency to object to or to take affirmative action with respect to any conduct of the Grantee which is in violation or breach of the terms of the Grant Agreement shall not be construed as a waiver of the violation or breach, or of any future violation or breach. 11.16 FUNDING DISCLAIMERS AND LABELING A. Grantee shall not use System Agency's name or refer to System Agency directly or indirectly in any media appearance, public service announcement, or disclosure relating to this Grant Agreement including any promotional material without first obtaining written consent from System Agency. The foregoing prohibition includes, without limitation, the placement of banners, pop-up ads, or other advertisements promoting Grantee's or a third party's products, services, workshops, trainings, or other commercial offerings on any website portal or internet-based service or software application hosted or managed by Grantee. This does not limit the Grantee's responsibility to comply with obligations related to the Texas Public Information Act or Texas Open Meetings Act. B. In general, no publication (including websites, reports, projects, etc.) may convey System Agency's recognition or endorsement of the Grantee's project without prior written approval from System Agency. Publications funded in part or wholly by HHS grant funding must include a statement that "HHS and neither any of its components operate, control, are responsible for, or necessarily endorse, this publication (including, without limitation, its content, technical infrastructure, and policies, and any services or tools provided)" at HHS's request. 11.17 MEDIA RELEASES A. Grantee shall not use System Agency's name, logo, or other likeness in any press release, marketing material or other announcement without System Agency's prior written approval. System Agency does not endorse any vendor, commodity, or service. Grantee is not authorized to make or participate in any media releases or public announcements pertaining to this Grant Agreement or the Services to which they relate without System Agency's prior written consent, and then only in accordance with explicit written instruction from System Agency. B. Grantee may publish, at its sole expense, results of Grantee performance under the Grant Agreement with the System Agency's prior review and approval, which the System Agency may exercise at its sole discretion. Any publication (written, visual, or sound) will acknowledge the support received from the System Agency and any Federal agency, as appropriate. 11.18 PROHIBITION ON NON -COMPETE RESTRICTIONS Grantee shall not require any employees or Subcontractors to agree to any conditions, such as non -compete clauses or other contractual arrangements, that would limit or restrict such persons or entities from employment or contracting with the State ofTexas. 11.19 SOVEREIGN IMMUNITY Nothing in the Grant Agreement will be construed as a waiver of the System Agency's or the State's sovereign immunity. This Grant Agreement shall not constitute or be construed as a waiver of any of the privileges, rights, defenses, remedies, or immunities available to the HHS Uniform Terms and Conditions — Grant v. 3.2 Effective July 2022 Page 26 of 29 DocuSign Envelope ID: 840D3DFE-E919-447C-871D-17373C8C6C32 participation in or denied any aid, care, service or other benefits provided by Federal or State funding, or otherwise be subjected to discrimination. C. Grantee agrees to comply with Title VI of the Civil Rights Act of 1964, and its implementing regulations at 45 C.F.R. Part 80 or 7 C.F.R. Part 15, prohibiting a contractor from adopting and implementing policies and procedures that exclude or have the effect of excluding or limiting the participation of clients in its programs, benefits, or activities on the basis of national origin. State and federal civil rights laws require contractors to provide alternative methods for ensuring access to services for applicants and recipients who cannot express themselves fluently in English. Grantee agrees to take reasonable steps to provide services and information, both orally and in writing, in appropriate languages other than English, in order to ensure that persons with limited English proficiency are effectively informed and can have meaningful access to programs, benefits, and activities. D. Grantee agrees to post applicable civil rights posters in areas open to the public informing clients of their civil rights and including contact information for the HHS Civil Rights Office. The posters are available on the HHS website at: https:/ihhs.texas.gov about-hhs our -rights. civil-rights-office/civil-rights-posters. E. Grantee agrees to comply with Executive Order 13279, and its implementing regulations at 45 C.F.R. Part 87 or 7 C.F.R. Part 16. These provide in part that any organization that participates in programs funded by direct financial assistance from the United States Department of Agriculture or the United States Department of Health and Human Services shall not discriminate against a program beneficiary or prospective program beneficiary on the basis of religion or religious belief. F. Upon request, Grantee shall provide HHSC's Civil Rights Office with copies of the Grantee's civil rights policies and procedures. G. Grantee must notify HHSC's Civil Rights Office of any complaints of discrimination received relating to its performance under this Grant Agreement. This notice must be delivered no more than ten (10) calendar days after receipt of a complaint. Notice provided pursuant to this section must be directed to: HHSC Civil Rights Office 701 W. 51 st Street, Mail CodeW206 Austin, Texas 78751 Phone Toll Free: (888) 388-6332 Phone: (512) 438-4313 Fax: (512) 438-5885 Email: HHSCivilRightsOffice@hhsc.state.tx.us. 11.25 ENTERPRISE INFORMATION MANAGEMENT STANDARDS Grantee shall conform to HHS standards for data management as described by the policies of the HHS Office of Data, Analytics, and Performance. These include, but are not limited to, standards for documentation and communication of data models, metadata, and other data definition methods that are required by HHS for ongoing data governance, strategic portfolio analysis, interoperability planning, and valuation of HHS System data assets. 11.26 DISCLOSURE OF LITIGATION A. The Grantee must disclose in writing to the contract manager assigned to this Grant Agreement any material civil or criminal litigation or indictment either threatened or HHS Uniform Terms and Conditions — Grant v. 3.2 Effective July 2022 Page 28 of 29 DocuSign Envelope ID: 840D3DFE-E919-447C-871D-17373C8C6C32 ATTACHMENT E HITS DATA USE AGREEMENT This Data Use Agreement ("DUA"), effective as of the date the Base Contract into which it is incorporated is signed ("Effective Date"), is entered into by and between a Texas Health and Human Services Enterprise agency ("HHS"), and the Contractor identified in the Base Contract, a political subdivision of the State of Texas ("CONTRACTOR. ARTICLE 1. PURPOSE; APPLICABILITY; ORDER OF PRECEDENCE The purpose of this DUA is to facilitate creation, receipt, maintenance, use, disclosure or access to Confidential Information with CONTRACTOR, and describe CONTRACTOR's rights and obligations with respect to the Confidential Information. 45 CFR 164.504(e)(1)-Q). This DUA also describes HHS's remedies in the event of CONTRACTOR's noncompliance with its obligations under this DUA. This DUA applies to both Business Associates and contractors who are not Business Associates who create, receive, maintain, use, disclose or have access to Confidential Information on behalf of HHS, its programs or clients as described in the Base Contract. As of the Effective Date of this DUA, if any provision of the Base Contract, including any General Provisions or Uniform Terms and Conditions, conflicts with this DUA, this DUA controls. ARTICLE 2. DEFINITIONS For the purposes of this DUA, capitalized, underlined terms have the meanings set forth in the following: Health Insurance Portability and Accountability Act of 1996, Public Law 104-191 (42 U.S.C. §1320d, et seq.) and regulations thereunder in 45 CFR Parts 160 and 164, including all amendments, regulations and guidance issued thereafter; The Social Security Act, including Section 1137 (42 U.S.C. §§ 1320b-7), Title XVI of the Act; The Privacy Act of 1974, as amended by the Computer Matching and Privacy Protection Act of 1988, 5 U.S.C. § 552a and regulations and guidance thereunder; Internal Revenue Code, Title 26 of the United States Code and regulations and publications adopted under that code, including IRS Publication 1075; OMB Memorandum 07-18; Texas Business and Commerce Code Ch. 521; Texas Government Code, Ch. 552, and Texas Government Code §2054.1125. In addition, the following terms in this DUA are defined as follows: "Authorized Purpose" means the specific purpose or purposes described in the Statement of Work of the Base Contract for CONTRACTOR to fulfill its obligations under the Base Contract, or any other purpose expressly authorized by HHS in writing in advance. "Authorized User" means a Person: (1) Who is authorized to create, receive, maintain, have access to, process, view, handle, examine, interpret, or analyze Confidential Information pursuant to this DUA; HHS Data Use Agreement TACCHO VERSION (Local City and County Entities) October 23, 2019 Page 1 of 15 DocuSign Envelope ID: 840D3DFE-E919-447C-871D-17373C8C6C32 a manner that is not expressly an Authorized Purpose under this DUA or as Required by Law. 45 CFR 164.502(b)(1); 45 CFR 164.514(d) (B) Except as Required by Law, CONTRACTOR will not disclose or allow access to any portion of the Confidential Information to any Person or other entity, other than Authorized User's Workforce or Subcontractors (as defined in 45 C.F.R. 160.103) of CONTRACTOR who have completed training in confidentiality, privacy, security and the importance of promptly reporting any Event or Breach to CONTRACTOR's management, to carry out CONTRACTOR's obligations in connection with the Authorized Purpose. HHS, at its election, may assist CONTRACTOR in training and education on specific or unique HHS processes, systems and/or requirements. CONTRACTOR will produce evidence of completed training to HHS upon request. 45 C.F.R. 164.308(a)(5)(i); Texas Health & Safety Code §181.101 All of CONTRACTOR's Authorized Users, Workforce and Subcontractors with access to a state computer system or database will complete a cybersecurity training program certified under Texas Government Code Section 2054.519 by the Texas Department of Information Resources. (C) CONTRACTOR will establish, implement and maintain appropriate sanctions against any member of its Workforce or Subcontractor who fails to comply with this DUA, the Base Contract or applicable law. CONTRACTOR will maintain evidence of sanctions and produce it to HHS upon request.45 C.F.R. 164.308(a)(1)(ii)(C); 164.530(e); 164.410(b); 164.530(b)(1) (D) CONTRACTOR will not, except as otherwise permitted by this DUA, disclose or provide access to any Confidential Information on the basis that such act is Required by Law without notifying either HHS or CONTRACTOR's own legal counsel to determine whether CONTRACTOR should object to the disclosure or access and seek appropriate relief. CONTRACTOR will maintain an accounting of all such requests for disclosure and responses and provide such accounting to HHS within 48 hours of HHS' request. 45 CFR 164.504(e)(2)(ii)(A) (E) CONTRACTOR will not attempt to re -identify or further identify Confidential Information or De -identified Information, or attempt to contact any Individuals whose records are contained in the Confidential Information, except for an Authorized Purpose, without express written authorization from HHS or as expressly permitted by the Base Contract. 45 CFR 164.502(d)(2)(i) and (ii) CONTRACTOR will not engage in prohibited marketing or sale of Confidential Information. 45 CFR 164.501, 164.508(a)(3) and (4); Texas Health & Safety Code Ch. 181.002 (F) CONTRACTOR will not permit, or enter into any agreement with a Subcontractor to, create, receive, maintain, use, disclose, have access to or transmit Confidential Information to carry out CONTRACTOR's obligations in connection with the Authorized Purpose on behalf of CONTRACTOR, unless Subcontractor agrees to comply with all applicable laws, rules and regulations. 45 CFR 164.502(e)(1)(ii); 164.504(e)(1)(i) and (2). HHS Data Use Agreement TACCHO VERSION (Local City and County Entities) October 23, 2019 Page 3 of 15 DocuSign Envelope ID: 840D3DFE-E919-447C-871 D-1 7373C8C6C32 proper management and administration of CONTRACTOR, or to carry out CONTRACTOR's legal responsibilities, if: 45 CFR 164.504(e)(4)(A). (1) Disclosure is Required by Law, provided that CONTRACTOR complies with Section 3.01(D); or (2) CONTRACTOR obtains reasonable assurances from the person or entity to which the information is disclosed that the person or entity will: (a)Maintain the confidentiality of the Confidential Information in accordance with this DUA; (b) Use or further disclose the information only as Required by Law or for the Authorized Purpose for which it was disclosed to the Person; and (c)Notify CONTRACTOR in accordance with Section 4.01 of any Event or Breach of Confidential Information of which the Person discovers or should have discovered with the exercise of reasonable diligence. 45 CFR 164.504(e)(4)(ii)(B). (N) Except as otherwise limited by this DUA, CONTRACTOR will, if required by law and requested by HHS, use commercially reasonable efforts to use PHI to provide data aggregation services to HHS, as that term is defined in the HIPAA, 45 C.F.R. § 164.501 and permitted by HIPAA. 45 CFR 164.504(e)(2)(i)(B) (0) CONTRACTOR will, on the termination or expiration of this DUA or the Base Contract, at its expense, send to HHS or Destroy, at HHS's election and to the extent reasonably feasible and permissible by law, all Confidential Information received from HHS or created or maintained by CONTRACTOR or any of CONTRACTOR's agents or Subcontractors on HHS's behalf if that data contains Confidential Information. CONTRACTOR will certify in writing to HHS that all the Confidential Information that has been created, received, maintained, used by or disclosed to CONTRACTOR, has been Destroyed or sent to HHS, and that CONTRACTOR and its agents and Subcontractors have retained no copies thereof. Notwithstanding the foregoing, HHS acknowledges and agrees that CONTRACTOR is not obligated to send to HHSC and/or Destroy any Confidential Information if federal law, state law, the Texas State Library and Archives Commission records retention schedule, and/or a litigation hold notice prohibit such delivery or Destruction. If such delivery or Destruction is not reasonably feasible, or is impermissible by law, CONTRACTOR will immediately notify HHS of the reasons such delivery or Destruction is not feasible, and agree to extend indefinitely the protections of this DUA to the Confidential Information and limit its further uses and disclosures to the purposes that make the return delivery or Destruction of the Confidential Information not feasible for as long as CONTRACTOR maintains such Confidential Information. 45 CFR 164.504(e)(2)(ii)(J) (P) CONTRACTOR will create, maintain, use, disclose, transmit or Destroy Confidential Information in a secure fashion that protects against any reasonably anticipated HHS Data Use Agreement TACCHO VERSION (Local City and County Entities) October 23, 2019 Page 5 of 15 DocuSign Envelope ID: 840D3DFE-E919-447C-871 D-1 7373C8C6C32 agreed to be bound by the terms of this DUA, at all times and supply it to HHS, as directed, upon request. (V) CONTRACTOR will implement, update as necessary, and document reasonable and appropriate policies and procedures for privacy, security and Breach of Confidential Information and an incident response plan for an Event or Breach, to comply with the privacy, security and breach notice requirements of this DUA prior to conducting work under the Statement of Work. 45 CFR 164.308; 164.316; 164.514(d); 164.530(i)(1). (W) CONTRACTOR will produce copies of its information security and privacy policies and procedures and records relating to the use or disclosure of Confidential Information received from, created by, or received, used or disclosed by CONTRACTOR for an Authorized Purpose for HHS's review and approval within 30 days of execution of this DUA and upon request by HHS the following business day or other agreed upon time frame. 45 CFR 164.308; 164.514(d). (X) CONTRACTOR will make available to HHS any information HHS requires to fulfill HHS's obligations to provide access to, or copies of, PHI in accordance with HIPAA and other applicable laws and regulations relating to Confidential Information. CONTRACTOR will provide such information in a time and manner reasonably agreed upon or as designated by the Secretary of the U.S. Department of Health and Human Services, or other federal or state law. 45 CFR 164.504(e)(2)(i)(I). (Y) CONTRACTOR will only conduct secure transmissions of Confidential Information whether in paper, oral or electronic form, in accordance with applicable rules, regulations and laws. A secure transmission of electronic Confidential Information in motion includes, but is not limited to, Secure File Transfer Protocol (SFTP) or Encryption at an appropriate level. If required by rule, regulation or law, HHS Confidential Information at rest requires Encryption unless there is other adequate administrative, technical, and physical security. All electronic data transfer and communications of Confidential Information will be through secure systems. Proof of system, media or device security and/or Encryption must be produced to HHS no later than 48 hours after HHS's written request in response to a compliance investigation, audit or the Discovery of an Event or Breach. Otherwise, requested production of such proof will be made as agreed upon by the parties. De -identification of HHS Confidential Information is a means of security. With respect to de -identification of PHI, "secure" means de -identified according to HIPAA Privacy standards and regulatory guidance. 45 CFR 164.312, 164.530(d). (Z) For each type of Confidential Information CONTRACTOR creates, receives, maintains, uses, discloses, has access to or transmits in the performance of the Statement of Work, CONTRACTOR will comply with the following laws rules and regulations, only to the extent applicable and required by law: Title 1, Part 10, Chapter 202, Subchapter B, Texas Administrative Code; • The Privacy Act of 1974; HHS Data Use Agreement TACCHO VERSION (Local City and County Entities) October 23, 2019 Page 7 of 15 DocuSign Envelope ID: 840D3DFE-E919-447C-871D-17373C8C6C32 (B) CONTRACTOR'S obligation begins at the Discovery of an Event or Breach and continues as long as related activity continues, until all effects of the Event are mitigated to HHS's reasonable satisfaction (the "incident response period"). 45 CFR 164.404. (C) Breach Notice: (1) Initial Notice. (a) For federal information, including without limitation, Federal Tax Information, Social Security Administration Data, and Medicaid Client Information, within the first, consecutive clock hour of Discovery, and for all other types of Confidential Information not more than 24 hours after Discovery, or in a timeframe otherwise approved by HHS in writing, initially report to HHS's Privacy and Security Officers via email at: privacy@HHSC.state.tx.us and to the HHS division responsible for this DUA; and IRS Publication 1075; Privacy Act of 1974, as amended by the Computer Matching and Privacy Protection Act of 1988, 5 U.S.C. § 552a; OMB Memorandum 07-16 as cited in HHSC-CMS Contracts for information exchange. (b) Report all information reasonably available to CONTRACTOR about the Event or Breach of the privacy or security of Confidential Information. 45 CFR 164.410. (c) Name, and provide contact information to HHS for, CONTRACTOR' single point of contact who will communicate with HHS both on and off business hours during the incident response period. (2) Formal Notice. No later than two business days after the Initial Notice above, provide formal notification to privacy@HHSC.state.tx.us and to the HHS division responsible for this DUA, including all reasonably available information about the Event or Breach, and CONTRACTOR's investigation, including without limitation and to the extent available: For (a) - (m) below: 45 CFR 164.400-414. (a) The date the Event or Breach occurred; (b) The date of CONTRACTOR's and, if applicable, Subcontractor's Discovery; (c) A brief description of the Event or Breach; including how it occurred and who is responsible (or hypotheses, if not yet determined); (d) A brief description of CONTRACTOR' investigation and the status of the investigation; (e) A description of the types and amount of Confidential Information involved; HHS Data Use Agreement TACCHO VERSION (Local City and County Entities) October 23, 2019 Page 9 of 15 DocuSign Envelope ID: 840D3DFE-E919-447C-871D-17373C8C6C32 expeditiously respond, and report as required to and by HHS for incident response purposes and for purposes of HHS's compliance with report and notification requirements, to the reasonable satisfaction of HHS. (B) CONTRACTOR will complete or participate in a risk assessment as directed by HHS following an Event or Breach, and provide the final assessment, corrective actions and mitigations to HHS for review and approval. (C) CONTRACTOR will fully cooperate with HHS to respond to inquiries and/or proceedings by state and federal authorities, Persons and/or Individuals about the Event or Breach. (D) CONTRACTOR will fully cooperate with HHS's efforts to seek appropriate injunctive relief or otherwise prevent or curtail such Event or Breach, or to recover or protect any Confidential Information, including complying with reasonable corrective action or measures, as specified by HHS in a Corrective Action Plan if directed by HHS under the Base Contract. 4.03 Breach Notification to Individuals and Reporting to Authorities. Tex. Bus. & Comm. Code §521.053; 45 CFR 164.404 (Individuals), 164.406 (Media); 164.408 (Authorities) (A) HHS may direct CONTRACTOR to provide Breach notification to Individuals, regulators or third -parties, as specified by HHS following a Breach. (B) CONTRACTOR shall give HHS an opportunity to review and provide feedback to CONTRACTOR and to confirm that CONTRACTOR's notice meets all regulatory requirements regarding the time, manner and content of any notification to Individuals, regulators or third -parties, or any notice required by other state or federal authorities, including without limitation, notifications required by Texas Business and Commerce Code, Chapter 521.053(b) and HIPAA. HHS shall have ten (10) business days to provide said feedback to CONTRACTOR. Notice letters will be in CONTRACTOR's name and on CONTRACTOR's letterhead, unless otherwise directed by HHS, and will contain contact information, including the name and title of CONTRACTOR's representative, an email address and a toll -free telephone number, if required by applicable law, rule, or regulation, for the Individual to obtain additional information. (C) CONTRACTOR will provide HHS with copies of distributed and approved communications. (D) CONTRACTOR will have the burden of demonstrating to the reasonable satisfaction of HHS that any notification required by HHS was timely made. If there are delays outside of CONTRACTOR's control, CONTRACTOR will provide written documentation of the reasons for the delay. HHS Data Use Agreement TACCHO VERSION (Local City and County Entities) October 23, 2019 Page 11 of 15 DocuSign Envelope ID: 840D3DFE-E919-447C-871D-17373C8C6C32 (B) Termination or Expiration of this DUA will not relieve CONTRACTOR of its obligation to return or Destroy the Confidential Information as set forth in this DUA and to continue to safeguard the Confidential Information until such time as determined by HHS. (C) If HHS determines that CONTRACTOR has violated a material term of this DUA; HHS may in its sole discretion: (1) Exercise any of its rights including but not limited to reports, access and inspection under this DUA and/or the Base Contract; or (2) Require CONTRACTOR to submit to a Corrective Action Plan, including a plan for monitoring and plan for reporting, as HHS may determine necessary to maintain compliance with this DUA; or (3) Provide CONTRACTOR with a reasonable period to cure the violation as determined by HHS; or (4) Terminate the DUA and Base Contract immediately, and seek relief in a court of competent jurisdiction in Texas. Before exercising any of these options, HHS will provide written notice to CONTRACTOR describing the violation, the requested corrective action CONTRACTOR may take to cure the alleged violation, and the action HHS intends to take if the alleged violated is not timely cured by CONTRACTOR. (D) If neither termination nor cure is feasible, HHS shall report the violation to the Secretary of the U.S. Department of Health and Human Services. (E) The duties of CONTRACTOR or its Subcontractor under this DUA survive the expiration or termination of this DUA until all the Confidential Information is Destroyed or returned to HHS, as required by this DUA. 6.05 Governing Law, Venue and Litigation (A) The validity, construction and performance of this DUA and the legal relations among the Parties to this DUA will be governed by and construed in accordance with the laws of the State of Texas. (B) The Parties agree that the courts of Texas, will be the exclusive venue for any litigation, special proceeding or other proceeding as between the parties that may be brought, or arise out of, or in connection with, or by reason of this DUA. 6.06 Injunctive Relief (A) CONTRACTOR acknowledges and agrees that HHS may suffer irreparable injury if CONTRACTOR or its Subcontractor fails to comply with any of the terms of this HHS Data Use Agreement TACCHO VERSION (Local City and County Entities) October 23, 2019 Page 13 of 15 DocuSign Envelope ID: 840D3DFE-E919-447C-871D-17373C8C6C32 6.10 Automatic Amendment and Interpretation If there is (i) a change in any law, regulation or rule, state or federal, applicable to HIPPA and/or Confidential Information, or (ii) any change in the judicial or administrative interpretation of any such law, regulation or rule„ upon the effective date of such change, this DUA shall be deemed to have been automatically amended, interpreted and read so that the obligations imposed on HHS and/or CONTRACTOR remain in compliance with such changes. Any ambiguity in this DUA will be resolved in favor of a meaning that permits HHS and CONTRACTOR to comply with HIPAA or any other law applicable to Confidential Information. HHS Data Use Agreement TACCHO VERSION (Local City and County Entities) October 23, 2019 Page 15 of 15 DocuSign Envelope ID: 840D3DFE-E919-447C-871D-17373C8C6C32 6. Type(s) of Texas HHS Confidential Information the HIPAA CIS IRS FTI CMS SSA PII Applicant/Bidder will create, receive, maintain, use, ❑ ❑ ❑ ❑ ❑ ❑ disclose or have access to: (Check all that apply) Other (Please List) • Health Insurance Portability and Accountability Act (HIPAA) data • Criminal Justice Information Services (CIIS) data • Internal Revenue Service Federal Tax Information (IRS FTI) data • Centers for Medicare & Medicaid Services (CMS) • Social Security Administration (SSA) • Personally Identifiable Information (PII) 7. Number of Storage Devices for Texas HHS Confidential Information (as defined in the Total # Texas HHS System Data Use Agreement (DUA)) (Sum a-d) Cloud Services involve using a network of remote servers hosted on the Internet to store, 0 manage, and process data, rather than a local server or a personal computer. A Data Center is a centralized repository, either physical or virtual, for the storage, management, and dissemination of data and information organized around a particular body of knowledge or pertaining to a particular business. a. Devices. Number of personal user computers, devices or drives, including mobile devices and mobile drives. b. Servers. Number of Servers that are not in a data center or using Cloud Services. c. Cloud Services. Number of Cloud Services in use. d. Data Centers. Number of Data Centers in use. S. Number of unduplicated individuals for whom Applicant/Bidder reasonably expects to Select Option handle Texas HHS Confidential Information during one year: (a-d) a. 499 individuals or less () a. b. 500 to 999 individuals 0 b. c. 1,000 to 99,999 individuals 0 C. d. 100,000 individuals or more d. 9. HIPAA Business Associate Agreement a. Will Applicant/Bidder use, disclose, create, receive, transmit or maintain protected o Yes health information on behalf of a HIPAA-covered Texas HHS agency for a HIPAA- No covered function? b. Does Applicant/Bidder have a Privacy Notice prominently displayed on a Webpage or a 0 Yes Public Office of Applicant/Bidder's business open to or that serves the public? (This is a C) No HIPAA requirement. Answer "N/A" if not applicable, such as for agencies not covered O N/A by HIPAA.) Action Plan for Compliance with a Timeline: Compliance Date: 10. Subcontractors. If the Applicant/Bidder responded "0" to Question 4 (indicating no subcontractors), check "N/A" for both 'a.' and 'b.' a. Does Applicant/Bidder require subcontractors to execute the DUA Attachment 1 0 Yes Subcontractor Agreement Form? 0 No N/A Action Plan for Compliance with a Timeline: Compliance Date: SPI Version 2.1 (06/2018) Texas HHS System - Data Use Agreement - Attachment 2: Page 2 of 18 SECURITY AND PRIVACY INQUIRY (SPI) DocuSign Envelope ID: 840D3DFE-E919-447C-871 D-1 7373C8C6C32 SECTION B: PRIVACY RISK ANALYSIS AND ASSESSMENT (To be completed by Applicant/Bidder) For any questions answered "No," an Action Plan for Compliance with a Timeline must be documented in the designated area below the question. The timeline for compliance with HIPAA-related requirements for safeguarding Protected Health Information is 30 calendar days from the date this form is signed. Compliance with requirements related to other types of Confidential Information must be confirmed within 90 calendar days from the date the form is signed. 1. Written Policies & Procedures. Does Applicant/Bidder have current written privacy and Yes or No security policies and procedures that, at a minimum: a. Does Applicant/Bidder have current written privacy and security policies and 0 Yes procedures that identify Authorized Users and Authorized Purposes (as defined in the 0 No DUA) relating to creation, receipt, maintenance, use, disclosure, access or transmission of Texas HHS Confidential Information? Action Plan for Compliance with a Timeline: Compliance Date: b. Does Applicant/Bidder have current written privacy and security policies and 0 Yes procedures that require Applicant/Bidder and its Workforce to comply with the 0 No applicable provisions of HIPAA and other laws referenced in the DUA, relating to creation, receipt, maintenance, use, disclosure, access or transmission of Texas HHS Confidential Information on behalf of a Texas HHS agency? Action Plan for Compliance with a Timeline: Compliance Date: c. Does Applicant/Bidder have current written privacy and security policies and procedures 0 Yes that limit use or disclosure of Texas HHS Confidential Information to the minimum that is 0 No necessary to fulfill the Authorized Purposes? Action Plan for Compliance with a Timeline: Compliance Date: d. Does Applicant/Bidder have current written privacy and security policies and procedures 0 Yes that respond to an actual or suspected breach of Texas HHS Confidential Information, to "No" "No" 0No include at a minimum (if any responses are check for all three): i. Immediate breach notification to the Texas HHS agency, regulatory authorities, and other required Individuals or Authorities, in accordance with Article 4 of the DUA; ii. Following a documented breach response plan, in accordance with the DUA and applicable law; & iii. Notifying Individuals and Reporting Authorities whose Texas HHS Confidential Information has been breached, as directed by the Texas HHS agency? SPI Version 2.1 (06/2018) Texas HHS System - Data Use Agreement - Attachment 2: Page 4 of 18 SECURITY AND PRIVACY INQUIRY (SPI) DocuSign Envelope ID: 840D3DFE-E919-447C-871D-17373C8C6C32 j. Does Applicant/Bidder have current written privacy and security policies and 0 Yes procedures that restrict permissions or attempts to re -identify or further identify 0 No de -identified Texas HHS Confidential Information, or attempt to contact any Individuals whose records are contained in the Texas HHS Confidential Information, except for an Authorized Purpose, without express written authorization from a Texas HHS agency or as expressly permitted by the Base Contract? Action Plan for Compliance with a Timeline: Compliance Date: k. If Applicant/Bidder intends to use, disclose, create, maintain, store or transmit Texas HHS 0 Yes Confidential Information outside of the United States, will Applicant/Bidder obtain the 0 No express prior written permission from the Texas HHS agency and comply with the Texas HHS agency conditions for safeguarding offshore Texas HHS Confidential Information? Action Plan for Compliance with a Timeline: Compliance Date: Does Applicant/Bidder have current written privacy and security policies and procedures 0 Yes that require cooperation with Texas HHS agencies' or federal regulatory inspections, 0 No audits or investigations related to compliance with the DUA or applicable law? Action Plan for Compliance with a Timeline: Compliance Date: m. Does Applicant/Bidder have current written privacy and security policies and 0 Yes procedures that require appropriate standards and methods to destroy or dispose of 0 No Texas HHS Confidential Information? Action Plan for Compliance with a Timeline: Compliance Date: n. Does Applicant/Bidder have current written privacy and security policies and procedures 0 Yes that prohibit disclosure of Applicant/Bidder's work product done on behalf of Texas HHS 0 No pursuant to the DUA, or to publish Texas HHS Confidential Information without express prior approval of the Texas HHS agency? Action Plan for Compliance with a Timeline: Compliance Date: 2. Does Applicant/Bidder have a current Workforce training program? 0 Yes Training of Workforce must occur at least once every year, and within 30 days of date of hiring a new 0 No Workforce member who will handle Texas HHS Confidential Information. Training must include: (1) privacy and security policies, procedures, plans and applicable requirements for handling Texas HHS Confidential Information, (2) a requirement to complete training before access is given to Texas HHS Confidential Information, and (3) written proof of training and a procedure for monitoring timely completion of training. SPI Version 2.1 (06/2018) Texas HHS System - Data Use Agreement - Attachment 2: Page 6 of 18 SECURITY AND PRIVACY INQUIRY (SPI) n.._.. Q:-- Cn. clnnen— ff^4^ — e7 A This section is about your electronic system. If your business DOES NOT store, access, or No Electronic ctransmit Texas HHS Confidential Information in electronic systems (e.g., laptop, personal Systems use computer, mobile device, database, server, etc.) select the box to the right, and ❑ "YES" will be entered for all questions in this section. For any questions answered "No," an Action Plan for Compliance with a Timeline must be documented in the designated area below the question. The timeline for compliance with HIPAA-related items is 30 calendar days, PII-related items is 90 calendar days. 1. Does the Applicant/Bidder ensure that services which access, create, disclose, receive, Yes transmit, maintain, or store Texas HHS Confidential Information are maintained IN the C) No United States (no offshoring) unless All of the following requirements are met? a. The data is encrypted with FIPS 140-2 validated encryption b. The offshore provider does not have access to the encryption keys c. The Applicant/Bidder maintains the encryption key within the United States d. The Application/Bidder has obtained the express prior written permission of the Texas HHS agency For more information regarding FIP5140-2 encryption products, please refer to: h ttp://csrc. nist. aov/publications/figs Action Plan for Compliance with a Timeline: Compliance Date: 2. Does Applicant/Bidder utilize an IT security -knowledgeable person or company to maintain O Yes or oversee the configurations of Applicant/Bidder's computing systems and devices? () No Action Plan for Compliance with a Timeline: Compliance Date: 3. Does Applicant/Bidder monitor and manage access to Texas HHS Confidential Information o Yes (e.g., a formal process exists for granting access and validating the need for users to access No Texas HHS Confidential Information, and access is limited to Authorized Users)? Action Plan for Compliance with a Timeline: Compliance Date: 4. Does Applicant/Bidder a) have a system for changing default passwords, b) require user ()Yes password changes at least every 90 calendar days, and c) prohibit the creation of weak C) No passwords (e.g., require a minimum of 8 characters with a combination of uppercase, lowercase, special characters, and numerals, where possible) for all computer systems that access or store Texas HHS Confidential Information. If yes, upon request must provide evidence such as a screen shot or a system report. Action Plan for Compliance with a Timeline: Compliance Date: SPI Version 2.1 (06/2018) Texas HHS System - Data Use Agreement - Attachment 2: Page 8 of 18 SECURITY AND PRIVACY INQUIRY (SPI) DocuSign Envelope ID: 840D3DFE-E9l9-447C-871D-17373C8C6C32 10. Does Applicant/Bidder use encryption products to protect Texas HHS Confidential Yes Information that is transmitted over a public network (e.g., the Internet, WiFi, etc.)? O No If yes, upon request must provide evidence such as a screen shot or a system report. Encryption is required for all HHS Confidential Information. Additionally, FIPS 140-2 validated encryption is required for Health Insurance Portability and Accountability Act (HIPAA) data, Criminal Justice Information Services (CJIS) data, Internal Revenue Service Federal Tax Information (IRS FTI) data, and Centers for Medicare & Medicaid Services (CMS) data. For more information regarding FIPS 140-2 encryption products, please refer to: http://csrc. nist. aov/publications/figs Action Plan for Compliance with a Timeline: Compliance Date: 11. Does Applicant/Bidder use encryption products to protect Texas HHS Confidential () Yes Information stored on end user devices (e.g., laptops, USBS, tablets, smartphones, external O No hard drives, desktops, etc.)? If yes, upon request must provide evidence such as a screen shot or a system report. Encryption is required for all Texas HHS Confidential Information. Additionally, FIPS 140-2 validated encryption is required for Health Insurance Portability and Accountability Act (H/PAA) data, Criminal Justice Information Services (CJ/S) data, Internal Revenue Service Federal Tax Information (IRS FTI) data, and Centers for Medicare & Medicaid Services (CMS) data. For more information regarding FIPS 140-2 encryption products, please refer to: http://csrc. nist. gov/publ ications/fips Action Plan for Compliance with a Timeline: Compliance Date: 12. Does Applicant/Bidder require Workforce members to formally acknowledge rules outlining 0 Yes their responsibilities for protecting Texas HHS Confidential Information and associated 0 No systems containing HHS Confidential Information before their access is provided? Action Plan for Compliance with a Timeline: Compliance Date: 13. Is Applicant/Bidder willing to perform or submit to a criminal background check on Q Yes Authorized Users? 0 No Action Plan for Compliance with a Timeline: Compliance Date: 14. Does Applicant/Bidder prohibit the access, creation, disclosure, reception, transmission, Q Yes maintenance, and storage of Texas HHS Confidential Information with a subcontractor 0 No (e.g., cloud services, social media, etc.) unless Texas HHS has approved the subcontractor agreement which must include compliance and liability clauses with the same requirements as the Applicant/Bidder? Action Plan for Compliance with a Timeline: Compliance Date: SPI Version 2.1 (06/2018) Texas HHS System - Data Use Agreement - Attachment 2: Page 10 of 18 SECURITY AND PRIVACY INQUIRY (SPI) DocuSign Envelope ID: 840D3DFE-E919-447C-871 D-1 7373C8C6C32 SECTION D: SIGNATURE AND SUBMISSION (to be completed by Applicant/Bidder) Please sign the form digitally, if possible. If you can't, provide a handwritten signature. 1.1 certify that all of the information provided in this form is truthful and correct to the best of my knowledge. If I learn that any such information was not correct, I agree to notify Texas HHS of this immediately. 2. Signature 3. Title . Date: To submit the completed, signed form: • Email the form as an attachment to the appropriate Texas HHS Contract Manager(s). SectionTo Be Completed by Agency(s): Requesting De artment(s): HHSC: � DFPS: � DSHS: 1-3 Legal Entity Tax Identification Number (TIN) (Last four Only): PO/Contract(s) #: Contract Manager: Contract Manager Email Address: Contract Manager Telephone #: Contract Manager: Contract Manager Email Address: Contract Manager Telephone #: Contract Manager: Contract Manager Email Address: Contract Manager Telephone #: Contract Manager: Contract Manager Email Address: Contract Manager Telephone #: Contract Manager: Contract Manager Email Address: Contract Manager Telephone #: Contract Manager: Contract Manager Email Address: Contract Manager Telephone #: Contract Manager: Contract Manager Email Address: Contract Manager Telephone #: Contract Manager: Contract Manager Email Address: Contract Manager Telephone #: SPI Version 2.1 (06/2018) Texas HHS System - Data Use Agreement - Attachment 2: Page 12 of 18 SECURITY AND PRIVACY INQUIRY (SPI) DocuSign Envelope ID: 840D3DFE-E919-447C-871D-17373C8C6C32 141 reaerai lax ►nlormavon; (5) Personally Identifiable Information; (6) Social Security Administration Data, including, without limitation, Medicaid information; (7) All privileged work product, (8) All information designated as confidential under the constitution and laws of the State of Texas and of the United States, including the Texas Health & Safety Code and the Texas Public Information Act, Texas Government Code, Chapter 552. Definitions for the following types of confidential information can be found the following sites: • Health Insurance Portability and Accountability Act (HIPAA) - http://www.hhs.gov/hipaa/index.html • Criminal Justice Information Services (C11S) - https.11www.fbi.gov/serviceslciislciis-security-policy-resource-center • Internal Revenue Service Federal Tax Information (IRS FTI) - https://www.irs.gov/pub/irs-pdflplo75.pdf • Centers for Medicare & Medicaid Services (CMS) - https://www.cros.gov/Regulations-and-Guidance/Regulations-and- Guidance.html • Social Security Administration (SSA) - https://www.ssa.gov/regulations/ • Personally Identifiable Information (Pll) - http://Csrc.nist.govlpublicationslnistpubsl800-l221sp800-l22.pdf Item #7. Number of Storage devices for Texas HHS Confidential Information. The total number of devices is automatically calculated by exiting the fields in lines a - d. Use the <Tab> key when exiting the field to prompt calculation, if it doesn't otherwise sum correctly. • Item 7a. Devices. Provide the number of personal user computers, devices, and drives (including mobile devices, laptops, USB drives, and external drives) on which your business stores or will store Texas HHS Confidential Information. • Item 7b. Servers. Provide the number of servers not housed in a data center or "in the cloud, "on which Texas HHS Confidential Information is stored or will be stored. A server is a dedicated computer that provides data or services to other computers. It may provide services or data to systems on a local area network (LAN) or a wide area network (WAN) over the Internet. If none, answer "0" (zero). • Item 7c. Cloud Services. Provide the number of cloud services to which Texas HHS Confidential Information is stored. Cloud Services involve using a network of remote servers hosted on the Internet to store, manage, and process data, rather than on a local server or a personal computer. If none, answer "0" (zero.) • Item 7d. Data Centers. Provide the number of data centers in which you store Texas HHS Confidential Information. A Data Center is a centralized repository, either physical or virtual, for the storage, management, and dissemination of data and information organized around a particular body of knowledge or pertaining to a particular business. If none, answer "0" (zero). Item #8. Number of unduplicated individuals for whom the Applicant/Bidder reasonably expects to handle Texas HHS Confidential Information during one year. Select the radio button that corresponds with the number of clients/consumers for whom you expect to handle Confidential Information during a year. Only count clients/consumers once, no matter how many direct services the client receives during a year. Item #9. HIPAA Business Associate Agreement. • Item #9a. Answer "Yes" if your business will use, disclose, create, receive, transmit, or store information relating to a client/consumer's healthcare on behalf of the Department of State Health Services, the Department of Disability and Aging Services, or the Health and Human Services Commission for treatment, payment, or operation of Medicaid or Medicaid clients. If your contract does not include HIPAA covered information, respond "no."If "no,"a compliance plan is not required. • Item #9b. Answer "Yes" if your business has a notice of privacy practices (a document that explains how you protect and use a client/consumer's healthcare information) displayed either on a website (if one exists for your business) or in your place of business (if that location is open to clients/consumers or the public). If your contract does not include HIPAA covered information, respond "N/A." Item #10. Subcontractors. If your business responded "0" to question 4 (number of subcontractors), Answer "N/A" to Items 10a and 1Ob to indicate not applicable. • Item #10a. Answer "Yes" if your business requires that all subcontractors sign Attachment 1 of the DUA. • Item #10b. Answer "Yes" if your business obtains Texas HHS approval before permitting subcontractors to handle Texas HHS Confidential Information on your business's behalf. Item #11. Optional Insurance. Answer "yes" if applicant has optional insurance in place to provide coverage for a Breach or any g SPI Version 2.1 (06/2018) Texas HHS System - Data Use Agreement - Attachment 2: Page 14 of 18 SECURITY AND PRIVACY INQUIRY (SPI) DocuSign Envelope ID: 840D3DFE-E919-447C-871D-17373C8C6C32 • Item W. Answer "Yes" if your business has written policies and procedures requiring you to allow individuals (clients/consumers) to access their individual record of Texas HHS Confidential Information, and allow them to amend or correct that information, if applicable. • Item #1g. Answer "Yes" if your business has written policies and procedures restricting access to Texas HHS Confidential Information to only persons who have been authorized and trained on how to handle Texas HHS Confidential Information • Item #1h. Answer "Yes" if your business has written policies and procedures requiring sanctioning of any subcontractor, employee, trainee, volunteer, or anyone whose work you direct when they have accessed Texas HHS Confidential Information but are not authorized to do so, and that you have a method of proving that you have sanctioned such an individuals. If you are the only employee, you must demonstrate how you will document the noncompliance, update policies and procedures if needed, and seek additional training or education to prevent future occurrences. • Item #1i. Answer "Yes" if your business has written policies and procedures requiring you to update your policies within 60 days after you have made changes to how you use or disclose Texas HHS Confidential Information. • Item #1j. Answer "Yes" if your business has written policies and procedures requiring you to restrict attempts to take de -identified data and re -identify it or restrict any subcontractor, employee, trainee, volunteer, or anyone whose work you direct, from contacting any individuals for whom you have Texas HHS Confidential Information except to perform obligations under the contract, or with written permission from Texas HHS. • Item #1k. Answer "Yes" if your business has written policies and procedures prohibiting you from using, disclosing, creating, maintaining, storing or transmitting Texas HHS Confidential Information outside of the United States. • Item #11. Answer "Yes" if your business has written policies and procedures requiring your business to cooperate with HHS agencies or federal regulatory entities for inspections, audits, or investigations related to compliance with the DUA or applicable law. • Item #1m. Answer "Yes" if your business has written policies and procedures requiring your business to use appropriate standards and methods to destroy or dispose of Texas HHS Confidential Information. Policies and procedures should comply with Texas HHS requirements for retention of records and methods of disposal. • Item #1n. Answer "Yes" if your business has written policies and procedures prohibiting the publication of the work you created or performed on behalf of Texas HHS pursuant to the DUA, or other Texas HHS Confidential Information, without express prior written approval of the HHS agency. Item #2. Answer "Yes" if your business has a current training program that meets the requirements specified in the SPI for you, your employees, your subcontractors, your volunteers, your trainees, and any other persons under you direct supervision. Item #3. Answer "Yes" if your business has privacy safeguards to protect Texas HHS Confidential Information as described in the SPI. Item #4. Answer "Yes" if your business maintains current lists of persons in your workforce, including subcontractors (if applicable), who are authorized to access Texas HHS Confidential Information. If you are the only person with access to Texas HHS Confidential Information, please answer "yes." Item #5. Answer "Yes" if your business and subcontractors (if applicable) monitor for and remove from the list of Authorized Users, members of the workforce who are terminated or are no longer authorized to handle Texas HHS Confidential Information. If you are the only one with access to Texas HHS Confidential Information, please answer "Yes." SECTION C. SECURITY RISK ANALYSIS AND ASSESSMENT This section is about your electronic systems. If you DO NOT store Texas HHS Confidential Information in electronic systems (e.g., laptop, personal computer, mobile device, database, server, etc.), select the "No Electronic Systems" box and respond "Yes" for all questions in this section. Item #1. Answer "Yes" if your business does not "offshore" or use, disclose, create, receive, transmit or maintain Texas HHS Confidential Information outside of the United States. If you are not certain, contact your provider of technology services (application, cloud, data center, network, etc.) and request confirmation that they do not off- shore their data. SPI Version 2.1 (06/2018) Texas HHS System - Data Use Agreement - Attachment 2: Page 16 of 18 SECURITY AND PRIVACY INQUIRY (SPI) DocuSign Envelope ID: 840D3DFE-E919-447C-871D-17373C8C6C32 Item #12. Answer "Yes" if your business requires employees, volunteers, trainees and other workforce members to sign a document that clearly outlines their responsibilities for protecting Texas HHS Confidential Information and associated systems containing Texas HHS Confidential Information before they can obtain access. If you are the only employee answer "Yes" if you have signed or are willing to sign the DUA, acknowledging your adherence to requirements and responsibilities. Item #13. Answer "Yes" if your business is willing to perform a criminal background check on employees, subcontractors, volunteers, or trainees who access Texas HHS Confidential Information. If you are the only employee, answer "Yes" if you are willing to submit to a background check. Item #14. Answer "Yes" if your business prohibits the access, creation, disclosure, reception, transmission, maintenance, and storage of Texas HHS Confidential Information on Cloud Services or social media sites if you use such services or sites, and there is a Texas HHS approved subcontractor agreement that includes compliance and liability clauses with the same requirements as the Applicant/Bidder. If you do not utilize Cloud Services or media sites for storing Texas HHS Confidential Information, answer "Yes." Item #15. Answer "Yes" if your business keeps current on security updates/patches (including firmware, software and applications) for computing systems that use, disclose, access, create, transmit, maintain or store Texas HHS Confidential Information. If you use a Microsoft Windows system, refer to the Microsoft website on how to ensure your system is automatically updating, see example: h ttps://portal. msrc. microsoft. com/en-us/ Item #16. Answer "Yes" if your business's computing systems that use, disclose, access, create, transmit, maintain or store Texas HHS Confidential Information contain up-to-date anti-malware and antivirus protection. If you use a Microsoft Windows system, refer to the Microsoft website on how to ensure your system is automatically updating, see example: https.11docs. microsoft.com/en-us/windows/security/threat-protection/ Item #17. Answer "Yes" if your business reviews system security logs on computing systems that access or store Texas HHS Confidential Information for abnormal activity or security concerns on a regular basis. If you use a Microsoft Windows system, refer to the Microsoft website for ensuring your system is logging security events, see example: https://docs. microsoft. com/en-us/windows/security/threat-protection/auditing/basic-security-audit-policies Item #18. Answer "Yes" if your business disposal processes for Texas HHS Confidential Information ensures that Texas HHS Confidential Information is destroyed so that it is unreadable or undecipherable. Simply deleting data or formatting the hard drive is not enough; ensure you use products that perform a secure disk wipe. Please see NIST SP 800-88 R1, Guidelines for Media Sanitization and the applicable laws and regulations for the information type for further guidance. Item #19. Answer "Yes" if your business ensures that all public facing websites and mobile applications containing HHS Confidential Information meet security testing standards set forth within the Texas Government Code (TGC), Section 2054.516 SECTION D. SIGNATURE AND SUBMISSION Click on the signature area to digitally sign the document. Email the form as an attachment to the appropriate Texas HHS Contract Manager. SPI Version 2.1 (06/2018) Texas HHS System - Data Use Agreement - Attachment 2: Page 18 of 18 SECURITY AND PRIVACY INQUIRY (SPI) DocuSign Envelope ID: 840D3DFE-E919-447C-871D-17373C8C6C32 TABLE OF CONTENTS 1. ELECTRICAL ITEMS........................................................................................................ 3 2. DISASTER SERVICES........................................................................................................ 3 3. NOTICE OF A LICENSE ACTION................................................................................... 3 4. SERVICES AND INFORMATION FOR PERSONS WITH LIMITED ENGLISH PROFICIENCY..............................................................................................4 5. THIRD PARTY PAYORS................................................................................................... 4 6. MEDICAL RECORDS RETENTION................................................................................ 4 7. INTERIM EXTENSION AMENDMENT.......................................................................... 5 8. NOTICE OF CRIMINAL ACTIVITY AND DISCIPLINARY ACTIONS .................... 5 9. NOTICE OF GRANT AGREEMENT/CONTRACT ACTION ....................................... 5 10. NOTICE OF BANKRUPTCY............................................................................................. 6 11. NOTICE OF CHANGE OF CONTACT PERSON OR KEY PERSONNEL ................. 6 12. BYRD ANTI -LOBBYING AMENDMENT....................................................................... 6 13. CLEAN AIR ACT AND FEDERAL WATER POLLUTION CONTROL ACT .......... 6 14. COMPLIANCE WITH LAWS, RULES, AND REQUIREMENTS ................................ 6 15. DISCLOSURE OF VIOLATIONS OF FEDERAL CRIMINAL LAW .......................... 7 16. EXCLUDED PARTIES........................................................................................................ 7 17. NO CONFLICTS OF INTEREST (FEDERAL)................................................................ 8 18. OPEN MEETINGS............................................................................................................... 8 19. RECORDS RETENTION (FEDERAL)............................................................................. 8 Health and Human Services Additional Provisions V.1.0 — Grant Funding Effective: February 2021 Page 2 of 8 DocuSign Envelope ID: 840D3DFE-E919-447C-871D-17373C8C6C32 4. SERVICES AND INFORMATION FOR PERSONS WITH LIMITED ENGLISH PROFICIENCY A. Grantee/Contractor shall take reasonable steps to provide services and information both orally and in writing, in appropriate languages other than English, to ensure that persons with limited English proficiency are effectively informed and can have meaningful access to programs, benefits and activities. Meaningful access may entail providing language assistance services, including oral interpretation and written translation, if necessary. More information can be found at https://www.lep.gov/. B. Grantee/Contractor shall identify and document on the client records the primary language/dialect of a client who has limited English proficiency and the need for translation or interpretation services and shall not require a client to provide or pay for the services of a translator or interpreter. C. Grantee/Contractor shall make every effort to avoid use of any persons under the age of 18 or any family member or friend of the client as an interpreter for essential communications with a client with limited English proficiency, unless the client has requested that person and using the person would not compromise the effectiveness of services or violate the client's confidentiality and the client is advised that a free interpreter is available. 5. THIRD PARTY PAYORS A. Except as provided in this Grant Agreement/Contract, Grantee/Contractor shall screen all clients and may not bill the System Agency for services eligible for reimbursement from third party payors, who are any person or entity who has the legal responsibility for paying for all or part of the services provided, including commercial health or liability insurance carriers, Medicaid, or other federal, state, local and private funding sources. B. As applicable, the Grantee/Contractor shall: i. Enroll as a provider in Children's Health Insurance Program and Medicaid if providing approved services authorized under this Grant Agreement/Contract that may be covered by those programs and bill those programs for the covered services; ii. Provide assistance to individuals to enroll in such programs when the screening process indicates possible eligibility for such programs; iii. Allow clients that are otherwise eligible for System Agency services, but cannot pay a deductible required by a third party payor, to receive services and bill the System Agency for the deductible; iv. Not bill the System Agency for any services eligible for third party reimbursement until all appeals to third party payors have been exhausted; v. Maintain appropriate documentation from the third party payor reflecting attempts to obtain reimbursement; vi. Bill all third party payors for services provided under this Grant Agreement/Contract before submitting any request for reimbursement to System Agency; and vii. Provide third party billing functions at no cost to the client. 6. MEDICAL RECORDS RETENTION Grantee/Contractor shall retain medical records in accordance with 22 TAC § 165.1(b) or other applicable statutes, rules and regulations governing medical information. Health and Human Services Additional Provisions V.1.0 - Grant Funding Effective: February 2021 Page 4 of 8 DocuSign Envelope ID: 840D3DFE-E919-447C-871 D-1 7373C8C6C32 10. NOTICE OF BANKRUPTCY Grantee Contractor shall notify in writing the assigned System Agency contract manager of its plan to seek bankruptcy protection within five business days of such action by Grantee./Contractor. 11. NOTICE OF CHANGE OF CONTACT PERSON OR KEY PERSONNEL The Grantee;Contractor shall notify in writing the assigned System Agency contract manager within ten business days of any change to the Grantee/Contractor's Contact Person or Key Personnel. 12. BYRD ANTI -LOBBYING AMENDMENT Grantee certifies that no federal appropriated funds have been paid or will be paid to any persons or organization for influencing or attempting to influence an officer or employee of any agency, a member of Congress, an officer or employee of Congress, or an employee of a member of Congress on its behalf to obtain, extend, or modify this contract or grant. If non-federal funds are used by Grantee to conduct such lobbying activities, Grantee shall promptly file the prescribed disclosure form. In accordance with 31 U.S.C. § 1352(b)(5), Grantee acknowledges and agrees that it is responsible for ensuring that each subrecipient and subcontractor certifies its compliance with the expenditures prohibition and the declaration requirement. 13. CLEAN AIR ACT AND FEDERAL WATER POLLUTION CONTROL ACT Grantee represents and warrants that it will comply with all applicable standards, orders, or regulations issued pursuant to the Clean Air Act (42 U.S.C. 7401-7671q) and the Federal Water Pollution Control Act as amended (33 U.S.C. 1251-1387). 14. COMPLIANCE WITH LAWS, RULES, AND REQUIREMENTS Grantee represents and warrants that it will comply, and assure the compliance of all its subrecipients and contractors, with all applicable federal and state laws, rules, regulations, and policies in effect or hereafter established. In addition, Grantee represents and warrants that it will comply with all requirements imposed by the awarding agency concerning special requirements of law, program requirements, and other administrative requirements. In instances where multiple requirements apply to Grantee, the more restrictive requirement applies. Health and Human Services Additional Provisions V.1.0 Grant Funding Effective: February 2021 Page 6 of 8 DocuSign Envelope ID: 840D3DFE-E919-447C-871 D-1 7373C8C6C32 17. NO CONFLICTS OF INTEREST (FEDERAL) Grantee represents and warrants its compliance with the Federal awarding agency's conflict of interest policies in accordance with 2 CFR § 200.112. 18. OPEN MEETINGS If the Grantee is a governmental entity, Grantee represents and warrants its compliance with Chapter 551 of the Texas Government Code which requires all regular, special, and called meetings of a governmental body to be open to the public, except as otherwise provided by law. 19. RECORDS RETENTION (FEDERAL) Grantee represents and warrants its compliance with the records retention requirements of 2 CFR §200.333. System Agency reserves the right to direct Grantee to retain documents for a longer period of time or transfer certain records to System Agency's custody when it is determined the records possess longer term retention value. Grantee must include the substance of this clause in all subaward and subcontracts. REMAINDER OF PAGE INTENTIONALLY LEFT BLANK Health and Human Services Additional Provisions V.1.0 — Grant Funding Effective: February 2021 Page 8 of 8 DocuSign Envelope ID: 840D3DFE-E919-447C-871 D-1 7373C8C6C32 9. Will comply, as applicable, with the provisions of the Davis- 13. Will assist the awarding agency in assuring compliance Bacon Act (40 U.S.C. §§276a to 276a-7), the Copeland Act with Section 106 of the National Historic Preservation (40 U.S.C. §276c and 18 U.S.C. §874), and the Contract Act of 1966, as amended (16 U.S.C. §470), EO 11593 Work Hours and Safety Standards Act (40 U.S.C. §§327- (identification and protection of historic properties), and 333), regarding labor standards for federally -assisted the Archaeological and Historic Preservation Act of construction subagreements. 1974 (16 U.S.C. §§469a-1 et seq.). 10. Will comply, if applicable, with flood insurance purchase requirements of Section 102(a) of the Flood Disaster Protection Act of 1973 (P.L. 93-234) which requires recipients in a special flood hazard area to participate in the program and to purchase flood insurance if the total cost of insurable construction and acquisition is $10,000 or more. 11. Will comply with environmental standards which may be prescribed pursuant to the following: (a) institution of environmental quality control measures under the National Environmental Policy Act of 1969 (P.L. 91-190) and Executive Order (EO) 11514; (b) notification of violating facilities pursuant to EO 11738; (c) protection of wetlands pursuant to EO 11990; (d) evaluation of flood hazards in floodplains in accordance with EO 11988; (e) assurance of project consistency with the approved State management program developed under the Coastal Zone Management Act of 1972 (16 U.S.C. §§1451 et seq.); (f) conformity of Federal actions to State (Clean Air) Implementation Plans under Section 176(c) of the Clean Air Act of 1955, as amended (42 U.S.C. §§7401 et seq.); (g) protection of underground sources of drinking water under the Safe Drinking Water Act of 1974, as amended (P.L. 93-523); and, (h) protection of endangered species under the Endangered Species Act of 1973, as amended (P.L. 93- 205). 12. Will comply with the Wild and Scenic Rivers Act of 1968 (16 U.S.C. §§1271 et seq.) related to protecting components or potential components of the national wild and scenic rivers system. 14. Will comply with P.L. 93-348 regarding the protection of human subjects involved in research, development, and related activities supported by this award of assistance. 15. Will comply with the Laboratory Animal Welfare Act of 1966 (P.L. 89-544, as amended, 7 U.S.C. §§2131 et seq.) pertaining to the care, handling, and treatment of warm blooded animals held for research, teaching, or other activities supported by this award of assistance. 16. Will comply with the Lead -Based Paint Poisoning Prevention Act (42 U.S.C. §§4801 et seq.) which prohibits the use of lead -based paint in construction or rehabilitation of residence structures. 17. Will cause to be performed the required financial and compliance audits in accordance with the Single Audit Act Amendments of 1996 and OMB Circular No. A-133, "Audits of States. Local Governments, and Non -Profit Organizations." 18. Will comply with all applicable requirements of all other Federal laws. executive orders, regulations, and policies governing this program. 19. Will comply with the requirements of Section 106(g) of the Trafficking Victims Protection Act (TVPA) of 2000, as amended (22 U.S.C. 7104) which prohibits grant award recipients or a sub -recipient from (1) Engaging in severe forms of trafficking in persons during the period of time that the award is in effect (2) Procuring a commercial sex act during the penod of time that the award is in effect or (3) Using forced labor in the performance of the award or subawards under the award. SIGNATURE OF AUTHORIZED CERTIFYING OFFICIAL TITLE APPLICANT ORGANIZATION DATE SUBMITTED Standard Form 424B (Rev. 7-97) Back DocuSign Envelope ID: 840D3DFE-E919-447C-871 D-1 7373C8C6C32 DISCLOSURE OF LOBBYING ACTIVITIES Complete this form to disclose lobbying activities pursuant to 31 U.S.C.1352 OMB Number: 4040-0013 Expiration Date: 02/28/2025 1. * Type of Federal Action: 2. * Status of Federal Action: 3. * Report Type: a. contract a. bid/offer/applicabon ® a. initial filing ® b. grant ® b initial award ❑ b. material change ❑ c. cooperative agreement C. post -award ❑ d. loan e. loan guarantee f loan insurance 4. Name and Address of Reporting Entity: ®prime ❑ SubAwardee Name Street 1 Street 2 ' Ciry Slate Zip Congressional District, if known: S. If Reporting Entity in No.4 is Subawardee, Enter Name and Address of Prime: 6. * Federal Department/Agency: 7. * Federal Program Name/Description: CFDA Number if applicable 8. Federal Action Number, ifknown: 9. Award Amount, ifknown: 10. a. Name and Address of Lobbying Registrant: Prefix First Name Middle Name ' Last Name Suffix Street 1 Street 2 City State F Zip b. Individual Performing Services (including address If different from No. 10a) Prefix First Name Middle Name ' Last Name Suffix Street 1 Street 2 City State Zip 11. Information requested through this form is authorized by title 31 U.S.C. section 1352. This disclosure of lobbying activities is a material representation of fad upon which reliance was placed by the tier above when the transaction was made or entered into. This disclosure is required pursuant to 31 U.S.C. 1352. This information will be reported to the Congress semiannually and will be available for public inspection. Any person who fails to file the required disclosure shall be subject to a civil penalty of not less than $10.000 and not more than $100 000 for each such failure ' Signature: 'Name: Prefix • Frst Name Middle Name ' Last Name Suffix F Title: Telephone No.: Date: Federal Use Only: s ndardoFonoL LLLI (Rev.7 n� DocuSign Envelope ID: 840D3DFE-E919-447C-871D-17373C8C6C32 Fiscal Federal Funding Accountability and Transparency Act (FFATA) CERTIFICATION As the duly authorized representative (Signor) of the Contractor, I hereby certify that the statements made by me in this certification form are true, complete, and correct to the best of my knowledge. Did your organization have a gross income, from all sources, of less than $300,000 in your previous tax year? Yes No If your answer is "Yes", skip questions "A", "B", and "C" and finish the certification. If your answer is "No answer questions "A" and "B". A. Certification Regarding % of Annual Gross from Federal Awards. Did your organization receive 80% or more of its annual gross revenue from federal awards during the preceding fiscal year? Yes ❑ No ❑ B. Certification Regarding Amount of Annual Gross from Federal Awards. Did your organization receive $25 million or more in annual gross revenues from federal awards in the preceding fiscal year? Yes No If your answer is "Yes" to both question "A" and "B", you must answer question "C". If your answer is "No" to either question "A" or "B", skip question "C" and finish the certification. C. Certification Regarding Public Access to Compensation Information. Does the public have access to information about the compensation of the senior executives in your business or organization (including parent organization, all branches, and all affiliates worldwide) through periodic reports filed under section 13(a) or 15(d) of the Securities Exchange Act of 1934 (15 U.S.C. 78m(a), 78o(d)) or section 6104 of the Internal Revenue Code of 1986? Yes ❑ No ❑ If your answer is "Yes" to this question, where can this information be accessed? If your answer is "No" to this question, you must provide the names and total compensation of the top five highly compensated officers below. Provide compensation information here: Department of State Health Services Form 4734 — April 2022 Contract Management Section Carbon Copy Events Status Timestamp Gloria Diaz Sent: 5/18/2023 10:37:45 AM COPIED gdiaz@mylubbock.us Viewed: 5/18/2023 10:51:22 AM Security Level: Email, Account Authentication (None) Electronic Record and Signature Disclosure: Not Offered via DocuSign Shelva Mays shelva.mays@dshs.texas.gov Security Level: Email, Account Authentication (None) Electronic Record and Signature Disclosure: Not Offered via DocuSign CMS Inbox cmucontracts@dshs.texas.gov Security Level: Email, Account Authentication (None) Electronic Record and Signature Disclosure: Not Offered via DocuSign Witness Events Signature Timestamp Notary Events Signature Timestamp Envelope Summary Events Status Timestamps Envelope Sent Hashed/Encrypted 5/18/2023 10:37:45 AM Payment Events Status Timestamps Electronic Record and Signature Disclosure Unless you tell us otherwise in accordance with the procedures described herein, we will provide electronically to you through the DocuSign system all required notices, disclosures, authorizations, acknowledgements, and other documents that are required to be provided or made available to you during the course of our relationship with you. To reduce the chance of you inadvertently not receiving any notice or disclosure, we prefer to provide all of the required notices and disclosures to you by the same method and to the same address that you have given us. Thus, you can receive all the disclosures and notices electronically or in paper format through the paper mail delivery system. If you do not agree with this process, please let us know as described below. Please also see the paragraph immediately above that describes the consequences of your electing not to receive delivery of the notices and disclosures electronically from us. How to contact DSHS Contract Management Section: You may contact us to let us know of your changes as to how we may contact you electronically, to request paper copies of certain information from us, and to withdraw your prior consent to receive notices and disclosures electronically as follows: To contact us by email send messages to: alison.joffrion@hhsc.state.tx.us To advise DSHS Contract Management Section of your new email address To let us know of a change in your email address where we should send notices and disclosures electronically to you, you must send an email message to us at alison.joffrion@hhsc.state.tx.us and in the body of such request you must state: your previous email address, your new email address. We do not require any other information from you to change your email address. If you created a DocuSign account, you may update it with your new email address through your account preferences. To request paper copies from DSHS Contract Management Section To request delivery from us of paper copies of the notices and disclosures previously provided by us to you electronically, you must send us an email to alison.joffrion@hhsc.state.tx.us and in the body of such request you must state your email address, full name, mailing address, and telephone number. We will bill you for any fees at that time, if any. To withdraw your consent with DSHS Contract Management Section To inform us that you no longer wish to receive future notices and disclosures in electronic format you may: