The URL can be used to link to this page

Home My WebLink AboutResolution - 2024-R0217 - Contract No. HHS001439500038, DSHS - 04/23/2024Resolution No. 2024-R0217 Item No. 6.23 Apri123, 2024 RESOLUTION B� IT RESOLV�D BY THE CITY COUNCIL OF THE CITY OF LUBBOCK: THAT the Mayor of the City of Lubbock is hereby authoriied and directed to execute for and on behalf of the City of Lubbock, Contract No. HHS001439500038, under the Center for Health �mergency Yreparedncss and Response Grant Program, by and bctween the City oi Lubbock and the State of "1'cxas, acting by and through its Deparimcnt of Statc Hcalth Serviccs (DSHS), and all related documents. Said contract is attached hereto and incorporated in this Resolution as if fully set forth herein and shall be included in the minutes of the Council. Passed by the City Council on Apri123, 2024 'I'RAY PAYN ;, M YOR AT' 'EST: Co rtn y'az, City ccretary APPROVED AS TO CONTENT: � Bill Ho rton, Deputy City ger APPROVED AS TO FORM: I•hael Poster, A si ant City Attorney RES.Contract-PHGP and DSHS No. IiliS001439500038 4.8.24 DocuSign Envelope ID: 9EF6E9C2-F2F6-4DA9-BBFF-A5961345A3A8 Resolution No. 2024-R0217 SIGNATURE DOCUMENT FOR DEPARTMENT OF STATE HEALTH SERVICES GRANT AGREEMENT, CoNTRa►cT No. HHS001439500038 UNDER THE CENTER FOR HEALTH EMERGENCY PREPAREDNESS AND RESPONSE GRANT PROGRAM The parties to this agreement ("Grant Agreement" or "Contract") are the Department of State Health Services ("System Agency" or "DSHS"), a pass-through entity, and City of Lubbock ("Grantee"), having its principal office at 806 18�' Street, Lubbock, Texas 79401 (each a"Party" and collectively the "Parties"). I. PURPOSE The purpose of this Grant Agreement is to perform activities in support of the Public Health Emergency Preparedness ("PHEP") Cooperative Agreement between the Centers for Disease Control and Prevention ("CDC") and DSHS to advance public health emergency preparedness. II. LEGAL AUTHORITY This Grant Agreement is entered into pursuant to the authority granted by and in compliance with Texas Health and Safety Code Chapters 12 and 1001, as applicable. III. DURATION This Grant Agreement is effective on July 1, 2024, and expires on June 30, 2025, unless sooner terminated or renewed or extended. System Agency, at its sole discretion, may extend this Grant Agreement for up to four (4) additional years for a maximum term of five (5) years. Notwithstanding the limitation in the preceding paragraph and with at least thirty (30) calendar days' advance written notice to Grantee, at the end of the initial term or any renewal period, System Agency, at its sole discretion, may extend this Grant Agreement as necessary to ensure continuity of service, for purposes of transition, or as otherwise determined by System Agency to serve the best interest of the State for up to three (3) months, in one-month (1-month) intervals, at the then- current contract rate or rates (if applicable) as modified during the term of the Grant Agreement. IV. STATEMENT OF WORK The Statement of Work to which Grantee is bound is incorporated into and made a part of this Grant Agreement for all purposes and included as ATTACHMENT A, PROJECT FY2025 STATEMENT OF WORK. System Agency Grant Agreement, Contract No. HHS001439500038 Page 1 of 7 DocuSign Envelope ID: 9EF6E9C2-F2FB-4DA9-BBFF-A5961345A3A8 V. BUDGET The total amount of this Grant Agreement will not exceed TWO HUNDRED EIGHTY-EIGHT THOUSAND SIXTEEN DOLLARS ($ZH8�01().00). This includes the DSHS share of Two Hundred Sixty-One Thousand Eight Hundred Thirty-Three Dollars ($261,833.00) and Grantee's required match amount of Twenty-Six Thousand One Hundred Eighty-Three Dollars ($26,183.00). The total not-to-exceed amount includes the following: Total Federal Funds: $261,833.00 Total State Funds: $0.00 Funds will be allocated for each Project Fiscal Year ("Project FY"), which means the period beginning July 1 and ending June 30 each year, under this Grant Agreement. All expenditures under the Grant Agreement must be within the identified Project FY, and in accordance with ATTACHMENT B, PROJECT FYZO25 BUDGET. VI. NOTICE TO PROCEED Funding for this Grant Agreement is available for Project FY2025, which is the period of July 1, 2024, through June 30, 2025, and is dependent on the award of the applicable federal grant. No work may begin, and no charges may be incurred until DSHS issues a written Notice to Proceed ("NTP") to Grantee. The NTP may include an amended or ratifed budget, which will be incorporated into this Grant Agreement by a subsequent amendment, as necessary. Notwithstanding the preceding, at DSHS's discretion, Grantee may be eligible to receive reimbursement for eligible expenses incurred during the period of performance as defined by 2 CFR § 200.309. VII. REPORTING REQUIREMENTS Grantee shall submit the reports for Project FY2025 as identified in the table below, and as outlined in ATTACHMENT A, PROJECT FYZO25 STATEMENT OF WORK, by the due dates and submission methods specified therein. DSHS may add contractual requirements and revise reporting due dates throughout the term of this Grant Agreement to comply with modifications made to the federal grant award. REPORT FREQUENCY PROJECT FY 2OZS DSHS EMAIL OR SYSTEM TO DUE DATE S SUBDIIT REPORT The last business day of invoices(�dshs.texas.eov; Financial Status Report - Biannual the month following the fsrerants(r�,dshs.texas.�; copy end of the second January 31, 2025 to the System Agency �See SECTION I(VV�(H� Of ATTACHMENT project FY quarter July 30, 2025 representative identified in A� PROJECT EY 2O2S STATEMENT OF pND thirty (30) SECTION VIII� CONTRACT WoRK) calendaz days after the �P�SENTATIVES, of this Grant A eement System Agency Grant Agreement, Contract No. HHS001439500038 Page 2 of 7 DocuSign Envelope ID: 9EF6E9C2-F2FB-4DA9-BBFF-A5961345A3A8 fourth Project FY quarter. August 30, 2024 September 30, 2024 InvoiceslRequests for Reimbursement — The last business day of October 31, 2024 Monthly the month following the November 29, 2024 month in which December 31, 2024 �508 SECTION IV(A� Of ATTACHMENT expenses were incurred �anuary 3l, 2025 .d►� PROJECT FY ZOZS STATEMENT OF AND thirty (30) invoices n,dshs.texas. o�v; February 28, 2025 CMSinvoices(rD,dshs.texas.�; WoRK) calendar days following March 31, 2025 the expiration date of April 30, 2025 the Grant Agreement. May 3Q 2025 June 30, 2025 July 31, 2025 Initial Work Plan - Annual (SC0 SECTION I(V17(1) Of ATTACHMENT Once per Project FY July 15, 2024 Qualtrics System A� PROJECT FY 2O2S STATEMENT OF WORK� Property Inventory Report (Form GG FSOequip a,dshs.texas.gov; I 1) — Annual copy to the System Agency Once per Project FY October 15, 2024 representative identified in (See SECTION 1(V1�(9) of ATTACHMENT SECTION VIII, CONTRACT A� PROJECT FY iOiS STATEMENT OF REPRESENTATIVES, Of thiS WORK) Grant Agreement Programmatic Mid-Year Performance Report - Annual (See SECTION I(V1�(5) of ATTACHMENT Once per Project FY January 31, 2025 A, PROJECT 2025 STATEMENT OF QualtrlCS System WORK) Integrated Preparedness Plan ("IPP'') - Annual Once per Project FY May l, 2025 Qualtrics System �SCe SECTION I(V�(2) Of ATTACNMENT A� PROJECT iOiS STATEMENT OF WORK� After-Action Reviewllmprovement Plan ("AAR/IP") - Annual (SCC SECTION I(V17(3) Of ATTACHMENT Once per Project FY June 30, 2025 Qualtrics System A� PROJECT 2025 STATEMENT OF WORK) - Annual Operational Readiness Review ("ORR") Once per Project FY June 30, 2025 Qualtrics System - Mnual System Agency Grant Agreement, Contract No. HHS001439500038 Page 3 of 7 DocuSign Envelope ID: 9EF6E9C2-F2FB-4DA9-BBFF-A5961345A3A8 ($CC SECTION 1(V17(4) of ATTACHMENT A� PROJECT 2025 STATEMENT OF WORK� Evidence of attendance at two (2) regional healthcare coalition meetings - Annual Once per Project FY June 30, 2025 Qualtrics System (See SEcr�oN I(V1�(7) of ArrncHmenr A� PROJECT 2O2S STATEMENT OF WORK� Programmatic End-of-Year Performance Report - Annual Once per Project FY July 30, 2025 Qualtrics System ($Ce $ECTION 1(V17(G) of ATTACHMENT A� PROJECT ZO25 STATEMENT OF WORK) VIII. CONTRACT REPRESENTATIVES The following will act as the representative ("Contract Representative") authorized to administer activities under this Grant Agreement on behalf of their respective Party. Svstem Agencv Beverly Taylor Department of State Health Services 1100 W. 49th Street, MC 1990 Austin, Texas 78756 beverl v. tavl or(�a,dshs. texas. gov Grantee Rachel Dolan City of Lubbock P.O Box 2000 Lubbock, Texas 79401 rdo lan@,mvlubbock. us IX. NOTICE REQUIREMENTS A. All notices given by Grantee shall be in writing, include the Contract number, comply with all terms and conditions of the Grant Agreement, and be delivered to the System Agency's Contract Representative identified above. B. Grantee shall send legal notices to System Agency at the address below and provide a copy to the System Agency's Contract Representative: Health and Human Services Commission Attn: Office of Chief Counsel 4601 W. Guadalupe St., Mail Code 1100 Austin, Texas 78751 with a copy to: System Agency Grant Agreement, Contract No. HHS001439500038 Page 4 of 7 DocuSign Envelope ID: 9EF6E9C2-F2F6-4DA9-BBFF-A5961345A3A8 Department of State Health Services Attention: General Counsel 1100 W. 49`�' Street, Mail Code 1919 Austin, Texas 78756 C. Notices given by System Agency to Grantee may be emailed, mailed, or sent by common carrier. Email notices shall be deemed delivered when sent by System Agency. Notices sent by mail shall be deemed delivered when deposited by the System Agency in the United States mail, postage paid, certified, return receipt requested. Notices sent by common carrier shall be deemed delivered when deposited by the System Agency with a common carrier, overnight, signature required. D. Notices given by Grantee to System Agency shall be deemed delivered when received by System Agency. E. Either Party may change its Contract Representative or legal notice contact by providing written notice to the other Party. X. FEDERAL AWARD INFORMATION GRANTEE'S UNIQUE ENTITY IDENTIFIER IS: LXDNEKWRVKJ6 Federal funding under this Grant Agreement is a subaward under the following federal award. Federal Award Identification Number (FAIN): TBD A. Assistance Listings Title, Number, and Dollar Amount: Centers for Disease Control and Prevention, Public Health Emergency Preparedness (PHEP) Cooperative Agreement, 93.069, TBD B. Federal Award Date: TBD C. Federal Award Period: July 1, 2024 — June 30, 2025 D. Name of Federal Awarding Agency: Centers for Disease Control and Prevention E. Federal Award Project Description: Public Health Emergency Preparedness (PHEP) Cooperative Agreement F. Awarding Official Contact Information: Name — TBD Title, i.e., Grants Management Officer — TBD Title 2, i.e., CDC Office of Grants Services, Branch 4— TBD Address — TBD City, State ZIP — TBD Telephone: TBD Email: TBD G. Total Amount of Federal Funds Awarded to System Agency: TBD H. Amount of Funds Awarded to Grantee: $261,833.00 I. Identification of Whether the Award is for Research and Development: No System Agency Crant Agreement, Contract No. HHS001439500038 Page 5 of 7 DocuSign Envelope ID: 9EF6E9C2-F2F6-4DA9-BBFF-A5961345A3A8 XI. CONTRACT DOCUMENTS The following documents are incorporated by reference and made a part of this Grant Agreement for all purposes. ATTACHMENT A — ATTACHMENT B — ATTACHMENT C — ATTACHMENT D — ATTACHMENT E — ATTACHMENT E-1 — ATTACHMENT F— ATTACHMENT G— ATTACHMENT H — PROJECT FYZO25 STATEMENT OF WORK PROJECT FY2025 BUDGET HHS CONTRACT AFFIRMATIONS, VERSION Z.3, EFFECTIVE AucusT 2023 HHS UNIFORM TERMS AND CONDIT[OfYS — GRANT, VERSION 3.3, EFFECTIVE NOVEMBER 2023 HHS DATA USE AGREEMENT —TACCHO VERSION (LOCAL CITY AND COUNTY ENTITIES), OCTOBER 23, 2019 TEXAS HHS SYSTEM - DATA USE AGREEMENT — ATTACHMENT Z, SECURITY AIVD PRIVACY INQUIRY (SPI) FEDERAL ASSURANCES — NON-CONSTRUCTION PROCRAMS CERTIFICATION REGARDING LOBBYING FEDERAL FUNDING ACCOUNTABILITY AND TRANSPARENCY ACT (FFATA) CERTIFICATION FORM Unless expressly stated otherwise in this Grant Agreement, in the event of conflict, ambiguity, or inconsistency between or among any documents, all DSHS documents take precedence over Grantee's documents and ATTACHMENT E, HHS DATA USE AGREEMENT — TACCHO VERSION (LOCAL CITY AND COUNTY ENTITIES), OCTOBER 23, 2019, takes precedence over all other Contract documents. XII. SIGNATURE AUTHORITY Each Party represents and warrants that the person executing this Grant Agreement on its behalf has full power and authority to enter into this Grant Agreement. Any services or work performed by Grantee before this Grant Agreement is effective or after it ceases to be effective are performed at the sole risk of Grantee. SIGNATURE PAGE FOLLOWS System Agency Grant Agreement, Contract No. HHS001439500038 Page 6 of 7 DocuSign Envelope ID: 9EF6E9C2-F2F6-4DA9-BBFF-A5961345A3A8 SIGNATURE PAGE FOR DEPARTMEIYT OF STATE HEALTH SERVICES GRANT AGREEMENT, CoNTRa►cT No. HHS001439500038 DEPARTMENT OF STATE HEALTH SERVICES Signature Printed Name: Title: Date of Signature: CITY OF LUBBOCK Signature Printed Name: Title: Date of Signature: _ System Agency Grant Agreement, Contract No. HHS001439500038 Page 7 of 7 DocuSign Envelope ID: 9EF6E9C2-F2F6-4DA9-BBFF-A5961345A3A8 Attachment A- Project FY2025 State�nent of Work DSHS Contract No. HHS001439500038 ATTACHMENT A PROJECT FY2O25 STATEMENT OF WORK I. GRANTEE RESPONSIBILITIES Grantee shall: A. Perform activities in support of the Public Health Emergency Preparedness ("PHEP") Cooperative Agreement between the Centers for Disease Control and Prevention ("CDC") and the Department of State Health Services ("System Agency") to advance public health emergency preparedness. B. Perform the activities required under this Contract in the following cities, counties, or groups of counties (cumulatively, Grantee's "Jurisdiction"): Lubbock. C. Provide System Agency with situational awareness data generated through interoperable networks of electronic data systems. D. Coordinate with System Agency program staff to develop a preparedness activity plan for Grantee's Jurisdiction. At minimum, Grantee shall ensure at least three (3) of the following public health emergency preparedness capabilities are achieved on an annual basis: 1. Capability 1— Community preparedness is the ability of communities to prepare for, withstand, and recover from public health incidents in both the short-term and long-term. 2. Capability 2— Community recovery is the ability of communities to identify critical assets, facilities, and other services within public health, emergency management, health care, human services, mentaVbehavioral health, and environmental health sectors that can guide and prioritize recovery operations. 3. Capability 3— Emergency operations coordination is the ability to coordinate with emergency management and to direct and support an incident or event with public health or health care implications by establishing a standardized, scalable system of oversight, organization, and supervision that is consistent with jurisdictional standards and practices and the National Incident Management System ("NIMS"). 4. Capability 4— Emergency public information and warning is the ability to develop, coordinate, and disseminate information, alerts, warnings, and notifications to the public and incident management personnel. 5. Capability 5— Fatality management is the ability to coordinate with partner organizations and agencies to provide fatality management services to ensure the proper recovery and preservation of remains; identification of the deceased; determination of cause and manner of death; release of remains to an authorized individual; and provision of inentaWehavioral health assistance for the grieving. The role also may include supporting activities for the identification, collection, documentation, retrieval, and transportation of human remains, personal effects, and evidence to the examination location or incident morgue. 6. Capability 6— Information sharing is the ability to conduct multijurisdictional and multidisciplinary exchange of health-related information and situational awareness data among federal, state, local, tribal, and territorial levels of government and the private Page 1 of 9 DocuSign Envelope ID: 9EF6E9C2-F2F6-4DA9-BBFF-A5961345A3A8 Attachment A- Project FY2025 Statement of Work DSHS Contract No. HHS001439500038 sector. This capability includes the routine sharing of information, as well as issuing of public health alerts to all levels of government and the private sector in preparation for, and in response to, events or incidents of public health significance. 7. Capability 7— Mass care is the ability of public health agencies to coordinate with and support partner agencies to address, within a congregate location (excluding shelter-in- place locations), the public health, health care, mental/behavioral health, and human services needs of those impacted by an incident. This capability includes coordinating ongoing surveillance and public health assessments to ensure that health needs continue to be met as the incident evolves. 8. Capability 8— Medical countermeasure dispensing and administration is the ability to provide medical countermeasures to targeted population(s) to prevent, mitigate, or treat the adverse health effects of a public health incident, according to public health guidelines. This capability focuses on dispensing and administering medical countermeasures, such as vaccines, antiviral drugs, antibiotics, and antitoxins. 9. Capability 9— Medical materiel management and distribution is the ability to acquire, manage, transport, and track medical materiel during a public health incident or event and the ability to recover and account for unused medical materiel, such as pharmaceuticals, vaccines, gloves, masks, ventilators, or medical equipment after an incident. 10. Capability 10 — Medical surge is the ability to provide adequate medical evaluation and care during events that exceed the limits of the normal medical infrastructure of an affected community. It encompasses the ability of the health care system to endure a hazard impact, maintain or rapidly recover operations that were compromised, and support the delivery of medical care and associated public health services, including disease surveillance, epidemiological inquiry, laboratory diagnostic services, and environmental health assessments. 11. Capability 11 — Non-pharmaceutical interventions are actions that people and communities can take to help slow the spread of illness or reduce the adverse impact of public health emergencies. This capability focuses on communities, community partners, and stakeholders recommending and implementing non-pharmaceutical interventions in response to the needs of an incident, event, or threat. Non-pharmaceutical interventions may include isolation; quarantine; restrictions on movement and travel advisories or warnings; social distancing; external decontamination; hygiene; and precautionary protective behaviors. 12. Capability 12 — Public health laboratory testing is the ability to implement and perform methods to detect, characterize, and confirm public health threats. It also includes the ability to report timely data, provide investigative support, and use partnerships to address actual or potential exposure to threat agents in multiple matrices, including clinical specimens, and food, water, and other environmental samples. This capability supports passive and active surveillance when preparing for, responding to, and recovering from biological, chemical, and radiological (if a Radiological Laboratory Response Network is established) public health threats and emergencies. 13. Capability 13 — Public health surveillance and epidemiological investigation is the ability to create, maintain, support, and strengthen routine surveillance and detection systems and epidemiological investigation processes. It also includes the ability to expand these systems and processes in response to incidents of public health significance. 14. Capability 14 — Responder safety and health is the ability to protect public health and other Page 2 of 9 DocuSign Envelope ID: 9EF6E9C2-F2F6-4DA9-BBFF-A5961345A3A8 Attachment A- Project FY2025 Statement of Work DSHS Contract No. HHS001439500038 emergency responders during pre-deployment, deployment, and post-deployment. 15. Capability 15 — Volunteer management is the ability to coordinate with emergency management and partner agencies to identify, recruit, register, verify, train, and engage volunteers to support the jurisdictional public health agency's preparedness, response, and recovery activities during pre-deployment, deployment, and post-deployment. E. Match funds awarded under this Grant Agreement with costs or third-party contributions that are not paid by the federal government under another award, except where authorized by federal statute to be used for cost-sharing or matching. The non-federal contributions ("match") may be provided directly or through donations from public or private entities and may be in cash or in-kind donations, fairly evaluated, including plant, equipment, or services. The costs that the Grantee incurs in fulfilling the matching or cost-sharing requirement are subject to the same requirements, including the cost principles, that are applicable to the use of federal funds, including prior approval requirements and other rules for allowable costs as described in 45 Code of Federal Regulations (CFR) 74.23 and 45 CFR 92.24, as amended. Grantee shall provide matching funds in the amount of ten percent (10%) of the DSHS Direct Costs and Indirect Costs amount as set forth in ATTACHMENT B, PROJECT FY2025 BUDGET. "Cash match" is defined as an expenditure of cash by the Grantee on allowable costs under this Grant Agreement that are borne by the Grantee. "In-kind match" is defined as the dollar value of non-cash contributions by a third party given in goods, commodities, or services that are used in activities that benefit this Grant Agreement's project, and that are contributed by non-federal third parties without charge to the Grantee. The criteria for match must: 1. Be an allowable cost under the applicable federal cost principle; 2. Be necessary and reasonable for the efficient accomplishment of project or program objectives; 3. Be verifiable within the Grantee's (or subgrantee's) records; 4. Be documented, including methods and sources, in the approved budget (applies only to cost reimbursement contracts); 5. Not be included as contributions toward any other federally-assisted project or program (match can count only once); 6. Not be paid by the federal government under another award, except where authorized by federal statute to be used for cost-sharing or match; 7. Conform to other provisions of governing circulars/statutes/regulations as applicable for the Contract; 8. Be adequately documented; 9. Follow procedures for generally accepted accounting practices as well as meet audit requirements; and 10. Value the in-kind contributions reported and be supported by documentation reflecting the use of goods and/or services during the Grant Agreement term. F. In the event of a local, state, or federal emergency, System Agency will reimburse Grantee up to five percent (5%) of the total Grant Agreement award for its personnel costs in responding to an emergency event. Grantee shall maintain records to document the personnel time spent on response efforts for audit purposes. Within five (5) calendar days of the onset of the Page 3 of 9 DocuSign Envelope ID: 9EF6E9C2-F2F6-4DA9-BBFF-A5961345A3A8 Attachment A- Project FY2025 Statement of Work DSHS ConUact No. HHS001439500038 emergency, Grantee shall notify the System Agency Contract Representative identified in SECTION VIII, CONTRACT REPRESENTATIVES, of this Grant Agreement, in writing of its implementation of this provision. G. In the event of a public health emergency involving a portion of the state, mobilize and dispatch staff or equipment purchased with funds from previous PHEP cooperative agreements, and not currently performing critical duties in the Grantee's Jurisdiction, to the affected area of the state upon receipt of a written request from System Agency. H. Coordinate activities and response plans within Grantee's Jurisdiction with the state, regional, and other local jurisdictions, among local agencies, and with hospitals and major health care entities, jurisdictional Metropolitan Medical Response Systems, and Councils of Government. I. Inform System Agency in writing if Grantee will not continue performance under this Grant Agreement within thirty (30) calendar days of receipt of System Agency's notification of an amended standard(s) or guideline(s). In such event, System Agency may terminate this Grant Agreement immediately or within a reasonable period of time, as determined by System Agency. J. Develop, implement, and maintain a timekeeping system for accurately documenting staff time and salary expenditures for all staff funded through this Grant Agreement, including partial full-time employees and temporary staff. K. Have plans, processes, and training in place to meet NIMS compliance requirements. L. When using volunteers during the Grant Agreement term, designate a Texas Disaster Volunteer Registry ("TDVR") State Emergency System for the Advanced Registration of Volunteer Health Professionals ("ESAR-VHP") System Administrator, participate in required administrator trainings, and utilize the system to identify volunteers. M. Coordinate all planning, training, and exercises performed under this Grant Agreement with other Local Health Entities, the Texas Division of Emergency Management ("TDEM"), or other points of contact at the discretion of System Agency, to ensure consistency and coordination of requirements at the local level and eliminate duplication of effort between the various domestic preparedness funding sources in the state. N. Coordinate all risk communication activities with the System Agency Communications Unit by using System Agency's core messages posted on the System Agency website and submitting copies of draft risk communication materials to System Agency for coordination prior to dissemination. O. Work with the Regional Health Care Coalition to develop comprehensive preparedness strategies. Plans shall be submitted to System Agency via the Operational Readiness Review. P. Incorporate Access and Functional Needs ("AFN") partners in an annual PHEP exercise. Local jurisdictions can fulfill this requirement by incorporating at least one (1) AFN partner in a Page 4 of 9 DocuSign Envelope ID: 9EF6E9C2-F2FB-4DA9-BBFF-A5961345A3A8 Attachment A- Project FY2025 Statement of Work DSHS Contract No. HHS001439500038 tabletop, a functional, or a full-scale exercise, or during an incident or public health event in which the A�'N partner participates. Q. Designate a member of the PHEP program to attend two (2) regional healthcare coalition meetings during each Project FY. R. Fill any vacant positions within ninety (90) calendar days. Vacant positions existing after ninety (90) days may result in a decrease in funds. Grantee must report all position vacancies to their assigned System Agency Contract Representative each month until all positions are filled. S. Comply with all state and System Agency guidance and standards, including the following: 1. Grant Technical Assistance Guide, located at System Agency website located at the following URL, https://hhs.texas.�ov,�doing-business-hhs/ rg ants; and 2. Texas Grant Management Standards, located at the following URL, https:i;'comptroller.texas.gov/purchasin�grant-mana eg mend. T. Comply with all applicable federal and state laws, rules, and regulations, as amended, including, but not limited to, the following: 1. Texas Government Code Chapter 418; 2. Public Law 109-417, Pandemic and All-Hazards Preparedness and Advancing Innovation Act ("PAHPAI"); 3. Texas Health and Safety Code Chapter 81; 4. Section 319 C-1 of the Public Health Service (PHS) Act (47 USC § 247d-3a), as amended; and 5. 2 CFR Part 200. U. Comply with all requirements related to purchases made with grant funds and uses of grant funds under this Grant Agreement. The requirements regarding purchases made with grant funds and uses of grant funds under this Grant Agreement include the following: 1. Grantee may not use funds for research, clinical care, fundraising activities or lobbying, construction or major renovations, reimbursement of pre-award costs, to supplant existing state or federal funds for activities, payment or reimbursement of backfilling costs for staff, purchase of vehicles of any kind, uniforms, buildings or real properiy, or funding an award to another party or provider who is ineligible. 2. Grantee may not use funds made available under this Contract to promote or advocate the legalization or practice of prostitution or sex trafficking. Nothing in the preceding sentence shall be construed to preclude the provision to individuals of palliative care, treatment, or post-exposure pharmaceutical prophylaxis, and necessary pharmaceuticals and commodities, including test kits, condoms, and, when proven effective, microbicides. 3. Grantee must initiate the purchase of all equipment approved in writing by System Agency, as applicable. Failure to timely initiate the purchase of equipment may result in the loss of Page 5 of 9 DocuSign Envelope ID: 9EF6E9C2-F2F6-4DA9-BBFF-A5961345A3A8 Attachment A- Project FY2025 Statement of Work DSHS Contract No. HHS001439500038 availability of funds for the purchase of equipment. Requests to purchase equipment must be submitted to the assigned System Agency Contract Representative. 4. At the expiration or termination of this Grant Agreement for any reason, title to any remaining equipment and supplies purchased with funds under this Grant Agreement reverts to System Agency. Title may be transferred to another party at the sole discretion of System Agency. System Agency may, at its option and to the extent allowed by law, transfer the reversionary interest to such property to Grantee. 5. Grantee shall not use System Agency funds to lease buildings or real property without prior written approval from System Agency. Further, Grantee shall not use System Agency funds for the purchase of buildings or real property under any circumstance. 6. System Agency reserves the right, where allowed by legal authority, to redirect funds in the event of financial shortfalls. 7. System Agency will monitor Grantee's expenditures on a monthly basis. If expenditures are below the amount projected in Grantee's total Project FY amount, Grantee's budget may be subject to a decrease for the remainder of the Project FY. V. Comply with requirements related to the cost reimbursement budget under this Grant Agreement. The cost reimbursement budget requirements include the following: Grantee's approved cost reimbursement budget must document all approved and allowable expenditures. Grantee shall only utilize funding under this Grant Agreement for approved and allowable costs. If Grantee requests to utilize funds for an expense not documented in the approved cost reimbursement budget, Grantee shall notify the System Agency Contract Representative, in writing, and request approval prior to utilizing the funds. System Agency shall provide written notification whether the requested expense is approved or denied. If needed, Grantee may revise the System Agency-approved cost reimbursement budget. The following requirements apply to budget transfers across budget categories: a. Transferring funds between budget categories, other than the "Equipment" and "Indirect Cost" categories, is allowable with System Agency's written approval, but cannot exceed twenty-five percent (25%) of the total allotted amount during a Project FY. If the budget transfer(s) does exceed twenty-five percent (25%) of the total allotted amount during a Project FY, alone or cumulatively, in addition to System Agency's written approval, a formal Grant Agreement amendment is required; b. Grantee may revise the "EquipmenY' and "Indirect CosY' budget categories, however any such revision requires System Agency's written approval and a formal Grant Agreement amendment; and c. As stated in Section I(V)(3)(a) and I(V)(3)(b), if Grantee requests revisions to the cost reimbursement budget, it shall provide an email notification to the System Agency Contract Representative. The request must include a draft of the revised categorical budget, a summary of revisions being requested with the total percentage of funds being moved, and a justifcation of such revisions. System Agency will notify Grantee if its revision request is approved. Thereafter, System Agency will amend the Grant Agreement, if necessary, based on the criteria established in this Section I(V)(3). Grantee's proposed budget revision is not authorized, and funds cannot be utilized, until the Grant Agreement amendment is executed. Page 6 of 9 DocuSign Envelope ID: 9EF6E9C2-F2FB-4DA9-BBFF-A5961345A3A8 Attachment A- Project FY2025 Statement of Work DSHS Contract No. HHS001439500038 W. Comply with the reporting requirements and due dates established in this ATTACHMENT A, PROJECT FY2025 STATEMENT OF WORK and SECTION VII, REPORTING REQUIREMENTS, of the Signature Document. Unless stated otherwise in this Grant Agreement, Grantee must submit the reports via Qualtrics, a web-based system, according to instructions provided by System Agency. Programmatic reports satisfy the information-sharing requirements set forth in Texas Government Code, Sections 421.071 and 421.072(b) and (c). The reporting requirements include the following: 1. Grantee must prepare and submit an Initial Work Plan each Project FY and submit it to System Agency via Qualtrics, using a URL provided by System Agency. For Project FY2025, Grantee must submit the Initial Work Plan to System Agency by July 15, 2024. 2. Grantee must prepare and submit a current Integrated Preparedness Plan ("IPP") each Project FY, which must include at least four (4) years of progressive exercise, planning and training, to System Agency via Qualtrics. For Project FY2025, Grantee must submit the IPP to System Agency by May 1, 2025. The Il'P must be based on the results of the Grantee's training needs assessment and the evaluations of previous exercises and responses, including the After-Action ReviewlImprovement Plan submitted in SECT[o1v I(V�(3) of this Statement of Work. The IPP must include a description of a. The proposed location, month(s), and year(s) of future exercise(s); b. The type(s) of future exercise(s) that will take place; and c. The partnering entities. 3. Grantee must prepare and submit an After-Action Review/Improvement Plan ("AAR/IP") each Project FY for the annual PHEP exercise with Access and Functional Needs via Qualtrics. For Project FY2025, Grantee must submit the AAR/IP to System Agency by June 30, 2025. 4. Grantee must complete and submit specific forms identified by the System Agency from the Operational Readiness Review ("ORR") each Project FY to System Agency by uploading supporting documentation to Qualtrics. For Project FY2025, Grantee must submit the ORR forms to System Agency by June 30, 2025. 5. Grantee must prepare and submit a Programmatic Mid-Year Performance Report each Project FY via Qualtrics. For Project FY2025, Grantee must submit the Programmatic Mid- Year Performance Report to System Agency by January 31, 2025. System Agency will provide a template to Grantee, which will identify the information that Grantee must provide in its Programmatic Mid-Year Performance Report. 6. Grantee must prepare and submit a Programmatic End-of-Year Performance Report each Project FY via Qualtrics. For Project FY2025, Grantee must submit the Programmatic End- of-Year Performance Report to System Agency by July 30, 2025. System Agency will provide a template to Grantee, which will identify the information that Grantee must provide in its Programmatic End-of-Year Performance Report. 7. Grantee must submit a copy of the meeting sign in sheet, as evidence of attendance at two (2) regional healthcare coalition meetings during each Project FY via Qualtrics. For Project FY2025, Grantee must submit evidence of attendance at two (2) regional healthcare coalition meeting to System Agency by June 30, 2025. 8. Grantee must submit biannual Financial Status Reports (FSRs). Grantee's FSRs are due the last business day of the month following the end of each second Project FY quarter, and thirty (30) calendar days after each fourth Project FY quarter. The first FSR, for the Page 7 of 9 DocuSign Envelope ID: 9EF6E9C2-F2F6-4DA9-BBFF-A5961345A3A8 Attachment A- Project FY2025 Statement of Work DSHS Contract No. HHS001439500038 period July 1, 2024, through December 31, 2024, is due by January 31, 2025. The second FSR, for the period January 1, 2025, through June 30, 2025, is due by July 30, 2025. Grantee shall electronically submit FSRs to invoices cr,dshs.texas.gov and fsr r�(u�dshs.texas.gov, with a copy to the System Agency Contract Representative identified in SECTION VIII, CONTRACT REPRESENTATIVES, of this Grant Agreement. If System Agency determines Grantee needs to submit FSR reports by mail or fax, Grantee must send the required information as follows: a. For submission by mail, use address below: Department of State Health Services Claims Processing Unit P.O. Box 149347, MC 1940 Austin, TX 78714-9347 b. For submission by fax, use number below: (512) 458-7442 9. Grantee must maintain an inventory of equipment, supplies defined as "Controlled Assets" (see definition in form titled, "DSHS Contractor's Property lnventory Report (Form GC- 11)," link below), and real property. Grantee shall submit an annual cumulative report of the above state items on the Form GC-11, located at the following URL: https: //www.dshs.texas.gov/hiv-std-pro�ram/dshs-tb-hiv-std-section-thisis/contract- management-section-prevention. Grantee will submit the Form GC-11, via email, to FSOequip(c�,dshs.texas. o�v, with a copy to the System Agency Contract Representative identified in SECTION VIII, CONTRACT REPRESENTATIVES, of this Grant Agreement, no later than October 15th of each calendar year. 10. Grantee shall provide System Agency with other reports, including financial reports, that System Agency determines necessary to accomplish the objectives of this Contract and to monitor compliance. 11. Grantee must immediately notify System Agency in writing if Grantee is legally prohibited from providing any report required under this Grant Agreement. II. PERFORMANCE MEASURES A. System Agency will monitor Grantee's performance of the requirements in this Statement of Work and compliance with the Grant Agreement's terms and conditions. B. Grantee must adhere to PHEP reporting deadlines and the capability to receive, stage, store, distribute, and dispense material during a public health emergency. Failure to meet these requirements may result in System Agency withholding a portion of the current Project Fiscal Year PHEP base award. C. Upon request by System Agency, Grantee shall reasonably revise any performance measure to System Agency's satisfaction and in accordance with the requirements set forth in this Grant Agreement. Page 8 of 9 DocuSign Envelope ID: 9EF6E9C2-F2F6-4DA9-BBFF-A5961345A3A8 Attachment A- Project FY2025 Statement of Work DSHS Contract No. HHS001439500038 III. INVOICE AND PAYMENT A. Grantee shall request monthly payments by the last business day of the month following the month in which expenses were incurred and shall use the State of Texas Purchase Vouchers (Form B-13 and Form B-13A) located at http:llwww.dshs.texas.govl�rants/forms.shtm. Grantee's final invoice wi(I be due thirty (30) calendar days following the expiration date of the Grant Agreement. System Agency will issue reimbursement payments to Grantee on a monthly basis for reported actual cash disbursements that are supported by adequate documentation. Invoice approval and payment is contingent upon receipt of adequate supporting documentation and submittal of acceptable supporting documentation by electronic mail to invoices(c�dshs.tcxas. o�v and CMSInvoices(c�dshs.texas. o�v, with a copy to the assigned System Agency Contract Representative identified in the Signature Document. At a minimum, every invoice should include: 1. Grantee name, address, email address, vendor identification number, and telephone number; 2. DSHS Contract or Purchase Order number; 3. Identification of service(s) provided; 4. The total invoice amount; and 5. Any additional supporting documentation that is required by this Statement of Work or as requested by System Agency. B. System Agency will pay Grantee monthly on a cost reimbursement basis and in accordance with ATTACHMENT B, PROJECT FY2O2S BUDGET, of this Grant Agreement. System Agency will reimburse Grantee only for allowable and reported expenses incurred within the Project FY. C. Grantee may request a one-time working capital advance not to exceed twelve percent (12%) of the total funds allotted per Project FY. All advances must be expended by the end of the Project FY. Advances not expended by the end of the Grant Agreement term must be refunded to System Agency. System Agency may require Grantee to repay all or part of advance funds at any time during the Grant Agreement term. However, if the advance has not been repaid prior to the last three (3) months of the Grant Agreement term, the Grantee must deduct at least one-third (1/3`�) of the remaining advance from each of the last three (3) months' reimbursement requests. If the advance is not repaid prior to the last three (3) months of the Grant Agreement term, System Agency will reduce the reimbursement request by one-third (1/3`�) of the remaining balance of the advance. Page 9 of 9 DocuSign Envelope ID: 9EF6E9C2-F2F6-4DA9-BBFF-A5961345A3A8 Attachment B- Project FY2025 Budget DSHS Contract No. HHS001439500038 ATTACHMENT B PROJECT FYZOZS BUDGET The table below establishes the categorical budget for Project FY2025, which is the period from July 1, 2024, through June 30, 2025. Budget Categories DSHS Funding Personnel $162,738.00 Fringe Benefits $74,209.00 Travel $5,900.00 Equipment $0.00 Supplies $6,273.00 Contractual $10,800.00 Other $1,913.00 Sum of DSHS Direct Costs $261,833.00 Indirect Costs $0.00 Sum of DSHS Direct Costs and Indirect Costs $261,833.00 Plus Required Match (Cash or In-Kind) $26,183.00 Total Contract Amount $288,016.00 Page 1 of 1 Attachment C— HHS Contract Affirmations, Version 2.3, DocuSign Envelope ID: 9EF6E9C2-F2F6-4DA9-BBFF-A5961345A3A8 Effective August 2023 DSHS Contract No. HHS001439500038 HEALTH AND HUMAN SERVICES Contract Number HHS001439500038 Attachment C CONTRACT AFFIRMATIONS For purposes of these Contract Affrmations, HHS includes both the Health and Human Services Commission (HHSC) and the Deparhnent of State Health Services (DSHS). System Agency refers to HHSC, DSHS, or both, that will be a party to this Contract. These Contract Affirmations apply to all Contractors and Grantees (referred to as "Contractor") regardless of their business form (e.g., individual, partnership, corporation). By entering into this Contract, Contractor affirms, without exception, understands, and agrees to comply with the following items through the life of the Contract: 1. Contractor represents and warrants that these Contract Affrmations apply to Contractor and all of Contractor's principals, officers, directors, shareholders, partners, owners, agents, employees, subcontractors, independent contractors, and any other representatives who may provide services under, who have a financial interest in, or otherwise are interested in this Contract and any related Solicitation. 2. 3. 4. Complete and Accurate Information Contractor represents and warrants that all statements and information provided to HHS are current, complete, and accurate. This includes all statements and information in this Contract and any related Solicitation Response. Public Information Act Contractor understands that HHS will comply with the Texas Public Information Act (Chapter 552 of the Texas Government Code) as interpreted by judicial rulings and opinions of the Attorney General of the State of Texas. Information, documentation, and other material prepared and submitted in connection with this Contract or any related Solicitation may be subject to public disclosure pursuant to the Texas Public Information Act. In accordance with Section 2252.907 of the Texas Government Code, Contractor is required to make any information created or exchanged with the State pursuant to the Contract, and not otherwise excepted from disclosure under the Texas Public Information Act, available in a format that is accessible by the public at no additional charge to the State. Contracting Information Requirements Contractor represents and warrants that it will comply with the requirements of Section 552.372(a) of the Texas Government Code. Except as provided by Section 552.374(c) of the Texas Government Code, the requirements of Subchapter J(Additional Provisions Related to Contracting Information), Chapter 552 of the Government Code, may apply to the Contract and the Contractor agrees that the Contract can be terminated if the Contractor knowingly or intentionally fails to comply with a requirement of that subchapter. Health and Human Services Contract Affirmations v. 23 Effective August 2023 Page l of 14 Attachment C— HHS Contract Affirmations, Version 2.3, DocuSign Envelope ID: 9EF6E9C2-F2F6-4DA9-BBFF-A5961345A3A8 Effective August 2023 DSHS Contract No. HHS001439500038 5. 6. 7. 8. 9. 10. 11. Assignment A. Contractor shall not assign its rights under the Contract or delegate the performance of its duties under the Contract without prior written approval from System Agency. Any attempted assignment in violation of this provision is void and without effect. B. Contractor understands and agrees the System Agency may in one or more transactions assign, pledge, or transfer the Contract. Upon receipt of System Agency's notice of assignment, pledge, or transfer, Contractor shall cooperate with System Agency in giving effect to such assignment, pledge, or transfer, at no cost to System Agency or to the recipient entity. Terms and Conditions Contractor accepts the Solicitation terms and conditions unless specifically noted by exceptions advanced in the form and manner directed in the Solicitation, if any, under which this Contract was awarded. Contractor agrees that all exceptions to the Solicitation, as well as terms and conditions advanced by Contractor that differ in any manner from HHS' terms and conditions, if any, are rejected unless expressly accepted by System Agency in writing. HHS Right to Use Contractor agrees that HHS has the right to use, produce, and distribute copies of and to disclose to HHS employees, agents, and contractors and other governmental entities all or part of this Contract or any related Solicitation Response as HHS deems necessary to complete the procurement process or comply with state or federal laws. Release from Liability Contractor generally releases from liability and waives all claims against any party providing information about the Contractor at the request of System Agency. Dealings with Public Servants Contractor has not given, has not offered to give, and does not intend to give at any time hereafter any economic opportunity, future employment, gi8, loan, gratuity, special discount, trip, favor, or service to a public servant in connection with this Contract or any related Solicitation, or related Solicitation Response. Financial Participation Prohibited Under Section 2155.004, Texas Government Code (relating to financial participation in preparing solicitations), Contractor certifies that the individual or business entity named in this Contract and any related Solicitation Response is not ineligible to receive this Contract and acknowledges that this Contract may be terminated and payment withheld if this certifcation is inaccurate. Prior Disaster Relief Contract Violation Under Sections 2155.006 and 2261.053 of the Texas Government Code (relating to convictions and penalties regarding Hurricane Rita, Hurricane Katrina, and other disasters), the Contractor certifies that the individual or business entity named in this Contract and any related Solicitation Response is not ineligible to receive this Contract Health and Human Services Contract Affirmations v. 23 Effective August 2023 Page 2 of 14 Attachment C— HHS Contract Affirmations, Version 2.3, DocuSign Envelope ID: 9EF6E9C2-F2F6-4DA9-BBFF-A5961345A3A8 Effective August 2023 DSHS Contract No. HHS001439500038 12. 13 14. 15. 16. 17. and acknowledges that this Contract may be terminated and payment withheld if this certification is inaccurate. Child Support Obligation Under Section 231.006(d) of the Texas Family Code regarding child support, Contractor certifies that the individual or business entity named in this Contract and any related Solicitation Response is not ineligible to receive the specified payment and acknowledges that the Contract may be terminated and payment may be withheld if this certification is inaccurate. If the certification is shown to be false, Contractor may be liable for additional costs and damages set out in 231.006( fl. Suspension and Debarment Contractor certifies that it and its principals are not suspended or debarred from doing business with the state or federal government as listed on the State of Texas Debarred Vendor List maintained by the Texas Comptroller of Public Accounts and the System for Award Management (SAM} maintained by the General Services Administration. This certification is made pursuant to the regulations implementing Executive Order 12549 and Executive Order 12689, Debarment and Suspension, 2 C.F.R. Part 376, and any relevant regulations promulgated by the Department or Agency funding this project. This provision shall be included in its entirety in Contractor's subcontracts, if any, if payment in whole or in part is from federal funds. Excluded Parties Contractor certifies that it is not listed in the prohibited vendors list authorized by Executive Order 13224, "Blocking Property and Prohibiting Transactions with Persons Who Commit, Threaten to Commit, or Support Terrorism, " published by the United States Department of the Treasury, Office of Foreign Assets Control.' Foreign Terrorist Organizations Contractor represents and warrants that it is not engaged in business with Iran, Sudan, or a foreign terrorist organization, as prohibited by Section 2252.152 of the Texas Government Code. Executive Head of a State Agency In accordance with Section 669.003 of the Texas Government Code, relating to contracting with the executive head of a state agency, Contractor certifies that it is not (1) the executive head of an HHS agency, (2) a person who at any time during the four years before the date of this Contract was the executive head of an HHS agency, or (3) a person who employs a current or former executive head of an HHS agency. Human Trafficking Prohibition Under Section 2155.0061 of the Texas Government Code, Contractor certifies that the individual or business entity named in this Contract is not ineligible to receive this Contract and acknowledges that this Contract may be terminated and payment withheld if this certification is inaccurate. Health and Human Services Contract Affirmations v. 23 Effective August 2023 Page 3 of 14 Attachment C— HHS Contract Affirmations, Version 2.3, DocuSign Envelope ID: 9EF6E9C2-F2F6-4DA9-BBFF-A5961345A3A8 Effective August 2023 DSHS Contract No. HHS001439500038 18. 19. 20. Franchise Tax Status Contractor represents and warrants that it is not currently delinquent in the payment of any franchise taxes owed the State of Texas under Chapter 171 of the Texas Tax Code. Debts and Delinquencies Contractor agrees that any payments due under this Contract shall be applied towards any debt or delinquency that is owed to the State of Texas. Lobbying Prohibition Contractor represents and warrants that payments to Contractor and Contractor's receipt of appropriated or other funds under this Contract or any related Solicitation are not prohibited by Sections 556.005, 556.0055, or 556.008 of the Texas Government Code (relating to use of appropriated money or state funds to employ or pay lobbyists, lobbying expenses, or influence legislation). 21. Buy Texas 22. 23. 24. 25. Contractor agrees to comply with Section 2155.4441 of the Texas Government Code, requiring the purchase of products and materials produced in the State of Texas in performing service contracts. Disaster Recovery Plan Contractor agrees that upon request of System Agency, Contractor shall provide copies of its most recent business continuity and disaster recovery plans. Computer Equipment Recycling Program If this Contract is for the purchase or lease of computer equipment, then Contractor certifies that it is in compliance with Subchapter Y, Chapter 361 of the Texas Health and Safety Code related to the Computer Equipment Recycling Program and the Texas Commission on Environmental Quality rules in 30 TAC Chapter 328. Television Equipment Recycling Program If this Contract is for the purchase or lease of covered television equipment, then Contractor certifes that it is compliance with Subchapter Z, Chapter 361 of the Texas Health and Safety Code related to the Television Equipment Recycling Program. Cybersecurity Training A. Contractor represents and warrants that it will comply with the requirements of Section 2054.5192 of the Texas Government Code relating to cybersecurity training and required verification of completion of the training program. B. Contractor represents and warrants that if Contractor or Subcontractors, officers, or employees of Contractor have access to any state computer system or database, the Contractor, Subcontractors, officers, and employees of Contractor shall complete cybersecurity training pursuant to and in accordance with Government Code, Section 2054.5192. Health and Human Services Contract Affirmations v. 23 Effective August 2023 Page 4 of 14 Attachment C— HHS Contract A�rmations, Version 2.3, DocuSign Envelope ID: 9EF6E9C2-F2F6-4DA9-BBFF-A5961345A3A8 Effective August 2023 DSHS Contract No. HHS001439500038 26. Restricted Employment for Certain State Personnel Contractor acknowledges that, pursuant to Section 572.069 of the Texas Government Code, a former state officer or employee of a state agency who during the period of state service or employment participated on behalf of a state agency in a procurement or contract negotiation involving Contractor may not accept employment from Contractor before the second anniversary of the date the Contract is signed or the procurement is terminated or withdrawn. 27. No Conflicts of Interest A. Contractor represents and warrants that it has no actual or potential conflicts of interest in providing the requested goods or services to System Agency under this Contract or any related Solicitation and that Contractor's provision of the requested goods and/or services under this Contract and any related Solicitation will not constitute an actual or potential conflict of interest or reasonably create an appearance of impropriety. B. Contractor agrees that, if after execution of the Contract, Contractor discovers or is made aware of a Conflict of Interest, Contractor will immediately and fully disclose such interest in writing to System Agency. In addition, Contractor will promptly and fully disclose any relationship that might be perceived or represented as a conflict after its discovery by Contractor or by System Agency as a potential conflict. System Agency reserves the right to make a final determination regarding the existence of Conflicts of Interest, and Contractor agrees to abide by System Agency's decision. 28. Fraud, Waste, and Abuse Contractor understands that HHS does not tolerate any type of fraud, waste, or abuse. Violations of law, agency policies, or standards of ethical conduct will be investigated, and appropriate actions will be taken. Pursuant to Texas Government Code, Section 321.022, if the administrative head of a department or entity that is subject to audit by the state auditor has reasonable cause to believe that money received from the state by the department or entity or by a client or contractor of the department or entity may have been lost, misappropriated, or misused, or that other fraudulent or unlawful conduct has occurred in relation to the operation of the department or entity, the administrative head shall report the reason and basis for the belief to the Texas State Auditor's Office (SAO). All employees or contractors who have reasonable cause to believe that fraud, waste, or abuse has occurred (including misconduct by any HHS employee, Grantee officer, agent, employee, or subcontractor that would constitute fraud, waste, or abuse) are required to immediately report the questioned activity to the Health and Human Services Commission's Office of Inspector General. Contractor agrees to comply with all applicable laws, rules, regulations, and System Agency policies regarding fraud, waste, and abuse including, but not limited to, HHS Circular C-027. A report to the SAO must be made through one of the following avenues: • SAO Toll Free Hotline: 1-800-TX-AUDIT • SAO website: http://sao.fraud.state.tx.us�' Health and Human Services Contract Affirmations v. 2.3 Effective August 2023 Page 5 of 14 Attachment C— HHS Contract Affirmations, Version 2.3, DocuSign Envelope ID: 9EF6E9C2-F2F6-4DA9-BBFF-A5961345A3A8 Effective August 2023 DSHS Contract No. HHS001439500038 All reports made to the OIG must be made through one of the following avenues: • OIG Toll Free Hotline 1-800-436-6184 • OIG Website: ReportTexasFraud.com • Internal Affairs Email: InternalAffairsReferral@hhsc.state.tx.us • OIG Hotline Email: OIGFraudHotline@hhsc.state.tx.us. • OIG Mailing Address: Office of Inspector General Attn: Fraud Hotline MC 1300 P.O. Box 85200 Austin, Texas 78708-5200 29. Antitrust The undersigned affirms under penalty of perjury of the laws of the State of Texas that: A. in connection with this Contract and any related Solicitation Response, neither I nor any representative of the Contractor has violated any provision of the Texas Free Enterprise and Antitrust Act, Tex. Bus. & Comm. Code Chapter 15; B. in connection with this Contract and any related Solicitation Response, neither I nor any representative of the Contractor has violated any federal antitrust law; and C. neither I nor any representative of the Contractor has directly or indirectly communicated any of the contents of this Contract and any related Solicitation Response to a competitor of the Contractor or any other company, corporation, firm, partnership or individual engaged in the same line of business as the Contractor. 30. Legal and Regulatory Actions Contractor represents and warrants that it is not aware of and has received no notice of any court or governmental agency proceeding, investigation, or other action pending or threatened against Contractor or any of the individuals or entities included in numbered paragraph 1 of these Contract Affirmations within the five (5) calendar years immediately preceding execution of this Contract or the submission of any related Solicitation Response that would or could impair Contractor's performance under this Contract, relate to the contracted or similar goods or services, or otherwise be relevant to System Agency's consideration of entering into this Contract. If Contractor is unable to make the preceding representation and warranty, then Contractor instead represents and warrants that it has provided to System Agency a complete, detailed disclosure of any such court or governmental agency proceeding, investigation, or other action that would or could impair Contractor's performance under this Contract, relate to the contracted or similar goods or services, or otherwise be relevant to System Agency's consideration of entering into this Contract. In addition, Contractor acknowledges this is a continuing disclosure requirement. Contractor represents and warrants that Contractor shall notify System Agency in writing within five (5) business days of any changes to the representations or warranties in this clause and understands that failure to so timely update System Agency shall constitute breach of contract and may result in immediate contract termination. Health and Human Services Contract Affirmations v. 2.3 Effective August 2023 Page 6 of 14 Attachment C— HHS Contract Affirmations, Version 2.3, DocuSign Envelope ID: 9EF6E9C2-F2F6-4DA9-BBFF-A5961345A3A8 Effective August 2023 DSHS Contract No. HHS001439500038 31. 32. 33. 34. 35. No Felony Criminal Convictions Contractor represents that neither Contractor nor any of its employees, agents, or representatives, including any subcontractors and employees, agents, or representative of such subcontractors, have been convicted of a felony criminal offense or that if such a conviction has occurred Contractor has fully advised System Agency in writing of the facts and circumstances surrounding the convictions. Unfair Business Practices Contractor represents and warrants that it has not been the subject of allegations of Deceptive Trade Practices violations under Chapter 17 of the Texas Business and Commerce Code, or allegations of any unfair business practice in any administrative hearing or court suit and that Contractor has not been found to be liable for such practices in such proceedings. Contractor certifies that it has no officers who have served as officers of other entities who have been the subject of allegations of Deceptive Trade Practices violations or allegations of any unfair business practices in an administrative hearing or court suit and that such officers have not been found to be liable for such practices in such proceedings. Entities that Boycott Israel Contractor represents and warrants that (1) it does not, and shall not for the duration of the Contract, boycott Israel or (2) the verification required by Section 2271.002 of the Texas Government Code does not apply to the Contract. If circumstances relevant to this provision change during the course of the Contract, Contractor shall promptly notify System Agency. E-Verify Contractor certifies that for contracts for services, Contractor shall utilize the U.S. Department of Homeland Security's E-Verify system during the term of this Contract to determine the eligibility of: 1. all persons employed by Contractor to perform duties within Texas; and 2. all persons, including subcontractors, assigned by Contractor to perform work pursuant to this Contract within the United States of America. Former Agency Employees — Certain Contracts If this Contract is an employment contract, a professional services contract under Chapter 2254 of the Texas Government Code, or a consulting services contract under Chapter 2254 of the Texas Government Code, in accordance with Section 2252.901 of the Texas Government Code, Contractor represents and warrants that neither Contractor nor any of Contractor's employees including, but not limited to, those authorized to provide services under the Contract, were former employees of an HHS Agency during the twelve (12) month period immediately prior to the date of the execution of the Contract. Health and Human Services Contract Affirmations v. 2.3 Effective August 2023 Page 7 of l4 Attachment C— HHS Contract Affirmations, Version 2.3, DocuSign Envelope ID: 9EF6E9C2-F2F6-4DA9-BBFF-A5961345A3A8 Effective August 2023 DSHS Contract No. HHS001439500038 36. Disclosure of Prior State Employment — Consulting Services If this Contract is for consulting services, A. In accordance with Section 2254.033 of the Texas Government Code, a Contractor providing consulting services who has been employed by, or employs an individual who has been employed by, System Agency or another State of Texas agency at any time during the two years preceding the submission of Contractor's offer to provide services must disclose the following information in its offer to provide services. Contractor hereby certifies that this information was provided and remains true, correct, and complete: 1. Name of individual(s) (Contractor or employee(s)); 2. Status; 3. The nature of the previous employment with HHSC or the other State of Texas agency; 4. The date the employment was terminated and the reason for the termination; and 5. The annual rate of compensation for the employment at the time of its termination. B. If no information was provided in response to Section A above, Contractor certifies that neither Contractor nor any individual employed by Contractor was employed by System Agency or any other State of Texas agency at any time during the two years preceding the submission of Contractor's offer to provide services. 37. Abortion Funding Limitallon Contractor understands, acknowledges, and agrees that, pursuant to Article IX of the General Appropriations Act (the Act), to the extent allowed by federal and state law, money appropriated by the Texas Legislature may not be distributed to any individual or entity that, during the period for which funds are appropriated under the Act: 1. performs an abortion procedure that is not reimbursable under the state's Medicaid program; 2. is commonly owned, managed, or controlled by an entity that performs an abortion procedure that is not reimbursable under the state's Medicaid program; or 3. is a franchise or affiliate of an entity that performs an abortion procedure that is not reimbursable under the state's Medicaid program. The provision does not apply to a hospital licensed under Chapter 241, Health and Safety Code, or an office exempt under Section 245.004(2), Health and Safety Code. Contractor represents and warrants that it is not ineligible, nor will it be ineligible during the term of this Contract, to receive appropriated funding pursuant to Article IX. 38. Funding Eligibility Contractor understands, acknowledges, and agrees that, pursuant to Chapter 2272 (eff. Sept. 1, 2021, Ch. 2273) of the Texas Government Code, except as exempted under that Chapter, HHSC cannot contract with an abortion provider or an affiliate of an abortion provider. Contractor certifies that it is not ineligible to contract with HHSC under the terms of Chapter 2272 (eff. Sept. 1, 2021, Ch. 2273) of the Texas Government Code. Health and Human Services Contract Affirmations v. 23 Effective August 2023 Page 8 of l4 Attachment C— HHS Contract Affirmations, Version 2.3, DocuSign Envelope ID: 9EF6E9C2-F2F6-4DA9-BBFF-A5961345A3A8 Effective August 2023 DSHS Contract No. HHS001439500038 39. Gender Transitioning and Gender Reassignment Procedures and Treatments for Certain Children — Prohibited Use of Public Money; Prohibited State Health Plan Reimbursement. Contractor understands, acknowledges, and agrees that, pursuant to Section 161.704 of the Texas Health and Safety Code (eff. Sept. 1, 2023), public money may not directly or indirectly be used, granted, paid, or distributed to any health care provider, medical school, hospital, physician, or any other entity, organization, or individual that provides or facilitates the provision of a procedure or treatment to a child that is prohibited under Section 161.702 of the Texas Health and Safety Code. Contractor also understands, acknowledges, and agrees that, pursuant to Section 161.705 of the Texas Health and Safety Code (eff. Sept. 1, 2023), HHSC may not provide Medicaid reimbursement and the child health plan program established under Chapter 62 may not provide reimbursement to a physician or health care provider for provision of a procedure or treatment to a child that is prohibited under Section 161.702 of the Texas Health and Safety Code. Contractor certifes that it is not ineligible to contract with System Agency under the terms of Chapter 161, Subchapter X, of the Texas Health and Safety Code. 40. Prohibition on Certain Telecommunications and Video Surveillance Services or Equipment (2 CFR 200.216) Contractor certifies that the individual or business entity named in this Response or Contract is not ineligible to receive the specified Contract or funding pursuant to 2 CFR 200.216. 41. COVID-19 Vaccine Passports Pursuant to Texas Health and Safety Code, Section 161.0085(c), Contractor certifies that it does not require its customers to provide any documentation certifying the customer's COVID-19 vaccination or post-transmission recovery on entry to, to gain access to, or to receive service from the Contractor's business. Contractor acknowledges that such a vaccine or recovery requirement would make Contractor ineligible for a state-funded contract. 42. COVID-19 Vaccinations Contractor understands, acknowledges, and agrees that, pursuant to Article II of the General Appropriations Act, none of the General Revenue Funds appropriated to the Department of State Health Services (DSHS) may be used for the purpose of promoting or advertising COVID-19 vaccinations in the 2024-25 biennium. It is also the intent of the legislature that to the extent allowed by federal law, any federal funds allocated to DSHS shall be expended for activities other than promoting or advertising COVID-19 vaccinations. Contractor represents and warrants that it is not ineligible, nor will it be ineligible during the term of this Contract, to receive appropriated funding pursuant to Article II. Health and Human Services Contract Affirmations v. 23 Effective August 2023 Page 9 of 14 Attachment C— HHS Contract Affirmations, Version 2.3, DocuSign Envelope ID: 9EF6E9C2-F2F6-4DA9-BBFF-A5961345A3A8 Effective August 2023 DSHS Contract No. HHS001439500038 43. 44. 45. 46. Entities that Boycott Energy Companies In accordance with Senate Bill 13, Acts 2021, 87th Leg., R.S., pursuant to Section 2274.002 (eff. Sept. l, 2023, Section 2276.002, pursuant to House Bill 4595, Acts 2023, 88th Leg., R.S.) of the Texas Government Code (relating to prohibition on contracts with companies boycotting certain energy companies), Contractor represents and warrants that: (1) it does not, and will not for the duration of the Contract, boycott energy companies or (2) the verification required by Section 2274.002 (eff. Sept. l, 2023, Section 2276.002, pursuant to House Bi114595, Acts 2023, 88th Leg., R.S.) of the Texas Government Code does not apply to the Contract. If circumstances relevant to this provision change during the course of the Contract, Contractor shall promptly notify System Agency. Entities that Discriminate Against Firearm and Ammunition Industries In accordance with Senate Bill 19, Acts 2021, 87th Leg., R.S., pursuant to Section 2274.002 of the Texas Government Code (relating to prohibition on contracts with companies that discriminate against firearm and ammunition industries), Contractor verifies that: (1) it does not, and will not for the duration of the Contract, have a practice, policy, guidance, or directive that discriminates against a firearm entity or firearm trade association or (2) the verification required by Section 2274.002 of the Texas Government Code does not apply to the Contract. If circumstances relevant to this provision change during the course of the Contract, Contractor shall promptly notify System Agency. Security Controls for State Agency Data In accordance with Senate Bi11475, Acts 2021, 87th Leg., R.S., pursuant to Texas Government Code, Section 2054.138, Contractor understands, acknowledges, and agrees that if, pursuant to this Contract, Contractor is or will be authorized to access, transmit, use, or store data for System Agency, Contractor is required to meet the security controls the System Agency determines are proportionate with System Agency's risk under the Contract based on the sensitivity of System Agency's data and that Contractor must periodically provide to System Agency evidence that Contractor meets the security controls required under the Contract. Cloud Computing State Risk and Authorization Management Program (TX-RAMP) In accordance with Senate Bi11475, Acts 2021, 87th Leg., R.S., pursuant to Texas Government Code, Section 2054.0593, Contractor acknowledges and agrees that, if providing cloud computing services for System Agency, Contractor must comply with the requirements of the state risk and authorization management program and that System Agency may not enter or renew a contract with Contractor to purchase cloud computing services for the agency that are subject to the state risk and authorization management program unless Contractor demonstrates compliance with program requirements. If providing cloud computing services for System Agency that are subject to the state risk and authorization management program, Contractor certifies it will maintain program compliance and certification throughout the term of the Contract. Health and Human Services Contract Affirmations v. 2.3 Effective August 2023 Page 10 of l4 Attachment C— HHS Contract Affirmations, Version 2.3, DocuSign Envelope ID: 9EF6E9C2-F2FB-4DA9-BBFF-A5961345A3A8 Effective August 2023 DSHS Contract No. HHS001439500038 47. Office of Inspector General Investigative Findings Expert Review In accordance with Senate Bill 799, Acts 2021, 87th Leg., R.S., if Texas Government Code, Section 531.102(m-1)(2) (ef£ Apr. 1, 2025, Section 544.0106, pursuant to House Bi114611, Acts 2023, 88th Leg., R.S.) is applicable to this Contract, Contractor affirms that it possesses the necessary occupational licenses and experience. 48. Contract for Professional Services of Physicians, Optometrists, and Registered Nurses In accordance with Senate Bill 799, Acts 2021, 87th Leg., R.S., if Texas Government Code, Section 2254.008(a)(2) is applicable to this Contract, Contractor affirms that it possesses the necessary occupational licenses and experience. 49. Foreign-Owned Companies in Connection with CriNcal Infrastructure If Texas Government Code, Section 2274.0102(a)(1) (eff. Sept. 1, 2023, Section 2275.0102(a)(1), pursuant to House Bi114595, Acts 2023, 88th Leg., R.S.) (relating to prohibition on contracts with certain foreign-owned companies in connection with critical infrastructure) is applicable to this Contract, pursuant to Government Code Section 2274.0102 (eff. Sept. 1, 2023, Section 2275.0102, pursuant to House Bi114595, Acts 2023, 88th Leg., R.S.), Contractor certifies that neither it nor its parent company, nor any affiliate of Contractor or its parent company, is: (1) majority owned or controlled by citizens or governmental entities of China, Iran, North Korea, Russia, or any other country designated by the Governor under Government Code Section 2274.0103 (eff. Sept. 1, 2023, Section 2275.0103, pursuant to House Bi114595, Acts 2023, 88th Leg., R.S.), or (2) headquartered in any of those countries. 50. Critical Infrastructure Subcontracts For purposes of this Paragraph, the designated countries are China, Iran, North Korea, Russia, and any countries lawfully designated by the Governor as a threat to critical infrastructure. Pursuant to Section 113.002 of the Business and Commerce Code, Contractor shall not enter into a subcontract that will provide direct or remote access to or control of critical infrastructure, as defined by Section 113.001 of the Texas Business and Commerce Code, in this state, other than access specifically allowed for product warranty and support purposes to any subcontractor unless (i) neither the subcontractor nor its parent company, nor any affiliate of the subcontractor or its parent company, is majority owned or controlled by citizens or governmental entities of a designated country; and (ii) neither the subcontractor nor its parent company, nor any affiliate of the subcontractor or its parent company, is headquartered in a designated country. Contractor will notify the System Agency before entering into any subcontract that will provide direct or remote access to or control of critical infrastructure, as defined by Section 113.001 of the Texas Business & Commerce Code, in this state. 51. Enforcement of Certain Federal Firearms Laws Prohibited In accordance with House Bill 957, Acts 2021, 87th Leg., R.S., if Texas Government Code, Section 2.101 is applicable to Contractor, Contractor certifies that it is not ineligible to receive state grant funds pursuant to Texas Government Code, Section 2.103. Heaith and Human Services Contract Affirmations v. 23 Effective August 2023 Page 11 of 14 Attachment C— HHS Contract Affirmations, Version 2.3, DocuSign Envelope ID: 9EF6E9C2-F2FB-4DA9-BBFF-A5961345A3A8 Effective August 2023 DSHS Contract No. HHS001439500038 52. 53. 54. 55 56. 57. Prohibition on Abortions Contractor understands, acknowledges, and agrees that, pursuant to Article II of the General Appropriations Act, (1) no funds shall be used to pay the direct or indirect costs (including marketing, overhead, rent, phones, and utilities) of abortion procedures provided by contractors of HHSC; and (2) no funds appropriated for Medicaid Family Planning, Healthy Texas Women Program, or the Family Planning Program shall be distributed to individuals or entities that perform elective abortion procedures or that contract with or provide funds to individuals or entities for the performance of elective abortion procedures. Contractor represents and warrants that it is not ineligible, nor will it be ineligible during the term of this Contract, to receive appropriated funding pursuant to Article II. False Representation Contractor understands, acknowledges, and agrees that any false representation or any failure to comply with a representation, warranty, or certification made by Contractor is subject to all civil and criminal consequences provided at law or in equity including, but not limited to, immediate termination of this Contract. False Statements Contractor represents and warrants that all statements and information prepared and submitted by Contractor in this Contract and any related Solicitation Response are current, complete, true, and accurate. Contractor acknowledges any false statement or material misrepresentation made by Contractor during the performance of this Contract or any related Solicitation is a material breach of contract and may void this Contract. Further, Contractor understands, acknowledges, and agrees that any false representation or any failure to comply with a representation, warranty, or certification made by Contractor is subject to all civil and criminal consequences provided at law or in equity including, but not limited to, immediate termination of this Contract. Permits and License Contractor represents and warrants that it will comply with all applicable laws and maintain all permits and licenses required by applicable city, county, state, and federal rules, regulations, statutes, codes, and other laws that pertain to this Contract. Equal Employment Opportunity Contractor represents and warrants its compliance with all applicable duly enacted state and federal laws governing equal employment opportunities. Federal Occupational Safety and Health Law Contractor represents and warrants that all articles and services shall meet or exceed the safety standards established and promulgated under the Federal Occupational Safety and Health Act of 1970, as amended (29 U.S.C. Chapter 15). Health and Human Services Contract Affirmations v. 23 Effective August 2023 Page 12 of 14 Attachment C— HHS Contract Affirmations, Version 2.3, DocuSign Envelope ID: 9EF6E9C2-F2FB-4DA9-BBFF-A5961345A3A8 Effective August 2023 DSHS Contract No. HHS001439500038 58. Signature Authority Contractor represents and warrants that the individual signing this Contract Affirmations document is authorized to sign on behalf of Contractor and to bind the Contractor. Signature Page Follows Health and Human Services Contract Affirmations v. 2.3 Effective August 2023 Page 13 of 14 Attachment C— HHS Contract Affirmations, Version 2.3, DocuSign Envelope ID: 9EF6E9C2-F2F6-4DA9-BBFF-A5961345A3A8 Effective August 2023 DSHS Contract No. HHS001439500038 Authorized representative on behalf of Contractor must complete and sign the following: Legal Name of Contractor Assumed Business Name of Contractor, if applicable (d/b/a or `doing business as') Texas County(s) for Assumed Business Name (d/b/a or `doing business as') Attach Assumed Name Certificate(s) filed with the Texas Secretary of State and Assumed Name Certificate(s), if any, for each Texas County Where Assumed Name Certificate(s) has been filed. Signature of Authorized Representative Gloria Diaz Printed Name of Authorized Representative First, Middle Name or Initial, and Last Name Physical Street Address Mailing Address, if different Phone Number Email Address Federal Employer ldentification Number Texas Franchise Tax Number SAM.gov Unique Entity Identifier (UEI) Date Signed Title of Authorized Representative City, State, Zip Code City, State, Zip Code Fax Number DUNS Number Texas Identification Number (TIN) Texas Secretary of State Filing Number Health and Human Services Contract Affirmations v. 2.3 Effective August 2023 Page 14 of 14 Attachment D— HHS Uniform Terms and Conditions - Grant, Version DocuSign Envelope ID: 9EF6E9C2-F2F6-4DA9-BBFF-A5961345A3A8 3.3, Effective November 2023 DSHS Contract No. HHS001439500038 ••. .� . . . . . ' . : � , . . . . . • . . . . : � � � � . .• •' �.. Health and Human Services (HHS) Uniform Terms and Conditions - Grant Version 3.3 Published and Effective — November 2023 Responsible Office: Chief Counsel HHS Uniform Terms and Conditions -- Grant v 3.3 Effective November 2023 Page 1 of 28 Attachment D— HHS Uniform Terms and Conditions - Grant, Version DocuSign Envelope ID: 9EF6E9C2-F2F6-4DA9-BBFF-A5961345A3A8 3.3, Effective November 2023 DSHS Contract No. HHS001439500038 ABOUT THIS DOCUMENT In this document, Grantees (also referred to in this document as subrecipients or contractors) will find requirements and conditions applicable to grant funds administered and passed through by both the Texas Health and Human Services Commission (HHSC) and the Department of State Health Services (DSHS). These requirements and conditions are incorporated into the Grant Agreement through acceptance by Grantee of any funding award by HHSC or DSHS. The terms and conditions in this document are in addition to all requirements listed in the RFA, if any, under which applications for this grant award are accepted, as well as all applicable federal and state laws and regulations. Applicable federal and state laws and regulations may include, but are not limited to: 2 CFR Part 200, Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards; requirements of the entity that awarded the funds to HHS; Chapter 783 of the Texas Government Code; Texas Comptroller of Public Accounts' agency rules (including Uniform Grant and Contract Standards set forth in Title 34, Part 1, Chapter 20, Subchapter E, Division 4 of the Texas Administrative Code); the Texas Grant Management Standards (TxGMS) developed by the Texas Comptroller of Public Accounts; and the Funding Announcement, Solicitation, or other instrumenddocumentation under which HHS was awarded funds. HHS, in its sole discretion, reserves the right to add requirements, terms, or conditions. HHS Uniform Terms and Conditions Grant v 3.3 Effective November 2023 Page 2 of 28 Attachment D- HHS Uniform Terms and Conditions - Grant, Version DocuSign Envelope ID: 9EF6E9C2-F2F6-4DA9-BBFF-A5961345A3A8 3.3, Effective November 2023 DSHS Contract No. HHS001439500038 TABLE OF CONTENTS ARTICLE I. DEFINITIONS AND INTERPRETIVE PROVISIONS ............................................. G 1.1 DEFINITIONS ......................................................................................................... 6 1.Z INTERPRETIVE PROVISIONS .................................................................................. 7 ARTICLE II. PAYMENT PROVISIONS .................................................................................. H 2.1 PROMPT PAYMENT ................................................................................................ H 2.2 TAXES .................................................................................................................... 8 2.3 ANCILLARY AND TRAVEL EXPENSES ................................................................... g 2.4 BILLING ................................................................................................................. 9 2.S USE OF FUNDS ....................................................................................................... 9 Z.0 USE FOR MATCH PROHIBITED .............................................................................. 9 2.% PROGRAM INCOME ............................................................................................... 9 i.8 NONSUPPLANTING .................................................................................................9 2.9 INDIRECT COST RATES ......................................................................................... 9 ARTICLE III. STATE AND FEDERAL FUNDING ................................................................ 10 3.1 EXCESS OBLIGATIONS PROHIBITED ................................................................... 1 O 3.2 NO DEBT AGAINST THE STATE ........................................................................... 1 O 3.3 DEBTS AND DELINQUENCIES .............................................................................. 1 O 3.4 REFUNDS AND OVERPAYMENTS ......................................................................... 1 O ARTICLE IV. ALLOWABLE COSTS AND AUDIT REQUIREMENTS .................. 10 4.1 ALLOWABLE COSTS ............................................................................................ 10 4.2 AUDITS AND FINANCIAL STATEMENTS ............................................................... 1 1 4.3 SUBMISSION OF AUDITS AND FINANCIAL STATEMENTS .................................... 1 1 ARTICLE V. WARRANTY, AFFIRMATIONS, ASSURANCES AND CERTIFICATIONS.......... 12 S.1 WARRANTY ......................................................................................................... 12 5.2 GENERAL AFFIRMATIONS ................................................................................... 12 5.3 FEDERAL ASSURANCES ....................................................................................... 12 S.4 FEDERAL CERTIFICATIONS ................................................................................ 12 5.5 STATE ASSURANCES ............................................................................................ 12 ARTICLE VI. INTELLECTUAL PROPERTY ........................................................................ 13 C.1 OWNERSHIP OF WORK PRODUCT ....................................................................... 13 6.2 GRANTEE'S PRE-EXISTING WORKS ................................................................... 13 6.3 Tt-i�[tn Pa[tTv IP ................................................................................................. 14 HHS Uniform Terms and Conditions - Grant v 3.3 Effective November 2023 Page 3 of 28 Attachment D- HHS Uniform Terms and Conditions - Grant, Version DocuSign Envelope ID: 9EF6E9C2-F2FB-4DA9-BBFF-A5961345A3A8 3.3, Effective November 2023 DSHS Contract No. HHS001439500038 6.4 AGREEMENTS WITH EMPLOYEES AND SUBCONTRACTORS ............................... 14 G.S DELIVERY UPON TERMINATION OR EXPIRATION .............................................. 14 6.6 SURVIVAL ............................................................................................................ 14 G.7 SYSTEM AGENCY DATA ...................................................................................... 14 ARTICLEVII. PROPERTY ................................................................................................ 15 %.1 USE OF STATE PROPERTY ................................................................................... 1 S 7.2 DAMAGE TO STATE PROPERTY .......................................................................... 1 S %.3 PROPERTY RIGHTS UPON TERMINATION OR EXPIRATION OF CONTRACT ....... 1 S %.4 EQUIPMENT AND PROPERTY ............................................................................... 16 ARTICLE VIII. RECORD RETENTION, AUDIT, AND CONFIDENTIALITY ........................ 16 H.1 RECORD MAINTENANCE AND RETENTION ......................................................... 16 H.Z AGENCY'S RIGHT TO AUDIT ............................................................................... 17 8.3 RESPONSE/COMPLIANCE WITH AUDIT OR INSPECTION FINDINGS ................... 1% H.4 STATE AUDITOR'S RIGHT TO AUDIT .................................................................. 1 g H.5 CONFIDENTIALITY .............................................................................................. 1 H ARTICLE IX. GRANT REMEDIES, TERMINATION AND PROHIBITED ACTIVITIES.......... 1H 9.1 REMEDIES ............................................................................................................ 1 g I.2 TERMINATION FOR CONVENIENCE .................................................................... 19 9.3 TERMINATION FOR CAUSE ................................................................................. 19 9.4 GRANTEE RESPONSIBILITY FOR SYSTEM AGENCY'S TERMINATION COSTS.... 19 9.5 INHERENTLY RELIGIOUS ACTIVITIES ................................................................ 20 9.6 POLITICAL ACTIVITIES ....................................................................................... 2O ARTICLEX. INDEMNITY .................................................................................................. 20 lO.l GENERAL INDEMNITY ......................................................................................... 20 10.2 INTELLECTUAL PROPERTY ................................................................................. 21 IO.3 ADDITIONAL INDEMNITY PROVISIONS ............................................................... 21 ARTICLE XI. GENERAL PROVISIONS ............................................................................... 21 11.1 AMENDMENTS ..................................................................................................... 21 11.2 NO QUANTITY GUARANTEES .............................................................................. 21 11.3 CHILD ABUSE REPORTING REQUIREMENTS ...................................................... 22 11.4 CERTIFICATION OF MEETING OR EXCEEDING TOBACCO-FREE WORKPLACE POLICY MINIMUM STANDARDS .......................................................................... ZZ 11.5 INSURANCE AND BONDS ...................................................................................... 22 HHS Uniform Terms and Conditions Grant v 3.3 Effective November 2023 Page 4 of 28 Attachment D— HHS Uniform Terms and Conditions - Grant, Version DocuSign Envelope ID: 9EF6E9C2-F2F6-4DA9-BBFF-A5961345A3A8 3.3, Effective November 2023 DSHS Contract No. HHS001439500038 11.6 LIMITATION ON AUTHORITY .............................................................................. 23 11.� CHANGE IN LAWS AND COMPLIANCE WITH LAWS ............................................ 23 11.g SUBCONTRACTORS ..............................................................................................23 11.9 PERMITTING AND LICENSURE ............................................................................ 23 11.10 INDEPENDENT CONTRACTOR ............................................................................. 24 11.11 GOVERNING LAW AND VENUE ........................................................................... 24 11.12 SEVERABILITY .....................................................................................................24 11.13 SURVIVABILITY ...................................................................................................24 11.14 FORCE MAJEURE ................................................................................................ 24 11.15 NO IMPLIED WAIVER OF PROVISIONS ............................................................... 2$ 11.1C FUNDING DISCLAIMERS AND LABELING ............................................................ 2S 11.1� MEDIA RELEASES ............................................................................................... 25 11.1H PROHIBITION ON NON-COMPETE RESTRICTIONS ............................................. 25 11.19 SOVEREICN IMMUNITY ....................................................................................... 25 i1.2O ENTIRE CONTRACT AND MODIFICATION ........................................................... 26 11.21 COUNTERPARTS .................................................................................................. 2f) 11.22 PROPER AUTHORITY ........................................................................................... 26 11.23 E-VERIFY PROGRAM .......................................................................................... 26 11.24 CIVIL RIGHTS ...................................................................................................... ZE) 11.25 ENTERPRISE INFORMAT[ON MANAGEMENT STANDARDS ................................. 27 11.26 ❑ISCLOSURE OF LITIGATION .............................................................................. 27 11.27 NO THIRD PARTY BENEFICIARIES ..................................................................... 2g 11.2g BINDING EFFECT ................................................................................................. 2g HHS Uniform Terms and Conditions - Grant v 33 Effective November 2023 Page 5 of 28 Attachment D— HHS Uniform Terms and Conditions - Grant, Version DocuSign Envelope ID: 9EF6E9C2-F2F6-4DA9-BBFF-A5961345A3A8 3.3, Effective November 2023 DSHS Contract No. HHS001439500038 ARTICLE I. DEFINITIONS AND INTERPRETIVE PROVISIONS 1.1 UEFINITIONS As used in this Grant Agreement, unless a different definition is specified, or the context clearly indicates otherwise, the following terms and conditions have the meanings assigned below: "Amendment" means a written agreement, signed by the Parties, which documents changes to the Grant Agreement. "Contract" or "Grant A�reement" means the agreement entered into by the Parties, including the Signature Document, these Uniform Terms and Conditions, along with any attachments and amendments that may be issued by the System Agency. "Deliverables" means the goods, services, and work product, including all reports and project documentation, required to be provided by Grantee to the System Agency. "DSHS" means the Department of State Health Services. "Effective Date" means the date on which the Grant Agreement takes effect. "Federal Fiscal Year" means the period beginning October 1 and ending September 30 each year, which is the annual accounting period for the United States government. "GAAP" means Generally Accepted Accounting Principles. "GASB" means the Governmental Accounting Standards Board. "Grantee" means the Party receiving funds under this Grant Agreement. May also be referred to as "subrecipient" or "contractor" in this document. "HHSC" means the Texas Health and Human Services Commission. "Health and Human Services" or "HHS" includes HHSC and DSHS. "Intellectual Property Ri�" means the worldwide proprietary rights or interests, including patent, copyright, trade secret, and trademark rights, as such right may be evidenced by or embodied in: i. any idea, design, concept, personality right, method, process, technique, apparatus, invention, discovery, or improvement; ii. any work of authorship, including any compilation, computer code, website or web page design, literary work, pictorial work, or graphic work; iii. any trademark, service mark, trade dress, trade name, branding, or other indicia of source or origin; iv. domain name registrations; and v. any other proprietary or similar rights. The Intellectual Property Rights of a Party include all worldwide proprietary rights or interests that the Party may have acquired by assignment, by exclusive license, or by license with the right to grant sublicenses. "Parties" means the System Agency and Grantee, collectively. "Party" means either the System Agency or Grantee, individually. "Project" means specific activities of the Grantee that are supported by funds provided under this Grant Agreement. HHS Uniform Terms and Conditions Grant v 3.3 Effective November 2023 Page 6 of 28 Attachment D— HHS Uniform Terms and Conditions - Grant, Version DocuSign Envelope ID: 9EF6E9C2-F2F6-4DA9-BBFF-A5961345A3A8 3.3, Effective November 2023 DSHS Contract No. HHS001439500038 "Signature Document" means the document executed by all Parties for this Grant Agreement. "Solicitation," "Funding Announcement" or "Request for Applications (RFA)" means the document (including all exhibits, attachments, and published addenda), issued by the System Agency under which applications for grant �nds were requested, which is incorporated by reference in the Grant Agreement for all purposes in its entirety. "Solicitation Response" or "Application" means Grantee's full and complete Solicitation response (including any attachments and addenda), which is incorporated by reference in the Grant Agreement for all purposes in its entirety. "State Fiscal Year" means the period beginning September 1 and ending August 31 each year, which is the annual accounting period for the State of Texas. "State of Texas Textravel" means the Texas Comptroller of Public Accounts' website relative to travel reimbursements under this Contract, ifany. "Statement of Work" means the description of activities Grantee must perform to complete the Project, as specified in the Grant Agreement, and as may be amended. "Svstem A eg ncy" means HHSC or DSHS, as applicable. "Work Product" means any and all works, including work papers, notes, materials, approaches, designs, specifications, systems, innovations, improvements, inventions, software, programs, source code, documentation, training materials, audio or audiovisual recordings, methodologies, concepts, studies, reports, whether finished or unfinished, and whether or not included in the deliverables, that are developed, produced, generated or provided by Grantee in connection with Grantee's performance of its duties under the Grant Agreement or through use of any funding provided under this Grant Agreement. "Texas Grant Management Standards" or "TxGMS" means uniform grant and contract administration procedures, developed under the authority of Chapter 783 of the Texas Government Code, to promote the efficient use of public funds in local government and in programs requiring cooperation among local, state, and federal agencies. Under this Grant Agreement, TxGMS applies to Grantee except as otherwise provided by applicable law or directed by System Agency. Additionally, except as otherwise provided by applicable law, in the event of a conflict between TxGMS and applicable federal or state law, federal law prevails over state law and state law prevails over TxGMS. 1.2 INTERPRETIVE PROVISIONS A. The meanings of defined terms include the singular and plural forms. B. The words "hereof," "herein," "hereunder," and similar words refer to this Grant Agreement as a whole and not to any particular provision, section, attachment, or schedule of this Grant Agreement unless otherwise specified. C. The term "including" is not limiting and means "including without limitation" and, unless otherwise expressly provided in this Grant Agreement, (i) references to contracts (including this Grant Agreement) and other contractual instruments shall be deemed to include all subsequent Amendments and other modifications, but only to the extent that such Amendments and other modifications are not prohibited by the terms of this Grant Agreement, and (ii) references to any statute or regulation are to be construed as including all statutory and regulatory provisions consolidating, amending, replacing, supplementing, or interpreting the statute or regulation. HHS Uniform Terms and Conditions Grant v 33 Effective November 2023 Page 7 of 28 Attachment D— HHS Uniform Terms and Conditions - Grant, Version DocuSign Envelope ID: 9EF6E9C2-F2F6-4DA9-BBFF-A5961345A3A8 3.3, Effective November 2023 DSHS Contract No. HHS001439500038 D. Any references to agreements, contracts, statutes, or administrative rules or regulations in the Grant Agreement are references to these documents as amended, modified, or supplemented during the term of the Grant Agreement. E. The captions and headings of this Grant Agreement are for convenience of reference only and do not affect the interpretation of this Grant Agreement. F. All attachments, including those incorporated by reference, and any Amendments are considered part of the terms of this Grant Agreement. G. This Grant Agreement may use several different limitations, regulations, or policies to regulate the same or similar matters. All such limitations, regulations, and policies are cumulative. H. Unless otherwise expressly provided, reference to any action of the System Agency or by the System Agency by way of consent, approval, or waiver will be deemed modified by the phrase "in its sole discretion." I. Time is of the essence in this Grant Agreement. J. Prior to execution of the Grant Agreement, Grantee must notify System Agency's designated contact in writing of any ambiguity, conflict, discrepancy, omission, or other error. If Grantee fails to notify the System Agency designated contact of any ambiguity, conflict, discrepancy, omission, or other error in the Grant Agreement prior to Grantee's execution of the Grant Agreement, Grantee: i. Shall have waived any claim of error or ambiguity in the Grant Agreement; and ii. Shall not contest the interpretation by the System Agency of such provision(s). No grantee will be entitled to additional reimbursement, relief, or time by reason of any ambiguity, conflict, discrepancy, exclusionary specification, omission, or other error or its later correction. ARTICLE II. PAYMENT PROVISIONS 2.1 PROMPT PAYMENT Payment shall be made in accordance with Chapter 2251 of the Texas Government Code, commonly known as the Texas Prompt Payment Act. Chapter 2251 of the Texas Government Code shall govern remittance of payment and remedies for late payment and non-payment. 2.2 TAXES Grantee represents and warrants that it shall pay all taxes or similar amounts resulting from the Grant Agreement, including, but not limited to, any federal, State, or local income, sales or excise taxes of Grantee or its employees. System Agency shall not be liable for any taxes resulting from the Grant Agreement. 2.3 ANCILLARY AND TRAVEL EXPENSES A. Except as otherwise provided in the Grant Agreement, no ancillary expenses incurred by the Grantee in connection with its provision of the services or deliverables will be reimbursed by the System Agency. Ancillary expenses include, but are not limited to, costs associated with transportation, delivery, and insurance for each deliverable. B. Except as otherwise provided in the Grant Agreement, when the reimbursement of travel expenses is authorized by the Grant Agreement, all such expenses will be reimbursed in accordance with the rates set by the Texas Comptroller's Textravel guidelines, which can currently be accessed at: https:llfmx.cpa.texas.�ov/fmx/travelltextravel.� HHS Uniform Terms and Conditions — Grant v 3.3 Effective November 2023 Page 8 of 28 Ariachment D— HHS Uniform Terms and Conditions - Grant, Version DocuSign Envelope ID: 9EF6E9C2-F2F6-4DA9-BBFF-A5961345A3A8 3.3, Effective November 2023 DSHS Contract No. HHS001439500038 2.4 BILLING Unless otherwise provided in the Grant Agreement, Grantee shall bill the System Agency in accordance with the Grant Agreement. Unless otherwise specified in the Grant Agreement, Grantee shall submit requests for reimbursement or payment monthly by the last business day of the month following the month in which expenses were incurred or services provided. Grantee shall maintain all documentation that substantiates invoices and make the documentation available to the System Agency upon request. 2.S USE OF FUNDS Grantee shall expend funds under this Grant Agreement only for approved services and for reasonable and allowable expenses directly related to those services. 2.6 USE FOR MATCH PROHIBITED Grantee shall not use funds provided under this Grant Agreement for matching purposes in securing other funding without the written approval of the System Agency. 2.7 PROGRAM INCOvIE Program income refers to gross income directly generated by a supporting activity during the period of performance. Unless otherwise required under the Grant Agreement, Grantee shall use Program Income, as provided in TxGMS, to further the Project, and Grantee shall spend the Program Income on the Project. Grantee shall identify and report Program Income in accordance with the Grant Agreement, applicable law, and any programmatic guidance. Grantee shall expend Program Income during the Grant Agreement term, when earned, and may not carry Program Income forward to any succeeding term. Grantee shall refund Program Income to the System Agency if the Program Income is not expended in the term in which it is earned. The System Agency may base future funding levels, in part, upon Grantee's proficiency in identifying, billing, collecting, and reporting Program Income, and in using Program Income for the purposes and under the conditions specified in this Grant Agreement. 2.8 NONSUPPLANTING Grant funds must be used to supplement existing, new or corresponding programming and related activities. Grant funds may not be used to supplant (replace) existing funds that have been appropriated, allocated, or disbursed for the same purpose. System Agency may conduct Grant monitoring or audits may be conducted to review, among other things, Grantee's compliance with this provision. 2.9 INDIRECT COST RATES The System Agency may acknowledge an indirect cost rate for Grantees that is utilized for all applicable Grant Agreements. For subrecipients receiving federal funds, indirect cost rates will be determined in accordance with applicable law including, but not limited to, 2 CFR 200.414(�. For recipients receiving state funds, indirect costs will be determined in accordance with applicable law including, but not limited to, TxGMS. Grantees funded with blended federal and state funding will be subject to both state and federal requirements when determining indirect costs. In the event of a conflict between TxGMS and applicable federal law or regulation, the provisions of federal law or regulation will apply. Grantee will provide any necessary financial documents to determine the indirect cost rate in accordance with the Uniform Grant Guidance (UGG) and TxGMS. HHS Uniform Terms and Conditions - Grant v 3.3 Effective November 2023 Page 9 of 28 Attachment D— HHS Uniform Terms and Conditions - Grant, Version DocuSign Envelope ID: 9EF6E9C2-F2F6-4DA9-BBFF-A5961345A3A8 3.3, Effective November 2023 DSHS Contract No. HHS001439500038 ARTICLE III. STATE AND FEDERAL FUNDING 3.1 EXCESS OBLIGATIONS PROHIBITED This Grant Agreement is subject to termination or cancellation, without penalty to System Agency, either in whole or in part, subject to the availability and actual receipt by System Agency of state or federal funds. System Agency is a state agency whose authority and appropriations are subject to actions of the Texas Legislature. If System Agency becomes subject to a legislative change, revocation of statutory authority, or lack of appropriated funds that would render either System Agency's or Grantee's delivery or performance under the Grant Agreement impossible or unnecessary, the Grant Agreement will be terminated or cancelled and be deemed null and void. In the event of a termination or cancellation under this Section, System Agency will not be liable to Grantee for any damages that are caused or associated with such termination or cancellation, and System Agency will not be required to give prior notice. Additionally, System Agency will not be liable to Grantee for any remaining unpaid funds under this Grant Agreement at time of termination. 3.2 NO DEBT AGAI�IST THE STATE This Grant Agreement will not be construed as creating any debt by or on behalf of the State of Texas. 3.3 DEBTS AND DELINQUENCIES Grantee agrees that any payments due under the Grant Agreement shall be directly applied towards eliminating any debt or delinquency it has to the State of Texas including, but not limited to, delinquent taxes, delinquent student loan payments, and delinquent child support during the entirety of the Grant Agreement term. 3.4 REFUNDS AND OVERPAYMENTS A. At its sole discretion, the System Agency may (i) withhold all or part of any payments to Grantee to offset overpayments, unallowable or ineligible costs made to the Grantee, or if any required financial status report(s) is not submitted by the due date(s); or (ii) require Grantee to promptly refund or credit - within thirty (30) calendar days of written notice — to System Agency any funds erroneously paid by System Agency which are not expressly authorized under the Grant Agreement. B. "Overpayments" as used in this Section include payments (i) made by the System Agency that exceed the maximum allowable rates; (ii) that are not allowed under applicable laws, rules, or regulations; or (iii) that are otherwise inconsistent with this Grant Agreement, including any unapproved expenditures. Grantee understands and agrees that it shall be liable to the System Agency for any costs disallowed pursuant to financial and compliance audit(s) of funds received under this Grant Agreement. Grantee further understands and agrees that reimbursement of such disallowed costs shall be paid by Grantee from funds which were not provided or otherwise made available to Grantee under this Grant Agreement. ARTICLE IV. ALLOWABLE COSTS AND AUDIT REQUIREMENTS 4.1 ALLOWABLE COSTS A. Allowable Costs are restricted to costs that are authorized under Texas Uniform Grant Management Standards (TxGMS) and applicable state and federal rules and laws. This Grant Agreement is subject to all applicable requirements of TxGMS, including the HHS Uniform Terms and Conditions - Grant v 33 Effective November 2023 Page 10 of 28 DocuSign Envelope ID: 9EF6E9C2-F2F6-4DA9-BBFF-A5961345A3A8 5. Does each member of Applicant/Bidder's Workforce who will use, disclose, create, receive, O Yes transmit or maintain Texas HHS Confidentia) Information have a unique user name O No (account) and private password? Action Plan for Compliance with a Timeline: Compliance Date: 6. Does Applicant/Bidder lock the password after a certain number of failed attempts and Q Yes after 15 minutes of user inactivity in all computing devices that access or store Texas Q No HHS Confidential Information? Action Plan for Compliance with a Timeline: Compliance Date: 7. Does Applicant/Bidder secure, manage and encrypt remote access (including wireless O Yes access) to computer systems containing Texas HHS Confidential Information? (e.g., a formal � No process exists for granting access and validating the need for users to remotely access Texas HHS Confidential Information, and remote access is limited to Authorized Users). Encryption is required for all Texas HHS Confidential lnformation. Additionally, F/P5140-2 validated encryption is required for Health Insurance Portability and Accountability Act (HIPAAJ data, Criminal Justice Information Services (CIISJ data, Internal Revenue Service Federal Tax Information (IRS FTIJ data, and Centers for Medicare & Medicaid Services (CMSJ data. For more information regarding FIP5140-2 encryption products, please refer to: h ttp://csrc. nist. qov/publications/fips Action Plan for Compliance with a Timeline: Compliance Date: 8. Does Applicant/Bidder implement computer security configurations or settings for all � Yes computers and systems that access or store Texas HHS Confidential Information? � No (e.g., non-essential features or services have been removed or disabled to reduce the threat of breach and to limit exploitation opportunities for hackers or intruders, etc.) Action Plan for Compliance with a Timeline: Compliance Date: 9. Does Applicant/Bidder secure physical access to computer, paper, or other systems 0 Yes containing Texas HHS Confidential Information from unauthorized personnel and theft 0 No (e.g., door locks, cable locks, laptops are stored in the trunk of the car instead of the passenger area, etc.)? Action Plan for Compliance with a Timeline: Compliance Date: SPI Version 2.1 (06/2018) Texas HHS System - Data Use Agreement - Attachment 2: Page 9 of 18 SECURITY AND PRIVACY INQUIRY (SPI) DocuSign Envelope ID: 9EF6E9C2-F2F6-4DA9-BBFF-A5961345A3A8 10. Does Applicant/Bidder use encryption products to protect Texas HHS Confidential Information that is transmitted over a public network (e.g., the Internet, WiFi, etc.)? If yes, upon request must provide evidence such as a screen shot or a system report. Encryption is required for all HHS Confidential lnformation. Additionally, F/PS 140-2 validated encryption is required for Health Insurance Portability and Accountobility Act (HIPAA) data, Criminal Justice Information Services (GIS) data, Internal Revenue Service Federal Tax Information (IRS FTIJ data, and Centers for Medicare & Medicaid Services (CMS) data. For more information regarding FIP5140-2 encryption products, please refer to: http://csrc. nist. aov/publications/fips Action Plan for Compliance with a Timeline: 11. Does Applicant/Bidder use encryption products to protect Texas HHS Confidential Information stored on end user devices (e.g., laptops, USBs, tablets, smartphones, external hard drives, desktops, etc.)? If yes, upon request must provide evidence such as a screen shot or a system report. Encryption is required for all Texas HHS Confidential lnformation. Additionally, FIPS 140-2 validated encryption is required for Health Insurance Portability and Accountability Act (HIPAAJ data, Criminal Justice Information Services (GIS) data, Internal Revenue Se�vice Federal Tax Information (IRS FTI) data, and Centers for Medicare & Medicaid Services (CMS) data. For more information regarding FIPS 140-2 encryption products, please refer to: httn://csrc. nist.4ov/publica tions/fips Action Plan for Compliance with a Timeline: 12. Does Applicant/Bidder require Workforce members to formally acknowledge rules outlining their responsibilities for protecting Texas HHS Confidential Information and associated systems containing HHS Confidential Information before their access is provided? Action Plan for Compliance with a Timeline: 13. Is Applicant/Bidder willing to perform or submit to a criminal background check on Authorized Users? Action Plan for Compliance with a Timeline: 14. Does Applicant/Bidder prohibit the access, creation, disclosure, reception, transmission, maintenance, and storage of Texas HHS Confidential Information with a subcontractor (e.g., cloud services, social media, etc.) unless Texas HHS has approved the subcontractor agreement which must include compliance and liability clauses with the same requirements as the Applicant/Bidder? Action Plan for Compliance with a Timeline: SPI Version 2.1 (06/2018) Texas HHS System - Data Use Agreement - Attachment 2: SECURITYAND PRIVACY INQUIRY (SPI) � Yes o No Compliance Date: O Yes Q No Compliance Date: O Yes Q No Compliance Date: Q Yes 0 No Compliance Date: Q Yes Q No Compliance Date: Page 10 of 18 DocuSign Envelope ID: 9EF6E9C2-F2F6-4DA9-BBFF-A5961345A3A8 15. Does Applicant/Bidder keep current on security updates/patches (including firmware, � Yes software and applications) for computing systems that use, disclose, access, create, � No transmit, maintain or store Texas HHS Confidential Information? Action Plan for Compliance with a Timeline: Compliance Date: 16. Do Applicant/Bidder's computing systems that use, disclose, access, create, transmit, �Yes maintain or store Texas HHS Confidential Information contain up-to-date anti- � No malware and antivirus protection? Action Plan for Compliance with a Timeline: Compliance Date: 17. Does the Applicant/Bidder review system security logs on computing systems that access � Yes or store Texas HHS Confidential Information for abnormal activity or security concerns on o No a regular basis? Action Plan for Compliance with a Timeline: Compliance Date: 18. Notwithstanding records retention requirements, does Applicant/Bidder's disposal 0 Yes processes for Texas HHS Confidential Information ensure that Texas HHS Confidential � No Information is destroyed so that it is unreadable or undecipherable? Action Plan for Compliance with a Timeline: Compliance Date: 19. Does the Applicant/Bidder ensure that all public facing websites and mobile � Yes applications containing Texas HHS Confidential Information meet security testing 0 No standards set forth within the Texas Government Code (TGC), Section 2054.516; including requirements for implementing vulnerability and penetration testing and addressing identified vulnerabilities? For more information regarding TGC, Section 2054.516 DATA SECURITV PLAN FOR ONLINE AND MOBILE APPLICATIONS, please refer to: https://lepiscan.com/TX/text/H88/2017 Action Plan for Compliance with a Timeline: Compliance Date: SPI Version 2.1 (06/2018) Texas HHS System - Data Use Agreement -Attachment 2: Page 11 of 18 SECURITY AND PRIVACY INQUIRY (SPI) DocuSign Envelope ID: 9EF6E9C2-F2F6-4DA9-BBFF-A5961345A3A8 • � � � � � • • - • • - • • � • • • • - Please sign the form digitally, if possible. If you can't, provide a handwritten signature. 1. I certify that all of the information provided in this form is truthful and correct to the best of my knowledge. If I learn that any such information was not correct, 1 agree to notify Texas HHS of this immediately. 2. Signature 3. Title . Date: Rachel Dolan oaea'zo24oz 6y 911:55 06'00� Assistant Director 2�6�24 To submit the completed, signed form: • Email the form as an attachment to the appropriate Texas HHS Contract Manager(s). • . . . -• � .. Agency(s): Re uestin De artment s: HHSC: � DFPS: � DSHS: � Legal Entity Tax Identification Number (TIN) (Last four Only): PO/Contract(s) #: Contract Manager: Contract Manager Email Address: Contract Manager Telephone #: Contract Manager: Contract Manager Email Address: Contract Manager Telephone #: Contract Manager: Contract Manager Email Address: Contract Manager Telephone #: Contract Manager: Contract Manager Email Address: Contract Manager Telephone #: Contract Manager: Contract Manager Email Address: Contract Manager Telephone #: Contract Manager: Contract Manager Email Address: Contract Manager Telephone #: Contract Manager: Contract Manager Email Address: Contract Manager Telephone #: Contract Manager: Contract Manager Email Address: Contract Manager Telephone #: SPI VerSion 2.1 (06/2018) Texas HHS System - Data Use Agreement - Attachment 2: Page 12 of 18 SECURITYAND PRIVACY INQUIRY (SPI) DocuSign Envelope ID: 9EF6v, i rcut,g iv v,Brt�rc t.v vir5�c i$vu THE SECURITY AND PRIVACY INQUIRY (SPI) eelow are instructions for Applicants, eidders and Contractors for Texas Health and Human Services requiring the Attachment 2, Security and Privacy Inquiry (SPI) to the Data Use Agreement (DUA). Instruction item numbers below correspond to sections on the SPI form. If you are a bidder for a new procurement/contract, in order to participate in the bidding process, you must have corrected any "No" responses (except A9a) prior to the contract award date. If you are an applicant for an open enrollment, you must have corrected any "No" answers (except A9a and A11) prior to performing any work on behalf of any Texas HHS agency. For any questions answered "No" (except A9a and A11), an Action Plan for Compliance with a Timeline must be documented in the designated area below the question. The timeline for compliance with HIPAA-related requirements for safeguarding Protected Health Information is 30 calendar days from the date this form is signed. Compliance with requirements related to other types of Confidential Information must be confirmed within 90 calendar days from the date the form is signed. SECTION A. APPLICANT /BIDDER INFORMATION Item #1. Only contractors that access, transmit, store, and/or maintain Texas HHS Confidential lnformation will complete and email this form as an attachment to the appropriate Texas HHS Contract Manager. Item #2. Entity orApplicant/Bidder Lega/ Name. Provide the legal name of the business (the name used for legal purposes, like filing a federal or state tax form on behalf of the business, and is not a trade or assumed named "dba"), the legal tax identification number (last four numbers only) of the entity or applicant/bidder, the address of che corporate or main branch of the business, ihe telephone number where the business can be contacted regarding questions related to the information on this form and the website of the business, if a website exists. Item #3. Number of Employees, at all locations, in Applicant/eidder's workforce. Provide the total number of individuals, including volunteers, subcontractors, trainees, and other persons who work for the business. If you are the only employee, please answer "1." Item #4. Number of Subcontractors. Provide the total number of subcontractors working for the business. If you have none, please answer "0" zero. Item #5. Number of unduplicated individuals for whom Applicant/eidder reasonab/y expects to handle HHS Confidential Information during one year. Select the radio button that corresponds with the number of clients/consumers for whom you expect to handle Texas HHS Confidential lnformation during a year. Only count clients/consumers once, no matter how many direct services the client receives durinq a year. Item #S. Name of Information Techno/ogy Security O�cia/ and Name of Privacy Officia/ for Applicant/eidder. As with all other fields on ihe SPI, this is a required field. This may be the same person and the owner of the business if such person has the security and privacy knowledge that is required to implement the requirements of the DUA and respond to questions related to the SPI. ln 4.A. provide the name, address, telephone number, and email address of the person whom you have desiqnated to answer any security questions found in Section C and in 4.8. provide this information for the person whom you have designated as the person io answer any privacy questions found in Section e. The business may contract out for this expertise; however, desiqnated individual(s) must have knowledge of the business's devices, systems and methods for use, disclosure, creation, receipt, transmission and maintenance of Texas HHS Confidential lnformation and be willinq to be the point of contact for privacy and security questions. Item 1t6. Type(s) of HHS Confidential Information the Eniity or Applicant/Bidder Will Create, Receive, Maintain, Use, Disclose or Have Access fo: Provide a complete listing of all Texas HHS Confidential lnformation that the Contractor will create, receive, mainiain, use, disclose or have access to. The DUA section Article 2, Definitions, defines Texas HHS Confidential Information as: "Confidential Information" means any communication or record (whether oral, written, electronically stored or transmitted, or in any other formJ provided to or made available to CONTRACTOR or that CONTRACTOR may create, receive, maintain, use, disclose or have access to on behalf of Texas HHS that consists of or includes any or all of the following: (1J Client Information; (2) Protected Health Information in any form including without limitation, Electronic Protected Health Information or Unsecured Protected Health Information; (3) Sensitive Personal Information defined by Texas Business and Commerce Code Ch. 521; SPI Version 2.1 (06/2018) Texas HHS System - Data Use Agreement - Attachment 2: page 13 of 18 SECURITYAND PRIVACY INQUIRY (SPI) DocuSign Envelope ID: 9EF6E9C2-F2FB-4DA9-BBFF-A5961345A3A8 �4� reaero� i ax mlormar�on; (5) Personally Identifiable Information; (6J Social Security Administration Da[a, including, withoui limitation, Medicaid information; (7) All privileged work product; (8J All information designated as confidential under the constitution and laws of the State of Texas and of the United States, including the Texas Healch & Safety Code and the Texas Public Information Act, Texas Government Code, Chapter 552. Definitions for the following types of confidential information can be found the following sites: • Health Insurance Portability and AccountabilityAct (HIPAAJ - http://www.hhs.pov/hipaa/index.himl • Criminal Justice Information Services (GIS) - https://www.fbi.qov/services/ciis/ciis-security-policy-resource-center • Internal Revenue Service Federal Tax Information (IRS FTI) - https://www.irs.pov/pub/irs-pdf/p1075.pdf • Centers for Medicare & Medicaid Services (CMSJ - https://www.cros.pov/Regulations-and-Guidance/Repulations-and- Guidance.html • Social SecurityAdministration (SSAJ - https://www.ssa.pov/requlations/ • Personally Identifiable Information (Pll) - http://csrc.nist.pov/publications/nisrpubs/800-122/sp800-122.pdf Item 1t7. Number of Storage devices for Texas HHS Confidential Informa[ion. The total number of devices is automatically calculated by exiting the fields in lines a- d. Use ihe <Tab> key when exiting the field to prompt calculation, if ii doesn't otherwise sum correctly. • Item 7a. Devices. Provide the number of personal user computers, devices, and drives (including mobile devices, laptops, USB drives, and external drivesJ on which your business stores or will store Texas HHS Confidential Information. • Item 7b. Servers. Provide the number of servers not housed in a data cenier or "in the cloud," on which Texas HHS Confidential Information is stored or will be scored. A server is a dedicated computer that provides data or services to other computers. It may provide services or data to systems on a local area network (LAN) or a wide area network (WAN) over the Internet. If none, answer "0" (zeroJ. • Item 7c. Cloud Services. Provide the number of cloud services to which Texas HHS Confidential lnformation is stored. Cloud Services involve usinq a network of remote servers hosted on the Internet to store, manage, and process data, rather than on a local server or a personal computer. If none, answer "0" (zero.) • Item 7d. Data Centers. Provide the number of data centers in which you store Texas HHS Confidential lnformation. A Data Center is a centralized repository, either physical or virtual, for the storage, management, and dissemination of data and information organized around a parcicular body of knowledge or pertaining to a particular business. If none, answer "0" (zeroJ. Item #8. Number of unduplicated individuals for whom the Applicant/Bidder reasonab/y expects to handle Texas HHS Confidential lnformation during one year. Select the radio button that corresponds with the number of clients/consumers for whom you expect to handle Confidential Information during a year. Only count clients/consumers once, no matter how many direct services the client receives during a year. Item 1J9. H/PAA Business Associate Agreement. • Item 119a. Answer "Ves" if your business will use, disclose, create, receive, transmit, or store informaiion relating to a client/consumer's healthcare on behalf of the Department of State Healih Services, the Department of Disability and Aginq Services, or the Health and Human Services Commission for treatment, payment, or operation of Medicaid or Medicaid clients. If your contract does not include HIPAA covered information, respond "no." If "no,"a compliance plan is not required. • Item 119b. Answer "Ves" if your business has a notice of privacy practices (a document that explains how you protect and use a client/consumer's healthcare informationJ displayed either on a website (if one exists for your business) or in your place of business (if chat location is open to clienis/consumers or the public). If your contract does not include HIPAA covered information, respond "N/A." Item 1110. Subcontractors. If your business responded "0" to question 4(number of subcontractors), Answer "N/A" to Items 10a and 10b to indicate not applicable. • Item #IOa. Answer "Yes" if your business requires thai all subcontractors sign Attachment 1 of the DUA. • Item #10b. Answer "Yes" if your business obtains Texas HHS approval before permitting subcontractors to handle Texas HHS Confidential Information on your business's behalf. liem l�11. Optional lnsurance. Answer "yes" if applicant has optional insurance in place to provide coverage for a Breach or any Texas HHS System - Data Use Agreement - Attachment 2: pa e 14 of 18 SPI Version 2.1 (06/2018) SECURITYAND PRIVACY INQUIRY (SPI) g DocuSign Envelope ID: 9EF6E9C2-F2FB-4DA9-BBFF-A5961345A3A8 otner situations nstea m tnis quest�on. �l you are not required to have this optional coverage, answer "N/A"A compliance plan is not required. SECTION B. PRIVACY RISK ANALYSIS AND ASSESSMENT Reasonable and appropriate written Privacy and Security policies and procedures are required, even for sole proprietors who are the only employee, to demonstrate how your business will safeguard Texas HHS Confidential Information and respond in the event of a Breach of Texas HHS Confidential Information. To ensure that your business is prepared, all of the items below must be addressed in your written Privacy and Security policies and procedures. Item #1. Answer "Yes" if you have written policies in place for each of the areas (a-o). • Item #la. Answer "yes" if your business has written policies and procedures that identify everyone, including subcontractors, who are authorized to use Texas HHS Confidential Information. The policies and procedures should also identify the reason why these Authorized Users need to access the Texas HHS Confidential Information and this reason must align with the Authorized Purpose described in the Scope of Work or description of services in the Base Contract with the Texas HHS agency. • Item #ib. Answer "Yes" if your business has written policies and procedures that require your employees (including yourself), your volunteers, your trainees, and any other persons whose work you direct, to comply with the requirements of HIPAA, if applicable, and other confidentiality laws as they relate to your handling of Texas HHS Confidential Information. Refer to the laws and rules that apply, including those referenced in the DUA and Scope of Work or description of services in the Base Contract. • Item #ic. Answer "Yes" if your business has written policies and procedures that limit the Texas HHS Confidential Information you disclose to the minimum necessary for your workforce and subcontractors (if applicable) to perform the obligations described in the Scope of Work or service description in the Base Contract. (e.g., if a client/consumer's Social Security Number is not required for a workforce member to perform the obligations described in the Scope of Work or service description in the Base Contract, then the Social Security Number will not be given to them.) If you are the only employee for your business, policies and procedures must not include a request for, or use of, Texas HHS Confidential Information that is not required for performance of the services. • Item #id. Answer "Yes" if your business has written policies and procedures that explain how your business would respond to an actual or suspected breach of Texas HHS Confidential Information. The written policies and procedures, at a minimum, must include the three items below. If any response to the three items below are no, answer "no." o Item #1di. Answer "Yes" if your business has written policies and procedures that require your business to immediately notify Texas HHS, the Texas HHS Agency, regulatory authorities, or other required Individuals or Authorities of a Breach as described in Article 4, Section 4 of the DUA. Refer to Article 4, Section 4.01: Initial Notice of ereath must be provided in accordance with Texas HHS and DUA requirements with as much information as possible about the Event/ereach and a name and contact who will serve as the single point of contact with HHS both on and off business hours. Time frames related to Initial Notice include: • within one hour of Discovery of an Event or Breach of Federal Tax Information, Social Security Administration Data, or Medicaid Client Information • within 24 hours of all other types of Texas HHS Confidential lnformation 48-hour Formal Notite must be provided no later than 48 hours after Discovery for protected health information, sensitive personal information or other non-public information and mus[ include applicable information as referenced in Section 4.01 (C) 2. of the DUA. o Item #1dii. Answer "Yes" if your business has written policies and procedures require you to have and follow a written breach response plan as described in Article 4 Section 4.02 of the DUA. O Item #ldiii. Answer "Yes" if your business has written policies and procedures require you to notify Reporting Authorities and Individuals whose Texas HHS Confidential Information has been breached as described in Article 4 Section 4.03 of the DUA. • Item #le. Answer "Yes" if your business has written policies and procedures requiring annual training of your entire workforce on matters related to confidentiality, privacy, and security, stressing the importance of promptly reporting any Event or Breach, outlines the process that you will use to require attendance and track completion for employees who failed to complete annual training. SPI VerSiOn 2.1 (06/2018) Texas HHS System - Data Use Agreement - Attachment 2: page 15 of 18 SECURITY AND PRIVACY INQUIRY (SPI) DocuSign Envelope ID: 9EF6E9C2-F2FB-4DA9-BBFF-A5961345A3A8 • Item #if. Answer "Yes" if your business has written policies and procedures requiring you to allow individuals (clients/consumers) to access their individual record of Texas HHS Confidential Information, and allow them to amend or correct that information, if applicable. • Item #ig. Answer "Yes" if your business has written policies and procedures restricting access to Texas HHS Confidential Information to only persons who have been authorized and trained on how to handle Texas HHS Confidential Information • Item #1h. Answer "Yes" if your business has written policies and procedures requiring sanctioning of any subcontractor, employee, trainee, volunteer, or anyone whose work you direct when they have accessed Texas HHS Confidential Information but are not authorized to do so, and that you have a method of proving that you have sanctioned such an individuals. If you are the only employee, you must demonstrate how you will document the noncompliance, update policies and procedures if needed, and seek additional training or education to prevent future occurrences. • Item #1i. Answer "Yes" if your business has written policies and procedures requiring you to update your policies within 60 days after you have made changes to how you use or disclose Texas HHS Confidential Information. • Item #ij. Answer "Yes" if your business has written policies and procedures requiring you to restrict attempts to take de-identified data and re-identify it or restrict any subcontractor, employee, trainee, volunteer, or anyone whose work you direct, from contacting any individuals for whom you have Texas HHS Confidential Information except to perform obligations under the contract, or with written permission from Texas HHS. • Item #ik. Answer "Yes" if your business has written policies and procedures prohibiting you from using, disclosing, creating, maintaining, storing or transmitting Texas HHS Confidential Information outside of the United States. • Item #11. Answer "Yes" if your business has written policies and procedures requiring your business to cooperate with HHS agencies or federal regulatory entities for inspections, audits, or investigations related to compliance with the DUA or applicable law. • Item #1m. Answer "Yes" if your business has written policies and procedures requiring your business to use appropriate standards and methods to destroy or dispose of Texas HHS Confidential Information. Policies and procedures should comply with Texas HHS requirements for retention of records and methods of disposal. • Item #in. Answer "Yes" if your business has written policies and procedures prohibiting the publication of the work you created or performed on behalf of Texas HHS pursuant to the DUA, or other Texas HHS Confidential Information, without express prior written approval of the HHS agency. Item #2. Answer "Yes" if your business has a current training program that meets the requirements specified in the SPI for you, your employees, your subcontractors, your volunteers, your trainees, and any other persons under you direct supervision. Item #3. Answer "Yes" if your business has privacy safeguards to protect Texas HHS Confidential Information as described in the SPI. Item #4. Answer "Yes" if your business maintains current lists of persons in your workforce, including subcontractors (if applicable), who are authorized to access Texas HHS Confidential Information. If you are the only person with access to Texas HHS Confidential Information, please answer "yes." Item #5. Answer "Yes" if your business and subcontractors (if applicable) monitor for and remove from the list of Authorized Users, members of the workforce who are terminated or are no longer authorized to handle Texas HHS Confidential Information. If you are the only one with access to Texas HHS Confidential Information, please answer "Yes." SECTION C. SECURITY RISK ANALYSIS AND ASSESSMENT This section is about your electronic systems. If you DO NOT store Texas HHS Confidential Information in electronic systems (e.g., laptop, personal computer, mobile device, database, server, etc.), select the "No Electronic Systems" box and respond "Yes" for all questions in this section. Item #1. Answer "Yes" if your business does not "offshore" or use, disclose, create, receive, transmit or maintain Texas HHS Confidential Information outside of the United States. If you are not certain, contact your provider of technology services (application, cloud, data center, network, etc.) and request confirmation that they do not off- shore their data. SPI Ve�sion 2.1 (06/2018) Texas HHS System - Data Use Agreement - Attachment 2: page 16 of 18 SECURITY AND PRIVACY INQUIRY (SPI) DocuSign Envelope ID: 9EF6E9C2-F2F6-4DA9-BBFF-A5961345A3A8 item �t. Answer "ves" it your business uses a person or company who is knowledgeable in IT security to maintain or oversee the configurations of your business's computing systems and devices. You may be that person, or you may hire someone who can provide that service for you. Item #3. Answer "Yes" if your business monitors and manages access to Texas HHS Confidential Information (i.e., reviews systems to ensure that access is limited to Authorized Users; has formal processes for granting, validating, and reviews the need for remote access to Authorized Users to Texas HHS Confidential Information, etc.). If you are the only employee, answer "Yes" if you have implemented a process to periodically evaluate the need for accessing Texas HHS Confidential Information to fulfill your Authorized Purposes. Item #4. Answer "Yes" if your business has implemented a system for changing the password a system initially assigns to the user (also known as the default password), and requires users to change their passwords at least every 90 days, and prohibits the creation of weak passwords for all computer systems that access or store Texas HHS Confidential Information (e.g., a strong password has a minimum of 8 characters with a combination of uppercase, lowercase, special characters, and numbers, where possible). If your business uses a Microsoft Windows system, refer to the Microsoft website on how to do this, see example: https://docs. microsoft. com/en-us/windows/securitv/threat-protection/security-policy-settinqs/password-policy Item #5. Answer "Yes" if your business assigns a unique user name and private password to each of your employees, your subcontractors, your volunteers, your trainees and any other persons under your direct control who will use, disclose, create, receive, transmit or maintain Texas HHS Confidential Information. Item #6. Answer "Yes" if your business locks the access after a certain number of failed attempts to login and after 15 minutes of user inactivity on all computing devices that access or store Texas H H 5 Confidential Information. If your business uses a Microsoft Windows system, refer to the Microsoft website on how to do this, see example: https://docs.microsoft. com/en-us/windows/security/threat-protection/security-policy-settinps/account-lockout-policy Item #7. Answer "Yes" if your business secures, manages, and encrypts remote access, such as: using Virtual Private Network (VPN) software on your home computer to access Texas HHS Confidential Information that resides on a computer system at a business location or, if you use wireless, ensuring that the wireless is secured using a password code. If you do not access systems remotely or over wireless, answer "Yes." Item #8. Answer "Yes" if your business updates the computer security settings for all your computers and electronic systems that access or store Texas HHS Confidential Information to prevent hacking or breaches (e.g., non-essential features or services have been removed or disabled to reduce the threat of breach and to limit opportunities for hackers or intruders to access your system). For example, Microsoft's Windows security checklist: h ttps://docs. microsoft. com/en-us/windo ws/securitV/threat-protection/securitY-policy-settinqs/ho w-to-confiqure-security-policy-settin ps Item #9. Answer "Yes" if your business secures physical access to computer, paper, or other systems containing Texas HHS Confidential Information from unauthorized personnel and theft (e.g., door locks, cable locks, laptops are stored in the trunk of the car instead of the passenger area, etc.). If you are the only employee and use these practices for your business, answer "Yes." Item #10. Answer "Yes" if your business uses encryption products to protect Texas HHS Confidential Information that is transmitted over a public network (e.g., the Internet, WIFI, etc.) or that is stored on a computer system that is physically or electronically accessible to the public (FIPS 140-2 validated encryption is required for Health Insurance Portability and Accountability Act (HIPAA) data, Criminal Justice Information Services (GIS) data, Internal Revenue Service Federal Tax Information (IRS FTI) data, and Centers for Medicare & Medicaid Services (CMS) data.) For more information regarding FIPS 140-2 encryption products, please refer to: http://csrc.nist.pov/publications/fips). Item #11. Answer "Yes" if your business stores Texas HHS Confidential Information on encrypted end-user electronic devices (e.g., laptops, USBs, tablets, smartphones, external hard drives, desktops, etc.) and can produce evidence of the encryption, such as, a screen shot or a system report (FIPS 140-2 encryption is required for Health Insurance Portability and Accountability Act (HIPAA) data, Criminal Justice Information Services (GIS) data, Internal Revenue Service Federal Tax Information (IRS FTI) data, and Centers for Medicare & Medicaid Services (CMS) data). For more information regarding FIPS 140-2 validated encryption products, please refer to: http://csrc.nist.qov/publications/fips). If you do not utilize end-user electronic devices for storing Texas HHS Confidential Information, answer "Yes." SPI Version 2.1 (06/2018) Texas HHS System - Data Use Agreement - Attachment 2: Page 17 of 18 SECURITY AND PRIVACY INQUIRY (SPI) DocuSign Envelope ID: 9EF6E9C2-F2FB-4DA9-BBFF-A5961345A3A8 Item #12. Answer "Yes" if your business requires employees, volunteers, trainees and other workforce members to sign a document that clearly outlines their responsibilities for protecting Texas HHS Confidential Information and associated systems containing Texas HHS Confidential Information before they can obtain access. If you are the only employee answer "Yes" if you have signed or are willing to sign the DUA, acknowledging your adherence to requirements and responsibilities. Item #13. Answer "Yes" if your business is willing to perform a criminal background check on employees, subcontractors, volunteers, or trainees who access Texas HHS Confidential Information. If you are the only employee, answer "Yes" if you are willing to submit to a background check. Item #14. Answer "Yes" if your business prohibits the access, creation, disclosure, reception, transmission, maintenance, and storage of Texas HHS Confidential Information on Cloud Services or social media sites if you use such services or sites, and there is a Texas HHS approved subcontractor agreement that includes compliance and liability clauses with the same requirements as the Applicant/Bidder. If you do not utilize Cloud Services or media sites for storing Texas HHS Confidential Information, answer "Yes." Item #15. Answer "Yes" if your business keeps current on security updates/patches (including firmware, software and applications) for computing systems that use, disclose, access, create, transmit, maintain or store Texas HHS Confidential Information. If you use a Microsoft Windows system, refer to the Microsoft website on how to ensure your system is automatically updating, see example: https://portal.msrc. microsoft. eom/en-us/ Item #16. Answer "Yes" if your business's computing systems that use, disclose, access, create, transmit, maintain or store Texas HHS Confidential Information contain up-to-date anti-malware and antivirus protection. If you use a Microsoft Windows system, refer to the Microsoft website on how to ensure your system is automatically updating, see example: https://docs.microsoft. com/en-us/windows/security/threat-protecrion/ Item #17. Answer "Yes" if your business reviews system security logs on computing systems that access or store Texas HHS Confidential Information for abnormal activity or security concerns on a regular basis. If you use a Microsoft Windows system, refer to the Microsoft website for ensuring your system is logging security events, see example: https://docs. microsoft. com/en-us/windows/securitv/threat-protection/auditinp/basic-securitv-audit-policies Item #18. Answer "Yes" if your business disposal processes for Texas HHS Confidential Information ensures that Texas HHS Confidential Information is destroyed so that it is unreadable or undecipherable. Simply deleting data or formatting the hard drive is not enough; ensure you use products that perform a secure disk wipe. Please see NIST SP 800-88 R1, Guidelines for Media Sanitization and the applicable laws and regulations for the information type for further guidance. Item #19. Answer "Yes" if your business ensures that all public facing websites and mobile applications containing HHS Confidential Information meet security testing standards set forth within the Texas Government Code (TGC), Section 2054.516 SECTION D. SIGNATURE AND SUBMISSION Click on the signature area to digitally sign the document. Email the form as an attachment to the appropriate Texas HHS Contract Manager. SPI Version 2.1 (06/2018) Texas HHS System - Data Use Agreement - Attachment 2: Page 18 of 18 SECURITYAND PRIVACY INQUIRY (SPI) DocuSign Envelope ID: 9EF6E9C2-F2FB-4DA9-BBFF-A5961345A3A8 Attachment F— Federal Assurances — Non-Construction Programs DSHS Contract No. HHS001439500038 DocuSign Envelope ID: 9EF6E9C2-F2FB-4DA9-BBFF-A5961345A3A8 OMB Number: 4040-0007 Expiration Date: 02/28/2025 ASSURANCES - NON-CONSTRUCTION PROGRAMS Public reporting burden for this collection of information is estimated to average 15 minutes per response, including time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing the collection of information. Send comments regarding the burden estimate or any other aspect of this collection of information, including suggestions for reducing this burden, to the Office of Management and Budget, Paperwork Reduction Project (0348-0040), Washington, DC 20503. PLEASE DO NOT RETURN YOUR COMPLETED FORM TO THE OFFICE OF MANAGEMENT AND BUDGET. SEND IT TO THE ADDRESS PROVIDED BY THE SPONSORING AGENCY. NOTE: Certain of these assurances may not be applicable to your project or program. If you have questions, please contact the awarding agency. Further, certain Federal awarding agencies may require applicants to certify to additional assurances. If such is the case, you will be notified. As the duly authorized representative of the applicant, � certify that the applicant: 1. Has the legal authority to apply for Federal assistance and the institutional, managerial and financial capability (including funds sufficient to pay the non-Federal share of project cost) to ensure proper planning, management and completion of the project described in this application. 2. Will give the awarding agency, the Comptroller General of the United States and, if appropriate, the State, through any authorized representative, access to and the right to examine all records, books, papers, or documents related to the award; and will establish a proper accounting system in accordance with generally accepted accounting standards or agency directives. 3. Will establish safeguards to prohibit employees from using their positions for a purpose that constitutes or presents the appearance of personal or organizational conflict of interest, or personal gain. 4. Will initiate and complete the work within the applicable time frame after receipt of approval of the awarding agency. Act of 1973, as amended (29 U.S.C. §794), which prohibits discrimination on the basis of handicaps; (d) the Age Discrimination Act of 1975, as amended (42 U. S.C. §§6101-6107), which prohibits discrimination on the basis of age; (e) the Drug Abuse Office and Treatment Act of 1972 (P.L. 92-255), as amended, relating to nondiscrimination on the basis of drug abuse; (� the Comprehensive Alcohol Abuse and Alcoholism Prevention, Treatment and Rehabilitation Act of 1970 (P.L. 91-616), as amended, relating to nondiscrimination on the basis of alcohol abuse or alcoholism; (g) §§523 and 527 of the Public Health Service Act of 1912 (42 U.S.C. §§290 dd-3 and 290 ee- 3), as amended, relating to confidentiality of alcohol and drug abuse patient records; (h) Title VIII of the Civil Rights Act of 1968 (42 U.S.C. §§3601 et seq.), as amended, relating to nondiscrimination in the sale, rental or financing of housing; (i) any other nondiscrimination provisions in the specific statute(s) under which application for Federal assistance is being made; and, Q) the requirements of any other nondiscrimination statute(s) which may apply to the application. 5. Will comply with the Intergovernmental Personnel Act of 1970 (42 U.S.C. §§4728-4763) relating to prescribed standards for merit systems for programs funded under one of the 19 statutes or regulations specified in Appendix A of OPM's Standards for a Merit System of Personnel Administration (5 C.F.R. 900, Subpart F). 6. Will comply with all Federal statutes relating to nondiscrimination. These include but are not limited to: (a) Title VI of the Civil Rights Act of 1964 (P.L. 88-352) which prohibits discrimination on the basis of race, color or national origin; (b) Title IX of the Education Amendments of 1972, as amended (20 U.S.C.§§1681- 1683, and 1685-1686), which prohibits discrimination on the basis of sex; (c) Section 504 of the Rehabilitation Will comply, or has already complied, with the requirements of Titles II and III of the Uniform Relocation Assistance and Real Property Acquisition Policies Act of 1970 (P.L. 91-646) which provide for fair and equitable treatment of persons displaced or whose property is acquired as a result of Federal or federally-assisted programs. These requirements apply to all interests in real property acquired for project purposes regardless of Federal participation in purchases. 8. Will comply, as applicable, with provisions of the Hatch Act (5 U.S.C. §§1501-1508 and 7324-7328) which limit the political activities of employees whose principal employment activities are funded in whole or in part with Federal funds. Previous Edkion Usable Standard Form 4248 (Rev. 7-97) Authorized for Local Reproduction Prescribed by OMB Circular A-1o2 DocuSign Envelope ID: 9EF6E9C2-F2FB-4DA9-BBFF-A5961345A3A8 g. Will comply, as applicable, with the provisions of the Davis- 13. Will assist the awarding agency in assuring compliance Bacon Act (40 U.S.C. §§276a to 276a-7), the Copeland Act with Section 106 of the National Historic Preservation (40 U.S.C. §276c and 18 U.S.C. §874), and the Contract Act of 1966, as amended (16 U.S.C. §470), EO 11593 Work Hours and Safety Standards Act (40 U.S.C. §§327- (identification and protection of historic properties), and 333), regarding labor standards for federally-assisted the Archaeological and Historic Preservation Act of construction subagreements. 1974 (16 U.S.C. §§469a-1 et seq.). 10. Will comply, if applicable, with flood insurance purchase requirements of Section 102(a) of the Flood Disaster Protection Act of 1973 (P.L. 93-234) which requires recipients in a special flood hazard area to participate in the program and to purchase flood insurance if the total cost of insurable construction and acquisition is $10,000 or more. 11. Will comply with environmental standards which may be prescribed pursuant to the following: (a) institution of environmental quality control measures under the National Environmental Policy Act of 1969 (P.L. 91-190) and Executive Order (EO) 11514; (b) notification of violating facilities pursuant to EO 11738; (c) protection of wetlands pursuant to EO 11990; (d) evaluation of flood hazards in floodplains in accordance with EO 11988; (e) assurance of project consistency with the approved State management program developed under the Coastal Zone Management Act of 1972 (16 U.S.C. §§1451 et seq.); (� conformity of Federal actions to State (Clean Air) Implementation Plans under Section 176(c) of the Clean Air Act of 1955, as amended (42 U.S.C. §§7401 et seq.); (g) protection of underground sources of drinking water under the Safe Drinking Water Act of 1974, as amended (P.L. 93-523); and, (h) protection of endangered species under the Endangered Species Act of 1973, as amended (P.L. 93- 205). 12. Will comply with the Wild and Scenic Rivers Act of 1968 (16 U.S.C. §§1271 et seq.) related to protecting components or potential components of the national wild and scenic rivers system. 14. Will comply with P.L. 93-348 regarding the protection of human subjects involved in research, development, and related activities supported by this award of assistance. 15. Will comply with the Laboratory Animal Welfare Act of 1966 (P.L. 89-544, as amended, 7 U.S.C. §§2131 et seq.) pertaining to the care, handling, and treatment of warm blooded animals held for research, teaching, or other activities supported by this award of assistance. 16. Will comply with the Lead-Based Paint Poisoning Prevention Act (42 U.S.C. §§4801 et seq.) which prohibits the use of lead-based paint in construction or rehabilitation of residence structures. 17. Will cause to be performed the required financial and compliance audits in accordance with the Single Audit Act Amendments of 1996 and OMB Circular No. A-133, "Audits of States, Local Governments, and Non-Profit Organizations." 18. Will comply with all applicable requirements of all other Federal laws, executive orders, regulations, and policies governing this program. 19. Will comply with the requirements of Section 106(g) of the Trafficking Victims Protection Act (NPA) of 2000, as amended (22 U.S.C. 7104) which prohibits grant award recipients or a sub-recipient from (1) Engaging in severe forms of trafficking in persons during the period of time that the award is in effect (2) Procuring a commercial sex act during the period of time that the award is in effect or (3) Using forced labor in the performance of the award or subawards under the award. Standard Fortn 4248 (Rev. 7-97) Back DocuSign Envelope ID: 9EF6E9C2-F2F6-4DA9-BBFF-A5961345A3A8 Attachment G— Certification Regarding Lobbying DSHS Contract No. HHS001439500038 DocuSign Envelope ID: 9EF6E9C2-F2FB-4DA9-BBFF-A5961345A3A8 CERTIFICATION REGARDING LOBBYING Certification for Contracts, Grants, Loans, and Cooperative Agreements The undersigned certifies, to the best of his or her knowledge and belief, that: (1) No Federal appropriated funds have been paid or will be paid, by or on behalf of the undersigned, to any person for influencing or attempting to influence an officer or employee of an agency, a Member of Congress, an officer or employee of Congress, or an employee of a Member of Congress in connection with the awarding of any Federal contract, the making of any Federal grant, the making of any Federal loan, the entering into of any cooperative agreement, and the extension, continuation, renewal, amendment, or modification of any Federal contract, grant, loan, or cooperative agreement. (2) If any funds other than Federal appropriated funds have been paid or will be paid to any person for influencing or attempting to influence an officer or employee of any agency, a Member of Congress, an officer or employee of Congress, or an employee of a Member of Congress in connection with this Federal contract, grant, loan, or cooperative agreement, the undersigned shall complete and submit Standard Form-LLL, "Disclosure of Lobbying Activities," in accordance with its instructions. (3) The undersigned shall require that the language of this certification be included in the award documents for all subawards at all tiers (including subcontracts, subgrants, and contracts under grants, loans, and cooperative agreements) and that all subrecipients shall certify and disclose accordingly. This certification is a material representation of fact upon which reliance was placed when this transaction was made or entered into. Submission of this certification is a prerequisite for making or entering into this transaction imposed by section 1352, title 31, U.S. Code. Any person who fails to file the required certification shall be subject to a civil penalty of not less than $10,000 and not more than $100,000 for each such failure. Statement for Loan Guarantees and Loan Insurance The undersigned states, to the best of his or her knowledge and belief, that: If any funds have been paid or will be paid to any person for influencing or attempting to influence an officer or employee of any agency, a Member of Congress, an officer or employee of Congress, or an employee of a Member of Congress in connection with this commitment providing for the United States to insure or guarantee a loan, the undersigned shall complete and submit Standard Form-LLL, "Disclosure of Lobbying Activities," in accordance with its instructions. Submission of this statement is a prerequisite for making or entering into this transaction imposed by section 1352, title 31, U.S. Code. Any person who fails to file the required statement shall be subject to a civil penalty of not less than $10,000 and not more than $100.000 for each such failure. ' APPLICANT'S ORGANIZATION * PRINTED NAME AND TITLE OF AUTHORIZED REPRESENTATIVE Prefix: ' First Name: Middle Name: * Last Name: Suffix: � ' Title: ' SIGNATURE: ' DATE: Attachment H- Federal Funding Accountability and Transparency Act (FFATA) DocuSign Envelope ID: 9EF6E9C2-F2F6-4DA9-BBFF-A5961345A3A8 Certification Form DSHS Contract No. HHS001439500038 '+� TEXAS TexasDe rtmentot5tate `�, Health and Human � Services Health Services Fiscal Federal Funding Accountability and Transparency Act (FFATA) The certifications enumerated below represent material facts upon which DSHS relies when reporting information to the federal government required under federal law. If the Department later determines that the Contractor knowingly rendered an erroneous certification, DSHS may pursue all available remedies in accordance with Texas and U.S. law. Signor further agrees that it will provide immediate written notice to DSHS if at any time Signor learns that any of the certifications provided for below were erroneous when submitted or have since become erroneous by reason of changed circumstances. If the Signor cannot certify al/ of the statements contained in this section, Signor must provide written notice to DSHS detailing which of the be/ow statements it cannot certify and why. Legal Name of Contractor: FFATA Contact: (Name, Email and Phone Number): Primary Address of Contractor: Zip Code: 9-digits required www.usos.com Unique Entity ID (UEI): This number replaces the DUNS State of Texas Comptroller Vendor ldentification Number www.sam.aov (VIN) - 14 digits: Printed Name of Authorized Representative: Signature of Authorized Representative Gloria Diaz Title of Authorized Representative Date Signed Department of State Health Services Form 4734 - April 2022 Contract Management Section Attachment H- Federal Funding Accountability and Transparency Act (FFATA) DocuSign Envelope ID: 9EF6E9C2-F2FB-4DA9-BBFF-A5961345A3A8 Certification Form DSHS Contract No. HHS001439500038 Fiscal Federal Funding Accountability and Transparency Act (FFATA) CERTIFICATION As the duly authorized representative (Signor) of the Contractor, I hereby certify that the statements made by me in this certification form are true, complete, and correct to the best of my knowledge. Did your organization have a gross income, from all sources, of less than $300,000 in your previous tax year? Yes No If your answer is "Yes", skip questions "A", "B", and "C" and finish the certification. If your answer is "No", answer questions "A" and "B". A. Certification Regarding % of Annual Gross from Federal Awards. Did your organization receive 80% or more of its annual gross revenue from federal awards during the preceding fiscal year? Yes � No � B. Certification Regarding Amount of Annual Gross from Federal Awards. Did your organization receive $25 million or more in annual gross revenues from federal awards in the preceding fiscal year? Yes � No � If your answer is "Yes" to both question "A" and "B", you must answer question "C". If your answer is "No" to either question "A" or "B", skip question "C" and finish the certification. C. Certification Regarding Public Access to Compensation Information. Does the public have access to information about the compensation of the senior executives in your business or organization (including parent organization, all branches, and all affiliates worldwide) through periodic reports filed under section 13(a) or 15(d) of the Securities Exchange Act of 1934 (15 U.S.C. 78m(a), 78o(d)) or section 6104 of the Internal Revenue Code of 1986? Yes � No � If your answer is "Yes" to this question, where can this information be accessed? If your answer is "No" to this question, you must provide the names and total compensation of the top five highly compensated officers below. Provide compensation information here: Department of State Health Services Form 4734 — April 2022 Contract Management Section DocuSign Certificate Of Completion Envelopeld:9EF6E9C2F2FB4DA96BFFA5961345A3A8 Subject: Please DocuSign: HHS001439500038; City of Lubbock; Base Contract; CPS-PHEP Source Envelope: Document Pages: 100 Signatures: 0 Certificate Pages: 2 Initials: 0 AutoNav: Enabled Envelopeld Stamping: Enabled Time Zone: (UTC-06:00) Central Time (US & Canada) Record Tracking Status: Originai 4/2/2024 10:05:40 AM Holder: CMS Intemal Routing Mailbox CMS.I nternalRouting@dshs.texas.gov Signer Events Gloria Diaz gdiaz@mylubbock.us Security Level: Email, Account Authentication (None) Electronic Record and Signature Disclosure: Not Offered via DocuSign Mayor Tray Payne traypayne@mylubbock. us Security Level: Email, Account AuthenGcation (None) Electronic Record and Signature Disclosure: Not Offered via DocuSign Beverly Taytor Beverly. Taylor@dshs.texas.gov Security Level: Email, Account Authentication (None) Electronic Record and Signature Disclosure: Not Offered via DocuSign Jonah Wilczynski jonah.wilczynski@dshs.texas.gov Security Level: Email, Account Authen6cation (None) Electronic Record and Signature Disclosure: Not Offered via DocuSign Patty Melchior Patty. Melchior@dshs.texas.gov Security Level: Email, Account Authentication (None) Electronic Record and Signature Disclosure: Not Offered via DocuSign Dave Gruber Dave.Gruber@dshs.texas.gov Security Level: Email, Account Authentication (None) Electronic Record and Signature Disclosure: Not Offered via DocuSign Signature Status: Sent Envelope Originator: CMS Internal Routing Mailbox 11493 Sunset Hills Road #100 Reston, VA 20190 CMS.Internal Routing@dshs.texas.gov IP Address: 160.42211.65 Location: DocuSign Timestamp Sent: 4/2/2024 10:12:39 AM Viewed: 4/2/2024 10:55:49 AM In Person Signer Events Signature Timestamp Editor Delivery Events Agent Delivery Events Intermediary Delivery Events Certified Delivery Events Carbon Copy Events Rachel Dolan rdolan@mylubbock.us Security Level: Email, Account Authentication (None) Electronic Record and Signature Disclosure: Not Offered via DocuSign CMS Internal Routing Mailbox CM S.I nternal Routing@dshs.texas. gov Security Level: Email, Account Authentication (None) Electronic Record and Signature Disclosure: Not Offered via DocuSign Witness Events Notary Events Envelope Summary Events Envelope Sent Payment Events Status Status Status Status Status COPIED Signature Signature Status Hashed/Encrypted Status Timestamp Timestamp Timestamp Timestamp Timestamp Sent: 4/2/2024 10:12:40 AM Timestamp Timestamp Timestamps 4/2/2024 10:12:40 AM Timestamps