No preview available
HomeMy WebLinkAboutC24-218 Illuminate Colorado Family Connects 1 FAMILY CONNECTS INTERNATIONAL SITE LICENSING AGREEMENT This Family Connects International Site Licensing Agreement (hereinafter, “Agreement”) is made and entered into on the date of full execution, by and between Eagle County, Colorado (hereinafter, “AGENCY”) and Family Connects International (hereinafter, “CONTRACTOR”). AGENCY and CONTRACTOR may be referred to as “Party” or “Parties” throughout this Agreement. WHEREAS, this Agreement is entered into in connection with that certain Family Connects Master Program Agreement, dated effective as of January 1, 2023, between CONTRACTOR and Illuminate Colorado Inc. (“ILLUMINATE”), and a Family Connects Site Program Agreement for Services in Eagle County, Colorado (the “Community”) between AGENCY and ILLUMINATE, and sets forth the agreement between AGENCY and CONTRACTOR with respect to AGENCY’s provision of the Family Connects Evidence-Based Model (the “FC Program”) in the Community. NOW, THEREFORE, for good and valuable consideration, the receipt and sufficient of which are hereby acknowledged, the Parties hereby agree as follows: I.Period of Performance This Agreement will commence on the date first set forth above and will remain in effect until terminated. II.Terminations Termination of this Agreement, in whole or in part, requires sixty (60) days’ prior written notice from the Party requesting the termination, pursuant to the notice requirements stipulated in this Agreement. III. Warranties a.Standard. CONTRACTOR warrants that the Services as performed by its employees, agents, and subcontractors shall be performed or provided in a professional manner in accordance with industry standards and practice, and in compliance with all applicable laws and regulations, including but not limited to all applicable licensing requirements, if any. CONTRACTOR further warrants that the qualifications of its employees, agents, and subcontractors, as represented to AGENCY, are true and correct. b.Responsibility. CONTRACTOR and AGENCY shall each be individually responsible for any and all liability resulting or arising from the acts and/or omissions of their respective employees, officers, directors, agents, and subcontractors. The Parties agree that neither Party shall be liable for any liability resulting from the acts and/or omissions of the other Party’s employees, officers, directors, agents, and subcontractors. c.Right to Use. CONTRACTOR warrants that: (i) CONTRACTOR’s exercise of any and all rights in the Products (as such term is defined in Section IV) granted herein does not infringe upon or misappropriate any third party’s copyright, patent, trade secret, or other intellectual property rights, or any right of publicity or privacy; (ii) the Products are and shall be original work developed by CONTRACTOR, its employees, agents, and/or subcontractors, except as to third-party rights that have been identified and licensed in accordance with applicable law; and (iii) the Products, to CONTRACTOR’s knowledge, are not subject to any pending or threatened challenge or claim to the contrary of the representations under (i) or (ii) immediately above. IV. Protected Works DocuSign Envelope ID: 96F4754F-0E73-44D6-AE45-22B03D87ABCA 2 a.Products. As used in this Agreement, “Products” shall mean the FC Program, any and all works of authorship created or developed prior to or pursuant to this Agreement by CONTRACTOR, or any of its agents, representatives, or subcontractors, Protected Works, and any and all other Existing Works, whether in text, video, illustration, compilation, software, and/or any other medium or format. CONTRACTOR and its licensors are and will be the sole and exclusive owners of all right, title, and interest in and to such Products, including all copyrights and other intellectual property rights therein. b.Existing Works. CONTRACTOR and its licensors shall hold and retain all intellectual property rights, including, but not limited to, copyrights, trademarks, and “moral rights” (as such term is typically understood under intellectual property law), in all intellectual property, or other property created by CONTRACTOR and its licensors prior to the execution of this Agreement but that may be used to fulfill contractual obligations defined herein (hereinafter, “Existing Works”). c.License to AGENCY. CONTRACTOR hereby grants AGENCY a nonexclusive, royalty-free license to use the Products for the purposes of this Agreement, to administer the FC Program to the Community, and to the extent otherwise necessary to enable AGENCY to make reasonable use of the Products and the Services. V. Intellectual Property of CONTRACTOR CONTRACTOR will, in the course of fulfilling the contractual obligations herein, use and disclose Products and other designated protected works and processes for the sole purpose and use of AGENCY in design and implementation of a locally administered FC Program (“Protected Works”), as discussed in Section IV above. Such materials designed as Protected Works are for sole use of AGENCY. AGENCY acknowledges that such Protected Works are not to be distributed electronically, or in print, to parties other than those designated by CONTRACTOR in writing. Print copies of training materials are only to be distributed to designated AGENCY employees, officers, directors, agents, contractors and subcontractors (collectively, “Representatives”) for use during the period of the scope of work and for independent practice purposes in support of ongoing program certification. VI.Data Use, Confidentiality and Security a.Confidentiality. Each Party shall comply with all applicable federal, state, and local laws and regulations pertaining to confidentiality, privacy, and security of any and all information received or produced by a Party as a result of this Agreement. b.Health Information. Any and all medical, mental, or physical health information identifiable to an individual, whether it be an adult or child, received by, or disclosed to, a Party as a result of this Agreement shall be kept confidential and shall not be used or disclosed, by any means or manner, except as permitted by applicable law and, where permitted by law, such use or disclosure shall be undertaken in strict adherence to such Party’s policies. In no circumstance shall a Party’s policies regarding such information’s use or disclosure be any less restrictive than the rules and regulations otherwise applicable to such Party set forth under federal, state, or local laws or regulations, including, but not limited to, the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).. c.Exchange of Confidential Information. In connection with this Agreement, each Party may receive, review, or otherwise have access to proprietary and/or confidential information or materials of the other Party, including, but not limited to, information or materials regarding children, youth, or families, such as names, addresses, physical health, and mental health data about an individual, family history DocuSign Envelope ID: 96F4754F-0E73-44D6-AE45-22B03D87ABCA 3 and like information, case files, reports, financial information, or other data furnished, prepared, assembled, or used by or in furtherance of implementation of the FC Program (collectively, “Confidential Information”). Each Party warrants and agrees to hold all Confidential Information in strict confidence and to not use or share any Confidential Information with any third- party without prior written approval by the party who disclosed such Confidential Information, except: (i) as and to the extent required by law; (ii) each Party may share any Confidential Information with its Representatives with a need to know such information in connection with this Agreement (provided that any such Representative is subject to confidentiality obligations similar to those contained in this Agreement); and (iii) each Party may use any Confidential Information as necessary to administer the FC Program to the Community, in each case in compliance with all applicable federal, state, and local statutes, rules, and regulations. In the event that the Confidential Information contains social security numbers or other personally identifying information, each Party shall utilize best practice methods (e.g., encryption of electronic records where feasible, and/or manual redaction) to protect the confidentiality of such information. In addition to attestation of best practice, each Party agrees to sign and abide by the BAA(s) to which it is party. In furtherance of the foregoing, CONTRACTOR and AGENCY shall execute a BAA in the form attached hereto as Attachment D in connection with executing this Agreement. d.Data Security. Notwithstanding any section of this Agreement, each Party remains exclusively responsible for establishing operating procedures, appropriate access and permissions, and audit controls, supervising its Representatives, providing adequate network security for its own networks, providing virus protection on its systems, inputting data, ensuring the accuracy and security of data input and data output, monitoring the accuracy of information obtained, and managing the use of information and data obtained. Each Party will ensure that its Representatives are, at all times, educated and trained in the proper use and operation of data systems utilized by such Party in relation to the deliverables of this Agreement, and the required data and information security required pursuant to this Agreement, any related agreement, or under any applicable rule or regulation governing such data or information, its collection, storage, and dissemination. e.Program Reporting and Evaluation. In connection with this Agreement, AGENCY agrees to participate in ongoing cross-site evaluation of FC Program performance and impact. Upon AGENCY initiation of any FC clinical services, AGENCY shall be required to submit standard quarterly reports to CONTRACTOR reporting core implementation metrics, and a standard limited data set related to FC Program operations and service delivery outcomes, per CONTRACTOR guidelines for such submission. AGENCY authorizes CONTRACTOR to use data collected through this evaluation activity for internal quality improvement practices and potential professional presentations or publications. CONTRACTOR agrees to provide AGENCY regular updates related to evaluation activities and to ensure adequate AGENCY review of articles intended for release to the public or publication in peer reviewed journals which utilized AGENCY evaluation activity data. If AGENCY wishes to conduct their own independent evaluation of FC Program implementation and/or impact, AGENCY agrees to complete a formal evaluation application for review and approval by CONTRACTOR. AGENCY agrees not to proceed with such formal evaluation until CONTRACTOR approval is obtained. AGENCY agrees not to begin participant enrollment in an impact evaluation study until after AGENCY has achieved formal site certification from CONTRACTOR. f.Salesforce. The Parties acknowledge and agree that, by executing this Agreement, AGENCY is also agreeing to be bound by the terms and restrictions of CONTRACTOR’s Master Subscription Agreement DocuSign Envelope ID: 96F4754F-0E73-44D6-AE45-22B03D87ABCA 4 (hereinafter, “MSA”) with Salesforce.Org (hereinafter, “Salesforce”), which CONTRACTOR utilizes for data collection and processing relative to the FC Program. By entering into this Agreement, and any related BAA, as referenced in paragraph “c” above, and to ensure that the FC Program is properly implemented, CONTRACTOR may assign to, or provide for purchase by, AGENCY a license to access and utilize the Salesforce system. If such license is granted to AGENCY, AGENCY understands and agrees that in order to be granted access to the Salesforce system via a license, AGENCY shall be subject to the provisions of CONTRACTOR’s MSA as to the usage, terms and restrictions governing access and use of the Salesforce system. The terms and conditions applicable to AGENCY under such MSA shall be provided to AGENCY prior to, or at the time of, the issuance of such licenses. AGENCY’s agreement to be bound by the MSA terms and conditions shall be in addition to any BAA entered into between CONTRACTOR and AGENCY. AGENCY shall execute a separate acceptance of such terms and conditions of being issued a license in the form attached hereto as Attachments B and C. In the event that CONTRACTOR uses any platform other than Salesforce for data collection and processing relative to the FC Program, CONTRACTOR shall grant AGENCY access to such platform on terms and conditions no less favorable than those set forth herein, on Attachments B and C. If a Salesforce license is granted or provided to AGENCY by CONTRACTOR, AGENCY understands that any breach of the MSA terms and conditions shall be deemed a breach of this Agreement. Any AGENCY breach of the MSA terms and conditions by a Party shall be deemed a breach of this Agreement. VII.Assignment Neither Party shall have the ability to assign this Agreement, or its interest therein, without the other Party’s prior written consent. Any purported assignment in violation of this Section shall be null and void. This Agreement is binding upon and inures to the benefit of the Parties and their successors and permitted assignees. VIII.RESERVED. IX.Legal Fees Should any litigation, arbitration, mediation, or other legal proceeding be commenced concerning this Agreement, the Party prevailing in such proceeding shall be entitled, in addition to such other relief as may be granted, to reimbursement by the non-prevailing Party of all of such prevailing Party’s reasonable attorneys’ fees and costs incurred in connection with such proceeding. The Parties agree that the provisions of this Section IX shall survive the termination of this Agreement. X.Amendments and Notice Changes to the terms and conditions of this Agreement shall be mutually agreed upon by written amendment. All notices required to be given pursuant to this Agreement shall be made by personal delivery, by mail, or by email as follows: By Mail: Such notice mailing may be done by expedited delivery service with proof of delivery, or by United States Mail, postage prepaid, registered or certified mail, return receipt requested, and shall be delivered the stipulated contact person at the respective address set forth at the end of this Agreement, or to such different person or address as such addressee shall have designated by written notice sent in accordance herewith. Such notice shall be deemed to have been given and received as of the date of first attempted delivery at the address. DocuSign Envelope ID: 96F4754F-0E73-44D6-AE45-22B03D87ABCA 5 By Email: Any notice sent by email shall be sent, return receipt requested, to the following contact persons: (i)for CONTRACTOR, to Colette Parrish, or their successor, at colette@familyconnects.org; and (ii)for AGENCY, to Heath Harmon, or their successor, at heath.harmon@eaglecounty.us XI.Waiver No failure or delay by either party in exercising any right under this Agreement, nor any partial exercise of any such right, will constitute a waiver of that right, or any other right. The waiver by either party of the breach of any terms and conditions of, or any right under, this Agreement shall not be deemed to constitute the waiver of any other breach of the same, or any other term or condition, or of any similar right. XII.Severability If any provision of this Agreement is held by a court of competent jurisdiction to be contrary to law, the provision will be deemed null and void, and the remaining provisions of this Agreement will remain in effect. XIII.Governing Law This Agreement and the rights of the Parties hereunder shall be governed by and interpreted in accordance with the laws of the State of Colorado, without regard to choice or conflicts of law rules, and to the exclusive jurisdiction of the applicable courts in Colorado. XIV.Accessibility Contractor shall provide a third-party attestation of product accessibility compliance for any software or platform with which users will interact when requested by Agency. Such attestation shall include a summary of the software’s or platform’s ADA compliance as well as any outstanding accessibility issues identified in the software or platform, and an explanation as to how Contractor intends to make the software or platform fully compliant. Remediation of accessibility issues which pose a very minor inconvenience to disabled users but do not prevent them from using the software may be waived by the Agency in its sole discretion. Correction of accessibility issues may require, among other things, writing new core code, turning off inaccessible features, providing users with third party software in addition to their assistive technology, or providing disabled users with an alternative pathway to the inaccessible feature or the business process that it automates. Contractor shall collaborate with the Agency to prioritize accessibility defects based on severity. If the Agency determines that accessibility issues exist but cannot be resolved or mitigated, Agency may terminate this Agreement XV.Counterparts This Agreement may be executed in any number of counterparts, each of which will be deemed an original, but all of which together will constitute one and the same instrument. A signed copy of this Agreement delivered by facsimile, email, or other means of electronic transmission is deemed to have the same legal effect as delivery of an original signed copy of this Agreement. XVI.Entire Agreement DocuSign Envelope ID: 96F4754F-0E73-44D6-AE45-22B03D87ABCA 6 This Agreement, including and together with any exhibits, schedules, attachments, and appendices, constitutes the sole and entire agreement of the Parties with respect to the subject matter contained herein, and supersedes all prior and contemporaneous understandings, agreements, representations, and warranties, both written and oral, regarding such subject matter. XVII.Relationship of the Parties The relationship between the Parties is that of independent contractors. The details of the method and manner for performance of the Services by CONTRACTOR shall be under its own control, AGENCY being interested only in the results thereof. CONTRACTOR shall be solely responsible for supervising, controlling, and directing the details and manner of the completion of the Services. Nothing in this Agreement shall give AGENCY the right to instruct, supervise, control, or direct the details and manner of the completion of the Services. The Services must meet AGENCY’S final approval and shall be subject to AGENCY’S general right of inspection throughout the performance of the Services and to secure satisfactory final completion. Nothing contained in this Agreement shall be construed as creating any agency, partnership, joint venture, or other form of joint enterprise, employment, or fiduciary relationship between the Parties, and neither Party shall have authority to contract for or bind the other Party in any manner whatsoever. XVIII.Force Majeure No Party shall be liable or responsible to the other Party, or be deemed to have defaulted under or breached this Agreement, for any failure or delay in fulfilling or performing any term of this Agreement (except for any obligations of AGENCY to make payments to CONTRACTOR hereunder), when and to the extent such failure or delay is caused by or results from acts beyond the impacted party’s (“Impacted Party”) reasonable control, including, without limitation, the following force majeure events (“Force Majeure Event(s)”): (a) acts of God; (b) flood, fire, earthquake, or explosion; (c) war, invasion, hostilities (whether war is declared or not), terrorist threats or acts, riot, or other civil unrest; (d) government order, law, or actions; (e) embargoes or blockades in effect on or after the date of this Agreement; and (f) national or regional emergency. The Impacted Party shall give notice within ten (10) days of the Force Majeure Event to the other Party stating the period of time the occurrence is expected to continue. The Impacted Party shall use diligent efforts to end the failure or delay and ensure the effects of such Force Majeure Event are minimized. The Impacted Party shall resume the performance of its obligations as soon as reasonably practicable after the removal of the cause. In the event that the Impacted Party’s failure or delay remains uncured for a period of sixty (60) days following written notice given by it under this Section XVIII, the other Party may thereafter terminate this Agreement upon thirty days’ written notice. [Signature Page Follows] DocuSign Envelope ID: 96F4754F-0E73-44D6-AE45-22B03D87ABCA 7 IN WITNESS WHEREOF, the Parties hereto have hereunto set their hands and seals and duly executed this Agreement as of the day and year first set forth above. AGENCY CONTRACTOR Eagle County, Colorado By and through Jeff Shroll, its County Manager PO Box 850 500 Broadway Eagle, CO 81631 Family Connects International Colette Parrish 3710 University Drive Suite 310 Durham, NC 27707 ___________________________________ ____________ ___Jeff Shroll, County Manager_______ Signature of AGENCY Representative Date Name/Title of AGENCY Representative ___________________________________ ____________ ___________________________________ Signature of CONTRACTOR Representative Date Name/Title of CONTRACTOR Representative DocuSign Envelope ID: 96F4754F-0E73-44D6-AE45-22B03D87ABCA Colette Parrish5/7/2024 Chief Int Ops Off. 5/7/2024 8 ATTACHMENT A: FAMILY CONNECTS INTERNATIONAL NON-DISCLOSURE, CONFIDENTIALITY, AND NON-COMPETITION AGREEMENT This Non-Disclosure Agreement (hereinafter, “Agreement”) is made and entered into on the date of full execution, by and between Eagle County, Colorado who has an address of 500 Broadway, PO Box 850, Eagle, Colorado 81631 (hereinafter, “Recipient”) and Family Connects International, who has an address of 3710 University Drive, Suite 310, Durham, North Carolina 27707 (hereinafter, “FCI”). Recipient and FCI may be referred to as “Party” or “Parties” throughout this Agreement. WHEREAS, the Parties acknowledge that it may be desirable for FCI to provide Eagle County, Colorado, solely as a result of their role or relationship with Illuminate Colorado Inc., certain information, including trade secret information (hereinafter, “Trade Secret”) considered to be confidential, valuable, and proprietary, for the purpose of implementing the FCI program (“Family Connects”) through the Illuminate Colorado Inc. with whom Eagle County, Colorado has an relationship. The Parties acknowledge that but for such relationship between Eagle County, Colorado with Illuminate Colorado Inc., and the desire of Illuminate Colorado Inc. and FCI to implement the Family Connects program through Illuminate Colorado Inc., FCI would not disclose any Confidential Information to Eagle County, Colorado without this Agreement. WHEREAS, the Parties further acknowledge and agree that without the protections set forth in this Agreement, FCI would not disclose any Confidential Information or Trade Secrets to Eagle County, Colorado. NOW, THEREFORE, in consideration of the covenants contained herein, and for other good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged, the Parties hereto agree as follows: Section 1. Definitions: For purposes of this Agreement, the following definitions and clarifications shall apply: (a)“Trade Secret” shall mean any information of FCI, without regard to form, including, but not limited to, technical or non-technical data, a formula, a pattern, a compilation, a program, a method, a technique, a sample, a drawing, a process, research strategies and data, financial data, financial plans, product plans, development plans, budgets, or information or a list of actual or potential customers, payers, lessors, subcontractors, or suppliers, which is not commonly known by or available to the public and which information (i) derives economic value, actual or potential, from not being generally known to and not being readily ascertainable by proper means by other persons who can obtain economic value from its disclosure or use and (ii) is the subject of efforts that are reasonable under the circumstances to maintain its secrecy. (b)“Confidential Information” shall mean any data or information other than Trade Secrets, without regard to form, that is of value to FCI and is not generally known to third parties. To the extent consistent with the foregoing, Confidential Information includes, but is not limited to, lists (whether in written form or otherwise) of, or any information about, FCI’s executives, employees, subcontractors, consultants, insurance payers, and affiliates, Products, Existing Works, research and marketing techniques, price lists, pricing policies, budgets, business methods, development plans, financial data, potential development plans or sites, contracts and contractual relations, customers, and suppliers, and the existence and substance of any discussions and relationship between the Parties hereto (including this Agreement and the Parties’ execution and delivery hereof). Confidential Information also includes any information described in this paragraph (b) which FCI obtains from another party and which FCI treats as proprietary or designates as confidential, whether or not owned or developed by FCI. (c)The terms “Trade Secret” and “Confidential Information” shall not include any materials or information of the types specified in subparagraphs (a) and (b) above to the extent that such materials or information: (i) through no DocuSign Envelope ID: 96F4754F-0E73-44D6-AE45-22B03D87ABCA 9 act or failure to act by Recipient, are or become publicly known or generally utilized by others engaged in the same business or activities in which FCI utilized, developed or otherwise acquired such information; (ii) are lawfully known to Recipient prior to FCI’s disclosure pursuant to this Agreement, not having been obtained from FCI; (iii) are furnished to others by FCI with no restriction on disclosure; or (iv) are independently developed by Recipient. Failure to mark any of the Trade Secrets or Confidential Information as confidential shall not affect its status as a Trade Secret or Confidential Information under this Agreement. (d)“Products” shall mean any and all works of authorship created or developed prior to or during the Term of this Agreement by FCI, or any of its agents, employees, or subcontractors. “Products” may also include text, video, illustration, compilation, software, and/or any other medium or format. FCI is and will be the sole and exclusive owner of all right, title, and interest in and to such “Products”, including all copyrights and other intellectual property rights therein. (e)“Existing Works” shall mean all Products, intellectual property or other property created by FCI prior to the execution of this Agreement, which the Parties agree all intellectual property rights of such Existing Works are, and shall remain, the sole property of FCI. Such intellectual property rights shall include, but not limited to, copyrights, trademarks, and “moral rights” (as such term is typically understood under intellectual property law). Section 2. Maintenance of Confidentiality: Recipient shall hold FCI’s Trade Secrets and Confidential Information in strict confidence and take all appropriate measures to ensure that no unauthorized person shall have access to such Trade Secrets or Confidential Information and that all “Authorized Parties” (as defined below) having access refrain from making any unauthorized use or disclosure in violation of this Agreement. Recipient shall protect FCI’s Trade Secrets and Confidential Information with the same degree of care as Recipient would normally use in the protection of its own Trade Secrets or Confidential Information, but in no case with less than a reasonable degree of care. Recipient shall immediately notify FCI in the event of any unauthorized use or disclosure which violates this Agreement. Recipient shall comply with all applicable federal and state laws, rules and regulations protecting Trade Secrets and Confidential Information. Section 3. Ownership: Recipient acknowledges that all Trade Secrets and Confidential Information of FCI are the exclusive property of FCI and that this Agreement does not grant a license or option, either expressly or by implication, to Recipient under any patent or other intellectual property rights held by FCI. Section 4. Restrictions on Use and Disclosure: Recipient will not, except as expressly authorized or directed by FCI, use, copy, or disclose, or permit any unauthorized person access to, any Trade Secrets or Confidential Information belonging to FCI, except that Recipient may disclose such Trade Secrets or Confidential Information of FCI in confidence to its employees and advisors (hereinafter “Authorized Parties”), who: (a) have a substantive need to know such Trade Secrets and Confidential Information in connection with the relationship between the Parties hereto; (b) have been advised of the confidential and proprietary nature of such Trade Secrets and Confidential Information; and (c) have a written agreement with Recipient to protect from unauthorized use or disclosure all of FCI’s Trade Secrets and Confidential Information to which they have access in the course of their relationship with Recipient. In all events, Recipient shall remain liable for any breach of this Agreement by any Authorized Parties. For the avoidance of doubt, Recipient shall not use Trade Secrets or Confidential Information in any manner not contemplated by FCI or in any way detrimental to FCI. In the event that Recipient is required by law or legal process to disclose any of the Trade Secrets or Confidential Information of FCI, Recipient shall provide FCI with prompt oral and written notice, unless notice is prohibited by law (in which case notice shall be provided as early as may be legally permissible), of any such requirement, postpone disclosure for the maximum time period permitted under applicable law, and allow FCI the opportunity to seek a protective order or other appropriate remedy. Recipient agrees to cooperate with FCI in any reasonable efforts to obtain such remedies, but this provision shall not be construed to require Recipient to undertake litigation or other DocuSign Envelope ID: 96F4754F-0E73-44D6-AE45-22B03D87ABCA 10 legal proceedings on behalf of FCI. Recipient will not reverse engineer, disassemble, decompile or copy FCI’s Trade Secrets or Confidential Information. Recipient shall not, directly or indirectly (including in the conduct of its business or employment) use, or permit to be used, the Trade Secrets or Confidential Information obtained from FCI to FCI’s detriment, whether or not Recipient benefits from such detrimental use. Recipient shall not sell, sublicense, assign, pledge, encumber, or otherwise transfer or dispose of any of FCI’s Trade Secrets or Confidential Information or any of the rights or obligations granted or imposed on Recipient hereunder. Section 5. No Warranty: Recipient acknowledges that neither FCI, nor any of FCI’s representatives, makes any express or implied representation or warranty as to the accuracy or completeness of any Trade Secrets or Confidential Information provided hereunder. All Trade Secrets or Confidential Information are provided “as is.” Section 6. Return or Destruction of Materials: Upon request of FCI and in any event upon the termination of the relationship between the parties or upon the request of FCI, Recipient will deliver to FCI all memoranda, notes, records, tapes, documentation, disks, manuals, files or other documents, and all copies thereof, concerning or containing FCI’s Confidential Information or Trade Secrets that are in Recipient’s possession or control, whether made or compiled by Recipient or furnished to Recipient by FCI, or, at FCI's written direction, destroy such materials, and provide written certification to FCI that the information has been returned or destroyed. Each Party hereby agrees that it will not retain any copies, extracts or other reproductions in whole or in part of any of the other Party’s Trade Secrets or Confidential Information. Section 7. Term: This Agreement shall be deemed effective upon Recipient’s execution hereof and shall extend with regard to Confidential Information until five (5) years after the date of final disclosure of Confidential Information hereunder. Thereafter the Parties’ obligations hereunder survive and continue in effect with respect to any Trade Secrets under applicable law. Section 8. Remedies: Recipient acknowledges that the injury that FCI will suffer in the event of Recipient’s breach of any covenant or agreement contained herein cannot be compensated by monetary damages alone, and the Parties therefore agree that, in addition to and without limiting any other remedies or rights which FCI may have either under this Agreement or otherwise, as such FCI shall be entitled to injunctive relief enjoining any such breach, or other equitable relief, from any court of competent jurisdiction, without a requirement of posting bond as a condition thereof. Without limitation on the provisions of the immediately preceding paragraph, or any other remedies and damages available to either Party under applicable law, in the event that a Party is in breach or violation of this Agreement, and as a result the non-breaching Party seeks enforcement of the terms and conditions hereof, the breaching Party agrees to pay or reimburse the non-breaching Party for all reasonable costs and attorneys’ fees so incurred by the non-breaching Party. Section 9. Assignment: Neither Party shall have the ability to assign this Agreement, or its interest therein, without the other Party’s prior written consent. Any purported assignment in violation of this Section shall be null and void. This Agreement is binding upon and inures to the benefit of the Parties and their successors and permitted assignees. Section 10. Legal Fees: Should any litigation, arbitration, mediation or other legal proceeding be commenced concerning this Agreement, the Party prevailing in such proceeding shall be entitled, in addition to such other relief as may be granted, to reimbursement by the non-prevailing Party of all of such prevailing Party’s reasonable attorneys’ fees and costs incurred in connection with such proceeding. The Parties agree that the provisions of this Section 10 shall survive the termination of this Agreement. DocuSign Envelope ID: 96F4754F-0E73-44D6-AE45-22B03D87ABCA 11 Section 11. Amendments: Changes to the terms and conditions of this Agreement shall only be effective if mutually agreed upon by the Parties through a written amendment. Section 12. Notices: All notices required to be given pursuant to this Agreement shall be made by personal delivery, by mail or by email as follows: By Mail: Such notice mailing may be done by expedited delivery service with proof of delivery, or by United States Mail, postage prepaid, registered or certified mail, return receipt requested, and shall be delivered the stipulated contact person at the respective address set forth at the end of this Agreement, or to such different person or address as such addressee shall have designated by written notice sent in accordance herewith. Such notice shall be deemed to have been given and received as of the date of first attempted delivery at the address. By Email: Any notice sent by email shall be sent, return receipt requested, to the following contact persons: (i)For FCI: Colette Parrish, or their successor, at Colette@familyconnects.org; and, (ii)For Recipient: to Heath Harmon, or their successor, at heath.harmon@eaglecounty.us. Section 13. Waiver: No failure or delay by either Party in exercising any right under this Agreement, nor any partial exercise of any such right, will constitute a waiver of that right, or any other right. The waiver by either Party of the breach of any terms and conditions of, or any right under, this Agreement shall not be deemed to constitute the waiver of any other breach of the same, or any other, term or condition or of any similar right. Section 14. Severability: If any provision of this Agreement is held by a court of competent jurisdiction to be contrary to law, the provision will be deemed null and void, and the remaining provisions of this Agreement will remain in effect. Section 15. Governing Law: This Agreement and the rights of the Parties hereunder shall be governed by and interpreted in accordance with the laws of the State of Colorado, without regard to choice or conflicts of law rules, and to the exclusive jurisdiction of the applicable courts in Colorado. Section 16. Counterparts: This Agreement may be executed in any number of counterparts, each of which will be deemed an original, but all of which together will constitute one (1) and the same instrument. [Signature Page Follows] DocuSign Envelope ID: 96F4754F-0E73-44D6-AE45-22B03D87ABCA 12 IN WITNESS WHEREOF, the undersigned acknowledge they have the authority to execute this on behalf of their organizations, and as such, have hereunto set their hands and seals and duly executed this Agreement as of the day and year first set forth above. SITE CONTRACTOR Eagle County, Colorado By and through Jeff Shroll, its County Manager PO Box 850 500 Broadway Eagle, CO 81631 Family Connects International Colette Parrish 3710 University Drive Suite 310 Durham, NC 27707 Jeff Shroll, County Manager Signature of SITE Representative Date Printed Name/Title of SITE Representative Signature of FCI Representative Date Printed Name/Title of FCI Representative DocuSign Envelope ID: 96F4754F-0E73-44D6-AE45-22B03D87ABCA Chief Int Ops Off.5/7/2024 Colette Parrish 5/7/2024 13 ATTACHMENT B: AGENCY “SALESFORCE” LICENSE ACCEPTANCE AGREEMENT Pursuant to the Family Connects International Site Licensing Agreement (hereinafter, “Agreement”), entered into on the date of full execution, by and between Eagle County, Colorado (hereinafter, “AGENCY”), and Family Connects International (hereinafter, “CONTRACTOR”), AGENCY is entering into this “License Acceptance” with regards to certain Salesforce licenses licensed to AGENCY under the aforementioned Agreement. Pursuant to the terms and conditions set forth in the Agreement, as well as the terms and conditions set forth in the “AGENCY Salesforce Terms and Conditions”, appearing as Attachment C to the Agreement, which terms and conditions are derived from CONTRACTOR’s Master Subscription Agreement with Salesforce, AGENCY for and on their own behalf, as well as on behalf of any of its employees or agents, agrees to be bound by the Agreement as well as AGENCY’s Salesforce Terms and Conditions as such pertain to CONTRACTOR granted licenses. AGENCY further agrees and acknowledges that any breach of any of the aforementioned terms and conditions by AGENCY shall be deemed a breach of the Agreement, and may result in CONTRACTOR liability or damages, or alleged liability or damages against which CONTRACTOR has to defend itself, whether alleged by Salesforce or any third-party. As such, AGENCY shall hold CONTRACTOR, its officers, employees, and agents harmless from any and all claims, injuries, damages, losses, or suits including attorney fees, arising out of or in connection with any such AGENCY breach of any terms and conditions disclosed and agreed to by AGENCY as relate to the Salesforce license. Agreement to these terms and conditions does not guarantee that any issued licenses shall be renewed when they expire, and any renewal shall be at the sole discretion of CONTRACTOR, and may require AGENCY to execute a new or revised License Agreement. These terms and conditions and the rights of the Parties hereunder shall be governed by and interpreted in accordance with the laws of the State of North Carolina, without regard to choice or conflicts of law rules, and to the exclusive jurisdiction of the applicable courts in North Carolina. Agency hereto represents that it has the legal capacity and ability to enter into this License Acceptance. AGENCY Eagle County, Colorado By and through Jeff Shroll, its County Manager PO Box 850 500 Broadway Eagle, CO 81631 ___________________________________ ____________ ___Jeff Shroll, County Manager___ Signature of AGENCY Representative Date Name/Title of AGENCY Representative DocuSign Envelope ID: 96F4754F-0E73-44D6-AE45-22B03D87ABCA 5/7/2024 14 ATTACHMENT C: Agency Salesforce License Terms and Conditions Pursuant to the Family Connects International Site Licensing Agreement (hereinafter, “Agreement”), entered into on the date of full execution, by Eagle County, Colorado (hereinafter, “Agency”) and the Family Connects International (hereinafter, “Contractor”), and as part of the Agency Salesforce License Acceptance Agreement, appearing as Attachment B to the Agreement, Contractor is granting Agency a limited license (hereinafter, “License”) to utilize the Salesforce program. By accepting said License, Agency has accepted and acknowledged that use of such License shall be governed by the terms of the Agreement, the MSA which Contractor entered into with Salesforce (hereinafter, “MSA”), as well as the following specific Agency Salesforce License Terms and Conditions (hereinafter, “License Terms”), which combined shall be mandatory requirements for use of the License. As such, AGENCY acknowledges and agrees to the following terms and conditions: 1.Provision and Term of License. Contractor shall provide Agency a limited license to use Salesforce solely pursuant to Contractor’s MSA, for the specific reasons defined between Contractor and Agency in their Agreement, and pursuant to information and PHI disclosure laws. The term of the License shall be governed by the Term of the Agreement. Any such License usage may be rescinded by Contractor at any time if Agency breaches any term or condition governing such License, is in breach of the Agreement, or if Contractor no longer has a contractual relationship with Salesforce. 2.License and Usage Limits. The services and content available through the License, and the number of users who may be able to utilize the License, shall be determined as between the Parties, and may be subject to limitations, changes, or amendments placed upon Contractor under their MSA. Agency understands and agrees that any specific quantity of users of the License specified by Contractor must be adhered to, and that any passwords granted to Agency by Contractor shall not be shared with any third party or unauthorized user. If Agency exceeds a contractual usage limit, or allows unauthorized access via the License, Contractor shall immediately limit or rescind such License. 3.Agency Responsibilities. Agency shall (i) be responsible for any of its users’ compliance with this License’s Terms, as well as the MSA and Agreement, (ii) use reasonable efforts to prevent unauthorized access to or use of the License, and notify Contractor promptly of any such unauthorized access or use of said License, and, (iii) use Salesforce only in accordance with the Agreement, MSA and this License Terms document, as well as any applicable laws and government regulations. 4.Reservation of Rights. Subject to the limited rights expressly granted hereunder, Contractor reserves all of their right, title and interest in and to the License granted to it by Salesforce, including any intellectual property rights. No rights are granted to Agency hereunder other than as expressly set forth herein. 5.Protection of Confidential Information. Agency shall abide by the confidentiality provisions provided in the Agreement, as well as any BAA entered into with Contractor. 6.Disclaimers. EXCEPT AS EXPRESSLY PROVIDED HEREIN, NEITHER PARTY MAKES ANY WARRANTY OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, AND EACH PARTY SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW. ANY SERVICES TIED TO THE LICENSE ARE PROVIDED "AS IS," AND AS AVAILABLE EXCLUSIVE OF ANY DocuSign Envelope ID: 96F4754F-0E73-44D6-AE45-22B03D87ABCA 15 WARRANTY WHATSOEVER. EACH PARTY DISCLAIMS ALL LIABILITY AND INDEMNIFICATION OBLIGATIONS FOR ANY HARM OR DAMAGES CAUSED BY ANY THIRD -PARTY HOSTING PROVIDERS. 7.Order of Precedence and Terms. This License is to be read in conjunction with the Agency Salesforce License Acceptance Agreement, appearing as Attachment B to the Agreement, as well as the MSA and the Agreement. Capitalized terms, unless otherwise defined in this License, shall have the meaning given to them under the MSA and/or the Agreement. Except as to the defined terms in this License, in the event of any conflict or inconsistency among the following documents, and strictly with regards to the granting of the license hereunder, the order of precedence shall be: (i) the Agreement, (ii) the MSA, and (iii) this License. 8.Waiver. No waiver of any provision of this License will be effective unless in writing and signed by the party against whom the waiver is to be asserted. No failure or delay by either party in exercising any right under this License shall constitute a waiver of that right. 9.Severability. If any provision of this License is held by a court of competent jurisdiction to be contrary to law, the provision shall be deemed null and void, and the remaining provisions of this License shall remain in effect. 10.Assignment. Agency may not assign any of its rights or obligations hereunder, whether by operation of law or otherwise, without the Contractor’s prior written consent (which is not to be unreasonably withheld). [End of Document] DocuSign Envelope ID: 96F4754F-0E73-44D6-AE45-22B03D87ABCA 16 ATTACHMENT D: Business Associate Agreement (attached) DocuSign Envelope ID: 96F4754F-0E73-44D6-AE45-22B03D87ABCA ATTACHMENT D: Business Associate Agreement This Business Associate Agreement (the “Agreement”) is made effective the 1st day of January, 2023, by and between Eagle County, Colorado, hereinafter referred to as “Covered Entity”, and Family Connects International, hereinafter referred to as “Business Associate” (Individually, a “Party” and collectively, the “Parties”). WITNESSETH: WHEREAS, the Parties wish to enter into a Business Associate Agreement to ensure compliance with the Privacy and Security Rules of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA Privacy and Security Rules”) (45 C.F.R. Parts 160 and 164). WHEREAS, the Health Information Technology for Economic and Clinical Health (“HITECH”) Act of the American Recovery and Reinvestment Act of 2009, Pub. L. 111-5, modified the HIPAA Privacy and Security Rules (hereinafter, all references to the “HIPAA Privacy and Security Rules” include all amendments thereto set forth in the HITECH Act and any accompanying regulations); and WHEREAS, the Parties have entered in to one or more contractual arrangements (the “Underlying Agreements”) pursuant to which Business Associate performs certain services on behalf of Covered Entity and, pursuant to such Underlying Agreements, Business Associate may be considered a “business associate” of Covered Entity as defined in the HIPAA Privacy and Security Rules; and WHEREAS, Business Associate may create, access, receive, maintain or transmit Covered Entity’s Protected Health Information or Electronic Protected Health Information (as defined below) in fulfilling its responsibilities under the Underlying Agreements; and WHEREAS, both Parties are committed to complying with the HIPAA Privacy and Security Rules, and Business Associate wishes to honor its obligations as a Business Associate to Covered Entity; and THEREFORE, in consideration of the Parties’ continuing obligations under the Underlying Agreements, and for other good and valuable consideration, the receipt and sufficiency of which is hereby acknowledged, the Parties agree to the provisions of this Agreement. I.Definitions Except as otherwise defined herein, any and all capitalized terms in this Agreement shall have the definitions set forth in the HIPAA Privacy and Security Rules. In the event of an inconsistency between the provisions of this Agreement and mandatory provisions of the HIPAA Privacy and Security Rules, as amended, the HIPAA Privacy and Security Rules in effect at the time shall control. Where provisions of this Agreement are different from those mandated by the HIPAA Privacy and Security Rules but are nonetheless permitted by the HIPAA Privacy and Security Rules, the provisions of this Agreement shall control. The term “Breach” means the unauthorized acquisition, access, use, or disclosure of Protected Health Information which compromises the security or privacy of such information in accordance with the DocuSign Envelope ID: 96F4754F-0E73-44D6-AE45-22B03D87ABCA regulations for Breach Notification for Unsecured Protected Health Information codified at 45 C.F.R. Part 164, Subpart D, as currently in effect (“Breach Notification Rule). The term “Electronic Health Record” means an electronic record of health-related information on an individual that is created, gathered, managed, and consulted by authorized health care clinicians and staff. The term “HIPAA Privacy and Security Rules” refers to 45 C.F.R. Parts 160 and 164 as currently in effect or hereafter amended. The term “Protected Health Information” means individually identifiable health information, including without limitation, all information, data, documentation, and materials, including without limitation, demographic, medical and financial information, that relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual; and that identifies the individual or with respect to which there is reasonable basis to believe the information can be used to identify the individual. “Protected Health Information” includes, without limitation “Electronic Protected Health Information” as defined below. The term “Secretary” means the Secretary of the Department of Health and Human Services. The term “Unsecured Protected Health Information” means Protected Health Information that is not rendered unusable, unreadable, or indecipherable to unauthorized individuals through the use of a technology or methodology specified by the Secretary in guidance published in the Federal Register at 74 Fed.Reg. 19006 on April 27, 2009, and in annual guidance published thereafter. II. Permitted Uses and Disclosures by Business Associate a. Business Associate may use or disclose Protected Health Information to perform functions, activities, or services for, or on behalf of, Covered Entity as specified in the Underlying Agreements or as otherwise required by law, provided that such use or disclosure would not violate the HIPAA Privacy and Security Rules if done by Covered Entity. Until such time as the Secretary issues regulations pursuant to the HITECH Act specifying what constitutes “minimum necessary” for purposes of the HIPAA Privacy and Security Rules, Business Associate shall, to the extent practicable, disclose only the minimum necessary amount of Protected Health Information to accomplish the intended purpose of the disclosure. b. Business Associate may use Protected Health Information in its possession for its proper management and administration and to fulfill any present or future legal responsibilities of Business Associate, provided that such uses are permitted under state and federal confidentiality laws. c. Business Associate may disclose Protected Health Information in its possession to third parties for the purposes of its proper management and administration or to fulfill any present or future legal responsibilities of Business Associate, provided that: 1. The disclosures are required by law; or DocuSign Envelope ID: 96F4754F-0E73-44D6-AE45-22B03D87ABCA 2.Business Associate obtains reasonable assurances from the third parties to whom the Protected Health Information is disclosed that the information will remain confidential and be used or further disclosed only as required by law or for the purpose for which it was disclosed to the third party, and that such third parties will notify Business Associate of any instances of which they are aware in which the confidentiality of the information has been breached. d.Business Associate may use Protected Health Information to provide Data Aggregation services relating to the Health Care Operations of Covered Entity if required or permitted under an Underlying Agreement; and e.Business Associate may de-identify Protected Health Information in accordance with 45 C.F.R § 164.514(a)-(c), only if required by an Underlying Agreement to perform the its obligations. Business Associate shall not disclose or otherwise use de-identified data derived from Covered Entity’s Protected Health Information without the express written consent of Covered Entity. III.Obligations and Activities of Business Associate a.Business Associate acknowledges and agrees that all Protected Health Information that is created or received by Covered Entity and disclosed or made available in any form, including paper record, oral communication, audio recording, and electronic display by Covered Entity or its operating units to Business Associate or is created or received by Business Associate on Covered Entity’s behalf shall be subject to this Agreement. b.Business Associate agrees to not use or further disclose Protected Health Information other than as permitted or required by this Agreement, the Underlying Agreements, or as required by law. c.Business Associate agrees to use appropriate safeguards to prevent the unauthorized use or disclosure of Protected Health Information. Specifically, Business Associate will: 1.Implement the administrative, physical, and technical safeguards set forth in Sections 164.308, 164.310, and 164.312 of the HIPAA Privacy and Security Rules that reasonably and appropriately protect the confidentiality, integrity, and availability of any Protected Health Information that it creates, receives, maintains, or transmits on behalf of Covered Entity, and, in accordance with Section 164.316 of the HIPAA Privacy and Security Rules, implement and maintain reasonable and appropriate policies and procedures to enable it to comply with the requirements outlined in Sections 164.308, 164.310, and 164.312; and 2.Report to Covered Entity any unauthorized use or disclosure of Protected Health Information of which Business Associate becomes aware. Business Associate shall report to Covered Entity any Security Incident involving Protected Health Information of which it becomes aware. For purposes of this Agreement, “Security Incident” means the successful unauthorized access, use, disclosure, modification, or destruction of Protected Health Information or interference with system operations in an information system, of which Business Associate has knowledge or should, with the exercise of reasonable diligence, have knowledge. d.Business Associate agrees to ensure that any representative or agent, including a subcontractor, to whom it provides Protected Health Information received from, or created or received DocuSign Envelope ID: 96F4754F-0E73-44D6-AE45-22B03D87ABCA by Business Associate on behalf of Covered Entity, agrees to the same restrictions and conditions that apply through this Agreement to Business Associate with respect to such information. e. Business Associate agrees to comply with any requests for restrictions on certain disclosures of Protected Health Information to which Covered Entity has agreed in accordance with Section 164.522 of the HIPAA Privacy and Security Rules and of which Business Associate has been notified by Covered Entity. In addition, and notwithstanding the provisions of Section 164.522(a)(1)(ii), Business Associate agrees to comply with an individual’s request to restrict disclosure of Protected Health Information to a health plan for purposes of carrying out payment or health care operations if the Protected Health Information pertains solely to a health care item or service for which Covered Entity has been paid by in full by the individual or the individual’s representative. f. At the request of Covered Entity and in a reasonable time and manner, Business Associate agrees to make available Protected Health Information required for Covered Entity to respond to an individual’s request for access to his or her Protected Health Information in accordance with Section 164.524 of the HIPAA Privacy and Security Rules. If Business Associate maintains Protected Health Information electronically, it agrees to make such Protected Health Information available electronically to the applicable individual or to a person or entity specifically designated by such individual, upon such individual’s request. g. At the request of Covered Entity and in a reasonable time and manner, Business Associate agrees to make available Protected Health Information required for amendment by Covered Entity in accordance with the requirements of Section 164.526 of the HIPAA Privacy and Security Rules. h. Business Associate agrees to document any disclosures of and make Protected Health Information available for purposes of accounting of disclosures, as required by Section 164.528 of the HIPAA Privacy and Security Rules. i. Business Associate agrees that it will make its internal practices, books, and records relating to the use and disclosure of Protected Health Information received from or created or received by Business Associate on behalf of, Covered Entity, available to the Secretary for the purpose of determining Covered Entity’s compliance with the HIPAA Privacy and Security Rules, in a time and manner designated by the Secretary. j. Business Associate agrees that, while present at any Covered Entity facility and/or when accessing Covered Entity’s computer network(s), it and all of its employees, agents, representatives, and subcontractors will at all times comply with any network access and other security practices, procedures and/or policies established by Covered Entity including, without limitation, those established pursuant to the HIPAA Privacy and Security Rules. k. Business Associate agrees that it will not directly or indirectly receive remuneration in exchange for any Protected Health Information or an individual without the written authorization of the individual or the individual’s representative, except where the purpose of the exchange is: 1. For public health activities as described in Section 164.512(b) of the Privacy and Security Rules; DocuSign Envelope ID: 96F4754F-0E73-44D6-AE45-22B03D87ABCA 2.For research as described in Sections 164.501 and 164.512(i) of the Privacy and Security Rules, and the price charged reflects the costs of preparation and transmittal of the data for such purpose; 3.For treatment of the individual, subject to any further regulation promulgated by the Secretary to prevent inappropriate access, use, or disclosure of Protected Health Information; 4.For the sale, transfer, merger, or consolidation of all or part of Business Associate and due diligence related to that activity; 5.For an activity that Business Associate undertakes on behalf of and at the specific request of Covered Entity. 6.To provide an individual with a copy of the individual’s Protected Health Information pursuant to Section 164.524 of the Privacy and Security Rules; or 7.Other exchanges that the Secretary determines in regulations to be similarly necessary and appropriate as those described in this Section III(k). IV.Business Associate’s Mitigation and Breach Notification Obligations a.Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of an unauthorized use or disclosure of Protected Health Information by Business Associate in violation of the requirements of this Agreement. Covered Entity shall have primary responsibility for notifying individuals, the media, the Secretary, or other governmental agencies, as required by law, in the event of a Breach. However, at Covered Entity’s option, Business Associate will be responsible for notifying individuals, the media, the Secretary, or other governmental agencies, as required by law, of the occurrence when Covered Entity requires notification and to pay any cost of such notifications. In such event, Business Associate must obtain Covered Entity’s approval of the time, manner and content of any such notifications, provide Covered Entity with copies of the notification and provide the notification without unreasonable delay, but in no event more than sixty (60) calendar days after discovery of the Breach by Covered Entity or Business Associate. Regardless of whether Covered Entity or Business Associate provides notification of the Breach, Business Associate shall be responsible for any and all costs associated with Business Associate’s Breach, including, but not limited to, investigation, mitigation, notification, and credit monitoring and attorneys’ fees. b.Following the discovery of a Breach of Unsecured Protected Health Information, Business Associate shall notify Covered Entity of such Breach without unreasonable delay and in no case later than forty-five (45) calendar days after discovery of the Breach. A Breach shall be treated as discovered by Business Associate as of the first day on which such Breach is known to Business Associate or, through the exercise of reasonable diligence, would have been known to Business Associate. c.The Breach notification provided to Covered Entity shall include, to the extent possible: 1.The identification of each individual whose Unsecured Protected Health Information has been, or is reasonably believed by Business Associate to have been, accessed, acquired, used, or disclosed during the Breach; DocuSign Envelope ID: 96F4754F-0E73-44D6-AE45-22B03D87ABCA 2. A brief description of what happened, including the date of the Breach and the date of discovery of the Breach, if known; 3. A description of the types of Unsecured Protected Health Information that were involved in the Breach (such as whether full name, social security number, date of birth, home address, account number, diagnosis, disability code, or other types of information were involved); 4. Any steps individuals should take to protect themselves from potential harm resulting from the Breach; 5. A brief description of what Business Associate is doing to investigate the Breach, to mitigate harm to individuals, and to protect against any further Breaches; and 6. Contact procedures for individuals to ask questions or learn additional information, which shall include a toll-free telephone number, an e-mail address, website, or postal address. d. Business Associate shall provide the information specified in Section IV(d) above to Covered Entity at the time of the Breach notification if possible or promptly thereafter as information becomes available. Business Associate shall not delay notification to Covered Entity that a Breach has occurred in order to collect the information described in Section IV(d) and shall provide such information to Covered Entity even if the information becomes available after the 45-day period provided for initial Breach notification. V. Warranties of Business Associate. Business Associate represents and warrants the following: a. That its internal practices, policies, and records relating to the use and disclosure of Protected Health Information will comply with the HIPAA Privacy and Security Rules; and b. That it will train all of its agents, representatives, and subcontractors on the network access and other security practices, procedures and/or policies established by Covered Entity including, without limitation, those established pursuant to the HIPAA Privacy and Security Rules prior to permitting such employees, agents, representatives, and subcontractors to be present at any Covered Entity facility and/or to access Covered Entity’s computer network(s). c. That it will enter into agreements with subcontractors, to whom it provides Protected Health Information received from, or created or received by Business Associate on behalf of Covered entity, which comply with all the requirements that apply through this Agreement to Business Associate with respect to such information. d. Business Associate will provide to Covered Entity proof of training if requested by Covered Entity to do so. VI. Obligations of Covered Entity a. Upon request of Business Associate, Covered Entity shall provide Business Associate with the notice of privacy practices that Covered Entity produces in accordance with Section 164.520 of the HIPAA Privacy and Security Rules. DocuSign Envelope ID: 96F4754F-0E73-44D6-AE45-22B03D87ABCA b. Covered Entity shall provide Business Associate with any changes in, or revocation of, permission by an individual to use or disclose Protected Health Information, if such changes affect Business Associate’s permitted or required uses or disclosures. c. Covered Entity shall notify Business Associate of any restriction to the use or disclosure of Protected Health Information to which Covered Entity has agreed in accordance with Section 164.522 of the HIPAA Privacy and Security Rules, and Covered Entity shall inform Business Associate of the termination of any such restriction, and the effect that such termination shall have, if any, upon Business Associate’s use and disclosure of such Protected Health Information. VII. Term and Termination a. Term. The Term of this Agreement shall be effective as of the date first written above, and shall terminate upon the later of the following events: (i) in accordance with Section VIII(c), when all of the Protected Health Information provided by Covered Entity to Business Associate or created or received by Business Associate on behalf of Covered Entity is destroyed or returned to Covered Entity or, if such return or destruction is infeasible, when protections are extended to such information; or (ii) upon the expiration or termination of the last of the Underlying Agreements. b. Termination for Cause. Upon Covered Entity’s knowledge of a material breach of this Agreement by Business Associate, Covered Entity shall provide an opportunity for Business Associate to cure the breach. If Business Associate does not cure the breach within a reasonable timeframe not to exceed thirty (30) business days from the notification of the breach, or if a material term of this Agreement has been breached and a cure is not possible, Covered Entity shall have the right to immediately terminate this Agreement. If termination is not feasible, Covered Entity shall report such violation to the Secretary. c. Effect of Termination. 1. Except as provided in paragraph 2 of the subsection, upon termination of this Agreement, the Underlying Agreements or upon request of Covered Entity, whichever occurs first, Business Associate shall within ten (10) days return or destroy all Protected Health Information received form Covered Entity or created or received by Business Associate on behalf of Covered Entity. This provision shall apply to Protected Health Information that is in the possession of subcontractors or agents of Business Associate. Neither Business Associate nor its subcontractors or agents shall retain copies of the Protected Health Information. 2. In the event that Business Associate determines that returning or destroying the Protected Health Information is infeasible, Business Associate shall provide within ten (10) days to Covered Entity notification of the conditions that make return or destruction infeasible. Upon mutual agreement of the Parties that return, or destruction of Protected Health Information is infeasible, Business Associate shall extend the protections of this Agreement to such Protected Health Information and limit further uses and disclosures of such Protected Health Information to those purposes that make the return or destruction infeasible, for so long as Business Associate maintains such Protected Health Information. VIII. Miscellaneous DocuSign Envelope ID: 96F4754F-0E73-44D6-AE45-22B03D87ABCA a. Indemnification. Business Associate shall indemnify and hold Covered Entity harmless from and against all claims, liabilities, judgment, fines, assessments, penalties, awards, or other expenses, of any kind or nature whatsoever, including, without limitation, attorneys’ fees, expert witness fees, and costs of investigation, litigation, or dispute resolution, relating to or arising out of Business Associate’s breach or alleged breach of this Agreement, or any Breach, by Business Associate or subcontractors or agents of Business Associate. b. No Rights in Third Parties. Except as expressly stated herein, in the HIPAA Privacy and Security Rules, the Parties to this Agreement do not intend to create any rights in any third parties. c. Survival. The obligations of Business Associate under Section VIII(a) of this Agreement shall survive the expiration, termination, or cancellation of this Agreement, the Agreements, and/or the business relationship of the parties, and shall continue to bind Business Associate, its agents, employees, contractors, successors, and assigns as set forth herein. d. Amendment. This Agreement may be amended or modified only in a writing signed by the Parties. The Parties agree that they will negotiate amendments to this Agreement to conform to any changes in the HIPAA Privacy and Security Rules as are necessary for Covered Entity to comply with the current requirements of the HIPAA Privacy and Security Rules and the Health Insurance Portability and Accountability Act. In addition, in the event that either Party believes in good faith that any provision of this Agreement fails to comply with the then-current requirements of the HIPAA Privacy and Security Rules or any other applicable legislation, then such Party shall notify the other Party of its belief in writing. For a period of up to thirty (30) days, the Parties shall address in good faith such concern and amend the terms of this Agreement, if necessary to bring it into compliance. If, after such 30-day period, the Agreement fails to comply with the HIPAA Privacy and Security Rules or any other applicable legislation, then either Party has the right to terminate this Agreement and the underlying arrangement upon written notice to the other party. e. Assignment. Neither Party may assign its respective rights and obligations under this Agreement without the prior written consent of the other Party. f. Independent Contractor. None of the provisions of this Agreement are intended to create, nor will they be deemed to create, any relationship between the Parties other than that of independent parties contracting with each other solely for the purposes of effecting the provisions of this Agreement and any other agreements between the Parties evidencing their business relationship. g. Governing Law. To the extent this Agreement is not governed exclusively by the HIPAA Privacy and Security Rules or other provisions of federal statutory or regulatory law, it will be governed by and construed in accordance with the laws of the state in which Covered Entity has its principal place of business. h. No Waiver. No change, waiver, or discharge of any liability or obligation hereunder on any one or more occasions shall be deemed a waiver of performance of any continuing or other obligation, or shall prohibit enforcement of any obligation, on any other occasion. i. Interpretation. Any ambiguity of this Agreement shall be resolved in favor of a meaning that permits Covered Entity to comply with the HIPAA Privacy and Security Rules. DocuSign Envelope ID: 96F4754F-0E73-44D6-AE45-22B03D87ABCA j.Severability. In the event that any provision of this Agreement is held by a court of competent jurisdiction to be invalid or unenforceable, the remainder of the provisions of this Agreement will remain in full force and effect. k.Notice. Any notification required in this Agreement shall be made in writing to the representative of the other Party who signed this Agreement or the person currently servicing in that representative’s position with the other Party. l.Certain Provisions Not Effective in Certain Circumstances. The provisions of this Agreement relating to the HIPAA Security Rule shall not apply to Business Associate if Business Associate does not receive any Electronic Protected Health Information from or on behalf of Covered Entity. IN WITNESS WHEREOF, the Parties have executed this Agreement as of the day and year first above written. Covered Entity: Business Associate: Eagle County, Colorado Family Connects International By:______________________________ By:___________________________ Title: Heath Harmon, Executive Director Title:_________________________ DocuSign Envelope ID: 96F4754F-0E73-44D6-AE45-22B03D87ABCA Chief Int Ops Off. Jeff Shroll County Manager