The URL can be used to link to this page

Home My WebLink AboutContract 54154 A R�CC1�Ep CSC No.54154 JUL 1`�2020 CTn',N SECRETARY H INTERLOCAL AGREEMENT TO PROVIDE SHELTER This Interlocal Agreement ("Agreement') is made and entered into by and between the City of Fort Worth ("Fort Worth"), a Texas home rule municipality, and the City of Arlington, a Texas home rule municipality ("Arlington"). Individually, Fort Worth and Arlington may be referred to herein as a"Party" and collectively as the"Parties." RECITALS 1. WHEREAS, the United States of America, the State of Texas, Tarrant County, and the City of Fort Worth have all declared a state of emergency due to the recent coronavirus pandemic("COVID-19"); 2. WHEREAS,the Center for Disease Control has issued guidance to help prevent the spread of COVID-I9, including social distancing of at least six feet; 3. WHEREAS, due to social distancing requirements, emergency shelters do not have the capacity to house people who axe experiencing homelessness; 4. WHEREAS,Fort Worth is committed to protecting the health, wellbeing, and life safety of Fort Worth and local residents who are homeless during times of emergency, such as the COVID-19 pandenuc, when community-based emergency shelters have reached full capacity; 5. WHEREAS, some people will be symptomatic or will test positive for COVID-19 and need to be isolated in order to prevent further spread of COVID-19 throughout Fort Worth and surrounding locales, so Fort Worth has opened an emergency quarantine shelter at the TownePlace Suites at 4200 International Plaza in Fort Worth(the"Shelter")to increase the number of shelter beds available to symptomatic homeless persons during this emergency; and 6. WHEREAS,Chapter 791 of the Texas Government Code allows for local governments to enter into Interlocal Agreements for the provision of governmental functions and both Fort Worth and Arlington meet the definition of local government and wish to enter into this Agreement to provide essential isolation and quarantine shelter services for homeless individuals in the Cities. NOW, THEREFORE, in consideration of the mutual covenants contained herein, the Parries agree as follows: 1. AGREEMENT DOCUMENTS.The Agreement documents shall include the following: A. This Interlocal Agreement B. Attachment A-Business Associate Agreement C. Attachment B -COVID-19 Guest Letter Ii 8t fAk R11 EC_0RD 1 Attachments A and B, which are attached hereto and incorporated herein, are made a part of this Agreement for all purposes. In the event of any conflict between the terms and conditions of the Attachments and the terms and conditions set forth in the body of this Agreement, the terms and conditions of this Agreement shall control. 11. PURPOSE. Fort Worth, in partnership with JPS Health Network, opened the Shelter to provide care for members of the homeless community and reduce further spread of COVID-19. The Shelter provides medical isolation for people experiencing homelessness in Tarrant County who have been verified COVED positive or require respite care after hospital discharge for COVID illness. Pursuant to the terms of this Agreement,Fort Worth, in its sole discretion, will permit Arlington to house members of Arlington's community experiencing homelessness who are COVID positive at the Shelter. III. SERVICES TO BE PERFORMED, A. Fort Worth Will: • Continue to operate the Shelter and provide medical isolation for people experiencing homelessness in Tarrant County who have been verified COVED positive or require respite care after hospital discharge for COVID illness through the Term. Isolation includes room accommodation, medical care or telemedicine care, and meals. This level of care also requires supporting services such as laundry, linens, decontamination, cleaning,and physical security. • Allow Arlington to send up to five simultaneous guests, who are homeless and COVED positive, to the Shelter. The maximum number of guests permitted from Arlington at any given time is five. Arlington may send additional guests as others are medically released up to the simultaneous limit of five. Fort Worth, in its sole discretion, may limit, increase, or otherwise alter the number of Arlington guests to be admitted to the Shelter based on the Shelter capacity needs of Fort Worth, B. Arlington Will: • Provide transportation of its guests from their respective Arlington location to the Shelter through American Medical Response, or as otherwise arranged and provided by Arlington. • Provide transportation for the Arlington guests from the Shelter back to the original source location, after medical release, through Tarrant County Homeless Coalition, or as otherwise arranged and provided by Arlington. 2 • Reimburse Fort Worth, as provided herein,for the cost of services and supplies for the persons Arlington sends to the Shelter as more fully described below': • Room cost per guest per day - $59 • Medical services per guest per day- $40 • Security, laundry,meals, daily cleaning per guest per day - $3 5 • Room decontamination at discharge(one time charge) - $600 • Assume liability for, and ensure against, any property damage caused by its guests at or to the Shelter. • Require its guests to read and comply with terms and conditions of Attachment B, attached to this Agreement. IV. MISCELLANEOUS A. Term and Termination 1. Term. This Agreement shall become effective on June 22, 2020 ("Effective Date") and shall expire immediately at the time the Shelter is closed by Fort Worth or immediately upon written notice by Fort Worth, whichever is earlier.Execution of this Agreement after the Effective Date shall have no bearing on the enforceability of the Agreement. 2. Termination. Fort Worth and Arlington may terminate this Agreement at any time and for any reason by providing written notice of termination. The termination shall be immediate upon notice or on a date certain, if a specific date of termination is included in the written notice. C. Records.Each Party shall maintain their own service records in accordance with their records policies and any applicable laws or regulations. Any records that must be shared to effectuate the purpose of this Agreement shall be done only as allowed by law and in compliance with any applicable regulations and this Agreement D. Immunity. It is expressly understood and agreed that in the execution of this Agreement, neither Party waives, nor shall be deemed hereby to waive, any immunity or defense that would otherwise be available to it against claims arising in the exercise of governmental powers and functions. E. Remedies.No right or remedy granted herein or reserved to the Parties is exclusive of any other right or remedy herein by law or equity provided or permitted;but each shall be cumulative of every other right or remedy given hereunder. No covenant or condition of this Agreement may be waived without written consent of the Parties. Per day cost includes partial days. 3 Forbearance or indulgence by either Party shall not constitute a waiver of any covenant or condition to be performed pursuant to this Agreement. F. Amendment. No supplement, modification or amendment of any term, provision, or condition of this Agreement shall be binding or enforceable on either Party hereto unless in writing signed by both Parties. G. Consideration and Compensation. The Parties acknowledge that as a condition precedent to signing this Agreement, that there was good and valuable consideration exchanged between the Parties. Arlington accepts Fort Worth's provision of isolation and quarantine facilities at the Shelter as consideration for its performance of its duties and obligations set forth in this Agreement. Fort Worth accepts Arlington's reimbursement of costs, as described by this Agreement, as consideration for its obligations and duties set forth in this Agreement as reasonable compensation. 1. Services. Arlington shall reimburse Fort Worth for the cost of services and supplies,as described in section III.B above,rendered by Fort Worth. Fort Worth shall invoice Arlington on a monthly basis for the described costs. Arlington shall reimburse Fort Worth within thirty (30) days of receiving the invoice from Fort Worth. H. Assignment. No Party to this Agreement may assign its rights under this Agreement without the prior written consent of the other Party. I. Governing Law; Jurisdiction. The agreement between the Parties regarding the subject matter hereof shall be governed by and interpreted in accordance with the laws of the state of Texas, without reference to its laws relating to conflicts of law. Any legal action arising out of or relating to the subject matter hereof shall be brought only in the state or federal courts located in Tarrant County, Texas, and the Parties irrevocably consent to the jurisdiction and venue of such courts. J. Relationship of the Parties. None of the provisions of this Agreement are intended to create, and none shall be deemed or construed to create, any relationship between the Parties,other than that of independent contractors. This Agreement shall not create the relationship of employer-employee, agency, partnership, or joint venture_ Neither Party shall have the right or power in any manner to unilaterally obligate the other to any third party, whether or not related to the purpose of this Agreement. K. Notices. Notices pursuant to this Agreement must be in writing to be effective. Notices shall be delivered as follows: a. For Arlington: Mindy Cochran, Executive Director,Housing City of Arlington 501 W. Sanford St. Suite 20 Arlington, Texas 76011 With copy to: 4 Arlington City Attorney's Office MS 63-0300 P.O. Box 90231 Arlington,TX 76004-3231 Arlington's contract administrator is Mindy Cochran and can be reached at: Mindy.Cochran aarlinQtonhousing.us b. For Fort Worth: City of Fort Worth Attn: Jesus J. Chapa, Assistant City Manager 200 Texas Street Fort Worth, TX 76102-6314 With copy to Fort Worth City Attorney's Office at same address Fort Worth's contract administrator is Justin Cox and can be reached at Justin.Cox afortworthtexas.aov. L. Severability. Should any part, term, or provision of this Agreement be declared to be invalid, void, or unenforceable, all remaining parts, terns, and provisions hereof shall remain in full force and effect, and shall in no way be invalidated,impaired, or affected thereby. M. Entire Agreement. This Agreement contains the entire agreement between the Parties relating to the rights herein granted and the obligations herein assumed, and supersedes all prior written or oral agreements or communications between the Parties. J. Electronic Signatures; Facsimile and Scanned Copies; Duplicate Originals; Counterparts; Admissibility of Copies. Each Party agrees that: (i) any electronic signature(if any), whether digital or encrypted, to this Agreement made by any Party is intended to authenticate this Agreement and shall have the same force and effect as an original manual signature; and (ii) any signature to this Agreement by any Party transmitted by facsimile or by electronic mail shall be valid and effective to bind that Party so signing with the same force and effect as an original manual signature. Delivery of a copy of this Agreement or any other document contemplated hereby bearing an original or electronic signature by facsimile transmission (whether directly from one facsimile device to another by means of a dial-up connection or whether mediated by the worldwide web),by electronic mail in portable document format(.pdf) form, or by any other electronic means intended to preserve the original graphic and pictorial appearance of a document, will have the same effect as physical delivery of the paper document bearing an original or electronic signature. This Agreement may be executed in multiple duplicate originals and all such duplicate originals shall be deemed to constitute one and the same instrument. This Agreement may be executed in counterparts,each of which shall be deemed to be an original,but all of which,taken together, shall be deemed to constitute a single instrument. The Parties warrant and represent that a true and correct copy of the original of this Agreement shall be 5 admissible in a court of law in lieu of the original Agreement for all purposes of enforcement hereof K. Binding Agreement. The Parries hereto warrant and represent that upon execution hereof,this Agreement shall be a legal,valid and binding obligation on them and shall be enforceable against them in accordance with its terms. The individuals signing this Agreement warrant and represent that they are duly authorized to sign this Agreement on behalf of the Parties hereto. L. Budgetary Limitations. The Parties acknowledge and agree that both Parties are governmental entities and, as such, are subject to an annual budgetary processes and the limitations and restrictions of fiscal funding. Notwithstanding any other provision herein, if and to the extent the obligations of this Agreement should continue over into Arlington's or Fort Worth's subsequent fiscal years following that fiscal year when this Agreement was executed and funds are not appropriated or budgeted for this Agreement and completion of the Term in question, Arlington or Fort Worth may terminate this Agreement. Each Party shall pay for its own performance in connection with this Agreement out of its own available current revenues. M. Right to Audit. Arlington agrees that Fort Worth shall, upon reasonable advance written notice, until the expiration of three (3)years after termination or expiration of this Agreement, have access to and the right to examine any directly pertinent books, documents, papers and records of Arlington involving monetary transactions between the Parties directly relating to the Agreement and only as necessary to verify compliance with this Agreement. All costs of any such audit shall be borne solely by Fort Worth. N. Liability. Each Party shall be solely responsible for its own actions or inaction and the actions or failure to act of its respective employees, agents, officers, officials, and contractors. Neither Party shall be responsible for the actions, errors, omissions, negligence, misfeasance, or malfeasance of the other Party or any employee, agent, officer, official or contractor of the other Party. [SIGNATURE PAGE FOLLOWSI 6 Consented to and Agreed as of the Effective Date. City of Arlington MS 01-300 101 W. Abram Street Arlington,TX 76010 By: _ 61�� Name: Je ifer Wichmann Title: Assistant Ci anager Date: a ATTEST: By: ALEX B USKEN, ON Secretary APPROVED AS TO FORM: TERIS SOLIS, City Attorney BY - FORT WORTH: City of Fort Worth Contract Compliance Manager: By signing I acknowledge that I am the person responsible for the monitoring and By: sChapa(Ju114,20201Y CDT) administration of this contract, including Name: Jesus J. Chapa ensuring all performance and reporting Title: Assistant City Manager requirements. Date: J u 114,2020 9crtiEir�Cax Approval Recommended: By. Justin Cox(Ju113,202011:46 CDT) Name: Justin Cox By: k Title: Grants Manager Name: Kevin Gunn Approved as to Form and Legality: Title: IT Solutions Director `-- Attest: : '� �- • `° T�vlov Paris 'By: Taylor Paris(Jul 14,202009:28 CDT) Name: Taylor Paris /\/7^//y "j'�/%((��(�� , ,• ;� •••,;: Title: Assistant City Attorney 2b!\I\ 1JL �: Name: Mary I Kayser Contract Authorization: Title: City Secretary M&C: FLU (k-,9A�RECORD � 1 : � `1A g � �.4(�2�afle ATTACHMENT"A"BUSINESS ASSOCIATE AGREEMENT WHEREAS, in connection with the Services to be provided under the Agreement, Arlington ("Covered Entity") discloses to Fort Worth (`Business Associate') certain protected health information ("PHI") (defined below) that is subject to protection under HIPAA; and WHEREAS, HIPAA requires that Covered Entity receive adequate assurances that Business Associate will comply with certain obligations with respect to the PHI received in the course of providing Services to or on behalf of Covered Entity. NOW THEREFORE,in consideration of the mutual pronuses and covenants herein, and for other good and valuable consideration,the receipt and sufficiency of which is hereby acknowledged,the Parties agree as follows: A. Acknowledgment of HIPAA Obligations and Other Regulations Implementing HIPAA. The parties acknowledge that federal regulations set forth in the Health Insurance Portability and Accountability Act of 1996 ("HIPAA") and the Health Information Technology for Economic and Clinical Health Act of 2009 ("HITECH") relating to the confidentiality, integrity, and accessibility of protected health information (whether created, maintained, accessed, stored or transmitted electronically or otherwise) require covered entities to comply with the privacy and security standards adopted by the U.S. Department of Health and Human Services as they may be amended from time-to-time, 45 C.F.R. parts 160 and 164, subparts A and E ("Privacy Rule") and 45 C.F.R. parts 160 and 164, subparts A and C ("Security Rule"). The Privacy Rule and Security Rule are sometimes collectively referred to herein as the "Privacy and Security Standards". The Privacy and Security Standards require Covered Entity to ensure that Business Associates who create, receive, maintain, access, store, or transmit confidential information in the course of providing services on behalf of Covered Entity comply with certain obligations regarding the confidentiality, integrity, and availability of health information, B. Definitions. 1. 'Breach" shall mean the acquisition, access, use or disclosure of PHI (defined below) in a manner not permitted under 45 C.F.R. Part 164, Subpart E, which "compromises the security or privacy of the PHI" as set forth in 45 C.F.R. § 164.402; provided however, that a breach shall not include (i) any unintentional acquisition, access, or use of PHI by a workforce member or person acting under the authority of Covered Entity or Business Associate, if such acquisition, access, or use was made in good faith and within the scope of authority and does not result in a further use or disclosure in a manner not permitted under 45 C.F.R. Part 164, Subpart E; (ii) any inadvertent disclosure by a person authorized to access PHI at Covered Entity or Business Associate to another person authorized to access PHI at Covered Entity or Business Associate, or an organized health care arrangement in which Covered Entity participates, and the information received as a result of such disclosure is not further used or disclosed in a manner not permitted under 45 C.F.R Part 164, Subpart E; or (iii) a disclosure of PHI where Covered Entity or Business Associate has a good faith belief that the unauthorized person to whom 9 the disclosure was made would not have reasonably been able to retain the disclosed information. 2. "Business Associate" shall generally have the same meaning as the term"business associate" at 45 C.F.R_ § 160.103, and in reference to the parry to this Agreement, shall mean the party set forth in the introductory paragraph to this Agreement. 3. "Covered Entity" shall generally have the same meaning as the term "covered entity"at 45 C.F.R. § 160.103,and in reference to the party to this Agreement,shall mean Tarrant County Hospital District d/b/a JPS Health Network. 4. "Designated Record Set" shall mean a group of records maintained by or for Covered Entity that is: (i)the medical records and billing records about Individuals (defined below) maintained by or for a covered health care provider; (ii) the enrollment,payment, claims adjudication, and case or medical management record systems maintained by or for a health plan; or (iii) used, in whole or in part, by or for Covered Entity to make decisions about Individuals. For purposes of this definition,the term"record"means any item,collection,or grouping of information that includes PHI and is maintained, collected, used, or disseminated by or for Covered Entity. 5. "HIPAA Rules" shall mean the Privacy, Security, Breach Notification, and Enforcement Rules at 45 C.F.R. Part 160 and Part 164. 6. "Individual" shall mean the person who is the subject of the Protected Health Information (defined below). 7. "Protected Health Information" and"PHI" shall mean protected health information defined in 45 C.F.R. § 160.103 and is limited to information created or received by Business Associate from or on behalf of Covered Entity. PHI includes in its definition individually identifiable health information that is transmitted by or maintained in electronic media, which may be separately referred to herein as Electronic Protected Health Information ("EPHI"). PHI excludes individually identifiable health information: (i) in education records covered by the Family Educational Rights and Privacy Act, as amended, 20 U.S.C. 1232g; (ii) in records described at 20 U.S.C. 1232g(a)(4)(B)(iv); (iii) in employment records held by Covered Entity in its role as employer; and (iv) regarding a person who has been deceased for more than 50 years. 8. "Required by law" shall mean a mandated contained in law that compels a use or disclosure of PHI and that is enforceable in a court of law. 9. "Secretary" shall mean the Secretary of the Department of Health and Human Services or his or her designee. 10. "Security Incident" shall mean the attempted or successful unauthorized access, use, disclosure, modification, or destruction of PHI maintained by, or interference 10 with system operations in an information system maintained by,Business Associate that contains PHI received from Covered Entity. 11. "Unsecured PHI" shall mean PHI that is not rendered unusable, unreadable, or indecipherable through the use of a technology or methodology specified by the Secretary in the guidance issued under Section 13402(h)(2) of HITECH as amended, which guidance may be available on the Department of Health and Human Services website. 12. The following terms used in this Agreement shall have the same meaning as those terms in the HIPAA Rules: Data Aggregation,Disclosure,Health Care Operations, Minimum Necessary, Notice of Privacy Practices, Subcontractor, and Use. C. Purposes for which Protected Health Information, including Electronic Protected Health Information, May be Used or Disclosed. In connection with the Services provided by Business Associate on behalf of Covered Entity pursuant to the Agreement, Covered Entity may use, access, and disclose PHI to Business Associate for the purposes of providing Services as set forth in the Agreement. D. Business Associate Obligations_. Business Associate agrees to comply with applicable federal and state confidentiality and security laws, including, but not limited to the Privacy and Security Standards published by the United States Department of Health and Human Services implementing Part C of HIPAA, including without limitation: 1. Knowledge ofHIPA.4. Business Associate agrees to review and understand HIPAA as it applies to Business Associate, and to comply with the applicable requirements of HIPAA and HITECH (including without limitation 45 C.F.R. §§ 164.308, 164.310, 164.312, and 164.316), as well as any applicable amendments. Business Associate agrees to not use or disclose PHI other than as permitted or required by this Agreement or as required by law. 2. Use and Disclosure of PHI. a. Business Associate may only use or disclose PHI as necessary to perform the services set forth in the Agreement and shall not use or disclose PHI that would violate HIPAA if used or disclosed by Covered Entity. b. Business Associate may use and disclose PHI as required by law. C. Business Associate agrees to make uses and disclosure and requests for PHI consistent with Covered Entity's Minimum Necessary policies and procedures,i.e., only PHI that is the minimum necessary to accomplish the intended purpose of the use, disclosure, or request may be disclosed. d. Business Associate may not use or disclose PHI in a manner that would violate Subpart E of 45 C.F.R. Part 164 if done by Covered Entity. Business Associate may use PHI for the proper management and administration of the 11 Business Associate or to carry out its legal responsibilities and its responsibilities under this Agreement. 3. Disclosure to Third Parties, If Business Associate discloses PHI received from Covered Entity,or created or received by Business Associate on behalf of Covered Entity, to agents, including a subcontractor, Business Associate shall require the agent or subcontractor to agree to the same restrictions and conditions that apply to the Business Associate under this Agreement. Business Associate shall ensure that any agent,including a subcontractor, to which the Business Associate provides PHI, agrees to implement reasonable and appropriate safeguards to protect the confidentiality, integrity, and availability of the PHI that it creates, receives, maintains, or transmits on behalf of the Covered Entity. Furthermore, to the extent applicable, in accordance with Section 13404 of HITECK Business Associate shall comply with 45 C.F.R. § 164.504(e)(1)(11), 4. Data Aggregation. In the event that the Business Associate works for more than one Covered Entity, Business Associate is permitted to use and disclose PHI, but only in order to analyze data as permitted by applicable law. 5. De Identified Information. Use and disclosure of de-identified health information is permitted, but only if the de-identification is in compliance with 45 C.F.R. §164.502(d), and any such de-identified health information meets the standard and implementation specifications for de-identification under 45 C.F.R. §164.514(a) and(b), or such regulations as they may be amended from time-to-time. 6. Notice of Privacy Practices. Business Associate agrees that it will abide by the limitations of any Notice of Privacy Practices ("HIPAA Notice") published by Covered Entity of which it has knowledge. Covered Entity shall provide to Business Associate such HIPAA Notice when it is adopted. Any use or disclosure permitted by this Agreement may be amended by such IIIPAA Notice. The amended HIPAA Notice shall not affect permitted uses and disclosures on which Business Associate relied prior to such notice. 7. Withdrawal of Consent or Authorization. If the use or disclosure of PHI in this Agreement is based upon an Individual's specific consent or authorization for the use of his or her PHI, and the Individual revokes such consent or authorization in writing, or the effective date of such authorization has expired, or the consent or authorization is found to be defective in any manner that renders it invalid, the Business Associate agrees, if it has notice of such revocation or invalidity,to cease the use and disclosure of any such Individual's PHI except to the extent it has relied on such use or disclosure, or where an exception under the Privacy and Security Standards expressly applies. 8. Use or Disclosure that Would Violate MPAA. Business Associate is prohibited from further use or disclosure of PHI in a manner that would violate the requirements of the Privacy and Security Standards if the PHI were used or disclosed by Covered Entity, except to the extent permitted in paragraphs (1) and (3) above. 12 9. Safeguards. Business Associate is required to implement and maintain administrative,physical,and technical safeguards with respect to electronic PHI,to prevent use or disclosure of PHI other than as provided for by this Agreement, in accordance with Subpart C of 45 C.F.R. Part 164 that reasonably and appropriately protect the confidentiality, integrity, and availability of PHI and ensure that such PHI is not received, used, accessed, stored,transmitted, or disclosed other than as provided by this Agreement or as required by law. 10. Securing PHI. To the extent applicable, Business Associate shall secure any and all EPHI covered by this Agreement in accordance with any requirements issued by the Secretary as amended and updated from time to time. In addition, with respect to PHI covered by this Agreement, Business Associate shall comply with any requirements issued by the Secretary under the authority of HITECH Section 13401(c). Business Associate shall use best efforts to avoid the creation or storage of paper PHI. 11. Records Management. Upon termination of this Agreement or the Service Agreement for any reason, Business Associate agrees to extend the protections of this Agreement to such PHI and limit further uses and disclosures of the PHI to those purposes that make the return or destruction of the information infeasible for so long as Business Associate retains the PHI. 12. Intentionally Omitted. 13. Accounting of Disclosures. Business Associate agrees to maintain documentation of and make available to the Covered Entity information required for an accounting of disclosures of PHI in accordance with 45 C.F.R. §164.528 as it may be amended from rime-to-time, and incorporating exceptions to such accounting designated under the regulation. Such accounting is limited to disclosures that were made in the six (6) years prior to the request (not including any disclosures prior to the compliance date of the Privacy and Security Standards). Such accounting shall be provided as long as the Business Associate maintains the PHI. 14. Policies and Procedures. To the extent applicable, the Business Associate shall implement and maintain reasonable and appropriate policies and procedures to comply with the standards, implementation specifications,or other requirements of Part 164 of Title 45, Code of Federal Regulations, including,but not limited to,the provision of a process for complaints regarding Business Associate's obligations under this Agreement, HITECH, and HIPAA and imposition of sanctions against workforce members who fail to comply with the requirements of this Agreement, HITECH, and HIPAA. 15. Security Incident. The Business Associate agrees to immediately report to Covered Entity any use or disclosure of PHI not provided for by this Agreement of which it becomes aware, including breaches of unsecured PHI as required at 45 C.F.R. § 164.410, and any Security Incident of which the Business Associate becomes aware. 13 16. Notification in Case of Breach. (a) The parties acknowledge and agree that the express statutory language of HITECH including,but not limited to, the breach notification requirements under Section 13402 of HITECH(the "Breach Notification Rule")may be applicable to Business Associate and to such extent is hereby incorporated into this Agreement. (b) The Business Associate shall, following the discovery of any breach of unsecured PHI: (i) initially notify Covered Entity without unreasonable delay and in no case later than three(3) calendar days after discovery of a breach; (ii) notify each Individual whose unsecured PHI has been, or is reasonably believed to have been accessed, acquired,or disclosed as a result of such breach; and (iii) notify Covered Entity of such breach in accordance with 45 C.F.R. § 164.410. Such notice shall include: 1. the identification of each Individual whose unsecured PHI has been, or is reasonably believed to have been accessed, acquired,or disclosed as a result of such breach; 2. a brief description of what happened, including the date of breach and date of discovery; 3. a description of the types of unsecured health information involved in the breach (i.e., whether the full name, social security number, etc. was disclosed); 4. the steps the Individual should take to protect themselves from potential harm resulting from the breach; 5. a brief description of what the Business Associate involved is doing to investigate the breach, to mitigate losses, and to protect against further breaches; and 6. contact procedures for Covered Entity or Individuals to ask questions or Iearn additional information, which shall include a toll free number, an email address, Web site, or postal address. (c) All notifications under this Section 16 shall be made without unreasonable delay and: 14 (i) if to an Individual pursuant to Section 16(b)(ii), no later than sixty (60) calendar days following the discovery of such breach by the Business Associate, as defined by 45 CY R § 164.410; (ii) if to Covered Entity pursuant to Section 16(b)(111), no later than forty-five(45) calendar days following the discovery of such breach by the Business Associate, as defined by 45 C.F.R § 164.410. (d) All notifications under subsection (b)(ii) of this Section 16, shall comply with 45 C.F.R. § 164.404(d). (e) Business Associate shall notify Covered Entity of any and all breaches of unsecured PHI. A breach shall be treated as discovered by Business Associate on the first day on which such breach is known to Business Associate or, by exercising reasonable diligence, would have been known to Business Associate. Business Associate is deemed to have knowledge of a breach if the breach is known,or by exercising reasonable diligence would have been known, to any person (other than the person committing the breach), who is an employee, officer or other agent of the Business Associate. (f) In the event Business Associate discovers a breach of unsecured PER, Covered Entity shall decide how and when the notification to Individuals and media shall be provided and shall approve the content of such notifications. At the request of Covered Entity and in Covered Entity's sole discretion, Business Associate shall provide the notification to Individuals and/or the media as directed by Covered Entity, and/or reimburse Covered Entity for the cost of notifying Individuals and/or the media. 17. Subcontractors. In accordance with 45 C.F.R. § 164,502(e)(1)(ii) and § 164.308(b)(2), if applicable, Business Associate agrees to ensure that any subcontractors that create, receive, maintain, or transmit PHI on behalf of the Business Associate agree to the same restrictions, conditions,and requirements that apply to the Business Associate with respect to such information. I& To the extent the Business Associate is to carry out one or more of Covered Entity's obligations under Subpart E of 45 C.F.R. Part 164, Business Associate agrees to comply with the requirements of Subpart E that apply to the Covered Entity in the performance of such obligations. E. Internal Practices. Books, and Records. The Business Associate shall make available its internal practices, policies, procedures, books, and records relating to the use and disclosure of PHI received from Covered Entity, created or received by the Business Associate on behalf of Covered Entity, to the Secretary for the purpose of determining Covered Entity's compliance with HIl'AA, or any other health oversight agency, or to Covered Entity. Records requested that are not protected by an applicable legal privilege will be made available in the time and manner specified by the Secretary. 15 F. Intentionally Omitted. H. Rights of Proprietary Information. Covered Entity retains any and all rights to the proprietary information, confidential information, and PHI it releases to Business Associate. I. Termination for Breach. Without limiting the termination provisions herein, if Business Associate breaches any provision of this Agreement, Covered Entity may, at its option, access and audit the records of Business Associate related to its use and disclosure of PHI, or may terminate this Agreement and the Service Agreement on a date specified by Covered Entity. J. Survival of Key Provisions. The provisions of this Agreement and the respective rights and obligations of the Business Associate under Section D.11, of this Agreement shall survive the termination of the Agreement and the Service Agreement. K. Intentionally Omitted. L, Re ul�atary References. A citation in this Agreement to the Code of Federal Regulations (C.F.R.)shall mean the cited section as that section may be amended from time to time. M. Intentionally Omitted. N. Obligations of Covered Enti _ If deemed applicable by Covered Entity, Covered Entity shall: I. provide Business Associate a copy of its HIPAA Notice produced by Covered Entity in accordance with 45 C.F.R. 164.520 as well as any changes to such HIPAA Notice; 2. provide Business Associate with any changes in, or revocation of, authorizations by Individuals relating to the use and/or disclosure of PHI, if such changes affect Business Associate's permitted or required uses and/or disclosures; 3. notify Business Associate of any restriction to the use and/or disclosure of PHI to which Covered Entity has agreed in accordance with 45 C.F.R. 164.522; 4. notify Business Associate of any amendment to PHI to which Covered Entity has agreed that affects a Designated Record Set maintained by Business Associate;and 5. if Business Associate maintains a Designated Record Set, provide Business Associate with a copy of its policies and procedures related to an Individual's right to: access PHI; request an amendment to PHI;request confidential communications of PHI; or request an accounting of disclosures of PHI. 16 ATTACHMENT"B"—COVID-19 GUEST LETTER NOTICE TO GUESTS. First, we want to welcome you to our hotel and we are sorry that you are visiting under such stressful conditions. We want you to know that we will do what we can to ensure your stay is as comfortable as possible;however, we have implemented a list of conditions that must be adhered to during your stay. The list was created to protect you and our associates during this turbulent time. • During your stay,you are asked to remain in your room at all times or within the prescribed area of the hotel facility. If you are observed outside your room or outside of the prescribed area of the hotel facility,you will be asked to return immediately. If there are other similar instances,you will be asked to leave the property. • During your stay, there will be no housekeeping services performed in your room. We understand that you will need clean linen,towels, etc. and ask that you contact your assigned coordinator to arrange for delivery of same. In addition, when it is time for you to discard dirty linen or garbage, again please contact your assigned coordinator. • No visitors are allowed during your stay at the hotel. If you do receive visitors, you may be asked to leave the property. • No pets are allowed in your room. • If there are any maintenance requests during your stay, they will be evaluated and addressed accordingly. Some requests may not be addressed. • Please remain in Building B,the Facility. • Pool use is not allowed. • Smoking is not allowed in any room or anywhere inside of the Facility. • No cooking is allowed in the rooms. • Please do not loiter outside of the Facility. Thank you for your patience and understanding! 17