Title
Authorize the Chief Executive Officer for Natividad Medical Center or his designee to execute amendment No. 3 to the agreement with TW-Security, LLC for HIPAA compliance services, extending the agreement an additional three (3) year period (January 1, 2024 through December 31, 2026) for a revised full agreement term of January 1, 2021 through June 30, 2026, and adding $450,000 for a revised total agreement amount not to exceed $558,750.
Report
RECOMMENDATION:
It is recommended the Board of Supervisors:
Authorize the Chief Executive Officer for Natividad Medical Center or his designee to execute amendment No. 3 to the agreement with TW-Security, LLC for HIPAA compliance services, extending the agreement an additional three (3) year period (January 1, 2024 through December 31, 2026) for a revised full agreement term of January 1, 2021 through June 30, 2026, and adding $450,000 for a revised total agreement amount not to exceed $558,750.
SUMMARY/DISCUSSION:
Natividad’s IT department maintains the security and compliance of its systems by utilizing tools that allow us to observe regulations and standards all while achieving industry best-practices. Maintaining an effective and secure Electronic Health Record (EHR) while complying with Health Insurance Portability and Accountability Act (HIPAA) and cybersecurity rules is a priority. TW-Security, LLC will provide Natividad with the HIPAA Compliance and Cybersecurity services that will allow us to achieve this:
• HIPAA Security Rule, Privacy Rule, and Breach Notification Requirements Program Evaluation
• Cyber Maturity Program Evaluation
• Cybersecurity, Data Privacy, and Compliance Program Support
In this agreement, Natividad is requesting funding in an amount not to exceed $450,000 to purchase HIPAA compliance and Cybersecurity services. This funding will allow Natividad to procure professional services to evaluate compliance with the HIPAA Security and Privacy Rules, and Breach Notification requirements. This evaluation will provide us with a high-level summary of Natividad’s HIPAA programs and their key attributes. Additionally, TW-Security will evaluate Natividad’s cybersecurity program, its key attributes and maturity with the goal of increasing awareness and fostering consistency with cybersecurity practices by recognizing the criticality of uninterrupted care delivery and patient safety to serve as a resource for cost-effectively reducing cybersecurity risks for health care organizations.
OTHER AGENCY INVOLVEMENT:
The Office of County Counsel has reviewed and approved this amendment No. 3 as to form, and the Auditor-Controller has reviewed and approved as to payment provisions. The amendment No. 3 has also been reviewed and approved by Natividad’s Finance Committee on and by its Board of Trustees on November 9, 2023.
FINANCING:
The cost for this amendment No. 3 is $450,000 of which $150,000 is included in the FY 2023-24 Adopted Budget. Amounts for remaining years of the agreement will be included in those budgets as appropriate.
BOARD OF SUPERVISORS STRATEGIC INITIATIVES:
This purchase facilitates the use of HIPAA and cybersecurity programs and will assist with keeping our critical systems secure, compliant, and available.
__ Economic Development
__ Administration
X Health and Human Services
__ Infrastructure
__ Public Safety
Prepared by: Raquel Mojica, IT Business Operations Manager, 783-2812
Approved by: Charles R. Harris, Chief Executive Officer, 783-2553
Attachments:
TW-Security Amendment 3
TW-Security Amendment 2
TW-Security Amendment 1
TW-Security Agreement
Attachments on file with the Clerk of the Board