Title
a. Approve and authorize the Director of Health Services or designee to execute an Agreement with Steel Patriot Partners, LLC for the provision of tailored outsourced compliance and cybersecurity implementation services to support, achieve, and maintain Health Insurance Portability and Accountability Act (HIPAA) governance and compliance goals, for a term of September 30, 2025 through September 29, 2026, for a total Agreement amount of $50,000; and
b. Approve and authorize the Director of Health Services or designee to execute a Business Associate Agreement (BAA) with Steel Patriot Partners, LLC; and
c. Approve and authorize the Director of Health Services or designee to approve up to three (3) future Amendments that do not exceed 10% ($5,000) of the original Agreement amount, do not significantly alter the scope of services, and do not exceed the maximum amount of $55,000; and
d. Approve and authorize the Contracts and Purchasing Officer or designee to execute future Amendments to the agreement where the Amendments do not significantly change the scope of work, do not exceed an aggregate amount of $200,000 and fall within the signing authority of the Contracts and Purchasing Officer.
Report
RECOMMENDATION:
It is recommended that the County of Monterey Board of Supervisors:
a. Approve and authorize the Director of Health Services or designee to execute an Agreement with Steel Patriot Partners, LLC for the provision of tailored outsourced compliance and cybersecurity implementation services to support, achieve, and maintain Health Insurance Portability and Accountability Act (HIPAA) governance and compliance goals, for a term of September 30, 2025 through September 29, 2026, for a total Agreement amount of $50,000; and
b. Approve and authorize the Director of Health Services or designee to execute a Business Associate Agreement (BAA) with Steel Patriot Partners, LLC; and
c. Approve and authorize the Director of Health Services or designee to approve up to three (3) future Amendments that do not exceed 10% ($5,000) of the original Agreement amount, do not significantly alter the scope of services, and do not exceed the maximum amount of $55,000; and
d. Approve and authorize the Contracts and Purchasing Officer or designee to execute future Amendments to the agreement where the Amendments do not significantly change the scope of work, do not exceed an aggregate amount of $200,000 and fall within the signing authority of the Contracts and Purchasing Officer.
SUMMARY/DISCUSSION:
As a healthcare provider, the County of Monterey Health Department (MCHD) is required to comply with the Health Insurance Portability and Accountability Act (HIPAA), which establishes national standards for protecting sensitive patient information. Compliance with HIPAA is not only a legal requirement but also a critical component of maintaining public trust, safeguarding individual privacy, and ensuring the integrity of the Department’s operations. While periodic self-assessments can help identify and address potential gaps, they may be limited in scope or objectivity. Engaging an independent, qualified outside vendor to conduct a comprehensive HIPAA audit provides a more rigorous, unbiased evaluation of current practices, strengthens accountability, and ensures that MCHD is meeting or exceeding both regulatory requirements and industry best practices. This approach also aligns with recognized accreditation standards, reinforces risk management efforts, and helps prepare the Department for any external compliance reviews or investigations.
This work supports the County of Monterey Health Department 2025-2028 Strategic Plan Goals: Build Community Power and Partners’ Capacity to Increase Equity and Improve Health, Engage MCHD workforce and improve operational functions to meet current and developing population health needs. It also supports the following of the ten essential public health services, specifically: 6. Enforce laws and regulations that protect health and ensure safety.
OTHER AGENCY INVOLVEMENT:
The Offices of the County Counsel and the Auditor-Controller have reviewed and approved as to legal form and fiscal provisions, respectively.
FINANCING:
There are sufficient appropriations in the Health Departments Fiscal Year (FY) 2025-26 Adopted Budget 001-4000-8438-HEA014 to accommodate the current FY’s costs, and provision will be made in the FY 2026-27 Requested Budget for the anticipated expenditures.
BOARD OF SUPERVISORS STRATEGIC INITIATIVES:
Check the related Board of Supervisors Strategic Initiatives:
☐ Economic Development:
• Through collaboration, strengthen economic development to ensure a diversified and healthy economy.
☐ Administration:
• Promote an organization that practices efficient and effective resource management and is recognized for responsiveness, strong customer orientation, accountability and transparency.
☒ Health & Human Services:
• Improve health and quality of life through County supported policies, programs, and services; promoting access to equitable opportunities for healthy choices and healthy environments in collaboration with communities.
☐ Infrastructure:
• Plan and develop a sustainable, physical infrastructure that improves the quality of life for County residents and supports economic development results.
☐ Public Safety:
• Create a safe environment for people to achieve their potential, leading businesses and communities to thrive and grow by reducing violent crimes as well as crimes in general.
Prepared by: Rich Wagreich, Departmental Information Systems Manager II, 755-4351
Approved by: Elsa Mendoza Jimenez, Director of Health Services, 755-4526
Attachments:
Board Report
Agreement