The URL can be used to link to this page

Contract 2024-060ADocusign Envelope ID: 08F7D2E3-0661-497B-8C55-687110E67C1C 01 COLINGTON CONSULTING HELPING ORGANIZATIONS ACHIEVE HIPAA COMPLIANCET" P.O. Box 103911 Burke, Virginia 22009 1844.740.71001 info@cchipaa.com I https://cchipaa.com CONTRACT HIPAA COMPLIANCE MAINTENANCE SERVICES FOR Clermont, Florida Fire Department Colington Security Consulting, LLC d/b/a Colington Consulting (CC) is pleased to offer the following contract for HIPAA Compliance Maintenance Services to Clermont, Florida Fire Department ("CLIENT") located at: City of Clermont Procurement Services Department 685 W. Montrose Street Clermont, FL 34711 DESCRIPTION OF SERVICES 1. Conduct a review process and provide any necessary updates, edits, or changes to the Client's HIPAA Risk Management Plan. This review meets CFR § 164.316(b)(2)(iii) requirements. 2. An annual organizational -wide HIPAA Risk Assessment will be conducted. The assessment process reviews the administrative, technical and physical safeguards currently in place by the Client. The assessment questions are based on the HIPAA implementation specifications, along with HITECH, Omnibus, and NIST 800 security controls. This HIPAA Security Risk Assessment will be accomplished by conducting an accurate and thorough assessment of potential risks and vulnerabilities to the confidentiality, integrity, and availability of ePHI held by the Client. The methodology followed is consistent with the HIPAA Security Series regarding safeguard standards. This assessment meets CFR § 164.308(a)(1) requirements. 3. An annual organizational -wide HIPAA Privacy Assessment will be conducted to evaluate compliance requirements of the HIPAA Privacy Rule. 4. An annual organizational -wide HIPAA Breach Rule Assessment will be conducted. 5. An annual HIPAA Information Security (InfoSec) Assessment will be conducted. 6. Updated facility security surveys will be conducted for four (4) locations; Fire Administration/Station 1 and Stations 2 - 4. 7. Continue to evaluate the agency's current HIPAA Security Awareness & Privacy Training to determine CFR § 164.308(a)(5) requirements. Provide written findings on the strengths and weaknesses of the current training program. Provide recommendations and guidance for future training programs for Chief Officers and City personnel. 8. Consultation, as needed, on HIPAA related issues will be provided. Docusign Envelope ID: 08F7D2E3-0661-497B-8C55-687110E67C1C 01 COLINGTON CONSULTING HELPING ORGANIZATIONS ACHIEVE HIPAA COMPLIANCETm P.O. Box 10391 1 Burke, Virginia 22009 1 844.740.71001 info@cchipaa.com I https://cchipaa.com 9. All services are to be provided remotely by email exchanges, and video or conference calls. 10. This contract covers the period from October 13, 2024, to October 12, 2025 Upon conclusion of the assessment process, we issue a HIPAA Compliance Program Report, a HIPAA Privacy Assessment, a HIPAA Security Risk Assessment, an Information Security Assessment Report, and a Facility Security Survey. Based on the results of the Security Risk Assessment, Action Items needing mitigation will be identified. Action Items will be identified at the end of the Security Risk Assessment. All assessments and reports are PDF copies. CONSULTING FEES The total cost for this contract, as described under "Description of Services" is $3600.00 Full payment in the amount of $3600 is due upon the execution of this contract. An invoice will be provided for payment. Payment for services can be made by check payable to "Colington Consulting" or ACH payment. There will be a 3% processing fee for credit card payments. Any work performed beyond the scope of this agreement is billable at $175/hour. INDEMNIFICATION CLAUSE Client shall indemnify and hold harmless CC and its successors, assigns, and affiliates and each of their respective directors, officers, employees, stockholders, agents, and representatives from any third -party loss, liability, claim, damage, or expense (including reasonable attorney fees and legal expenses) suffered or incurred, either directly or indirectly, by any such indemnified party arising from, relating to, in connection with, or otherwise in respect with the products offered and services performed by CC under this contract and agreement. TRAVEL EXPENSES AND TRAVEL TIME FEES No travel expenses or travel time fees will be required for this project. INSURANCE COVERAGE Colington Consulting maintains professional liability insurance in accordance with the type of work performed. If proof of insurance is required, please notify CC immediately so this information can be provided to the client. CONFIDENTIALITY AGREEMENT Upon execution of this contract, all recommendations and identified deficiencies (oral and written) communicated to representatives of the Client by Colington Consulting in the course of the services outlined in this agreement will remain confidential. All information discovered in connection with the services to be provided hereunder will be held in confidence and not discussed, communicated, or transmitted to others. NON -DISCLOSURE AGREEMENT Docusign Envelope ID: 08F7D2E3-0661-497B-8C55-687110E67C1C 01 COLINGTON CONSULTING HELPING ORGANIZATIONS ACHIEVE HIPAA COMPLIANCETm P.O. Box 10391 1 Burke, Virginia 22009 1 844.740.71001 info@cchipaa.com I https://cchipaa.com The Client will not, except as authorized or required by the Client's legal and regulatory duties hereunder, reveal or divulge to any person or outside entity any information concerning the content of the completed HIPAA Risk Assessment and Risk Management Plan provided by Colington Consulting. The Client will keep in complete secrecy all confidential information entrusted to the Client and will not use or attempt to use any such information in any manner which may injure or cause loss either directly or indirectly to Colington Consulting's business interests. The Client can only disclosure the content of the completed HIPAA Risk Assessment and Risk Management Plan, other than for office implementation, with written consent and approval from Colington Consulting. This restriction will continue to apply after the completion of this contract without limit in point of time. Docusign Envelope ID: 08F7D2E3-0661-497B-8C55-687110E67C1C 01 COLINGTON CONSULTING HELPING ORGANIZATIONS ACHIEVE HIPAA COMPLIANCETm P.O. Box 10391 1 Burke, Virginia 22009 1844.740.71001 info@cchipaa.com I https://cchipaa.com SIGNATURE PAGE At your earliest convenience, please sign where indicated below and return a copy of this contract by mail or scanned copy along with the requisite fee. If mailing, send it to Colington Consulting, P.O. Box 10391, Burke, Virginia, 22009. This will be considered a contract for the consulting services described herein. Jay Hodes President October 4, 2024 Accepted City of Clermont, FL Date: 10/7/2024 Name: Freddy Suarez Signature: N 3 A �431F57D413554D6... Title: Procurement Services Director 4