| Document type | contract |
|---|---|
| Date | 2024-09-01 |
| Source URL | https://go.boarddocs.com/wa/msdwa/Board.nsf/files/D68TC476A814/$file/2024-25_Behavior_Specialist_Contract_Meridian.pdf |
| Entity | meridian_school_district (Whatcom Co., WA) |
| Entity URL | https://www.meridian.wednet.edu |
| Raw filename | 2024-25_Behavior_Specialist_Contract_Meridian.pdf |
| Stored filename | 2024-09-01-behaviorspecialistmeridian-contract.txt |
Parent document: Regular Meeting and Budget Hearing-06-26-2024.pdf
DocuSign Envelope ID: D2E042CF-0108-48A3-9652-392451E51E7C
Contract No: 2425-SP-1219-02
CONTRACT
BETWEEN
Northwest Educational Service District 189 AND Meridian School District
(Hereinafter referred to as NWESD) Name (Hereinafter referred to as District)
1601 R Ave, Anacortes, WA 98221 214 W Laurel Ave
Address
(360) 299-4000 Meridian WA 98226
City State Zip
NWESD Account: 1219 Phone: 360-398-7111
In consideration of the promises and conditions contained herein, NWESD and the District do mutually
agree as follows:
|. PURPOSE
The purpose of this Contract is to provide coaching and consulting services focused on student behavior
at the Granite Falls School District during the 2024-25 school year.
ll. RESPONSIBILITIES OF NWESD
In accordance with this Contract, the NWESD shall provide all labor, materials and equipment necessary
for:
1. The NWESD Behavior Specialist to provide 9 full days of services to the District at $1,600/day,
not to exceed $14,400 and 1 full day of in-person Professional Learning with District staff, at
$1,800/day.
2. Services include an initial consultation, student observations, data analysis, a written summary of
recommendations to support students in the management of student behavior, and a follow-up
meeting and observation with the District team to debrief and assist with the implementation of
the plan.
3. All travel to the District at the WA State OFM rate.
lil. RESPONSIBILITIES OF DISTRICT
In accordance with this Contract, the District shall provide:
1. Planning and coordination with NWESD Behavior Specialist.
2. Reasonable access to students and staff for observation.
3. A private area for meetings with staff and training.
IV. TERM OF THE CONTRACT
The start date of this Contract is the later of September 1, 2024 or the date that signatures have been
obtained from both parties to the Contract. The end date of this Contract is June 30, 2025 unless mutually
extended in writing by both parties. Termination is further specified in the Termination section of this
Contract.
V. CONTRACT OBLIGATION
The District shall pay an amount not to exceed $16,200 (sixteen thousand two hundred dollars) for the
performance of all things reasonably necessary for, or incidental to, the performance of work as set forth
Page 1 of 6
DocuSign Envelope ID: D2E042CF-0108-48A3-9652-392451E51E7C
Contract No: 2425-SP-1219-02
in the “Responsibilities of NWESD”. This amount includes all related costs, including but not limited to,
lodging, travel, meals, materials, and shipping.
Vi. PAYMENT PROVISIONS
All payments to the NWESD shall be conditioned upon:
1. The District or its designee determines that the services or goods provided by the NWESD are
satisfactory, provided that such determination shall be made within a reasonable time and not be
unreasonably withheld.
2. The NWESD timely submits to the District Fiscal Department satisfactory invoices detailing the
services or goods rendered for requested payment.
3. Any date(s) specified herein for payment(s) to the NWESD shall be considered extended as
necessary to process and deliver payment. Such extension will not be greater than thirty (30)
days following delivery of satisfactory services or goods and receipt of the appropriate invoices,
whichever occurs later.
Vil. . CONTRACT MANAGERS
NWESD Contract Manager Contractor Manager
Name: Dr. Michelle Roper Name: Aaron Jacoby
Address: 1601 R Ave Address: 214 W Laurel Ave
Anacortes, WA 98221 Bellingham, WA 98226
Phone: 360-299-4078 Phone: 360-318-2188
Email Address: mroper@nwesd.org Email Address: ajacoby@meridian.wednet.edu
Vill. NONDISCRIMINATION/ANTI-HARASSMENT
In performing its obligations under this contract, the District shall comply with the NWESD, state and
federal guidelines and regulations regarding nondiscrimination and harassment involving any
employee/student on the basis of race, color, sex, religion, ancestry, national origin, creed, marital status,
age, sexual orientation, honorably discharged veteran or military status, or the presence of any sensory,
mental, or physical disability or use of a trained dog or service animal by a person with a disability in
employment, services, or any other regards.
IX. GOVERNING LAW/VENUE
The terms of this Contract shall be construed and interpreted in accordance with the laws of the state of
Washington, without regard to conflicts of laws principles. In the event that legal action or arbitration is
commenced to resolve a dispute related to this Contract, the venue of such action or arbitration shall be
in Skagit County, Washington.
X. INDEMNIFICATION/HOLD HARMLESS
The NWESD shall defend, indemnify, and hold harmless the District in full for any and all claims against
the District or its employees, officials or contractors which arise from the acts or omissions of NWESD
and its employees, officials and contractors in the provision of services under this contract. The District
shall defend, indemnify, and hold harmless NWESD in full for any and all claims against NWESD or its
employees, officials or contractors which arise from the acts or omissions of the District and its
employees, officials and contractors in the provision of services under this contract.
Page 2 of 6
DocuSign Envelope ID: D2E042CF-0108-48A3-9652-392451E51E7C
Contract No: 2425-SP-1219-02
Xl. TERMINATION
This Contract may be terminated by the NWESD at any time, without reason, upon written notification
thereof to the District. The notice shall specify the date of termination and shall be conclusively deemed to
have been received by the District as of midnight of the second day following the date of its posting in the
United States mail addressed as first noted herein. In the event of termination, the NWESD shall be
entitled to an equitable proration of the total compensation provided herein for uncompensated services
that have been performed as of the date of termination, and to the reimbursement of expenses incurred
as of the date of termination, but solely to the extent such expenses are reimbursable under this Contract.
XIl. OTHER ASSURANCES
In performing its obligations under this Contract, each party shall promptly comply with all laws,
ordinances, orders, rules, regulations and requirements of the federal, state, county or municipal
governments or any of their departments, bureaus, boards, commissions or officials concerning the
subject matter of this Contract (the “Laws”). This provision applies to Laws currently existing or applicable
to a party’s duties under this Contract during the term of this Contract.
Xill. ASSIGNMENT
Neither this Contract nor any interest therein may be assigned by the District without first obtaining the
written consent of the NWESD.
XIV. DEFAULT
The District shall be in default of this Contract upon the occurrence of any of the following:
1. Any covenant, representation or warranty made by the District was false or misleading when
made or subsequently becomes so;
2. The District fails to perform any of its obligations under the Contract, and unless otherwise
specifically stated elsewhere in this Contract, such failure continues for thirty (30) calendar days
after the District receives a notice to cure from the NWESD or its designee;
3. The District files a petition in bankruptcy or other similar proceeding, makes any assignment for
the benefit of creditors, or is the subject of an involuntary bankruptcy petition, receivership or
other insolvency proceeding; or
4. After the termination of the Contract, the District continues to use any of the NWESD’s intellectual
property.
XV. BREACH/DEFAULT WAIVER
No delay or failure on the part of the NWESD to exercise any rights under the Contract shall operate as a
waiver of the NWESD’s contractual rights. Also, the NWESD’s waiver or acceptance of a partial, single or
delayed performance of any term or condition of the Contract shall not operate as a continuing waiver or
a waiver of any other breach of a Contract term or condition. No waiver shall be binding unless it is in
writing and signed by the party waiving the breach.
XVI. REMEDIES FOR DEFAULT
If the District is in default of this Contract, the NWESD may pursue any or all of the following remedies,
which may be cumulative:
1. Immediately terminate the Contract.
2. Injunctive relief without proof of actual damage and without posting a bond pending resolution by
court action or arbitration.
3. Liquidated damages to protect against the immeasurable damage to the NWESD's business and
goodwill of $50.00 for each day that the District improperly or without permission uses the
NWESD’s intellectual property.
Page 3 of 6
DocuSign Envelope ID: D2E042CF-0108-48A3-9652-392451E51E7C
Contract No: 2425-SP-1219-02
4. Consequential and incidental damages to the NWESD from the District’s default.
5. Recover reasonable attorneys’ fees and costs for any arbitration or litigation brought to enforce
the NWESD's rights under this Contract.
XVII. SEVERABILITY
If any provision of this Contract is determined to be invalid under any applicable statute or rule of law, it is
to that extent to be deemed omitted and the balance of the Contract shall remain enforceable.
XVIII. HEADINGS
The headings of each section of this Contract are provided only to aid the reader. If there is any
inconsistency between the heading and the content of the paragraph or the context of the contract, the
content or context will prevail.
XIX. INTEGRATION/MODIFICATION
This Contract constitutes a fully integrated document containing the full, final and binding agreement of all
parties signatory and all persons claiming by or through a signator, and supersedes all other negotiations,
offers or counteroffers relating to the subjects treated in this Contract. The parties may amend this
Contract only upon a writing bearing the actual signatures of the names of all the parties or their
respective, authorized representatives.
XX. NOTICES
Any notice given under this Contract shall be in writing from one party to another, given only by one of the
following methods: (i) personal delivery, (ii) United States first class and certified mail, return receipt
requested, with postage prepaid to the recipient’s business address provided on the front page of this
Contract; or (iii) e-mail to the recipient’s email address given in the Contract Managers section. Notice
shall be deemed to occur in the case of the use of the mail, when the notice is postmarked. Notice shall
be deemed received on the date of personal delivery, on the second day after it is deposited in the mail or
on the day sent by e-mail. A party may change the place notice is to be given by a notice to the other
party. For efficiency, the parties agree that documents sent by electronic means shall be considered and
treated as original documents.
XXI. FORCE MAJEURE
A party to this Contract is not liable to the other party for failing to perform its obligations if such failure is
a result of Acts of God (including fire, flood, earthquake or other natural disaster), war, government
sanction/order/regulation, riot, terrorist attack, labor dispute, or other similar contingency beyond the
reasonable control of the parties. Force Majeure does not include computer events, such as denial of
service attacks or those that may occur as a result of a third party. Each party shall have backup
computer systems to allow it to continue to perform its obligations under the Contract. Ifa party asserts
Force Majeure as an excuse for failure to perform its contractual obligations, then it must prove that it
took reasonable steps to minimize delay or damages caused by foreseeable events, that it substantially
fulfilled all non-excused obligations and that the other party was timely notified of the likelihood of or
actual occurrence of such an event.
XXII. . BACKGROUND CHECKS
By executing this Contract with the District, the NWESD represents and warrants that each of its
employees or agents shall have a record check through the Washington state patrol criminal identification
system in compliance with RCW 43.43.830 through 43.43.834, 10.97.030, and 10.97.050 and through the
Federal Bureau of Investigation before she or he has unsupervised access to any child. The record check
shall include a fingerprint check using a complete Washington state criminal identification fingerprint card.
Page 4 of 6
DocuSign Envelope ID: D2E042CF-0108-48A3-9652-392451E51E7C
Contract No: 2425-SP-1219-02
XXill. COPYRIGHTS
The NWESD reserves all right, title and interest in and to the copyrights it owns, unless otherwise
expressly granted to the Client under the Contract. Nothing in the Contract shall be construed to convey
any right, title or interest in or to the NWESD’s copyrighted works to the Client beyond the use expressly
permitted by the Contract. The Client shall have no claim, right, title or interest in or to the goodwill
associated with the NWESD’s copyrighted works, now or in the future. The Client shall never contest any
aspect of the NWESD’s intellectual property rights in and to the NWESD’s copyrighted works, the goodwill
associated with those works or the validity of any license to use those works granted under this Contract.
Further, the Client shall reasonably assist the NWESD in protecting and maintaining copyrights owned by
the NWESD, including without limitation furnishing samples, signing declarations or providing notice or
testimony of infringement of which the Client becomes aware. As to any copyrighted works that the Client
owns, the Client represents and warrants that it exclusively owns its copyrighted works; there are no
claims, judgments or settlements related to its copyrighted works; and its copyrighted works do not
infringe any third-party’s rights.
XXIV. CRIMES AGAINST CHILDREN
The NWESD warrants that any of its employees or agents who has pled guilty or been convicted of any
crime under RCW 28A.400.330 shall not have any contact with any child at a public school. Failure to
comply with this section shall be grounds for immediate termination of this Contract.
XXV. DISPUTE RESOLUTION
Ifa dispute regarding this contract arises between the District and the NWESD, then the District will
appoint someone to represent it, the NWESD will appoint someone to represent it, and those two parties
will appoint someone as a third representative. Decisions will be made by a vote of the majority of the
representatives. The dispute committee shall be limited to resolving issues pursuant to the terms of this
Contract, and its decision(s) shall be final.
XXVI. FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT (FERPA)
NWESD agrees that it may create, have access to, or receive from or on behalf of the District, records or
record systems that are subject to the Family Educational Rights and Privacy Act ("FERPA"), 20 U.S.C.
Section 1232g (collectively, the "FERPA Records"). NWESD represents, warrants, and agrees that it will:
(1) hold the FERPA Records in strict confidence and will not use or disclose the FERPA Records except
as (a) permitted or required by this Contract, (b) required by law, or (c) otherwise authorized by the
District in writing; (2) safeguard the FERPA Records according to commercially reasonable
administrative, physical and technical standards that are no less rigorous than the standards by which the
NWESD protects its own confidential information; and (3) continually monitor its operations and take any
action reasonably necessary to assure that the FERPA Records are safeguarded in accordance with the
terms of this Contract.
XXVII. © HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT
The NWESD will comply with Health Insurance Portability and Accountability Act and its implementing
regulations (collectively, “HIPAA”) specified in Addendum A (HIPPA Business Associate District
Agreements) and as amended from time to time.
XXVIII. OWNERSHIP OF WORK PRODUCTS
If the NWESD develops any product or concept for the Client under this Contract, then all
correspondence, papers, documents, reports, files, film work products (inclusive of intellectual concepts
and properties), and all copies thereof that are received or developed by the NWESD or the NWESD’s
employee(s) and agent(s) in the course of performing the NWESD’s contractual duties, or as incident
Page 5 of 6
DocuSign Envelope ID: D2E042CF-0108-48A3-9652-392451E51E7C
Contract No: 2425-SP-1219-02
thereto, shall, immediately upon receipt, preparation, or development, become the exclusive property of
the NWESD in perpetuity of any and all purposes unless otherwise provided in this Contract.. All items
described above shall be provided to and left with the NWESD.
XXIX. SUSPENSION AND DEBARMENT ASSURANCES
The NWESD certifies, and the District relies thereon in execution of this Contract, that neither it nor its
Principals are presently debarred, suspended, proposed for debarment, or declared ineligible or
voluntarily excluded for the award of contracts by any Federal governmental agency or department.
“Principals”, for the purposes of this certification, mean officers; directors; owners; partners; and, persons
having primary management or supervisory responsibilities within a business entity. Further, the NWESD
agrees to provide the District immediate written notice if, at any time during the term of this Contract,
including any renewals hereof, it learns that its certification was erroneous when made or has become
erroneous by reason of changed circumstances. The NWESD’s certification via the execution of this
Contract is a material representation of fact upon which the District has relied in entering into this
Contract. Should the NWESD determine, at any time during this Contract, including any renewals hereof,
that this certification is false, or should it become false due to changed circumstances, the District may
terminate this Contract in accordance with the terms and conditions therein.
XXX. SIGNATURES/APPROVALS
The undersigned represent and warrant that they are authorized to enter into this Contract on behalf of
the parties.
Larry Francois, Superintendent Date Dr. James Everett, Superintendent Date
Northwest Educational Service District 189 Meridian School District
NWESD Internal Approvals:
Fiscal: G
Program Manager: [ enunses
Page 6 of 6
DocuSign Envelope ID: D2E042CF-0108-48A3-9652-392451E51E7C
ADDENDUM A
BUSINESS ASSOCIATE AGREEMENT
CONTRACTOR AS “COVERED ENTITY”
NWESD AS “BUSINESS ASSOCIATE”
This Business Associate Agreement (the “Agreement”) is made effective September 1, 2024, by and between
Meridian School District hereinafter referred to as “Covered Entity,” and Northwest Educational Service District
(NWESD), hereinafter referred to as “Business Associate” (individually, a “Party” and collectively, the “Parties”).
RECITALS:
A. WHEREAS, the Parties wish to enter into a Business Associate Agreement to ensure compliance with the
Privacy and Security Rules of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA
Privacy and Security Rules”) (45 C.F.R. Parts 160 and 164); and
B. WHEREAS, the Health Information Technology for Economic and Clinical Health (“HITECH”) Act of the
American Recovery and Reinvestment Act of 2009, Pub. L. 111-5, modified the HIPAA Privacy and
Security Rules (hereinafter, all references to the “HIPAA Privacy and Security Rules” include all
amendments thereto set forth in the HITECH Act and any accompanying regulations); and
C. WHEREAS, the Parties have entered into a written or oral arrangement or arrangements (the
“Agreements”) whereby Business Associate will provide certain services to Covered Entity and, pursuant to
such Agreements, Business Associate may be considered a “business associate” of Covered Entity as
defined in the HIPAA Privacy and Security Rules; and
D. WHEREAS, Business Associate may have access to Protected Health Information (hereinafter “PHI”) or
Electronic Protected Health Information (as defined below) in fulfilling its responsibilities under the
Agreements; and
E. WHEREAS, Covered Entity wishes to comply with the HIPAA Privacy and Security Rules, and Business
Associate wishes to honor its obligations as a Business Associate to Covered Entity.
THEREFORE, in consideration of the Parties’ continuing obligations under the Agreements, and for other good and
valuable consideration, the receipt and sufficiency of which is hereby acknowledged, the Parties agree to the
provisions of this Agreement.
1. DEFINITIONS
Except as otherwise defined herein, any and all capitalized terms in this Agreement shall have the definitions set
forth in the HIPAA Privacy and Security Rules. In the event of an inconsistency between the provisions of this
Agreement and mandatory provisions of the HIPAA Privacy and Security Rules, as amended, the HIPAA Privacy
and Security Rules in effect at the time shall control. Where provisions of this Agreement are different than those
mandated by the HIPAA Privacy and Security Rules, but are nonetheless permitted by the HIPAA Privacy and
Security Rules, the provisions of this Agreement shall control.
The term “Breach” means the unauthorized acquisition, access, use, or disclosure of PHI which compromises the
security or privacy of such information. The term “Breach” does not include: (1) any unintentional acquisition,
access, or use of PHI by any employee or individual acting under the authority of a covered entity or business
associate if (a) such acquisition, access, or use was made in good faith and within the course and scope of the
employment or other professional relationship of such employee or individual, respectively, with the covered entity
or business associate, and (b) such information is not further impermissibly acquired, accessed, used, or disclosed
by any person; (2) any inadvertent disclosure by an individual who is otherwise authorized to access PHI at a
facility operated by a covered entity or business associate to another similarly situated individual at the same
facility, where the information disclosed is not further impermissibly acquired, accessed, used, or disclosed by any
person; or (3) an impermissible disclosure of PHI where Covered Entity or Business Associate has a good faith
belief that an unauthorized person to whom the disclosure was made would not reasonably have been able to
retain such information.
The term “HIPAA Privacy and Security Rules” refers to 45 C.F.R. Parts 160 and 164 as currently in effect
or hereafter amended.
1 of 6
DocuSign Envelope ID: D2E042CF-0108-48A3-9652-392451E51E7C
The term “Protected Health Information” or “PHI” means individually identifiable health information including,
without limitation, all information, data, documentation, and materials, including without limitation, demographic,
medical and financial information, that relates to the past, present, or future physical or mental health or condition of
an individual; the provision of health care to an individual; or the past, present, or future payment for the provision
of health care to an individual; and that identifies the individual or with respect to which there is reasonable basis to
believe the information can be used to identify the individual. “Protected Health Information” includes, without
limitation, “Electronic Protected Health Information,” as defined below.
The term “Electronic Protected Health Information” means PHI which is transmitted by or maintained in Electronic
Media (as now or hereafter defined in the HIPAA Privacy and Security Rules).
The term “Secretary” means the Secretary of the Department of Health and Human Services.
The term “Unsecured Protected Health Information” means PHI that is not rendered unusable, unreadable, or
indecipherable to unauthorized individuals through the use of a technology or methodology specified by the
Secretary in guidance published in the Federal Register at 74 Fed. Reg. 19006 on April 27, 2009 and in annual
guidance published thereafter.
ll. PERMITTED USES AND DISCLOSURES BY BUSINESS ASSOCIATE
A. Business Associate may use or disclose PHI to perform functions, activities, or services for, or on behalf of,
Covered Entity as specified in the Agreements, provided that such use or disclosure would not violate the
HIPAA Privacy and Security Rules if done by Covered Entity.
B. Business Associate may use PHI in its possession for its proper management and administration and to
fulfill any present or future legal responsibilities of Business Associate, provided that such uses are
permitted under state and federal confidentiality laws.
C. Business Associate may disclose PHI in its possession to third parties for the purposes of its proper
management and administration or to fulfill any present or future legal responsibilities of Business
Associate, provided that:
1. The disclosures are required by law; or
2. Business Associate obtains reasonable assurances from the third parties to whom the PHI is
disclosed that the information will remain confidential and be used or further disclosed only as
required by law or for the purpose for which it was disclosed to the third party, and that such third
parties will notify Business Associate of any instances of which they are aware in which the
confidentiality of the information has been breached.
D. Until such time as the Secretary issues regulations pursuant to the HITECH Act specifying what constitutes
“minimum necessary” for purposes of the HIPAA Privacy and Security Rules, Business Associate shall, to
the extent practicable, access, use, and request only PHI that is contained in a limited data set (as defined
in Section 164.514(e)(2) of the HIPAA Privacy and Security Rules), unless Business Associate requires
certain direct identifiers in order to accomplish the intended purpose of the access, use, or request, in
which event Business Associate may access, use, or request only the minimum necessary amount of PHI
to accomplish the intended purpose of the access, use, or request. The Parties shall collaborate in
determining what quantum of information constitutes the “minimum necessary” amount for Business
Associate to accomplish its intended purposes.
lll. OBLIGATIONS AND ACTIVITIES OF BUSINESS ASSOCIATE
A. Business Associate acknowledges and agrees that all PHI that is created or received by Covered Entity
and disclosed or made available in any form, including paper record, oral communication, audio recording,
and electronic display by Covered Entity or its operating units to Business Associate or is created or
received by Business Associate on Covered Entity’s behalf shall be subject to this Agreement.
B. Business Associate agrees to not use or further disclose PHI other than as permitted or required by this
Agreement or as required by law.
C. Business Associate agrees to use appropriate safeguards to prevent use or disclosure of PHI other than as
provided for by this Agreement. Specifically, Business Associate will:
1. Implement the administrative, physical, and technical safeguards set forth in Sections 164.308,
164.310, and 164.312 of the HIPAA Privacy and Security Rules that reasonably and appropriately
protect the confidentiality, integrity, and availability of any PHI that it creates, receives, maintains,
or transmits on behalf of Covered Entity, and, in accordance with Section 164.316 of the HIPAA
Privacy and Security Rules, implement and maintain reasonable and appropriate policies and
2 of 6
DocuSign Envelope ID: D2E042CF-0108-48A3-9652-392451E51E7C
procedures to enable it to comply with the requirements outlined in Sections 164.308, 164.310, and
164.312; and
2. Report to Covered Entity any use or disclosure of PHI not provided for by this Agreement, including
any Security Incident, of which Business Associate becomes aware, regardless of whether the
Security Incident rises to the level of a Breach. For purposes of this Agreement, “Security Incident”
means the successful unauthorized access, use, disclosure, modification, or destruction of PHI or
interference with system operations in an information system, of which Business Associate has
knowledge or should, with the exercise of reasonable diligence, have knowledge, excluding (i)
“pings” on an information system firewall; (ii) port scans; (iii) attempts to log on to an information
system or enter a database with an invalid password or user name; (iv) denial-of-service attacks
that do not result in a server being taken offline; or (v) “malware” (e.g., a worm or a virus) that does
not result in unauthorized access, use, disclosure, modification or destruction of PHI. The report
shall be made as soon as practical, and in any event within ten (10) days of Business Associate’s
discovery of the Security Incident. A Security Incident shall be treated as discovered by Business
Associate as of the first day on which such Security Incident is known to Business Associate or,
through the exercise of reasonable diligence, would have been known to Business Associate.
D. Business Associate agrees to ensure that any agent, including a subcontractor, to whom it provides PHI
received from, or created or received by Business Associate on behalf of Covered Entity, agrees to the
same restrictions and conditions that apply through this Agreement to Business Associate with respect to
such information.
E. Business Associate agrees to comply with any requests for restrictions on certain disclosures of PHI to
which Covered Entity has agreed in accordance with Section 164.522 of the HIPAA Privacy and Security
Rules and of which Business Associate has been notified by Covered Entity. In addition, and
notwithstanding the provisions of Section 164.522 (a)(1)(ii), Business Associate agrees to comply with an
individual’s request to restrict disclosure of PHI to a health plan for purposes of carrying out payment or
health care operations if the PHI pertains solely to a health care item or service for which Covered Entity
has been paid by in full by the individual or the individual's representative. The restriction can only apply to
disclosures beginning the next business day after the request for restriction is received.
F. At the request of Covered Entity, and ina reasonable time and manner, Business Associate agrees to
make available PHI required for Covered Entity to respond to an individual’s request for access to his or
her PHI in accordance with Section 164.524 of the HIPAA Privacy and Security Rules. If Business
Associate maintains PHI electronically, it agrees to make such PHI available electronically to the applicable
individual or to a person or entity specifically designated by such individual, upon such individual’s request.
G. At the request of Covered Entity, and ina reasonable time and manner, Business Associate agrees to
make available PHI required for amendment by Covered Entity in accordance with the requirements of
Section 164.526 of the HIPAA Privacy and Security Rules.
H. Business Associate agrees to document any disclosures of, and make PHI available, for purposes of
accounting of disclosures, as required by Section 164.528 of the HIPAA Privacy and Security Rules.
I. Business Associate agrees that it will make its internal practices, books, and records relating to the use and
disclosure of PHI received from, or created or received by Business Associate on behalf of, Covered Entity,
available to the Secretary for the purpose of determining Covered Entity’s compliance with the HIPAA
Privacy and Security Rules, in a time and manner designated by the Secretary.
J. Business Associate agrees that, while present at any Covered Entity facility and/or when accessing
Covered Entity’s computer network(s), it and all of its employees, agents, representatives and
subcontractors will at all times comply with any network access and other security practices, procedures
and/or policies established by Covered Entity including, without limitation, those established pursuant to the
HIPAA Privacy and Security Rules.
K. Business Associate agrees that it will not directly or indirectly receive remuneration in exchange for any
PHI of an individual without the written authorization of the individual or the individual’s representative,
except where the purpose of the exchange is:
1. For public health activities as described in Section 164.512(b) of the HIPAA Privacy and Security
Rules;
2. For research as described in Sections 164.501 and 164.512(i) of the HIPAA Privacy and Security
Rules, and the price charged reflects the costs of preparation and transmittal of the data for such
purpose;
3. For treatment of the individual, subject to any further regulation promulgated by the Secretary to
prevent inappropriate access, use, or disclosure of PHI;
4. For the sale, transfer, merger, or consolidation of all or part of Business Associate and due
diligence related to that activity;
3 of 6
DocuSign Envelope ID: D2E042CF-0108-48A3-9652-392451E51E7C
5. For an activity that Business Associate undertakes on behalf of and at the specific request of
Covered Entity;
6. To provide an individual with a copy of the individual’s PHI pursuant to Section 164.524 of the
HIPAA Privacy and Security Rules; or
7. Other exchanges that the Secretary determines in regulations to be similarly necessary and
appropriate as those described in this Section III.K.
L. Business Associate agrees that it will not directly or indirectly receive remuneration for any written
communication that encourages an individual to purchase or use a product or service without first obtaining
the written authorization of the individual or the individual’s representative, unless:
1. Such payment is fora communication regarding a drug or biologic currently prescribed for the
individual and is reasonable in amount (as defined by the Secretary); or
2. The communication is made on behalf of Covered Entity and is consistent with the terms of this
Agreement.
M. Business Associate agrees that if it uses or discloses patients’ PHI for marketing purposes, it will obtain
Covered Entity’s written approval and such patients’ authorization before making any such use or
disclosure.
N BUSINESS ASSOCIATE’S MITIGATION AND BREACH NOTIFICATION OBLIGATIONS
Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to
Business Associate of a use or disclosure of PHI by Business Associate in violation of the requirements of
this Agreement.
B. Following the discovery of a Breach of Unsecured Protected Health Information, Business Associate shall
notify Covered Entity of such Breach without unreasonable delay and in no case later than ten (10)
calendar days after discovery of the Breach. A Breach shall be treated as discovered by Business
Associate as of the first day on which such Breach is known to Business Associate or, through the exercise
of reasonable diligence, would have been known to Business Associate.
C. Notwithstanding the provisions of Section IV.B., above, if a law enforcement official states to Business
Associate that notification of a Breach would impede a criminal investigation or cause damage to national
security, then:
1. If the statement is in writing and specifies the time for which a delay is required, Business
Associate shall delay such notification for the time period specified by the official; or
2. If the statement is made orally, Business Associate shall document the statement, including the
identity of the official making it, and delay such notification for no longer than thirty (30) days from
the date of the oral statement unless the official submits a written statement during that time.
Following the period of time specified by the official, Business Associate shall promptly deliver a
copy of the official’s statement to Covered Entity.
D. The Breach notification provided shall include, to the extent possible:
1. The identification of each individual whose Unsecured PHI has been, or is reasonably believed by
Business Associate to have been, accessed, acquired, used, or disclosed during the Breach;
2. A brief description of what happened, including the date of the Breach and the date of discovery of
the Breach, if known;
3. A description of the types of Unsecured PHI that were involved in the Breach (such as whether full
name, social security number, date of birth, home address, account number, diagnosis, disability
code, or other types of information were involved);
4, Any steps individuals should take to protect themselves from potential harm resulting from the
Breach;
5. A brief description of what Business Associate is doing to investigate the Breach, to mitigate harm
to individuals, and to protect against any further Breaches and when such steps were taken; and
6. Contact procedures for individuals to ask questions or learn additional information, which shall
include a toll-free telephone number, an e-mail address, Web site, or postal address.
E. Business Associate shall provide the information specified in Section IV.D. above, to Covered Entity at the
time of the Breach notification, if possible, or promptly thereafter as information becomes available.
Business Associate shall not delay notification to Covered Entity that a Breach has occurred in order to
collect the information described in Section IV.D., and shall provide such information to Covered Entity
even if the information becomes available after the ten (10)-day period provided for initial Breach
notification.
4 of 6
DocuSign Envelope ID: D2E042CF-0108-48A3-9652-392451E51E7C
y. OBLIGATIONS OF COVERED ENTITY
Upon request of Business Associate, Covered Entity shall provide Business Associate with the notice of
privacy practices that Covered Entity produces in accordance with Section 164.520 of the HIPAA Privacy
and Security Rules.
B. Covered Entity shall provide Business Associate with any changes in, or revocation of, permission by an
individual to use or disclose PHI, if such changes affect Business Associate’s permitted or required uses
and disclosures.
C. Covered Entity shall notify Business Associate of any restriction to the use or disclosure of PHI to which
Covered Entity has agreed in accordance with Section 164.522 of the HIPAA Privacy and Security Rules,
and Covered Entity shall inform Business Associate of the termination of any such restriction, and the effect
that such termination shall have, if any, upon Business Associate’s use and disclosure of such PHI.
Business Associate shall have a reasonable period of time to act on such notice.
VI. TERM AND TERMINATION
A. Term. The Term of this Agreement shall be effective as of the date first written above, and shall terminate
upon the later of the following events: (i) in accordance with Section VI.C., when all of the PHI provided by
Covered Entity to Business Associate or created or received by Business Associate on behalf of Covered
Entity is destroyed or returned to Covered Entity or, if such return or destruction is infeasible, when
protections are extended to such information; or (ii) upon the expiration or termination of the last of the
Agreements.
B. Termination. Upon either Party’s knowledge of a material breach by the other Party of its obligations under
this Agreement, the non-breaching Party shall, within twenty (20) days of that determination, notify the
breaching Party, and the breaching Party shall have thirty (30) days from receipt of that notice to cure the
breach or end the violation. If the breaching Party fails to take reasonable steps to effect such a cure within
such time period, the non-breaching Party may terminate this Agreement and the Agreements. Where
either Party has knowledge of a material breach by the other Party and determines that cure is infeasible,
prior notice of the breach is not required, and the non-breaching Party shall terminate the portion of the
Agreements affected by the breach. Where neither cure nor termination is feasible, the non-breaching
Party shall report the violation to the Secretary.
C. Effect of Termination.
1. Except as provided in paragraph (2) of this subsection C., upon termination of this Agreement, the
Agreements or upon request of Covered Entity, whichever occurs first, Business Associate shall
within ten (10) days return or destroy all PHI received from Covered Entity, or created or received
by Business Associate on behalf of Covered Entity. This provision shall apply to PHI that is in the
possession of subcontractors or agents of Business Associate. Neither Business Associate nor its
subcontractors or agents shall retain copies of the PHI.
2. In the event that Business Associate determines that returning or destroying the PHI is infeasible,
Business Associate shall provide within ten (10) days to Covered Entity notification of the
conditions that make return or destruction infeasible. Upon mutual agreement of the Parties that
return or destruction of PHI is infeasible, Business Associate shall extend the protections of this
Agreement to such PHI and limit further uses and disclosures of such PHI to those purposes that
make the return or destruction infeasible, for so long as Business Associate maintains such PHI.
Vil. MISCELLANEOUS
A. Indemnification. Each Party shall indemnify and hold the other harmless from and against all claims,
liabilities, judgments, fines, assessments, penalties, awards, or other expenses, of any kind or nature
whatsoever, including, without limitations, attorneys’ fees, expert witness fees, and costs of investigation,
litigation or dispute resolution, relating to or arising out of any breach or alleged breach of this Agreement,
or any Breach, by that Party or its subcontractors or agents.
B. No Rights in Third Parties. Except as expressly stated herein, in the HIPAA Privacy and Security Rules, the
Parties to this Agreement do not intend to create any rights in any third parties.
C. Survival. The obligations of Business Associate under Section VI.C. of this Agreement shall survive the
expiration, termination, or cancellation of this Agreement, the Agreements, and/or the business relationship
of the Parties, and shall continue to bind Business Associate, its agents, employees, contractors,
successors, and assigns as set forth herein. Furthermore, the Parties’ indemnification obligations pursuant
to Section VII.A. of this Agreement shall survive the expiration, termination, or cancellation of this
Agreement, the Agreements, and/or the business relationship of the Parties, and shall continue to bind the
Parties, their agents, employees, contractors, successors, and assigns as set forth herein.
5 of 6
DocuSign Envelope ID: D2E042CF-0108-48A3-9652-392451E51E7C
D. Amendment. This Agreement may be amended or modified only in a writing signed by the Parties. The
Parties agree that they will negotiate amendments to this Agreement to conform to any changes in the
HIPAA Privacy and Security Rules as are necessary for Covered Entity to comply with the current
requirements of the HIPAA Privacy and Security Rules. In addition, in the event that either Party believes in
good faith that any provision of this Agreement fails to comply with the then-current requirements of the
HIPAA Privacy and Security Rules or any other applicable legislation, then such Party shall notify the other
Party of its belief in writing. For a period of up to thirty (30) days, the Parties shall address in good faith
such concern and amend the terms of this Agreement, if necessary to bring it into compliance. If, after such
thirty (30)-day period, the Agreement fails to comply with the HIPAA Privacy and Security Rules or any
other applicable legislation, then either Party has the right to terminate this Agreement and the underlying
arrangement upon written notice to the other Party.
E. Assignment. Neither Party may assign its respective rights and obligations under this Agreement without
the prior written consent of the other Party.
F. Independent Contractor. None of the provisions of this Agreement are intended to create, nor will they be
deemed to create, any relationship between the Parties other than that of independent parties contracting
with each other solely for the purposes of effecting the provisions of this Agreement and any other
agreements between the Parties evidencing their business relationship.
G. Governing Law. To the extent this Agreement is not governed exclusively by the HIPAA Privacy and
Security Rules or other provisions of federal statutory or regulatory law, it will be governed by and
construed in accordance with the laws of the State of Washington.
H. No Waiver. No change, waiver, or discharge of any liability or obligation hereunder on any one or more
occasions shall be deemed a waiver of performance of any continuing or other obligation, or shall prohibit
enforcement of any obligation, on any other occasion.
I. Interpretation. Any ambiguity of this Agreement shall be resolved in favor of a meaning that permits
Covered Entity to comply with the HIPAA Privacy and Security Rules.
J. Severability. In the event that any provision of this Agreement is held by a court of competent jurisdiction to
be invalid or unenforceable, the remainder of the provisions of this Agreement will remain in full force and
effect.
K. Notice. Any notification required in this Agreement shall be made in writing to the representative of the
other Party who signed this Agreement or the person currently serving in that representative’s position with
the other Party.
L. Certain Provisions Not Effective in Certain Circumstances. The provisions of this Agreement relating to the
HIPAA Security Rule shall not apply to Business Associate if Business Associate does not receive any
Electronic PHI from or on behalf of Covered Entity.
M. Entire Agreement. This Agreement constitutes the entire understanding of the Parties with respect to the
subject matter hereof and supersedes all prior agreements, oral or written. In the event of any
inconsistency between this Agreement and any other agreement between the Parties concerning the use
and disclosure of PHI and the Parties’ obligations with respect thereto, the terms of this Agreement shall
control.
IN WITNESS WHEREOPF, the Parties have executed this Agreement as of the day and year written above.
Business Associate (NWESD): Covered Entity:
Larry Francois, Superintendent Date Dr. James Everett Superintendent Date
Northwest Educational Service District 189 Meridian School District
6 of 6