The URL can be used to link to this page

Home My WebLink AboutHR Business Associate AgreementBUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT (this "Agreement") is entered into this _Lb_ day of 0C,r0 p&9, , 2016, by and between CITY OF SAN RAFAEL, CALIFORNIA located at 1400 Fifth Avenue, Suite 210, San Rafael, CA 94901 (hereafter "Covered Entity") and AMERICAN FIDELITY ADMINISTRATIVE SERVICES, LLC, an Oklahoma limited liability company located at 9000 Cameron Parkway, Oklahoma City, OK 73114 (hereafter "Business Associate"). WHEREAS, Business Associate may have access to, create or receive Protected Health Information, as hereinafter defined, on behalf of the Covered Entity in connection with services to be provided by Business Associate to Covered Entity from time to time; and WHEREAS, Covered Entity wants to satisfy the applicable requirements of the Privacy Rule, Security Rule and Standard Transactions Rule, as those terms are hereinafter defined, by obtaining satisfactory assurances from Business Associate concerning Business Associate's use, disclosure, requests for, and safeguarding of Protected Health Information, and Business Associate wants to provide such assurances, as more particularly set forth in this Agreement, in order to continue to provide the services; and WHEREAS, Business Associate agrees to comply with the requirements of the Health Insurance Portability and Accountability Act of 1996 ("HIPAA") (Public Law 104-191) and the Health Information Technology for Economic and Clinical Health Act ("HITECH Act") (Division A, Title XIII and Division B, Title IV of Public Law 111-5) and implementing regulations (Title 45, Parts 160, 162 and 164 of the Code of Federal Regulations) dealing with the confidentiality, security and standardized transmission of health or health-related information, as applicable to Business Associate; NOW THEREFORE, for and in consideration of the foregoing premises, which are incorporated into and made a part of this Agreement, the parties agree as follows: 1. EFFECTIVE DATE. This Agreement shall be effective as of the day and year first written above with respect to the HIPAA Rules and as of the applicable effective dates for such provisions related to the HITECH Act. 2. DEFINITIONS Terms used, but not otherwise defined, in this Agreement shall have the same meaning as those terms in the HIPAA Rules. Specific definitions: M3449 q - 3- P)Lv a) Breach. "Breach" means the acquisition, access, use, or disclosure, or possibility of acquisition, access, use, or disclosure of Protected Health Information in a manner not permitted by the Privacy Rule. b) Designated Record Set. "Designated Record Set" shall have the same meaning as set forth in 45 CFR § 164.501 and refers to an item, collection, or storing of information that contains protected health information that is used, in whole or in part, to make decisions about individuals, their treatment or billing for services rendered, including medical records and billing records, enrollment, payment, claims adjudication and case or medical management record systems. c) Electronic Health Record. "Electronic Health Record" shall have the same meaning as set forth in section 13400(5) of Public Law 111-5 and any implementing regulations. d) HHS. "HHS" means the U.S. Department of Health and Human Services. e) HIPAA Rules. "HIPAA Rules" means the Privacy Rule, Security Rule and Standard Transactions Rule, collectively. f) HITECH Act. "HITECH Act" shall mean the Health Information Technology for Economic and Clinical Health Act included in the American Recovery and Reinvestment Act of 2009, Public Law 111-5. g) Limited Data Set. "Limited Data Set" shall have the same meaning as set forth in 45 CFR § 164.514(e)(2). h) Privacy Rule. "Privacy Rule" means the Standards for Privacy of Individually Identifiable Health Information at 45 CFR Part 160 and Part 164, Subparts A and E, as they exist now or as they may be amended. i) Protected Health Information or PHI. "Protected Health Information" or "PHI" shall have the same meaning as the term "protected health information" in 45 CFR § 160.103, but for purposes of this Agreement shall be limited to such information created or received by Business Associate from or on behalf of Covered Entity. j) Required By Law. "Required By Law" shall have the same meaning as the term "required by law" in 45 CFR § 164.103. In general, "Required by Law" means a mandate contained in law that compels a person to make a use or disclosure of Protected Health Information and that is enforceable in a court of law. k) Secretary. "Secretary" means the Secretary of the U.S. Department of Health and Human Services or his designee. 1) Security Incident. "Security Incident" means the attempted or successful unauthorized access, acquisition, use, disclosure, modification, or destruction of Protected Health Information (whether electronic or non -electronic) or interference with system operations of an information system involving Protected Health Information. m) Security Rule. "Security Rule" means the Security Standards set forth at 45 CFR Parts 160 and 164, as they exist now or as they may be amended. n) Standard Transactions Rule. "Standard Transactions Rule" means the Standards for Electronic Transactions set forth at 45 CFR, Parts 160 and 162, as they exist now or as they may be amended. M3449 2 o) Unsecured Protected Health Information. "Unsecured Protected Health Information" means Protected Health Information that is not rendered unusable, unreadable, or indecipherable to unauthorized individuals through the use of a technology or methodology specified by the Secretary in guidance issued under section 13402(h)(2) of Public Law 111-5 on the HHS Web site. 3. OBLIGATIONS AND ACTIVITIES OF BUSINESS ASSOCIATE a) Business Associate agrees not to use or disclose Protected Health Information other than as permitted by this Agreement. b) Business Associate agrees to use appropriate safeguards to prevent any use or disclosure of Protected Health Information for any purpose other than as permitted by this Agreement. c) Business Associate agrees to ensure that any agent, including a subcontractor, to whom it provides Protected Health Information agrees to the same restrictions and conditions applicable, as set forth in this Agreement, to Business Associate, with respect to Protected Health Information and agrees to implement reasonable and appropriate administrative, technical and physical safeguards to protect the confidentiality and security of Protected Health Information. d) Business Associate agrees to make its internal practices (including policies and procedures), books, records, and services relating to the use and disclosure of Protected Health Information and the safeguards established with respect to such information available: 1. to Covered Entity within thirty (30) business days of the date Business Associate receives a request from Covered Entity; and 2. to the Secretary in the time and manner as directed by the Secretary. Notwithstanding the above, no attorney-client, account -client, or other legal privilege shall be deemed waived by Covered Entity or Business Associate by virtue of this provision. e) Business Associate acknowledges that the Privacy Rule requires Covered Entity to provide individuals with a number of privacy rights, including the right to inspect and copy Protected Health Information within the possession or control of Covered Entity and its business associates, the right to amend such Protected Health Information, and the right to obtain an accounting of disclosures of Protected Health Information to third parties for certain purposes. To assist Covered Entity in complying with these requirements, Business Associate agrees to the following: 1. Within ten (10) days of a request by Covered Entity, Business Associate shall, as directed by Covered Entity, either (a) provide a copy of such Protected Health Information as is specified by Covered Entity to Covered Entity or to an individual specified by Covered Entity or (b) M3449 make such Protected Health Information available for inspection and copying by an individual specified by Covered Entity. To the extent that Business Associate uses or maintains an Electronic Health Record with respect to Protected Health Information, Business Associate shall comply with the requirement of this Section to provide a copy of Protected Health Information upon request by providing an electronic copy of such information to Covered Entity, the individual or a third party designated by the individual, as directed by Covered Entity. Business Associate shall maintain a record of any access to Protected Health Information provided under this Section in such form as may be specified by Covered Entity and shall provide a copy of such record to Covered Entity promptly upon request. If any individual requests access to Protected Health Information directly from Business Associate, Business Associate shall notify the individual that the request will be forwarded to Covered Entity and shall promptly forward such request to Covered Entity. 2. Within a reasonable time after a request by Covered Entity, Business Associate agrees to amend or correct Protected Health Information as directed by Covered Entity. 3. Business Associate agrees to record each disclosure made to a third party of Protected Health Information as would be required by Covered Entity to respond to a request by an individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR § 164.528, with the exception of disclosures made for any of the following purposes: i. treatment, payment, or Covered Entity's health care operations; ii. in response to a request from the individual who is the subject of the disclosed Protected Health Information or that individual's personal representative; iii. to persons involved in that individual's health care or payment for health care; iv. for national security or intelligence purposes; v. to law enforcement officials or correctional institutions regarding inmates; or vi. that are part of a Limited Data Set. At a minimum, Business Associate shall track the following information regarding each disclosure: i. Date of the disclosure; ii. Name of the third party to whom Protected Health Information was disclosed and if known, the address of the third party; iii. A brief description of the disclosed information; and iv. A brief description of the purpose and basis for disclosure. M3449 4 Business Associate shall maintain a record of such information for no less than six (6) years from the date of disclosure and shall provide such information to Covered Entity within thirty (30) days of a request by Covered Entity or, if directed to do so by Covered Entity, shall respond to requests for an accounting of disclosures on behalf of Covered Entity in a manner and timeframe that will allow Covered Entity to comply with the Privacy Rule. It is not anticipated that Business Associate will use or maintain Electronic Health Records on behalf of Covered Entity. However, to the extent that Business Associate does use or maintain any Electronic Health Records on behalf of Covered Entity, Business Associate shall maintain such records of its disclosures of Protected Health Information to third parties with respect to such Electronic Health Records as necessary for Covered Entity to comply with section 13405 of Public Law 111-5 and any implementing regulations. Business Associate shall provide such records of disclosure to Covered Entity upon request or, if directed to do so by Covered Entity, shall respond to requests for an accounting of disclosures on behalf of Covered Entity in a manner and timeframe that will allow Covered Entity to comply with applicable law. f) Business Associate agrees to implement administrative, physical and technical safeguards and security policies and procedures and documentation standards to protect the confidentiality, integrity and availability of Protected Health Information in compliance with 45 CFR §§ 164.308, 164.310, 164.312 and 164.316 in the same manner as such sections apply to Covered Entity. g) Business Associate agrees to report any Security Incident to the Human Resources Department of Covered Entity (the "Compliance Contact"). Business Associate shall make such report promptly in writing but in no case more than thirty (3 0) business days after Business Associate learns of a Security Incident. Such report shall include the following: 1. A description of what happened, including the date of the Security Incident and the date of discovery of the Security Incident; 2. A description of the types of Protected Health Information that were involved in the Security Incident (such as whether full name, social security number, date of birth, home address, account number, diagnosis, disability code or other types of information were involved) and whether any such information was Unsecured Protected Health Information; 3. Identification of each individual whose Unsecured Protected Health Information has been, or is reasonably believed by Business Associate to have been, accessed, acquired, used, disclosed, modified or destroyed during such Security Incident; M3449 5 4. Business Associate's assessment of whether the Security Incident constitutes a Breach, including Business Associate's reasons for concluding that the Security Incident is, or is not, a Breach. This assessment should address, at minimum, information as to the likelihood of reidentification of the information, the person(s) who acquired the information, whether the PHI was actually acquired or viewed, and the extent to which the risk has been mitigated; 5. Such other information as Covered Entity may request. h) Business Associate agrees to cooperate fully with Covered Entity in investigating any Security Incident and implementing such measures to mitigate any harmful or potentially harmful effects of such Security Incident, as deemed appropriate by Covered Entity in its sole and absolute discretion, including, but not limited to, notifying affected individuals, appropriate authorities and media of the Security Incident, regardless of whether the Security Incident constitutes a Breach and regardless of whether notification is Required by Law, and providing affected individuals with services to protect themselves against identity theft. i) Until such time as the Secretary issues guidance on what constitutes "minimum necessary" for purposes of the Privacy Rule and such guidance becomes effective, Business Associate agrees to limit the use, disclosure or request for Protected Health Information, to the extent practicable, to the Limited Data Set or, if needed by Business Associate, to the minimum necessary to accomplish the intended purpose of such use, disclosure or request in accordance with 45 CFR § 164.502(b). On and after the effective date of guidance first issued by the Secretary on what constitutes "minimum necessary," Business Associate shall limit the use, disclosure or request for Protected Health Information to the minimum necessary in accordance with such guidance. In the case of the disclosure of Protected Health Information by Business Associate, Business Associate shall determine what constitutes the minimum necessary to accomplish the intended purpose of such disclosure, consistent with performance of the services for which Business Associate has been retained by Covered Entity and any directives or guidelines Covered Entity may specify. j) Business Associate agrees that it shall not directly or indirectly receive remuneration in exchange for any Protected Health Information; provided, however, that this provision shall not prohibit Business Associate from (a) accepting remuneration from Covered Entity in consideration for the services performed by Business Associate for Covered Entity or (b) charging individuals a reasonable, cost -based fee approved by Covered Entity for providing a Copy of Protected Health Information pursuant to Section 3(e)(1) of this Agreement. k) If and to the extent that Business Associate conducts any transaction subject the Standard Transactions Rule for or on behalf of Covered Entity, Business Associate shall comply, and shall require any agent or subcontractor conducting such transaction to comply, with each applicable requirement of the Standard Transactions Rule in the same manner as such requirement applies to Covered M3449 6 Entity. Business Associate shall not enter into, or permit its agents or subcontractors to enter into, any agreement in connection with the conduct of any transaction for or on behalf of Covered Entity that: 1. changes any definition, data condition, or use of a data element or segment as described in the Standard Transactions Rule (45 CFR § 162.915(a)); 2. adds any data elements or segments to the maximum defined data set as described in the Standard Transactions Rule (45 CFR § 162.915(b)); 3. uses any code or data elements that are either marked "not used" in the Standard Transactions Rule's implementation specifications or are not in the Standard Transaction Rule's implementation specifications (45 CFR § 162.915 (c)); and 4. changes the meaning or intent of any of the Standard Transactions Rule's implementation specifications (45 CFR § 162.915(d)). 1) To the extent required by law, Business Associate shall defend, indemnify and hold harmless Covered Entity from and against any penalties, attorneys' fees, costs, expenses, losses, claims, damages or liabilities (or actions in respect thereof) to which Covered Entity may become subject insofar as such penalties, attorneys' fees, costs, expenses, losses, claims, damages or liabilities (or actions in respect thereof) arise out of or are based upon any Security Incident, breach of this Agreement or any unauthorized use or disclosure of Protected Health Information by Business Associate and/or agents or subcontractors acting or accessing PHI on behalf of Business Associate. m) Business Associate agrees to execute an appropriate Business Associate Agreement with any agent, subcontractor, or other such party accessing Protected Health Information on behalf of Business Associate. 4. PERMITTED USES AND DISCLOSURES BY BUSINESS ASSOCIATE a) Except as otherwise limited in this Agreement, Business Associate may use or disclose Protected Health Information to perform functions, activities, or services for, or on behalf of, Covered Entity as necessary to perform any written agreement for services between Covered Entity and Business Associate, provided that such use or disclosure would not violate the Privacy Rule if done by Covered Entity. b) Except as otherwise limited in this Agreement, Business Associate may use or disclose Protected Health Information to the extent necessary for Business Associate's proper management and administration, or to carry out Business Associate's legal responsibilities if: 1. The disclosure is Required by Law; or 2. Business Associate obtains reasonable assurances, evidenced by written contract, from any person or organization to which Business Associate M3449 7 shall disclose such Protected Health Information that such person or organization shall: i. hold such Protected Health Information in confidence and use or further disclose it only for the purpose for which Business Associate disclosed it to the person or organization or as Required by Law; and ii. notify Business Associate, who shall in turn promptly notify Covered Entity's Human Resources Department, of any instance which the person or organization becomes aware of in which the confidentiality of such Protected Health Information was breached. c) Except as otherwise limited in this Agreement, Business Associate may use Protected Health Information to provide data aggregation services to Covered Entity as permitted by 45 CFR § 164.504(e)(2)(i)(B). 5. OBLIGATIONS OF COVERED ENTITY a) Covered Entity shall not request Business Associate to use or disclose Protected Health Information in any manner that would not be permissible under the Privacy Rule if done by Covered Entity. b) Covered Entity shall notify Business Associate of any limitation(s) in Covered Entity's notice of privacy practices in accordance with 45 CFR § 164.520, to the extent that such limitation may affect Business Associate's use or disclosure of Protected Health Information. c) Covered Entity shall notify Business Associate of any changes in, or revocation of, permission by an individual to use or disclose Protected Health Information to the extent that such changes may affect Business Associate's use or disclosure of Protected Health Information. d) Covered Entity shall notify Business Associate of any restriction to the use or disclosure of Protected Health Information requested by an individual to which Covered Entity has agreed in accordance with 45 CFR § 164.522, to the extent that such restriction may affect Business Associate's use or disclosure of Protected Health Information. 6. TERM AND TERMINATION a) Term. This Agreement shall terminate when all of the Protected Health Information provided by Covered Entity to Business Associate, or created or received by Business Associate on behalf of Covered Entity, is destroyed or returned to Covered Entity, or, if it is not feasible or permitted by law to return or destroy Protected Health Information, protections are extended to such information in accordance with the termination provisions in this Section. M3449 b) Termination for Cause. Upon Covered Entity's knowledge of a material breach of this Agreement by Business Associate, Covered Entity shall either: 1. Provide an opportunity for Business Associate to cure the breach and terminate this Agreement and any service agreement between the parties if Business Associate does not cure the breach within such reasonable time period specified by Covered Entity (not less than thirty (30) days) after Covered Entity notifies Business Associate in writing of the breach; or 2. Immediately terminate this Agreement and any service agreement between the parties if Business Associate has breached a material term of this Agreement and cure is not possible; or 3. If neither termination nor cure is feasible, Covered Entity shall report the violation to the Secretary. Covered Entity's remedies under this Section shall be cumulative and the exercise of any remedy shall not preclude the exercise of any other. Before exercising any of these options, Covered Entity shall provide reasonable written notice to Business Associate describing the violation and the action it intends to take. c) Effect of Termination. 1. Except as provided in paragraph 2 herein below, upon termination of this Agreement for any reason, upon direction of Covered Entity, Business Associate shall return or destroy all Protected Health Information received from Covered Entity, or created or received by Business Associate on behalf of Covered Entity. This provision shall also apply to Protected Health Information that is in the possession of agents or subcontractors of Business Associate. Business Associate shall retain no copies of Protected Health Information, unless Required by Law. 2. In the event Business Associate reasonably determines that returning or destroying Protected Health Information is not feasible, Business Associate shall provide to Covered Entity notification of the conditions that make return or destruction not feasible and shall extend the protections of this Agreement to such Protected Health Information and limit further uses and disclosures of such Protected Health Information for so long as Business Associate maintains such Protected Health Information. 7. MISCELLANEOUS a) Regulatory References. All references to the HIPAA Rules codified in 45 CFR shall mean the referenced sections as in effect or as amended by the HITECH Act and as may be further amended by law or regulation. b) Amendment. The Parties agree to take such action as is necessary to amend this Agreement from time to time as is necessary for Covered Entity to comply with M3449 9 the requirements of the Privacy Rule, the Security Rule, the Standard Transactions Rule, the Health Insurance Portability and Accountability Act of 1996, and any other applicable law. c) HITECH Act Compliance. The parties acknowledge that the HITECH Act includes several provisions impacting the health care industry, including significant changes to the HIPAA Rules. The Privacy Subtitle of the HITECII Act sects forth provisions that significantly change the requirements for business associates and the agreements between business associates and covered entities under the HIPAA Rules and many of these changes will be clarified in forthcoming regulations. Each party agrees to comply with the applicable provisions of the HITECH Act and any implementing regulations issued thereunder and agree to take such action to modify this Amendment as reasonably necessary to comply with the HITECH Act and its implementing regulations, guidance, and interpretations as they become effective. d) Audit. Covered Entity may, at any time upon reasonable prior notice, examine the use, disclosure and maintenance of Protected Health Information by Business Associate and Business Associate's employees, officers, directors, agents, auditors, attorneys and independent contractors, including the safeguards employed to protect the confidentiality of Protected Health Information. Business Associate shall cooperate fully in any such examination and shall require Business Associate's employees, officers, directors, agents, auditors, attorneys and independent contractors to cooperate fully. e) Ownership of Information. As between Covered Entity and Business Associate, Covered Entity shall retain all right, title and interest in and to all Protected Health Information. Subject to the terms and conditions of this Agreement, Covered Entity grants Business Associate a limited, non-exclusive and non- transferable license to use Protected Health Information as necessary to perform the services specified in the written agreement(s) for services between Covered Entity and Business Associate. f) Expenses. Business Associate's compliance with this Agreement, including without limitation, providing access to Protected Health Information; accounting for disclosures of Protected Health Information; correction or amendment of Protected Health Information; cooperation with the implementation of mitigating measures deemed appropriate by Covered Entity following a Security Incident; the return or destruction of Protected Health Information; and cooperation with any examination of the use, disclosure or maintenance of Protected Health Information by Business Associate, shall be at Business Associate's sole expense. g) Irreparable Harm. Business Associate acknowledges and agrees that any use, disclosure or maintenance of any Protected Health Information in a manner inconsistent with this Agreement may give rise to irreparable injury to Covered Entity for which damages would not be an adequate remedy. Accordingly, in addition to any other legal remedies which may be available at law or in equity, Covered Entity shall be entitled to equitable or injunctive relief against the M3449 10 unauthorized use or disclosure of Protected Health Information or failure to maintain the security of Protected Health Information as required by this Agreement. h) Severability. To the greatest extent possible, each provision under this Agreement shall be interpreted in such a manner as to be valid under applicable law, but if any provision of this Agreement is found to be invalid, it shall be to that extent deemed omitted, and the balance of the Agreement shall remain enforceable. i) Survival. The rights and obligations of the parties under Section 3 (1) and Section 6(c) ("Effect of Termination") of this Agreement shall survive the termination of this Agreement. j) Interpretation. Any ambiguity in this Agreement shall be resolved to permit Covered Entity to comply with the Privacy Rule, the Security Rule, the Standard Transactions Rule, the Health Insurance Portability and Accountability Act of 1996, the HITECH Act and any other applicable law. k) No Tliird Party Beneficiaries. Nothing express or implied in this Agreement is intended to confer, nor shall anything confer, upon any person other than the Covered Entity and Business Associate, and their respective successors or assigns, any rights, remedies, obligations or liabilities whatsoever. 1) No Agency Relationship. Nothing express or implied in this Agreement is intended to establish, nor shall anything establish, an agency relationship between the Covered Entity and Business Associate, and their respective successors or assigns. m) Entire Agreement. This Agreement constitutes the entire agreement between the parties relating to the use and disclosure of Protected Health Information. There are no understandings or agreements relating to the use and disclosure of Protected Health Information which are not fully expressed in this Agreement and no change, waiver or discharge of obligations arising under this Agreement shall be valid unless executed in writing by the party to whom such change, waiver or discharge is sought to be enforced. [SIGNATURE PAGE FOLLOWS] M3449 AGREED: BUSINESS ASSOCIATE: AMERICAN FIDELITY ADMINISTRATIVE SERVICES, LLC Address: P.O. Box 25523 Oklahoma City, OK 73114 ... _.... .... _. Name: Mary Nash Title: Chief Operations Officer Date: COVERED ENTITY: CITY OF SAN RAFAEL, CALIFORNIA Address: 1400 Fifth Avenue, Suite 210 San Rafael, CA 94901 Nam : r... G Title: i� kA4 NAnb Date: j - f�_ Reproved as to. form ATTEST: 'nef . X-e',e.'" . ESTHER C. BEIRNE, City Clerk M3449 12 CONTRACT ROUTING FORM INSTRUCTIONS: Use this cover sheet to circulate all contracts for review and approval in the order shown below. TO BE COMPLETED BY INITIATING DEPARTMENT PROJECT MANAGER: Contracting Department: Human Resources Project Manager: Stacey Peterson Extension: 3069 Contractor Name: American Fidelity Administrative Services, LLC Contractor's Contact: Kent Borgman, Transition Consulstant Contacts Email: Kent.Borgman@americanfidelity.com (877-302-5073) ❑ FPPC: Check if Contractor/Consultant must file Form 700 Step RESPONSIBLE DESCRIPTION COMPLETED REVIEWER DEPARTMENT DATE Check/Initial 1 Project Manager a. Email PINS Introductory Notice to Contractor N/A ❑ 9/15/2016 b. Email contract (in Word) & attachments to City Atty c/o Laraine.Gittens@cityofsanrafael.org 2 City Attorney a. Review, revise, and comment on draft agreement 9/19/2016 and return to Project Manager Click here to ls,'ETD b. Confirm insurance requirements, create Job on cnt.cr u date. PINS, send PINS insurance notice to contractor ❑ N/A 3 Project Manager Forward three (3) originals of final agreement to N/A -CM ❑ contractor for their signature- SIGNS FIRST 4 Project Manager When necessary, * contractor -signed agreement ® N/A agendized for Council approval *PSA > $20,000; or Purchase > $35,000; or Or ❑ Public Works Contract > $125,000 Date of Council approval C'icic here to enter a date PRINT CONTINUE ROUTING PROCESS WITH HARD COPY 5 Project Manager Forward signed original agreements to City Attorney with printed copy of this routing form 6 City Attorney Review and approve hard copy of signed 10/11/16 ETD agreement 7 City Attorney Review and approve insurance in PINS , and bonds N/A (for Public Works Contracts) 8 City Manager / Mayor Agreement executed by Council authorized official I, 9 City Clerk Attest signatures, retains original agreement and forwards copies to Project Manager /&