Executive/Council Action Form (ECAF)
ITEM TITLE:
Title
Motion 25-061, approve and authorize execution of the Agreement for Professional Services with Moss Adams LLP to perform a HIPAA compliance audit
body
DEPARTMENT: Information Technology
ORIGINATOR: Dee White
EXECUTIVE RECOMMENDATION: Ken Klein 1/21/25
PURPOSE: The purpose of this ECAF is to approve and execute an agreement with Moss Adams LLP to perform a HIPAA compliance audit.
BACKGROUND: The County engaged with consultants in 2015 and 2019, which provided a HIPAA compliance assessment with a list of recommendations. Since the last assessment, the former Snohomish Health District integrated into County operations as the Snohomish County Health Department. The Health Department is now a covered entity within the Snohomish County HIPAA posture. Given the addition of the Health Department and its HIPAA related business practices, a new enterprise-wide risk analysis and assessment of the County's compliance with Part 45 Code of Federal Regulations (CFR) Section 164.308 of the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act. In addition, provide recommendations to the County regarding remediation, cost, time, training program, policies, procedures, and possible impact to the County if changes are not implemented. The County published RFP-24-033BC to solicit proposals for a consultant to perform a HIPAA compliance audit and Moss Adams was selected by the Snohomish County evaluation committee as submitting the highest-ranking proposal to provide this audit. The maximum cost for the services will not exceed $122,300 over the term of the Agreement. The Agreement may be extended for up to one (1) additional one (1) year term at the sole discretion of the County. Approval of this ECAF will allow IT to move forward with the HIPAA compliance audit.
FISCAL IMPLICATIONS:
EXPEND: FUND, AGY, ORG, ACTY, OBJ, AU
C...
Click here for full text