To: Board of Supervisors
From: Dr. Ori Tzvieli, Interim Health Services Director
Report Title: Contract Amendment/Extension #23-611-5 with Atredis Partners, LLC
☒Recommendation of the County Administrator ☐ Recommendation of Board Committee
RECOMMENDATIONS:
APPROVE and AUTHORIZE the Interim Health Services Director, or designee, to execute on behalf of the County Contract Amendment/Extension #23-611-5 with Atredis Partners, LLC, a limited liability company, effective August 1, 2025, to amend Contract #23-611-2 (as amended by #23-611-3 and #23-611-4) to increase the payment limit by $2,023,875 from $2,362,960 to a new payment limit of $4,386,835, and extend the termination date from December 31, 2025, to December 31, 2028, for additional virtual Chief Information Security Officer (vCISO) services, consultation, risk analysis and assessment and technical assistance with regard to the Department’s Information Systems Unit security and compliance including Health Insurance Portability and Accountability Act (HIPAA) related services.
FISCAL IMPACT:
Approval of this Contract Amendment/Extension will result in additional annual expenditures of up to $2,023,875 over a three-year period and will be funded as budgeted by the department in FY’s 2025-28, 100% by Hospital Enterprise Fund I. (Rate increase)
BACKGROUND:
Information Security is crucial because it protects the County’s ability to function, enables the safe operation of appliances implemented on the County’s Information Technology systems, protects the data used by the County, and safeguards technology. This Contract Amendment/Extension meets the needs of the Department’s Information Systems unit by providing vCISO, services, hourly and project-based consultation, risk analysis and assessment, and technical assistance. To maintain the integrity of its systems, the department requires additional support to deliver the projects. These projects include risk assessments of third-party vendors, working with the County software analysis tools to reduce programming risks of software utilized by the organization, conducting cyber event tabletop exercises on an annual basis, and ongoing disaster recovery and business continuity projects on behalf of the department.
This Contract is entered into under and subject to the following legal authorities: California Government Code §§ 31000. Health Services Personnel approved this Contract to ensure no conflicts with labor relations. The Department’s Information Systems Unit Contract Monitor staff meet on a regular basis to ensure monitoring and performance measures in the Contract are upheld A summary of service contract deliverables, including measurable outcomes required of the Contractor to be monitored by the department, including in compliance with Section III (B)(7) of the Purchasing Policy include successful delivery of technical and non-technical information system security assessment services, and virtual chief information officer risk and security advisory services incompliance with HIPAA.
On February 7, 2017, the Board of Supervisors approved Contract #23-611, with Atredis Partners, LLC., in the amount of $160,000 for the provision of consultation and technical assistance with regard to the Department’s Information Systems unit security and compliance with HIPAA including meeting Federal, State, Local and Industry Payment Card Industry Data Security Standards (PCI-DSS) assessments and audits for the period January 1, 2017, through December 31, 2019.
On July 23, 2019, the Board of Supervisors approved Contract Amendment #23-611-1 to increase the payment limit by $430,000 to a new payment limit of $590,000, to provide additional consultation and technical assistance to the Department’s Information Systems unit, with no change in the contract term through December 31, 2019.
On January 5, 2021, the Board of Supervisors approved Contract #23-611-2 with Atredis Partners, LLC, to increase the payment limit by $504,160 to a new payment limit of $990,160, to provide the Department’s Information Systems Unit additional consultation, risk analysis, and technical and security assistance, including COVID-19 and HIPAA related services, with no change in the contract term.
On March 30, 2021, the Board of Supervisors approved Contract Amendment #23-611-3 with Atredis Partners, LLC, to increase the payment limit by $504,160, from $486,000 to a new payment limit of $990,160, for the continued provision of consultation and technical assistance to the Department’s Information Systems unit, with no change in the contract term through December 31, 2023.
On August 16, 2022, the Board of Supervisors approved Contract Amendment/Extension #23-611-4 with Atredis Partners, LLC, to increase the payment limit by $1,372,800 to a new payment limit of $2,362,960 and extend the termination date from December 31, 2023 to December 31, 2025, for additional consultation, risk analysis, technical and security assistance, including COVID-19 and HIPAA related services for the Health Services Information Systems Unit.
Approval of this Contract Amendment/Extension #23-611-5 will allow the Contractor to continue to provide consultation and technical assistance for the Health Services Department’s Information Systems Unit through December 31, 2028.
CONSEQUENCE OF NEGATIVE ACTION:
If this Contract Amendment is not approved, the Department’s Information Systems Unit would be more at risk of not meeting Federal, State, Local and Industry security standards, and network infrastructure vulnerability.