Iowa Department of Public Health Third-Party AgreementMasterpiece on the Mississippi
Dubuque
band
AI- America City
1
2007 • 2012 • 2013
TO: The Honorable Mayor and City Council Members
FROM: Michael C. Van Milligen, City Manager
SUBJECT: Third Party Network Agreement with the Iowa Department of Public Health
DATE: October 9, 2013
The Childhood Lead Poisoning Prevention Program, operated by the Health Services
and Housing and Community Development Departments, previously utilized the
STELLAR system database for activities pertaining to this program. The Iowa
Department of Public Health and the Center for Disease Control and Prevention are
implementing a web -based system, Healthy Homes Lead Poisoning Surveillance
System. This system will be more efficient and require less equipment in terms of a dial -
in computer station and maintenance for the City.
The primary purpose of this Third Party Network Agreement is to set written boundaries
for the two organizations when making a connection via internet to each other.
Due to heightened awareness of Internet security and improving HIPAA compliance for
medical record security, the Iowa Department of Public Health has implemented a
token -based security system for Internet transmission of data. The security token is a
device that provides a one -time password at the push of a button.
Public Health Specialist Mary Rose Corrigan recommends City Council approval of
documents for a Third Party Network Agreement in order to use the Healthy Homes
Lead Poisoning Surveillance System for the Healthy Homes and Childhood Lead
Poisoning Prevention Programs.
I concur with the recommendation and respectfully request Mayor and City Council
approval.
Michael C. Van Milligen
MCVM:jh
Attachment
cc: Barry Lindahl, City Attorney
Cindy Steinhauser, Assistant City Manager
Teri Goodmann, Assistant City Manager
Mary Rose Corrigan, Public Health Specialist
2
Masterpiece on the Mississippi
Dubuque
bard
All-America City
1
2007 • 2012 • 2013
TO: Mike Van MilIgen, City Manager
FROM: Mary Rose Corrigan, Public Health Specialist
SUBJECT: Third Party Network Agreement with Iowa Department of Public Health
DATE: October 9, 2013
INTRODUCTION
This memorandum submits for City Council's consideration and approval associated
documents for a Third Party Network Agreement in order to use the HHLPSS (Healthy
Homes Lead Poisoning Surveillance System) for the HHCLPPP (Healthy Homes and
Childhood Lead Poisoning Prevention Program).
BACKGROUND
The Childhood Lead Poisoning Prevention Program, operated by the Health Services and
Housing and Community Development Departments, previously utilized the STELLAR
system database for activities pertaining to this program. The Iowa Department of Public
Health and the Center for Disease Control and Prevention are implementing a web -based
system, Healthy Homes Lead Poisoning Surveillance System (HHLPSS). This system
will be more efficient and require less equipment in terms of a dial -in computer station
and maintenance for the City.
DISCUSSION
The primary purpose of this Third Party Network Agreement is to set written boundaries
for the two organizations when making a connection via internet to each other.
Due to heightened awareness of Internet security and improving HIPAA compliance for
medical record security, the IDPH has implemented a token -based security system for
Internet transmission of data. The security token is a device that provides a one -time
password at the push of a button.
Using this token significantly decreases the risk of hackers obtaining access to the IDPH
network and the confidential patient data stored there. Internet transmission of
confidential medical information is a fairly new technology. This type of transmission
alone, without security measures in place, would not be secure and medical information
could potentially fall into the hands of hackers. Implementing this token security puts an
extra layer of protection over the data.
1
BUDGET IMPACT
The cost for each security token is $100.00 and will be purchased through the Iowa
Department of Public Health. The token has a lifespan of about 5 years and this price
includes support and maintenance for the full five years. Each of the Lead staff using
HHLPPS will need their own token. The funds will come from the IDPH Lead and Healthy
Homes Grant.
RECOMMENDATION
It is recommended the City sign the attached Agreement authorizing user access to the
HHLPPS and its features, and for the token -based security system, as described in the
agreement.
CITY COUNCIL ACTION
Authorize the City Manager to sign the attached agreement with the Iowa Department
of Public Health for the Third Party Network Agreement.
MRC /Ih
cc Alvin Nash, Housing and Community Development
Kim Glaser, Healthy Homes Program Manager
2
Iowa Department of Public Health
Promoting and Protecting the Health of Iowans
Mariannette Miller- Meeks, B.S.N., M.Ed:, M.D.
Terry E. Branstad
Director Governor
THIRD PARTY NETWORK CONNECTION AGREEMENT
Kim Reynolds
Lt. Governor
This Third Party Network Connection Agreement (the "Agreement ") by and between Iowa Department
of Public Health ( "IDPH "), State of Iowa, with principal offices at 321 E. 12th Street, Des Moines, Iowa
50319 -0075 and , with principal offices at
( "Company "), is entered into as of the date last
written below ( "the Effective Date ").
This Agreement consists of this signature page and the following attachments that are incorporated in
this Agreement by this reference:
Attachment 1: Third Party Network Connection Agreement Terms and Conditions
Attachment 2: Network Connection Policy
Attachment 3: Third Party Network Connection Request - Information Requirements Document
This Agreement is the complete agreement between the parties above concerning the subject matter of
this Agreement and replaces any prior oral or written communications between the parties. There are no
conditions, understandings, agreements, representations, or warranties, expressed or implied, which are
not specified herein. Any further agreements may be specified in the program contract with IDPH. This
Agreement may only be modified by a written document executed by the above parties. Any disputes
arising out of, or in connection with this agreement will be governed by Iowa law, without regard to
choice of law provisions.
IN WITNESS WHEREOF, the parties above have caused this Agreement to be duly executed. Each
party warrants and represents that its respective signatories whose signatures appear below have been
and are on the date of signature duly authorized to execute this Agreement.
Authorized Signature — ( "Company ")
Authorized Signature — ( "Iowa Department of Public Health ")
Third Party Network Connection Agreement 9/30/2013 1
Date
Attachment 1
THIRD PARTY NETWORK CONNECTION AGREEMENT
TERMS AND CONDITIONS
Object: To ensure that a secure method of connectivity is provided between IDPH and
Company and to provide guidelines for the use of network and computing resources associated
with the Network Connection as defined below.
Definition: "Network Connection" means one of IDPH approved connectivity options listed
in Section B of the Network Connection Policy.
1. RIGHT TO USE NETWORK CONNECTION. Company may only use the Network
Connection for business purposes as outlined within this entire agreement and only
access connections as specifically designated in Attachment 3, sections B and C.
2. NETWORK SECURITY.
2.1 Company will allow only Company employees approved in advance by IDPH
( "Authorized Company Employees ") and required by individual program
contract to access the Network Connection. Company shall be solely
responsible for ensuring that Authorized Company Employees are not security
risks, and upon IDPH request, Company will provide IDPH with any
information reasonably necessary for them to evaluate security issues relating
to any Authorized Company Employee's access to the Network Connection.
2.2 Company will promptly notify IDPH whenever any Authorized Company
Employee leaves Company's employ or no longer requires access to the
Network Connection. Each party will be solely responsible for the selection,
implementation, and maintenance of security procedures and policies that are
sufficient to ensure that (a) such party's use of the Network Connection is
secure and is used only for authorized purposes, and (b) such party's business
records and data are protected against improper access, use, loss alteration or
destruction.
3. NOTIFICATIONS. Company shall notify IDPH in writing promptly upon a change in
the user base for the work performed over the Network Connection or whenever in
Company's opinion a change in the connection and/or functional requirements of the
Network Connection is necessary.
4. PAYMENT OF COSTS. Each party will be responsible for all costs incurred by that
party under this Agreement, including, without limitation, costs for phone charges,
telecommunications equipment and personnel for maintaining the Network
Connection.
5. DISCLAIMER OF WARRANTIES. Neither party makes any warranties, expressed or
implied, concerning any subject matter of this Agreement, including, but not limited to,
any implied warranties of merchantability and fitness for a particular purpose.
6. CONFIDENTIALITY. The parties acknowledge that by reason of their relationship to
each other hereunder, each will have access to certain information and materials
concerning the others technology and products that is confidential and of substantial
value to that party, which value would be impaired if such information were disclosed
to third parties ( "Confidential Information "). Each party agrees that it will not use in
any way for its own account, except as provided herein, nor disclose to any third party,
any such Confidential Information revealed to it by the other party unless such
disclosure is in compliance with any applicable public records laws, including but not
limited to the Iowa Open Records Act. Each party will take every reasonable
precaution to protect the confidentiality of such Confidential Information. Upon
request by the receiving party, the disclosing party shall advise whether or not it
considers any particular information or materials to be Confidential Information. The
receiving party acknowledges that unauthorized use or disclosure thereof could cause
the disclosing party irreparable harm that could not be compensated by monetary
damages. Accordingly each party agrees that the other will be entitled to seek
injunctive and preliminary relief to remedy any actual or threatened unauthorized use
or disclosure of such other party's Confidential Information. The receiving party's
obligation of confidentiality shall not apply to information that: (a) is already known to
the receiving party or is publicly available at the time of disclosure; (b) is disclosed to
the receiving party by a third party who is not in breach of an obligation of
confidentiality to the party to this agreement which is claiming a proprietary right in
such information; (c) becomes publicly available after disclosure through no fault of
the receiving party or (d) subject to disclosure under any applicable open records laws.
7. TERMINATION AND SURVIVAL. This Agreement will remain in effect until
terminated by either party. Either party may terminate this agreement for convenience
by providing not less than thirty (30) days prior written notice, which notice will
specify the effective date of termination. Either party may also terminate this
Agreement immediately upon the other party's breach of this Agreement. Sections 4, 5,
6, 7, 8.1 and 8.2 shall survive any termination of this Agreement.
8. MISCELLANEOUS.
8.1 Severability. If for any reason a court of competent jurisdiction finds any
provision or portion of this Agreement to be unenforceable, that provision of
the Agreement will be enforced to the maximum extent permissible so as to
effect the intent of the parties, and the remainder of this Agreement will
continue in full force and effect.
8.2 Waiver. The failure of any party to enforce any of the provisions of this
Agreement will not be construed to be a waiver of the right of such party
thereafter to enforce such provisions.
8.3 Assignment. Neither party may assign this Agreement, in whole or in part,
without the other party's prior written consent. Any attempt to assign this
Agreement, (such as sub - contracting) without such consent, will be null and of
no effect. Subject to the foregoing, this Agreement is for the benefit of and will
be binding upon the parties' respective successors and permitted assigns.
8.4 Force Majeure. Neither party will be liable for any failure to perform its
obligations in connection with any Transaction or any Document, if such failure
results from any act of God or other cause beyond such party's reasonable
control (including, without limitation, any mechanical, electronic or
communications failure) which prevents such party from transmitting or
receiving any Documents.
9. INDEMNIFICATION. The Company and its successors and assignees agree to
indemnify and hold harmless the State of Iowa and IDPH and its officers, employees,
agents, and volunteers from any and all liabilities, damages, settlements, judgments,
costs and expenses, including the reasonable value of time spent by the Attorney
General's Office and the costs and expenses and reasonable attorney fees of other
counsel required to defend IDPH or the State of Iowa, related to or arising from any of
the following:
a. Any violation by Company of this contract.
b. Any negligent, intentional, or wrongful act or omission of the Company, its officers,
employees, or board members.
c. Any infringement of any patent, trademark, trade dress, trade secret, copyright, or
other intellectual property right, by Company in connection with this contract
d. The Company's performance or attempted performance of this contract.
e. Any failure by the Company to comply with all federal, state, and local laws and
regulations.
f. Any failure by the Company to make all reports, payments, and withholdings
required by federal and state law with respect to social security, employee income, and
other taxes, fees, or costs required by the Company to conduct business in the State of
Iowa.
g. Any failure by the Company to adhere to the confidentiality provisions of this
contract.
10. CHOICE OF LAW AND FORUM. The terms and provisions of this contract shall be
construed in accordance with the laws of the State of Iowa. Any and all litigation or actions
commenced in connection with this contract shall be brought in Des Moines, Iowa, in the Iowa
District Court in and for Polk County, Iowa. If, however, jurisdiction is not proper in the Polk
County District Court, the action shall only be brought in the United States District Court for
the Southern District of Iowa, Central Division, provided that jurisdiction is proper in that
forum. This provision shall not be construed as waiving any immunity to suit or liability that
may be available to IDPH or the State of Iowa.
11. INSURANCE.
11.1 Insurance Requirements. The Company shall maintain in effect, with ICAP, at
its expense, insurance covering its work of the type and in amounts required by
the Agreement. Company's insurance shall, among other things, insure against
any loss or damage resulting from the Company's performance of this
Agreement. All such insurance policies shall remain in full force and effect for
the entire life of this Agreement and shall not be canceled or changed except
after thirty (30) days' written notice to IDPH.
11.2 Amounts of Insurance Required. Unless otherwise requested by IDPH, the
Company shall, at its sole cost, cause to be issued and maintained during the
entire term of this Agreement not less than the insurance coverages set forth
below, each naming the State of Iowa and IDPH as an additional insured or loss
payee as applicable:
TYPE OF
INSURANCE
LIMIT
AMOUNT
General Liability
including contractual
liability written on an
occurrence basis
General Aggregate
Personal Injury
Each Occurrence
$2 million
$1 million
$1 million
Excess Liability,
Umbrella Form
Each Occurrence
Aggregate
$1 million
$1 million
Workers Compensation
and Employer Liability
As required by Iowa
Law
As required by Iowa
Law
Property Damage
Each Occurrence
Aggregate
$1 million
$1 million
11.3 Claims Provision. All insurance policies required by this Agreement shall
provide coverage for all claims arising from activities occurring during the term
of the policy regardless of the date the claim is filed or expiration of the policy.
11.4 No Limitation of Liability. All insurance policies shall be issued only by
companies authorized to transact business in the State of Iowa. It shall be the
responsibility of the Company to keep the respective insurance policies and
coverages current and in force during the life of this Agreement.
12. AMENDMENTS. This agreement may be amended in writing by mutual consent of
the parties. All amendments to this agreement must be fully executed by the parties.
Attachment 2
NETWORK CONNECTION POLICY
Purpose: To ensure that there is a secure method of network connectivity between the Iowa
Department of Public Health (IDPH) and all third parties and to provide a formalized method
for the request, approval and tracking of such connections.
Scope: Company network connections to IDPH can create potential security exposures if not
administered and managed correctly and consistently. These exposures may include non-
approved methods of connection to IDPH network, the inability to shut down access in the
event of a security breach, and exposure to hacking attempts.
Definitions: A "Network Connection" is defined as one of the approved connectivity options
listed in Section B. below. "Third Parties" is defined as IDPH Partners, Vendors, Contractors,
Suppliers and the like.
A. Third -Party Network Connection Requests and Approvals
All requests for Third Party network connections must be made using the appropriate method
based on the support organization.
The required information is outlined in the Third Party Network Connection Request -
Information Requirements Document (Attachment 3). All information requested on this
form must be completed prior to approval and sign off. It is Company's responsibility to
ensure that it has provided all of the necessary information and that such information is
correct.
All Third Party network connection requests must have an IDPH Division Director level
signature for approval. In some cases approval may be given at a lower level with pre -
authorization from the appropriate IDPH Division Director.
As a part of the request and approval process, the technical and administrative contact within
Company's organization or someone at a higher level within Company is requested to read and
sign the "Third Party Network Connection Agreement ".
B. Approved Connectivity Options
The following connectivity options are the standard methods of providing a Third Party
Network Connection. Anything that deviates from these standard methods must have a waiver
sign -off form approved at the IDPH Division Director level.
1) Direct Connection using encrypted tunnel via Internet - Encrypted tunnels must be
terminated directly on the Company's firewall, and IDPH firewall and VPN
Concentrator equipment, or in a special case directly on external interfaces of
server equipment designed for secure web (SSL) transactions and /or clients
equipped with approved VPN client software. In certain circumstances, it may be
required to terminate an encrypted tunnel on a dirty subnet, in which case the
normal IDPH perimeter security measures will control access to internal devices.
(See Section E. below)
2) Application Connection through encrypted tunnel via Internet — Company uses an
IDPH - written application that connects to IDPH servers over an encrypted tunnel
via the Internet.
3) Connection to a secure ftp (SFTP) server using SSH protocol — Company connects
to an IDPH SFTP server to send or receive files of a confidential nature.
4) Connection to an FTP server — Company connects to an IDPH FTP server to send
or receive files with non - confidential data.
C. Approved Services Provided
In general, services provided over Third Party Network Connections should be limited only to
those services needed, and only to those devices (hosts, routers, etc.) needed. Blanket access
will not be provided for anyone. The default policy position is to deny all access and then
only allow those specific services that are needed and approved by IDPH.
In no case shall a Third Party Network Connection to IDPH be used as the Internet connection
for the Third Party.
The standard set of allowable services is listed below:
File Exchange via sftp — Where possible, file exchange via sftp should take
place on the existing IDPH sftp server.
File Exchange via ftp — Where possible, file exchange via ftp should take
place on the existing IDPH ftp server.
DICOM transfer over TCP /IP — DICOM medical imaging files can be
exchanged between Third Party and IDPH using the TCP /IP protocol.
Resource Access — Access to internal web, application, source code
repositories and /or SQL resources will be provided on an as- needed basis.
Access to IDPH public web resources will be accomplished via the normal
Internet access for the Third Party.
D. Authentication for Third Party Network Connections
Third Party Network Connections made over the Internet will be authenticated using IDPH
Authentication databases and access systems (i.e. Secure Computing Premier Access, Cisco
Access Control System, Safeword Silver hardware tokens). Reports showing who has access
via the access systems may be generated for verification and review.
E. Protection of Private Information and Resources
Security of Third Party Network Connections will be achieved by implementing "Access
Control Lists" (ACL) on the gateway routers to which the Third Party sites are connected.
The ACLs will restrict access to pre - defined hosts within the internal IDPH network. The
ACLs will be determined by the appropriate support organization. A set of default ACLs may
be established as a baseline.
Enable -level access to IDPH- owned /maintained routers on Third Party premise will only be
provided to the appropriate support organization. All other business personnel (i.e. Partner
Site local technical support personnel) will have restricted access /read -only access to the
routers at their site and will not be allowed to make configuration changes.
IDPH shall not have any responsibility for ensuring the protection of Third Party information.
The Third Party shall be entirely responsible for providing the appropriate security measures
to ensure protection of their private internal network and information.
F. Audit and Review of Third Party Network Connections
All aspects of Third Party Network Connections, up to but not including Company's firewall,
will be monitored by the appropriate IDPH network support group. Where possible,
automated tools will be used to accomplish auditing tasks. Reports may be generated on the
access systems authentication database(s) showing the specific login entries and the
appropriate IDPH point of contact.
All Third Party Network Connections will be reviewed and information regarding specific
Third Party Network Connection will be updated as necessary. Obsolete Third Party Network
Connections will be terminated.
Attachment 3
THIRD PARTY NETWORK CONNECTION REQUEST
INFORMATION REQUIREMENTS DOCUMENT
All requests for Third Party Network Connections must be accompanied by this completed Information
Requirements Document. The parties agree to execute a separate Attachment 3 for each IDPH
application for which the Company utilizes the network connection. The parties understand and agree
that this document, and each Attachment 3 executed, is an attachment to the Third Party Connection
Agreement previously executed between the parties and that all the terms and conditions of the Third
Party Connection Agreement contained in Attachments 1 and 2 remain in full force and effect.
A. Contact Information
Requester Information:
Name: Mary Rose Corrigan
Department: Health Services Department
Manager's Name: Michael C VanMilligen
Director's Name:
Phone Number: 563 589 4181
Email Address: mcorriga @cityofdubuque.org
Technical Contact Information:
Name:
Department:
Manager's Name:
Director's Name:
Phone Number:
Pager Number:
E -mail Address:
Lisa Hamilton
Information Services
Chris Kohlmann
563 -589 -4284
Ihamilto @cityofdubuque.org
Back -up Technical Contact:
Name:
Phone Number:
Email Address:
Tony Steffen
563 589 4282
tsteffen @cityofdubuque.org
B. Scope of Needs (In some cases, the scope of needs may be jointly determined by IDPH and the Third Party)
What services are needed? (see section C. of Network Connection Policy) Web Resource Access - Internet
What are the privacy requirements (i.e. do you need
encryption)?
What are the bandwidth needs? 56K per user minimum
How long is the connection needed? Indefinite
C. Third -Party Information
Organization Name: City of Dubuque
Local Technical Support Hours (7x24, etc):
Escalation List:
8x5
Host /domain names of the Third Party: cityofdubuque.org
Names (Email addresses, phone numbers) of all employees of the Third Party who will use this access.
If not appropriate to list the names of all employees, then provide a count of the number of employees
who will be using the connection.
D. What type of work will be done over the Network Connection?
What applications will be used? HHLPSS - Healthy Homes Lead Poisoning Surveillance System
What type of data transfers will be done? N/A
How many files are involved? N/A
What are the estimated hours of use each week? What are peak hours?
24 hours access (no particular peak) 7 days a week
24 x 7
E. Are there any known issues such as special services that are required?
Are there any known issues at this point, such as what internal IDPH services are needed?
No
F. Is a backup connection needed? (e.g., are there any critical business needs associated with this connection ?)
No
G. What is the approximate duration of the Third Party Network Connection?
Indefinite - Life of the contract