REPORT/RECOMMENDATION TO THE BOARD OF SUPERVISORS
OF SAN BERNARDINO COUNTY
AND RECORD OF ACTION
September 23, 2025
FROM
ANDREW GOLDFRACH, ARMC Chief Executive Officer, Arrowhead Regional Medical Center
SUBJECT
Title
Data Sharing and Confidentiality Agreement and Business Associate Agreement with Prism Software Corp.
End
RECOMMENDATION(S)
Recommendation
1. Approve non-financial Data Sharing and Confidentiality Agreement with Prism Software Corp., to protect the privacy and provide for the security of confidential or personally identifiable information, in connection with certain professional tasks effective the date of full execution and continuing until terminated by either party.
2. Approve non-financial Business Associate Agreement with Prism Software, to maintain regulatory compliance by safeguarding the County’s electronic protected health information that is disclosed, collected, and created by Prism Software Corp., effective the date of full execution and continuing until terminated by either party.
(Presenter: Andrew Goldfrach, ARMC Chief Executive Officer, 580-6150)
Body
COUNTY AND CHIEF EXECUTIVE OFFICER GOALS & OBJECTIVES
Operate in a Fiscally-Responsible and Business-Like Manner.
Provide for the Safety, Health and Social Service Needs of County Residents.
FINANCIAL IMPACT
Approval of this item will not result in the use of Discretionary General Funding (Net County Cost) as the Data Sharing and Confidentiality Agreement and Business Associate Agreement (collectively, Agreements) with Prism Software Corp. (Prism) are non-financial in nature.
BACKGROUND INFORMATION
The Agreements will allow ARMC to use BridgeAlert from Prism in conjunction with the Konica copier machines contract. It is a secure document output management solution designed to control and monitor scanning, printing, and faxing of sensitive documents in healthcare environments. This software is included with the current Konica contract approved by the Purchasing Department on July 13, 2021.
The primary purpose for using Prism software is to ensure that confidential patient information is handled in compliance with HIPAA regulations, preventing unauthorized access and ensuring secure delivery of documents. In a hospital setting, where multiple users access shared devices, BridgeAlert is critical for protecting patient privacy by enforcing user authentication, tracking document activity, and restricting output based on user permissions. This helps mitigate the risk of data breaches and ensures that all document workflows involving protected health information (PHI) meet strict regulatory standards. Scanning, printing and faxing are all done from the Konica Minolta Multi-Function Printer (MFPs) devices that we have installed throughout the hospital.
ARMC recommended approval of the Agreements with Prism to support ARMC operations by ensuring that confidential patient information is protected and that ARMC remains in compliance with HIPAA requirements.
PROCUREMENT
Not applicable.
REVIEW BY OTHERS
This item has been reviewed by County Counsel (Bonnie Uphold, Supervising Deputy County Counsel, 387-5455) on August 28, 2025; Innovation and Technology (Robert Pittman, Chief Information Security Officer, 388-5510) on August 25, 2025; ARMC Finance (Chen Wu, Finance and Budget Officer, 580-3165) on August 29, 2025; and County Finance and Administration (Jenny Yang, Administrative Analyst, 387-4884) on September 4, 2025.