REPORT/RECOMMENDATION TO THE BOARD OF SUPERVISORS
OF SAN BERNARDINO COUNTY
AND RECORD OF ACTION
March 10, 2026
FROM
ANDREW GOLDFRACH, ARMC Chief Executive Officer, Arrowhead Regional Medical Center
SUBJECT
Title
Non-Financial Business Associate Agreement with Philips Healthcare, a Division of Philips North America LLC
End
RECOMMENDATION(S)
Recommendation
Approve non-financial Business Associate Agreement with Philips Healthcare, a division of Philips North America LLC, to ensure the security of protected health information, effective March 10, 2026 through the latest warranty expiration date of the existing service agreements with Philips Healthcare, a division of Philips North America LLC.
(Presenter: Andrew Goldfrach, ARMC Chief Executive Officer, 580-6150)
Body
COUNTY AND CHIEF EXECUTIVE OFFICER GOALS & OBJECTIVES
Provide for the Safety, Health and Social Service Needs of County Residents.
FINANCIAL IMPACT
Approval of this item will not result in the use of Discretionary General Funding (Net County Cost) as this Business Associate Agreement (BAA) with Philips Healthcare, a division of Philips North America LLC (Philips) is non-financial in nature.
BACKGROUND INFORMATION
On January 27, 2026 (Item No. 15), the Board of Supervisors (Board) approved Service Agreement Nos. 26-58, 26-59, 26-60, 26-61, and 26-62 (collectively Service Agreements) with Philips to provide preventive maintenance services to various medical imaging equipment at Arrowhead Regional Medical Center (ARMC). In the course of servicing the equipment at ARMC, Philips technicians will have access to extensive protected health information (PHI) that may be stored in the equipment. The one-year warranty will begin the date the equipment is delivered and installed, which will vary based on the size of the equipment and location, causing each of the Service Agreements to have a different term. This is why the BAA must be effective through the latest warranty expiration date of the Service Agreements.
Under the Health Insurance Portability and Accountability Act (HIPAA), covered entities, such as ARMC, are legally required to enter into BAA with contractors who may get access to PHI from the covered entities. A BAA is a contract that ensures that a vendor that receives access to PHI from a covered entity agrees to safeguard that data and comply with HIPAA requirements. Its purpose is to clearly define each party’s responsibilities for privacy, security, and breach reporting to protect patient information and limit liability.
ARMC recommends approval of the BAA with Philips to ensure that ARMC patient PHI is properly safeguarded and protected by Philips.
PROCUREMENT
Not applicable.
REVIEW BY OTHERS
This item has been reviewed by County Counsel (Charles Phan, Supervising Deputy County Counsel, 387-5455) on February 10, 2026; ARMC Finance (Chen Wu, Finance and Budget Officer, 580-3165) on February 13, 2026; and County Finance and Administration (Jenny Yang, Administrative Analyst, 387-4884) on February 17, 2026.