I Want To Departments & Agencies
News Events Employment Language

County Administrator's Office

ACCESS Sonoma
County Of Sonoma Administrative Support & Fiscal Services County Administrator's Office Projects ACCESS Sonoma Privacy Policy
ACCESS Sonoma

ACCESS Information Privacy and Security Policy and Procedure

One of Sonoma County’s strategic priorities set by the Board of Supervisors is to strengthen the County’s Safety Net System by identifying the County’s most vulnerable residents and developing coordinated strategies to improve their well-being, self-sufficiency, and recovery.  To address this priority, the Sonoma County Safety Net Departments developed an initiative called Accessing Coordinated Care to Empower Self Sufficiency (ACCESS) Sonoma County.  This initiative identifies vulnerable County residents who are experiencing homelessness/housing insecurity, behavioral health, substance use, unemployment, and criminal justice issues, and strives to provide the help they need to improve their self-sufficiency and well-being.

Policy and Procedure

Purpose

The purpose of this policy and procedure is to provide mandatory guidance for the creation, storage, use, disclosure and exchange of information when acting as part of or on behalf of the ACCESS Sonoma IMDT.

Scope

This policy and procedure applies to all entities and individuals participating in or acting on behalf of the ACCESS Sonoma IMDT. All Participating Agencies must sign a Participating Agency Agreement and all participating Workforce Members must sign a Confidentiality Statement.

Background

A variety of state and federal laws protect the confidentiality of an individual’s health, behavioral health, and social service information, including, but not limited to: the Health Insurance Portability and Accountability Act (HIPAA) and its implementing regulations (45 C.F.R. Parts 160 and 164); California’s Confidentiality of Medical Information Act (CMIA) (Cal. Civ. Code § 56 et seq.); the Lanterman-Petris-Short (LPS) Act (Cal. Welf. & Inst. Code § 5000 et seq.); federal Substance Abuse Confidentiality Regulations (42 C.F.R. Part 2); California substance use disorder laws (Cal. Health & Safety Code 11845.5 and 11812); and HIV test result laws (Cal. Health & Safety Code §§ 121020, 120980). To meet the challenges associated with sharing the information of vulnerable residents, Sonoma County has developed a consent-based model that limits enrollment in the ACCESS Sonoma IMDT Initiative to clients who authorize their information to be shared by and between the participating entities on the ACCESS Sonoma IMDT. This model is necessary because the IMDT approach is premised on unrestricted information sharing between participating IMDT entities to help clients get the services and resources they need. Clients who do not consent to share their information may separately seek any of the services offered by the participating entities and will not be denied assistance based on their decision not to enroll in the ACCESS Sonoma IMDT.

Definitions:

  1.  ACCESS Sonoma IMDT

    The ACCESS Sonoma IMDT consists of case managers, treatment providers, and support staff who provide case management and related services to Cohorts of vulnerable individuals that are identified by the Safety Net Collaborative. The ACCESS Sonoma IMDT includes both a Core Group of subject matter specialists who meet regularly to support overall goals of the ACCESS Sonoma Initiative and Cohort Care Teams that provide case management to specific Cohorts.

  2.  Assembly Bill (AB) 210

    AB 210 (Cal. Welf. & Inst. Code § 18999.8) authorizes counties to establish homeless adult and family multidisciplinary teams (MDTs) to facilitate the expedited identification, assessment, and linkage of homeless individuals and families to housing and supportive services within the County. It allows provider agencies to share otherwise confidential information in order to coordinate services, ensure continuity of care, and reduce duplication of services. The Sonoma County AB 210 MDT is part of the ACCESS Sonoma IMDT, and subject to this policy.

  3.  Care Manager Interface

    The Care Manager Interface within Watson Care Manager allows Workforce Members to input and view client demographics, case notes, care plans, client goals and other information relevant to client case management. The Care Manager Interface does not directly receive information from outside electronic databases (information must be added by Workforce Members).

  4.  Cohort

    Cohort refers to a group of clients designated to receive intensive case management and related services through the Access Sonoma IMDT. Cohorts are identified and defined by the Safety Net Collaborative. Clients must be assigned to a Cohort before they may receive services through the ACCESS Sonoma IMDT Initiative.

  5.  Cohort Care Team

    Cohort Care Teams provide services and case management to Cohorts. Workforce Members who have been assigned to a Cohort Care Team are members of the Access Sonoma IMDT.

  6.  Core Group

    Core Group refers to those specific subject matter experts that support the overall goals of the ACCESS Sonoma Initiative. The members of the Core Group and the Participating Agencies they represent are identified in Attachment A, which may be updated by the ACCESS Sonoma IMDT Manager with the approval of the Privacy Committee.

  7.  IMDT Authorization

    IMDT Authorization refers to a client’s consent to release otherwise confidential information for the purpose of intensive case management and service delivery by Workforce Members of the ACCESS Sonoma IMDT.

  8.  Participating Agencies

    Participating Agencies in the ACCESS Sonoma IMDT include County Departments, agencies affiliated or contracted with the County, governmental agencies, and non-governmental agencies. All Participating Agencies have, as one of their purposes, the care, care management, or rehabilitation of high-needs, vulnerable populations. All Participating Agencies must agree to be bound by this policy and execute the Participating Agency Agreement before sharing information for the purposes of the ACCESS Sonoma Initiative. New Participating Agencies may be designated by the ACCESS Sonoma IMDT Manager with the approval of the Privacy Committee. Participating Agencies are identified in Attachment A.

  9.  Privacy Committee

    The Privacy Committee is a workgroup of the Safety Net Collaborative that meets as needed to consider privacy issues related to the ACCESS Sonoma Initiative. The Privacy Committee reports to the Safety Net Collaborative. The Privacy Committee shall consist of the County Privacy Officer, a representative with the Information Services Department, the ACCESS Sonoma IMDT Manager, one or more representatives with the Cohort Care Teams, a representative with County Counsel, and a representative with each Safety Net Department. The Privacy Committee shall establish a charter, to be approved by the Safety Net Collaborative, under which the Safety Net Collaborative may delegate certain privacy and other administrative responsibilities to the Privacy Committee.

  10.  Safety Net Collaborative

    The Safety Net Collaborative is a group consisting of the Department Head of each Safety Net Department, or his or her designee. The Safety Net Departments are the Department of Health Services, the Human Services Department, Probation, the Department of Child Support Services, the Sonoma County Community Development Commission, the District Attorney, the Sonoma County Sheriff’s Office, and the Public Defender.

  11.  Virtual Client Record

    The Virtual Client Record is a component of Watson Care Manager that offers a view of selected client information uploaded from the County’s mental health system (Avatar), Substance Use Disorder programs (SWITS), Housing systems (HMIS, HAPPY, etc.), Integrated Justice System, and Social Services systems (Cal Win).

  12.  Watson Care Manager

    The Integrated Case Management System (Watson Care Manager) is the primary tool that the ACCESS Sonoma IMDT uses to support case management and information sharing. It is an electronic system with two components: (1) the Virtual Client Record; and (2) the Care Manager Interface.

  13.  Workforce Member

    Workforce Members, for the purpose of these policies and procedures, includes any individual whose conduct, as part of the ACCESS Sonoma IMDT, is on behalf of, or under the direct control of the County or a Participating Agency. Workforce Members may include, but are not limited to, County employees (full-time, part-time, extra help), contracted individuals, unpaid interns, temporary agency workers, and registered volunteers.

Establishment of the IMDT and AB 210 MDTs

  1.  ACCESS Sonoma Interdepartmental Multidisciplinary Team (IMDT)
    1. The ACCESS Sonoma IMDT has been established by and operates under the direction of the Safety Net Collaborative. The Safety Net Collaborative selects the Cohorts that will be eligible to receive case management and related services.
      1. An ACCESS Sonoma IMDT Manager shall be appointed by the County. The ACCESS Sonoma IMDT Manager oversees the Core Group Workforce Members and coordinates the activities of the Cohort Care Teams.
      2. A Cohort Care Team Program Manager shall be selected for each Cohort Care Team. The Cohort Care Team Program Manager oversees and supervises the activities of the Cohort Care Team.
    2. Additional individuals and Departments that are included in the Core Group shall be determined by the ACCESS Sonoma IMDT Manager, subject to the approval of the Privacy Committee.
    3. The Cohort Care Teams shall be determined by the Cohort Care Team Program Manager. As necessary for this purpose, the Cohort Care Team Program Manager shall solicit the advice and recommendation of the County Departments with expertise pertaining to the Cohort. All Participating Agencies selected to be part of the Cohort Care Team are members of the Access Sonoma IMDT. Cohort Care Teams may include the case managers, support staff, service providers, and supervisors who provide or support services to Cohorts.
      1. A new Cohort Care Team shall be authorized to view categories of information in Watson Care Manager that are consistent with the purpose and needs of the Cohort Care Team, as determined by the Cohort Care Team Program Manager and the Privacy Committee. Cohort Care Teams may be authorized to view additional categories of information upon the recommendation of the Cohort Care Team Program Manager and the approval of the Privacy Committee.
    4. All members of a Sonoma County AB 210 MDT are concurrently members of the ACCESS Sonoma IMDT.
    5. Consistent with the IMDT Authorization and law, all members of the IMDT may verbally discuss client issues between each other as necessary to support the well-being of the client and the goals of the case management team.
    6. Access to Watson Care Manager shall be granted on a business-need basis to members of the IMDT.
      • Watson Care Manager system access for Core Group Workforce Members shall be approved by both the IMDT Program Manager and the County Privacy Officer.
      • Watson Care Manager system access for Cohort Care Team Workforce Members shall be approved by the IMDT Program Manager, the Cohort Care Team Program Manager, and the Privacy Officer.
      • Workforce Members shall access client records in Watson Care Manager only when there is a business need to do so. All activity in Watson Care Manager is logged, monitored, and subject to audit.
  2.  AB 210 Multidisciplinary Team
    • AB 210 MDTs are comprised of two or more team members. Teams may exist on an ongoing basis (Ongoing AB 210 MDTs) or be formed in order to serve a particular client or clients (Client-specific MDTs).
    • Ongoing AB 210 MDTs may consist of Workforce Members who are eligible to participate in AB 210 MDTs who work together on an ongoing basis and need to regularly share information in order to effectively serve their clients. For example, outreach teams may form ongoing AB 210 MDTs.
    • Ongoing AB 210 MDTs may also be engaged in broader data sharing efforts, such as generating a list of high utilizers of County services in order to prioritize serving such individuals and/or families, or aggregating data to track progress of County efforts to serve homeless individuals and families.
    • Client-specific AB 210 MDTs may form when authorized Workforce Members establish contact with one another, verify their eligibility to participate in an MDT, and engage in information sharing. Teams are disbanded when information sharing about a client is no longer necessary.

IMDT Workforce Members

  1. A range of Workforce Members who are trained in the case management of high-needs, vulnerable populations and/or the identification and treatment of homeless adults and families may participate in ACCESS Sonoma IMDTs. Teams may include, but are not limited to, the following:
    • Housing or homeless services provider agencies and designated personnel.
    • Mental health and substance abuse services personnel and practitioners or other trained counseling personnel.
    • Peace officers, probation officers, or other law enforcement agents.
    • Medical personnel, with sufficient training to provide health services and/or training in the treatment of individuals experiencing homelessness or other socio-economic problems.
    • Social services workers with experience or training in the provision of social services to vulnerable populations or in the funding of and eligibility for public assistance programs.
    • Child support services agencies and designated personnel.
    • First responders, Emergency Medical Services (EMS) providers, and Fire personnel.
    • Veterans services providers and counselors.
    • Domestic violence victim service organizations, as defined in subdivision (b) of Section 1037.1 of the Evidence Code.
    • Any public or private school teacher, administrative officer, or certified pupil personnel employee.
    • Legal counsel for the adult or family representing them in a civil or criminal matter.
    • Tribal or faith-based representatives.

IMDT Authorization

  1.  Description of the IMDT Authorization

    The IMDT Authorization, included as Attachment B, authorizes the disclosure of information to the ACCESS Sonoma IMDT and the exchange of information between entities and individuals participating in the ACCESS Sonoma IMDT. The IMDT Authorization requires the client to agree that all members of the IMDT may share all information with each other, including substance-use-disorder (SUD) and mental health information. Clients who do not agree that their information may be disclosed to members of the IMDT will not be enrolled into the program because the core nature of the services offered involve unrestricted information sharing.

  2.  Purpose of the IMDT Authorization

    In some cases, health care providers or other entities may share information about a client without the client’s consent. For example, a physician can share information about a patient’s diabetes with a hospital that has admitted that patient for the purpose of treating the patient. Similarly, a community clinic could share information about a patient’s visit in order to obtain payment for the visit. For these reasons, many ACCESS Sonoma information sharing activities would be permissible under the applicable laws whether or not the client has signed the IMDT Authorization.

    However, because of the complexities of federal and state privacy laws applicable to services for vulnerable populations, IMDT Workforce Members may not be certain of their ability to share client information or may conclude that sharing is not permissible without the client’s consent. These concerns are particularly relevant with respect to SUD and mental health information, which is frequently at issue when providing services to the vulnerable populations served by the ACCESS Sonoma IMDT Initiative. The IMDT Authorization ensures that IMDT members may permissibly share all relevant information with each other as they work to get clients the services they need.

  3.  Requests to Limit IMDT Authorization

    Clients may request limitations on the sharing of their data. Consistent with applicable laws, the Privacy Officer or his designee will review those requests to determine if they are feasible. However, due to the nature of the ACCESS Sonoma IMDT Initiative, and the need to accommodate the Watson Care Manager platform, many such requests may not be able to be accommodated.

    The Privacy Officer or his designee shall review requests for limitations on data sharing in accordance with the standards set forth in the Sonoma County Board of Supervisors Administrative Policy 9-2, and shall comply with state and federal guidelines. The County is not obligated to agree to patient requests for restrictions. All such requests for limitations on data sharing will be responded to in writing.

  4.  Documentation of IMDT Authorization

    If the client consents to information sharing, he or she will need to sign and date the IMDT Authorization. The IMDT Authorization may be signed electronically. The IMDT Authorization may be signed by the client’s personal representative (such as a parent or legal guardian), as long as the personal representative indicates his or her relationship to the client. The signed IMDT Authorization will be available electronically in Watson Care Manager. If a paper authorization is signed instead of an electronic one, a scanned copy will be available.

Information Uses

  1.  Information uses by the ACCESS Sonoma IMDT
    1. All members of the ACCESS Sonoma IMDT shall be permitted to use or share client information under the following conditions:
      1. Consistent with a valid IMDT Authorization.
      2.  Consistent with disclosures allowed for AB 210 MDTs (as indicated in 8.2), including disclosures for outreach to homeless adults and families.
      3. In any other manner permitted by state and federal law.
    2.  Access to Watson Care Manager
      1.  Until a signed IMDT Authorization is obtained, ACCESS Sonoma IMDT Workforce Members shall be permitted to view in Watson Care Manager only basic demographic information used to confirm an individual’s identity (i.e., name, date of birth, and gender). This information is used during the intake or enrollment process to assess whether a new client account needs to be created.
      2. Notwithstanding 8.1.2.1, Workforce Members participating in an AB 210 MDT that conducts outreach to homeless adults and families may add information obtained during their outreach activities into the Care Manager Interface of Watson Care Manager, and may view information added by other Workforce Members of the same AB 210 MDT. Until a signed IMDT Authorization is obtained, only individuals who are part of the AB 210 MDT conducting outreach shall be permitted to view this information.
      3. All additional information contained in Watson Care Manager, including the Virtual Client Record, may be made available to Workforce Members on the ACCESS Sonoma IMDT only after a signed IMDT Authorization is obtained from the client or the client’s authorized representative. If a client is not registered to Watson Care Manager within 90 days of the date the client’s IMDT Authorization was signed, the IMDT Authorization shall be revoked.
    3.  Information Included and Viewable in Watson Care Manager
      1.  Virtual Client Record:

        The Virtual Client Record within Watson Care Manager imports information held by a variety of Participating Agencies. Privacy Committee approval shall be required before new Participating Agencies are linked to the Virtual Client Record and contribute information to the Virtual Client Record. Privacy Committee approval shall also be required before new data fields are added or made viewable in the Virtual Client Record.

      2.  Care Manager Interface:

        The Care Manager Interface offers Workforce Members a technology platform to organize and share information. Workforce Members may add and receive information to and from the Care Manager Interface because they have client consent or pursuant to exceptions to privacy laws. Cohort Care Team Workforce Member access to the Care Manager Interface shall be limited to those clients assigned to their Cohort.

    4.  Information Uses by Sonoma IMDT Workforce Members With IMDT Authorization

      With a signed IMDT Authorization, client information may be used by IMDT Workforce Members for purposes consistent with the authorization, including the following:
      • In care coordination meetings to consult with other IMDT members regarding client care and case management.
      • In the field or office with the client to provide care, case management, or other services.
      • For referral to other entities.
      • To coordinate services with other entities.
      • For other purposes allowed by state and federal law.
    5.  Information Uses by Sonoma IMDT Workforce Members Without IMDT Authorization

      Without a signed IMDT Authorization, client information may be used by IMDT Workforce Members for the following purposes:
      • Limited demographic information may be used to help identify and locate referred clients prior to signing an authorization. The limited demographic information may not include information that would identify the client as having or having had a substance use disorder either directly, by reference to publicly available information, or through verification of such identification by another person.
      • Information disclosed by homeless individuals to Workforce Members on an AB 210 MDT that is engaged in outreach activities may be used by any member of the AB 210 MDT for such outreach activities, consistent with the parameters set forth in 8.2.
  2.  Additional Information Uses by an AB 210 MDT
    1.  Members of an AB 210 MDT shall be permitted to use or share client information under the following conditions:
      1. AB 210 MDT members may share information designated as confidential under State law, policy, or regulations, if they believe it is generally relevant to the identification, assessment, and linkage of homeless adults and families to housing and supportive services, provided that no information may be shared in a manner prohibited by federal law or regulations.
      2. AB 210 MDT members may use information to coordinate care, ensure continuity of care, and reduce duplication and fragmentation of services.
    2.  AB 210 MDT members may share the following information:
      • Demographic Information
      • Contact Information
      • Service and Program History
      • Medical History
      • Mental Health History, Status, Treatment Plan, Notes
      • Disability History and Status
      • Housing and Homeless History and Status
      • Benefit History and Status
      • Criminal History and Status
      • Probation Status
      • Employment and Educational History and Status
      • High Risk Behavior, Violence, or Aggression History
    3.  No Participating Agency is required to share any information simply because it falls into one of the categories listed.
    4. Regardless of the type of information to be shared, Workforce Members participating in an AB 210 MDT are required to ensure to the best of their abilities that information shared is complete, accurate, and up to date.
    5.  Restrictions on AB 210 information sharing and information uses.
      1. AB 210 does not supersede any federally mandated restrictions on information sharing. All workforce members participating in MDTs must be familiar with the laws affecting their ability to share information under AB 210 and must comply with the letter and intent of these laws. Specifically, AB 210 does not supersede HIPAA, 42 CFR Part 2, and federal Social Security Administration regulations.
      2. Testimony concerning information shared under AB 210 is not admissible in any criminal, civil, or juvenile court proceeding, notwithstanding any other law. Further, information and writings shared pursuant to the AB 210 protocol shall be protected from discovery and disclosure by all applicable statutory and common law protections.
      3. Representatives of domestic violence service organizations must obtain clients’ consent in order to share confidential information regarding a domestic violence victim or the victim’s family.
      4. Domestic violence service organizations must establish a policy delineating how they will obtain clients’ consent, how frequently consent will be renewed, how consent will be tracked, and any other pertinent issues necessary to ensure appropriate consent has been secured prior to information sharing under AB 210.
  3.  Restricted Information
    1. Minors. No confidential information with respect to individuals under the age of 18 shall be used or disclosed by Workforce Members of the ACCESS Sonoma IMDT. The Virtual Client Record shall not include any confidential information pertaining to minors.
    2. HIV Test Results. No HIV test result information shall be used or disclosed by Workforce Members of the ACCESS Sonoma IMDT. The Virtual Client Record shall not include any HIV test result information.

Confidentiality

  1.  No confidential information or writings shall be disclosed to persons who are not members of the Access Sonoma IMDT except to the extent required or permitted under applicable law.
  2.  All Participating Agency Workforce Members must sign a confidentiality statement prior to participating in the ACCESS Sonoma IMDT.
  3.  Participating Agencies must keep all Workforce Members’ signed confidentiality statements on file for a minimum of seven years.
  4.  If a Workforce Member changes employer, and the new employer is also a Participating Agency, the Workforce Member must sign a new confidentiality statement.

Participating Agency Supplemental Policies and Procedures

  1. In addition to these Information Privacy and Security Policies and Procedures, Participating Agencies may establish their own Supplemental Policies and Procedures. The Participating Agency policies and procedures shall not conflict with these Information Privacy and Security Policies and Procedures. Participating Agencies electing to establish their own Supplemental Policies and Procedures must share them with the Sonoma County Privacy Officer when established and when material changes are implemented to the Supplemental Policies and Procedures.

Breach of Protected Information

  1.  The follow definitions apply to this section:
    1.  Breach: The term “breach” means the unauthorized acquisition, access, use, or disclosure of PII and/or PHI which compromises the security, privacy or integrity of such information.
    2. Personally Identifiable Information (PII): PII is any information that identifies or describes an individual, including, but not limited to, names Social Security number, date of birth, physical description, home address, telephone number, education, financial matters, medical, or employment history. PII applies to all Multidisciplinary Teams who maintain such information.
    3. Protected Health Information (PHI): PHI is information that relates to the past, present, or future of health, or payment for the health care that is individually identifiable health information, such as a person’s name, physical description, medical record number, Social Security number that is transmitted or maintained in any form or medium, including electronic, written, or verbal. (Note that the term PHI is not applicable to all medical information and it applies only to HIPPA-covered entities and their business associates.)
  2.  The following procedures apply in the event of a breach or potential breach.
    1. Any member of the IMDT who knows or suspects that there has been a breach of PHI or PII shall immediately notify a supervisor, manager, or the County Privacy Officer of the breach or suspected breach. Regulations require the County to report breaches to some state agencies within 24 hours. As such, immediate reporting is essential to meet this statutory timeline. The breach must be reported whether committed by the person reporting the violation, or another individual and it must be reported whether intentional or accidental. The person receiving the report of the breach shall contact the County Privacy Officer and follow these procedures for investigating the breach and determining appropriate response and mitigation measures if necessary.
    2. Retaliation against any person who in good faith reports a violation of these privacy and security policies and procedures or retaliation against any person who supports someone else who reports a violation of the policy is prohibited. In addition, retaliation against any person who cooperates in an investigation related to this policy is prohibited.
    3.  A report of a breach or suspected breach may be made via any of the following:
      • PHONE: Contact the County Privacy Officer by leaving a message at (707) 565-4703. The Privacy Unit will be notified by email that a message has been left. Please be sure to leave your name, position, department, and contact information.
      • EMAIL: Send an email to DHS-Privacy&Secuity@sonoma-county.or. Please be sure to include your name, position, department, and contact information.
      • IN PERSON: See any supervisor, manager, Privacy & Security Officer, Compliance Officer, or Department Head to report the breach or suspected breach.
    4.  Following the initial notice of the discovery of a potential Breach, the County Privacy Officer will coordinate efforts with the one or more Participating Agencies to investigate and mitigate the Breach.
    5.  The County Privacy Officer shall report all Breaches to the Privacy Committee. The County Privacy Officer may also consult with the Privacy Committee when evaluating whether a potential Breach is a Breach.

Training

  1. All Participating Agency Workforce Members must complete information privacy and security training prior to participating on the ACCESS Sonoma IMDT or any AB 210 MDT, and must renew training annually as long as remaining on the IMDT or AB 210 MDT.
  2. Participating Agencies must keep verification of all Workforce Members’ successful completion of information privacy and security training on file for a minimum of seven years.
  3. If a Workforce Member changes employer, and the new employer is also a Participating Agency, training does not need to be repeated if the Workforce Member completed information privacy and security training while in the position occupied immediately prior to taking a new position. However, the Workforce Member must obtain verification of successful training completion from the previous employer and the new employer must keep this verification on file.
  4.  Information privacy and security training will be presented via learning management system or in person by the County Privacy Officer.

Information Security

  1. Information shared electronically under this policy is subject to the Sonoma County Board of Supervisors Administrative Policy 9-2. (Information Technology Use and Security Policy Manual)

Sanctions

  1. Federal statutes require that Participating Agencies sanction (discipline) individuals who violate privacy and security policies. As a condition of participation, all Participating Agencies agree to sanction any Workforce Member under their control who violates these policies.

Inquiries About and Changes to Policies and Procedures

  1.  Any inquiries about these Policies and Procedures should be directed to the County Privacy Officer at (707) 565-4703 OR Privacy&Secuity@sonoma-county.org.
  2. With the exception of the revisions to Attachment A contemplated by Sections 4.6 and 4.8, all substantive changes to these Policies and Procedures shall be approved by the Sonoma County Safety Net Collaborative. Prior to approval, the Privacy Committee shall provide its recommendation regarding the proposed changes. All Participating Agencies will receive a copy of revised Policies and Procedures upon such approval.