Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY ISSUE OF AUGUST 10, 2012 FBO #3912
DOCUMENT

U -- HIPPA Security Training (with certification) - Attachment

Notice Date
8/8/2012
 
Notice Type
Attachment
 
NAICS
611430 — Professional and Management Development Training
 
Contracting Office
Department of Veterans Affairs;Program Contracting Activity Central;6150 Oak Tree Blvd, Suite 300;Independence OH 44131
 
ZIP Code
44131
 
Solicitation Number
VA70112I0369
 
Response Due
8/16/2012
 
Archive Date
11/23/2012
 
Point of Contact
MERRIE FROST
 
Small Business Set-Aside
N/A
 
Description
VHA Office of Health Information Management Event Title: HIPAA Security on-site training 1.Scope of Work: The government is looking for a contractor to deliver Health Insurance Portability and Accountability Act (HIPAA) Security and Compliance courses as described in the tasks below. This scope of work applies to an instructor-led course taught at the selected site of the Health Eligibility Center, Atlanta, GA. Supply group, in-house, on-site credentialing training to the Health Care Security Requirements (HCSR) Team that effectively covers the new updates to the HIPAA rule due to the American Recovery and Reinvestment Act's (ARRA) Health Information Technology for Economic and Clinical Health (HITECH) provisions; specific requirements and implementation features within each security category; all required & addressable HIPAA Security implementation specs; analysis in international security standards: NIST, ISO's 17799 and the BS 7799; review core elements of a Security Policy document and compliance plan for a health care entity 2.Background/Introduction: The HIPAA Security Compliance Officer role falls within the VHA Office of Informatics and Analytics (OIA), Health Information Governance (HIG), Health Care Security Requirements (HCSR) Directorate. As this is a fairly recent requirement for the Office, proper formal training is needed for the HCSR team - leading to a Certified HIPAA Security Expert (CHPSE) all of which are paramount to fulfilling the requirements in this compliance role. A didactic, in-person instructor led program is believed to be the most rapid, and responsive; encompassing broad spectrum coverage of knowledge as well as being a cost effective approach to achieving the knowledge base and skill sets necessary in this compliance evaluation and monitoring role. The learning objectives of this HIPAA Security training program correlate well to HCSR's mission and goals of fulfilling its assigned HIPAA Security responsibilities for VHA. The learning objectives are as follows: "Understand new updates to HIPAA rule due to HITECH which is part of ARRA "Review specific policy requirements and implementation features within each security category. "Step through how to plan and prepare for HIPAA compliance review and monitoring tasks. HIPAA is about awareness first, assessment second and finally action focused on gaps identified last. "Understand all required and addressable HIPAA Security implementation specifications and how they correlate to policy and procedures. "Analyze international security standards, NIST, ISO's 17799 and the BS 7799. "Review core elements of a compliant security policy document for a health care entity. "Identify a compliance plan's core elements that every health care entity is required to develop and implement for business continuity and disaster recovery. Cross walk between NIST, SOX, ISO and HIPAA requirements. Principles, Standards, and Guidance "Oversee the development, implementation, and review of VHA institutional and business unit-specific policies and procedures to assure the security of protected health information (PHI). "Disseminate information and provide guidance regarding compliance with HIPAA, Federal regulations and Veterans Health Administration (VHA) policies and procedures. Education and Awareness "Develop and implement educational programs and tools to effectively train VHA facility staff members, program office staff members and researchers/staff participating in research involving PHI on the HIPAA Security Rule. "Provide communication and other resources for researchers and staff to raise awareness regarding HIPAA requirements. Administration and Management "Develop and implement administrative, physical, and technical safeguards to protect and control access to PHI in accordance with Federal regulations and Veterans Health Administration (VHA) policies and procedures. Institutional Oversight "Promote a culture of compliance and oversee adherence to Federal regulations and VHA policies and procedures instituted to safeguard PHI. Monitoring "Conduct monitoring activities and re-mediation monitoring activities to identify problems and to help ensure compliance with Federal regulations and VHA policies and procedures instituted to safeguard PHI. Auditing "Effectively conduct HIPAA Security Rule assessments at the VHA's 152 medical facilities. Periodically review and assess the progress of previous HIPAA violators. Noncompliance "Receive and investigate all internal and external HIPAA security rule complaints. "Assure that each complaint and its disposition are appropriately documented and handled in accordance with Federal regulations and VHA policies and procedures instituted to safeguard PHI. 3. Prepare for and deliver the HIPAA Security and Compliance course materials in a manner that will best allow the participants to understand and be competent as it relates to HIPAA security; 4. Provide on-site credentialing training to the Health Care Security Requirements (HCSR) Team with an innovative curriculum that provides in-depth instruction on the HIPAA Security Rule; effectively cover the new updates to the HIPAA Law rule due to ARRA's HITECH Act; specific requirements and implementation features stipulated by VA and VHA policies related to HIPAA within each security category; all required and addressable HIPAA Security implementation specs; analysis in international security standards: NIST, ISO's 17799 and the BS 7799; reviews core elements of a Security Policy document and compliance plan for a health care entity; 5. Administer, correct and review quizzes, tests, final exams and assignments as required for the program and maintain security over all teaching materials; e.g., tests, answer keys, answer sheets, and student grades. These materials shall not be improperly reproduced or distributed; 6. Brief students on the HIPAA Security and Compliance end-of-course and long-term evaluation processes and facilitate completion of that process where applicable; 7. Present each student that satisfactorily completes the course with a written certificate of completion; 8. Inclusion of exam costs is also important for both planning purposes and executing field assessments. 3.Period of Performance: Instruction Days: September 24th, 2012 through September 28th, 2012. The Instructor shall arrange travel to be available from 8:00 a.m. to 5:00 p.m. (EST) for each of these days. 4.Place of Performance: Health Eligibility Center (HEC) - Atlanta. Georgia. Conference room facilities currently reserved. 5.General Requirements: Vendor will travel to the designated site; supply and conduct classroom training coursework with all necessary materials and examination preparation to include examination fees. This order allows for training up to fifteen (15) participants. The government anticipates the following travel for this requirement: LocationNumber of Trips Per ContractNumber of Contractor Personnel Required Per TripNumber of Days Per Trip Atlanta, GA117 HCSR Staff will travel and Lodge in proximity to the Health Eligibility Center (HEC) The following Information is requested in response to this RFI: Please include: Company Name, Company Address, Point of Contact, Telephone Number, e-mail Address. Companies should provide clear and unambiguous evidence to substantiate their capability to fulfill these requirements. A.Experience 1.Please provide no more than five (5) contracts that your company has performed within the last three (3) years that are of comparable complexity and scope for each domain requirement for which your company is responding: a.Describe your Self-Performed* effort (as either a Prime or Sub-Contractor). b.Please be specific and provide a complete reference to include at a minimum the project name (and the government contract number, if applicable), contract award amount, start and completion dates, and the project owners' contact information. c.Additionally, please provide the Contract Type: Firm Fixed-Price, Time and Material, etc. *Self-Performed means work performed by the company themselves, NOT work performed by another company for them for any of the project examples provided. 2.A course description that describes the details of each project and why it is relevant to this requirement. 3.A table listing all companies involved in the relevant training, including the technical expertise and percentage of work that each company provided. B. Capabilities / Qualifications 1.A written response providing clear and unambiguous evidence to substantiate the capacity to fulfill this requirement.(Course Outline) 2.Company business size and socioeconomic status (i.e., Large Business, Small Business, Service-Disabled Veteran Owned Small Business, Women-Owned Small Business,) the number of years in business, affiliate information: parent company, joint venture partners, potential teaming partners. 3.If the company holds a Federal Supply Schedule (FSS) Contract, list the GSA Contract Number and relevant Special Item Numbers (SINS) applicable to this requirement. This notice does not restrict the Government to an ultimate acquisition approach. All firms responding to this sources sought notice are advised that their response is not a request that will be considered for contract award. All interested parties will be required to respond to the resultant solicitation separately from their response to this sources sought notice. The Point of Contact (POC) for this RFI is: Merrie Frost Contract Specialist VHA Program Contract Activity Central 6150 Oak Tree Boulevard Suite 300 Independence, OH 44131 Please submit electronic responses (via email) to the POC - merrie.frost@va.gov - no later than 800 EST on August 16, 2012.
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/spg/VA/ISC/OISC/VA70112I0369/listing.html)
 
Document(s)
Attachment
 
File Name: VA701-12-I-0369 VA701-12-I-0369.docx (https://www.vendorportal.ecms.va.gov/FBODocumentServer/DocumentServer.aspx?DocumentId=431949&FileName=VA701-12-I-0369-000.docx)
Link: https://www.vendorportal.ecms.va.gov/FBODocumentServer/DocumentServer.aspx?DocumentId=431949&FileName=VA701-12-I-0369-000.docx

 
Note: If links are broken, refer to Point of Contact above or contact the FBO Help Desk at 877-472-3779.
 
Record
SN02831100-W 20120810/120809000010-f18d4b4ea94cd7b55f36431aa7a2e10a (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.