Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY - FEDBIZOPPS ISSUE OF APRIL 10, 2013 FBO #4155
DOCUMENT

R -- Sources Sought Notice: National Data Ssystem Support Services HIG 14-25 - Attachment

Notice Date
4/8/2013
 
Notice Type
Attachment
 
NAICS
561110 — Office Administrative Services
 
Contracting Office
Department of Veterans Affairs;Program Contracting Activity Central;6150 Oak Tree Blvd, Suite 300;Independence OH 44131
 
ZIP Code
44131
 
Solicitation Number
VA70113I0139
 
Response Due
4/18/2013
 
Archive Date
6/17/2013
 
Point of Contact
Jonathan Chisholm
 
Small Business Set-Aside
N/A
 
Description
1.0Introduction: The Department of Veterans Affairs (VA) Veterans Health Administration (VHA) is seeking sources for a near future potential procurement of National Data System (NDS) Support Services. At this time, no solicitation exists. Therefore, PLEASE DO NOT REQUEST A COPY OF THE SOLICITATION. Contractors having the skills and capabilities necessary to perform the below stated requirements should submit a response of no more than 15 pages in length, single spaced, 12 point font minimum that addresses the above information. In response to this Sources Sought, interested contractors shall submit the following information to Jonathan Chisholm via email at jonathan.chisholm@va.gov. Provide the following information: A.Company Name and Address B.Company DUNS # C.Company point of contact, telephone, and email address. D.Socio-Economic Status - Indicate whether your company, subcontractors, teaming partners, joint ventures have a Federal Socio-Economic status, e.g., Small Business, Service-Disabled Veteran Owned Small Business, Veteran Owned Small Business, Woman-Owned Small Business, Disadvantaged Small Business, and Hub Zone. If Service-Disabled or Veteran Owned Small Business, is your company and or partners registered in VA's VetBiz repository and certified? E.If the company holds a Federal Supply Schedule (FSS) Contract, list the GSA Contract Number and relevant SINS. F.Capabilities / Qualifications: Provide a written description of the capabilities/qualifications/skills your company possesses to perform services described in this Sources Sought. G.Past Experience - Provide the following information on three similar projects completed within the last three years for which the responder was a prime or subcontractor. a.The name, address, and value of each project b.The Prime Contract Type, Firm Fixed-Price, or Time and Material c.The name, telephone and address of the owner of each project d.A description of each project, including difficulties and successes e.Your company's role and services provided for each project. Also, Any respondents to this Notice are encouraged to provide the following additional information/feedback: 1)A proposed North American Industry Classification System (NAICS) code for the below requirements. 2)Please provide the number any of GSA schedule contracts currently held within the scope/applicable to this effort. 3)Please provide any feedback or suggestions that could improve the below requirements DISCLAIMER This notice is issued solely for information and planning purposes only and does not constitute a solicitation. All information received in response to this notice that is marked as proprietary will be handled accordingly. In accordance with FAR 15.201(e), responses to this notice are not offers and cannot be accepted by the Government to firm a binding contract. Responders are solely responsible for all expensed associated with responding to this Sources Sought. 1. BACKGROUND National Data Systems (NDS) is responsible for ensuring that access to health information is managed in accordance with VA policy and Federal law, including the Privacy Act of 1974, http://www.justice.gov/opcl/privstat.htm and the Health Insurance Portability and Accountability Act (HIPAA) http://www.hhs.gov/ocr/privacy/. NDS is located with Health Information Governance, VHA Office of Informatics and Analytics. NDS manages the development and implementation of policy, regulation, and training around individuals accessing health information. NDS responds to multiple requests for access to many of VHA's health information systems, including Electronic Health Records (EHRs), national databases, and extracted datasets. The goal of NDS is to provide those who serve Veterans, proper access to the informational resources they need, while always maintaining the privacy and security of Veterans' health information. For some users, broader access may be required on a temporary or long-term basis which is provided by NDS. NDS manages all health information requests and supports the reporting of VHA health information access, Data Use Agreements (DUAs), Business Associate Agreements (BAAs) and other related data access agreements. http://www2.va.gov/directory/guide/division_flsh.asp?dnum=1 The purpose of this contract is to secure professional and technical services for the Office of Informatics and Analytics (OIA), Veterans Health Administration (VHA). NDS is the central program for managing, tracking and approving all VHA data access requests to many of VHA's health information resources. This includes granting Veteran Service Organizations (VSO) access to VHA health information resources that support Veterans with their claims for benefits. NDS is involved in data access activities and initiatives which manage the development and implementation of policy, regulation, training and the evaluation and monitoring of trending, and reporting on data access performance. 2. SCOPE OF WORK The Contractor shall provide all labor, supervision and other resources required to deliver professional and technical services, to the NDS Program Office. These services include VHA health information access program management, analysis, documentation, audits and evaluations; studies, technical support, monitoring VHA data sharing agreements and reporting relating to the VHA health information access program initiatives; policy and regulatory analysis and review. 3. PLACE OF PERFORMANCE The majority of work shall be performed onsite within the Washington D.C. metro area. Government onsite space available is limited to two personnel. Work may also be performed at contractor site with prior approval of the Program Manager and Contracting Officer Representative (COR). a) Hours of service - Contractor shall provide service during normal business hours from 8:00 A.M. to 4:30 P.M. local time, Monday through Friday. 4. TRAVEL Occasional travel will be required. Travel costs will be included in the task order award as a separate, cost-reimbursable, "not to exceed" line item. Estimated LocationsEstimated # trips Estimated # personEstimated # days per trip West Coast VA Medical Centers (San Diego, CA)214 USA Heartland (Midwest) VA Medical Centers (Salt Lake City, UT)214 East Coast VA Medical Centers (Bay Pines, FL)214 VACO Meetings. Washington, DC115 Austin Information Technology Center (Austin, TX)215 5. SPECIFIC MANDATORY TASKS AND ASSOCIATED DELIVERABLES The Contractor shall perform the mandatory tasks and provide the specific deliverables described below within the performance period. If for any reason, any deliverable cannot be delivered on time according to the below schedule, the Contractor shall provide a written explanation to the Contracting Officer's Technical Representative as soon as discovered, but not later than three days prior to deliverable due date. This written transmittal shall include a firm commitment of when the work shall be completed. This transmittal to the Contracting Officer's Representative (COR) shall cite the reasons for the delay, and the impact on the overall project. Task 1: Health Information Access (HIA) Business Case Analysis and Documentation: The Contractor will research, document, and develop business and technical analysis documents for NDS. The Contractor shall conduct information gathering relating to HIA program functions. This includes soliciting content experts, stakeholders, and other open sources for information the Contractor will manage for analysis. The details from the analysis regarding recommendations that impact the program will be captured and briefed to the NDS Deputy Director so she/he can decide a course of action. The Contractor will generate documentation which can be in many formats such as white papers, case studies, standard operating procedures, VA and Federal directives and/or handbooks, flow diagrams, use cases, project plans, schedules, memoranda, briefings, and presentations. The Contractor shall track data associated with HIA Program Activities; HIA-VHA access administration, standardized tracking and patient access audit methodologies for implementation by the VA. This support is to include: The contractor shall evaluate new tracking, reporting and management tools which support VHA data access. As users of these tools, the Contractor shall make recommendations for enhancement and/or implementation on current and/or new proposed tools that integrate with VHA access practices and policies. The Contractor shall provide implementation support, including subject matter expertise consultation to NDS, specifically for national rollouts of new or revised health information access requirements. This implementation support occurs periodically (estimate 4 rollouts per year). This support will assist NDS in managing new initiatives or innovations that improve how we process VHA Data Access requests. These rollouts will be driven by customer needs. Deliverables for Task 1: Deliverable 1: The Contractor shall provide a monthly business process report in support of the HIA Business Case Analysis and Documentation. This report shall contain: "Status of pending and completed documents. "Status of the evaluation of reporting and management tools. "Monthly status of Implementation Support to NDS for national rollouts of new or revised health information access processes. Due Date: Monthly for twelve (12) months from date of award. Task 2: VHA User Access Management: The Contractor shall manage regional (Veteran Integrated Service Networks - VISNs) and national access to VHA health information resources for customers to include, but not limited to, clinicians, researchers, peer reviewers, legal reviewers, Veteran Service Organizations (VSO, e.g., Veterans of Foreign War, Paralyzed Veterans of America, etc.), partner agencies, and other authorized users seeking access to multiple VA medical center systems or VHA national databases by using NDS provided tools and software. The Contractor shall provision access administration support to multiple internal and external user groups as well as individual new users totaling approximately 3,600 per year. In support of the VSO Compensation and Pension Records Interchange (CAPRI) access, the Contractor shall review and process Power of Attorney (POA) forms, VA FORM 21-22. The POA forms will grant the correct access to the individual mapped to the identified VSO. On average, approximately 15,000 POA forms are processed annually. The Contractor shall track all open, closed and pending actions taken under this task and shall report these in the monthly status report. In support of NDS User Access Management, the Contractor shall conduct a quality assurance review daily to ensure appropriate access administration was completed accurately. This review will include statistics of user demographics (VHA clinicians, researchers, administrative users, VSOs, and other authorized users) and frequency of requests seeking special access to VA health information resources. There are approximately 19-25 access requests daily. The Contractor shall track all open, closed and pending actions taken under this task. Help Desk support: Since the National Service Desk only provides some first-tier support the Contractors will provide different first-tier and second-tier help desk support for Compensation and Pension Records Interchange (CAPRI) and Veterans Health Information Systems and Technology Architecture (VistAWeb) web users managed by NDS. The Contractors will: -Log help-desk tickets into the internal workload management tracking system. -Respond to approximately 300 email and phone inquiries per month. -Provide user training associated with access applications. -First Tier Support items include assistance with software installations and password rests. -Second Tier Support includes software troubleshooting The contractor shall review, analyze and make recommendations with regard to NDS' input and involvement in VA agreement documents such as, DUAs and Memo of Understanding (MOUs) between VHA data owners and data users that require specific data sets, as opposed to access to the entire EHR, up to 120 agreements per year. In addition, the Contractors will monitor these documents. Deliverables for Task 2: Deliverable 2: Contractor shall provide a monthly status report of VHA User Access Management tasks. This report shall contain: "NDS User Access Management Status of open, closed and pending requests. "The Contractor shall track all open, closed and pending actions for POAs. "The Contractor shall track all open, closed and pending actions taken during the Quality Assurance Review. "Tracking all open, closed, and pending actions on Help Desk Support items. "Tracking of VHA Data Sharing Agreements Due Date: Monthly for twelve (12) months from date of award. Task 3: Business Associate Agreement (BAA) Support: The Contractor shall provide administrative support to the VHA Business Associate Program Manager. The Contractor shall provide the updated status in response to email and telephone inquiries regarding the progression of each Business Associate Agreements (BAA) action. These actions include the initial vendor questionnaire step, scoring the risk analysis worksheet, acquiring appropriate signatures (Business Associate and VHA), scanning completed agreements and archiving (upload into database). The contractor shall have management and update responsibility for the BAA agreement databases. NDS currently has approximately 400 active BAAs in the database. There are approximately 100 actions a month. Deliverable for Task 3: Deliverable 3.1: Contractor shall provide a monthly status report of BAA Support. This report shall contain: "A summary of email and telephone inquiries "Current status of open BAA Actions "Listing of Closed agreements uploaded and processed "Business Associate Profile Questionnaires sent "Risk Analysis performed "Listing of BAAs terminated Due Date: Monthly for twelve (12) months from date of award. 6. CONTRACTOR PERSONNEL SECURITY REQUIREMENTS The following security requirement must be addressed regarding Contractor supplied equipment: Contractor supplied equipment, PCs of all types, equipment with hard drives, etc. for contract services must meet all security requirements that apply to Government Furnished Equipment (GFE) and Government Owned Equipment (GOE). Security Requirements include: a) VA Approved Encryption Software must be installed on all laptops or mobile devices before placed into operation, b) Bluetooth equipped devices are prohibited within the VA; Bluetooth must be permanently disabled or removed from the device, c) VA approved anti-virus and firewall software, d) Equipment must meet all VA sanitization requirements and procedures before disposal. The COR, CO, the Project Manager, and the Information Security Officer (ISO) must be notified and verify all security requirements have been adhered to. 1.Information made available to the Contractor/Subcontractor by VA for the performance or administration of this contract or information developed by the Contractor/Subcontractor in performance or administration of the contract shall be used only for those purposes and shall not be used in any other way without the prior written agreement of the VA. This clause expressly limits the Contractor/Subcontractor's rights to use data as described in Rights in Data - General, FAR 52.227-14(d) (1). 2.VA information should not be co-mingled, if possible, with any other data on the Contractors/Subcontractor's information systems or media storage systems in order to ensure VA requirements related to data protection and media sanitization can be met. If co-mingling must be allowed to meet the requirements of the business need, the Contractor must ensure that VA's information is returned to the VA or destroyed in accordance with VA's sanitization requirements. VA reserves the right to conduct onsite inspections of Contractor and Subcontractor IT resources to ensure data security controls, separation of data and job duties, and destruction/media sanitization procedures are in compliance with VA directive requirements. 3.Prior to termination or completion of this contract, Contractor/Subcontractor must not destroy information received from VA, or gathered/created by the Contractor in the course of performing this contract without prior written approval by the VA. Any data destruction done on behalf of VA by a Contractor/Subcontractor must be done in accordance with National Archives and Records Administration (NARA) requirements as outlined in VA Directive 6300, Records and Information Management and its Handbook 6300.1 Records Management Procedures, applicable VA Records Control Schedules, and VA Handbook 6500.1, Electronic Media Sanitization. Self-certification by the Contractor that the data destruction requirements above have been met must be sent to the VA CO within 30 days of termination of the contract. 4.The Contractor/Subcontractor must receive, gather, store, back up, maintain, use, disclose and dispose of VA information only in compliance with the terms of the contract and applicable Federal and VA information confidentiality and security laws, regulations and policies. If Federal or VA information confidentiality and security laws, regulations and policies become applicable to the VA information or information systems after execution of the contract, or if NIST issues or updates applicable FIPS or Special Publications (SP) after execution of this contract, the parties agree to negotiate in good faith to implement the information confidentiality and security laws, regulations and policies in this contract. 5.The Contractor/Subcontractor shall not make copies of VA information except as authorized and necessary to perform the terms of the agreement or to preserve electronic information stored on Contractor/Subcontractor electronic storage media for restoration in case any electronic equipment or data used by the Contractor/Subcontractor needs to be restored to an operating state. If copies are made for restoration purposes, after the restoration is complete, the copies must be appropriately destroyed. 6.If VA determines that the Contractor has violated any of the information confidentiality, privacy, and security provisions of the contract, it shall be sufficient grounds for VA to withhold payment to the Contractor or third party or terminate the contract for default or terminate for cause under Federal Acquisition Regulation (FAR) part 12. 7.The Contractor/Subcontractor must store, transport, or transmit VA sensitive information in an encrypted form, using VA-approved encryption tools that are, at a minimum, FIPS 140-2 validated. 8.The Contractor/Subcontractor's firewall and Web services security controls, if applicable, shall meet or exceed VA's minimum requirements. VA Configuration Guidelines are available upon request. 9.Except for uses and disclosures of VA information authorized by this contract for performance of the contract, the Contractor/Subcontractor may use and disclose VA information only in two other situations: (i) in response to a qualifying order of a court of competent jurisdiction, or (ii) with VA's prior written approval. The Contractor/Subcontractor must refer all requests for, demands for production of, or inquiries about, VA information and information systems to the VA CO for response. 10.Notwithstanding the provision above, the Contractor/Subcontractor shall not release VA records protected by Title 38 U.S.C. 5705, confidentiality of medical quality assurance records and/or Title 38 U.S.C. 7332, confidentiality of certain health records pertaining to drug addiction, sickle cell anemia, alcoholism or alcohol abuse, or infection with human immunodeficiency virus. If the Contractor/Subcontractor is in receipt of a court order or other requests for the above mentioned information, that Contractor/Subcontractor shall immediately refer such court orders or other requests to the VA CO for response. 11.For service that involves the storage, generating, transmitting, or exchanging of VA sensitive information but does not require Certification and Accreditation (C&A) or a Memorandum of Understanding-Interconnection Service Agreement (MOU-ISA) for system interconnection, the Contractor/Subcontractor must complete a Contractor Security Control Assessment (CSCA) on a yearly basis and provide it to the COR. 12.Position Sensitivity and Background Investigation - The position sensitivity and the level of background investigation commensurate with the required level of access is: 7. Section 508 - Electronic and Information Technology (EIT) Standards: The Section 508 standards established by the Architectural and Transportation Barriers Compliance Board (Access Board) are incorporated into, and made part of all VA orders, solicitations and purchase orders developed to procure Electronic and Information Technology (EIT). These standards are found in their entirety at: http//www.section508.gov and http://www.access-board.gov/sec508/standards.htm. A printed copy of the standards will be supplied upon request. The Contractor shall comply with the technical standards as marked: _x_ § 1194.21 Software applications and operating systems _x_ § 1194.22 Web-based intranet and internet information and applications _x_ § 1194.23 Telecommunications products _x_ § 1194.24 Video and multimedia products _x_ § 1194.25 Self contained, closed products _x_ § 1194.26 Desktop and portable computers _x_ § 1194.31 Functional Performance Criteria _x_ § 1194.41 Information, Documentation, and Support The standards do not require the installation of specific accessibility-related software or the attachment of an assistive technology device, but merely require that the EIT be compatible with such software and devices so that it can be made accessible if so required by the agency in the future. 8. FACILITY/RESOURCE PROVISIONS The Government shall provide office space, telephone service and system access when authorized contract staff work at a Government location as required in order to accomplish the Tasks associated with this potential requirement. All procedural guides, reference materials, and program documentation for the project and other Government applications will also be provided on an as-needed basis. The Contractor shall request other Government documentation deemed pertinent to the work accomplishment directly from the Government officials with whom the Contractor has contact. The Contractor shall consider the COR as the final source for needed Government documentation when the Contractor fails to secure the documents by other means. The Contractor is expected to use common knowledge and resourcefulness in securing all other reference materials, standard industry publications, and related materials that are pertinent to the work. The VA shall provide access to VA specific systems/network as required for execution of the task via a site-to-site VPN or other technology. The Contractor shall utilize Government-provided software development and test accounts, document and requirements repositories, etc. as required for the development, storage, maintenance and delivery of products within the scope of this effort. The Contractor shall not transmit, store or otherwise maintain sensitive data or products in Contractor systems (or media) within the VA firewall IAW VA Handbook 6500.6 dated March 12, 2010. All VA sensitive information shall be protected at all times in accordance with local security field office System Security Plans (SSP's) and Authority to Operate (ATO)'s for all systems/LAN's accessed while performing the tasks for this potential requirement.
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/spg/VA/ISC/OISC/VA70113I0139/listing.html)
 
Document(s)
Attachment
 
File Name: VA701-13-I-0139 VA701-13-I-0139.docx (https://www.vendorportal.ecms.va.gov/FBODocumentServer/DocumentServer.aspx?DocumentId=692209&FileName=VA701-13-I-0139-000.docx)
Link: https://www.vendorportal.ecms.va.gov/FBODocumentServer/DocumentServer.aspx?DocumentId=692209&FileName=VA701-13-I-0139-000.docx

 
Note: If links are broken, refer to Point of Contact above or contact the FBO Help Desk at 877-472-3779.
 
Record
SN03031341-W 20130410/130408234500-0f5154605baf3de72b248f7d5731198f (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.