Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY - FEDBIZOPPS ISSUE OF OCTOBER 09, 2013 FBO #4337
DOCUMENT

Q -- Urology Cryoblation Services - Attachment

Notice Date
10/7/2013
 
Notice Type
Attachment
 
NAICS
621399 — Offices of All Other Miscellaneous Health Practitioners
 
Contracting Office
Department of Veterans Affairs;Network Contracting Office 9;1639 Medical Center Parkway;Suite 400;Murfreesboro TN 37129
 
ZIP Code
37129
 
Solicitation Number
VA24914I0005
 
Response Due
10/16/2013
 
Archive Date
11/15/2013
 
Point of Contact
Angela Bailey
 
Small Business Set-Aside
N/A
 
Description
The Network Contracting Office 9 is conducting market research for the Memphis VA Medical Center to identify potential sources for a contract to provide cryosurgery services. This Request for Information (RFI) is issued solely to obtain industry capability to meet this requirement and request comments of the attached draft SOW. This RFI DOES NOT CONSTITUTE A SOLICITATION AND DOES NOT REQUEST PROPOSALS/QUOTATIONS/BIDS. This RFI is in accordance with Federal Acquisition Regulations (FAR) 15.201(e). The Government does not intend to award a contract on the basis of this RFI. Responses to this RFI are not offers and cannot be accepted by the Government to form a binding contract. No entitlement to payment of direct or indirect costs or charges by the Government will arise as a result of submission of responses to this RFI and the Government's use of such information. If any information is considered proprietary please mark as such. This RFI describes the Department of VA's basic requirement. The Dept. of VA requests comments on the attached DRAFT SOW and responses to the following questions: 1) Does the attached SOW provide enough information for industry to provide a technical and price response? 2) What technical factors are not identified in the SOW that is essential to successful performance? 3) What would be the preferred contract type for these services? 4) Is an indefinite-delivery-indefinite-quantity (IDIQ) task order contract appropriate or are there better alternatives? 5) Have you provided these services for Federal Agencies? 6) Can these services be provided under a firm fixed-price contract? 7) What are the customary price provisions, structure or drivers? Please refer to the attachment for additional information. Firms responding to this RFI should include company name, cage code, point of contact, address and indicate whether they are a small business. For the purposes of being considered a small business, the following applies: NAICS Code 621399, Size Standard $7.0 million. The Government reserves the right to set-aside any subsequent acquisition based upon known sources and/or responses to this synopsis. Firms should provide capability statements not to exceed 5 pages and should include responses to questions and/or comments on Dept. of VA basic requirement attached to this notice not later than Wednesday, October 16, 2013 at 3:00 p.m. CST to be considered as part of the Government's market research. Submissions shall be sent via e-mail to the attention of Angela Bailey at angela.bailey5@va.gov. Please include in the Subject line: VA249-14-I-0005 - Urology Cryoblation Services. Do not contact medical center staff in regards to this requirement, as they are not authorized to discuss matters related to this procurement action. All questions should be submitted in writing via email for this procurement to the Contract Specialist. Telephone calls will not be accepted. DRAFT PERFORMANCE WORK STATEMENT Descriptions and Specifications (Urology Cryoblation) 1.General Description/Scope of Work: The contractor shall provide to the Department of Veteran Affairs Medical Center (VAMC) at Memphis, Tennessee cryosurgical equipment and all related cryosurgical disposable probes required to perform cryosurgical procedures, ultrasound equipment, and a technician trained in the services and operation of the CryoCare CS or Cryo 20 unit as required to perform targeted cryoblation of the prostate (TCAP) procedures for the treatment of localized adenocarcinoma of the prostate. Contractor technician shall assist the attending urologist or other physician in the operation of the Unit. 2.Scope: The VA anticipates the award of a single contract on a firm, fixed price indefinite delivery/indefinite quantity basis from this solicitation. The solicitation will be conducted in accordance with Department of Veterans Affairs Acquisition Regulation (VAAR) Part 873 with the procurement conducted using FAR parts 12 and 15. 3.Services Provided: The contractor shall make the CryoCare CS or Cryo 20 unit and technician available to the VAMC Surgical Service Urology Department in accordance with a schedule mutually agreed upon between the parties. In the event the facility requires the use of the Unit at an unforeseen time other than those scheduled, contractor will make every effort to provide the Unit to the facility upon 48 hours advance notice from facility personnel. The estimated quantity of cryoblation procedures to be performed over a four year period averages fourteen (14). Additional cases exceeding (14) shall require authorization from the Chief of Staff. A standby fee of 50% of the total cost of the procedure will be charged for any case not cancelled within 24 hours of advanced notice. Exception shall apply when two cases are scheduled for the same day and one case requires cancelling, no standby charges will be assessed. a.The contracting technician, also known as a Clinical Applications Specialist shall be responsible for setting up the equipment, and will be responsible for the following criteria: "Setting up of the Urethral Warming System. "Proper sterilization and decontamination of the cryosurgical Cryo probes and temperature probes, the holders and the ultrasound probe. "Connect ultrasound probe to the cryosurgical system. "Proper gas setup and power on sequence. "Connect cryosurgical probe and temperature probe to the cryosurgical system. "Enter patient information into the proper fields. "Run pre-test for the cryosurgical probe. "Adjust ultrasound imaging (sagital and transverse) for the best quality. "Has knowledge of ultrasound functions. "Properly will run mapping portions of the procedure unless dictated otherwise by the physician. "Demonstrate the ability to add or delete probes when needed. "Engage auto freeze or manual mode as needed. "Store case information. "Load printer paper. "Print case information. "Shut down and bleed the cryosurgical systems at termination of the case. b.The technician is also responsible for: 1.Identification cryosurgical machine and use of console components. 2.Have knowledge of the parameters of Auto freeze treatment modes (target temperature and safety stops, etc). 3.Acknowledge adequate time for the urethral warmer to warm fluid. 4.Turning the power on and off on the cryosurgical machine. 5.Attaching the Argon regulators. 6.Attaching the Helium gauge. 7.Being able to connect the Argon supply line to the cryosurgical system. 8.Connecting the Helium supply line to the cryosurgical system. 9.Being able to connect the Cryoprobes to the back of the Cryocare system. 10.Being able to attach the temperature probes and label according to the anatomy. 11. Accomplishing the breakdown of equipment, bleed and shutdown the cryosurgical system. 12.Operating the Cryocare keypad. 13.Identifying disposable supplies necessary for cryosurgery. 14.Making sure the Cryoprobe holder is affixed to a sterile drape fixture. 15.Ensuring the Cryoprobe is tested prior to patient use. 16.Knowing that one Argon tank should be regulated at 3000 psi and the other at 3200 psi, another Argon tank is considered empty once it reaches less than 3000 psi. 17.Having a Helium tank ready to be used which will be supplied by the hospital. 18.Hooking up the helium tank and know that once it falls below 900 psi for 2500 psi tanks and below 3000 psi for 6000 psi tanks, it should be considered empty. c.The technician supplied by the contractor must demonstrate the ability to: 1.Turn the fluid warmer and circulating pump power on and off; 2.Insert the heat exchanger cassette in the fluid warmer; 3.Connect urethral warming tubing to 1 liter bag of room temperature NACL or water. 4.Apply IV pressure cuff to fluid and maintain fluid between 100 mm Hg and 200 mm Hg. 5.Install tubing into circulating pump with proper placement of tubing between "A" and "B" indicators. 6.Prime tubing after opening all clamps and turn pump speed at "2", ensuring that all air bubbles are removed for proper priming. 7.Increase circulating pump speed to "3" and confirm with physician. 8.Set temperature to 37.5 C and verify temperature of fluid warmer with physician. 9.Increase and decrease temperature on fluid warmer. 10.Monitor the urethral warming system during cryosurgical procedure by: a.Observation of paddle wheel spinning. b.Ensuring consistent fluid level in IV bag. c.Consistent temperature of fluid warmer. 11.Knowing that If a leak does occur, notify physician immediately and replace urethral warming catheter, or any or all components of tubing set as necessary. 12.After removal, the urethral catheter, tubing, warming cassette, and fluid bag should be discarded in designated hospital container. 13.Instructions provided to scrub nurse for handling urethral catheter and tubing: 14.Handing off two distal ends of catheter tubing and separate spike tubing. 15.Securing tubing to OR field. The remainder of the case and the actual performance of the targeted cryoablation of the prostate cancer will be performed by a VA licensed Urologic Physician. d.The Contractor shall provide the following supplies: "CryoCare CS or Cryo 20 "Transrectal Ultrasound probe "Argon & Helium regulator set "Stepper (check bed for compatibility) "Urethral warmer "Disposables o(Prostate: Cryo-206F kit, 2 extra Cryo 44F, 8 Cryo 2.4S,6 Cryo-55, 1 extra warming catheter) o(Renal: 2 R1.7, 2 R2.4L. 2 R 3.8 & 2 CRYO-55 temp probes) "Grid "Probe Holder "Ultrasound Machine (renal) "Laparoscopic or intra-operative US probe (renal) "Tank carts (Min. 2) e.Memphis VAMC shall provide the following supplies: "Gas requirements for the Cryocare system "ARGON: 99.998 pure or better 6000 PSI (grade 4.8 or better) Fitting: CGA677 "HELIUM: 99.995 pure or better 6000 PSI (industrial grade or better) Fitting: CGA677 "Gas: per prostate procedure - Hospital should order all gases and have on-site 5 days prior to cases "1 Tank Argon (Grade 4.8 - 99.998% Pure - 6000 PSI) "1 Tank Helium (6000 PSI) "A back up of 1 Argon and 1 Helium should be on hand for each prostate procedure INSTRUMENTATION (Prostate) 1 ea. Hyperthermia Unit with upper body pad (Bair Hugger) 1 ea. Bowl set (1 large, 1 med., 1 small) 1 pair Allen Stirrups, Yellow Fins, Candy cane w/ padding 1 ea.Pressure bag for urethral warming system fluid 1 ea.Flexible Cystoscopy set 1 ea. Light source 1 ea. Video Set Up Minor Tray 6 ea. Hemostats 2 ea. Kelly 3 ea. Allis 2 ea. Std. Mayo (scissors) 1 ea. Short Needle Holder 2 ea. Tissue Forceps with teeth Suture 1 ea.Blade holder 4 ea.Towel clamps Drugs / Irrigation: 1 ea. 1 liter saline or H2O bag (double port at base) for warmer 3 ea. 1 liter saline bottles (Heated) on table 1 ea. 1-liter water bottles for probe testing 1 ea. Saline bag for Cysto Drapes: 1 ea. Cysto pack 1 ea. Mayo stand cover 1 ea. 3/4 sheet (under Buttocks) 1 ea. Back table cover Disposables: 1 pair Ted Hose, SCD's 2 Tubes KY jelly 2 ea. 10cc syringe 1 ea. 6Occ syringe (luer lock) 1 ea. 6Occ syringe (toomey) 1 ea. 18fr or 20fr Foley with balloon 1 ea. Amplatz Super Stiff Guidewire,.035 or.038. 1 pk. 4 X 4 1 pk. Towels 1 ea. Perineal prep. Kit 1 ea. Cysto tubing 1 ea.Microtek Sterile endocavity transducer cover PC3688 (prostate) Instrumentation Renal Set up as partial laparoscopic nephrectomy unless Surgery is specified as "open" Disposables: 2 ea.FloSeal or comparable hemostasis product (do not open) 1 ea.Civco Sterile laparoscopic transducer cover 610-941 (renal) f.Maintenance of Unit: Contractor shall provide service and preventive maintenance of the Unit. Preventive maintenance shall include the performance of reasonable tests to ensure that the Unit is in the highest level working condition. g.QUALITY ASSURANCE: oContractor shall ensure that contract physicians contribute to the ongoing quality improvement programs in the organization as described in Medical Center Memorandum No. 00-12, Quality Management System may be accessed at the following URL: http://vaww.memphis.va.gov/docs/memo.aspx 3.Reusable Medical Equipment: A. Definitions (1) Reusable Medical Equipment (RME). RME is any medical equipment designed by the manufacturer to be reused for multiple patients. All RME must be accompanied by reprocessing instructions provided by the manufacturer. (2) Standard Procedure. A document detailing all steps and activities of process or procedure that is dates and signed by the appropriate company official. (3) Reprocessing. Reprocessing is the cleaning, disinfection, sterilization, and preparation of equipment to full readiness for its subsequent use. (4) Set-up. Set-up is the process of assembling the RME in preparation for a procedure in accordance with the manufacturer's instructions. (5) Competency. Competency is the assurance that an individual has receives the appropriate training and has demonstrated an achieved skill level required to independently and appropriately perform an assigned task or responsibility. B. Contractor Responsibilities (1) Contractor and its representatives shall be responsible to ensure that RME systematic processes are fully implemented and executed at contractor locations providing services under this contract. Contractor shall ensure that appropriate training is provided and completed for all users of RME prior to initial use. (2) All contractor personnel that are in any way involved in the set-up, use and reprocessing of RME shall have documented training on the setup, use, reprocessing, and maintenance of the specific equipment leading to initial competency and validation of that competency on an annual basis. (3) All contractor personnel charged with reprocessing duties shall be appropriately trained and competent in performing the assigned task, and when procedures are changes all designated staff are retrained and competency is again established. Personnel reprocessing RMF must be continually evaluated to ensure that they are demonstrating proficiency in all reprocessing activities. Appropriate training must be done whenever new or different equipment is used. Contractor shall provide evidence of training and competencies to the VA COR. (4) Contractor shall have established, or establish for this contract, specific standard processes and procedures for all RME. This includes, but is not limited to following specific guidance regarding the use and reprocessing of RME: (a) All clinical and technical personnel involved in RME set-up, use and reprocessing are to be trained in standard infection control methods, including those to protect both patients and themselves. (b) Standard Procedures must reflect current manufacturers' instructions and must be available in each area where reprocessing occurs for each type of RME used. Personnel assigned to reprocess RME must be trained according to device-specific procedures in order to ensure proper cleaning and high-level disinfection and sterilization. (c) All standard procedures must be kept up-to-date according to the manufactures instructions, and methods in place to sequester outdated versions and to disseminate revised procedures, as well as to ensure compliance and competence in the execution of any revised procedure. (d) Current manufacturer's instruction for RME are available and on file. (e) A method shall be in place to identify that a given RME has been reprocesses; if not clearly identifies as having been done, it must be reprocessed before use. A system or log shall be in place to record, for each instance of use, the: i. Serial number, or other unique identifier, of the endoscopic equipment used for each patient procedure. ii. Specific procedure, operator(s), date and time, and patient identifier. (f) A quality management program must be in place to ensure appropriate and safe reprocessing is being performed. C. References (1) VHA Directive 2009-004, Use and Reprocessing of Reusable Medical Equipment (RME) in Veterans Health Administration Facilities, dated February 9, 2009 (2) VHA Directive 2009-031, Improving Safety in the Use of Reusable Medical Equipment Through Standardization of Organizational Structure and Reprocessing Requirements. dated June 26, 2009 4. Special Contractor Responsibilities: a.Training: The Contractor shall provide VAMC Memphis Urology Department with documentation of each technician's training and current competence in operation of the Unit in advance of scheduling any cases and update said documentation upon request by the facility. b.Personnel Policy: The Contractor shall be responsible for protecting the personnel furnishing services under this contract. To carry out this responsibility, the Contractor shall provide the following: "Worker's Compensation "Professional Liability Insurance "Health Examinations including: (1) Annual TB Skin Test and recent (within the last year) chest x-ray if there is a history of positive TB skin test; (2) Evidence of Hepatitis B immunity (hepatitis immune titer, if provider has had the series of shots; if no immunity, evidence that provider has started the Hepatitis B vaccination series); (3) Evidence of a Hepatitis C titer; (4) Varicella titer if provider has not had chicken pox. The parties agree that the Contractor, its employees, agents and subcontractors shall not be considered VA employees for any purpose. The contractor must possess all licenses, permits, accreditation and certificates as required by law. The contractor must perform the required work in accordance with Joint Commission, VHA and other regulatory standards. Joint Commission standards may be obtained from Joint Commission, One Renaissance Blvd., Oakbrook Terrace, IL 60181. Copies of such certificates, licenses and permits must be presented with contractor's proposal. "Note: Note: Joint Commission Manuals may be reviewed online at the following URL: http://vaww.memphis.va.gov/performance/readiness/manuals.aspx c.APPROVAL OF CONTRACTOR PERSONNEL: The Department of Veterans Affairs reserves the right to refuse employment under this contract or require dismissal from contract work of any Contractor employee for unsatisfactory performance at the VAMC, Memphis, TN or any other objectionable reason considered by the Contracting Officer. The Contractor shall receive a ninety (90) day written notification of unsatisfactory performance with ninety (90) days to cure the problem. If a disagreement about performance still exists at the end of the ninety (90) day period, the Contracting Officer will make a final determination with the input of the VAMC, Director within a reasonable period of time. (1)The VA Chief of Staff and/or the Chief Surgical Service may provide professional direction to the Contractor and/or the Contractor's employee(s). (2)There is not employer-employee relationship between the VA and the Contractor or the Contractor's employee(s). d.Confidentiality of Patients Records: The Contractor is a VA Contractor and will assist in the provision of health care to patients seeking such care from or through VA. As such, the Contractor is considered as being part of the Department health care activity. Contractor is considered to be a VA Contractor for purposes of the Privacy Act, Title 5 U.S.C. 552a. Further, for the purpose of VA records access and patient confidentiality, Contractor is considered to be a VA Contractor for the following provisions: Title 38 U.S.C. 5701, 5705, and 7362. Therefore, Contractor may have access, as would other appropriate components of VA, to patient medical records including patient treatment records pertaining to drug and alcohol abuse, HIV, and sickle cell anemia, to the extent necessary to perform its contractual responsibilities. However, like other components of the Department, and not withstanding any other provisions of the contract, the Contractor is restricted from making disclosures of VA records, or information contained in such records, to which it may have access, except to the extent that explicit disclosure authority from VA has been received. The Contractor is subject to the same penalties and liabilities for unauthorized disclosures of such records as VA. The records referred to above shall be and remain the property of VA and shall not be removed or transferred from VA except in accordance with U.S.C.551a (Privacy Act), 38 U.S.C. 5701 (Confidentiality of claimants records), 5 U.S.C. 552 (FOIA), 38 U.S.C. 5705 (Confidentiality of Medical Quality Assurance Records) 38 U.S.C. 7332 (Confidentiality of certain medical records) and federal laws, rules and regulations. Subject to applicable federal confidentiality or privacy laws, the Contractor, or their designated representatives, and designated representatives of federal regulatory agencies having jurisdiction over Contractor, may have access to VA 's records, at VA's place of business on request during normal business hours, to inspect and review and make copies of such records. e.Liability: In the event of litigation/investigation of a claim of liability or malpractice, the Contractor and/or the Contractor's personnel shall cooperate fully with Government authorities and designated officials in the investigation of the claim or preparation for litigation. 4.SECURITY REQUIREMENTS FOR CONTRACTOR EMPLOYEES: CONTRACTOR PERSONNEL SECURITY REQUIREMENTS: a.In accordance with the VA Handbook 6500.6, dated March 12, 2010, contractor shall ensure that all contractor personnel with access to Government computer systems and/or records comply with the Privacy Act of 1974, the Automated Information System Security Policy, and the requirements of the (HIPPA) Health Insurance Portability and Accountability Act, and that each has completed the VA System Access Agreement. Each contractor employee that will have access, either electronically or written, to any sensitive data, will be required to complete the following before work may begin under this contract. Violations may be cause for termination of the contract. Provide adequate on-site security of your facilities, equipment, and software where patient information is stored, utilized, or accessed, to ensure protection from hazard, theft, and unauthorized access. The Contracting Officer and/or Contracting Officer Representative (COR) will provide a termination date for all non-VA employee(s) requests. Upon receipt of a Notice of Award, the successful contractor must immediately provide the Contacting Officer with the names of all personnel who will be involved in the contract and have access to protected health information. VA Handbook 6500.6 can be accessed at the following URL: http://www.iprm.oit.va.gov/docs/VA_Handbook_6500_6_Contract_Security_030210_Final.pdf b. The Certification and Accreditation (C& A) requirements do not apply, and a Security Accreditation Package is not required. c. The requirements apply to: "All VA or contracted services and information resources located and operated at contract facilities, at other government agencies that support VA mission requirements, or any other third party using VA sensitive information in order to perform a VA authorized activity. "All contracts in which VA sensitive information is used, stored, generated, transmitted, or exchanged by VA, a contractor, subcontractor or a third party, or on behalf of any of these entities, regardless of format (e.g., paper, microfiche, electronic or magnetic portable media) or whether it resides on a VA owned system or contractor/subcontractor's system operating for or on behalf of VA, (1)Contractor(s) shall ensure the confidentiality of all patient and employee information and shall be held liable in the event of breach of confidentiality according to federal regulations contained in HIPAA Privacy Regulation. In accordance with Department of Veterans Affairs VA Tennessee Valley Healthcare System Memorandum 626-07-136-28 dated August 21, 2007, amended October 4, 2007, in addition to Public Law 104-191, any person, who knowingly or willingly discloses confidential information from the VA Medical Center, may be subject to fines of up to $50,000.00 and may be subjected to civil litigation from the patient. (2) The investigative history for Contractor(s) personnel working under this contract must be maintained in the databases of either with the Office of Personnel Management (OPM) or the Defense Industrial Security Clearance Organization (DISCO). Should the Contractor(s) use another vendor other than OPM or Defense Security Service (DSS) to conduct the investigation, the investigative company must be certified by OPM/DSS to conduct Contractor(s) investigations. (3) All costs associated with obtaining clearances for Contractor(s) provided personnel will be the responsibility of the Contractor(s). Further, the Contractor(s) will be responsible for the actions of those individuals they provide to perform work for the VA under this contract. In the event that damages arise from work performed by Contractor(s) provided personnel, under the auspices of this contract, the Contractor(s) will be responsible for all resources necessary to remedy the incident. (4) Records: Contractor(s) personnel who obtain access to hardware or media which may manipulate or store drug or alcohol abuse data, sickle cell anemia treatment records, records or tests or treatment for or infection with HIV, medical quality assurance records, or any other sensitive information protected under 38 U.S.C. §4132 or §3305, as defined by the Department of Veterans Affairs, shall not have access to the records unless absolutely necessary to perform their contractual duties. Any individual who has access to these data will disclose them to no one, including other employees of the Contractor(s) not involved in the performance of the particular contractual duty for which access was obtained. Violation of these statutory provisions, as stated in department regulations by the Contractor(s)'s employees may involve imposition of criminal penalties. (5) System of Records: The Veterans Administration system(s) of records to which the Contractor(s) personnel will have access in order to maintain is "Patient Medical Records - VA (24VA136). (6) System Security: The Contractor(s) shall provide VHA with the full assurance that security measures have been implemented which are consistent with OMB Circular A-130 and VA Departmental Standards. May be accessed at the following URL: http://www.whitehouse.gov/omb/circulars_a130_a130trans4/ (7) Procedures for User Access: Access requirements to VA information systems by Contractor(s) and Contractor(s) personnel shall meet or exceed those requirements established for VHA employees as described in VHA Directives (and others) and in any subsequent VHA policy statements. Requirements for access before contractor employees can be authorized to access any VA computer system are as follows: a. All contractor employees who require access to the Department of Veterans Affairs' computer systems shall be the subject of a background investigation and must receive a favorable adjudication from the VA Office of Security and Law Enforcement prior to contract performance. This requirement is applicable to all subcontractor personnel requiring the same access. b. Contractor employees must complete the "VA Privacy and Information Security Awareness and Rules of Behavior," and "VHA Privacy Policy Web Training (HIPAA)." This training is a web based course which may be accessed on the https://www.tms.va.gov/plateau/user/login.jsp. A copy of the training certificate must be forwarded to the Surgical Service COR who will in turn forward to VA Information Security Officers and Privacy Officer. This is an annual mandatory requirement for all employees. c Submission of access request form to COR, (COR will submit request to VA Information Security Officers, OI&T CIO, MCD for approval. Access shall be granted to non-VA users only if the purpose for access meets criteria of the Privacy Act and VA Confidentiality regulations and transfer. (8) The COR will send an annual reminder to the contractor to complete all annual mandatory training. (9) All employees, contractors, volunteers, students, and others are responsible for protecting the information equipment located within their work areas and any equipment used when working remotely. (10) All employees, contractors, volunteers, students, and others are required to implement physical safeguards for all equipment that accesses VA sensitive information. Equipment must be housed and protected to reduce the risks from environmental threats and hazards, and the opportunities for unauthorized access, use, or removal. (11) Information and system backups that include VA sensitive information have the same confidentiality category as the originals. Therefore, these materials must be protected with the same or equally effective physical security as that provided to the source computer, its media, and information contained therein. (12) Employees, contractors, volunteers, students, and others will log-off of information systems when leaving work areas and/or invoke a password protected screen saver. (13) Employees, contractors, volunteers, students, and others will protect information contained on printouts and other media by keeping VA sensitive information in locked files or cabinets when not in use, and dispose of VA sensitive information through shredding or other approved disposal methods. (14) To the extent possible, computer monitors will be positioned to eliminate viewing by unauthorized personnel. When computer monitors cannot be positioned to eliminate viewing by unauthorized personnel, the deployment of a privacy screen, which allows viewing only from straight on, will be used. (15) Users will not use function keys or scripts to store passwords or other VA sensitive information. (16) E-mail (if utilized for submission of reports): The transmission of e-mail messages containing sensitive information of PHI via Outlook must be done in a secure manner, i.e., encryption. PKI is the only approved method of encryption for the VA. A PKI certificate can be obtained by contacting the VA Information Security Officers. (17). Site Inspection Requirement: In accordance with VA security and privacy regulations, when electronic access is required to VA protected data or when the contractor will have physical access to VA protected data on VA property, a physical inspection of contractor's place of business that is designated to hold VA protected data for services provided off site from VA property will be conducted. The inspection will be conducted by a team made up of the CO, ISO, COR, and PO, at a minimum, from the requesting facility or VISN office. The team will be required to inspect the contractor's place of business after negotiations have concluded, but prior to the award. The contractor must meet specified VA standards; otherwise their proposal will be determined non-responsive. Any changes made after the award to the approved, secure environment shall be submitted, in writing, in advance to the CO and must be approved by the ISO, COR, and PO prior to receiving notice to proceed by the CO. Contractor must make this area available to the VA for periodic inspections throughout the entire contract period. 5. CONTRACTOR RULES OF BEHAVIOR (VA Handbook 6500.6 Appendix D): This User Agreement contains rights and authorizations regarding my access to and use of any information assets or resources associated with my performance of services under the contract terms with the Department of Veterans Affairs (VA). This User Agreement covers my access to all VA data whether electronic or hard copy ("Data"), VA information systems and resources ("Systems"), and VA sites ("Sites"). This User Agreement incorporates Rules of Behavior for using VA, and other information systems and resources under the contract. Signed acknowledgement of these rules is a condition for access to the VA information systems. 6. SECURING SENSITIVE DOCUMENTS: Forms and other types of printed output produced by any computer system will be evaluated by the responsible staff member for data sensitivity. Printed output containing sensitive data should be labeled as such, stored in locked cabinets or desks, and disposed of properly by shredding or placement in specially marked containers. All employees are responsible for retrieving all printed outputs they request from printers or facsimile machines. Data files, documentation, and other back-up materials will be stored in areas controlled by locks or personnel to prevent unauthorized access. Although all patient files are electronic, the contractor will receive various reports that require scanning. After scanning of the documents, the following procedure shall be utilized at all times to ensure proper disposal of all patient data: (a) To ensure strict compliance with the VHA shredding and records disposal directive, the contractor shall provide shredders/lockboxes at the site. If shredding is the final process utilized the contractor must meet National Institute for Standards and Technology (NIST) standards for shredded material cut size. However, if shredding is not the final destruction method but it is only an interim step in the destruction process, then shredding by NIST standards is not required. However, the contractor must protect the shredded material until it is no longer readable or reconstructable, which means it must be pulverized, bleached, pulped or other means that fully destroys it and makes it unreadable. If the contractor has a recycling vendor who performs any part of this process, the process of protecting this shredded material must be clearly specified - i.e. the material that is not shredded to NIST standards and is awaiting final recycle. Also, specifying the means of recycling such as pulverizing, bleaching or pulping must all be clearly stated in any subcontract that the contractor may have for this service. The contract shall state how such shredded materials (which are not in its final stage) will be protected until such time that the final recycle process is completed. This information should be provided with the contractor's proposal. The contractor shall protect and recycle in a manner that fully destroys the material. (b) When a determination is made to dispose of any paper record containing PII or sensitive information, National Archives and Records Administration (NARA) rules and the National Institute of Standards and Technology (NIST) 800-88 Guidelines for Media Sanitization will be followed. NARA's rules are not shredder specific, but the rules are nevertheless applicable, in particular where paper records are to be disposed. NIST 800-88 guidelines are shredder specific. (http://csrc.nist.gov/publications/PubsSPs.html). (c) If shredding is chosen as the method of destruction, the following parameters will be applicable. The chosen shredder device must have a crosscutting capability which produces particles that are 1 X 5 millimeters in size or that will pulverize/disintegrate paper material using disintegrator devices with a 3/32 inch security screen. Contractors may obtain current VA policy on shredders and destruction of temporary paper records at the following URL: "Destruction of Temporary Paper Records", VA Directive 6371 http://vaww1.va.gov/vapubs/viewPublication.asp?Pub_ID=523&FType=2. This directive establishes VA policy to ensure that Personally Identifiable Information (PII) and other sensitive agency information contained in paper records is disposed of properly. Shredders that are compliant with this directive are specified in the National Security Agency (NSA) Central Security Service (CSS) Evaluated Products List EPL-02-01-V http://www.nsa.gov/ia/_files/Government/MDG/NSA_CSS-EPL-02-01-AA.pdf. All Administrations and Staff Offices should begin the process of eliminating non-compliant shredders and replacing them with shredders that are compliant with this directive. 7. CONFIDENTIALITY OF PATIENT RECORDS: The contractor understands and agrees that the information in the medical records of all patients is confidential. Strict confidentiality is to be maintained. Rules of Confidentiality expected to be conformed with are delineated in 38 U.S.C. 3301, 38 U.S.C. 4132, 5 U.S.C. 552 (1) et. Seq. The contractor and its personnel shall be held liable in the event of breach of confidentiality. Any person, who knowingly or willingly discloses confidential information from the authorizing VA Medical Center, may be subject to fines. If, in the performance of official duties, the contractor's personnel have regular access to printed files containing sensitive information, which must be protected under the provisions of the Privacy Act of 1974, and other applicable laws and regulations, the employee is responsible for protecting that information from unauthorized release or from loss, alteration or unauthorized deletion. Contractors and their employees shall be required to adhere to the VA Privacy policy/HIPPA, cyber security awareness, compliance and business integrity, emergency preparedness management, fire and life safety, green environmental management systems - GEMS, infection control, managing hazardous materials, medical center security and no-fear. Additional requirements may be added as deemed necessary by the contracting officer a. VA will provide the contractor(s) with access to pertinent patient medical information, within the existing privacy rules and regulations, for the purpose of providing coordinated comprehensive care. Contractor(s) shall ensure the confidentiality of all patient information and shall be held liable in the event of the breach of confidentiality. All HIPPA regulatory guidelines pertaining to medical records and care will be followed. b. Any contract resulting from this solicitation will be subject to the Privacy Act of 1974. Federal Acquisition Regulations 52.224-1 Privacy Act Notification and 52.224-2 Privacy Act are provided in full text in the Addendum to FAR clause 52.212-4. In response to the enrolled patient's release of information request, the contractor will supply a blank VA form 3288, which can be obtained the following URL: http://vaww4.va.gov/vaforms/va/pdf/VA3288.pdf to the enrolled patient. Upon completion of the form, the records are released to the patient or his designee within ten (10) WORKING DAYS. Release of Information consent is not required to transfer medical information between the contractor and the VA TVHS (Tennessee Valley Healthcare System). Contractor will store, transport or transmit VA sensitive information in an encrypted form, using a VA-approved encryption application that meets the requirements of NIST's FIPS 140-2 standard. The contractor's firewall and Web services security controls, if applicable, shall meet or exceed VA's minimum requirements. VA directives are available on the VA directives Web site at http://www1.va.gov/vapubs/ All contractors and subcontractors working with VA Sensitive Information are subject to the same investigative requirements as those of regular VA appointees or employees who have access to the same types of information. The level of background security investigation will be in accordance with VA Directive 0710, Handbook 0710, which are available at: http://www1.va.gov/vapubs/ and VHA Directive 0710 and implementing Handbook 0710.01 which are available at: http://www1.va.gov/vhapublications/ViewPublication.asp?pub_ID=1569 Contractors are responsible for screening their employees. "Contract personnel with limited and intermittent access to equipment connected to facility networks on which limited VA sensitive information may reside, including medical equipment contractors who install, maintain, and repair networked medical equipment such as CT scanners, EKG systems, ICU monitoring, etc. In this case, Veterans Health Administration facilities must have a duly executed VA business associate agreement (BAA) in place with the vendor in accordance with VHA Handbook 1600.01, Business Associates, to assure compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) in addition to the contract. Contract personnel, if on site, should be escorted by VA IT staff. Contract personnel who require access to national security programs must have a valid security clearance. National Industrial Security Program (NISP) was established by Executive Order 12829 to ensure that cleared U.S. defense industry safeguards the classified information in their possession while performing work on contracts, programs, bids, or research and development efforts. Defense Security Service (DSS) administers the NISP on behalf of the Department of Defense and 23 other federal agencies within the Executive Branch. VA will verify clearance through DSS. Contractor(s) shall insure the confidentiality of all patient and employee information and shall be held liable in the event of breach of confidentiality according to federal regulations contained in HIPPA and any other applicable law, The Contractor is a VA Contractor and will assist in the provision of health care to patients seeking such care from or through VA. As such, the Contractor is considered as being part of the Department health care activity. Contractor is considered to be a VA Contractor for purposes of the Privacy Act, Title 5 U.S.C. 552a. Further, for the purpose of VA records access and patient confidentiality, Contractor is considered to be a VA Contractor for the following provisions: Title 38 U.S.C. 5701, 5705, and 7362. Therefore, Contractor may have access, as would other appropriate components of VA, to patient medical records including patient treatment records pertaining to drug and alcohol abuse, HIV, and sickle cell anemia, to the extent necessary to perform its contractual responsibilities. However, like other components of the Department, and not withstanding any other provisions of the contract, the Contractor is restricted from making disclosures of VA records, or information contained in such records, to which it may have access, except to the extent that explicit disclosure authority from VA has been received. The Contractor is subject to the same penalties and liabilities for unauthorized disclosures of such records as VA. The records referred to above shall be and remain the property of VA and shall not be removed or transferred from VA except in accordance with U.S.C.551a (Privacy Act), 38 U.S.C. 5701 (Confidentiality of claimants records), 5 U.S.C. 552 (FOIA), 38 U.S.C. 5705 (Confidentiality of Medical Quality Assurance Records) 38 U.S.C. 7332 (Confidentiality of certain medical records) and federal laws, rules and regulations. Subject to applicable federal confidentiality or privacy laws, the Contractor, or their designated representatives, and designated representatives of federal regulatory agencies having jurisdiction over Contractor, may have access to VA 's records, at VA's place of business on request during normal business hours, to inspect and review and make copies of such records. 8. HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA): HIPAA AND OTHER REGULATORY COMPLIANCE: Contractor must adhere to the provisions of Public Law 104-191, Health Insurance Portability and Accountability Act (HIPAA) of 1996 and the National Standards to Protect the Privacy and Security of Protected Health Information (PHI). As required by HIPAA, the Department of Health and Human Services (HHS) has promulgated rules governing the security, use, and disclosure of protected health information by covered entities, including the Department of Veterans Affairs (VA). In accordance with HIPAA, the Contractor may be required to enter into a Business Associate Agreement (BAA) with VA. In accordance with 45 CFR 164.502(e), the Privacy Rule includes exceptions to the Business Associate standard. VA Central Office (VACO) has recognized Enhanced Health Care Resources as an entity that does not require a BAA with their contractors as long as they are conducting health care on VA's behalf. Therefore, no BAA is required. Contractor will provide health care to patients seeking such are from or though VA. As such, the Contractor is considered Part of the Department health activity for purposes of the following statutes and the VA regulations implementing these statutes: The Privacy Act, 5 U.S.C. 552A AND 38 U.S.C. sections 5701, 7705, and 7332. Contractor and its employees may have access to the VA patient medical records to the extent necessary for the contractor to perform the contract, notwithstanding patient treatment records only pursuant to explicit disclosure authority from VA. Contractor and its employees are subject to the penalties and liabilities provided in the statutes and regulations mentioned in the paragraph for unauthorized disclosures of such records and their contents. Records created by the contractor in the course of treating VA patients under this agreement, are the property of the VA and shall not be accessed, released, transferred, or destroyed except in accordance with applicable Federal Law and Regulations. Upon the expiration of this contract or termination of the contract, the contract will promptly provide the VA with the individually identified VA patient treatment records. VA has unrestricted access to the records generated by the contractor pursuant to this contract. 9. SECURING SENSITIVE DOCUMENTS: Forms and other types of printed output produced by any computer system will be evaluated by the responsible staff member for data sensitivity. Printed output containing sensitive data should be labeled as such, stored in locked cabinets or desks, and disposed of properly by shredding or placement in specially marked containers. All employees are responsible for retrieving all printed outputs they request from printers or facsimile machines. Data files, documentation, and other back-up materials will be stored in areas controlled by locks or personnel to prevent unauthorized access. a.COMMUNICATIONS AND TRANSMISSIONS SECURITY (HIPAA 164.312e; FISMA 8.2): (1)Facsimile (Fax) Machines: Individuals who FAX sensitive or confidential information must ensure the FAX is sent to the appropriate individual and they are aware the information is to be protected from unauthorized use. a.Fax transmissions will contain a cover sheet with the following statement: "This fax is intended only for the use of the person or office to which it is addressed and may contain information that is privileged, confidential, or protected by law. All others are hereby notified that the receipt of this fax does not waive any applicable privilege or exemption for disclosure and that any dissemination, distribution, or copying of this communication is prohibited. If you have received this fax in error, please notify this office immediately at the telephone number listed above." HIPAA regulations apply to all faxes transmitted to or from electronic devices. b.Contractor staff shall ensure the correct recipient's fax number is entered prior to transmittal. Delivery must be confirmed by telephoning the recipient, E-mail confirmation of FAX receipt, or review of fax transmittal confirmation sheet. c.Fax machines should be placed in areas secured by physical access controls that require security keys, badges, or similar mechanisms in order to gain access. d.Fax machines should have pre-programmed and tested destination numbers entered to minimize the potential for human error. (2)E-mail: The transmission of e-mail messages containing sensitive information or ePHI via Outlook must be done in a secure manner, i.e., encryption. 10. Background Investigations: a.Contractor(s) shall insure the confidentiality of all patient and employee information and shall be held liable in the event of breach of confidentiality according to federal regulations contained in HIPPA. Any person, who knowingly or willingly discloses confidential information from the VA Medical Center, may be subject to fines of up to $50,000.00 and may be subjected to civil litigation from the patient. b.Background Investigations: Contractor(s) personnel performing work under this contract shall satisfy all requirements for appropriate security eligibility in dealing with access to sensitive information systems belonging to or being used on behalf of the Department of Veterans Affairs. To satisfy the requirements of the Department of Veterans Affairs a Minimum Background Investigation shall be conducted prior to performing work under this contract. The level of access and the individual's capability to perform work under this contract will be the determining factor in deciding if a higher investigative requirement is needed. The Contractor(s) shall ensure that those requirements are fully satisfied within 30 days of initiation of such investigations. c.The investigative history for Contractor(s) personnel working under this contract must be maintained in the databases of either with the Office of Personnel Management (OPM) or the Defense Industrial Security Clearance Organization (DISCO). Should the Contractor(s) use another vendor other than OPM or Defense Security Service (DSS) to conduct the investigation, the investigative company must be certified by OPM/DSS to conduct Contractor(s) investigations. d.The Contractor is expected to maintain a Drug-free Work Place in accordance with Federal regulations. The Contractor will establish and maintain a drug-free workplace program. The administration of this program will be the responsibility of the contractor, as well as, the establishment of disciplinary actions. e.All costs associated with obtaining clearances for Contractor(s) provided personnel will be the responsibility of the Contractor(s). Further, the Contractor(s) will be responsible for the actions of those individuals they provide to perform work for the VA under this contract. In the event that damages arise from work performed by Contractor(s) provided personnel, under the auspices of this contract, the Contractor(s) will be responsible for all resources necessary to remedy the incident. 11. Records: Contractor(s) personnel who obtain access to hardware or media which may manipulate or store drug or alcohol abuse data, sickle cell anemia treatment records, records or tests or treatment for or infection with HIV, medical quality assurance records, or any other sensitive information protected under 38 U.S.C. §4132 or §3305, as defined by the Department of Veterans Affairs, shall not have access to the records unless absolutely necessary to perform their contractual duties. Any individual who has access to these data will disclose them to no one, including other employees of the Contractor(s) not involved in the performance of the particular contractual duty for which access was obtained. Violation of these statutory provisions, as stated in department regulations by the Contractor(s)'s employees may involve imposition of criminal penalties. "System of Records: The Veterans Administration system(s) of records to which the Contractor(s) personnel will have access in order to maintain is "Patient Medical Records - VA (24VA136). "System Security: The Contractor(s) shall provide VHA with the full assurance that security measures have been implemented which are consistent with OMB Circular A-130 and VA Departmental Standards. "STATEMENT OF COMMITMENT AND UNDERSTANDING: Our nation's veterans entrust the VA with extensive medical, financial, and other personal data, and rely on the integrity of our staff and our security procedures to protect that information, and to ensure that the VA properly protects their personal information. Any contractor who may have access to this sensitive data, is also required to follow the same code of behavior when dealing with such information. Therefore, all contractor employees must sign the attached Statement of Commitment and Understanding (Attachment 3) at the time of award. Failure to do so will result in access to such information being denied. "SECURING SENSITIVE DOCUMENTS: Forms and other types of printed output produced by any computer system will be evaluated by the responsible staff member for data sensitivity. Printed output containing sensitive data should be labeled as such, stored in locked cabinets or desks, and disposed of properly by shredding or placement in specially marked containers. All employees are responsible for retrieving all printed outputs they request from printers or facsimile machines. Data files, documentation, and other back-up materials will be stored in areas controlled by locks or personnel to prevent unauthorized access. 12. CONTRACTOR PERSONNEL SECURITY REQUIREMENTS a. All Contractor employees who require access to the Department of Veterans Affairs' computer systems shall be the subject of a background investigation and must receive a favorable adjudication from the VA Office of Security and Law Enforcement prior to contract performance. This requirement is applicable to all subcontractor personnel requiring the same access. If the investigation is not completed prior to the start date of the contract, the Contractor will be responsible for the actions of those individuals they provide to perform work for VA. (1)Position Sensitivity - The position sensitivity has been designated as Low Risk/Low Sensitivity. (2)Background Investigation - The level of background investigation commensurate with the required level of access is National Agency Check with Written Inquiries (NACI). (3)Cost of each Background Investigation is $200.00 b.Contractor Responsibilities (1)The Contractor shall bear the expense of obtaining background investigations. If the investigation is conducted by the Office of Personnel Management (OPM), the Contractor shall reimburse VA within 30 days from receipt of a Bill of Collection. Background investigations from investigating agencies other than OPM are permitted if the agencies possess an OPM and Defense Security Service certification. A Cage Code number must be provided to the Office of Security and Law enforcement, which will verify the information and advise the Contracting Officer whether access to the computer systems can be authorized. (2)The Contractor shall prescreen all personnel requiring access to the computer systems to ensure they maintain a U.S. citizenship and are able to read, write, speak and understand the English language. (3)After award and prior to contract performance, Contractor shall submit to the Contracting Officer: "List of names of Contractor personnel "Social Security Number of Contractor personnel "Contractor's mailing address to send security package (4)Contractor shall notify the Contracting Officer prior to changing/adding new contract personnel by submitting the above information. (5)The Contractor shall submit or have their employees submit the following required forms to the VA Office of Security and Law Enforcement within thirty (30) days of receipt: "Standard Form 85P, Questionnaire for Public Trust Positions "Standard Form 85P-S, Supplemental Questionnaire for Selected Positions "FD 258, U. S. Department of Justice Fingerprint Applicant Chart "VA Form 0710, Authority for Release of Information Form "Optional Form 306, Declaration for Federal Employment "Optional Form 612, Optional Application for Federal Employment (6)The Contractor, when notified of an unfavorable determination by the Government, shall withdraw the employee from consideration from working under the contract. (7)Failure to comply with the Contractor personnel security requirements may result in termination of the contract for cause. c.Government Responsibilities (1)The VA Office of Security and Law Enforcement will provide the necessary forms to the Contractor or to the Contractor's employees after receiving a list of names and addresses. (2)Upon receipt, the VA Office of Security and Law Enforcement will review the completed forms for accuracy and forward the forms to OPM to conduct the background investigation. (3)The Contracting Officer will ensure that the Contractor provides evidence that investigations have been completed or are in the process of being requested. 13. VA Mandatory Training The Contractor employees shall complete all training as required and within timeline standards, under VA mandates, e.g. Privacy policy/HIPPA, VA Information Security Awareness, Compliance and Business Integrity, Emergency Preparedness Management, Fire and Life Safety, Green Environmental Management Systems - GEMS, Infection Control, Managing Hazardous Materials, Medical Center Security, and No-Fear, Statement of Commitment of Understanding. Additional requirements may be added.
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/spg/VA/NaVAMC/VAMCCO80220/VA24914I0005/listing.html)
 
Document(s)
Attachment
 
File Name: VA249-14-I-0005 VA249-14-I-0005.docx (https://www.vendorportal.ecms.va.gov/FBODocumentServer/DocumentServer.aspx?DocumentId=1039543&FileName=VA249-14-I-0005-000.docx)
Link: https://www.vendorportal.ecms.va.gov/FBODocumentServer/DocumentServer.aspx?DocumentId=1039543&FileName=VA249-14-I-0005-000.docx

 
Note: If links are broken, refer to Point of Contact above or contact the FBO Help Desk at 877-472-3779.
 
Place of Performance
Address: Memphis VA Medical Center
Zip Code: 38104
 
Record
SN03212784-W 20131009/131007234144-a51564b8cd4eccbafa022f9d096484f3 (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.