Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY - FEDBIZOPPS ISSUE OF NOVEMBER 08, 2013 FBO #4367
DOCUMENT

R -- Insurance Identification - Attachment

Notice Date
11/6/2013
 
Notice Type
Attachment
 
NAICS
524298 — All Other Insurance Related Activities
 
Contracting Office
Department of Veterans Affairs;Health Administration Center;3773 Cherry Creek Drive North, Ste 875 E;Denver CO 80209
 
ZIP Code
80209
 
Solicitation Number
VA74114I0009
 
Response Due
11/18/2013
 
Archive Date
12/18/2013
 
Point of Contact
Erica A Blake
 
E-Mail Address
erica.blake@va.gov
(erica.blake@va.gov)
 
Small Business Set-Aside
N/A
 
Description
PERFORMANCE WORK STATEMENT Chief Business Office (CBO) Consolidated Patient Account Center (CPAC) - Insurance Identification (ID) 1. Scope: The Veterans Health Administration (VHA) CBO CPAC is looking to establish a contract with a Contractor to establish off-site health Insurance ID support for all Veterans Integrated Service Networks (VISN's). The Contractor shall identify and validate billable health insurance for Veterans who are treatment at the Veteran Administration (VA) that have no health insurance information on file, update the Veterans Information System Technology Architecture (VISTA) database with the new information obtained, establish and maintain a productive cost-effective Insurance ID system, incorporate industry standard performance metrics, monitor the accuracy and timeliness of VISTA, establish a reporting mechanism that measures return on investment that is in line with negotiated performance metrics; and to allow VISN and Veteran Administration Medical Centers (VAMC's) to meet and/or exceed their Medical Care Collection Fund (MCCF) goals by optimizing third (3rd) party reimbursements, in part through aggressive, accurate and timely Insurance ID. The Contractor shall work with the Program Office (PO) and Contracting Officer Representative (COR) to identify and validate billable health insurance for Veteran's and to provide recommendations for Insurance ID. At no time shall the Contractor direct, change, or engage in the formulation of VHA policy. The VHA is solely responsible to review the Contractor's recommendations and to make decisions concerning the formulation of policy. 2. Background: The Department of Veterans Affairs (VA) has historically relied on contract services in an effort to improve collections through ID and validation of Veterans' third (3rd) party insurance. In procuring those services, the VA has been free to seek required services from any number of capable Contractors. 2.1 The VA's CPAC's are responsible for billing to and collecting from insurance companies for medical treatment provided to Veterans for non-service connected conditions. There are seven (7) regional CPACs located as follows: 1. Asheville, NC - Mid-Atlantic CPAC (MACPAC) 2. Murfreesboro, TN - Mid-South CPAC (MSCPAC) 3. Orlando, FL - Florida Caribbean CPAC (FCCPAC) 4. Madison, WI - North Central CPAC (NCCPAC) 5. Lebanon, PA - North East CPAC (NECPAC) 6. Leavenworth, KS - Central Plains CPAC (CPCPAC) 7. Las Vegas, NV - West CPAC (WCPAC) Note: The above numbers and colors correspond to VISN regions 2.2 Public Law 99-272 gave the VA authority to seek reimbursement from third party health insurers for the cost of medical care furnished to an insured non-service connected (NSC) Veteran. Public Law 101-508 expanded the VA's recovery program by providing authority to seek reimbursement from third (3rd) party payers for the cost of medical care provided to insured service-connected Veterans treated for their NSC conditions. 3. Period of Performance (POP): The POP shall be from the date of award for a one (1) twelve (12) month base period-year period, and four (4) concurrent twelve (12) month option years. 4. VISTA Tasks: The Contractor shall ensure all information gathered electronically shall be entered into the VISTA system by the Contractor electronically. Accounts for which new insurance information has been identified shall be entered in the "buffer file" which shall be made available and accessed by the Contractor in the VISTA system. This file shall be used as the main delivery system available for the Contractor to deliver identified and validated insurance information. Those accounts not containing valid, billable insurance information shall be completed as defined by the VISTA system. 4.1 At minimum, data fields required for insurance validation are listed in Attachment A. Any updates to required data fields shall be noted on each Task Order (TO). 4.2 Expectations regarding approximate volume of claims shall be addressed by the CPAC issuing the TO against the Indefinite Delivery/Indefinite Quantity (IDIQ). The dollar amount of the contract shall be increased or decreased depending on the needs of the CPAC following coordination with the Contracting Officer (CO). 4.3 There is no employer-employee relationship between the VA and the Contractor's employees. 4.4 Information and guidelines on Insurance ID and validation of that insurance are within the VHA is available at http://vaww1.va.gov/CBO/revguide.asp. 4.5 ID of non-billable insurance policies is excluded from the Performance Work Statement (PWS). The VA is not authorized to bill Medicare or Medicaid and ID is therefore excluded from this PWS. Other non-billable policies shall not be identified, such as Medicare Replacement, and shall be indicated of the TO. 4.6 The Contractor shall agree that all deliverables, associated working papers, and other material deemed relevant by the Contractor in the performance of these tasks are the property of the United States (U.S.) Government. 4.7 "Business Day" is defined as Monday through Friday, excluding standard Federal Holidays and any other day specifically declared to be a national holiday. 4.8 All scheduled contacts between the Contractor and CPAC staff shall occur during regular CPAC hours of operation. 5. General Tasks: The Contractor shall: 5.1 Provide Insurance ID services within VA established timeframes indicated of the TO. 5.2 Provide a remote and secure electronic business office solution for Insurance ID. 5.3 Provide a mechanism to ensure timely and meaningful communications with COR at a frequency illustrated in each TO. All communication methodology shall be tailored to meet each CPAC needs. 5.4 Establish Insurance ID priorities with each the COR. 5.5 Have the ability to compare Veteran information against large databases of health information which is not otherwise available to the VA. 5.6 Have the ability to contact insurance carriers directly. 5.7 Illustrate how information is obtained from a large volume of payers; including major carriers in each state. 5.8 Provide CPAC's with a comprehensive list of payor's with which the Contractor has contracts with. 5.9 Illustrate access to when identifying and validating insurance information without direct patient contact. 5.10 Provide an electronic methodology to extract data from and transfer to the appropriate CPAC VAMC facility that is fully compliant with all applicable VA and VHA guidelines-e.g. File Transfer Protocol. 5.11 Return all newly identified health insurance information to the CPAC assigned VAMC's in a format that can uploaded into the VISTA "buffer file". 5.12 Para-phrase all written deliverables in layperson language. Statistical and other technical terminology shall not be used without providing a glossary of terms. 5.13 Identify in writing all necessary subtasks (if any), associated costs by task with associated sub-milestone dates for each TO. 5.13.1 The Contractor's subtask structure shall be reflected in the technical proposal. 5.13.2 Where a written milestone deliverable is required in draft form, the CPAC shall complete the review of the draft deliverable within ten (10) business days from date of receipt. 5.14 Have five (5) business days to deliver the final deliverable from date of receipt of the Government's comments. 5.15 Review and accept deliverables. Deliverables found to be unacceptable or not meeting the intent of the task within the review period shall be redone by the Contractor and considered to be within scope of this order. 5.16 Follow the VA Office of Information and Technology's (OI&T) policies and procedures, which shall be made available at the Contractor at time of award. The OI&T policies and procedures are in conjunction with others as shall be identified in other paragraphs of this PWS. 5.17 Train staff at the Contractor's expense for all duties identified in each TO. Contractor staff shall be trained in all aspects of II&V requested under the contract. 5.18 Correct errors made by their employees at no charge to the VA. 5.19 Ensure sites indicated in each TO, are operational within forty five (45) days from the effective date of each TO. 5.20 Have all components of the insurance validation process in place to begin validating insurance; including all employees screened and trained with necessary access. 5.21 Maintain patient confidentiality (HIPAA compliance) and overall data security. 5.22. Observe the requirements imposed on sensitive data by law, Federal regulations, and VA policies and procedures. 5.23 Responsible for employees who release confidential/proprietary information to authorized recipients designed by the VAMC's and VISN's. 5.24 Treat all identifiable health records with the strictest confidentiality. Access to records shall be limited to essential personnel only. Records shall be secured when not in use. 5.25 Ensure Contractor employees sign and follow confidentiality statements. 5.26 Comply with the Privacy Acts 38 USC 5701 and 38 USC 7332. Any personnel and/or patient data the Contractor shall obtain as a result of the performance of this contract shall not be disclosed to a third (3rd) party or be used for the Contractor's own purpose except to the extent allowed by the Privacy Act. 5.27 Ensure employees do not have access to hardware or media which shall manipulate or store drug or alcohol abuse data, sickle cell anemia treatment records, records or tests or treatment for or infection with HIV, medical quality assurance records, or any other sensitive information is protected under 38 U.S.C. 4132 or 3305 as defined by the VA, unless it is absolutely necessary to perform their contractual duties. 5.27.1 Any individual who has access to this data shall disclose them to no one, including other employees of the Contractor not involved in the performance of the particular contractual duty for which access was obtained. 5.27.2 Violation of these statutory provisions, as stated in department regulations by the Contractor's employees shall involve imposition of criminal penalties. 5.28 Report security incidents to the local VA Information Security Officer (ISO) as soon as the incident is discovered. The information submitted to the ISO shall cite the incident date, name, organization, phone number, and e-mail of the person filing the report; including the affected system name and preliminary actions taken. 5.29. Meet the facility ISO before work in order to reinforce security responsibilities of their positions in the overall security program at the facility. Compliance with VA Directive 6504, Restrictions on Transmission, Transportation and use of, and access to, VA Data outside VA Facilities, issues June 7, 2006 is mandatory. 5.30 Ensure measures are taken to ensure fraud is not committed on work performed by Contractor employees. 5.31 The Contractor's claims expediting and collection activities shall be legal, ethical and in compliance with applicable legislation regulating debt collection practices. 5.31.1 The Workforce Investment Act of 1998, Public Law 105-220 was enacted on August 7, 1998. 5.31.2 Title IV of the Act is the Rehabilitation Act Amendments of 1998. Subsection 408 (b) amended Section 508 of the Rehabilitation Act of 1973. 5.31.3 Section 508 requires Federal departments or agencies to develop, procure, maintain, or use Electronic and Information Technology (EIT). 5.31.4 Agencies shall ensure that the EIT allows Federal employees with disabilities to have access to and use of information and data that is comparable to the access and use of information and data to that of other Federal employees. 5.31.5 Section 508 also requires that individuals with disabilities, who are members of the public seeking information or services from a Federal department or agency, access to and use of information and data that is comparable to that information and data that is available to the public not having the disabilities. 5.32 Refer any questions regarding a Veteran's service connected status to the appropriate COR designated on each TO. Veteran Administration bills health insurance carriers for treatment of Veterans' non-service connected conditions. 5.33 Any updated patient demographic information obtained during the II&V activities, shall be furnished to the appropriate VISN/VAMC/CPAC designee daily that is identified in each TO. 6. Section- 508 Compliance: In December 2000, the Architectural and Transportation Barriers Compliance Board (Access Board), pursuant to Section 508(2) (A) of the Rehabilitation Act Amendments of 1998, established Information Technology accessibility standards for the Federal Government. 6.1 Section 508(a)(1) requires that when Federal departments or agencies develop, procure, maintain, or use Electronic and Information Technology (EIT), they shall ensure that the EIT allows individuals with disabilities who are Federal employees to have access to and use of information and data that is comparable to the access to and use of the information and data by Federal employees who are not individuals with disabilities; and individuals with disabilities who are members of the public seeking information or services from a Federal department or agency to have access to and use of information and data that is comparable to the access to and use of the information and data by such members of the public who are not individuals with disabilities. 6.2 The Contractor shall comply with the following technical standards: 1. 1194.21, Software Applications and Operating Systems 2. 1194.22, Web Based Intranet and Internet Information and Applications 3. 1194.23 Telecommunication Products 4. 1194.24 Video and Multimedia Products 5. 1194.25 Self Contained Closed products 6. 1194.26 - Desktop and Portable Computers 7. 1194.31 - Functional Performance Criteria 8. 1194.41 - Information, Documentation and Support 6.3 In order to validate conformance to the above standards the COR shall complete the VA's Section 508 Determination and Findings Document. 6.3.1 The VA's Section 508 PO has developed a Conformance Validation Statement (CVS). 6.3.2 The CVS shall be completed by the responsible requiring/procurement official as part of their market research to validate the conformance of the E&IT project ((See Section ten (10) in the Section 508 Determination and Findings Document)). 6.4. If at any time the responsible requiring/procurement official finds that an exception shall apply, the Contractor shall complete and have the Section 508 EIT Exceptions Certification Document signed by the VA Section 508 Coordinator. Once the E&IT is determined to meet all applicable Section 508 standards, the E&IT is validated by the VA's Section 508 PO in the Department's Section 508 Testing and Training Center using the information provided by the CVS. 6.5 In the case the VA decides to purchase an application, product or service that cannot be validated for Section 508 prior to purchase, the Contractor agrees to accept all costs for ensuring conformance working with the A Section 508 PO. For future releases or upgrades all steps using the CVS are required and upon validation a signed approval shall be given to the VA POC from the VA Section 508 Coordinator. 6.6 Section 508 information is available at http://www.section508.gov/. 6.7 The VA Directive and Handbook 6221, Accessible Electronic and Information Technology are posted at: http://www.va.gov/oit/ea/section508/policy.asp. 7. Performance Requirement Standards: The Contractor shall: 7.1 Identify and validate billable medical health insurance coverage for Veterans who were provided care and treatment through the VA and who currently have no health insurance information on file. Billable health insurance consists of all applicable non-Medicare coverage that the VA reasonably expects to receive reimbursement from. 7.2 Identify and validate policies in accordance with VHA guidelines. Information and guidelines on Insurance ID and validation of that insurance are within the VHA shall be found at http://vaww1.va.gov/CBO/revguide.asp. 7.3 Have the ability to compare Veteran information against large databases of health information which is not otherwise available to the VA. 7.4 Provide and automated extract, based on criteria created by the Contractor and approved by the CPAC and dependent on the CPAC's needs, for all Veterans seen in the past twelve (12) months where there is no billable insurance on file. Extract shall continue monthly, or as specified otherwise of the TO, for the previous month thereafter. 7.5 Forward all deliverables to the COR for approval and/or acceptance (identified and validated billable medical insurance policies) via a VA compliant methodology. 7.6 Provide a monthly summary to the COR (See Attachment B). This report covers only workload referred to the Contractor based on a contractual agreement through the IDIQ. 7.7 Propose modifications to the reporting requirements to the national COR. 7.7.1 Explain why, in writing, to the COR (if for any reason a deliverable cannot be met within the scheduled time frame or adherence to the established schedules cannot be met) the following: 1. Reasons for the delay 2. Modified delivery date 3. Impact on the overall project 4. A revised project plan with all adjusted dates 7.7.2 The COR in turn will brief the incident to the CO, who shall issue a response pursuant to applicable regulations. 7.8 Provide monthly reports to the COR. Individual COR's shall also require additional information that is specific to their facilities that will be clarified in each TO. 7.9 Provide a monthly summary to the COR that includes the CPAC VAMC station number, amount of the TO, date of the TO, POP, and name of the COR, along with the Contractor's report on the quality checks. 7.9.1 The report shall only cover cases referred to the Contractor based on a contractual agreement through the IDIQ. 7.9.2 Additional reporting to the COR is acceptable; however, the Contractor's proposed reports shall at minimum monitor the process for required changes, provide feedback results, and identify and report Insurance ID inconsistencies and irregularities that impact ongoing deliverables. 8. Level of Effort: The Contractor is encouraged to propose a response consistent with their technical approach for accomplishment of all performance objectives/standards set forth above. The response shall include an un-priced staffing matrix that identifies the labor categories and hours allocated. 9. Deliverables: The Contractor shall provide a Monthly Status Report to the COR and the VHA PO team. This report shall describe activities of those assigned to the project, problems encountered, actual or recommended action, and a summary of finding. The COR and PO team shall review all deliverables. The following deliverables associated with this TO are demonstrated below and in paragraph ten (10): 9.1 Data Fields: Data fields shall be completed for each policy identified at the time the insurance policy data is provided with a ninety five percent (95%) monthly accuracy. The Contractor shall provide an electronic Monthly Status Report to the COR and PO Team. 9.2 Newly Identified and Validated Insurance Information: Newly identified and validated insurance information shall be uploaded in VISTA according to the cycle specified in the TO with a ninety five percent (95%) monthly accuracy. The Contractor shall provide an electronic Monthly Status Report to the COR and PO Team. 9.3 VISTA Information Supplied to the VA: Information supplied to the VA shall be current, accurate and validated prior to importing into VISTA and is provided with a ninety eight percent (98%) monthly accuracy. The Contractor shall provide an electronic Monthly Status Report to the COR and PO Team. 9.4 Veteran Information Supplied to the VA: Information supplied to the VA shall be current, accurate and validated prior to importing into VISTA and information provided belongs to Veteran and is provided with a hundred percent (100%) monthly accuracy. The Contractor shall provide an electronic Monthly Status Report to the COR and PO Team. 9.5 Reports: Agreed upon reports shall be complete, accurate, and delivered to the VA with a ninety eight percent (98%) monthly accuracy. The Contractor shall notify the VA of a delay within two (2) business days to request an extension. The Contractor shall provide an electronic Monthly Status Report to the COR and PO Team. 9.6 TO Workload Requirements: Meets agreed upon workload requirements specified in TO with a ninety eight percent (98%) monthly accuracy. The Contractor shall provide an electronic Monthly Status Report to the COR and PO Team. 9.7 Workload Data Loss: Manages workload without loss of data with a hundred percent (100%) monthly accuracy. The Contractor shall provide an electronic Monthly Status Report to the COR and PO Team. 9.8 Invoices: Invoices accurately reflect performed work and corrections made with a ninety five percent (95%) monthly accuracy. The Contractor shall provide an electronic Monthly Status Report to the COR and PO Team. 9.9 Background Investigation (BI) and Training Requirements: Contractor employee BI and training requirements are met with a ninety five percent (95%) monthly accuracy. The Contractor shall provide an electronic Monthly Status Report to the COR and PO Team. ? 10. Deliverables Specific to This Order: Insurance ID and validation of billable medical health insurance coverage for Veterans who are provided care and treatment through the VA and currently have no health insurance information on file. DeliverableStandard/FrequencyMedium/FormatSubmit To Data fields shall be completed for each policy identified at the time the insurance policy data is provided. PWS 9.1 Ninety five percent (95%) monthly accuracy. The Contractor shall provide a Monthly Status Report.Electronically in: MS Word, Excel, and PowerPointCOR PO Team Newly identified and validated insurance information shall be uploaded in VISTA according to the cycle specified in the TO. PWS 9.2 Ninety five percent (95%) monthly accuracy. The Contractor shall provide a Monthly Status Report.Electronically in: MS Word, Excel, and PowerPointCOR PO Team Information supplied to the VA shall be current, accurate and validated prior to importing into VISTA. PWS 9.3 Ninety eight percent (98%) monthly accuracy. The Contractor shall provide a Monthly Status Report.Electronically in: MS Word, Excel, and PowerPointCOR PO Team Information supplied to the VA shall be current, accurate and validated prior to importing into VISTA and information provided belongs to Veteran. PWS 9.4 One hundred percent (100%) monthly accuracy. The Contractor shall provide a Monthly Status Report.Electronically in: MS Word, Excel, and PowerPointCOR PO Team Agreed upon reports shall be complete, accurate, and delivered to the VA. PWS 9.5 Ninety eight percent (98%) monthly accuracy. The Contractor shall notify the VA of disputes within two (2) business days to request an extension. The Contractor shall provide a Monthly Status Report thereafter. Electronically in: MS Word, Excel, and PowerPointCOR PO Team Meets agreed upon workload requirements specified in TO. PWS 9.6 Ninety eight percent (98%) monthly accuracy. The Contractor shall provide a Monthly Status Report thereafter. Electronically in: MS Word, Excel, and PowerPointCOR PO Team Manages workload without loss of data. PWS 9.7 One hundred percent (100%) monthly accuracy. The Contractor shall provide a Monthly Status Report thereafter. Electronically in: MS Word, Excel, and PowerPointCOR PO Team Invoices accurately reflect performed work and corrections made. PWS 9.8 Ninety five percent (95%) monthly accuracy. The Contractor shall provide a Monthly Status Report thereafter. Electronically in: MS Word, Excel, and PowerPointCOR PO Team Contractor employee Background Investigation (BI) and training requirements are met. PWS 9.9 Ninety five percent (95%) monthly accuracy. The Contractor shall provide a Monthly Status Report thereafter. Electronically in: MS Word, Excel, and PowerPointCOR PO Team 11. Government Responsibilities: If applicable, the Government shall provide workspace, computers and telephone service when Contractor personnel are working on-site. 11.1 The Contractor shall maintain a financial inventory accounting system for Government Furnished Equipment, Government Furnished Software, other Government Furnished Tools, and provide the COR and PO with stated information necessary to manage this task. 11.2 At a minimum, the inventory shall track: serial number, quantity, locations, description, custodian, date of receipt, and expected date of return. 12. Property Rights: The Contractor shall: 12.1 Not divulge or disclose information received and/or discussed regarding data considered proprietary to other Contractors collaborating on or with this effort. 12.2 Be required to complete mandated VA privacy and security training. 12.3 Be required to negotiate agreements with commercial system Contractors relating to non-disclosure of Contractor-proprietary information. 12.3.1 If the Contractor uses copyright or otherwise licensed software in any deliverable under this order, the Contractor shall secure unlimited use rights for the Government. 12.3.2 Forward all software licenses on to the Government within thirty (30) business days after completion of the tasks. 12.4 Limit access to the minimum number of employees necessary to perform tasks that are considered sensitive or proprietary in nature. 12.5 Contact the COR, if the Contractor is uncertain of the sensitivity of any information obtained. 12.6 Indoctrinate all personnel employed by the Contractor and any Sub-Contractors involved on their roles and responsibilities for proper handling and nondisclosure of sensitive Government or proprietary information. 12.7 Not engage in any other action, venture or employment wherein sensitive information shall be used for the profit of any party other than those furnishing the information. 13. Travel: Travel is not required. 14. Inspections and Acceptance: All reports shall be approved by the COR and PO. 15. Contract Award Meeting: The Contractor shall not commence performance on the tasks described in the PWS until the CO has conducted a kick off meeting or has advised the Contractor that a kick off meeting has been waived. 16. Changes to the PWS: Any changes to this PWS shall be authorized and approved only through written correspondence from the CO. A copy of each change shall be kept in a project folder along with any other products of the project. Costs incurred by the Contractor, through the actions of parties other than the CO, shall be borne by the Contractor alone. 17. Security and Privacy - Information and Records: The Contractor shall: 17.1 Return all information and records provided to Contractor by the VA, in whatever medium, as well as all information and documents, including drafts, emails, back-up copies, hand-written notes and copies that contain such information and records gathered or created by Contractor (collectively referred to as "VA information") in the performance of this contract, regardless of storage media, are the exclusive property of the VA. The Contractor shall not retain any property interest in these materials and shall not use them for any purpose other than performance of this contract. 17.2 Provide, upon completion or termination of the contract, all copies of any VA information that it used during work it performed of the TO or certify that it any/all information it obtained has destroyed. Where immediate return or destruction of the information is not practicable, the Contractor shall return and/or destroy the information within thirty (30) business days of completion or termination of the contract. All provisions of this contract concerning the security and protection of VA information that is the subject to this contract shall continue to apply to the VA information for as long as the Contractor retains it, regardless of whether the contract has been completed or terminated. 17.3 Not destroy, prior to termination or completion of this contract, any VA information received from the VA, gathered and/or created in the performance of the TO without prior written approval by the VA. 17.4 Receive, gather, store, backup, maintain, use, disclose and/or dispose of VA information only in accordance with the terms of the TO and any applicable federal, VA, confidentiality, security laws, regulations or policies. 17.5 Not make copies of VA information except as necessary to perform duties required of the TO or to preserve electronic information stored on Contractor electronic storage media for restoration in case any electronic equipment or data used by the Contractor needs to be restored to an operating state. 17.6 Provide access only to VA information to employees, Sub-Contractors, and affiliates to: a.) the extent necessary to perform the services specified of the TO; b.) perform necessary maintenance functions for electronic storage or transmission media necessary for performance of the TO; and c.) individuals who first satisfy the same conditions, requirements and restrictions that comparable VA employees shall meet in order to have access to the same VA information. Note: These restrictions include the same level of BI's, where applicable. 17.7 Store, transport or transmit VA information only in an encrypted form, using an encryption application that meets the requirements of Federal Information Processing Standards (FIPS) 140-2 or is approved for use by the VA. 17.8 Only use or disclose, except for uses and disclosures of VA information authorized by this contract for performance of the contract in response to an order of a court of competent jurisdiction, or with VA's prior written authorization. The Contractor shall refer all requests for, demands for production of, or inquiriesabout, VA information to the VA for response. 17.9 Include the statement, "Contractor shall not release information protected by either 38 USC 5705 or 7332 in response to a court order, and shall immediately refer such court orders to VA for response," if VA information subject to the TO includes information protected by 38 USC 7332 or 5705. 17.10 Promptly notify the VA, prior to any disclosure pursuant to a court order, of a court order upon its receipt by the Contractor. 17.10.1 Notify the COR by phone and provide the VA a copy of the court order by fax or e-mail within one (1) business day. 17.10.2 If the Contractor cannot notify the VA before being compelled to produce the information under court order, the Contractor shall notify the VA of the disclosure as soon as practical and provide a copy of the court order, a description of the records provided pursuant to the court order, and to whom the Contractor provided the records to under the court order. 17.10.3 The notice shall include the following information to the extent that the Contractor knows it, if it does not show on the face of the court order: the records disclosed pursuant to the order, to whom, where, when, and for what purpose, and any other information that the Contractor reasonably believes is relevant to the disclosure. 17.10.4 If the VA determines that it is appropriate to seek retrieval of information released pursuant to a court order before Contractor notified the VA of the court order, Contractor shall assist the VA in attempting to retrieve VA information involved. 17.11 Inform the VA, by the most expeditious method available to Contractor, of any incident of suspected or actual access to, or disclosure, disposition, alteration or destruction of, VA information not authorized under this Contract ("incident") within one (1) hour of learning of the incident. 17.11.1 An incident includes the transmission, storage or access of VA information by Contractor or Sub-Contractor employees in violation of applicable VA confidentiality and security requirements. 17.11.2 To the extent known by the Contractor, the Contractor's notice to the VA shall identify the information involved, the circumstances surrounding the incident (including to whom, how, when, and where the VA information was placed at risk or compromised), and any other information that the Contractor considers relevant. 17.12 Simultaneously report the incident to the appropriate law enforcement entities or jurisdiction. The Contractor, its employees, and its Sub-Contractors and their employees shall cooperate with the VA and any law enforcement authority responsible for the investigation and prosecution of any possible criminal law violations associated with any incident. 17.13 Cooperate with the VA in any civil litigation to recover VA information, to obtain monetary or other compensation from a third party for damages arising from any incident, or to obtain injunctive relief against any third party arising from, or related to, the incident. 17.13.1 In addition to notifying the COR, the VA shall provide the Contractor with the name, title, telephone number, fax number and email address of the VA official to whom the Contractor shall provide all notices required by this TO. 17.13.2 The VA has the right during normal business hours to inspect the Contractor's facility, information technology systems and storage and transmission equipment, and software utilized to perform the contract to ensure that the Contractor is providing for the security of VA data and computer systems in accordance with the terms of this Contract. 17.14 Receive, gather, store, backup, maintain, use, disclose and/or dispose of VA information only in compliance with all applicable FIPS and Special Publications (SP) issued by the National Institute of Standards and Technology (NIST) concerning VA information that is the subject of this contract. If NIST issues or updates an applicable FIPS or SP after execution of this contract, the parties agree to negotiate in good faith to implement the FIPS or SP in this contract. 17.15 Provide appropriate administrative, technical, and physical safeguards to ensure the confidentiality and security of the Veterans data and to prevent unauthorized use or access to it. 17.15.1 Sensitive VA information shall not be transmitted by remote access unless VA approved protection mechanisms are used. 17.15.2 All encryption modules used to protect VA data shall be validated by NIST to meet the current version of FIPS 140 (See http://csrc.nist.gov/cryptval/140-1/1401val.htm for a complete list of validated cryptographic modules). 17.15.3 Only approved encryption solutions using validated modules shall be used when protecting data during transmission. 17.15. 4 Additional security controls are required to guard VA sensitive information stored on computers used outside VA facilities. 17.15. 5 All VA data shall be stored in an encrypted partition on the hard drive and shall be encrypted with FIPS 140 validated software. 17.15.6 The application shall be capable of key recovery and a copy of the encryption keys shall be stored in multiple secure locations. 17.15.7 The Contractor agrees that the data shall not be physically moved or transmitted in any way from the site without first being encrypted and obtaining prior written approval from the VA data owner. 17.15.8 A determination by VA that the Contractor has violated any of the information confidentiality and security provisions of this contract, including a violation of any applicable FIPS or SP, shall be a basis for VA to terminate the contract for cause. 17.15.9 If anyone performing this contract, including employees of Sub-Contractors, accesses VA computer systems or data in the performance of the contract, the VA shall monitor and record all such access activity. 17.15.10 If VA monitoring reveals any information of suspected or potential criminal law violations; the VA shall refer the matter to the appropriate law enforcement authorities for investigation. 17.16 Inform its employees and other individuals performing any part of this contract that VA shall monitor their actions in accessing or attempting to access VA computer systems and the possible consequences to them for improper access, whether successful or not. 17.17 Ensure that any Sub-Contractors or others acting on behalf of or for the Contractor in performing any part of this contract inform their employees, associates or others acting on their behalf that VA shall monitor their access activities. Execution of this contract and any subcontract or agreement constitutes consent to VA monitoring. 17.18 Ensure that all individuals who shall access VA data or systems in performing the contract are appropriately trained in the applicable VA confidentiality and security requirements. The Contractor shall document those who have completed the VA training. The Contractor shall contact the COR regarding access to the required VA training. 17.19 Mitigate, to the extent practicable, any harmful effect on individuals whose VA information was accessed or disclosed in an incident. 17.20 Require Sub-Contractors, agents, affiliates or others to whom Contractor provides access to VA information for the performance of this contract to agree to the same VA information confidentiality and security restrictions and conditions that apply to the Contractor before providing access. 18. Protection of Individual Privacy: The Contractor shall: 18.1 Abide by FAR clauses 52.224-1 and 52.224.2. All VA records, subject to this TO, are contained in the VA Privacy Act System of Records - Program Evaluation Research Data Records #107VA008B. 18.2 Abide by FAR clauses 52.239-1 and 24.101-104 for Privacy or Security Safeguards. 18.3 Not publish or disclose in any manner, without the CO's written consent, the details of any safeguards either designed or developed by the Contractor under this contract or otherwise provided by the Government. 18.3.1 To the extent required to carry out a program of inspection to safeguard against threats and hazards to the security, integrity, and confidentiality of Government data, the Contractor shall afford the Government access to the Contractor's facilities, installations, technical capabilities, operations, documentation, records, and databases. 18.3.2 If new or unanticipated threats or hazards are discovered by either the Government or the Contractor, or if existing safeguards have ceased to function, the discoverer shall immediately bring the situation to the attention of the other party 18.4 Utilize only employees, Sub-Contractors or agents who are physically located within a jurisdiction subject to the laws of the U.S. 18.5 Ensure that it does not use or disclose PHI received from a Covered Entity in any way that shall remove the PHI from such jurisdiction. 18.6 Ensure that its employees, Sub-Contractors and agents do not use or disclose PHI received from Covered Entity in any way that shall remove the PHI from such jurisdiction. 18.7 Ensure, if the work of the Contractor is deemed to meet the definition of research from the HHS Office of Human Research Protections (OHRP) as well as the Common Rule (38 CFR 16), then the Contractor as well as any Sub-Contractors or collaborating institutions shall be covered under Federal Wide Assurances (FWA) or other assurances acceptable to the VA, and the research protocol shall be reviewed and approved by the Contractor's Institutional Review Board (IRB) of record as well as by IRBs of the collaborating institutions. 18.7.1 Sub-Contractors engaged in research shall also hold FWAs or be covered by the Contractor's FWA. If all the entities engaged in research are covered under one FWA with a common IRB of record then it would not be necessary to involve more than one IRB. 18.7.2 At its discretion the VA shall submit the research protocol prior to its initiation for review to a VA ad-hoc peer-review committee. This review shall be conducted to ensure that the research incorporates or takes into consideration all VA and Veteran specific concerns and issues that shall impact on the scientific rigor of the study. 18.7.3 All subjects enrolled in the research shall receive protections equivalent or greater as those required by VHA policies including VHA Handbook 1200.5 including appendixes and other applicable VHA 1200 series handbooks. If vulnerable subjects shall be entered into the research, appropriate safeguards shall be in place. 18.7.4 If the research project is eligible for a Certificate of Confidentiality, one shall be obtained from NIH (http://grants.nih.gov/grants/policy/coc) 18.7.5 Recruitment of Veterans into research projects shall follow the recruitment plan as approved by the IRB. 18.7.5.1 The plan shall require that initial contact with the Veteran be in person or by letter prior to any telephone contact. 18.7.5.2 If a letter is sent to the Veteran it shall provide a telephone number of other means that the Veteran can use to verity the validity of the contact and the study. Social security numbers shall not be requested during a phone contact. 18.7.6 All investigators and research staff interacting with research subjects or working with identifiable health information shall receive training in the ethical conduct of human subject's research that is equivalent to or exceeds the requirement for VA investigators and research staff. (See handbook VHA 1200.5 for the Requirements for Protections of Human Subjects in Research that is available at http://www1.va.gov/vhapublications/ViewPublication.asp?pub_ID=418). 19. Information System Security: The Contractor shall: 19.1 Ensure adequate LAN/Internet, data, information, and system security in accordance with VA standard operating procedures and standard contract language, conditions laws, and regulations. 19.1.1. Firewall and web servers shall meet or exceed the Government minimum requirements for security. 19.1.2 All Government data shall be protected behind an approved firewall. 19.1.3 Any security violations or attempted violations shall be reported to the VA project manager and the VHA Headquarters Information Security Officer as soon as possible. 19.2 Follow all applicable VA policies and procedures governing information security, especially those that pertain to certification accreditation. 20. Security Training: The Contractor's employees and Sub-Contractors shall (in addition to other VA specific training): 20.1 Complete the VA's on-line Security Awareness Training Course and the Privacy Awareness Training Course annually. 20.2 Provide signed certifications of completion to the CO during each year of the contract. 21. Contractor Responsibility: All Contractor employees who require access to VA computer systems are subject to a BI and shall receive a favorable adjudication from the VA Security and Investigations Center (SIC) (07C). The level of background security investigation shall be in accordance with VA Directive 0710 dated September 10, 2004 and is available at: http://www.va.gov/pubs/asp/edsdirec.asp (VA Handbook 0710, Appendix A, Table 1-3). 21.1 Obtain appropriate BI forms shall be provided upon TO award, and shall completed and returned to the VA Security and Investigations Center (07C) within thirty (30) business days for processing. Contractors shall be notified by 07C when the BI has been completed and adjudicated. These requirements are also applicable to all Sub-Contractor personnel requiring the same access. 21.2 If a BI is not completed prior to the start date of the TO, the employee shall work on the contract while the security clearance is being processed, but the Contractor shall be responsible for the actions of those individuals they provide to perform work for the VA. In the event that damage arises from work performed by Contractor personnel, under the auspices of the contract, the Contractor shall be responsible for resources necessary to remedy the incident. 21.3 The investigative history for Contractor personnel working under this contract shall be maintained in the databases of either the Office of Personnel Management (OPM) or the Defense Industrial Security Clearance Organization (DISCO). Should the Contractor use a Contractor other than OPM or Defense Security Service (DSS) to conduct investigations, the investigative company shall be certified by OPM/DSS to conduct Contractor investigations. 22. BI's: The position sensitivity impact for this effort has been designated as Low Risk and the level of BI is NACI. 23. Contractor Responsibilities: The Contractor shall: 23.1 Bear the expense of obtaining BI's. 23.2 Reimburse the VA within thirty (30) days, if the investigation is conducted by the Office of Personnel Management (OPM) through the VA. 23.2.1 BI's from investigating agencies other than OPM are permitted if the agencies possess an OPM and Defense Security Service certification. 23.2.2 The Contractor Cage Code number shall be provided to the Security and Investigations Center (07C), which shall verify the information and advise the CO whether access to the computer systems can be authorized. 23.3 Prescreen all personnel requiring access to the computer systems to ensure they maintain a U.S. citizenship and are able to read, write, speak and understand the English language. 23.4 Provide a list of personnel names, Social Security Numbers, addresses to the COR utilizing Attachment C. 23.5 Withdraw personnel form working under the TO, who, when notified, have an unfavorable determination by the Government. Failure to comply with the Contractor personnel security requirements shall result in termination of the contract for default. 23.6 Be responsible for the actions of all individuals provided to work for the VA under this contract. In the event that damages arise from work performed by Contractor provided personnel, under the auspices of this contract, the Contractor shall be responsible for all resources necessary to remedy the incident." 24. Government Responsibilities: The VA Security and Investigations Center (07C) shall provide the necessary forms to the Contractor or its employees after receiving a list of names and addresses. 24.1 Upon receipt, the VA Security and Investigations Center (07C) shall review the completed forms for accuracy and forward the forms to OPM to conduct the BI. 24.2 The VA facility shall pay for investigations conducted by the OPM in advance. In these instances, the Contractor shall reimburse the VA facility within thirty (30) business days. 24.3 The VA Security and Investigations Center (07C) shall notify the CO and Contractor after adjudicating the results of the BI's received from OPM. 24.4 The CO shall ensure that the Contractor provides evidence that investigations have been completed or are in the process of being requested. 25. VA Internet and Intranet Standards: The Contractor shall adhere to and comply with VA Directive 6102 and VA Handbook 6102, Internet/Intranet Services, including applicable amendments and changes, if the Contractor's work includes managing, maintaining, establishing and presenting information on VA's Internet/Intranet Service Sites. This pertains, but is not limited to: creating announcements; collecting information; databases to be accessed, graphics and links to external sites. These documents contain information regarding: VA cookie use policy, privacy statements, Section 508 applicability, posting "Hot Topics", warning notices and editorial changes. 25.1 Internet/Intranet Services Directive 6102 is posted at: http://www.va.gov/pubs/directives/Information-Resources-Management-(IRM)/6102d.doc 25.2 Internet/Intranet Services Handbook 6102 is posted at: http://www.va.gov/pubs/handbooks/Information-Resources-Management-(IRM)/6102h.doc 25.3 Internet/Intranet Services Handbook 6102, Change 1, is posted at: http://www.va.gov/pubs/handbooks/Information-Resources-Management-(IRM)/61021h.doc 26. Invoicing Acceptance: All payments by the Government to the Contractor will be made in accordance with Far Clause 52.232-34 - Payment by Electronic Funds Transfer - Other Than Central Contractor Registration. All invoices shall be submitted in arrears. 27. TO Termination: The VA has the right to terminate (in whole or in part) this TO at any time in accordance with the termination clauses annotated of the TO. The Contractor shall be paid only for the services rendered up to the point of receiving the termination notice, and then only to the extent that those services meet the requirements of this PWS. 28. Contract Administration: All inquiries and correspondence relative to the administration of the Contract shall be addressed to: COR: Melissa Garrick Telephone Number: (910) 822-7049 E-mail: melissa.garrick@va.gov PO: Yvonne Hochfelder Telephone Number: (678) 924-5729 E-mail: yvonne.hochfelder@va.gov CO: Erica A Blake Telephone Number: (303) 372-6271 E-mail: erica.blake@va.gov 29. Inspection and Acceptance: All reports shall be approved by the COR and PO. 30. Quality Assurance: The Contractor shall develop and maintain an effective quality control program in accordance with their approved Management Oversight Plan (MOP) to ensure services are performed in accordance with the PWS. The Contractor shall develop and implement procedures to identify, prevent, and ensure non-recurrence of defective services. The Contractor's Quality Control Program (QCP) is the means to assure that the work complies with the requirement of the contract. As a minimum, the Contractor shall develop Quality Control Procedures (QCP) that address the areas identified in the Quality Assurance Surveillance Plan (QASP). 31. Performance Assessment: The Government shall evaluate the Contractor's performance under this contract in accordance with the QASP in a separate document. This plan is primarily focused on what the Government shall do to ensure that the Contractor has performed in accordance with the performance standards. The QASP what shall be monitored, how monitoring shall take place, who shall conduct the monitoring, and how monitoring efforts and results shall be documented. Attachment A Appendage 1 - Data Fields FieldField NameDefinition 1TRANS_NBRTracking Number 2PAT_NAMEPatient Name (Last, First MI) 3PAT_SSNPatient SSN - From VA 4DOBDate of Birth 5AGEAge of Patient 6INS_CARRInsurance Carrier Name 7PHONE_NBRInsurance Carrier Phone Number 8EFF_DATEEffective Date of Insurance Coverage 9ACTIVEIs the Policy Active? 10TERMDTTermination Date of Insurance Coverage 11GROUP_NBRGroup Number 12GROUP_NAMEGroup Name 13INS_ADDR1Insurance Address 1 14INS_ADDR2Insurance Address 2 15INS_CITYInsurance City 16INS_STATEInsurance State 17INS_ZIPInsurance Zip Code 18INS_OP_ADDR1Insurance Out Patient Address 1 19INS_OP_ADDR2Insurance Out Patient Address 2 20INS_OP_CITYInsurance Out Patient City 21INS_OP_STATEInsurance Out Patient State 22INS_OP_ZIPInsurance Out Patient Zip Code 23SUB_NAMESubscriber Name 24SUB_DOBSubscriber Date of Birth 25INS_IDInsurance ID Number 26FILINGLMTFiling Limit 27COMPComprehensive Coverage? 28CHAMPUSCHAMPUS Coverage? 29MENTHLTHMental Health Coverage? 30INDEMNITYIndemnity Coverage? 31TRADTraditional Indemnity Coverage? 32INCPROTIncome Protection Indemnity Coverage? 33INPATIENTONLYInpatient Only Coverage? 34MEDEXPSMedical Expense Coverage? 35HMOHMO Coverage? 36POSPOS Coverage 37PPOPPO Coverage? 38MEDICAREMedicare Coverage? 39PARTAMedicare Part Coverage? 40PARTBMedicare Part B Coverage? 41MCAREPRIMEIs Medicare Primary? 42MCAREEFFDTMedicare Effective Date 43MCARESECDIs Medicare Secondary? 44MCARESUPPMedicare Supplement Coverage? 45WHICHPLANWhich Supplement Plan? 46MCARECARVEMedicare Carve Out Coverage? 47MCAREHMOMedicare HMO Coverage? 48RXCOVERAGERx Coverage? 49RXPERCENTRX Percentage 50RXADDRRx Carrier Name 51RXADDR2Rx Address 52RXCITYRx City 53RXSTATERx State 54RXZIPRx Zip 55INPATPRECERTInpatient Pre-Certification? 56PRECRTPHONEPre-Certification Phone Number 57CONTACTContact 58BILL_PHONEBill Phone Number 59DTVERFEDDate Verified 60VERIFIEDBYVerified By 61VER_COMPIs the Verification Complete? 62DTDEDate Data Entered 63ENTEREDPIIs it entered on the Patient insurance File? 64REJECTEDRejected From the Buffer File 65TYPE_INSType of Insurance
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/spg/VA/VAHAC741/VAHAC741/VA74114I0009/listing.html)
 
Document(s)
Attachment
 
File Name: VA741-14-I-0009 VA741-14-I-0009.docx (https://www.vendorportal.ecms.va.gov/FBODocumentServer/DocumentServer.aspx?DocumentId=1078430&FileName=VA741-14-I-0009-000.docx)
Link: https://www.vendorportal.ecms.va.gov/FBODocumentServer/DocumentServer.aspx?DocumentId=1078430&FileName=VA741-14-I-0009-000.docx

 
Note: If links are broken, refer to Point of Contact above or contact the FBO Help Desk at 877-472-3779.
 
Record
SN03229564-W 20131108/131106234216-f0a840a50affb393f4726afe5e4a6d5e (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.