SOURCES SOUGHT
R -- Recovery Audit
- Notice Date
- 3/18/2015
- Notice Type
- Sources Sought
- NAICS
- 541211
— Offices of Certified Public Accountants
- Contracting Office
- Department of Veterans Affairs;VA Denver Acquisition & Logistics Center;(003A4D);555 Corporate Circle;Golden CO 80401-5621
- ZIP Code
- 80401-5621
- Solicitation Number
- VA79115N0014
- Response Due
- 4/1/2015
- Archive Date
- 6/30/2015
- Point of Contact
- Caroline West
- E-Mail Address
-
ne.west@va.gov<br
- Small Business Set-Aside
- N/A
- Description
- DEAPARTMENT OF VETERAN AFFAIRS REQUEST FOR INFORMATION 1.0PURPOSE The Department of Veterans Affairs (VA) VHA Chief Business Office Purchased Care (CBOPC), Program Oversight and Informatics (POI) directorate is contemplating the issuance of a solicitation for recovery audit services. The purpose of this Request for Information (RFI) is to provide interested parties the opportunity to inform VA of their capabilities to perform the services addressed in this RFI. Additionally, VA intends to gain a better understanding of industry practices and resources associated with providing Recovery Audit services on Non-VA Provider Claims. The RFI includes a brief description of the intended requirements and a questionnaire found below. Interested parties are encouraged to answer the questionnaire and provide any additional information or suggestions related to recovery audit services. THIS IS NOT A SOLICITATION FOR OFFERS/PROPOSALS. VA IS NOT OBLIGATED TO ISSUE A SOLICITATION AS A RESULT OF THIS RFI. THIS IS FOR INFORMATIONAL PURPOSES ONLY. 2.0DESCRIPTION The Department of Veterans Affairs (VA), Veterans Health Administration (VHA) and the Chief Business Office Purchased Care (CBOPC) are responsible for a broad range of activities to support the delivery of health care benefits for Veterans and their Dependents, with health care services external to VA facilities. The CBOPC sponsors eight programs, one of which is the Non-VA Care (NVC) program. Non-VA Care is care provided to eligible Veterans outside of the VA when VA facilities are not feasibly available and all VA Medical Centers (VAMCs) can use this program when needed. 38 U.S.C. § 1703(d) requires the Secretary of the Department of Veterans Affairs to "conduct a program of recovery audits for fee basis contracts, and other medical services contracts for the care of veterans under this section, and for beneficiaries under sections 1781, 1782, and 1783 of this title, with respect to overpayments resulting from processing or billing errors or fraudulent charges in payments for non-Department care and services." CBOPC requires a highly skilled contractor to conduct Recovery Audit (RA) activities on claims paid in Fiscal years (FY) 2013-2017. The audit activities will include auditing, recovery and reporting services of VA payments made for applicable paid claims related to healthcare programs under 38 U.S.C. § 1703. This will be done in accordance with and will fulfill the statutory requirements of 38 U.S.C. § 1703(d). CBOPC intends to issue a RFP for Recovery Audit services; specifically payment recapture/recovery auditing services. The Government's obligation to make payments to the contractor under this contract is contingent upon both the Contractor's correct identification of valid overpayments and the Government's subsequent recovery of overpayments, or portion of overpayments. The Contractor shall bear the burden of costs to perform the payment recapture/recovery auditing services and will be compensated only on a percentage of the actual funds recovered. The intent is to provide paid claims data to the contractor for a specific program and the data will be provided on encrypted recordable media. The data VA will supply to the successful offeror will contain Protected Health Information (PHI) and Personally Identifiable Information (PII) and the contractor must comply with all mandatory VA security requirements. The contractor must also be aware of timeframes associated with the submittal and processing of security related documentation. If required, the COR may authorize additional time for submittal of contractor documentation. 3.0 Draft Security Requirements: Any qualified interested party must comply with all mandatory VA security requirements. To be a qualified interested party in terms of IT security requirements the offeror must be able to comply with the intended contract security requirements as follows: For contractor information systems that are hosted, operated, maintained, or used on behalf of VA at non-VA facilities, contractors are fully responsible and accountable for ensuring compliance with all Privacy Act, FISMA, and OMB Circular No. A-130 NIST, FIPS, and VA Handbook 6500.6, Contract Security. The Contractor shall provide Assessment and Authorization support required to achieve and maintain full Assessment and Accreditation certification for their information systems(or components) that process, store, or transmit information on behalf of the VA in compliance with VA Handbook 6500.6. The Contractor shall support a Security Control Assessment (SCA) conducted by the VA Enterprise Risk Management (ERM) team. The Contractor shall ensure all security assessments are completed using VA-provided tools to include but not limited to Agiliance RiskVision. The Contractor shall enable VA vulnerability scanning and prioritize corrective actions to mitigate identified weaknesses and vulnerabilities. The Contractor shall perform risk assessments and risk handling to include, but not be limited to, mitigating discovered vulnerabilities. The Contractor shall perform continuous monitoring per VA's Continuous Readiness in Information Security Program (CRISP). The Contractor shall develop and submit all required security document artifacts. The Contractor shall ensure any findings produced as a result of the security assessments are remediated in order to support Assessment and Accreditation. The Contractor shall ensure all other security requirements are met specific to the Federal Information Processing Standard (FIPS) 199 categorization documented as a result of the Risk Assessment and applicable VA policy. The contractor shall process, complete and/or provide proof of completion of the following to the COR: "Copies of all required training certificates for each contractor, subcontractor, or consultant working for the contractor on this contract; "Proof of submission of an application for a Background Investigation (BI) in accordance with the security portion of this document. Note: When transmitting ANY protected information please ensure adequate protection of this information via PKI encryption or via VA security compliant courier. "The contractor will be required to sign a Business Associate Agreement (BAA). "The contractor will initiate processing contract security documents within 15 calendar days of the kick-off meeting and notify the COR of what documentation has been initiated, when it was initiated, what future documentation will be submitted and the status of past submittals. Data for claims paid under 38 U.S.C. § 1703 and accounting for the exclusions to the contract will be made available for Non VA Care to the contractor from the CBOPC. This data will contain Personal Health Information (PHI) and Personally Identifiable Information (PII). Noting the VA has minimized the potential of including unnecessary data by using filters and algorithms when pulling the data, filters and algorithms may not prevent unnecessary data from being included in the data provided to the contractor. Any unnecessary data that may be co-mingled with necessary data will be protected in the same manner, ensuring no unauthorized disclosure will occur. The contractor shall not initiate collection activities on unnecessary data. The data will consist of multiple parts and the data will be sent in a delimited text file. The contractor shall notify the COR in writing when the contractor has an automated data system in place. However, this system must be ready to receive, manipulate, convert, compile, and transmit demographic and payment information and data needed to conduct the review and account for collection and reporting actions to and from VA within 30 calendar days following the Kick-Off meeting. 4.0 ROUGH ESTIMATE OF WORKLOAD FOR ONE FISCAL YEAR: The table below represents claims paid under the Non-VA Care Program for FY2013. All data presented in this document are essentially unaudited and is provided only as an estimate of the number and costs of claims paid by program for the most recent fiscal year. The total value of paid claims includes all FY2013 claims paid. The estimated value of claims paid to be performed under a resultant contract is less than the total, as not all claims will be subject to the recovery audit. CBOPC Program2014 PAR Improper Payment RateTotal Value of Paid Claims (2013) Non-VA Medical Care9.24$3,371,000,000 5.0 DISCLAIMER This RFI is issued solely for information and planning purposes only and does not constitute a solicitation. Additionally, this RFI does not obligate the Government to issue of a Request for Proposal. All information received in response to the RFI that is marked Proprietary will be handled accordingly. Responses to the RFI will not be returned. In accordance with FAR 15.202 (e), responses to this notice are not an offer and cannot be accepted by the Government to form a binding contract. Responders are solely responsible for all expenses associated with responding to this RFI. 6.0 SUBMISION AND CONTACT INFORMATION Please submit responses to the questionnaire via email in Microsoft Office format by April 1, 2015 to the Contracting Office at the below listed address. You may also submit supplemental hardcopy materials such as brochures etc. to the Contracting Specialist (Caroline West) at the following address. All supplemental material must be received by the deadline date. Email and hardcopy responses should be mailed to the following address: Email: caroline.west@va.gov and courtesy copy to: gabrielle.harris2@va.gov and terance.hannigan@va.gov Mail: VA Denver Acquisition & Logistics Center 555 Corporate Ave Golden, CO 80401 Questionnaire Name of Organization/Corporation: Corporate Address: Basic Corporate Information: DUNS Number: Point of Contact Name & Title: Phone Number: Email Address: Socio-Economic Category (if known): 0 HUBZone 0 8(a) 0 Small Business 0 Veteran Owned Small Business 0 Service-Disabled Veteran-Owned Small Business 0 Women Owned Small Business North American Industry Classification System Code (NAICS), please list all codes: General Services Administration, Federal Supply Schedule information (if applicable): Additional Information: QUESTIONS - Please provide the following information: 1.A brief narrative describing the capabilities of your organization to provide health care claims recovery audits. Include any information pertaining to working on recovery audits for the federal government, including contract numbers and contact information. 2.If your company typically does or would intend to subcontract for these services please indicate the estimated percentage of work to be performed by your company if you were awarded a contract for these services as the result of a RFP. Additionally, indicate which types of services your organization typically has to subcontract for. 3.Please address any concerns with the anticipated security requirements listed above. Additionally address any system limitations or organizational limitations your organization may have in regard to security requirements. 4.Describe why you believe your company can meet or exceed the information security requirements. Explain how you would meet them. 5.What system would you use to take VA paid claims data and determine which paid claims had the highest potential of having been overpaid? If the system you use is not an electronic system, how would you handle the data? 6.Can you comply with the VA requirements associated with being a "Contractor Managed Services" (e.g. Computer Systems not owned by or managed within the boundaries of VA, but provide services to VA)? 7.Have you ever provided Assessment and Authorization (A&A) support required to achieve and maintain full Assessment and Accreditation certification for your information systems (or components) that process, store, or transmit information on behalf of the VA? 8.Please provide any insight to suggested contract line item structure. For example the current model is to pay the contractor a firm percentage of recovered claims. Are there additional contract line item/payment structures we should consider? 9.What are the industry standards in regard to monitoring internal performance measures such as timeliness and accuracy and what other measures are used to monitor performance? 10.A significant VA concern about this contract is the impact on VAMC field personnel when they are asked by the Recovery Audit contractor to pull documentation for the Recovery Audit. Pulling records can be difficult and very time consuming. The records they pull might be in electronic format or they could be hard copy ranging from originals to screen prints from computers or printouts of programs. The type of technology used by VAMC personnel for transferring Sensitive Personal Information (SPI) documentation securely varies widely from VAMC to VAMC. It could include mailing or shipping the SPI by different media (paper or hard copy, encrypted discs or hard drives, etc.), or faxing to a secure location, or it could be done by secure upload or download. What different ways could you address this concern in a manner that has the least impact (both time and effort) on the VAMC personnel?
- Web Link
-
FBO.gov Permalink
(https://www.fbo.gov/spg/VA/VADDC791/VADDC791/VA79115N0014/listing.html)
- Place of Performance
- Address: Work to be performed at contractor site
- Zip Code: 80401
- Zip Code: 80401
- Record
- SN03671234-W 20150320/150318234615-20f618208b3f4e902c1af29412292429 (fbodaily.com)
- Source
-
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
| FSG Index | This Issue's Index | Today's FBO Daily Index Page |