Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY - FEDBIZOPPS ISSUE OF JULY 08, 2016 FBO #5341
DOCUMENT

Q -- ONSITE ELECTROPHYSIOLOGY SERVICES - Attachment

Notice Date
7/6/2016
 
Notice Type
Attachment
 
NAICS
561320 — Temporary Help Services
 
Contracting Office
Department of Veterans Affairs;VA Sierra Pacific Network (VISN 21);VA Northern California HealthCare System;5342 Dudley Blvd, Bldg 209;McClellan CA 95652-2609
 
ZIP Code
95652-2609
 
Solicitation Number
VA26116Q0796
 
Response Due
7/18/2016
 
Archive Date
8/17/2016
 
Point of Contact
Orville Landicho
 
Small Business Set-Aside
N/A
 
Description
THIS IS A SOURCES SOUGHT NOTICE AND PRESOLICITATION NOTICE a)The VA Sierra Nevada Health Care System has a need for a Physician Onsite Electrophysiology Services. The NAICS code is 561320 and the PSC is Q502. b)The Government does not intend to award a contract on the basis of this Sources Sought or to otherwise pay for the information solicited. c)Although "proposal," "offeror," contractor, and "offeror" may be used in this sources sought notice, any response will be treated as information only. It shall not be used as a proposal. d)Any information received from a contractor in response to this Sources Sought may be used in creating a solicitation. Any information received which is marked with a statement, such as "proprietary" or "confidential," intended to restrict distribution will not be distributed outside of the Government, except as required by law. e)This Sources Sought is issued for the purpose of collecting information about the availability of service from different sources for the desired service listed in the "Price/Cost Schedule" that meets the corresponding performance work statement. f)Contractors that feel that they can meet the requirement are encouraged to provide an estimate in response to this notice and/or email full information to Orville Landicho at Orville. Landicho@va.gov. a.Contractors shall identify the NAICS code for the service being offered as well as their size status. b.Contractors shall provide an estimate and complete the "Price/Cost Schedule" for the purpose of market research. c.Contractors shall furnish supporting documentation which demonstrates their capabilities in meeting or exceeding the performance work statement. A.1 Price/Cost Schedule Item Information ITEM NUMBERDESCRIPTION OF SUPPLIES/SERVICESQUANTITYUNITUNIT PRICEAMOUNT 0001Provide Electrophysiology Services - onsite- One eight-hour per week Base Year Period of Performance: 10/01/2016-09/30/2017 416.00HR____________________________________ 1001Provide Electrophysiology Services - onsite- One eight-hour per week Option 1 Period of Performance: 10/01/2017-09/30/2018 416.00HR____________________________________ GRAND TOTAL__________________ A.2 Delivery Schedule ITEM NUMBERDELIVERY LOCATIONDELIVERY DATE ALLVA Sierra Nevada Health Care System 975 Kirman Avenue Reno, NV 89502-3828POP: 10/01/2016-09/30/2017 or as option is exercised. A.3 Performance Work Statement for Electrophysiology Inpatient and Outpatient Services I. Description of Electrophysiology Services 1. Scope of Work. The Contractor shall provide Board Certified or Board eligible staff in Internal Medicine and the subspecialty of cardiovascular disease and fellowship trained in cardiac electrophysiology to the VA Sierra Nevada Health Care System (VASNHCS), Reno, Nevada. Services include a full range of electrophysiology services for both inpatient and outpatient care. Contractor shall provide comprehensive cardiac electrophysiology consultative care for our veteran population including evaluation and treatment of patients for potential arrhythmias, disorders of the cardiac conduction system, syncope, evaluation of patients for permanent cardiac pacemaker placement or revision, and need for, implantation and monitoring of automated implantable cardiac defibrillators (AICD). Assignments can be changed based on the needs of Medical Service and/or at the discretion of the Service Chief. 2. Specific Contractor tasks include: 2.1The contractor agrees to accept, in transfer all patients needing emergency intervention not available at VASNHCS. 2.1.1A minimum of one-half day electrophysiology outpatient clinic will be held per week onsite at the VASNHCS. 2.2Oversee an effective clinical program with attention to patient outcome indicators. Clinics will be scheduled as needed to ensure patients are seen as required by current business rules and as dictated by patient workload or at the discretion of the Chief, Medical Service. 2.3Standards - comply with all applicable VA guidelines, medical center and medical staff by-laws, rules and regulations, hospital policies/procedures, and act in accordance with current Joint Commission standards. 2.4Medical Records - the contractor physician shall document evaluation and treatment recommendations in the VA electronic medical record. All progress notes, consults, and/or clinical procedure reports, etc. must be completed (including signature) within 24 hours. 2.5Quality - contractor physicians shall participate in facility Quality Improvement and Safety Programs, as well as peer reviews when requested by the Chief, Medical Service or designated representative. The contractor physician will participate in continuous performance improvement activities as required. 2.5.1To enhance patient care and satisfaction, performance measures will be established by VSSNHCS or implemented as mandated by the VHA and/or the Sierra Pacific Network (VISN 21) as goals; the contract physician will adjust their work effort to meet these goals. 2.5.2Performance measures include VA interest items such as timely appointments for new and follow up patients, quantity of patients seen per day, clinical practice guidelines, preventive medicine and Undersecretary monitors. Performance measures and monitors may change as patient needs arise. The contractor will be provided with the table of measures and monitors annually or as changes occur. 2.5.3The contractor physician will participate in regularly scheduled meetings to discuss improvements to meet performance measures and other quality assurance issues when standards are not met. Meetings will be scheduled at the discretion of the Chief, Medical Service. 2.6 Work Hours - the contractor physician shall provide care in accordance with the procedural and clinic schedule, which currently requires procedures to be scheduled on Thursday mornings and regularly scheduled New and Followup clinics on Thursday from 1:00 PM to 4:30 PM, excluding holidays or other designated days off. No overtime is authorized unless previously approved by the Chief of Medicine or designee. Work hours may vary from week to week in order to meet the needs of VASNHCS patients, and occasionally require scheduled work hours prior to, or beyond, normal work hours. The Contractor will complete a form to track hours and submit this to the COR on a monthly basis; it may be submitted in person or by fax/emails. 2.6.1 Standby Call Coverage - contractor physicians will be responsible for providing standby call coverage to VASNHCS for consultation and/or emergency services 24 hours per day, 365 days per year in compliance with VASNHCS Clinical Practice Guidelines, Joint Commission standards and VHA guidelines. 2.6.2Consultation - contractor physician consultation to on-site residents and/or VA staff can be accomplished by phone after normal work hours, weekends and holidays, unless the clinical situation warrants patient contact. 2.6.3Response times - contractor physicians shall respond within 30 minutes via telephone to calls and/or pages from VASNHCS for consultation. Contractor physicians shall respond on site within 60 minutes to VASNHCS when clinically indicated. 3. Qualifications. 3.1. The Contractor will be responsible for ensuring that each physician providing services under this contract is fully trained and completely competent to perform the required services covered by this contract. Contractor physicians shall be at a minimum: 3.1.1. Licensed in a State, Territory, or Commonwealth of the United States or the District of Columbia, 3.1.2. Board Certified in Cardiology, and fellowship trained in cardiac electrophysiology. 3.1.3. Hold a current, unrestricted Medical License, and 3.1.4. Must be registered in VETPRO; previous VA experience is preferred. 3.1.5. Must meet medical staff criteria for initial appointment and reappraisal in accordance with VHA Handbook 1100.19, entitled Credentialing and Privileging to practice medicine at VASNHCS prior to beginning work. II. Administrative Requirements. 1. Credentialing and Privileging. 1.1 Initial applications for clinical privileges and applications for renewal of privileges must be submitted to Quality Management and credentialing and privileging office will start review upon notice of contract award. Prior to providing services at VA, all Contractor personnel must be verified by the COR as having been credentialed and privileged (this must be documented by the COR). Additionally, if requested, the Contractor shall make all proposed personnel available for interview prior to commencement of work and during the credentialing and privileging process 1.2 The qualifications of all personnel shall be subject to review by the VASNHCS Chief of Staff and approval by the VASNHCS Director. 1.3 Should the personnel proposed by the Contractor to provide services under this contract be denied privileges, or should the privileges of Contractor personnel be suspended, terminated, or revoked, the Contractor, as well as the employee(s) in question, shall be notified of the basis for such actions. 1.4 Contractor personnel who provide services under this contract will be required to report specific patient outcome information, such as complications, to the Chief, Medical Service or designee. Quality improvement data provided by the Contractor personnel and/or collected by the VASNHCS will be used to analyze individual practice patterns. This data may be used by VASNHCS when renewal of clinical privileges is required of Contractor personnel. 1.5 Contractor personnel who were previously credentialed and privileged by VASNHCS may be exempt from this contract requirement provided that they can provide documentation to support current and active privileges 1.6 VASNHCS reserves the right to refuse or dismiss contract personnel whose personal or professional conduct jeopardizes patient care or the regular and ordinary operation of the facility. Reasons for refusal or dismissal include, but are not limited to, unsatisfactory performance prior to and/or during the term of the contract, failure to receive favorable adjudication during a VA background investigation, failure to satisfy the requirements of the contract, physical or verbal abuse to patients, staff, or visitors, intoxication or debilitation resulting from drug use, theft, patient abuse, dereliction or negligence in performing directed tasks, ethical misconduct, conduct resulting in formal complaints by patients or other staff members, and any other valid reason considered objectionable. 2. Training. Complete annual mandatory training by using the mandatory packet, attending training in person, or by going-on-line to complete the training. Complete mandatory security training, sign computer security agreement, receive training on the mandatory private policy, and receive copy of the Privacy Directive, VA Directive 6504, Restrictions on Transmission, Transportation and Use of, and Access to VA Data Outside VA Facilities. Compliance and Business Integrity Training & Education-Contract (Revenue Cycle) Employees includes: 2.1 Awareness Training: Contractor employees shall complete initial compliance awareness training within 30 days of commencing work under this contract as well as complete annual compliance awareness refresher training. At a minimum, CBI awareness training will include the following topics: (a) the revenue cycle, (b) seven elements of an effective compliance program, (c) definition of high risk areas, and (d) definition of any compliance concerns and how to address a compliance concern. This requirement can be fulfilled by completing the training module available via the following Internet site: http://www.visn21.med.va.gov/CBI.asp 2.2 Remedial Training: When notified, contract employees must complete remedial training and education to address any detected compliance exceptions. 2.3 Proof of Training: Contract employees are responsible for submitting proof of awareness and remedial training completed to the Contracting Officer's Representative (COR) for this contract. The COR will retain proof of training in accordance with applicable Records Control Schedule. 3. Contractor Personnel Security Requirements - Information Systems Access All Contractor employees, who require access to VA computer systems and will work more than six (6) months (180 days) under this contract, shall be the subject of a background investigation and must receive a favorable adjudication from the VA SIC. This requirement is applicable to all subcontractor personnel requiring the same access. If the investigation is not completed prior to the start date of the contract, the Contractor will be responsible for the actions of those individuals they provide to perform work for VA. Contractor personnel who previously received a favorable adjudication as a result of a Government background investigation may be exempt from this contract requirement provided that they can provide documentation to support the previous adjudication. Proof of previous adjudication must be submitted by the Contractor to VA SIC through the VA Contracting Officer. Proof of previous adjudication is subject to verification by the VA SIC. Some positions maybe subject to periodic re-investigation. For those Contractor employees who will work less than six (6) months (180 days) under this contract, a background investigation is not required; however, such employees will be required to initiate a SAC for Fingerprint Only prior to providing services under this contract. 3.1 Position Sensitivity - The position sensitivity has been designated as: Low Risk 3.2 Background Investigation - The level of background investigation commensurate with the required level of access is: NACI 3.3 Contractor Responsibilities. In order to conduct a background investigation the Contractor shall submit or have their contract personnel submit the following required forms to the COR. The COR will arrange a time for contract personnel to complete fingerprint verification. 3.3.1 Standard Form 85, Questionnaire for Non-Sensitive Positions 3.3.2 Standard Form 86A, Continuation Sheet for Questionnaires 3.3.3 Optional Form 306, Declaration for Federal Employment 3.3.4 Electronic Fingerprint Verification OR FD 258, U.S. Department of Justice Fingerprint Applicant Chart 4. Access to and Safeguard of VA Information/Computer Systems 4.1.1 VA may provide contract personnel with access to VISTA (formerly referred to as DHCP) and/or other general files maintained on VA computer systems via personalized VA access codes. These access codes are confidential and are to be protected by the end user. Sharing of these access codes or misuse of VA information/computer systems is a Federal crime and may result in criminal penalties. When contract personnel no longer provides services to VA under the contract or no longer needs access to VA information systems, the Contractor shall immediately inform the COR so that the appropriate contract person's access codes can be deactivated. The COR will be responsible for ensuring that such access codes are deactivated. 4.1.2 All contract personnel accessing VISTA, or any other VA information/computer system, will be required to complete VA Cyber Security Awareness Training annually and sign all applicable computer user agreements prior to accessing VA systems. The COR will be responsible for ensuring and documenting that this requirement is satisfied. Contract personnel shall maintain, access, release, and otherwise manage the information contained on VA information/computer systems in accordance with all VA/VHA security policies, applicable VA confidentiality statutes (Title 38 U.S.C. Section 5701 and Title 38 U.S.C Section 7332) and the respective regulations implementing these statutes, and Federal statutes and/or regulations applicable to Federal agency records. Copies of this information discussed in the aforementioned paragraphs can be provided to the Contractor and contract personnel upon request. 4.1.3 Contract personnel with access to VA information/computer systems shall take reasonable safeguards, both physical and electronic, to safeguard the information and prevent unauthorized disclosures. Should contract personnel know, or suspect, that VA information/computer security was compromised or that VA information was, or could possibly be, disclosed to an unauthorized party, contract personnel must immediately report such knowledge or suspicion to the COR, who will then immediately notify the appropriate VA officials. 4.1.4 If contract personnel are authorized by VA to access VA information/computer systems remotely via non-VA issued computers, the Contractor will ensure that such computers are consistent with VA requirements, and will upgrade those computers (hardware and/or software) if instructed to do so by VA in order to ensure compatibility and security when VA information/computer systems are accessed by the end user. Individually identifiable health information will not reside on the contractor's computer hard drives. After contract award, VA reserves the right to inspect the contractor's facilities, installations, operations, documentation, records, databases, and computers to ensure these requirements are met. 4.1.5 The Contractor shall make its internal policies and practices regarding the safeguarding of medical and/or electronic information available to VA, and any other Federal agencies with enforcement authority over the maintenance and safeguard of such records, upon request. 4.1.6 The Contractor shall follow all of the previously mentioned statutes and respective regulations implementing these statutes as well as VA Directive 6504 - Restrictions on Transmission, Transportation and Use of, and Access to VA Data Outside a VA Facility, VA Directive 6601 - Removable Storage Media, and any other VA/VHA policies and procedures governing the information discussed in this section of the contract. Copies of the information discussed in the aforementioned paragraphs may be viewed by contract personnel in the Office of Information Security (see the Information Security Officer). 4.1.7 Any changes in the laws, regulations, or VA/VHA policies or procedures governing the information covered by this section of the contract, during the term of this contract, shall be deemed to be incorporated into this contract. 5. CPRS Contract personnel are required to enter all patient care information into CPRS in accordance with VASNHCS directive MOIC-003-08 - Patient Medical Record Data and Information Standards (see COTR to obtain a copy of this document) and any other VHA/medical center polices procedures or memorandums that address this topic. The COR will be responsible for ensuring and documenting that these requirements are satisfied. If patient records are not properly documented within CPRS, VA reserves the right to withhold payment to the Contractor until such records are properly documented. 6. Handling of Records 6.1 By performing services under this contract, the Contractor is considered part of the VA healthcare activity for purposes of the following statutes and respective regulations implementing these statutes: Title 5 U.S.C Section 552a (Privacy Act), Title 38 U.S.C. Section 5701, Title 38 U.S.C. Section 5705, Title 38 U.S.C Section 7332, and Public Law 104-191 (HIPAA). Contract personnel shall have access to patient medical records and general files only to the extent necessary to perform their contractual duties. Contract personnel shall only release medical information obtained during the course of this contract to those VA medical staff members involved in the necessary care and treatment of the individual patient in which the information pertains. Notwithstanding any other clause and/or provision of this contract, if a request for release or disclosure of information is not necessary for the care and treatment of an individual patient, the Contractor and contract personnel shall not disclose any information contained in general files, patient records, and/or any other individually identifiable health information, including information and records generated by the Contractor in performance of this contract, except pursuant to explicit instruction and written approval from VA. For the purposes of this paragraph, instruction to disclose or copy such records and/or information may only be provided by the following: VA Regional Counsel and Chief, Health Information Management Service/Privacy Officer through the VA Contracting Officer. Violation of the aforementioned statutes may result in criminal and/or civil penalties. 6.2 Contract personnel who obtain access to hardware or media which may manipulate or store drug or alcohol abuse data, sickle cell anemia treatment records, records or tests or treatment for or infection with HIV, medical quality assurance records, or any other sensitive information protected under the statues and implementing regulations previously mentioned in paragraph 6.1, above, shall not have access to the records unless absolutely necessary to perform their contractual duties. Any contract person who has access to the previously mentioned data and/or information must not disclose it to anyone, including other contract personnel not involved in the performance of the particular contractual duty for which access to this data and/or information was obtained. 6.3 Information or records accessed and/or created by the Contractor in the course of performing services under this contract are the property of the VA and shall not be accessed, released, transferred, or destroyed except in accordance with applicable federal law, regulations, and/or VA/VHA policy. The Contractor will not copy information contained in VA information systems, either by printing to paper or by copying to another digital format, without the explicit instruction and written approval from of the officials listed in paragraph 6.1., above, except as is necessary to make single copies in the ordinary course of providing patient care. The Contractor will not commingle the data from VA information systems with information from other sources. Contractor shall report any unauthorized disclosure of VA information to the officials listed in paragraph 6.1., above. 6.4 If this contract is terminated for any reason, the Contractor will provide VA with all individually identifiable VA patient treatment records or other information in its possession, as well as any copies made pursuant to paragraph 6.3., above, within seven (7) calendar days of the termination of this contract. 6.5 The Contractor shall follow all VA policies regarding the retention of records. As an alternative, the Contractor may deliver the records to VA for retention. 6.6. The Contractor shall follow all of the previously mentioned statutes and respective regulations implementing these statutes as well as VHA Handbook 1605.1 - Privacy and Release of Information and any other VA/VHA policies and procedures governing the information discussed in this section of the contract. Copies of the information discussed in the aforementioned paragraphs may be viewed by contract personnel in the Office of Health Information Management (see the Privacy Officer). All contract personnel with access to any of the previously mentioned records (electronic or paper) will be required to complete VHA Privacy Policy Training before accessing such record systems. This training must also be completed annually. The COTR will be responsible for ensuring and documenting that this requirement is satisfied. 6.7 Any changes in the laws, regulations, or VA/VHA policies or procedures governing the information covered by this section of the contract, during the term of this contract, shall be deemed to be incorporated into this contract. 6.8 VA has unrestricted access to the records generated by the contractor pursuant to this contract. 7. HIPAA Compliance Under HIPAA Privacy and Security Rules, the Contractor providing services under this contract is considered to be a "covered entity," and thus is not required to enter into a Business Associate Agreement with VA. However, the Contractor must observe Public Law 104-191 and all respective regulations implementing this law while providing services under this contract. III. Quality Management. 1. Quality Assurance 1.1 The Contractor shall perform services under this contract in accordance with the ethical, professional, and technical standards of the healthcare industry, and must meet, or exceed, the current quality assurance standards recognized by Joint Commission and mandated by VHA quality assurance policies and/or performance measures. A copy of these standards, policies, and performance measures may be viewed by contract personnel in the Office of the Chief of Staff. 1.2 The Contractor will not participate in, nor be a party to, any activities which are in conflict with Federal and/or State guidelines. In the event the Contractor encounters said conflicting situations, the Contractor will notify the COR or the Contracting Officer to resolve such issues. The Contracting Officer will document and be responsible for resolution of any such situations. Neither the VA nor the Contractor will be responsible for any delays or failures to perform due to causes beyond each party's control. 1.3 The Contractor shall perform the functions required in this statement of work in accordance with the rules of medical ethics, Federal, State and local laws, rules and regulations, and the Joint Commission requirements. The Contractor will not participate in, nor be a party to, any activities which are in conflict with Federal and/or State guidelines. In the event the Contractor encounters said conflicting situations, the Contractor will notify the COR or the Contracting Officer to resolve such issues. The Contracting Officer will document and be responsible for resolution of any such situations. Neither the VA nor the Contractor will be responsible for any delays or failures to perform due to causes beyond each party's control. 1.4 In order to adequately protect VA patients, the Contractor shall not introduce new procedures or services without prior recommendation to, and approval from, the Chief of Staff or Clinical Medical Director. 1.5 All services provided under this contract will be subject to Quality Assurance and Utilization Review procedures of VA Sierra Nevada Health Care System. 2. Contract Monitoring Procedures In order to adequately document services provided under this contract, a record keeping system of Contractor work hours shall be established and implemented by the COR. The COR is responsible for verifying the number of actual hours worked by each contract person through medical records and/or other appropriate methods and certifying payment of each hour worked. Documentation of actual work hours must be sufficient to ensure proper payment and allow audit verification that services were provided. Moreover the COR shall monitor the response of contract personnel to all VA calls/pages and requests for callback. 3. Quality Assurance Surveillance Plan - incorporated herein as Attachment A. IV. Personnel. 1. Emergency Health Services: The VA will render emergency health services for an incapacitating injury or otherwise serious illness occurring while on duty. All services, to include wages earned during the period of initial medical evaluation provided by the VA, shall be reimbursed by the contractor. The contractor shall furnish the VA with the necessary injury/illness form(s) for reporting purposes. The VA for statistical and/or billing purposes will retain a copy of the complete form(s). 2. Infection Control Requirements: 2.1 In general, all contract personnel must comply with OSHA requirements for healthcare facilities. All contract personnel are required to have annual PPD/TB screenings, current immunizations, and record of having been offered Hepatitis B vaccine prior to commencement of work. 2.2 A record keeping system that confirms compliance these OSHA requirements and VA medical center memorandums shall be established and maintained by the Contractor. Such records will be made available to the COTR or VA Contracting Officer upon request. 2.3 Health Tests - Contractor attests that assigned personnel have fulfilled all testing and screening requirements as described below prior to providing services at first duty shift. Evaluations and tests shall be current within the past year. 2.4 Tuberculosis Testing - All Contractor personnel shall provide proof of a negative reaction to purified protein derivative (PPD) testing. A negative chest radiographic report for active tuberculosis shall be provided in cases of positive PPD results. The PPD test shall be repeated annually. 2.5 Rubella Testing - All contractor personnel shall provide proof of immunization for measles, mumps, rubella or a rubella titer of 1.8 or greater. If the titer is less than 1.8, a rubella immunization must be administered with follow-up documentation to the COTR. 2.6 Varicella (chicken pox) testing -. Provide a history' of varicella or, if unknown, results of a varicella antibody test; and if non-immune, vaccination with varivax. 2.7 OSHA regulation concerning occupational exposure to blood-borne pathogens - The contractor shall provide a generic self study training module to its personnel; provide Hepatitis B vaccination series at no cost to its personnel who elect to receive it; maintain and distribute an exposure determination and control plan to its personnel; maintain required records; and ensure that proper follow-up evaluation is provided following an exposure incident. 2.8 Contracted physician shall receive training in universal precautions and blood borne pathogens, TB education, hazardous material management and life safety management (fire preparedness). Training will be provided prior to initial assignment, at annually thereafter and as needed. 2.9 VA will notify the contractor of any significant communicable disease exposures as appropriate. The contractor's occupational health provider shall adhere to current CDC/HICPAC Guideline for "infection control" in health care personnel (AJIC 1998; 26:289-354) for disease control. The contracting agency shall provide follow up documentation of employee's clearance to return to the workplace prior to their return. 3. Identification, Parking, Smoking and VA Regulations: 3.1 Contract personnel shall maintain a neat personal appearance and maintain a professional decorum. Contract personnel shall wear protective clothing as required. 3.2 Contract personnel shall wear visible identification badges while on Government property. 3.3 It is the responsibility of contract personnel to park in designated parking areas only. Parking information and parking decals and stickers will be available from the VA Police. The Government will not invalidate or make reimbursement for parking violations of the contract personnel. 3.4 Intoxication, debilitation resulting from drug use, insubordination, theft, patient abuse, dereliction or negligence in performing directed tasks and possession of weapons is prohibited and grounds for immediate removal from VA facility. Enclosed containers, of any nature, are subject to search. 3.5 Violations of VA regulations may result in a citation answerable in the U.S. Federal District Court, not a local district, state or municipal court. V. SECURITY LANGUAGE: 1. GENERAL Contractors, contractor personnel, subcontractors, and subcontractor personnel shall be subject to the same Federal laws, regulations, standards, and VA Directives and Handbooks as VA and VA personnel regarding information and information system security. 2. ACCESS TO VA INFORMATION AND VA INFORMATION SYSTEMS 2.1 A contractor/subcontractor shall request logical (technical) or physical access to VA information and VA information systems for their employees, subcontractors, and affiliates only to the extent necessary to perform the services specified in the contract, agreement, or task order. 2.2 All contractors, subcontractors, and third-party servicers and associates working with VA information are subject to the same investigative requirements as those of VA appointees or employees who have access to the same types of information. The level and process of background security investigations for contractors must be in accordance with VA Directive and Handbook 0710, Personnel Suitability and Security Program. The Office for Operations, Security, and Preparedness is responsible for these policies and procedures. 2.3 Contract personnel who require access to national security programs must have a valid security clearance. National Industrial Security Program (NISP) was established by Executive Order 12829 to ensure that cleared U.S. defense industry contract personnel safeguard the classified information in their possession while performing work on contracts, programs, bids, or research and development efforts. The Department of Veterans Affairs does not have a Memorandum of Agreement with Defense Security Service (DSS). Verification of a Security Clearance must be processed through the Special Security Officer located in the Planning and National Security Service within the Office of Operations, Security, and Preparedness. 2.4 Custom software development and outsourced operations must be located in the U.S. to the maximum extent practical. If such services are proposed to be performed abroad and are not disallowed by other VA policy or mandates, the contractor/subcontractor must state where all non-U.S. services are provided and detail a security plan, deemed to be acceptable by VA, specifically to address mitigation of the resulting problems of communication, control, data protection, and so forth. Location within the U.S. may be an evaluation factor. 2.5 The contractor or subcontractor must notify the Contracting Officer immediately when an employee working on a VA system or with access to VA information is reassigned or leaves the contractor or subcontractor's employ. The Contracting Officer must also be notified immediately by the contractor or subcontractor prior to an unfriendly termination. 3. VA INFORMATION CUSTODIAL LANGUAGE 3.1 Information made available to the contractor or subcontractor by VA for the performance or administration of this contract or information developed by the contractor/subcontractor in performance or administration of the contract shall be used only for those purposes and shall not be used in any other way without the prior written agreement of the VA. This clause expressly limits the contractor/subcontractor's rights to use data as described in Rights in Data- General, FAR 52.227-14(d) (1). 3.2 VA information should not be co-mingled, if possible, with any other data on the contractors/subcontractor's information systems or media storage systems in order to ensure VA requirements related to data protection and media sanitization can be met. If co-mingling must be allowed to meet the requirements of the business need, the contractor must ensure that VA's information is returned to the VA or destroyed in accordance with VA's sanitization requirements. VA reserves the right to conduct onsite inspections of contractor and subcontractor IT resources to ensure data security controls, separation of data and job duties, and destruction/media sanitization procedures are in compliance with VA directive requirements. 3.3 Prior to termination or completion of this contract, contractor/subcontractor must not destroy information received from VA, or gathered/created by the contractor in the course of performing this contract without prior written approval by the VA. Any data destruction done on behalf of VA by a contractor/subcontractor must be done in accordance with National Archives and Records Administration (NARA) requirements as outlined in VA Directive 6300, Records and Information Management and its Handbook 6300.1 Records Management Procedures, applicable VA Records Control Schedules, and VA Handbook 6500.1, Electronic Media Sanitization. Self-certification by the contractor that the data destruction requirements above have been met must be sent to the VA Contracting Officer within 30 days of termination of the contract. 3.4 The contractor/subcontractor must receive, gather, store, back up, maintain, use, disclose and dispose of VA information only in compliance with the terms of the contract and applicable Federal and VA information confidentiality and security laws, regulations and policies. If Federal or VA information confidentiality and security laws, regulations and policies become applicable to the VA information or information systems after execution of the contract, or if NIST issues or updates applicable FIPS or Special Publications (SP) after execution of this contract, the parties agree to negotiate in good faith to implement the information confidentiality and security laws, regulations and policies in this contract. 3.5 The contractor/subcontractor shall not make copies of VA information except as authorized and necessary to perform the terms of the agreement or to preserve electronic information stored on contractor/subcontractor electronic storage media for restoration in case any electronic equipment or data used by the contractor/subcontractor needs to be restored to an operating state. If copies are made for restoration purposes, after the restoration is complete, the copies must be appropriately destroyed. 3.6 If VA determines that the contractor has violated any of the information confidentiality, privacy, and security provisions of the contract, it shall be sufficient grounds for VA to withhold payment to the contractor or third party or terminate the contract for default or terminate for cause under Federal Acquisition Regulation (FAR) part 12. 3.7 If a VHA contract is terminated for cause, the associated BAA must also be terminated and appropriate actions taken in accordance with VHA Handbook 1600.01, Business Associate Agreements. Absent an agreement to use or disclose protected health information, there is no business associate relationship. 3.8 The contractor/subcontractor must store, transport, or transmit VA sensitive information in an encrypted form, using VA-approved encryption tools that are, at a minimum, FIPS 140-2 validated. 3.9 The contractor/subcontractor's firewall and Web services security controls, if applicable, shall meet or exceed VA's minimum requirements. VA Configuration Guidelines are available upon request. 3.10 Except for uses and disclosures of VA information authorized by this contract for performance of the contract, the contractor/subcontractor may use and disclose VA information only in two other situations: (i) in response to a qualifying order of a court of competent jurisdiction, or (ii) with VA's prior written approval. The contractor/subcontractor must refer all requests for, demands for production of, or inquiries about, VA information and information systems to the VA contracting officer for response. 3.11 Notwithstanding the provision above, the contractor/subcontractor shall not release VA records protected by Title 38 U.S.C. 5705, confidentiality of medical quality assurance records and/or Title 38 U.S.C. 7332, confidentiality of certain health records pertaining to drug addiction, sickle cell anemia, alcoholism or alcohol abuse, or infection with human immunodeficiency virus. If the contractor/subcontractor is in receipt of a court order or other requests for the above mentioned information, that contractor/subcontractor shall immediately refer such court orders or other requests to the VA contracting officer for response. 3.12 For service that involves the storage, generating, transmitting, or exchanging of VA sensitive information but does not require C&A or an MOU-ISA for system interconnection, the contractor/subcontractor must complete a Contractor Security Control Assessment (CSCA) on a yearly basis and provide it to the COTR.
 
Web Link
FBO.gov Permalink
(https://www.fbo.gov/spg/VA/VANCHCS/VANCHCS/VA26116Q0796/listing.html)
 
Document(s)
Attachment
 
File Name: VA261-16-Q-0796 VA261-16-Q-0796.docx (https://www.vendorportal.ecms.va.gov/FBODocumentServer/DocumentServer.aspx?DocumentId=2855740&FileName=VA261-16-Q-0796-000.docx)
Link: https://www.vendorportal.ecms.va.gov/FBODocumentServer/DocumentServer.aspx?DocumentId=2855740&FileName=VA261-16-Q-0796-000.docx

 
Note: If links are broken, refer to Point of Contact above or contact the FBO Help Desk at 877-472-3779.
 
Place of Performance
Address: VA Sierra Nevada Health Care System;975 Kirman Avenue;Reno, NV
Zip Code: 89502-3828
 
Record
SN04172001-W 20160708/160706234319-dc5a1c2285d2f4f36fc0fba45c4fde4f (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.