Loren Data's SAM Daily™

FBO DAILY - FEDBIZOPPS ISSUE OF SEPTEMBER 14, 2017 FBO #5774
DOCUMENT

65 -- Planmeca FIT Full System Dental Radiology NX - Attachment

Notice Date

9/12/2017
 

Notice Type

Attachment
 

NAICS

339114 — Dental Equipment and Supplies Manufacturing
 

Contracting Office

Department of Veterans Affairs;Network Contracting Office 4;Acquisition (90C;1010 Delafield Road;Pittsburgh, PA 15215
 

ZIP Code

15215
 

Solicitation Number

VA24417Q1781
 

Response Due

9/18/2017
 

Archive Date

10/18/2017
 

Point of Contact

donna.cooper2@va.gov
 

E-Mail Address

Donna.Cooper2@va.gov
(Donna.Cooper2@va.gov)
 

Small Business Set-Aside

N/A
 

Description

(i) This is a combined synopsis/solicitation for Planmeca FIT Full System, BRAND NAME as prepared in accordance with the format in Subpart 12.6, as supplemented with additional information included in this notice. This announcement constitutes the only solicitation; quotes are being requested and a written solicitation will not be issued. A firm-fixed price purchase order is anticipated. (ii) The solicitation number is VA244-17-Q-1781 and is issued as a request for quotation (RFQ). (iii) The solicitation document and incorporated provisions and clauses are those in effect through Federal Acquisition Circular 2005-95 (iv) This solicitation is set aside 100% for Service-Disabled Veteran-Owned Small Businesses and the associated NAICS code 339114 has a small business size standard of 750. (v) Contract Line Items (CLIN): ITEM NUMBER DESCRIPTION OF SUPPLIES/SERVICES QUANTITY UNIT UNIT PRICE AMOUNT 0001 Planmeca FIT Full System includes: INCLUDES COLOR Laptop with 1 Yr Computer Mfr Warranty; plus Romexis w/ PlanCad module PlanScan (scanner); PlanMill 40s/Job Server; 2 color tips; 1 B/W tip 1-Year To LOCAL STOCK NUMBER: 445-0889 1.00 EA __________________ __________________ 0002 100 DAY FITNESS PLAN INCLUDES: FITNESS COACH FOR THE 100 DAY PERIOD, PREMIUM ACCESS TO WWW.LEARNDIGITALDENTISTRY.COM, INCLUDES 50 BLOCKS FOR YOUR FIRST 50 CASES, 2ND DAY IN OFFICE INTEGRATION OR ADVAN LOCAL STOCK NUMBER: 894-0028 1.00 EA __________________ __________________ 0003 EXTENDED WARRANTY ON PLANMECA FIT FULL SYSTEM AND 3 LAPTOPS: 2 YEAR TOTAL CARE EXTENDED WARRANTY FOR PLAN SCAN & PLANMILL 40 INCLUDING: TOTAL CARE WARRANTY SHOWN ABOVE PLUS STL IMPORT & EXPORT EMILL; LOCAL STOCK NUMBER: 631-0151 1.00 EA __________________ __________________ 0004 2 YEAR TOTAL CARE EXTENDED WARRANTY FOR PLANSCAN LAPTOP LOCAL STOCK NUMBER: 445-5454 3.00 EA __________________ __________________ 0005 PROGRAM C S2 PORCELAIN FURNANCE, INCLUDES VACUM PUMP LOCAL STOCK NUMBER: 945-0936 1.00 EA __________________ __________________ 0006 IPS E.MAX CAD CRYSTALIZATION KIT LOCAL STOCK NUMBER: 885 1.00 EA __________________ __________________ 0007 IPS EMPRESS UNIVERSAL STAIN AND GLAZE KIT LOCAL STOCK NUMBER: 945-6513 1.00 EA __________________ __________________ 0008 2 PLANSCAN SCANNERS AND 2 LAPTOPS PLUS EXTENDED 2 YEAR WARRANTY: PLANSCAN SCANNER INCLUDES 1 YEAR WARRANTY, 2 COLOR TIPS, 1 PORTAL TIP, THUNDERBOLT CONNECTOR 2.00 EA __________________ __________________ 0009 PLAMSCAN/PLANCAD TOTAL CARE EXTENDED WARRANTY 2 YEARS LOCAL STOCK NUMBER: 631-9375 2.00 EA __________________ __________________ 0010 ROMEXIS LAPTOP WITH SCAN AND PLANCAD SOFTWARE LOCAL STOCK NUMBER: 631-6807 2.00 EA __________________ __________________ 0011 FREIGHT, IF APPLICABLE 1.00 EA __________________ __________________ GRAND TOTAL __________________ (vi) Comparable products must be brand name or equal in the following specifications: VAMC-WB determined the need for the Planmeca FIT full system in our Dental Clinic. The acquisition and utilization of this system will result in improved restorative process. The design and creation of digital models via Planmeca CAD/Cam will result in lab-quality restorations in hours instead of days. It will eliminate the use of powders and impressions, their preparations, packaging, shipment and the man hours associated, culminating in significant return on investment in both dollars, and patient experience. 445-0889 Planmeca FIT Full System includes: INCLUDES COLOR Laptop with 1 Yr Computer; Mfr Warranty; plus Romexis w/ PlanCad module PlanScan (scanner); PlanMill 40s/Job Server; 2 color tips; 1 B/W tip 1-Year 1 EA 894-0028 100 DAY FITNESS PLAN INCLUDES: FITNESS COACH FOR THE 100 DAY PERIOD, PREMIUM ACCESS TO WWW.LEARNDIGITALDENTISTRY.COM, INCLUDES 50 BLOCKS FOR YOUR FIRST 50 CASES, 2ND DAY IN OFFICE INTEGRATION OR ADVAN 1 EA 631-0151 EXTENDED WARRANTY ON PLANMECA FIT FULL SYSTEM AND 3 LAPTOPS: 2 YEAR TOTAL CARE EXTENDED WARRANTY FOR PLAN SCAN & PLANMILL 40 INCLUDING: TOTAL CARE WARRANTY SHOWN ABOVE PLUS STL IMPORT & EXPORT EMILL; 445-5454 2 YEAR TOTAL CARE EXTENDED WARRANTY FOR PLANSCAN LAPTOP 3 EA 945-0936 PROGRAM C S2 PORCELAIN FURNANCE, INCLUDES VACUM PUMP 885 IPS E.MAX CAD CRYSTALIZATION KIT 1 EA 945-6513 IPS EMPRESS UNIVERSAL STAIN AND GLAZE KIT 1 EA TWO (2) PLANSCAN SCANNERS AND 2 LAPTOPS PLUS EXTENDED 2 YEAR WARRANTY: PLANSCAN SCANNER INCLUDES 1 YEAR WARRANTY, 2 COLOR TIPS, 1 PORTAL TIP, THUNDERBOLT CONNECTOR 2 EA 631-9375 PLAMSCAN/PLANCAD TOTAL CARE EXTENDED WARRANTY 2 YEARS 2 EA 631-6807 ROMEXIS LAPTOP WITH SCAN AND PLANCAD SOFTWARE 2 EA (vii) Delivery 30 Days ARO, FOB (Destination) to : Department of Veteran Affairs VA Medical Center 1111 East End Boulevard Wilkes-Barre, PA 18711-0026 (viii) The provision at 52.212-1, Instructions to Offerors -- Commercial, applies to this acquisition and the following clauses AND instructions are added as addenda: CLAUSES: 52.211-6 Brand Name or Equal (AUG 1999) 52.214-21 Descriptive Literature (APR 2002) 852.211-73 Brand Name or Equal. (JAN 2008) 852-219-10 VA Notice of Total Service-Disabled Veteran-Owned Small Business Set-Aside (ix) Evaluation of this requirement will be based on PRICE ONLY. (x) Offerors are advised to include a completed copy of the provision at 52.212-3, Offeror Representations and Certifications -- Commercial Items, with its offer if has not been completed on SAM.gov. (xi) The clause at 52.212-4, Contract Terms and Conditions -- Commercial Items, applies to this acquisition and the following clauses are added as addenda: (End of Clause) 52.252-2 CLAUSES INCORPORATED BY REFERENCE (FEB 1998) This contract incorporates one or more clauses by reference, with the same force and effect as if they were given in full text. Upon request, the Contracting Officer will make their full text available. Also, the full text of a clause may be accessed electronically at this/these address(es): http://farsite.hill.af.mil https://acquisition.gov/far (End of Clause) 852.203-70 Commercial Advertising (JAN 2008) 852.246-71 Inspection (Jan 2008) (xii) The clause at 52.212-5, Contract Terms and Conditions Required To Implement Statutes Or Executive Orders -- Commercial Items, applies to this acquisition and the following additional FAR clauses cited in the clause are applicable to the acquisition: 52.204-10 Reporting Executive Compensation & First-Tier Subcontract Awards (OCT 2015) 52.209-6 Protecting the Government s Interest When Subcontracting with Contractors Debarred, Suspended, or Proposed for Debarment (OCT 2015) 52.219-28 Post Award Small Business Program Representation (JUL 2013) 52.222-19 Child Labor--Cooperation with Authorities and Remedies (FEB 2016) (E.O. 13126) 52.222-21 Prohibition of Segregated Facilities (APR 2015) 52.222-26 Equal Opportunity (APR 2015) 52.222-36 Equal Opportunity for Workers with Disabilities (JUL 2014) 52.222-50 Combating Trafficking in Persons (MAR 2015) 52.223-18 Encouraging Contractor Policies to Ban Text Messaging While Driving (AUG 2011) 52.225-3 Buy American--Free Trade Agreements--Israeli Trade Act (MAY 2014) 52.225-13 Restrictions on Certain Foreign Purchases (JUNE 2008) 52.232-34 Payment by Electronic Funds Transfer--Other than System for Award Management (JUL 2013) 52.232-40 Providing Accelerated Payments to Small Business Subcontractors (xiii) Additional conditions: Business Associate Agreement (BAA) will be required. C-2 MARCH 12, 2010 VA HANDBOOK 6500.6 APPENDIX C 2. ACCESS TO VA INFORMATION AND VA INFORMATION SYSTEMS a. A contractor/subcontractor shall request logical (technical) or physical access to VA information and VA information systems for their employees, subcontractors, and affiliates only to the extent necessary to perform the services specified in the contract, agreement, or task order. b. All contractors, subcontractors, and third-party servicers and associates working with VA information are subject to the same investigative requirements as those of VA appointees or employees who have access to the same types of information. The level and process of background security investigations for contractors must be in accordance with VA Directive and Handbook 0710, Personnel Suitability and Security Program. The Office for Operations, Security, and Preparedness is responsible for these policies and procedures. 3. VA INFORMATION CUSTODIAL LANGUAGE a. Information made available to the contractor or subcontractor by VA for the performance or administration of this contract or information developed by the contractor/subcontractor in performance or administration of the contract shall be used only for those purposes and shall not be used in any other way without the prior written agreement of the VA. This clause expressly limits the contractor/subcontractor's rights to use data as described in Rights in Data - General, FAR 52.227-14(d) (1). b. VA information should not be co-mingled, if possible, with any other data on the contractors/subcontractor s information systems or media storage systems in order to ensure VA requirements related to data protection and media sanitization can be met. If co-mingling must be allowed to meet the requirements of the business need, the contractor must ensure that VA s information is returned to the VA or destroyed in accordance with VA s sanitization requirements. VA reserves the right to conduct on site inspections of contractor and subcontractor IT resources to ensure data security controls, separation of data and job duties, and destruction/media sanitization procedures are in compliance with VA directive requirements. c. Prior to termination or completion of this contract, contractor/subcontractor must not destroy information received from VA, or gathered/created by the contractor in the course of performing this contract without prior written approval by the VA. Any data destruction done on behalf of VA by a contractor/subcontractor must be done in accordance with National Archives and Records Administration (NARA) requirements as outlined in VA Directive 6300, Records and Information Management and its Handbook 6300.1 Records Management Procedures, applicable VA Records Control Schedules, and VA Handbook 6500.1, Electronic Media Sanitization. Self-certification by the contractor that the data destruction requirements above have been met must be sent to the VA Contracting Officer within 30 days of termination of the contract. d. The contractor/subcontractor must receive, gather, store, back up, maintain, use, disclose and dispose of VA information only in compliance with the terms of the contract and applicable Federal and VA information confidentiality and security laws, regulations and policies. If Federal or VA information confidentiality and security laws, regulations and policies become applicable to the VA information or information systems after execution of the contract, or if NIST issues or updates applicable FIPS or Special Publications (SP) after execution of this contract, the parties agree to negotiate in good faith to implement the information confidentiality and security laws, regulations and policies in this contract. e. The contractor/subcontractor shall not make copies of VA information except as authorized and necessary to perform the terms of the agreement or to preserve electronic information stored on contractor/subcontractor electronic storage media for restoration in case any electronic equipment or data used by the contractor/subcontractor needs to be restored to an operating state. If copies are made for restoration purposes, after the restoration is complete, the copies must be appropriately destroyed. f. If VA determines that the contractor has violated any of the information confidentiality, privacy, and security provisions of the contract, it shall be sufficient grounds for VA to withhold h. The contractor/subcontractor must store, transport, or transmit VA sensitive information in an encrypted form, using VA-approved encryption tools that are, at a minimum, FIPS 140-2 validated. j. Except for uses and disclosures of VA information authorized by this contract for performance of the contract, the contractor/subcontractor may use and disclose VA information only in two other situations: (i) in response to a qualifying order of a court of competent jurisdiction, or (ii) with VA s prior written approval. The contractor/subcontractor must refer all requests for, demands for production of, or inquiries about, VA information and information systems to the VA contracting officer for response. k. Notwithstanding the provision above, the contractor/subcontractor shall not release VA records protected by Title 38 U.S.C. 5705, confidentiality of medical quality assurance records and/or Title 38 U.S.C. 7332, confidentiality of certain health records pertaining to drug addiction, sickle cell anemia, alcoholism or alcohol abuse, or infection with human immunodeficiency virus. If the contractor/subcontractor is in receipt of a court order or other requests for the above mentioned information, that contractor/subcontractor shall immediately refer such court orders or other requests to the VA contracting officer for response. 6. SECURITY INCIDENT INVESTIGATION a. The term security incident means an event that has, or could have, resulted in unauthorized access to, loss or damage to VA assets, or sensitive information, or an action that breaches VA security procedures. The contractor/subcontractor shall immediately notify the COTR and simultaneously, the designated ISO and Privacy Officer for the contract of any known or suspected security/privacy incidents, or any unauthorized disclosure of sensitive information, including that contained in system(s) to which the contractor/subcontractor has access. b. To the extent known by the contractor/subcontractor, the contractor/subcontractor s notice to VA shall identify the information involved, the circumstances surrounding the incident (including to whom, how, when, and where the VA information or assets were placed at risk or compromised), and any other information that the contractor/subcontractor considers relevant. 7. LIQUIDATED DAMAGES FOR DATA BREACH a. Consistent with the requirements of 38 U.S.C. §5725, a contract may require access to sensitive personal information. If so, the contractor is liable to VA for liquidated damages in the event of a data breach or privacy incident involving any SPI the contractor/subcontractor processes or maintains under this contract. b. The contractor/subcontractor shall provide notice to VA of a security incident as set forth in the Security Incident Investigation section above. Upon such notification, VA must secure from a non-Department entity or the VA Office of Inspector General an independent risk analysis of the data breach to determine the level of risk associated with the data breach for the potential misuse of any sensitive personal information involved in the data breach. The term 'data breach' means the loss, theft, or other unauthorized access, or any access other than that incidental to the scope of employment, to data containing sensitive personal information, in electronic or printed form, that results in the potential compromise of the confidentiality or integrity of the data. Contractor shall fully cooperate with the entity performing the risk analysis. Failure to cooperate may be deemed a material breach and grounds for contract termination. c. Each risk analysis shall address all relevant information concerning the data breach, including the following: (1) Nature of the event (loss, theft, unauthorized access); (2) Description of the event, including: (a) date of occurrence; (b) data elements involved, including any PII, such as full name, social security number, date of birth, home address, account number, disability code; (3) Number of individuals affected or potentially affected; (4) Names of individuals or groups affected or potentially affected; (5) Ease of logical data access to the lost, stolen or improperly accessed data in light of the degree of protection for the data, e.g., unencrypted, plain text; (6) Amount of time the data has been out of VA control; (7) The likelihood that the sensitive personal information will or has been compromised (made accessible to and usable by unauthorized persons); (8) Known misuses of data containing sensitive personal information, if any; (9) Assessment of the potential harm to the affected individuals; (10) Data breach analysis as outlined in 6500.2 Handbook, Management of Security and Privacy Incidents, as appropriate; and (11) Whether credit protection services may assist record subjects in avoiding or mitigating the results of identity theft based on the sensitive personal information that may have been compromised. d. Based on the determinations of the independent risk analysis, the contractor shall be responsible for paying to the VA liquidated damages in the amount of $37.50 per affected individual to cover the cost of providing credit protection services to affected individuals consisting of the following: c. With respect to unsecured protected health information, the business associate is deemed to have discovered a data breach when the business associate knew or should have known of a breach of such information. Upon discovery, the business associate must notify the covered entity of the breach. Notifications need to be made in accordance with the executed business associate agreement. d. In instances of theft or break-in or other criminal activity, the contractor/subcontractor must concurrently report the incident to the appropriate law enforcement entity (or entities) of jurisdiction, including the VA OIG and Security and Law Enforcement. The contractor, its employees, and its subcontractors and their employees shall cooperate with VA and any law enforcement authority responsible for the investigation and prosecution of any possible criminal law violation(s) associated with any incident. The contractor/subcontractor shall cooperate with VA in any civil litigation to recover VA information, obtain monetary or other compensation from a third party for damages arising from any incident, or obtain injunctive relief against any third party arising from, or related to, the incident. All interested parties are reminded to be registered, active and verified with the following sites to be considered for Award. SAM: http://www.sam.gov VETBIZ https://www.vip.vetbiz.gov/Public/Search/Default.aspx (xiv) The Defense Priorities and Allocations System (DPAS) ratings are NOT APPLICABLE. (xv) Quotes must be emailed to donna.cooper2@va.gov and received no later than 2:00pm EST on the close date. Quote may be submitted on this document or the vendor s own form. (xvi) For information regarding the solicitation, please contact Donna Cooper at donna.cooper2@va.gov Purpose. The purpose of this Business Associate Agreement (Agreement) is to establish requirements for the Department of Veterans Affairs (VA), Veterans Health Administration (VHA), VA Medical Center Wilmington, DE and in accordance with the Health Insurance Portability and Accountability Act (HIPAA), the Health Information Technology for Economic and Clinical Health Act (HITECH) Act, and the HIPAA Privacy, Security, Breach Notification, and Enforcement Rules ( HIPAA Rules ), 45 C.F.R. Parts 160 and 164, for the Use and Disclosure of Protected Health Information (PHI) under the terms and conditions specified below. Scope. Under this Agreement and other applicable contracts or agreements, will provide Planmeca FIT Full System services to, for, or on behalf of VA Medical Center Wilmington, DE In order for to provide such services, VA Medical Center Wilmington, DE will disclose PHI to, and will use or disclose PHI in accordance with this Agreement. Definitions. Unless otherwise provided, the following terms used in this Agreement have the same meaning as defined by the HIPAA Rules: Breach, Data Aggregation, Designated Record Set, Disclosure, Health Care Operations, Individual, Minimum Necessary, Notice of Privacy Practices, Protected Health Information (PHI), Required by Law, Secretary, Security Incident, Subcontractor, Unsecured Protected Health Information, and Use. Business Associate shall have the same meaning as described at 45 C.F.R. § 160.103. For the purposes of this Agreement, Business Associate shall refer to, including its employees, officers, or any other agents that create, receive, maintain, or transmit PHI as described below. Covered Entity shall have the same meaning as the term is defined at 45 C.F.R. § 160.103. For the purposes of this Agreement, Covered Entity shall refer to VA Medical Center Wilmington, DE Protected Health Information or PHI shall have the same meaning as described at 45 C.F.R. § 160.103. Protected Health Information and PHI as used in this Agreement include Electronic Protected Health Information and EPHI. For the purposes of this Agreement and unless otherwise provided, the term shall also refer to PHI that Business Associate creates, receives, maintains, or transmits on behalf of Covered Entity or receives from Covered Entity or another Business Associate. Subcontractor shall have the same meaning as the term is defined at 45 C.F.R. § 160.103. For the purposes of this Agreement, Subcontractor shall refer to a contractor of any person or entity, other than Covered Entity, that creates, receives, maintains, or transmits PHI under the terms of this Agreement. Terms and Conditions. Covered Entity and Business Associate agree as follows: 1. Ownership of PHI. PHI is and remains the property of Covered Entity as long as Business Associate creates, receives, maintains, or transmits PHI, regardless of whether a compliant Business Associate agreement is in place. 2. Use and Disclosure of PHI by Business Associate. Unless otherwise provided, Business Associate: A. May not use or disclose PHI other than as permitted or required by this Agreement, or in a manner that would violate the HIPAA Privacy Rule if done by Covered Entity, except that it may use or disclose PHI: (1) As required by law or to carry out its legal responsibilities; (2) For the proper management and administration of Business Associate; or (3) To provide Data Aggregation services relating to the health care operations of Covered Entity. B. Must use or disclose PHI in a manner that complies with Covered Entity s minimum necessary policies and procedures. C. May de-identify PHI created or received by Business Associate under this Agreement at the request of the Covered Entity, provided that the de-identification conforms to the requirements of the HIPAA Privacy Rule. 3. Obligations of Business Associate. In connection with any Use or Disclosure of PHI, Business Associate must: A. Consult with Covered Entity before using or disclosing PHI whenever Business Associate is uncertain whether the Use or Disclosure is authorized under this Agreement. B. Implement appropriate administrative, physical, and technical safeguards and controls to protect PHI and document applicable policies and procedures to prevent any Use or Disclosure of PHI other than as provided by this Agreement. C. Provide satisfactory assurances that PHI created or received by Business Associate under this Agreement is protected to the greatest extent feasible. D. Notify Covered Entity within twenty-four (24) hours of Business Associate s discovery of any potential access, acquisition, use, disclosure, modification, or destruction of either secured or unsecured PHI in violation of this Agreement, including any Breach of PHI. (1) Any incident as described above will be treated as discovered as of the first day on which such event is known to Business Associate or, by exercising reasonable diligence, would have been known to Business Associate. (2) Notification shall be sent to the Maricela Everitt, email: Maricela.Everitt@va.gov and to the VHA Health Information Access Office, Business Associate Program Manager by email at VHABAAIssues@va.gov. (3) Business Associate shall not notify individuals or the Department of Health and Human Services directly unless Business Associate is not acting as an agent of Covered Entity but in its capacity as a Covered Entity itself. E. Provide a written report to Covered Entity of any potential access, acquisition, use, disclosure, modification, or destruction of either secured or unsecured PHI in violation of this Agreement, including any Breach of PHI, within ten (10) business days of the initial notification. (1) The written report of an incident as described above will document the following: (a) The identity of each Individual whose PHI has been, or is reasonably believed by Business Associate to have been, accessed, acquired, used, disclosed, modified, or destroyed; (b) A description of what occurred, including the date of the incident and the date of the discovery of the incident (if known); (c) A description of the types of secured or unsecured PHI that was involved; (d) A description of what is being done to investigate the incident, to mitigate further harm to Individuals, and to protect against future incidents; and (e) Any other information as required by 45 C.F.R. § § 164.404(c) and 164.410. (2) The written report shall be addressed to: Maricela Everitt, 1111 East End Boulevard, Wilkes-Barre, PA 1877 and submitted by email to Maricela.everitt@va.gov and to the VHA Health Information Access Office, Business Associate Program Manager at VHABAAIssues@va.gov. F. To the greatest extent feasible, mitigate any harm due to a Use or Disclosure of PHI by Business Associate in violation of this Agreement that is known or, by exercising reasonable diligence, should have been known to Business Associate. G. Use only contractors and Subcontractors that are physically located within a jurisdiction subject to the laws of the United States, and ensure that no contractor or Subcontractor maintains, processes, uses, or discloses PHI in any way that will remove the information from such jurisdiction. Any modification to this provision must be approved by Covered Entity in advance and in writing. H. Enter into Business Associate Agreements with contractors and Subcontractors as appropriate under the HIPAA Rules and this Agreement. Business Associate: (1) Must ensure that the terms of any Agreement between Business Associate and a contractor or Subcontractor are at least as restrictive as Business Associate Agreement between Business Associate and Covered Entity. (2) Must ensure that contractors and Subcontractors agree to the same restrictions and conditions that apply to Business Associate and obtain satisfactory written assurances from them that they agree to those restrictions and conditions. (3) May not amend any terms of such Agreement without Covered Entity s prior written approval. I. Within five (5) business days of a written request from Covered Entity: (1) Make available information for Covered Entity to respond to an Individual s request for access to PHI about him/her. (2) Make available information for Covered Entity to respond to an Individual s request for amendment of PHI about him/her and, as determined by and under the direction of Covered Entity, incorporate any amendment to the PHI. (3) Make available PHI for Covered Entity to respond to an Individual s request for an accounting of Disclosures of PHI about him/her. J. Business Associate may not take any action concerning an individual s request for access, amendment, or accounting other than as instructed by Covered Entity. K. To the extent Business Associate is required to carry out Covered Entity's obligations under Subpart E of 45 CFR Part 164, comply with the provisions that apply to Covered Entity in the performance of such obligations. L. Provide to the Secretary of Health and Human Services and to Covered Entity records related to Use or Disclosure of PHI, including its policies, procedures, and practices, for the purpose of determining Covered Entity s, Business Associate s, or a Subcontractor s compliance with the HIPAA Rules. M. Upon completion or termination of the applicable contract(s) or agreement(s), return or destroy, as determined by and under the direction of Covered Entity, all PHI and other VA data created or received by Business Associate during the performance of the contract(s) or agreement(s). No such information will be retained by Business Associate unless retention is required by law or specifically permitted by Covered Entity. If return or destruction is not feasible, Business Associate shall continue to protect the PHI in accordance with the Agreement and use or disclose the information only for the purpose of making the return or destruction feasible, or as required by law or specifically permitted by Covered Entity. Business Associate shall provide written assurance that either all PHI has been returned or destroyed, or any information retained will be safeguarded and used and disclosed only as permitted under this paragraph. N. Be liable to Covered Entity for civil or criminal penalties imposed on Covered Entity, in accordance with 45 C.F.R. § § 164.402 and 164.410, and with the HITECH Act, 42 U.S.C. § § 17931(b), 17934(c), for any violation of the HIPAA Rules or this Agreement by Business Associate. 4. Obligations of Covered Entity. Covered Entity agrees that it: A. Will not request Business Associate to make any Use or Disclosure of PHI in a manner that would not be permissible under Subpart E of 45 C.F.R. Part 164 if made by Covered Entity, except as permitted under Section 2 of this Agreement. B. Will promptly notify Business Associate in writing of any restrictions on Covered Entity s authority to use or disclose PHI that may limit Business Associate s Use or Disclosure of PHI or otherwise affect its ability to fulfill its obligations under this Agreement. C. Has obtained or will obtain from Individuals any authorization necessary for Business Associate to fulfill its obligations under this Agreement. D. Will promptly notify Business Associate in writing of any change in Covered Entity s Notice of Privacy Practices, or any modification or revocation of an Individual s authorization to use or disclose PHI, if such change or revocation may limit Business Associate s Use and Disclosure of PHI or otherwise affect its ability to perform its obligations under this Agreement. 5. Amendment. Business Associate and Covered Entity will take such action as is necessary to amend this Agreement for Covered Entity to comply with the requirements of the HIPAA Rules or other applicable law. 6. Termination. A. Automatic Termination. This Agreement will automatically terminate upon completion of Business Associate s duties under all underlying Agreements or by termination of such underlying Agreements. B. Termination Upon Review. This Agreement may be terminated by Covered Entity, at its discretion, upon review as provided by Section 9 of this Agreement. C. Termination for Cause. In the event of a material breach by Business Associate, Covered Entity: (1) Will provide an opportunity for Business Associate to cure the breach or end the violation within the time specified by Covered Entity, and; (2) May terminate this Agreement and underlying contract(s) if Business Associate does not cure the breach or end the violation within the time specified by Covered Entity. D. Effect of Termination. Termination of this Agreement will result in cessation of activities by Business Associate involving PHI under this Agreement. E. Survival. The obligations of Business Associate under this Section shall survive the termination of this Agreement as long as Business Associate creates, receives, maintains, or transmits PHI, regardless of whether a compliant Business Associate Agreement is in place. 7. No Third Party Beneficiaries. Nothing expressed or implied in this Agreement confers any rights, remedies, obligations, or liabilities whatsoever upon any person or entity other than Covered Entity and Business Associate, including their respective successors or assigns. 8. Other Applicable Law. This Agreement does not abrogate any responsibilities of the parties under any other applicable law. 9. Review Date. The provisions of this Agreement will be reviewed by Covered Entity every two years from Effective Date to determine the applicability and accuracy of the Agreement based on the circumstances that exist at the time of review. 10. Effective Date. This Agreement shall be effective on the last signature date below. Department of Veterans Affairs COMPANY/ORGANIZATION Veterans Health Administration By: By: Name: Name: Title: Title: Date: Date:
 

Web Link

FBO.gov Permalink
(https://www.fbo.gov/spg/VA/PiVAMC646/PiVAMC646/VA24417Q1781/listing.html)
 

Document(s)

Attachment
 

File Name: VA244-17-Q-1781 VA244-17-Q-1781_3.docx (https://www.vendorportal.ecms.va.gov/FBODocumentServer/DocumentServer.aspx?DocumentId=3788456&FileName=VA244-17-Q-1781-001.docx)

Link: https://www.vendorportal.ecms.va.gov/FBODocumentServer/DocumentServer.aspx?DocumentId=3788456&FileName=VA244-17-Q-1781-001.docx

 

Note: If links are broken, refer to Point of Contact above or contact the FBO Help Desk at 877-472-3779.
 

Place of Performance

Address: Department of Veteran Affairs;VA Medical Center;1111 East End Boulevard;Wilkes-Barre, PA

Zip Code: 18711
 

Record

SN04673988-W 20170914/170912232805-66d9733bcedbbaf2bae8f0a2e9bc28fb (fbodaily.com)
 

Source

FedBizOpps Link to This Notice
(may not be valid after Archive Date)

---

| FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |