DOCUMENT
65 -- Sources Sought - Seeking Service Provider for the Sorin 3T Heater/Cooler Cleaning System at the San Francisco VA Medical Center - Attachment
- Notice Date
- 9/21/2017
- Notice Type
- Attachment
- NAICS
- 811219
— Other Electronic and Precision Equipment Repair and Maintenance
- Contracting Office
- Department of Veterans Affairs;VA Sierra Pacific Network (VISN 21);VA Northern California HealthCare System;5342 Dudley Blvd, Bldg 209;McClellan CA 95652-2609
- ZIP Code
- 95652-2609
- Solicitation Number
- VA26117N1244
- Response Due
- 9/26/2017
- Archive Date
- 10/1/2017
- Point of Contact
- Rex.Crouch@va.gov
- E-Mail Address
-
Rex.Crouch@va.gov
(Rex.Crouch@va.gov)
- Small Business Set-Aside
- N/A
- Description
- If capable of performing the service in San Francisco as specified in the below Performance Work Statement, please email the contract specialist and provide: Company Name DUNS Number Capabilities Statement PERFORMANCE WORK STATEMENT SORIN 3T CLEANING SERVICES 1. GENERAL 1.1. SERVICES REQUIRED: Under the authority of 38 U.S.C. Section 8153 and Veterans Affairs Acquisition Regulation (VAAR) Part 873 Contractor shall be considered for a one year purchase order/contract to provide cleaning services to the Sorin 3T Heater-Cooler device at the Veterans Affairs (VA) San Francisco Medical Center. The contract personnel shall provide the following cleaning services similar to those provided in a comparable civilian health care facility in accordance with the terms, conditions and prices contained herein: The Stockert 3T Heater-Cooler System (3T), manufactured by Livallova PLC (formerly Sorin Group Deutschland GmbH), is intended to provide temperature-controlled water to 1) oxygenator heat exchangers, 2) cardioplegia (paralysis of the heart) heat exchangers, and/or 3) warming/cooling blankets to warm or cool a patient during cardiopulmonary bypass procedures lasting six hours or less. Heater-cooler devices are commonly used during cardiothoracic surgeries, as well as other medical and surgical procedures, to warm or cool a patient in order to optimize medical care and improve patient outcomes. Heater-cooler devices have water tanks that provide temperature-controlled water to external heat exchangers or warming/cooling blankets through closed circuits. Although the water in the circuits does not come into direct contact with the patient, there is the potential for contaminated water to enter other parts of the device and aerosolize, transmitting bacteria through the air and through the device's exhaust vent into the environment and to the patient. In October 2015, the FDA issued a Safety Communication to provide recommendations to help minimize patient risk of infections associated with heater-cooler devices. Since issuing that communication, the FDA has continued to evaluate the causes and risk factors for transmission of microbial agents associated with heater-cooler devices and has collaborated with professional societies, public health partners, and experts to develop strategies to minimize patient exposure. Per national directive and manufacturer's instructions, the Sorin 3T heater/cooler requires weekly water changes and a disinfection procedure every 14 days. This requires a qualified technician perform maintenance services every week per manufacturer's instructions. The maintenance procedures will take place in a designated room in the surgical area of the SFVAMC. 1.2. PLACE OF PERFORMANCE: Veterans Affairs Medical Center, 4150 Clement Street, San Francisco, CA, 94121 1.3. AUTHORITY/POLICY/HANDBOOKS: 1. APPLICABLE PUBLICATIONS: Version 7 30 2012 The Contractor shall adhere to the publications list that follows. The publications are maintained by the Government and are available through the COR. At any time, these publications are subject to change, made in the form of supplements or amendments issued at any organizational level and may affect contract performance. a. STATION MEMORANDA Use Most Current Dated Publication: NUMBER TITLE 00-08 Patient's Rights and responsibilities 00-09 Improving Organizational Performance 136-34 Medical Records Content and Documentation 136-17 Privacy Act of 1994 136-40 Electronics Signature and Computer-based Medical Records b. OTHER REFERENCES JC Standards for: Ambulatory Care (2014) and Hospital (2014). 2. QUALIFICATIONS: 2.1 Staff/Facility Maintenance technicians must possess one or more attributes from each of the following areas: Must have significant experience cleaning the Stockert 3T Heater-Cooler System (3T). Per manufacturer's instructions: The heater-cooler may only be used by trained and qualified perfusionists and may only be maintained by trained and qualified personnel. Licensure: N/A Maintenance technicians must possess all of the following: U.S. Citizenship Valid TB Test Hepatitis B Immunization Valid BLS Card Operate biomedical computer equipment and software. Malpractice insurance shall be provided by the contractor. 2.2 Prior to providing any services under this contract all Contractor personnel must receive and acknowledge receipt (as outlined in paragraph 4) of, Veterans Health Care Administration (VHA) Handbook 1660.3, Conflict of Interest Aspects of Contracting for Scarce Medical Specialist Services, Enhanced Use Leases, Health Care Resources Sharing, Fee Basis and Intergovernmental personnel Act Agreements (IPAS), dated July 24, 2002. VHA Handbook 1660.3 is attached herein. 2.3 The qualifications of Contractor personnel shall be subject to review by the Chief of Staff and approval of the Director, VA San Francisco Medical Center. Version 7 30 2012 2.4 The San Francisco VA Medical Center Chief Nurse of the Operating Room will have the opportunity to interview and evaluate the technicians designated to fill the positions and have final rights in determining the appropriate individuals. CVs of the technicians should be submitted to and approved by the Chief OR Nurse prior to start of the contract. If the contractor is unable to retain personnel acceptable to the San Francisco VA as deemed by the Chief OR Nurse, then the SFVAMC has the right to cancel the contract. 3. Hours of Operation: Contractor personnel shall be available to furnish required services every week at a designated time between 7AM and 4:30PM. 3.1 OVERTIME AND HOLIDAY PAY: Any overtime and/or holiday pay that may be entitled to the Contractor's employees shall be the sole responsibility of the Contractor and shall not be billed to nor reimbursed by the Government. 3.2 NATIONAL HOLIDAYS: Listed below are the ten (10) national holidays. New Year's Day Martin Luther King's Birthday President's Day Memorial Day Independence Day Labor Day Columbus Day Veterans Day Thanksgiving Day Christmas Day January 01 Third Monday in January Third Monday in February Last Monday in May July 04 First Monday in September Second Monday in October November 11 Fourth Thursday in November December 25 When one of the holidays falls on a Sunday, the following Monday will be observed as a national holiday. When a holiday falls on a Saturday, the preceding Friday is observed as a national holiday by U.S. Government Agencies. Also included would be any day specifically declared by the President of the United States of America as a national holiday. 3.3 PAY: Contracted personnel will be paid by a flat fee labor charge of $2,349.00 per month. 4. CONTRACTOR RESPONSIBILITIES 4.1. KNOWLEDGE, SKILLS AND ABILITIES: a) Contractor shall provide one maintenance technician to come on a weekly basis to perform the Sorin 3T disinfection process. b) In the event one technician is not able to perform these duties the contractor will have a backup technician available. Version 7 30 2012 c) Contractor personnel shall perform maintenance services, which include, but are not limited to the following: o Week 1 and Week 3: Water change only (1 hour if water change only) The water in the water circuits must be changed every 7 days. In order to prevent microbial growth, 150 ml (5 US fl. oz.) of medical grade 3% hydrogen peroxide solution is added to the tank contents. The hydrogen peroxide concentration in the water can be measured senniquantitatively during the draining procedure by the use of a test strip. The hydrogen peroxide concentration will decrease over the 7-day-period until the next water change, but should not drop below 100 ppm. If concentrations fall below 100 ppm, the disinfection procedure must be completed. o Week 2 and Week 4: Water change and Disinfection of tank/circuits (2 hours) Prior to operating the heater-cooler for the first time, when placing the system in storage and during regular operation, the water circuits must be disinfected at intervals of 14 days. The Heater-Cooler 3T water circuits include the pump, heating and cooling tanks, fittings and all interconnecting tubing. Technicians must follow all manufacturer's instructions when disinfecting equipment. 4.2 STANDARDS OF PRACTICE: Contractor personnel shall perform services in accordance with ethical, professional, and technical standards of the healthcare industry consistent with VA policy, regulations, procedures and protocol. Contractor Personnel shall be technically proficient in the skills necessary to fulfill the requirements stated herein including the ability to understand, speak, read and write the English language. Contractor shall be responsible for meeting or exceeding VA and Joint Commission (or equivalent) standards. 4.3 STANDARD OF CONDUCT: The Government reserves the right to refuse acceptance of contract personnel whose personal or professional conduct jeopardizes patient care or interferes with the regular and ordinary operation of the facility. Breaches of conduct include intoxication or debilitation resulting from drug use, theft, patient abuse, dereliction or negligence in performing directed tasks, or other abuse, or other conduct resulting in formal complaints by patients or other staff members to designated Government Representatives. Standards for conduct shall mirror those prescribed by current Federal Personnel Regulations. Complaints concerning contract personnel's conduct with Government employees or patients will be dealt with by the Contractor and Contracting Officer's Representative. The Contracting Officer is the final authority on validating complaints. In the event that contract personnel are involved and named in a validated complaint, the Government reserves the right to refuse acceptance of the services of such personnel. This does not preclude refusal in the event of Version 7 30 2012 incidents involving physical or verbal abuse. The final arbiter on questions of acceptability is the Contracting Officer. 4.4 CONFLICT OF INTEREST: The Contractor shall not employ any person who is an employee of the United States Government if the employment of that person would create a conflict of interest. The Contractor shall not employ any person who is an employee of the Department of Veterans Affairs/Department of Defense, unless such person seeks and receives approval in accordance with VA/DOD Regulations. Nor shall the Contractor employ any person who as a member would create a conflict of interest or the appearance of a conflict of interest, particularly with regard to influencing the contract negotiations or terms of the contract. In any such case, Department of Veterans Affairs (VA) must review the matter and give its approval in accordance with agency ethics rules. 4.5 CONTRACTOR LIAISON: The Contractor shall designate one (1) employee who shall be responsible for the performance of the work under this contract. The liaison shall have full authority to act for the Contractor on all matters relating to the daily operation of this contract. The liaison may be a contract health care provider performing under this contract. An alternate may be designated, but the Contractor shall identify, in writing, those times when the alternate shall act as the liaison. Contractor Liaison: Phone: Fax: 4.6 EMERGENCIES OR COMPLICATIONS: Contract personnel will report any unusual incidents immediately to Chief OR Nurse or the Chief of Surgical Service. All accidents, malfunctions, injuries and deaths related to the delivery of services shall be reported verbally to the VA Contracting Officer's Representative (COR). The Contractor may be required to provide evidence of follow-up through a written report of the incident, describing the event, analysis of cause and effect, and corrective action taken. If such a report is requested by the VA COR, this will be done within three (3) working days of the verbal report. 4.7 ARRANGEMENT FOR REPLACEMENT STAFF: The Contractor shall provide scheduled services throughout the contract period. In the event of the absence of Contractor's personnel for any reason, the Contractor shall coordinate an alternate with the Chief OR Nurse or his representative. 4.8 ALTERNATE SOURCES: a. If routine services are disrupted for more than two (2) consecutive scheduled shifts or emergency response requests, the Government reserves the right to procure such services from an alternate source, until routine services are restored by the Contractor. When the Government exercises its right to procure these services from an alternate Version 7 30 2012 source, the Contractor shall reimburse the government for all charges in excess of the amount that would have normally been incurred by the contract. b. A copy of the other source's time sheet or other verifiable documentation shall be used as the basis for any reimbursement. 4.9 CONTINUING MEDICAL EDUCATION (CME) REQUIREMENTS: Contract personnel registered by national associations shall continue to meet the minimum standards for CME and SFVAMC Bylaws and Rules to remain current as prescribed by legal requirements. CME is the sole responsibility of the Contractor, shall be obtained at no additional cost to the Government, and shall be reported to the COR annually on the first normal duty day in January for the previous calendar year. Periodic CME may be conducted at the VA and may be available, at no cost, to any contract health care provider 4.10 EVIDENCE OF INSURANCE COVERAGE: Before commencing work under this contract, the Contractor shall furnish certification to the Contracting Officer that the coverage required (General & Professional Liability as well as Workers Comp) has been obtained and such policy shall state, "This policy may not be changed or cancelled without written notice to the VA Contracting Officer. Said policy must bear an appropriate "loss payable clause" to the United States as its interest may appear. Such evidence of insurance will not be waived. 4.11 CONTRACTOR PERSONNEL POLICY: The Contractor shall assume full responsibility for the protection of its personnel furnishing services under this contract. To carry out this responsibility, the Contractor shall provide the following to the personnel: Worker's compensation Professional liability insurance Health examinations Income tax withholdings, and Social Security withholdings. Payment for any leave, including sick leave or vacation time is considered the sole responsibility of the Contractor. The Contractor shall comply with all existing local, state, federal and/or union laws, regulations relevant to fringe benefits, and premium pay for their employees. Such personnel shall not be considered SFVAMC employees for any purpose and shall be considered employees of the Contractor. There is no employer-employee relationship between the VA and the Contractor or the Contractor's employee(s). 4.12 PERSONAL HYGIENE AND CLOTHING: Contract health care providers shall be neat, clean, well groomed and shall otherwise exercise good personal hygiene. Appropriate and professional operating room attire shall be worn at all times. A laboratory style coat must be worn over scrubs when the contract health care provider is not performing duties in a clinical examination area, operating or procedure rooms. Medical Version 7 30 2012 scrubs are not to be worn outside the facility. Protective clothing shall be provided by the SFVAMC and will remain the property of the SFVAMC. 4.13 HEALTH REQUIREMENTS: a. Contract health care providers shall not perform services under this contract unless a pre-assignment medical examination has been performed within 30 calendar days of their first scheduled shift. Pre-assignment medical examinations shall be the responsibility of the Contractor at no cost to the Government. b. As a condition of employment Occupational Safety and Health Administration (OSHA) requires that all contract staff who will have occupational exposure to blood, other body fluids, or other potentially infectious materials, shall receive Hepatitis B vaccine, sign a voluntary declination or have documented proof of immunity to Hepatitis B infection. The immunization shall be the responsibility of the Contractor at no cost to the Government. c. Contract health providers having patient contact or exposure to biological or pathological specimens shall be immunized against, be granted an immunization waiver or have documented proof of immunity to: rubella, mumps, polio and Hepatitis B. In addition, contract health care providers shall be free of infectious diseases (to include but not limited to active Tuberculosis and Viral Hepatitis) that might reasonably be expected to place other workers, patients or the public at risk. d. The Contractor shall provide the Government with all the information necessary to ensure that Government records are maintained correctly and in compliance with Joint Commission, OSHA, and the Center for Disease Control health records requirements, for each individual contract health care provider. e. The Contractor shall provide the COR with certification that contract health care providers have completed the medical evaluation required above, a minimum of five (5) working days prior to performance of contract services. This certification shall state the date that the examination was completed, the doctor's name that performed the examination, a statement concerning the physical health of the individual and the following statement: [Name of contract health care provider] is suffering from no contagious diseases to include, Tuberculosis, Hepatitis and Venereal Disease. f. The Government may take nose and throat cultures from contract health care providers when required by Government Infection Control Committees (ICC). g. When a health care provider has been found medically unfit for providing services required under this contract, they shall be required to discontinue working immediately. Contract health care providers will not return to work until given clearance by the appropriate physician. Version 7 30 2012 h. The Government will provide emergency health care for injuries sustained while on duty for contract health care providers. These services will be billed to the Contractor at the current full reimbursement rate. 4.14 IMMUNIZATION WAIVER/EXEMPTIONS: Waivers and exemptions may be granted in accordance with VA regulations and Medical Staff Bylaws. 1. PERFORMANCE STANDARDS, QUALITY ASSURANCE AND QUALITY IMPROVEMENT 5.1 PATIENT SENSITIVITY: a. Contract health care provider shall respect and maintain the basic rights of patients, demonstrating concern for personal dignity and human relationships. 5.2 CONTRACT PERFORMANCE MONITORING: a. Monitoring of Contractors time shall be demonstrated through clinical and administrative record reviews and through patient satisfaction survey. The COR will be responsible for verifying contract compliance. After contract award, any incidents of Contractor noncompliance as evidenced by the monitoring procedures or by failure to supply required documentation shall be forwarded immediately to the Contracting Officer. The Contractor shall maintain an adequate record system for recording services, listing servicing providers, charges, Comprehensive Procedure Tracing (CPT) codes applicable, patient identification, service dates and all other commonly accepted information elements for services rendered to patients pursuant to this contract (including, but not limited to, such records as are necessary for the evaluation of the quality, appropriateness, and timeliness of services performed under this contract). 5.3 MEDICAL RECORDS: Clinical or other medical records of VA beneficiaries treated by Contractor under this contract are VA records and will be forwarded to the VA. Contractor personnel who obtain access to hardware or media which may manipulate or store drug or alcohol abuse data, sickle cell anemia treatment records, records or tests or treatment for or infection with HIV, medical quality assurance records, or any other sensitive information as defined by the Department of Veterans Affairs, shall not have access to the records unless absolutely necessary to perform their contractual duties. Any individual who has access to these data will disclose them to no one, including other employees of the Contractor not involved in the performance of the particular contractual duty for which access was obtained. 5.4 HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA): Contractor shall take reasonable measures to ensure patient privacy and confidentiality. The contract service providers herein agree to take all reasonable precautions to safeguard patient information from unauthorized access or modification, in both electronic and hard-copy formats. This includes not only electronic security measures such as "strong" user passwords Version 7 30 2012 on computer systems, but also physical barriers to prevent unauthorized use of computer work-stations; that hard copy patient files are in secured lockable areas, that files are in lockable cabinets, that the cabinets can in fact be locked, i.e., keys are available, and the locking mechanisms work properly. This precaution also includes the proper transfer of patient information via electronic means, such as faxing or system-to-system transmission. Contractor personnel shall make sure no patient information of any type is given to outside parties, agencies or organizations of any type without the expressed written consent of the patient and the VA and only in capacities directly related to the provision of the services contracted in this instrument. That only the minimum necessary patient information is used to provide appropriate service to the correct patient. The Contractor is subject to the same penalties and liabilities for unauthorized disclosures of such records as VA personnel. That the undersigned understands that all parties are bound by the requirements of the "Health Insurance Portability and Accountability Act of 1996" which provide guidance on the protection of patient privacy and confidentiality. This Act mandates that all government agencies and those bodies with whom they contract must be in compliance with the directives of the Act. Details of the Act are still under development by the Congress of the United States. Once these detailed directives are released, this current contract may require a modification to be in compliance depending on the effective date of the Act as decided by the Congress and President of the United States. 5.5 PERFORMANCE IMPROVEMENT (P1)/RISK MANAGEMENT: Contract health care providers shall participate in PI/Risk Management activities to the extent required by SFVAMC Memoranda. Contract personnel specific data must be submitted by the Contractor to the COR upon request. The Government shall evaluate the contract personnel professional, as differentiated from administrative, performance under this contract using quality assurance standards specified in VA Regulations, Joint Commission Standards, and VA Station Memorandum. 5.6 QUALITY ASSURANCE AND PERFORMANCE MONITORING: Contract personnel will be held to the same standard as VA personnel through quality assurance and performance monitoring to ensure compliance under this contract. These procedures will include time and attendance logs verification, monitoring of the Computerized Patient Record System (CPRS) records or other appropriated records, called for under this contract received by the VA. The Quality Assurance and Performance Monitoring will be governed by the appointed COR who will be responsible for verifying compliance with the terms and conditions of the contract. After the contract is awarded, any incidents as evidenced by the monitoring procedures will be forwarded immediately to the Contracting Officer. In addition, the COR will forward the summary evaluation of the Contractor performance to the Contracting Officer once performance ends. 5.7 THE JOINT COMMISSION: Version 7 30 2012 Contractor's personnel shall be subject to the same quality assurance standards in meeting or exceeding current recognized National Standards as established by the Joint Commission. Copies of the quality assurance standards are on file in the VA Medical Center and will be available to the Contractor. The Contractor shall perform services in accordance with the ethical, professional, and technical standards of the healthcare industry as consistent with VA policy, regulations, and procedures. The personnel provided by the Contractor shall be technically proficient in the skills necessary to fulfill the Government's requirements, including the ability to speak, understand, read and write English fluently. Contract personnel shall be responsible for compliance with all procedures in accordance with applicable SFVAMC written policies, procedures, Bylaws, and protocols. Copies of the Bylaws will be available to all Contractor personnel and are located within surgical service. They shall not introduce new procedures or services without prior recommendation to and approval of the Chief of Staff (COS) or authorized representative(s) and through the Contracting Officer. The Contractor is required to maintain records that document competence/performance level of Contractor employees working on this contract in accordance with the Joint Commission Accreditation and other regulatory body requirements. The Contractor will provide a current copy of the competence assessment checklist and annual performance evaluation to the COR at the time of contract award or upon request, for each Contractor employee working on this contract. Where the contract does not require the Joint Commission Accreditation or other regulatory body requirements, the Contractor must perform the required work in accordance with the Joint Commission Accreditation standards. A copy of these standards may be obtained from the Joint Commission, One Renaissance Blvd., Oakbrook Terrace, IL 60181. 5.8 HHS/OIG REQUIREMENTS: To ensure that the individuals providing services under this contract have not engaged in fraud or abuse regarding Sections 1128 and 1128A of the Social Security Act regarding federal health care programs, the Contractor is required to check the Health and Human Services - Office of Inspector General (HHS/01G), List of Excluded Individuals/Entities on the OIG Website (www.hhs.gov/oig) for each person providing services under this contract. Further, the Contractor is required to certify in its proposal that all persons listed in the Contractor's proposal have been compared against the OIG list and are NOT listed. During the performance of this contract, the Contractor is prohibited from using any individual or business listed on the List of Excluded Individuals/Entities. 5.9 COMPUTER SECURITY: In the performance of official duties, if the contract personnel has regular access to printed and electronic files containing sensitive data that must be protected under the provisions of the Privacy Act of 1974 and other applicable laws, federal regulations, VA statutes and policy, and VHA policy: the contract personnel is responsible for 1) protecting the data from unauthorized release or from loss, alteration, or unauthorized deletion and 2) following applicable Version 7 30 2012 regulations and instructions regarding access to computerized files, release of access codes, etc., as set out in the access agreement which the contract personnel signs. GOVERNMENT RESPONSIBILITIES 6.1 IDENTIFICATION PIV BADGE: An identification (ID) badge will be issued by the VA to the contract personnel providing services to beneficiaries at the VA. The appropriate ID badge shall be worn at all times while on Government facility grounds, clearly displayed on the outermost garment (i.e. coat, jacket, sweater, shirt, blouse, lab coat etc.). 6.2 GOVERNMENT TRAINING AND ORIENTATION: a. The VA will provide a briefing to familiarize contract personnel on the policies and procedures on the first scheduled duty day or within a period acceptable to the VA. b. The Contractor shall ensure that all contract personnel attend and participate in VA or any other mandatory training to include but not limited to VA Privacy, VA Cyber Security, Diversity, Total Quality Improvement, Annual Fire Safety and Infection Control. 6.3 DRUG SCREENING: Contract health care providers are subject to random drug testing. They are also subject to drug testing when there is a reasonable suspicion that they use or are impaired by illegal drugs while on duty. Reasonable suspicion of drug use or impairment includes, but is not limited, to the following: a. Observable phenomena, such as direct observation of drug use, possession or the physical symptoms of being under the influence of a drug; b. A pattern of abnormal conduct or erratic behavior; c. Arrest or conviction for a drug-related offense or the identification of a contract health care provider as the focus of a criminal investigation into illegal drug possession, use, or trafficking; d. Information provided either by reliable and credible sources or independently corroborated; or e. Newly discovered evidence that the contract health care provider has tampered with a previous drug test. 7. SPECIAL CONTRACT REQUIREMENTS 7.1 BILLING FOR SERVICES: The Contractor is responsible for submitting billing for services monthly. 7.2 PAYMENTS: a. Contractor shall accept payment for services rendered under this contract as payment in full and will not bill the veteran or his/her third party insurer for any services covered under this contract or for additional services for which the VA pays the Contractor outside the contract. Version 7 30 2012 7.3 INVOICE AND PAYMENT: Payment is to be made monthly in arrears. Contractor shall submit invoices in original addressed to: VAFSC, P.O. Box 149971, Austin, TX 78714. Invoices submitted for payment shall be reviewed for accuracy, verified against time records and attendancelogs, and shall be subject to approval by the Government prior to remittance of payment. Any discrepancies found shall be brought to the attention of the Contractor and shall be resolved. A corrected invoice must then be submitted by the Contractor as instructed by the Government. Patients shall not be invoiced for services. The invoice MUST be itemized to include the following information. (1) Name and address of Contractor (2) Contractor's tax ID number (3) Veteran's name and social security number (last four) (4) Date of treatment(s) (5) Medical conditions for which service was rendered (6) Description of services rendered (7) Appropriate CPT code(s) (8) Fees being charged for services rendered (9) Extended amount due; (10) Invoice number, date; and Contract/Obligation number Payment for services rendered by the Contractor shall be made monthly upon receipt of a proper invoice. When inadequate invoices are received (those lacking any of the essential items listed above), the vendor will be notified in writing within 7 calendar days of receipt of such bills that these bills cannot be processed for payment until a proper invoice is submitted. (Prompt Payment Act Public Law 97-177) The itemized invoice shall be verified for certification of the services rendered during the billing period. The VA Contracting Officer's Representative shall certify the Contractor's invoice for payment of services rendered. 7.4 CONTRACTOR PERSONNEL SECURITY REQUIREMENTS: The Office of Security and Law Enforcement provides Department-wide policy on the assignment of appropriate position sensitivity designations associated with Department of Veterans Affairs positions involving national security and public trust responsibilities, and on the level of background investigations required for applicants for, and incumbents of, those positions. In addition to VA employees, the policy and investigative requirements are applicable to Contractor personnel who require access to VA computer systems designated as sensitive. Contractor and subcontractor personnel who require access to VA computer systems shall be subject to all necessary background investigations and receive a favorable adjudication from Version 7 30 2012 the VA Office of Security and Law Enforcement to ensure compliance with such policy. If such investigation has not been completed prior to contract commencement, the Contractor shall be responsible for the actions of those individuals performing under the contract. Should the contract require Contractor personnel to maintain U.S. citizenship, the Contractor shall be responsible for compliance. Regardless of U.S. citizenship requirements, Contractor personnel are required to read, write, speak, and understand the English language, unless otherwise specified in this contract or agreed to by the Government. The cost for such investigations shall be borne by the Contractor, either in advance or as reimbursement to the Government. The level of sensitivity shall be determined by the Government on the basis of the type of access required. The level of sensitivity will determine the depth of the investigation and the cost thereof. At this time, the current estimated costs for such investigations are as follows: LEVEL OF SENSITIVITY BACKGROUND INVESTIGATION LEVEL APPROXIMATE COST Low Risk National Agency Check with Written Inquiries $ 231.00 Moderate Risk Minimum Background Investigation $ 825.00 High Risk Background Investigation $ 3465.00 The Contractor shall be required to furnish all applicable employee information required to conduct the investigation, such as, but not limited to, the name, address, and social security number of Contractor personnel. The VA will provide all the necessary instructions and guidance for submission of the documents required to conduct the background investigation. Background investigations shall not be required for Contractor personnel who will not be required to access VA computer systems nor gain access to sensitive materials. 7.5 POST-AWARD PERFORMANCE CONFERENCE: The Contracting Officer may schedule a post-award performance conference with the Contractor, if deemed necessary, for contract orientation purposes. P er 6500.6 Appendix C. 1. General Contractors, contractor personnel, subcontractors, and subcontractor personnel shall be subject to the same Federal laws, regulations, standards, and VA Directives and Handbooks as VA and VA personnel regarding information and information system security. 2. Access to VA Information and VA Information Systems a. A contractor/subcontractor shall request logical (technical) or physical access to VA Version 7 30 2012 information and VA information systems for their employees, subcontractors, and affiliates only to the extent necessary to perform the services specified in the contract, agreement, or task order. b. All contractors, subcontractors, and third-party servicers and associates working with VA information are subject to the same investigative requirements as those of VA appointees or employees who have access to the same types of information. The level and process of background security investigations for contractors must be in accordance with VA Directive and Handbook 0710, Personnel Suitability and Security Program. The Office for Operations, Security, and Preparedness is responsible for these policies and procedures. c. The contractor or subcontractor must notify the Contracting Officer immediately when an employee working on a VA system or with access to VA information is reassigned or leaves the contractor or subcontractor's employ. The Contracting Officer must also be notified immediately by the contractor or subcontractor prior to an unfriendly termination. 3. VA Information Custodial Language a. Information made available to the contractor or subcontractor by VA for the performance or administration of this contract or information developed by the contractor/subcontractor in performance or administration of the contract shall be used only for those purposes and shall not be used in any other way without the prior written agreement of the VA. This clause expressly limits the contractor/subcontractor's rights to use data as described in Rights in Data - General, FAR 52.227-14(d) (1). b. Prior to termination or completion of this contract, contractor/subcontractor must not destroy information received from VA, or gathered/created by the contractor in the course of performing this contract without prior written approval by the VA. Any data destruction done on behalf of VA by a contractor/subcontractor must be done in accordance with National Archives and Records Administration (NARA) requirements as outlined in VA Directive 6300, Records and Information Management and its Handbook 6300.1 Records Management Procedures, applicable VA Records Control Schedules, and VA Handbook 6500.1, Electronic Media Sanitization. Self-certification by the contractor that the data destruction requirements above have been met must be sent to the VA Contracting Officer within 30 days of termination of the contract. c. The contractor/subcontractor must receive, gather, store, back up, maintain, use, disclose and dispose of VA information only in compliance with the terms of the contract and applicable Federal and VA information confidentiality and security laws, regulations and policies. If Federal or VA information confidentiality and security laws, regulations and policies become applicable to the VA information or information systems after execution of the contract, or if NIST issues or updates applicable FIPS or Special Publications (SP) after execution of this contract, the parties agree to negotiate in good faith to implement the information confidentiality and security laws, regulations and policies in this contract. Version 7 30 2012 4. Security Incident Investigation a. The term "security incident" means an event that has, or could have, resulted in unauthorized access to, loss or damage to VA assets, or sensitive information, or an action that breaches VA security procedures. The contractor/subcontractor shall immediately notify the COTR and simultaneously, the designated ISO and Privacy Officer for the contract of any known or suspected security/privacy incidents, or any unauthorized disclosure of sensitive information, including that contained in system(s) to which the contractor/subcontractor has access. b. To the extent known by the contractor/subcontractor, the contractor/subcontractor's notice to VA shall identify the information involved, the circumstances surrounding the incident (including to whom, how, when, and where the VA information or assets were placed at risk or compromised), and any other information that the contractor/subcontractor considers relevant. c. With respect to unsecured protected health information, the business associate is deemed to have discovered a data breach when the business associate knew or should have known of a breach of such information. Upon discovery, the business associate must notify the covered entity of the breach. Notifications need to be made in accordance with the executed business associate agreement. d. In instances of theft or break-in or other criminal activity, the contractor/subcontractor must concurrently report the incident to the appropriate law enforcement entity (or entities) of jurisdiction, including the VA OIG and Security and Law Enforcement. The contractor, its employees, and its subcontractors and their employees shall cooperate with VA and any law enforcement authority responsible for the investigation and prosecution of any possible criminal law violation(s) associated with any incident. The contractor/subcontractor shall cooperate with VA in any civil litigation to recover VA information, obtain monetary or other compensation from a third party for damages arising from any incident, or obtain injunctive relief against any third party arising from, or related to, the incident 5. Liquidated Damages for Data Breach a. Consistent with the requirements of 38 U.S.C. §5725, a contract may require access to sensitive personal information. If so, the contractor is liable to VA for liquidated damages in the event of a data breach or privacy incident involving any SPI the contractor/ subcontractor processes or maintains under this contract. However, it is the policy of the VA to forgo collection of liquidated damages in the event the contractor provides payment of actual damages in the amount determined to be adequate by the agency. b. The contractor/subcontractor shall provide notice to VA of a "security incident" as set forth in the Security Incident Investigation section above. Upon such notification, VA must secure from a non-Department entity or the VA Office of Inspector General an Version 7 30 2012 independent risk analysis of the data breach to determine the level of risk associated with the data breach for the potential misuse of any sensitive personal information involved in the data breach. The term 'data breach' means the loss, theft, or other unauthorized access, or any access other than that incidental to the scope of employment, to data containing sensitive personal information, in electronic or printed form, that results in the potential compromise of the confidentiality or integrity of the data. Contractor shall fully cooperate with the entity performing the risk analysis. Failure to cooperate may be deemed a material breach and grounds for contract termination. c. Each risk analysis shall address all relevant information concerning the data breach, including the following: (1) Nature of the event (loss, theft, unauthorized access); (2) Description of the event, including: (a) date of occurrence; (b) data elements involved, including any PII, such as full name, social security number, date of birth, home address, account number, disability code; (3) Number of individuals affected or potentially affected; (4) Names of individuals or groups affected or potentially affected; (5) Ease of logical data access to the lost, stolen or improperly accessed data in light of the degree of protection for the data, e.g., unencrypted, plain text; (6) Amount of time the data has been out of VA control; (7) The likelihood that the sensitive personal information will or has been compromised (made accessible to and usable by unauthorized persons); (8) Known misuses of data containing sensitive personal information, if any; (9) Assessment of the potential harm to the affected individuals; (10) Data breach analysis as outlined in 6500.2 Handbook, Management of Security and Privacy Incidents, as appropriate; and (11) Whether credit protection services may assist record subjects in avoiding or mitigating the results of identity theft based on the sensitive personal information that may have been compromised. d. Based on the determinations of the independent risk analysis, the contractor shall be responsible for paying to the VA liquidated damages in the amount of $_37.50_ per affected individual to cover the cost of providing credit protection services to affected individuals consisting of the following: (1) Notification; (2) One year of credit monitoring services consisting of automatic daily monitoring of at least 3 relevant credit bureau reports; (3) Data breach analysis; (4) Fraud resolution services, including writing dispute letters, initiating fraud alerts and credit freezes, to assist affected individuals to bring matters to resolution; (5) One year of identity theft insurance with $20,000.00 coverage at $0 deductible; and (6) Necessary legal expenses the subjects may incur to repair falsified or damaged credit records, histories, or financial affairs. 6. Training Version 7 30 2012 a. All contractor employees and subcontractor employees requiring access to VA information and VA information systems shall complete the following before being granted access to VA information and its systems: (1) Sign and acknowledge (either manually or electronically) understanding of and responsibilities for compliance with the Contractor Rules of Behavior, Appendix E relating to access to VA information and information systems; (2) Successfully complete the VA Cyber Security Awareness and Rules of Behavior training and annually complete required security training; (3) Successfully complete the appropriate VA privacy training and annually complete required privacy training; and (4) Successfully complete any additional cyber security or privacy training, as required for VA personnel with equivalent information system access [to be defined by the VA program official and provided to the contracting officer for inclusion in the solicitation document e.g., any role-based information security training required in accordance with NIST Special Publication 800-16, Information Technology Security Training Requirements.] b. The contractor shall provide to the contracting officer and/or the COTR a copy of the training certificates and certification of signing the Contractor Rules of Behavior for each applicable employee within 1 week of the initiation of the contract and annually thereafter, as required. c. Failure to complete the mandatory annual training and sign the Rules of Behavior annually, within the timeframe required, is grounds for suspension or termination of all physical or electronic access privileges and removal from work on the contract until such time as the training and documents are complete. 7. Security Requirements for Unclassified Information Technology Resources The contractor, their personnel, and their subcontractors shall be subject to the Federal laws, regulations, standards, and VA Directives and Handbooks regarding information and information system security as delineated in this contract. 8. Security Accreditation Package (C&A) The C&A requirements do not apply and a Security Accreditation Package is not required. Version 7 30 2012 Version 7 30 2012
- Web Link
-
FBO.gov Permalink
(https://www.fbo.gov/spg/VA/VANCHCS/VANCHCS/VA26117N1244/listing.html)
- Document(s)
- Attachment
- File Name: VA261-17-N-1244 VA261-17-N-1244.docx (https://www.vendorportal.ecms.va.gov/FBODocumentServer/DocumentServer.aspx?DocumentId=3810471&FileName=VA261-17-N-1244-000.docx)
- Link: https://www.vendorportal.ecms.va.gov/FBODocumentServer/DocumentServer.aspx?DocumentId=3810471&FileName=VA261-17-N-1244-000.docx
- Note: If links are broken, refer to Point of Contact above or contact the FBO Help Desk at 877-472-3779.
- File Name: VA261-17-N-1244 VA261-17-N-1244.docx (https://www.vendorportal.ecms.va.gov/FBODocumentServer/DocumentServer.aspx?DocumentId=3810471&FileName=VA261-17-N-1244-000.docx)
- Place of Performance
- Address: 4150 Clement Street;San Francisco, CA
- Zip Code: 94121-1545
- Zip Code: 94121-1545
- Record
- SN04688494-W 20170923/170921231602-7197485642f398ebc3fb8a52ea5788f7 (fbodaily.com)
- Source
-
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
| FSG Index | This Issue's Index | Today's FBO Daily Index Page |