Loren Data's SAM Daily™

FBO DAILY - FEDBIZOPPS ISSUE OF AUGUST 31, 2018 FBO #6125
DOCUMENT

65 -- 757-18-3-096-0283 PACEART - Attachment

Notice Date

8/29/2018
 

Notice Type

Attachment
 

NAICS

339113 — Surgical Appliance and Supplies Manufacturing
 

Contracting Office

Department of Veterans Affairs;Columbus;Chalmers P. Wylie Ambulatory Care Center;420 North James Road;Columbus OH 43219-1834
 

ZIP Code

43219-1834
 

Solicitation Number

36C25018Q9803
 

Response Due

9/7/2018
 

Archive Date

11/6/2018
 

Point of Contact

Percy Johnson
 

E-Mail Address

7-5534<br
 

Small Business Set-Aside

N/A
 

Description

COMBINED SYNOPSIS/SOLICITATION FOR COMMERCIAL ITEMS General Information Document Type: Combined Solicitation/Synopsis Solicitation Number: 36C25018Q9803 Posted Date: 08/29/2018 Original Response Date: 09/07/2018 Current Response Date: 09/07/2018 Product or Service Code: 6515 Set Aside (SDVOSB/VOSB): [N] NAICS Code: 339113 Contracting Office Address Department of Veterans Affairs, Network Contracting Office (NCO) 10, 2780 Airport Dr., Suite 340, Columbus OH 43219 Description This is a combined synopsis/solicitation for commercial items prepared in accordance with the format in Federal Acquisition Regulation (FAR) subpart 12.6, Streamlined Procedures for Evaluation and Solicitation for Commercial Items, as supplemented with additional information included in this notice. This announcement constitutes the only solicitation; quotations are being requested, and a written solicitation document will not be issued. This solicitation is a request for quotations (RFQ). The solicitation document and incorporated provisions and clauses are those in effect through Federal Acquisition Circular 2005-99. The associated North American Industrial Classification System (NAICS) code for this procurement is 339113, with a small business size standard of 1,000. The Chalmers P. Wylie Ambulatory Care Center is seeking 1 PaceArt (includes license for 3 current users), 1 Paceart HL7 ®/XML Integration Modules, 1 Paceart ECG Module & ConMed Cable, 1 Isolation Transformer, 1 year of Base System Consultation, Go Live Support and Her Connectivity Consultation. This is a Brand Name Requirement. IF THE OFFEROR IS NOT THE MANUFACTURER OF THE QUOTED ITEMS, THE OFFEROR SHALL SUBMIT WRITTEN EVIDENCE AT THE TIME OF QUOTE SUBMISSION THAT CLEARLY VERIFIES THEY ARE AN AUTHORIZED DISTRIBUTOR AND/OR RESELLER OF THE QUOTED PRODUCTS. All interested companies shall provide a quote for the following: Supplies ITEM NUMBER DESCRIPTION OF SUPPLIES/SERVICES QUANTITY UNIT UNIT PRICE AMOUNT 0001 1.00 YR PACEART SOFTWARE LICENSE NUMBER CONCURRENT USERS PERPETUAL LICENSE 3 MEDTRONIC SUPPLIED SOFTWARE AND FEES CSN SOFTWARE OVER 5k 7030-439978 0002 1.00 YR PACEART HL7@XML INTEGRATION MODULES 0003 1.00 YR PACEART ECG MODULE AND CONMED CABLE HARDWARE 0004 1.00 YR ISOLATION TRANSFORMER HARDWARE 0005 1.00 YR PACEART ANALYTICS HOSTED SOFTWARE * SEE BOTTOM OF QUOTE SERVICES BASE SYSTEM CONSULTATION * SEE BOTTOM OF QUOTE 0006 1.00 YR GO- LIVE SUPPORT DAYS 2 4 TRAINEES AT 1 LOCATION WITH 1 TECHNICAN 0007 1.00 YR EHR CONNECTIVITY CONSULTATION * OUTBOUND CLINICAL DATA Place of Performance Address: Chalmers P. Wylie Ambulatory Care Center 420 N James Rd Columbus OH Postal Code: 43219 Country: UNITED STATES Award shall be made to the vendor whose quote offers the best value to the government, considering technical capability, past performance, and price. The government will evaluate information based on the following evaluation criteria: Lowest Price Technically Acceptable. The following solicitation provisions apply to this acquisition: FAR 52.211-6, Brand Name or Equal (Aug 1999) FAR 52.212-1, Instructions to Offerors Commercial Items (Jan 2017) FAR 52.212-3, Offerors Representations and Certifications Commercial Items (Jan 2017) The following contract clauses apply to this acquisition: FAR 52.212-4, Contract Terms and Conditions Commercial Items (Jan 2017) FAR 52.212-5, Contract Terms and Conditions Required to Implement Statutes or Executive Orders (Jan 2017) 52.232-40, Providing Accelerated Payments to Small Business Subcontractor (Dec 2013) 852.203-70, Commercial Advertising (May 2008) 852.211-73, Brand Name or Equal (Jan 2008) 852.232-72, Electronic Submission of payment Requests (Nov 2012) 852.246-70, Guarantee (Jan 2008) 852.246-71, Inspection (Jan 2008) The full text of provisions or clauses may be accessed electronically at this/these address(es): http://acquisition.gov/comp/far/index.html http://www.va.gov/oal/library/vaar/index.asp Offerors must complete annual representations and certifications on-line at http://orca.bpn.gov in accordance with FAR 52.212-3, Offerors Representations and Certifications Commercial Items. If paragraph (j) of the provision is applicable, a written submission is required. This is an open-market combined synopsis/solicitation. The government intends to award a purchase order as a result of this combined synopsis/solicitation that will include the terms and conditions set forth herein. To facilitate the award process, all quotes must include a statement regarding the terms and conditions herein as follows: "The terms and conditions in the solicitation are acceptable to be included in the award document without modification, deletion, or addition." OR "The terms and conditions in the solicitation are acceptable to be included in the award document with the exception, deletion, or addition of the following: (Contractor shall list exception(s) and rationale for the exceptions. Interested vendors are reminded that in accordance with FAR 4.12, prospective contractors shall complete electronic annual representations and certifications in conjunction with FAR 4.11 required registration in the System for Award Management (SAM) database prior to award of a contract. Registration is available at www.sam.gov. Any questions or concerns regarding this solicitation should be forwarded in writing via e-mail to Percy Johnson, percy.johnson2@va.gov, no later than September 5, 2018 Point of Contact Percy Johnson Contract Specialist Network Contract Office 10 Office: 614-257-5534 Email: percy.johnson2@va.gov STATEMENT OF WORK (SOW) as of 27/JUN/2018 Contract Title. PaceArt Background. PaceArt is required by the Columbus Outpatient Clinic to track and monitor Veterans with implanted cardiac devices to include pacemakers and defibrillators. This software will enable the Cardiology Department to download events from the device and record them as well as program and monitor the operational functionality of the device. Scope. The contractor will be required to provide the software as well as installation support on VA servers and workstations (2) Deliverable. Software, licenses, isolation transformer, HL 7 Integration moduels, ECG Module and ConMed Cable Security Requirements. Service & Maintenance will follow the security requirements as per VA s Medical Device Protection Program (MDPP) which protects VA s medical devices through a comprehensive security initiative that encompasses pre-procurement assessments, medical device isolation architecture (MDIA), communication, validation, scanning, access control list remediation, patching, and secure remote connectivity. General Security Contractors, contractor personnel, subcontractors, and subcontractor personnel shall be subject to the same Federal laws, regulations, standards, and VA Directives and Handbooks as VA and VA personnel regarding information and information system security. Access to VA Information and VA Information Systems a. A contractor/subcontractor shall request logical (technical) or physical access to VA information and VA information systems for their employees, subcontractors, and affiliates only to the extent necessary to perform the services specified in the contract, agreement, or task order. b. All contractors, subcontractors, and third-party servicers and associates working with VA information are subject to the same investigative requirements as those of VA appointees or employees who have access to the same types of information. The level and process of background security investigations for contractors must be in accordance with VA Directive and Handbook 0710, Personnel Suitability and Security Program. The Office for Operations, Security, and Preparedness is responsible for these policies and procedures. A BI is not required per VA Information and Information System Security/Privacy Requirements for IT Contracts dated August 2008 if the following exception applies: Contract Personnel with limited and intermittent access to equipment connected to facility networks on which limited VA sensitive information may reside, including medical equipment contractors who install, maintain, and repair networked medical equipment such as CT scanners, EKG systems, ICU monitoring, etc. In this case, Veterans Health Administration facilities must have a duly executed VA Business Associate Agreement (BAA) in place with the vendor in accordance with VHA Handbook 1600.1, Business Associates, to assure compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) in addition to the contract. Contract personnel, if on site, should be escorted by VA IT Staff. Training a. All contractor employees and subcontractor employees requiring access to VA information and VA information systems shall complete the following before being granted access to VA information and its systems: (1) Sign and acknowledge (either manually or electronically) understanding of and responsibilities for compliance with the Contractor Rules of Behavior, Appendix E relating to access to VA information and information systems; (2) Successfully complete the VA Cyber Security Awareness and Rules of Behavior training and annually complete required security training; (3) Successfully complete the appropriate VA privacy training and annually complete required privacy training; and (4) Successfully complete any additional cyber security or privacy training, as required for VA personnel with equivalent information system access [to be defined by the VA program official and provided to the contracting officer for inclusion in the solicitation document e.g., any role-based information security training required in accordance with NIST Special Publication 800-16, Information Technology Security Training Requirements.] b. The contractor shall provide to the contracting officer and/or the COTR a copy of the training certificates and certification of signing the Contractor Rules of Behavior for each applicable employee within 1 week of the initiation of the contract and annually thereafter, as required. c. Failure to complete the mandatory annual training and sign the Rules of Behavior annually, within the timeframe required, is grounds for suspension or termination of all physical or electronic access privileges and removal from work on the contract until such time as the training and documents are complete. VA Information Custodial Language a. Information made available to the contractor or subcontractor by VA for the performance or administration of this contract or information developed by the contractor/subcontractor in performance or administration of the contract shall be used only for those purposes and shall not be used in any other way without the prior written agreement of the VA. This clause expressly limits the contractor/subcontractor's rights to use data as described in Rights in Data - General, FAR 52.227-14(d) (1). b. The contractor/subcontractor must store, transport, or transmit VA sensitive information in an encrypted form, using VA-approved encryption tools that are, at a minimum, FIPS 140-2 validated. Information Systems Hosting, Operations, Maintenance, or Use a. Bio-Medical devices and other equipment or systems containing media (hard drives, optical disks, etc.) with VA sensitive information must not be returned to the vendor at the end of lease, for trade-in, or other purposes. The options are: (1) Vendor must accept the system without the drive; (2) VA s initial medical device purchase includes a spare drive which must be installed in place of the original drive at time of turn-in; or (3) VA must reimburse the company for media at a reasonable open market replacement cost at time of purchase. (4) Due to the highly specialized and sometimes proprietary hardware and software associated with medical equipment/systems, if it is not possible for the VA to retain the hard drive, then; (a) The equipment vendor must have an existing BAA if the device being traded in has sensitive information stored on it and hard drive(s) from the system are being returned physically intact; and (b) Any fixed hard drive on the device must be non-destructively sanitized to the greatest extent possible without negatively impacting system operation. Selective clearing down to patient data folder level is recommended using VA approved and validated overwriting technologies/methods/tools. Applicable media sanitization specifications need to be preapproved and described in the purchase order or contract. (c) A statement needs to be signed by the Director (System Owner) that states that the drive could not be removed and that (a) and (b) controls above are in place and completed. The ISO needs to maintain the documentation. SECURITY INCIDENT INVESTIGATION a. The term security incident means an event that has, or could have, resulted in unauthorized access to, loss or damage to VA assets, or sensitive information, or an action that breaches VA security procedures. The contractor/subcontractor shall immediately notify the COTR and simultaneously, the designated ISO and Privacy Officer for the contract of any known or suspected security/privacy incidents, or any unauthorized disclosure of sensitive information, including that contained in system(s) to which the contractor/subcontractor has access. b. To the extent known by the contractor/subcontractor, the contractor/subcontractor s notice to VA shall identify the information involved, the circumstances surrounding the incident (including to whom, how, when, and where the VA information or assets were placed at risk or compromised), and any other information that the contractor/subcontractor considers relevant. LIQUIDATED DAMAGES FOR DATA BREACH a. Consistent with the requirements of 38 U.S.C. §5725, a contract may require access to sensitive personal information. If so, the contractor is liable to VA for liquidated damages in the event of a data breach or privacy incident involving any SPI the contractor/subcontractor processes or maintains under this contract. However, it is the policy of VA to forgo collection of liquidated damages in the event the contractor provides payment of actual damages in an amount determined to be adequate by the agency. b. Based on the determinations of the independent risk analysis, the contractor shall be responsible for paying to the VA liquidated damages in the amount of $37.50 per affected individual to cover the cost of providing credit protection services to affected individuals consisting of the following: (1) Notification; (2) One year of credit monitoring services consisting of automatic daily monitoring of at least 3 relevant credit bureau reports; (3) Data breach analysis; (4) Fraud resolution services, including writing dispute letters, initiating fraud alerts and credit freezes, to assist affected individuals to bring matters to resolution; (5) One year of identity theft insurance with $20,000.00 coverage at $0 deductible; and (6) Necessary legal expenses the subjects may incur to repair falsified or damaged credit records, histories, or financial affairs. Government-Furnished Equipment (GFE)/Government-Furnished Information (GFI). Appropriate server and workstations Place of Performance. Chalmers P. Wylie VA, 420 N. James Road, Columbus Ohio 43219 Delivery Schedule. Describe the items to be delivered throughout the period of performance and at completion of the contract, if applicable. The delivery schedule format is as follows: SOW Task# Deliverable Title Format Number Calendar Days After CO Start 1 Hospital Design A003/DI-MGMT-80347 Standard Distribution* Draft - 15 Final - 30 2 Monthly Status Report Contractor-Determined Format 2 Copies to COR; Letter Only to CO Monthly, on 5th Workday 3 Commissioning Report Contractor-Determined Format Standard Distribution* 180 4 Continue as needed to document all deliverables * Standard Distribution: 1 copy of the transmittal letter without the deliverable to the Contracting Officer shall be Emailed.
 

Web Link

FBO.gov Permalink
(https://www.fbo.gov/spg/VA/CoVAOPC757/CoVAOPC757/36C25018Q9803/listing.html)
 

Document(s)

Attachment
 

File Name: 36C25018Q9803 36C25018Q9803.docx (https://www.vendorportal.ecms.va.gov/FBODocumentServer/DocumentServer.aspx?DocumentId=4569408&FileName=36C25018Q9803-000.docx)

Link: https://www.vendorportal.ecms.va.gov/FBODocumentServer/DocumentServer.aspx?DocumentId=4569408&FileName=36C25018Q9803-000.docx

 

Note: If links are broken, refer to Point of Contact above or contact the FBO Help Desk at 877-472-3779.
 

Place of Performance

Address: Chalmers P. Wylie Ambulatory Care Center;420 N. James Rd;Columbus OH

Zip Code: 43219
 

Record

SN05062050-W 20180831/180829231408-d825dc90d011fa258fb5db41c7236467 (fbodaily.com)
 

Source

FedBizOpps Link to This Notice
(may not be valid after Archive Date)

---

| FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |