Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY - FEDBIZOPPS ISSUE OF JUNE 07, 2019 FBO #6405
SOURCES SOUGHT

R -- Temporary staffing Program Support Clerks Community Care Service

Notice Date
6/5/2019
 
Notice Type
Synopsis
 
NAICS
561320 — Temporary Help Services
 
Contracting Office
Department of Veterans Affairs;VA Sierra Pacific Network (VISN 21);VA Northern California HealthCare System;5342 Dudley Blvd, Bldg 209;McClellan CA 95652-2609
 
ZIP Code
95652-2609
 
Solicitation Number
36C26119Q0726
 
Archive Date
9/3/2019
 
Point of Contact
maria.teodoro-tanksley@va.gov
 
Small Business Set-Aside
N/A
 
Description
This is a Sources Sought Constitutes Market Research The Department of Veterans Affairs Northern California Health Care System (VANCHCS), CA is conducting market research to determine if there are sufficient number of qualified vendors to issue a Veteran-owned set aside or small business set aside. In accordance with United States Code Title 38 Section 8127(d), we are seeking vendors in the following categories: Service Disabled Veteran Owned Small Business Small Business The responses from this notice will be used to make the appropriate set aside determination. The proposed solicitation will be issued as a Request for Quotation under FAR Parts 12 and 13. The contractor shall provide document destruction service for the VANCHCS. The Performance Work Statement is attached to this notice. Interested contractors should provide a capabilities statement demonstrating their experience providing similar services. The period of performance for this contract will be a year. All interested contractors must respond by email to Maria.Teodoro-Tanksley@va.gov before 1:00 P.M. Pacific Time on 18 Jun 2019. SDVOSB and VOSB vendors are registered in the Vendor Information Pages (VIP) VetBiZ. DO NOT SEND ANY PROPOSALS at this time. Submitting a capability statement is welcome. DISCLAIMER This SSN is issued solely for information and planning purposes only and does not constitute a solicitation. All information received in response to this notice that is marked as proprietary will be handled accordingly. Responses to this notice are not offers and cannot be accepted by the Government to form a binding contract. Responders are solely responsible for all expenses associated with responding to this Sources Sought Notice. Statement of Work Temporary Support Services For Northern California Health Care Systems (NCHCS) 1. Scope of Work: The contractor shall provide temporary support services in support to Community Care Section for VA Northern California Health Care Systems (VANCHCS). This position performs a wide variety of administrative and clerical duties connected with customer service (i.e. answering phones with regards to Veteran eligibility, status of claims, payment, and authorizations; acting liaison between Claims Adjudication and Reimbursement (CAR) and Veterans/Non-VA Providers/Patient Advocate. 2. Location of Work Contract performance is at the Department of Veterans Affairs (VA) Mare Island Clinic,) located on the 1st Floor, 201 Walnut Avenue, Vallejo, CA 94592. 3. Hours of Performance 3.1 Normal working hours shall be scheduled between 8:00 AM and 4:30 PM, Monday through Friday, excluding Federal Holidays: Federal Government Holidays are: New Year Day Labor Day Birthday of Martin Luther King Jr. Columbus Day Presidents Day Veterans Day Memorial Day Thanksgiving Independence Day Christmas When a holiday falls on a Saturday, the preceding Friday is observed by Government Agencies. 4. Specific Contractor Tasks Include: 4.1 Clerical Analyst 4.1.1 The contractor serves as the Program Support Clerk within the Community Care Unit in the Chief Business Office. 4.1.2 The contractor will answer/retrieve phone calls on a daily basis. ; 4.1.3The contractor shall provide claim status in FBCS/VISTA to Veterans/Vendors. 4.1.4 The contractor shall research problem cases. 4.1.5 The contractor must fully protect the confidentiality of patient information, access to computer files and release of information, according to established guidelines and policies. 4.1.6 The contractor must perform clerical duties, including for example, the use of computerized records tracking, associated with the retention, maintenance, disposition, and control of administrative and medical records. II. Administrative Requirements 1.1 Contractor will obtain security clearances for all personnel who have access to VA records, whether in paper or electronic form. Employees must be cleared by VA security prior to starting VA related work which entails completion of the Questionnaire for Non-Sensitive Positions form and clearance via SIC-Security Investigations Center. Employees will then be processed for fingerprinting, once cleared via VA, New User Access Authorization will be provided to Contractor by VA. Contractor shall certify that all employees who do work for the VA have on file a confidentiality agreement. Further, Contractor shall have all employees participate in VA related security training, including but not limited, to ethics and confidentiality and complete the following training prior to contract performance: VA Cyber Security Awareness Training- available from Talent Management System (TMS) VA website VA Privacy and Information Security Awareness and Rules of Behavior- available from TMS. Ethics Training- available from TMS Contractor shall bear the expense of employee wages during such training.   Subject matter training may require the use and retention of VA documents/records whereby the Contractor s commitment to security must be superior with a warehouse in compliance with 36 CFR 1228, subpart K, certified by the National Archives and Records Administration (NARA). 1.2 Contractor employs sufficient number of cleared staff members to ensure that all work process included in the statement of work can be performed. Contractor shall provide each employee an identification badge which shall be displayed on the outer garment at all times. The badge shall include, as a minimum, the employee s name and position title, and the Contractor s trade name. If the Contractor s employee loses a badge, he/she has to notify the COR and then the COR will work with the VA Security and HR to have the badge replaced. 1.3 Contractor must possess all licenses, permits, accreditation and certificates as required by law. The Contractor shall perform the required work in accordance with the Veterans Health Administration (VHA) standards, policies and procedures. 1.4 Contractor shall bear the expense of obtaining background investigations from recruited personnel, including replacement personnel. If the investigation is conducted by the Office of Personnel Management (OPM), the Contractor shall reimburse VA within 30 days. The cost for investigation and finger prints is approximately $200.00 per employee. Contractor shall pre screen all personnel requiring access to the computer systems to ensure they maintain a U.S. citizenship or legal alien status as per FAR 52.222-54 and are able to read, write, speak and understand the English language. 1.5 For staffing services, Contractor shall bill for worked days on a monthly basis. Contractor shall maintain supporting detail to billable units. 1.6 Contractor shall agree that all deliverables, associated working papers, and other material deemed relevant by the contractor in the performance of this task order are the property of the United States Government. Contractor shall agree that all individually identifiable health information shall be treated with the strictest confidentiality. Access to records shall be limited to essential personnel only. Records shall be secured when not in use. At the conclusion of the contract all copies of individually identifiable health records shall be returned to the VA. Any individually identifiable health records shall be deleted from computers not belonging to the VA. The contractor shall comply with the Privacy Act, 38 U.S.C. 5701, 38 U.S.C. 7332, and 5 U.S.C. 552(a) et. Seq.   Contractor staff shall sign confidentiality statements as required.   Contractor shall comply with all provisions of the Health Information Portability and Accountability Act (HIPAA) including but not limited to privacy, security of electronic health data, and adherence to standards and code sets as required by HIPAA. Contractor shall insure the confidentiality of all patient and employee information and shall be held liable in the event of breach of confidentiality.   Contractor staff must sign confidentiality statements as required. Any person, who knowingly or willingly discloses confidential information from the VA, may be subject to fines 2. Access / Safeguard of VA Information / Computer Systems 2.1. VA may provide contract personnel with access to VISTA (formerly referred to as DHCP) and/or other general files maintained on VA computer systems via personalized VA access codes. These access codes are confidential and are to be protected by the end user. Sharing of these access codes or misuse of VA information/computer systems is a Federal crime and may result in criminal penalties. When contract personnel no longer provides services to VA under the contract or no longer needs access to VA information systems, the Contractor shall immediately inform the COR so that the appropriate contract person s access codes can be deactivated. The COR will be responsible for ensuring that such access codes are deactivated. 2.2. All contract personnel accessing VISTA, or any other VA information/computer system, will be required to complete VA Cyber Security Awareness Training on the Talent Management System (TMS) VA website, annually and sign all applicable computer user agreements prior to accessing VA systems. Contract personnel shall maintain, access, release, and otherwise manage the information contained on VA information/computer systems in accordance with all VA/VHA security policies, applicable VA confidentiality statutes (Title 38 U.S.C. Section 5701 and Title 38 U.S.C Section 7332) and the respective regulations implementing these statutes, and Federal statutes and/or regulations applicable to Federal agency records. Copies of this information discussed in the aforementioned paragraphs can be provided to the Contractor and contract personnel upon request. Such copies may require the use and retention of VA documents/records whereby the Contractor s commitment to security must be superior with a warehouse in compliance with 36 CFR 1228, subpart K, certified by the National Archives and Records Administration (NARA). Above see prior comment put training specifics in an exhibit. I think there is an online class for this (Not LMS anymore use new system website). Done 2.3 Contract personnel with access to VA information/computer systems shall take reasonable safeguards, both physical and electronic, to safeguard the information and prevent unauthorized disclosures. Should contract personnel know, or suspect, that VA information/computer security was compromised or that VA information was, or could possibly be, disclosed to an unauthorized party, contract personnel must immediately report such knowledge or suspicion to the COR, who will then immediately notify the appropriate VA officials. 2.4 If contract personnel are authorized by VA to access VA information/computer systems remotely via non-VA issued computers, the Contractor will ensure that such computers are consistent with VA requirements, and will upgrade those computers (hardware and/or software) if instructed to do so by VA in order to ensure compatibility and security when VA information/computer systems are accessed by the end user. Individually identifiable health information will not reside on the contractor s computer hard drives. After contract award, VA reserves the right to inspect the contractor s facilities, installations, operations, documentation, records, databases, and computers to ensure these requirements are met. 2.5. The Contractor shall make its internal policies and practices regarding the safeguarding of medical and/or electronic information available to VA, and any other Federal agencies with enforcement authority over the maintenance and safeguard of such records, upon request. Subject matter information may require the use and retention of VA documents/records whereby the Contractor s commitment to security must be superior with a warehouse in compliance with 36 CFR 1228, subpart K, certified by the National Archives and Records Administration (NARA). 2.6 The Contractor shall follow all of the previously mentioned statutes and respective regulations implementing these statutes as well as VA Directive 6504 - Restrictions on Transmission, Transportation and Use of, and Access to VA Data Outside a VA Facility, VA Directive 6601 Removable Storage Media, and any other VA/VHA policies and procedures governing the information discussed in this section of the contract. Copies of the information discussed in the aforementioned paragraphs may be viewed by contract personnel in the Office of Information Security (see the Information Security Officer). 2.7. The Contracting Officer Technical Representative (COR) shall advise the Contractor for any changes or upgrades in the laws, regulations, or VA/VHA policies or procedures governing the contract. 3. Contractor Personnel Security Requirement see Attachment Two Contractor Personnel Security Requirement. 1 March 2011. 4. Compliance and Business Integrity Training & Education: (1). Awareness Training: Contractor employees shall complete initial compliance awareness training within 30 days of commencing work under this contract as well as complete annual compliance awareness refresher training. At a minimum, CBI awareness training will include the following topics: (a) the revenue cycle, (b) seven elements of an effective compliance program, (c) definition of high risk areas, and (d) definition of any compliance concerns and how to address a compliance concern. This requirement can be fulfilled by completing the training module available via the following Internet site: http://www.visn21.va.gov/CBI.asp (2). Remedial Training: When notified, contract employees must complete remedial training and education to address any detected compliance exceptions. (3). Proof of Training: Contract employees are responsible for submitting proof of awareness and remedial training completed to the Contracting Officer s Technical Representative (COR) for this contract. The COR will retain proof of training per applicable Records Control Schedule. 5. Customers Complaints: Customers complaints shall be submitted in writing (email) or via telephone to the Contract Officer s Technical Representative (COR). The COR is Ms. Trenell Montague and she may be contacted via email at trenell.montague@va.gov or at telephone number (707) 562-8208. INFORMATION SECURITY CLAUSES Section one GENERAL Contractors, contractor personnel, subcontractors, and subcontractor personnel shall be subject to the same Federal laws, regulations, standards, and VA Directives and Handbooks as VA and VA personnel regarding information and information system security. Section two ACCESS TO VA INFORMATION AND VA INFORMATION SYSTEMS A contractor/subcontractor shall request logical (technical) or physical access to VA information and VA information systems for their employees, subcontractors, and affiliates only to the extent necessary to perform the services specified in the contract, agreement, or task order. All contractors, subcontractors, and third-party servicers and associates working with VA information are subject to the same investigative requirements as those of VA appointees or employees who have access to the same types of information. The level and process of background security investigations for contractors must be in accordance with VA Directive and Handbook 0710, Personnel Suitability and Security Program. The Office for Operations, Security, and Preparedness is responsible for these policies and procedures. The contractor or subcontractor must notify the Contracting Officer immediately when an employee working on a VA system or with access to VA information is reassigned or leaves the contractor or subcontractor s employ. The Contracting Officer must also be notified immediately by the contractor or subcontractor prior to an unfriendly termination. Section three VA INFORMATION CUSTODIAL LANGUAGE Information made available to the contractor or subcontractor by VA for the performance or administration of this contract or information developed by the contractor/subcontractor in performance or administration of the contract shall be used only for those purposes and shall not be used in any other way without the prior written agreement of the VA. This clause expressly limits the contractor/subcontractor's rights to use data as described in Rights in Data - General, FAR 52.227-14(d) (1). If VA determines that the contractor has violated any of the information confidentiality, privacy, and security provisions of the contract, it shall be sufficient grounds for VA to withhold payment to the contractor or third party or terminate the contract for default or terminate for cause under Federal Acquisition Regulation (FAR) part 12. The contractor/subcontractor must store, transport, or transmit VA sensitive information in an encrypted form, using VA-approved encryption tools that are, at a minimum, FIPS 140-2 validated. Section four SECURITY INCIDENT INVESTIGATION The term security incident means an event that has, or could have, resulted in unauthorized access to, loss or damage to VA assets, or sensitive information, or an action that breaches VA security procedures. The contractor/subcontractor shall immediately notify the COTR and simultaneously, the designated ISO and Privacy Officer for the contract of any known or suspected security/privacy incidents, or any unauthorized disclosure of sensitive information, including that contained in system(s) to which the contractor/subcontractor has access. To the extent known by the contractor/subcontractor, the contractor/subcontractor s notice to VA shall identify the information involved, the circumstances surrounding the incident (including to whom, how, when, and where the VA information or assets were placed at risk or compromised), and any other information that the contractor/subcontractor considers relevant. Section five LIQUIDATED DAMAGES FOR DATA BREACH Consistent with the requirements of 38 U.S.C. §5725, a contract may require access to sensitive personal information. If so, the contractor is liable to VA for liquidated damages in the event of a data breach or privacy incident involving any SPI the contractor/subcontractor processes or maintains under this contract. Each risk analysis shall address all relevant information concerning the data breach, including the following: (1) Nature of the event (loss, theft, unauthorized access); (2) Description of the event, including: (a) date of occurrence; (b) data elements involved, including any PII, such as full name, social security number, date of birth, home address, account number, disability code; (3) Number of individuals affected or potentially affected; (4) Names of individuals or groups affected or potentially affected; (5) Ease of logical data access to the lost, stolen or improperly accessed data in light of the degree of protection for the data, e.g., unencrypted, plain text; (6) Amount of time the data has been out of VA control; (7) The likelihood that the sensitive personal information will or has been compromised (made accessible to and usable by unauthorized persons); (8) Known misuses of data containing sensitive personal information, if any; (9) Assessment of the potential harm to the affected individuals; (10) Data breach analysis as outlined in 6500.2 Handbook, Management of Security and Privacy Incidents, as appropriate; and (11) Whether credit protection services may assist record subjects in avoiding or mitigating the results of identity theft based on the sensitive personal information that may have been compromised. Based on the determinations of the independent risk analysis, the contractor shall be responsible for paying to the VA liquidated damages in the amount of $37.50 per affected individual to cover the cost of providing credit protection services to affected individuals consisting of the following: (1) Notification; (2) One year of credit monitoring services consisting of automatic daily monitoring of at least 3 relevant credit bureau reports; (3) Data breach analysis; (4) Fraud resolution services, including writing dispute letters, initiating fraud alerts and credit freezes, to assist affected individuals to bring matters to resolution; (5) One year of identity theft insurance with $20,000.00 coverage at $0 deductible; and (6) Necessary legal expenses the subjects may incur to repair falsified or damaged credit records, histories, or financial affairs. Section six TRAINING All contractor employees and subcontractor employees requiring access to VA information and VA information systems shall complete the following before being granted access to VA information and its systems: (1) Sign and acknowledge (either manually or electronically) understanding of and responsibilities for compliance with the Contractor Rules of Behavior, Appendix E relating to access to VA information and information systems; (2) Successfully complete the VA Cyber Security Awareness and Rules of Behavior training and annually complete required security training; (3) Successfully complete the appropriate VA privacy training and annually complete required privacy training; and (4) Successfully complete any additional cyber security or privacy training, as required for VA personnel with equivalent information system access [to be defined by the VA program official and provided to the contracting officer for inclusion in the solicitation document e.g., any role-based information security training required in accordance with NIST Special Publication 800-16, Information Technology Security Training Requirements.] The contractor shall provide to the contracting officer and/or the COTR a copy of the training certificates and certification of signing the Contractor Rules of Behavior for each applicable employee within 1 week of the initiation of the contract and annually thereafter, as required. Failure to complete the mandatory annual training and sign the Rules of Behavior annually, within the timeframe required, is grounds for suspension or termination of all physical or electronic access privileges and removal from work on the contract until such time as the training and documents are complete. Section seven SECURITY REQUIREMENTS FOR UNCLASSIFIED INFORMATION TECHNOLOGY RESOURCES The contractor, their personnel, and their subcontractors shall be subject to the Federal laws, regulations, standards, and VA Directives and Handbooks regarding information and information system security as delineated in this contract. Section eight SECURITY ACCREDITATION PACKAGE The C&A requirements do not apply and a Security Accreditation Package is not required. NOTE: THIS NOTICE WAS NOT POSTED TO FEDBIZOPPS ON THE DATE INDICATED IN THE NOTICE ITSELF (05-JUN-2019); HOWEVER, IT DID APPEAR IN THE FEDBIZOPPS FTP FEED ON THIS DATE. PLEASE CONTACT 877-472-3779 or fbo.support@gsa.gov REGARDING THIS ISSUE.
 
Web Link
Link To Document
(https://www.fbo.gov/spg/VA/VANCHCS/VANCHCS/36C26119Q0726/listing.html)
 
Record
SN05332003-F 20190607/190605230024 (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.