Loren Data's SAM Daily™

FBO DAILY - FEDBIZOPPS ISSUE OF JUNE 30, 2019 FBO #6428
AWARD

Q -- Notice of Intent to Sole Source Interface Software & Hardware for Medical Laboratory

Notice Date

6/28/2019
 

Notice Type

Award
 

NAICS

621511 — Medical Laboratories
 

Contracting Office

Department of Veterans Affairs;Network Contracting Office 5(NCO 5) 90C;NCO 5;510 Butler Avenue;Martinsburg WV 25405
 

ZIP Code

25405
 

Solicitation Number

36C24519C0165
 

Archive Date

9/30/2019
 

Point of Contact

Phillip.Duba@va.gov
 

Award Number

36C24519C0165
 

Award Date

8/1/2019
 

Awardee

ALERE INFORMATICS, INC.;2000 HOLIDAY DR STE 500;CHARLOTTESVILLE;VA;22901
 

Award Amount

$50,328.70
 

Description

Veterans Health Affairs, Network Contracting Office 5, is issuing this Notice of Intent to Sole Source in order to identify any potential sources that have the resources and capabilities to provide interface software and hardware as described below that will not interrupt the continuum of care. This requirement is defined primary by existing hardware already in use at the Hershel Woody Williams VA Medical Center, 1540 Spring Valley Drive, Huntington, WV 25704. Introduction - This acquisition is to secure the necessary hardware (server) and along with management and interface software to obtain a medical data management system that supports the current point of care devices and services that provide diagnosis and treatment. The package must support the Roche ACCU-CHEK ® Inform II (Glucose), Alere eQuiz (competency and education package), Abbott i-STAT ® (Troponin, Creatinine, Blood Gases, Ionized Calcium, and Activated Clotting Time) and the Roche Coaguchek. An operating server (Physical or virtual) is required in this comprehensive package Background Currently, Hershel Woody Williams VA Medical Center utilizes the Alere product, Remote Automated Laboratory Systems (RALS), Data Management System (DMS), to manage point of care devices, staff education and competency evaluations, veteran personally identifiable information and associated lab test results in a secure compliant integration with IT infrastructure. Current licensing agreements already exists for the HL7 interfacing between the Alere/Rals Web 3 system and the current VA utilized VistA system. Current interfaced systems include; Roche ACCU-CHEK ® Inform II (Glucose), Alere eQuiz (competency and education package), Abbott i-STAT ® (Troponin, Creatinine, Blood Gases, Ionized Calcium and Activated Clotting Time) and the Roche Coaguchek Test results are charted to CPRS through HL7 messaging. The current server and software reside within VISN 9. This SOW is to provide information for a comprehensive system that is based at the Herschel Woody Williams Medical Center in Huntington, WV. Scope - To maintain the current the level of patient care already established at the Medical Center by securing a vendor that meets the specific requirements pertaining to the testing methodology, interface capability, usability for operators, and feasibility of general oversight by the Ancillary Testing Department. Objectives The benefit of this comprehensive system platform is multifold: Reduces clerical error and enhances test result accuracy by automatically transmitting to CPRS via HL7 messaging. Protects Veterans Personal Identifiable Information. Real Time review of unusual test results. System allows for internal system settings that meet regulatory requirements such as: Operator Lockout, Quality Control Lockout, Lot approvals, Flagging of unusual test results, etc. Reduces staff time spent in maintenance and quality control documentation by eliminating maintenance logs. All maintenance is auto recorded. Provides ease of use and greater time management for laboratory review. Reports can be generated for statistical analysis and review as required for regulatory compliance in Quality Management. On-site system provides for greater management options and site-specific needs. General Requirements: Windows 2008 Server R2 SP2 SQL 2014 R2 Ability for an ADT setup (Patient ID, Name, DOB) If an upgrade to the DMS is required for improved test system management, the middleware connectivity shall be able to accommodate these upgrades at no extra charge to the facility. Secure email integration with no additional setup or user update required. Data sent is accessible only within hospital firewall. Permission-based, password protected data management, with customizable scope and permission settings for user specific access tailored to job function. Ability to produce standard laboratory reports including statistical analysis of quality control data. Automated Operator Re-certification. Additional testing locations, number of instruments utilized, removed or changed with the interface shall be at no additional cost. Annual support fees shall be a set all-inclusive cost and shall not be modified due to additional testing locations or additional docking station locations. No annual device or location license fee. Ability, if needed, to capture non-instrument test results and manage quality control and operator information. Comply with all state and federal agency requirements as mandated by the federal and state statutes. The Vendor shall be responsible for providing the transitional staff training, instruction with ongoing consultation as needed. Physical or Virtual server capable of hosting the required software. The Vendor Project Manager will meet, as necessary, with Herschel Woody Williams Medical Center representatives or designees to discuss immediate administrative, technical issues, or problem areas involving the software performance. Service and Maintenance: The Contractor agrees to maintain the minimum acceptable service for technical situations by providing a working telephone number to speak with a service representative with knowledge of the device and technical ability to troubleshoot the device. The contractor provides 24 hour, 7 days a week Technical Support by phone or email. If an answering service is supplied over a weekend or holiday the expectation is that there will be a call back within 30 minutes of initiating the service call. The Contractor will also provide the necessary information to replace an inoperable module. Supplies: The Contractor shall provide all required hardware, software, and related consumables supplies to support the transmission of electronic data for each ordering facility at no additional cost. Any necessary additional required connections shall be the responsibility of the Contractor. All equipment, software, and hardware remain the property of the Contractor. All risks of loss remains the responsibility of the Contractor. The government is not responsible for loss due to negligence, fire, water, or other natural disaster or damage from terrorism or war, and any other resultant damage to equipment, software, hardware and connections. Middleware capable of interfacing with POC HL7 Capability to upload data remotely with USB Security Any security requirements of the Contracting personnel will be specified by the ordering facilities Information Security Officer (ISO). The requirements may apply to personnel, contractor property and/or information technology. The Contractor shall abide by the VAAR-852.273-75 SECURITY REQUIREMENTS FOR UNCLASSIFIED INFORMATION TECHNOLOGY RESOURCES (Interim Oct 2008), as stated in appendix B of VA Handbook 6500.6. The contractor and their personnel shall be subject to the same Federal laws, regulations, standards and VA policies as VA personnel regarding information and information system security.   These include, but are not limited to Federal Information Security Management Act (FISMA), Appendix III of OMB Circular A-130, and guidance and standards, available from the Department of Commerce s National Institute of Standards and Technology (NIST).   This also includes the use of common security configurations available from NIST s website at: http://checklists.nist.gov A contractor/subcontractor shall request logical (technical) or physical access to VA information and VA information systems for their employees, subcontractors, and affiliates only to the extent necessary to perform the services specified in the contract, agreement, or task order. All contractors, subcontractors, and third-party servicers and associates working with VA information are subject to the same investigative requirements as those of VA appointees or employees who have access to the same types of information. The level and process of background security investigations for contractors must be in accordance with VA Directive and Handbook 0710, Personnel Suitability and Security Program. The Office for Operations, Security, and Preparedness is responsible for these policies and procedures. Prior to termination or completion of this contract, contractor/subcontractor must not destroy information received from VA, or gathered/created by the contractor in the course of performing this contract without prior written approval by the VA. Any data destruction done on behalf of VA by a contractor/subcontractor must be done in accordance with National Archives and Records Administration (NARA) requirements as outlined in VA Directive 6300, Records and Information Management and its Handbook 6300.1 Records Management Procedures, applicable VA Records Control Schedules, and VA Handbook 6500.1, Electronic Media Sanitization. Self-certification by the contractor that the data destruction requirements above have been met must be sent to the VA Contracting Officer within 30 days of termination of the contract. If a VHA contract is terminated for cause, the associated BAA must also be terminated and appropriate actions taken in accordance with VHA Handbook 1600.01, Business Associate Agreements. Absent an agreement to use or disclose protected health information, there is no business associate relationship. If Federal or VA information confidentiality and security laws, regulations and policies become applicable to the VA information or information systems after execution of the contract, or if NIST issues or updates applicable FIPS or Special Publications (SP) after execution of this contract, the parties agree to negotiate in good faith to implement the information confidentiality and security laws, regulations and policies in this contract. To ensure that appropriate security controls are in place, contractors must follow the procedures set forth in VA Information and Information Security/Privacy Requirements for IT Contracts located at the following website: http://www.iprm.oit.va.gov The contractor/subcontractor must store, transport, or transmit VA sensitive information in an encrypted form, using VA-approved encryption tools that are, at a minimum, FIPS 140-2 validated. The contractor/subcontractor s firewall and Web services security controls, if applicable, shall meet or exceed VA s minimum requirements. VA Configuration Guidelines are available upon request. The standard installation, operation, maintenance, updating, and patching of software shall not alter the configuration settings from the VA approved and FDCC configuration. Information technology staff must also use the Windows Installer Service for installation to the default program files directory and silently install and uninstall. For service that involves the storage, generating, transmitting, or exchanging of VA sensitive information but does not require C&A or an MOU-ISA for system interconnection, the contractor/subcontractor must complete a Contractor Security Control Assessment (CSCA) on a yearly basis and provide it to the COTR. These provisions shall apply to all contracts in which VA sensitive information is stored, generated, transmitted, or exchanged by VA, a contractor, subcontractor or a third-party, or on behalf of any of these entities regardless of format or whether it resides on a VA system or contractor/subcontractor s electronic information system(s) operating for on the VA s behalf. Clauses (a) and (b) shall apply to current and future contracts and acquisition vehicles including, but not limited to, job orders, task orders, letter contracts, purchase orders, and modifications.   Contracts do not include grants and cooperative agreements covered by 31 U.S.C. §6301et seq. These are found in VHA Directive 6210. Basically, computer system processing is sensitive, but unclassified information, and must have the appropriate security features. The following security requirements are in addition to the VHA Directive 6210 policy of initial and periodic security training and the need for physical controls to protect hardware. This computer system will be processing and transferring data that is classified as Sensitive But Unclassified (SBU) and must have the appropriate security features. Electronic transmission of identifiable patient information shall be in compliance with requirements of the Health Insurance Portability and Accountability Act (HIPAA). The following security requirements are in addition to the VAs basic policy of initial and periodic security training, and the need for physical controls to protect hardware. For example: Discretionary Access Control; (access control lists). Object Reuse; (hard drives/diskettes will be wiped clean of information before turned in to Acquisition/Logistics for transfer back to the Contractor). Identification and Authentication (user ID and passwords to use the system). Audit (the system must have audit trail capability). Operational Assurance (protection from external interference or tampering). Accreditation (signed by a designated accreditation authority). NOTE: THIS NOTICE WAS NOT POSTED TO FEDBIZOPPS ON THE DATE INDICATED IN THE NOTICE ITSELF (28-JUN-2019); HOWEVER, IT DID APPEAR IN THE FEDBIZOPPS FTP FEED ON THIS DATE. PLEASE CONTACT 877-472-3779 or fbo.support@gsa.gov REGARDING THIS ISSUE.
 

Web Link

Link To Document
(https://www.fbo.gov/spg/VA/HuVAMC/VAMCCO80220/Awards/36C24519C0165.html)
 

Record

SN05356438-F 20190630/190628230053 (fbodaily.com)
 

Source

FedBizOpps Link to This Notice
(may not be valid after Archive Date)

---

| FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |