Loren Data's SAM Daily™

fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
SAMDAILY.US - ISSUE OF AUGUST 30, 2023 SAM #7946
SOLICITATION NOTICE

H -- Waste Water Sampling, St Louis VA Medical Centers

Notice Date
8/28/2023 10:34:28 AM
 
Notice Type
Solicitation
 
NAICS
541380 — Testing Laboratories
 
Contracting Office
255-NETWORK CONTRACT OFFICE 15 (36C255) LEAVENWORTH KS 66048 USA
 
ZIP Code
66048
 
Solicitation Number
36C25523Q0641
 
Response Due
8/15/2023 6:00:00 AM
 
Archive Date
09/14/2023
 
Point of Contact
Vernon J Hoobler, Contract Specialist
 
E-Mail Address
vernon.hoobler@va.gov
(vernon.hoobler@va.gov)
 
Awardee
null
 
Description
Jefferson Barracks Veterans Affairs Medical Center St Louis Missouri Statement of Work 1. SCOPE:  THE CONTRACTOR SHALL PERFORM ALL ROUTINE SAMPLING AND   ANALYSES REQUIRED IN OUR INDUSTRIAL WASTEWATER DISCHARGE PERMITS AS REQUIRED BY THE METROPOLITAN ST LOUIS SEWER DISTRICT ORDINANCE NO. 8657, FOR THE PERIOD 10-1-23 THUR 9-30-24. AT THE FOLLOWING LOCATIONS:                a)  VAMC, JOHN COCHRAN DIV., 915 N.              GRAND AVE, ST LOUIS, MO 63106                               b)  VAMC, JEFFERSON BARRACKS DIV.,              ST LOUIS, MO  63125 2. SERVICES TO BE PROVIDED: ALL NECESSARY COMPOSITE AND GRAB   SAMPLES WILL BE OBTAINED QUARTERLY AS REQUIRED PER DISCHARGE PERMIT NO.1008545900-3 FOR PREMISE AT 915 NORTH   GRAND (2 EACH SAMPLING POINTS) AND DISCHARGE PERMIT NO.   1008544300-3 FOR PREMISE AT JEFFERSON BARRACKS (1 EACH   SAMPLING POINT). ANALYSIS OF SAMPLES WILL COMPLY WITH   ONLY THE PARAMETERS IDENTIFIED IN THE PERMITS BY ST. LOUIS SEWER DISTRICT.   (NOTE:  COPIES OF PERMITS SUBMITTED UNDER SEPARATE   COVER).  3. SPECIAL INSTRUCTIONS: (1) THE FOLLOWING TOXIC ORGANICS ARE   SUSPECTED TO BE PRESENT IN OUR EFFLUENT DISCHARGE AND   REQUIRE AN ANNUAL ANALYSIS: THE TOTAL TOXIC ORGANICS CAN   BE SAMPLED AND TESTED DURING ANY ONE OF THE QUARTERLY   TEST CYCLES.                             a)  THE SAMPLING POINT LOCATIONS ARE INDICATED ON THE         PERMITS.  ASSISTANCE FOR DIRECTIONS AND/OR ESCORT         TO THESE LOCATIONS CAN BE OBTAINED BY CONTACTING      THE FOLLOWING PIPE SHOP FOREMEN:              1)  PREMISE AT 915 N. GRAND AVE - Nathan Walter PH 314-289-6450.                              2)  PREMISE AT JEFFERSON BARRACKS -              Tim Middleton PH 314-894-6657.  (2) FURNISH SEPERATE WRITTEN TEST REPORTS FOR EACH          SAMPLING POINT EVERY THREE MONTHS (QUARTERLY);          1ST. QUARTER - OCTOBER, NOVEMBER, DECEMBER; 2ND -    QUARTER - JANUARY, FEBRUARY, MARCH; 3RD QUARTER -        APRIL, MAY, JUNE; 4TH QUARTER - JULY, AUGUST,         SEPTEMBER. THESE SIGNED REPORTS WILL BE POST      MARKED NO LATER THAN THE 28TH DAY OF THE QUARTER -        DECEMBER, MARCH, JUNE, SEPTEMBER. THE ORIGINAL           COPY OF THE REPORTS WILL BE SENT TO THE CHIEF,            ENGINEERING SERVICE, 138 JB, VAMC, JEFFERSON    BARRACKS DIVISION, ST LOUIS, MO 63125.                 (3) THESE REPORTS SHALL CONTAIN THE INFORMATION         REQUIRED BY THE METROPOLITAN ST LOUIS SEWER         DISTRICT ON FORMS WHICH ARE SUPPLIED BY THE      DISTRICT.                               4. IDENTIFICATION: The contractor s field service employee shall wear visible identification at all times while on the premises of the VA Medical Center. Smoking is prohibited inside of buildings. Possession of weapons is prohibited. Enclosed containers, including tool kits, shall be subject to search. Violations of the VA regulations may result in citation answerable in the United States (Federal) District Court. 5. VEHICLES: All vehicles will be locked and the keys removed while performing service on the Medical Center s property. This is intended to protect the contractor s property and provide for the safety of the Medical Center s personnel. Vehicle(s) shall be identified. Parking in the appropriate designated parking areas is expected. Information on parking is available from the VA Police. The VA Medical Center will not invalidate or make reimbursement for parking violations of the contractor for any conditions. 6. SAFETY REQUIRMENTS: In the performance of this contract, the contractor shall take such safety precautions as the Contracting Officer or designee may determine to be reasonably necessary to protect the lives and health of the occupants of any building. The Contracting Officer or designee will notify the contractor of any noncompliance with the foregoing provisions and action to be taken. Jefferson Barracks Sewer sampling 3rd Quarter is usually when TTO testing is done. July-Sept All other testing done quarterly JAN-MAR, APR-JUNE, JULY-SEPT and OCT-DEC John Cochran Sewer sampling Sample point 001 3rd Quarter is usually when TTO testing is done. July-Sept All other testing done quarterly JAN-MAR, APR-JUNE, JULY-SEPT and OCT-DEC John Cochran Sewer sampling Sample point 002 3rd Quarter is usually when TTO testing is done. July-Sept All other testing done quarterly JAN-MAR, APR-JUNE, JULY-SEPT and OCT-DEC John Cochran Sewer sampling Sample point 003 No testing required JB MSD sewer reports to be filled out by COR. JC MSD sewer reports to be filled out by COR. VA INFORMATION AND INFORMATION SYSTEM SECURITY/PRIVACY LANGUAGE FOR INCLUSION INTO CONTRACTS GENERAL Contractors, contractor personnel, subcontractors, and subcontractor personnel shall be subject to the same Federal laws, regulations, standards, and VA Directives and Handbooks as VA and VA personnel regarding information and information system security. ACCESS TO VA INFORMATION AND VA INFORMATION SYSTEMS A contractor/subcontrator shall request logical (technical) or physical access to VA information and VA information systems for their employees, subcontractors, and affiliates only to the extent necessary to perform the services specified in the contract, agreement, or task order. The contractor or subcontractor must notify the Contracting Officer immediately when an employee working on a VA system or with access to VA information is reassigned or leaves the contractor or subcontractor s employ. The Contracting Officer must also be notified immediately by the contractor or subcontractor prior to an unfriendly termination. VA INFORMATION CUSTODIAL LANGUAGE Information made available to the contractor or subcontractor by VA for the performance or administration of this contract or information developed by the contractor/subcontractor in performance or administration of the contract shall be used only for those purposes and shall not be used in any other way without the prior written agreement of the VA. This clause expressly limits the contractor/subcontractor's rights to use data as described in Rights in Data - General, FAR 52.227-14(d) (1). If VA determines that the contractor has violated any of the information confidentiality, privacy, security, and other provisions of the contract, it shall be sufficient grounds for VA to withhold payment to the contractor or third party or terminate the contract for default or terminate for cause under Federal Acquisition Regulation (FAR) part 12. SECURITY INCIDENT INVESTIGATION The term security incident means an event that has, or could have, resulted in unauthorized access to, loss or damage to VA assets, or sensitive information, or an action that breaches VA security procedures. The contractor/subcontractor shall immediately notify the COTR and simultaneously, the designated ISO and Privacy Officer for the contract of any known or suspected security/privacy incidents, or any unauthorized disclosure of sensitive information, including that contained in system(s) to which the contractor/subcontractor has access. To the extent known by the contractor/subcontractor, the contractor/subcontractor s notice to VA shall identify the information involved, the circumstances surrounding the incident (including to whom, how, when, and where the VA information or assets were placed at risk or compromised), and any other information that the contractor/subcontractor considers relevant. With respect to unsecured protected health information, the business associate is deemed to have discovered a data breach when the business associate knew or should have known of a breach of such information. Upon discovery, the business associate must notify the covered entity of the breach. Notifications need to be made in accordance with the executed business associate agreement. In instances of theft or break-in or other criminal activity, the contractor/subcontractor must concurrently report the incident to the appropriate law enforcement entity (or entities) of jurisdiction, including the VA OIG and Security and Law Enforcement. The contractor, its employees, and its subcontractors and their employees shall cooperate with VA and any law enforcement authority responsible for the investigation and prosecution of any possible criminal law violation(s) associated with any incident. The contractor/subcontractor shall cooperate with VA in any civil litigation to recover VA information, obtain monetary or other compensation from a third party for damages arising from any incident, or obtain injunctive relief against any third party arising from, or related to, the incident. LIQUIDATED DAMAGES FOR DATA BREACH Consistent with the requirements of 38 U.S.C. §5725, a contract may require access to sensitive personal information. If so, the contractor is liable to VA for liquidated damages in the event of a data breach or privacy incident involving any SPI the contractor/subcontractor processes or maintains under this contract. The contractor/subcontractor shall provide notice to VA of a security incident as set forth in the Security Incident Investigation section above. Upon such notification, VA must secure from a non-Department entity or the VA Office of Inspector General an independent risk analysis of the data breach to determine the level of risk associated with the data breach for the potential misuse of any sensitive personal information involved in the data breach. The term 'data breach' means the loss, theft, or other unauthorized access, or any access other than that incidental to the scope of employment, to data containing sensitive personal information, in electronic or printed form, that results in the potential compromise of the confidentiality or integrity of the data. Contractor shall fully cooperate with the entity performing the risk analysis. Failure to cooperate may be deemed a material breach and grounds for contract termination. Each risk analysis shall address all relevant information concerning the data breach, including the following: NATURE OF THE EVENT (LOSS, THEFT, UNAUTHORIZED ACCESS); DESCRIPTION OF THE EVENT, INCLUDING: (A) DATE OF OCCURRENCE; (B) DATA ELEMENTS INVOLVED, INCLUDING ANY PII, SUCH AS FULL NAME, SOCIAL SECURITY NUMBER, DATE OF BIRTH, HOME ADDRESS, ACCOUNT NUMBER, DISABILITY CODE; (3) NUMBER OF INDIVIDUALS AFFECTED OR POTENTIALLY AFFECTED; (4) NAMES OF INDIVIDUALS OR GROUPS AFFECTED OR POTENTIALLY AFFECTED; (5) EASE OF LOGICAL DATA ACCESS TO THE LOST, STOLEN OR IMPROPERLY ACCESSED DATA IN LIGHT OF THE DEGREE OF PROTECTION FOR THE DATA, E.G., UNENCRYPTED, PLAIN TEXT; (6) AMOUNT OF TIME THE DATA HAS BEEN OUT OF VA CONTROL; (7) THE LIKELIHOOD THAT THE SENSITIVE PERSONAL INFORMATION WILL OR HAS BEEN COMPROMISED (MADE ACCESSIBLE TO AND USABLE BY UNAUTHORIZED PERSONS); (8) KNOWN MISUSES OF DATA CONTAINING SENSITIVE PERSONAL INFORMATION, IF ANY; (9) ASSESSMENT OF THE POTENTIAL HARM TO THE AFFECTED INDIVIDUALS; (10) DATA BREACH ANALYSIS AS OUTLINED IN 6500.2 HANDBOOK, MANAGEMENT OF SECURITY AND PRIVACY INCIDENTS, AS APPROPRIATE; AND (11) WHETHER CREDIT PROTECTION SERVICES MAY ASSIST RECORD SUBJECTS IN AVOIDING OR MITIGATING THE RESULTS OF IDENTITY THEFT BASED ON THE SENSITIVE PERSONAL INFORMATION THAT MAY HAVE BEEN COMPROMISED. Based on the determinations of the independent risk analysis, the contractor shall be responsible for paying to the VA liquidated damages in the amount of $__37.50__ per affected individual to cover the cost of providing credit protection services to affected individuals consisting of the following: (1) NOTIFICATION; (2) ONE YEAR OF CREDIT MONITORING SERVICES CONSISTING OF AUTOMATIC DAILY MONITORING OF AT LEAST 3 RELEVANT CREDIT BUREAU REPORTS; (3) DATA BREACH ANALYSIS; (4) FRAUD RESOLUTION SERVICES, INCLUDING WRITING DISPUTE LETTERS, INITIATING FRAUD ALERTS AND CREDIT FREEZES, TO ASSIST AFFECTED INDIVIDUALS TO BRING MATTERS TO RESOLUTION; (5) ONE YEAR OF IDENTITY THEFT INSURANCE WITH $20,000.00 COVERAGE AT $0 DEDUCTIBLE; AND (6) Necessary legal expenses the subjects may incur to repair falsified or damaged credit records, histories, or financial affairs. TRAINING All contractor employees and subcontractor employees requiring access to VA information and VA information systems shall complete the following before being granted access to VA information and its systems: Successfully complete the appropriate VA privacy training and annually complete required privacy training (See below training); and Successfully complete any additional cyber security or privacy training, as required for VA personnel with equivalent information system access The contractor shall provide to the contracting officer and/or the COTR a copy of the training certificates for each applicable employee within 1 week of the initiation of the contract and annually thereafter, as required. Failure to complete the mandatory annual training, within the timeframe required, is grounds for suspension or termination of all physical or electronic access privileges and removal from work on the contract until such time as the training and documents are complete. 7. ADDITIONAL REQUIREMENTS a. The COR is responsible for coordinating with the Police prior to contractor arrival to identify the names of contractor personnel so that Police can ensure sufficient number of contractor badges are available for issuance prior to beginning work. COR is also responsible for signing out and signing in temporary contractor badges. b. The COR is also responsible for maintaining copies of signed Privacy training for all contractors according to RCS 10-1. c. Any work performed outside of official VA business hours after hours will require escorts. d. Escort duties for un-cleared contractors are strictly limited to government officials, specifically VA employees. At no time are contractors allowed to escort other contractors. VA Privacy Training for Personnel without Access to VA Computer Systems or Direct Access or Use to VA Sensitive Information The Department of Veterans Affairs, VA must comply with all applicable privacy and confidentiality statutes and regulations. One of the requirements in VA is to have all personnel trained annually on privacy requirements. Privacy represents what must be protected by VA in the collection, use, and disclosure of personal information whether the medium is electronic, paper or verbal. This document satisfies the basic privacy training requirement for a contractor, volunteer, or other personnel only if the individual does not use or have access to any VA computer system such as Time and Attendance, PAID, CPRS, VistA Web, VA sensitive information or protected health information (PHI), whether paper or electronic. You will find this training outlines your roles and responsibility for protecting VA sensitive information (medical, financial, or educational) that you may incidentally or accidentally see or overhear. If you have direct access to protected health information or access to a VA computer system where there is protected health information such as CPRS, VistA Web, you must take Privacy and HIPAA Focused Training (TMS 10203). VA Privacy and Information Security Awareness and Rules of Behavior (TMS 10176) is always required in order to use or gain access to a VA computer systems or VA sensitive information, whether or not protected health information is included. Both trainings are located within the VA Talent Management System (TMS): https://www.tms.va.gov What is VA Sensitive Information/Data? All Department information and/or data on any storage media or in any form or format, which requires protection due to the risk of harm that could result from inadvertent or deliberate disclosure, alteration, or destruction of the information. The term includes not only information that identifies an individual but also other information whose improper use or disclosure could adversely affect the ability of an agency to accomplish its mission, proprietary information, and records about individuals requiring protection under applicable confidentiality provisions. What is Protected Health Information? The HIPAA Privacy Rule defines protected health information as Individually Identifiable Health Information transmitted or maintained in any form or medium by a covered entity, such as VHA. What is an Incidental Disclosure? An incidental disclosure is one where an individual s information may be disclosed incidentally even though appropriate safeguards are in place. Due to the nature of VA communications and practices, as well as the various environments in which Veterans receive healthcare or other services from VA, the potential exists for a Veteran s protected health information or VA sensitive information to be disclosed incidentally. For example: You overhear a healthcare provider s conversation with another provider or patient even when the conversation is taken place appropriately. You may see limited Veteran information on sign-in sheets or white boards within a treating area of the facility. Hearing a Veteran s name being called out for an appointment or when the Veteran is being transported/escorted to and from an appointment. Safeguards You Must Follow To Secure VA Sensitive Information: Secure any VA sensitive information found in unsecured public areas (parking lot, trash can, or vacated area) until information can be given to your supervisor or Privacy Officer. You must report such incidents to your Privacy Officer timely. Don t take VA sensitive information off facilities grounds without VA permission unless the VA information is general public information, i.e., brochures/pamphlets. Don t take pictures using a personal camera without the permission from the Medical Center Director. Any protected health information overheard or seen in VA should not be discussed or shared with anyone who does not have a need to know the information in the performance of their official job duties, this includes spouses, employers or colleagues. Do not share VA access cards, keys, or codes to enter the facility. Immediately report lost or stolen Personal Identity Verification (PIV) or Veteran Health Identification Cards (VHIC), any VA keys or keypad lock codes to your supervisor or VA police. Do not use a VA computer using another VA employee s access and password. Do not ask another VA employee to access your own protected health information. You must request this information in writing from the Release of Information section at your facility. What are the Six Privacy Laws and Statutes Governing VA? Freedom of Information Act (FOIA) compels disclosure of reasonably described VA records or a reasonably segregated portion of the records to any person upon written request unless one or more of the nine exemptions apply. Privacy Act of 1974 provides for the confidentiality of personal information about a living individual who is a United States citizen or an alien lawfully admitted to U.S. and whose information is retrieved by the individual s name or other unique identifier, e.g. Social Security Number. Health Insurance Portability and Accountability Act (HIPAA) provides for the improvement of the efficiency and effectiveness of health care systems by encouraging the development of health information systems through the establishment of standards and requirements for the electronic transmission, privacy, and security of certain health information. 38 U.S.C. 5701 provides for the confidentiality of all VA patient and claimant information, with special protection for their names and home addresses. 38 U.S.C. 7332 provides for the confidentiality of drug abuse, alcoholism and alcohol abuse, infection with the human immunodeficiency virus (HIV) and sickle cell anemia medical records and health information. 38 U.S.C. 5705 provides for the confidentiality of designated medical-quality assurance documents. What are the Privacy Rules Concerning Use and Disclosure? You are not authorized to use or disclose protected health information. In general, VHA personnel may only use information for purposes of treatment, payment or healthcare operations when they have a need-to-know in the course of their official job duties. VHA may only disclose protected health information upon written request by the individual who is the subject of the information or as authorized by law. How is Privacy Enforced? There are both civil and criminal penalties, including monetary penalties that may be imposed if a privacy violation has taken place. Any willful negligent or intentional violation of an individual s privacy by VA personnel, contract staff, volunteers, or others may result in such corrective action as deemed appropriate by VA including the potential loss of employment, contract, or volunteer status. Know your VA/VHA Privacy Officer and Information Security Officer. These are the individuals to whom you can report any potential violation of protected health information or VA sensitive information, or any other concerns regarding privacy of VA sensitive information. YOU ARE RESPONSIBLE FOR PROTECTING THE CONFIDENTIAL INFORMATION OF OUR VETERANS __________________________________________ ________________ Employee (Print Name) Date __________________________________________ Employee Signature __________________________________________ Print Name of Contract Agency, if contractor __________________________________________ Print Name of VHA Department/Supervisor/Local COR PROVIDE A COPY OF THIS FORM TO YOUR SUPERVISOR/LOCAL COR FOR DATA ENTRY INTO TALENT MANAGEMENT SYSTEM
 
Web Link
SAM.gov Permalink
(https://sam.gov/opp/bf19a9d47c484da2b586e000dfb6aeed/view)
 
Record
SN06808889-F 20230830/230828230100 (samdaily.us)
 
Source
SAM.gov Link to This Notice
(may not be valid after Archive Date)

FSG Index  |  This Issue's Index  |  Today's SAM Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.