MODIFICATION
R -- Data Privacy Safeguard Program
- Notice Date
- 2/16/2012
- Notice Type
- Modification/Amendment
- NAICS
- 541611
— Administrative Management and General Management Consulting Services
- Contracting Office
- Department of Health and Human Services, Centers for Medicare & Medicaid Services, Office of Acquisition and Grants Management, 7500 Security Blvd., C2-21-15, Baltimore, Maryland, 21244-1850
- ZIP Code
- 21244-1850
- Solicitation Number
- HHS-CMS-DBSC-SS-12-938
- Archive Date
- 3/27/2012
- Point of Contact
- Charles Robert Brewer, Phone: 4107865170, Charles Littleton, Phone: 410-786-3291
- E-Mail Address
-
charles.brewer1@cms.hhs.gov, charles.littleton@cms.hhs.gov
(charles.brewer1@cms.hhs.gov, charles.littleton@cms.hhs.gov)
- Small Business Set-Aside
- N/A
- Description
- THIS IS NOT A REQUEST FOR PROPOSAL (RFP) AND DOES NOT COMMIT THE CENTERS FOR MEDICARE & MEDICAID SERVICES (CMS) TO AWARD A CONTRACT NOW OR IN THE FUTURE This is a SOURCES SOUGHT NOTICE to determine the availability of small businesses and/or small disadvantaged businesses (e.g., 8(a), service-disabled veteran owned small business, HUBZone small business, small disadvantaged business, veteran-owned small business, concerns owned by an Indian tribe, Alaska Native Corporation and women-owned small business) that have the capability to support CMS' Data Privacy Safeguard Program (DPSP). History: In July 2011, CMS established the DPSP to ensure the protection of CMS data that are disclosed to external organizations for research purposes. The DPSP reflects the agency's priorities to both improve data stewardship and to protect the privacy and security of CMS' research identifiable files (RIF), which are disclosed for relevant research studies. The program is supported through a contract with CMS. One of the primary objectives of the DPSP is to provide guidance to external organizations on how to implement effective, reasonable, and appropriate measures that protect CMS RIFs. The DPSP leverages the resources of the Research Data Assistance Center (ResDAC), a CMS contractor that provides free assistance to academic, government and other researchers interested in using Medicare and/or Medicaid data for their research. The DPSP consists of monitoring, by remote and/or on-site review, compliance with the privacy and security protections as described in the organization's data management plan (DMP). The DMP is a section of the researcher's protocol that is submitted to CMS, along with a signed data use agreement and contains additional details about the safeguards researchers have in place to protect CMS RIFs. The information provided includes information about the organizations' administrative, physical, and technical safeguards. The potential contractor will be expected to use the researcher's DMP submission as the basis for its review. It will review the DMP submission and evaluate whether the researcher has explained and documented the privacy policies and procedures it has in place to protect CMS RIFs. Ultimately, the DPSP provides CMS the opportunity to review external organizations' DMPs and make informed decisions on future data requests. For general information about the program, please visit the "What's New" section on the ResDAC home page: http://www.resdac.org/. Contractor Requirements: Listed below are the requirements of the contract which are further explained in the capability section below. 1. Knowledge of project management principles. 2. Knowledge of the National Institute of Standards & Technology (NIST) and the Federal Information Security Management Act (FISMA) information security requirements to safeguard personally identifiable and protected health information. 3. Ability to conduct remote and on-site reviews. 4. Ability to provide technical support to external organizations. 5. Ability to process and review DMPs. 6. Ability to develop and update best practices and educational and outreach materials. 7. Ability to produce weekly and monthly reports of all activities. PLEASE PROVIDE A CAPABILITY STATEMENT THAT DEMONSTRATES KNOWLEDGE, EXPERIENCE, AND/OR ABILITY TO PERFORM THE TASKS LISTED IN 1-7 BELOW. Please address each in the order listed below. Successful support of the DPSP will require the experience in or ability to perform the following: 1. Manage DPSP tasks (e.g., DMP reviews) efficiently, effectively, and consistently. 2. A working understanding of NIST/FISMA requirements to safeguard personally identifiable and protected health information. 3. Conduct approximately 20 remote and/or on-site reviews using previously developed materials. The activities would include creating all associated correspondence, scheduling the reviews, actual execution of the reviews, and preparing reports of findings and follow-up corrective action plan activities to bring the review to final closure. 4. Provide ongoing technical support to external organizations about the information needed to successfully submit a DMP. 5. Evaluate approximately 200 DMPs, including identifying deficiencies and areas for improvement per criteria. 6. Develop and update educational and outreach materials based on analysis of program needs. Materials shall include best practices for what to include in DMPs; frequently asked questions and answers about CMS' DPSP and outreach and educational materials for conducting workshops, such as power point presentations about the DPSP. 7. Provide reports that summarize tasks completed during the week/month, key accomplishments, upcoming activities, and action items. Business information to be submitted in the response: 1. DUNS Number 2. Company Name 3. Company Address 4. Company Point of Contact, phone number and email address 5. Type of company under NAICS as validated via the Central Contractor Registration (CCR). Additional information on NAICS codes can be found at www.sba.gov. 6. Corporate structure (corporation, LLC, sole proprietorship, partnership, limited liability partnership, professional corporation, etc.) 7. Any potential government contractor must be registered on the CCR located at http://www.ccr.gov/index.asp. 8. Current GSA Schedules appropriate to this Sources Sought 9. Point of Contact, phone number and email address of individuals who can verify the demonstrated capabilities identified in the responses. 10. Responders should also include a statement about whether or not they have an approved accounting system. If the responder has an approved accounting system, please provide the certification in which the accounting system was deemed adequate (e.g. the name of the audit agency and audit number). You may submit as an attachment, which will not count towards the overall page limit. Teaming Arrangements: All teaming arrangements shall include the above-cited information and certifications for each entity on the proposed team. Teaming arrangements are encouraged. Interested parties having the capabilities necessary to perform the stated requirements may submit capability statements via e-mail, facsimile, or regular mail to the point of contact listed below. Responses must be submitted no later than March 12, 2012. Responses shall be limited to 10 pages. Resumes of key people are limited to 2 pages and may be submitted as an attachment, which will not count towards the page limit. Documentation should be sent to: Centers for Medicare & Medicaid Services Attn: Charles Brewer, Contract Specialist Office of Acquisitions and Grants Management Acquisitions and Grants Group Division of Beneficiary Support Contracts Mailstop: B3-30-03 7500 Security Boulevard Baltimore, MD 21244 Email: charles.brewer1@cms.hhs.gov NO REIMBURSEMENT WILL BE MADE FOR ANY COSTS ASSOCIATED WITH PROVIDING INFORMATION IN RESPONSE TO THIS ANNOUNCEMENT AND ANY FOLLOW-UP INFORMATION REQUESTS. RESPONDENTS WILL NOT BE NOTIFIED OF THE RESULTS OF THE EVALUATION. This is not an invitation for bid, request for proposal or other solicitation and in no way obligates CMS to award a contract. The sole intent is to obtain capabilities for set-aside and procurement planning purposes.
- Web Link
-
FBO.gov Permalink
(https://www.fbo.gov/spg/HHS/HCFA/AGG/HHS-CMS-DBSC-SS-12-938/listing.html)
- Place of Performance
- Address: Woodlawn, Maryland, United States
- Record
- SN02677127-W 20120218/120216234749-46c17d6c18f4627b924bc2d09e5cbf24 (fbodaily.com)
- Source
-
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
| FSG Index | This Issue's Index | Today's FBO Daily Index Page |