SOURCES SOUGHT
D -- Request for Information (RFI) - HIPPA Assesment
- Notice Date
- 10/23/2013
- Notice Type
- Sources Sought
- NAICS
- 541618
— Other Management Consulting Services
- Contracting Office
- Peace Corps, Office Of Acquisitions And Contract Management, OACM, 1111 20th Street, N.W., Room 4416, Washington, District of Columbia, 20536
- ZIP Code
- 20536
- Solicitation Number
- PC-14-RFI-001
- Archive Date
- 11/13/2013
- Point of Contact
- Kathleen E Reidy,
- E-Mail Address
-
kreidy@peacecorps.gov
(kreidy@peacecorps.gov)
- Small Business Set-Aside
- N/A
- Description
- RFI Notice This is a Request for Information (RFI) notice only. This RFI is for informational planning purposes only and it not to be construed as a commitment by the Government for any actual procurement of materials, machinery, or services. This notice does not constitute a solicitation or a promise of a solicitation in the future. This RFI does not commit the Government to contract for any supply or service. Respondents are advised that the Government will not pay for any information or administrative costs incurred in response to this RFI. All costs associated with responding to this RFI are solely at the responding parties' expense. Respondents are solely responsible for properly marking and clearly identifying any proprietary information or trade secrets contained within their response. The Government will not be liable for, or suffer any consequential damages for any proprietary information not properly marked and clearly identified. Proprietary information received in response to this sources sought will be safeguarded and handled in accordance with applicable Government regulations. Responses to this notice are not offers and cannot be accepted by the Government to form a binding contract or agreement. The US Peace Corps will not be obligated to pursue any particular acquisition alternative as a result of this RFI. Responses to the RFI will not be returned. Not responding to this RFI does not preclude participation in any future solicitation, if one is issued. US Peace Corps President Kennedy formed the Peace Corps with an executive order on March 1, 1961 and in 1979, it was made a fully independent federal agency. Since its founding, more than 200,000 Americans have served as Peace Corps Volunteers in 139 developing countries that request assistance. The Peace Corps mission is to promote world peace and friendship through service to others. Peace Corps Volunteers live and work within the community they serve abroad, learning the local language, and contributing skills. This technical assistance is one of three goals of the Peace Corps. The other two revolve around cross-cultural understanding gained as the people of other countries begin to understand an American as well as the cultural experience brought back and shared when the Volunteer returns home. More information about Peace Corps can be found on our web site at www.peacecorps.gov. Request for Information (RFI) The US Peace Corps is performing market research. The office performing this market research is the Office of Health Services (OHS). The mission of the Office of Health Services (OHS) is to provide quality medical and mental health services and support to the Peace Corps community through the Offices of Medical Services (OMS) and Special Services (OSS). The Office of Health Services is headed by the Deputy Associate Director for the Office of Health Services (DAD/OHS). OHS is seeking information from vendors related to HIPAA and HITECH review for compliance with both security and privacy requirements. The minimum requirements for this assessment are outlined. At this time the Government has assessed the following minimum performance requirements: a)Review IT systems in OHS to ensure they meet all current mandatory HIPAA and HITECH privacy requirements including but not limited to authorized and restricted use and accessibility to records, storage and protection of records, and proper procedures for the disposal of electronic records b)Review IT systems in OHS to ensure they meet all current mandatory HIPAA and HITECH security requirements applicable to electronic health records and electronic protected health information, including authorized and restricted accessibility, and storage and protection of electronic health records c)Provide Peace Corps with a HIPAA/HITECH compliance report that outlines how the systems meet or do not meet HIPAA and HITECH requirements d)Perform a simple Privacy Threshold Analysis e)Provide a simple Privacy Impact Assessment f)Perform GAP analysis to determine OHS' requirements for compliance with relevant Federal Information Processing Standards (FIPS), and National Institute of Standards and Technology (NIST) Special Publications http://csrc.nist.gov/publications/PubsSPs.html required under HIPAA or HITECH for security of ePHI data at rest, in motion, in use and when disposed of. This list includes but is not limited to: 1.FIPS 140-2 Security Requirements for Cryptographic Modules; 2.FIPS 197 Advance Encryption Standard; 3.NIST SP 800-122, Guide to Protecting the Confidentiality of Personally Identifiable Information (PII); 4.NIST SP 800-111, Guide to Storage Encryption Technologies for End User Devices; 5.NIST SP 800-88, Guidelines for Media Sanitization; 6.NIST SP 800-52, Guidelines for the Selection and Use of Transport Layer Security (TLS) - Implementations; OR 7.NIST SP 800-77, Guide to IPSec VPNs; OR 8.NIST SP 800-113, Guide to SSL VPNs or others which are FIPS 140-2 validated; 9.NIST SP 800-66, Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule; 10.NIST SP 800-88, Guidelines for Medical Sanitization. g)Review Peace Corps business processes to evaluate compliance to the following federal standards: 1.OMB Memorandum M-06-16, Protection of Sensitive Information, June 2006; 2.OMB Memorandum M-07-16, Safeguarding Against and Responding to the Breach of Personally Identifiable Information, May 2007; 3.FIPS-199 Standards for Security Categorization of Federal Information and Information Systems; 4.FIPS-200 Minimum Security Requirements for Federal Information and Information Systems; 5.NIST SP 800-18 Rev. 1, Guide for Developing Security Plans for Federal Information Systems; 6.NIST SP 800-30, Risk Management Guide for Information Technology Systems; 7.NIST SP 800-34 Rev. 1, Contingency Planning Guide for Federal Information Systems; 8.NIST SP 800-37 Rev. 1, Guide for Applying the Risk Management Framework to Federal Information System; 9.NIST SP 800-53 Rev. 4, Recommended Security Controls for Federal Information Systems and Organizations; 10.NIST SP 800-64 Rev. 2, Security Considerations in the System Development Life Cycle; 11.NIST SP 800-123, Guide to General Server Security; 12.NIST SP 800-128, Guide for Security-Focused Configuration Management of Information Systems; The Government has identified the following as Minimum Reporting Requirements as part of a HIPPA assessment: a)Provide a detailed outline of business processes and systems reviewed for compliance b)Provide a detailed report of the processes in compliance and the relevant section of HIPAA, and HITECH that applies to the findings c)Provide a detailed report of the processes outside of compliance to include the relevant section of HIPAA and HITECH that applies d)Report, in writing to Peace Corps, the identified and prioritized risks according to severity e)Provide a time frame that items outside of compliance should be addressed f)Indicate any areas that action should also be taken for the purposes of process improvement g)Provide recommendations for action items that will result in resolution of those items h)Categorize all medium and high risk security findings as determined by Peace Corps information security personnel i)Document any residual medium and high risk security for Peace Corps to monitor the progress of future mitigation Questions 1. What is your company's name, email address, web site address, phone number, DUNS number, business size classification, and other contact information? 2. Does your company hold a GSA schedule? Please provide your GSA schedule number. What SINs are available as part of your GSA schedule? 3. What type of solution or approach would your company recommend to address the assessment requirements? 4. What type of solution or approach would your company recommend to address the reporting requirements? 5. What type of contract would be the best solution for the Government in order to meet the minimum requirements outlined in the RFI for both performance and reporting? 6. What type of experience does your company have in performing this type of Government assessment? If possible, please share any lessons learned from previous experiences. 7. What level of effort would be required to complete the minimum requirements? 8. Has your company performed assessments similar in scope? If so, what was the time frame in which a similar requirement was completed? 9. Based on the general information provided in this RFI notice, would your company provide a non-binding price quote? Submissions The Peace Corps is seeking information from the current providers of HIPPA assessments as part of ongoing market research. The Agency is requesting responses, via email or Windows compatible attachment, on or before Tuesday October 29, 2013 2 PM ET to the inquiries listed under "Questions" as part of market research. Responses are limited to 5 pages total. If necessary, please include any marketing materials as a separate windows compatible email attachment. Submission shall be sent to Kathleen Reidy, Contract Specialist, at kreidy@peacecorps.gov.
- Web Link
-
FBO.gov Permalink
(https://www.fbo.gov/spg/PC/OPBF/OC/PC-14-RFI-001/listing.html)
- Place of Performance
- Address: 1111 20th St NW, Washington, District of Columbia, 20526, United States
- Zip Code: 20526
- Zip Code: 20526
- Record
- SN03220995-W 20131025/131023234417-40066a9e6616e9b7ca8ab423edd048c9 (fbodaily.com)
- Source
-
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
| FSG Index | This Issue's Index | Today's FBO Daily Index Page |