Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY - FEDBIZOPPS ISSUE OF DECEMBER 14, 2018 FBO #6230
SOURCES SOUGHT

B -- Bereaved Family Survey/Veteran Experience Center - PHILA Sources Sought

Notice Date
12/12/2018
 
Notice Type
Synopsis
 
NAICS
519190 — All Other Information Services
 
Contracting Office
Department of Veterans Affairs;Network Contracting Office 4
 
ZIP Code
16001
 
Solicitation Number
36C24419Q0154
 
Response Due
12/19/2018
 
Archive Date
2/17/2019
 
Point of Contact
William.Schlobohm2@va.gov
 
Small Business Set-Aside
N/A
 
Description
CPL Michael J. Crescenz VA Medical Center (CMCVAMC) Nursing/Patient Care Services Veteran Experience Center Program GENERAL INFORMATION FOLLOWED BY A TENTATIVE STATEMENT OF WORK NOTICE: This is not a solicitation but rather a Request for Information (RFI) (Sources Sought) to determine capability of potential sources and is for information and planning purposes only. Veterans Health Affairs, Network Contracting Office 4, is issuing this request for information/sources sought notice in order to identify capable firms to perform Bereaved Family Survey Services for the Philadelphia VAMC. Responses must be submitted by 4:00 PM (EST) December 19, 2018. Submit responses to the information requested above via email to william.schlobohm2@va.gov. All SDVOSB and VOSB firms that respond shall include proof of CVE certification via www.vip.vetbiz.gov. All small business firms that respond shall include proof of small business status via their Representations and Certifications in accordance with (FAR 4.1102 Policy). While SDVOSB/VOSB contractors are preferred, all capable contractors are welcome to respond to this sources sought notice for market research purposes, and shall include as part of their response a brief capability statement that covers the information in the following tentative statement of work The results of this market research will assist in the development of (1) the requirement, and (2) the acquisition strategy (e.g., socioeconomic set-aside, full and open competition, etc.). VA assumes no responsibility for any costs incurred associated with the preparation of responses. Suggested NAICS: 519190 Suggested PSC: B553 Open to suggestions from the market as to a better NAICS and/or PSC. SAMPLE / TENTATIVE STATEMENT OF WORK (BELOW) PERFORMANCE WORK STATEMENT VETERAN EXPERIENCE CENTER PROGRAM SUPPORT SERVICES (Non-Personal Services) BACKGROUND The U.S. Department of Veterans Affairs (VA) requires data collection and entry services for the Veteran Experience Center (VEC) (formerly Performance Reporting and Outcomes Measurements to Improve Standards of care at End-of-Life (PROMISE) Center) located at the Corporal Michael J. Crescenz VA Medical Center (CMCVAMC) (Philadelphia) [also known as the Geriatrics and Extended Care (GEC) Resource Center]. The VEC was established in 2009 as part of the Comprehensive End of Life Care Initiative. The goal of the VEC and the Bereaved Family Survey (BFS) is to identify and reduce unwanted variability in end-of-life care throughout the VA and to define and disseminate processes of care that contribute to improved outcomes for Veterans near the end-of-life and their families. Beginning in FY2011, the BFS was one of two Veteran-centric measures in the National Directors Performance Plan (NDPP). The Bereaved Family Survey (BFS) is comprised of 19 items. Sixteen forced-choice items focus on specific aspects of care that the Veteran received at a VA inpatient facility during the last month of life. These items evaluate performance on areas of care including communication, emotional and spiritual support, pain/PTSD management, benefits, and personal care needs. Two open-ended questions solicit comments about both positive and negative aspects of care (e.g., how could the care be improved, and what else would you like to share about the Veteran's care during the last month of life?). The BFS Performance Measure (BFS-PM) consists of a single item on the BFS that asks respondents to provide a global rating of care during the last month of life. The BFS-PM is dichotomized into Excellent versus all other responses (i.e., Very good, Good, Fair, Poor ) and the facility / organizational level BFS-PM score reflects the percentage of respondents that rate care as Excellent. The BFS-PM is endorsed by the National Quality Forum (http://www.qualityforum.org/ProjectMeasures.aspx?projectID=73867). A slightly modified BFS is currently being expanded to support the Home-Based Primary Care (HBPC) programs throughout the VA. GENERAL REQUIREMENTS Services Required The Contractor(s) shall provide the Corporal Michael J. Crescenz VA Medical Center (CMCVAMC) (Philadelphia), 3900 Woodland Avenue, Philadelphia, PA 19104 with producing, printing, mailing and data collection services for the BFS to family members of deceased Veterans serviced by the VA Healthcare system as outlined below, but not limited to: Creation of Mailing Products/Surveys The VA currently utilizes existing templates for products mailed out to recipients (reference document appendix). The contractor shall make minor changes to templates upon VA request at no cost to the VA. If contractor incurs costs in modifying the templates, VA Contracting Officer will approve all additional costs prior to work being performed by the contractor. Products will be produced in both English and Spanish. Spanish materials will be sent to households where Veterans are serviced within the VA Caribbean Healthcare System, is designated as a Spanish speaking household or where Spanish is the primary language language preference is identified by the VA to the Contractor. Fielding of Surveys and Data Collection Contractor shall provide: Survey instruments (including introductory letter, BFS, magnet, prepaid addressed return envelope) Envelope Duplication and Printing Address File Cleaning Addressing Matching Mailing Data Collection Service Transfer of Resultant Survey Data White Mail Handling Online survey site Results Reporting The contractor shall provide all services and materials required to support the analyses of data and report preparation needed to produce the periodic reports from the Bereaved Family Survey (BFS), to include, but not limited to: Quarterly (4 times a calendar year) VHA Support Service Center (VSSC) reports Quarterly (4 times a calendar year) VISN reports The contractor shall provide full national, VISN, facility and bed section data (and any data provided by VEC) as required for each BFS Report on a monthly basis. Provide technical training and documentation to VEC as needed to insure maximum practical use at all organizational levels. The data will contain tagging, so as to link individual surveys to a specific decedent. These items must be reported at the national, VISN, facility and bed section, as applicable. Full patient and question level results are required; including all cumulative data as well as the most recent data. All results are to be made available to VEC staff. Data Collection Methodology VEC requires that the surveys are sent via first class mail using a carefully timed mailing sequence designed to produce the highest possible response rate while keeping postal costs as low as possible. The mailing and response cycle requirements are delineated in Appendix A: Mailing and Response Time Schedule. A web-based option is available in English and Spanish for NOKs to complete if they choose. The web-based option is secure and does not allow for multiple completions of the survey online. Details of Process and Deliverables Table 2.1 outlines some details regarding the frequency and sample size of each survey project. The estimated total number of Next of Kin of Veterans to be mailed surveys for all population groups is approximately 25,000/year. The Survey Preparation phase will involve intense collaboration between VEC and the contractor as questionnaires are changed into a scannable format, cover-letters and envelopes are set-up and proofed, incorrect addresses are eliminated, and final sample sizes are determined. Active Data Collection, regular reports of progress, and delivery of accurate final data sets and related files will be the prime responsibility of the contractor. The forms to be used, the approximate numbers of patients, and the frequency for each study are annotated in Table 2.1. Table 2.1: Survey Type and Projected Numbers by Population Survey - Patient Population Survey Cycle and Data Collection Frequency Number of Patients per cycle Booklet Characteristics Key Patient Characteristics Reporting Frequency Recently Deceased Inpatients Monthly 1,750 approx. 4 pages, approx. Recently discharged as a result of death. Monthly performance measure reports, quarterly reports, semi-annual VSSC reports Recently Deceased Home-Based Primary Care (HBPC) Patients Monthly 306 approx. 4 pages, approx. Recently Deceased Recipients of VA Home-Based Primary Care. Monthly performance measure reports, quarterly reports, semi-annual VSSC reports Quantities for All Surveys VEC annually will target an estimated 25,000 Next of Kin who meet selection criteria for all population groups. It is anticipated that the National Change of Address (NCOA) and eligibility processes will reject a percentage of these addresses. For those surveys that are not returned, a second, reminder letter and BFS will be sent to the NOK. It is estimated that 60% of NOK will need a reminder letter and second BFS resulting in approximately 40,000 surveys administered annually. The VEC team projects HBPC to be approximately 3,672 patients in the 2018 cycle that meet the criteria for the BFS. Every year, it is projected the VEC program will expand to an additional 2 to 3 VISNs, or an additional 500-750 patients each cycle. Table 2.2 annotates the forecasted patient numbers to be executed within the HBPC patient population. Table 2.2: HPBC Forecasted Patient Numbers per Cycle BFS 2018 2019 2020 HBPC Patient 3,672 approx. 4,172 approx. 4,672 approx. SPECIAL REQUIREMENTS Services Required Materials Copies of existing materials, including VA letterhead will be supplied to the contractor by the VA. The materials list, descriptions and specifications are annotated in Table 3.1. Materials are gender specific. For patients serviced through the VA Caribbean Healthcare System or is designated as a Spanish speaking household, all materials will go out with the Spanish language version. Table 3.1: Materials for BFS Item Description Survey Cover Letter 8 1/2 by 11 #288 blue letterhead, black text; male and female versions; English and Spanish version Survey Questionnaire variable page double side booklet; male and female versions; English and Spanish versions Outgoing Envelope 9 x 12 window, #288 blue return address and indicia Magnet 2 x 3.5, color Business Reply Envelope #10 closed face, #288 blue or black return address and business reply address and indicia, postage pre-paid Follow-up Survey Cover Letter 8 1/2 by 11 #288 blue letterhead, black text; male and female versions; English and Spanish version Follow-up Survey Questionnaire (duplicate for those that did not respond) 8 1/2 by 11 #288 blue letterhead, black text, variable page double side booklet; male and female versions; English and Spanish version Website for online survey completion Secure website with NOK specific access Process VA will provide the vendor the address files in Excel 2016 file (compressed if necessary using PKZIP), and must undergo Code 1 mail-streaming and National Change of Address (NCOA) cleaning. The vendor s systems must be compatible with these methods. An output file containing the rejected names and addresses must be provided to VEC along with the reject code or some explanation for reason of rejection. The output containing the names and addresses of those records retained after NCOA cleaning (i.e. cleared for mailing) must be provided to VEC in the layout described in Appendix B: Mailing Output File Format. Information regarding the NCOA process can be obtained from the Post Office or other survey vendors that provide mailing services. NCOA software is available through a software retailer. NCOA software must be updated monthly, at a minimum, to guarantee accuracy. The VEC is currently using SAS 9.3 and Microsoft Office 2016 on a Windows 7 Enterprise operating system. The vendor must have compatible systems in order to work with all VA systems and must adhere to Secure Socket Layer (SSL) Protocols and Public Key Infrastructure (PKI), as appropriate, in the transference of any sensitive patient identifiable data. All data transfers must be completed via PKI encrypted email through the VA virtual private network (VPN) access that will be provided. Personalization of Survey Materials Four versions of the survey, male and female specific, each in English and Spanish, will be mailed according to the gender of the deceased Veteran and facility of death (VA Caribbean Healthcare System decedents or other identified by the VA will receive the gender specific Spanish language version of the survey). The addressing for the survey cover letter will, at a minimum, contain the name and address of the Veteran s Next of Kin (NOK), the name of the Veteran, and his/her unique identification number (provided by the VEC). The purpose of the patient unique identification number serves as a way of tracking respondents so that their names will not appear directly on the questionnaire. The VEC guarantees survey respondents anonymity. The identification numbering system used to track surveys specifies a unique number to each individual in the sample. This number will be used during data analysis to link survey respondents to their demographic data. The numbering system will be provided by the VEC to the vendor. Data Collection Data collection for the surveys will be done using optical scanning or digital image capture techniques backed up by direct double entry keypunching where necessary for damaged surveys. Data shall be reported back to VEC based on the schedule detailed in Attachment A: Mailing and Response Time Schedule and in the format provided in Attachment C: Data File to VEC Format. The Bereaved Family Survey contains two questions that are open-ended to allow additional feedback from families. All these responses shall be provided in full as digital images and transcribed with the responses linked to the unique identifier for correct identification by the VEC. These responses shall be transmitted to VEC on a monthly basis with the raw, quantitative survey data. White Mail Processing Additional materials and comments that NOKs enclose on attached sheets of paper, recorded audiocassettes, photographs, etc. are commonly called white mail. The vendor will be required to screen all white mail for NOKs in distress or in need of critical assistance. These conditions include but, are not limited to: language consistent with threats of suicide, homicide or other threats to self or others, threats of lawsuit, and indications of depression and or desperation, or complaints being brought to the President, members of Congress or the local media. Any instance of a critical alert in white mail must be brought to the attention of VEC immediately for review and response via telephone or fax, depending on the urgency, and follow up next day mailing of any original correspondence to VEC. All contractor staff screening white mail will be required to complete available suicide and depressions training courses available through the VA s Talent Management System (TMS). Non-critical white mail must be returned to VEC for processing, at a minimum, once a week as some of the material may be time sensitive. If the material includes additional information detailing the care given, the information must be transcribed with the responses linked to the unique identifier in Attachment C: data File to VEC Format. Each piece of white mail sent to VEC must have the patient s ID code to allow rapid follow-up in critical situations. Special care must be taken to ensure the security of these identified documents in transit and to ensure that items received by VEC are in the form it was received by the Vendor. Return to Sender (RTS) and Deceased NOKs The file containing the mailing list of NOK of deceased Veterans provided by VEC will only include Veterans that were known to have died as an inpatient and deceased Veterans with HBPC at time of the eligibility pull, and although VEC requires the vendor to run the mailing list through NCOA and Code 1 mail streaming to remove any incorrect addresses, some Veteran s Next of Kin pass away or move before the surveys reach them. Any survey returned to the vendor as undeliverable will be coded in the data set as returned to sender or deceased according to the reason noted on the envelope. This information is important for statistical purposes to compute our true and adjusted response rates. Any white mail forwarded to VEC from returned surveys marked as deceased must have some indicator written on them by the vendor that the accompanying survey has been coded as deceased in the data file. Mailing The business reply envelopes must have the name of the VEC and the Corporal Michael J. Crescenz VAMC as the recipient of the returned piece along with the address of the data processing facility of the vendor. The mailing of all components must be done via first class mail, taking advantage of all available sorting and bulk mail discounts. At the completion of each mailing segment (reference Attachment A: Mailing and Response Time Schedule), a postal summary of all activity that can be individually identified, including postage dates and costs incurred, will be supplied to the VA by the vendor. TERM OF CONTRACT These activities will be monitored in accordance with VHA and CMCVAMC regulations. Place of Performance: Off-site support to the CMCVAMC, 3900 Woodland Avenue, Philadelphia, PA 19104. Period of Performance: This contract is effective for one year from date of award, with two (2) one-year options. The contract is subject to the availability of VA funds to support the VEC Program. Definitions CONTRACTOR. A supplier or vendor awarded a Contract to provide specific supplies or services to the government. The term used in this Contract refers to the prime Contractor. CONTRACTING OFFICER. A person with authority to enter into, administer, and or terminate Contracts, and make related determinations and findings on behalf of the government. Note: The only individual who can legally bind the government. CONTRACTING OFFICER S REPRESENTATIVE (COR). An employee of the U.S. Government appointed by the Contracting Officer to administer the Contract. Such appointment shall be in writing and shall state the scope of authority and limitations. This individual has authority to provide technical direction to the Contractor as long as that direction is within the scope of the Contract, does not constitute a change, and has no funding implications. This individual does NOT have authority to change the terms and conditions of the Contract. KEY PERSONNEL. Contractor personnel that are evaluated in a source selection process and that may be required to be used in the performance of a Contract by the Key Personnel listed in the PWS. When key personnel are used as an evaluation factor in best value procurement, an offer can be rejected if it does not have a firm commitment from the persons that are listed in the proposal. QUALITY ASSURANCE. The government procedures to verify that services being performed by the Contractor are performed according to acceptable standards. QUALITY ASSURANCE SURVEILLANCE PLAN (QASP). An organized written document specifying the surveillance methodology to be used for surveillance of Contractor performance. SUBCONTRACTOR. One that enters into Contract with a prime Contractor. The Government does not have privity of Contract with the subContractor. Acronyms BAA Business Associate Agreement BFS Bereaved Family Survey CMCVAMC Corporal Michael J. Crescenz VA Medical Center CO Contracting Officer COR Contracting Officer s Representative FAR Federal Acquisition Regulation FIPS Federal Information Processing Standards FISMA Federal Information Security Management Act of 2002 HBPC Home Based Primary Care HIPAA Health Insurance Portability and Accountability Act of 1996 ISO Information Security Officer NCOA National Change of Address NDPP National Directors Performance Plan NIST National Institute of Standards and Technology NOK Next of Kin PROMISE Performance Reporting and Outcomes Measurements to Improve Standard of care at End-of-Life QA Quality Assurance QASP Quality Assurance Surveillance Plan TJC The Joint Commission TMS Talent Management System VA Veterans Administration VEC Veteran Experience Center VHA Veterans Health Administration VISN Veterans Integrated Service Network VSSC VHA Support Service Center Contractor Staff Conflict of Interest The Contractor will ensure services performed by the Contractor personnel will be performed in accordance with VA policies and procedures and the regulations of the Medical Staff Bylaws of the VA facility. Section D, VHA Handbook 1660-3, Conflict of Interest Aspects of Contracting for Scarce Medical Specialist Services, Enhanced Use Leases, Health Care Resource Sharing, Fee Basis and Intergovernmental Personnel Act Agreements (IPAs). VHA Handbook 1660.3, Conflict of Interest Aspects of Contracting for Scarce Medical Specialist Services, Enhanced Use Leases, Health Care Resource Sharing, Fee Basis and Intergovernmental Personnel Act Agreements (IPAs), dated September 22, 2008, is incorporated into this Contract by reference. Any VA employee who is employed by the Contractor is prohibited from participating, on behalf of the Government, in a VA Contract with the Contractor. Citizenship Related Requirements Contractor Certification (Immigration) The Contractor shall comply with all applicable immigration laws, rules and regulations, including but not limited to the Immigration and Nationality Act of 1952, as amended and shall prior to performance under this Contract execute the Contractor Certification incorporated herein. Office of Inspector General (OIG) Statement HEALTH AND HUMAN SERVICES (HHS)/OFFICE OF INSPECTOR GENERAL (OIG): To ensure that the individuals providing services under the Contract have not engaged in fraud or abuse regarding Sections 1128 and 1128A of the Social Security Act regarding federal health care programs, the Contractor is required to check the HHS - OIG, List of excluded individuals/entities on the OIG Website www.hhs.gov/oig for each person providing services under this Contract. Further, the Contractor is required to certify in its proposal that all persons listed in the Contractor s proposal have been compared against the OIG list and are not listed. During the performance of this Contract, the Contractor is prohibited from using any individual or business listed on the List of Excluded Individuals/Entities. Information Security Officer (ISO) Statement VA Information Custodial Language Information made available to the contractor or subcontractor by VA for the performance or administration of this contract or information developed by the contractor/subcontractor in performance or administration of the contract shall be used only for those purposes and shall not be used in any other way without the prior written agreement of the VA. This clause expressly limits the contractor/subcontractor's rights to use data as described in Rights in Data- General, FAR 52.227-14(d) (1). VA information should not be co-mingled, if possible, with any other data on the contractors/subcontractor s information systems or media storage systems in order to ensure VA requirements related to data protection and media sanitization can be met. If co-mingling must be allowed to meet the requirements of the business need, the contractor must ensure that VA s information is returned to the VA or destroyed in accordance with VA s sanitization requirements. VA reserves the right to conduct on-site inspections of contractor and subcontractor IT resources to ensure data security controls, separation of data and job duties, and destruction/media sanitization procedures are in compliance with VA directive requirements. Prior to termination or completion of this contract, contractor/subcontractor must not destroy information received from VA, or gathered/created by the contractor in the course of performing this contract without prior written approval by the VA. Any data destruction done on behalf of VA by a contractor/subcontractor must be done in accordance with National Archives and Records Administration (NARA) requirements as outlined in VA Directive 6300, Records and Information Management and its Handbook 6300.1 Records Management Procedures, applicable VA Records Control Schedules, and VA Handbook 6500.1, Electronic Media Sanitization. Self-certification by the contractor that the data destruction requirements above have been met must be sent to the VA Contracting Officer within 30 days of termination of the contract. The contractor/subcontractor must receive, gather, store, back up, maintain, use, disclose and dispose of VA information only in compliance with the terms of the contract and applicable Federal and VA information confidentiality and security laws, regulations and policies. If Federal or VA information confidentiality and security laws, regulations and policies become applicable to the VA information or information systems after execution of the contract, or if National Institute of Standards and Technology (NIST( issues or updates applicable Federal Information Processing Standards (FIPS) or Special Publications (SP) after execution of this contract, the parties agree to negotiate in good faith to implement the information confidentiality and security laws, regulations and policies in this contract. The contractor/subcontractor shall not make copies of VA information except as authorized and necessary to perform the terms of the agreement or to preserve electronic information stored on contractor/subcontractor electronic storage media for restoration in case any electronic equipment or data used by the contractor/subcontractor needs to be restored to an operating state. If copies are made for restoration purposes, after the restoration is complete, the copies must be appropriately destroyed. If VA determines that the contractor has violated any of the information confidentiality, privacy, and security provisions of the contract, it shall be sufficient grounds for VA to withhold payment to the contractor or third party or terminate the contract for default or terminate for cause under Federal Acquisition Regulation (FAR) part 12. If a VHA contract is terminated for cause, the associated BAA must also be terminated and appropriate actions taken in accordance with VHA Handbook 1600.01, Business Associate Agreements. Absent an agreement to use or disclose protected health information, there is no business associate relationship. The contractor/subcontractor must store, transport, or transmit VA sensitive information in an encrypted form, using VA-approved encryption tools that are, at a minimum, FIPS 140-2 validated. The contractor/subcontractor s firewall and Web services security controls, if applicable, shall meet or exceed VA s minimum requirements. VA Configuration Guidelines are available upon request. Except for uses and disclosures of VA information authorized by this contract for performance of the contract, the contractor/subcontractor may use and disclose VA information only in two other situations: (i) in response to a qualifying order of a court of competent jurisdiction, or (ii) with VA s prior written approval. The contractor/subcontractor must refer all requests for, demands for production of, or inquiries about, VA information and information systems to the VA contracting officer for response. Notwithstanding the provision above, the contractor/subcontractor shall not release VA records protected by Title 38 U.S.C. 5705, confidentiality of medical quality assurance records and/or Title 38 U.S.C. 7332, confidentiality of certain health records pertaining to drug addiction, sickle cell anemia, alcoholism or alcohol abuse, or infection with human immunodeficiency virus. If the contractor/subcontractor is in receipt of a court order or other requests for the above mentioned information, that contractor/subcontractor shall immediately refer such court orders or other requests to the VA contracting officer for response. For service that involves the storage, generating, transmitting, or exchanging of VA sensitive information but does not require C&A or an MOU-ISA for system interconnection, the contractor/subcontractor must complete a Contractor Security Control Assessment (CSCA) on a yearly basis and provide it to the COR. Security Incident Investigation The term security incident means an event that has, or could have, resulted in unauthorized access to, loss or damage to VA assets, or sensitive information, or an action that breaches VA security procedures. The contractor/subcontractor shall immediately notify the COTR and simultaneously, the designated ISO and Privacy Officer for the contract of any known or suspected security/privacy incidents, or any unauthorized disclosure of sensitive information, including that contained in system(s) to which the contractor/subcontractor has access. To the extent known by the contractor/subcontractor, the contractor/subcontractor s notice to VA shall identify the information involved, the circumstances surrounding the incident (including to whom, how, when, and where the VA information or assets were placed at risk or compromised), and any other information that the contractor/subcontractor considers relevant. With respect to unsecured protected health information, the business associate is deemed to have discovered a data breach when the business associate knew or should have known of a breach of such information. Upon discovery, the business associate must notify the covered entity of the breach. Notifications need to be made in accordance with the executed business associate agreement. In instances of theft or break-in or other criminal activity, the contractor/subcontractor must concurrently report the incident to the appropriate law enforcement entity (or entities) of jurisdiction, including theVA OIG and Security and Law Enforcement. The contractor, its employees, and its subcontractors and their employees shall cooperate with VA and any law enforcement authority responsible for the investigation and prosecution of any possible criminal law violation(s) associated with any incident. The contractor/subcontractor shall cooperate with VA in any civil litigation to recover VA information, obtain monetary or other compensation from a third party for damages arising from any incident, or obtain injunctive relief against any third party arising from, or related to, the incident. Liquidated Damages for Data Breach Consistent with the requirements of 38 U.S.C. §5725, a contract may require access to sensitive personal information. If so, the contractor is liable to VA for liquidated damages in the event of a data breach or privacy incident involving any SPI the contractor/subcontractor processes or maintains under this contract. The contractor/subcontractor shall provide notice to VA of a security incident as set forth in the Security Incident Investigation section above. Upon such notification, VA must secure from a non-Department entity or the VA Office of Inspector General an independent risk analysis of the data breach to determine the level of risk associated with the data breach for the potential misuse of any sensitive personal information involved in the data breach. The term 'data breach' means the loss, theft, or other unauthorized access, or any access other than that incidental to the scope of employment, to data containing sensitive personal information, in electronic or printed form, that results in the potential compromise of the confidentiality or integrity of the data. Contractor shall fully cooperate with the entity performing the risk analysis. Failure to cooperate may be deemed a material breach and grounds for contract termination. Each risk analysis shall address all relevant information concerning the data breach, including the following: (1) Nature of the event (loss, theft, unauthorized access); (2) Description of the event, including: (a) date of occurrence; (b) data elements involved, including any PII, such as full name, social security number, date of birth, home address, account number, disability code; (3) Number of individuals affected or potentially affected; (4) Names of individuals or groups affected or potentially affected; (5) Ease of logical data access to the lost, stolen or improperly accessed data in light of the degree of protection for the data, e.g., unencrypted, plain text; (6) Amount of time the data has been out of VA control; (7) The likelihood that the sensitive personal information will or has been compromised (8) Known misuses of data containing sensitive personal information, if any; (9) Assessment of the potential harm to the affected individuals; (10) Data breach analysis as outlined in 6500.2 Handbook, Management of Security and Privacy Incidents, as appropriate; and (11) Whether credit protection services may assist record subjects in avoiding or mitigating the results of identity theft based on the sensitive personal information that may have been compromised. Training All contractor employees and subcontractor employees requiring access to VA information and VA information systems shall complete the following before being granted access to VA information and its systems: (1) Sign and acknowledge (either manually or electronically) understanding of and responsibilities for compliance with the Contractor Rules of Behavior, Appendix E relating to access to VA information and information systems; (2) Successfully complete the VA Cyber Security Awareness and Rules of Behavior training and annually complete required security training; (3) Successfully complete the appropriate VA privacy training and annually complete required privacy training; and (4) Successfully complete any additional cyber security or privacy training, as required for VA personnel with equivalent information system access [to be defined by the VA program official and provided to the contracting officer for inclusion in the solicitation document e.g., any role-based information security training required in accordance with NIST Special Publication 800-16, Information Technology Security Training Requirements.] The contractor shall provide to the contracting officer and/or the COTR a copy of the training certificates and certification of signing the Contractor Rules of Behavior for each applicable employee within 1 week of the initiation of the contract and annually thereafter, as required. Failure to complete the mandatory annual training and sign the Rules of Behavior annually, within the timeframe required, is grounds for suspension or termination of all physical or electronic access privileges and removal from work on the contract until such time as the training and documents are complete. Non-Personal Services No Employee Status The parties agree that the Contractor, its employees, agents, and subContractors shall not be considered VA employees for any purpose. Personnel Policy: The Contractor shall be responsible for protecting the personnel furnishing services under the Contract. To carry out the responsibility, the Contractor shall provide the following for these personnel: Worker s compensation Professional liability insurance Health examination Income tax withholding Social security payments In performance of this contract, the Contractor shall provide non-personal health care services as required by program offices to support management of their overall mission. This will be based upon the order's performance work statement for the specific effort. The services required under the order constitute professional and management services within the definition provided by FAR 37.401. Under this contract the Government will obtain professional services, which are essential to the Department of Veterans Affairs mission but not otherwise available within Department of Veterans Affairs. The Government will neither supervise Contractor employees nor control the method by which the Contractor performs the required tasks. Under no circumstances shall the Government assign tasks to, or prepare work schedules for, individual Contractor employees. It shall be the responsibility of the Contractor to manage their employees and to guard against any actions that are of the nature of personal services, or give the perception of personal services. If the Contractor feels that any actions constitute, or are perceived to constitute personal services, it shall be the Contractor s further responsibility to notify the Contracting Officer immediately. These services shall not be used to perform work of a policy/decision making or management nature. All decisions relative to programs supported by the Contractor will be the sole responsibility of the Government. Support services will not be ordered to circumvent personnel ceilings, pay limitations, or competitive employment procedures. Tort The Federal Tort Claims Act does not cover contractors or their staff. When a contractor or a member of its staff has been identified as a provider in a tort claim, the contractor is responsible for notifying their legal counsel and/or insurance carrier. Any settlement or judgement arising from a contractor s (or contractor s staff) action or non-action is the responsibility of the contractor and/or insurance carrier. The contractor shall be liable for, and shall indemnify and hold harmless the Government against, all actions or claims for loss of or damage to property or the injury of persons, arising out of or resulting from the fault, negligence, or wrongful act or omission of the contractor, its agents, or employees/staff. Medical Liability The Government may evaluate the quality of services provided, but retains no control over the medical, professional aspects of services rendered (e.g., professional judgments, diagnosis for specific medical treatment), in accordance with FAR 37.401(b) (Non-personal Health Care Services). Medical Liability: See VAAR Clause 852.237-7 The contractor is required to ensure that his/her sub-contractors provisions of health care services contain the requirement of the VAAR Clause 852.237-7, including the maintenance of medical liability insurance. Key Personnel and Emergency Substitutions The services to be performed by the Contractor will be monitored by the Contracting Officer s Representative (COR), currently designated as Marshall Garrison (Primary) (Executive Assistant), Department of Nursing/Patient Care Services or Dawn Gilbert (Alternate) (VEC Director of Operations), Department of Nursing/Patient Care Services. Key Personnel and Temporary Emergency Substitutions Key Personnel are those Contractor personnel whom are essential to performance of the Contract requirements and/or were considered or included by the Contractor in development of solicitation response, including individuals in key management, staffing, and related positions. The Contractor shall assign to this Contract the following key personnel: Name: Marshall Garrison (Primary) Title: Executive Assistant/Administrative Officer Name: Dawn Gilbert (Alternate) Title: Director of Operations, VEC During the first ninety (90) days of performance, the Contractor shall make NO substitutions of key personnel unless the substitution is necessitated by illness, death, or termination of employment. The Contractor shall notify the Contracting Officer, in writing, within fifteen (15) calendar days after the occurrence of any of these events and provide the information required by paragraph (c) below. After the initial 90-day period of the Contract, the Contractor shall submit the information required to the Contracting Officer at least fifteen (15) days prior to making any permanent substitutions. The Contractor shall provide a detailed explanation of the circumstances necessitating the proposed substitution and complete resume for the proposed substitute. Proposed substitute shall have comparable qualifications to those of the person being replaced. The Contracting Officer shall notify the Contractor within fifteen (15) calendar days after receipt of all required information of the decision on the proposed substitution. When changes in key personnel are approved, the Contract prices may be adjusted accordingly to reflect the salary and benefits of the personnel actually providing the services. For temporary substitutions where the key person will not be reporting to work for three (3) consecutive work days or more, the Contractor will provide a qualified replacement for the key person. This substitute shall have comparable qualifications to the key person. Any period exceeding two (2) weeks will require the procedure as stated above. Hours of Operations The services covered by this contract shall be furnished by the contractor as defined herein. The contractor shall be required to furnish such services on National holidays and during off-duty hours. The following terms have the following meanings: Workdays A normal workday will be 8 4:30 pm ET, Monday thru Friday. Work Hours Are those hours in which a Contractor's employee is physically working on the required services for the VA. Off-duty Hours Are those hours in which the Contractor's employees are not in performance of the required services. National Holiday The ten holidays observed by the Federal Government are as follows: New Year's Day Washington's Birthday Martin Luther King's Birthday Memorial Day Independence Day Labor Day Columbus Day Veterans Day Thanksgiving Day Christmas Day or any other day specifically declared by the President of the United States to be a national holiday CONTRACTOR RESPONSIBILITIES Services Required Standards of Practice: Contractor shall be responsible for meeting or exceeding VA and Joint Commission (or equivalent) standards. The Contractor shall be responsible for protecting the personnel furnishing services under this contract. To carry out this responsibility, the Contractor shall provide the following for these personnel: Workers compensation Professional liability insurance Health examinations Income tax withholding Social security payments The parties agree that the contractor, its employees, agents and sub-contractors shall not be considered VA employees for any purpose. English Language Requirements. The contractor employees shall read, understand, speak, and write English fluently. Spanish is the secondary language where teams working on Spanish surveys shall read, understand, speak and write Spanish fluently to ensure surveys are appropriately drafted and delivered to recipients in Puerto Rico or designated Spanish speaking households. The Contractor and patient care services provided shall be included in CMCVAMC data collection activities related to patient satisfaction. Medical Records Authorities If deemed required under this agreement, the Contractor shall be considered part of the Department of Veterans Affairs (VA) for purposes of 38 U.S.C. § § 5701 and 7332. Its employees may have access to patient medical records to the extent necessary to perform this Contract. Notwithstanding any other provision of this agreement, the Contractor and its employees may disclose patient records and individually-identified patient information, including information and records generated by the Contractor in performance of this agreement, only pursuant to explicit disclosure authority from VA. Health Insurance Portability and Accountability Act: (HIPAA) Protected Health Information (PHI): Contractor must adhere to the provisions of Public Law 104-191, Health Insurance Portability and Accountability Act (HIPAA) of 1996 and the National Standards to Protect the Privacy and Security of Protected Health Information. Contractor employees are required to complete the online training classes entitled VA Privacy and Information Security Awareness and Rules of Behavior, and HIPAA and Privacy Training and Prevention and Management of Disruptive Behavior (PMDB) Level 1. Other training may be added or deleted as policies and guidance from higher authority is received. The necessary link and instructions to gain access are found https://www.tms.va.gov/. A Certificate of successful completion will be generated for each course. Copies of the certificates shall be e-mailed to the COR. Completion of these training courses is required on an annual basis based on the VA s fiscal year. Disclosure If deemed required under this agreement, the Contractor shall be considered part of the Department of Veterans Affairs (VA) for purposes of 38 U.S.C. § § 5701 and 7332. Its employees may have access to patient medical records to the extent necessary to perform this Contract. Notwithstanding any other provision of this agreement, the Contractor and its employees may disclose patient records and individually-identified patient information, including information and records generated by the Contractor in performance of this agreement, only pursuant to explicit disclosure authority from VA. If deemed required under this agreement, the database utilized by the Contractor, the adverse drug event reports provided to the Contractor by VA, and documents created from analyzing this database, the adverse drug event reports, and patient medical records are medical quality assurance records protected by 38 U.S.C. § 5705, its implementing regulations at 38 U.S.C. § § 17.500-.511 and VHA Directive 2002-043, Quality Management (QM) And Patient Safety Activities That Can Generate Confidential Documents. These records may be disclosed only as authorized by § 5705 and the VA regulations. Disclosure of these records in violation of § 5705 is a criminal offense under 38 U.S.C. § 5705(e). Release of Information If deemed required under this agreement, the Contractor shall be considered part of the Department of Veterans Affairs (VA) for purposes of 38 U.S.C. § § 5701 and 7332. Its employees may have access to patient medical records to the extent necessary to perform this Contract. Notwithstanding any other provision of this agreement, the Contractor and its employees may disclose patient records and individually-identified patient information, including information and records generated by the Contractor in performance of this agreement, only pursuant to explicit disclosure authority from VA. The VA may provide Contractor and subContractor employees with access to VA automated patient records maintained on VA computer systems only to the extent and under the same conditions and requirements as VA provides access to these records to its own employees. All Contractor personnel and any subContracted employees, if applicable, accessing the VISTA system will be required to sign and abide by all VA security policies, and applicable VA confidentiality statutes, 38 U.S.C. §5701, 38 U.S.C. §7332, and the Privacy Act, 5 U.S.C. §552a, as well as 45 C.F.R. Parts 160, 162 and 164 (Health Insurance Portability and Accountability Act). The VA will provide access applications and security agreements. Contractor shall ensure the confidentiality of all patient information and shall be held liable in the event of the breach of confidentiality. Due to the confidential nature of medical reports, all transcription must be completed in areas that provide reasonable security. All documents are confidential and are protected under the Privacy Act of 1974, as amended. All vendor personnel shall be required to observe the requirements imposed on sensitive data by law, federal regulations, VA statutes and policy, DM&S policy and the associated requirements to insure appropriate screening of personnel. If deemed required under this agreement, the treatment and administrative patient records created by, or provided to, the Contractor under this agreement are covered by the VA system of records entitled "Patient Medical Records - VA (24VA136). No VA data is permitted to be stored on portable media, including but not limited to flash drives, CDs/DVDs, external hard drives, etc., without obtaining a waiver. Waiver request forms can be obtained from the CMCVAMC Information Security Officer. Any portable media which is granted approval to be utilized by the Contractor under this Contract must be encrypted in accordance with the security requirements identified in FPS 140-2. Only flash drives and encryption software explicitly approved by the VA may be used if granted a waiver. No VA data is permitted to be stored on a desktop or laptop computer hard drive. Use of any portable computer under this Contract must be approved by the ISO, and the computer s hard drive must be encrypted in accordance with FIPS 140-2. Non-VA equipment is not permitted to be connected to the VA network without prior approval. If a laptop or desktop computer must be connected, a security check must be completed by the CMCVAMC IT Staff. If unapproved equipment is detected, it will be immediately disconnected from the network. If remote access is required in order to perform the work in this Contract, a VPN request form must be completed and approved by the COR, the CMCVAMC CIO, and submitted to the ISO. The account will be given access only to the IP addresses required by the Contract. The Contractor will make every attempt to use the VA s RESCUE software in order to remotely connect to the VA network. If RESCUE cannot be used to perform the required tasks, then a waiver request must be submitted in order to use the One-VA VPN software in lieu of RESCUE. The only approved method of remotely connecting to any device on the VA network is through the One-VA VPN gateway using RESCUE or, if a waiver is obtained, the One-VA VPN software. PERFORMANCE STANDARDS, QUALITY ASSURANCE AND QUALITY IMPROVEMENT The Quality Assurance and Surveillance Plan (QASP) outlines required standards and will be a part of the resultant Contract. Registration with Contractor Performance (CPS) As prescribed in Federal Acquisition Regulation (FAR) Part 42.15, the Department of Veterans Affairs (VA) evaluates Contractor past performance on all Contracts that exceed $100,000, and shares those evaluations with other Federal Government Contract Specialists and procurement officials. The FAR requires that the Contractor be provided an opportunity to comment on past performance evaluations prior to each report closing. To fulfill this requirement VA uses an online database, the Contractor Performance System (CPS), which is maintained by the National Institutes of Health (NIH). The CPS database information is shared with the Past Performance Information Retrieval System (PPIRS) database, which is available to all Federal agencies. Each Contractor whose Contract award is estimated to exceed $100,000 is required to register with the NIH CPS database at the following web address: https://cpsContractor.nih.gov. Help in registering can be obtained by contacting CPS Support E-mail (cps-support-l@list.nih.gov) or by calling (301) 451-2771. Registration should occur no later than thirty days after Contract award, and must be kept current should there be any change to the Contractor s registered representative. For Contracts with a period of one year or less, the Contracting Officer will perform a single evaluation when the Contract is complete. For Contracts exceeding one year, the Contracting Officer will evaluate the Contractor s performance annually. Interim reports will be filed each year until the last year of the Contract, when the final report will be completed. The report shall be assigned in CPS to the Contractor s designated representative for comment. The Contractor representative will have thirty (30) days to submit any comments and re-assign the report to the VA Contracting Officer. Failure to have a current registration with the NIH CPS database, or to re-assign the report to the VA Contracting Officer within those (30) days, will result in the Government s evaluation being placed on file in the database with a statement that the Contractor failed to respond. SPECIAL CONTRACT REQUIREMENTS Under the authority of Public Law 104-262 and 38 USC 8153, the Contractor agrees to provide VEC Program Support Services personnel and services in accordance with the terms and conditions stated herein, to furnish to and at the CMCVAMC, the services and prices specified in the Section entitled Schedule of Services and Prices/Costs of this Contract. Services Required The services specified in the Sections entitled Schedule of Services and Prices/Costs and Special Contract Requirements may be changed by written modification to this Contract. The modification will be prepared by the VA Contracting Officer. Other necessary personnel for the operation of the services Contracted for at the VA will be provided by the VA at levels mutually agreed upon which are compatible with the safety of the patient and personnel and with quality medical care programming. The services to be performed by the Contractor will be performed in accordance with VA policies and procedures and the regulations of the Medical Staff Bylaws of the VA facility. NOTE: THIS NOTICE WAS NOT POSTED TO FEDBIZOPPS ON THE DATE INDICATED IN THE NOTICE ITSELF (12-DEC-2018); HOWEVER, IT DID APPEAR IN THE FEDBIZOPPS FTP FEED ON THIS DATE. PLEASE CONTACT 877-472-3779 or fbo.support@gsa.gov REGARDING THIS ISSUE.
 
Web Link
Link To Document
(https://www.fbo.gov/spg/VA/PiVAMC646/PiVAMC646/36C24419Q0154/listing.html)
 
Record
SN05172665-F 20181214/181212230025 (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.