SOURCES SOUGHT
J -- Columbus VAACC | Carefusion | BD Alaris Infusion Pump
- Notice Date
- 9/1/2023 11:04:44 AM
- Notice Type
- Sources Sought
- NAICS
- 811210
—
- Contracting Office
- 250-NETWORK CONTRACT OFFICE 10 (36C250) DAYTON OH 45428 USA
- ZIP Code
- 45428
- Solicitation Number
- 36C25023Q1073
- Response Due
- 9/6/2023 5:00:00 AM
- Archive Date
- 10/06/2023
- Point of Contact
- Michael.Groneman@va.gov, Michael E. Groneman, Phone: 513-559-3706
- E-Mail Address
-
Michael.Groneman@va.gov
(Michael.Groneman@va.gov)
- Awardee
- null
- Description
- 2 PERFORMANCE WORK STATEMENT The purpose of this procurement is to acquire infusion pump software management services (SMS) for use in VA Central Ohio Healthcare System in Columbus, Ohio, VISN 10. The Contractor shall provide all software maintenance service on Alaris System from BD (formerly CareFusion) equipment currently in use. BACKGROUND Software Management Services for the Alaris System enhances the value of the existing Alaris System and the Alaris Systems Manager. Inclusive to the Alaris System are software enhancements covering the whole Guardrails Suite MX and the Alaris Systems Manager, services that include internet, webinar and on-site training and clinical education; support ranging from remote monitoring of the Alaris Systems Manager to technical support for the Alaris System. Software Management also boasts a powerful collection of data and analytics tools and services. This package allows facilities to leverage and optimize their investment to help the hospital staff enhance patient care and safety, as well as to support the integration and implementation of future products. The following components comprise the Alaris Infusion System for this requirement. VA-MDNS Category Model INFUSION PUMPS: MULTITHERAPY: SYRINGE Perfusor Space INFUSION PUMPS: MULTITHERAPY Alaris Pump Module 8100 INFUSION CONTROLLERS Alaris Pc Unit 8015 INFUSION PUMPS: ANALGESIC: PATIENT-CONTROLLED N/A NETWORKED SERVERS: MEDICAL Alaris Systems Manager; BD Care Coordination Engine SOFTWARE: MEDICAL Guardrails Editor; CQI Reporter; Alaris System Maintenance Infusion system modules connect to an infusion controller (PCU) on the Alaris pump. The PCU connects wirelessly to the VA enterprise network to transmit and receive data to and from the Alaris Systems Manager virtual server which resides in Cleveland VA data center. The clinical end users in pharmacy access the Alaris Systems Manager server to manage system configuration, retrieve pump connectivity data, capture data analytics, and upload infusion drug libraries. The clinical users also access software applications such as Guardrails Editor and CQI reporter from their workstations to manage drug library configuration and analyze reports collected from infusion data. The Cerner Care Coordination Engine (CCE) is another physical server residing in a VA data center that allow for the infusion devices to wirelessly communicate interoperability parameters to the Oracle Cerner EHR. SCOPE OF WORK The Contractor shall provide all software maintenance service on all Alaris system equipment currently in the VA Central Ohio Healthcare System. The services shall be in accordance with the tasks and deliverables as described in this Performance Work Statement (PWS). The Contractor shall provide software service and support for all devices listed in the Background section. The Contractor shall complete all system enhancements and patching with clear communication and preparation. The Contractor shall communicate all enhancements and support activations required to keep the system running effectively to the primary point of contact (POC) or the contracting officer representative (COR). All maintenance and updates shall be scheduled at least three (3) days in advance with the COR. All activities related to this contract shall be in the best interest of the veterans served and coordination of all activities shall be planned accordingly. Information Security Considerations All VA sensitive information shall be protected at all times, in accordance with VA Local site guidelines. The Contractor shall report any known or suspected security/privacy incidents, or any unauthorized disclosure of sensitive information to the COR. Any wireless connectivity to the VA network must be compatible with 802.11b/g/n and FIPS 140-2 compliant. Any remote service support requires a memorandum of understanding/interconnection security agreement (MOU/ISA) with the VA. Service & Maintenance will follow the security requirements as per VA s Medical Device Protection Program (MDPP) which protects VA s medical devices through a comprehensive security initiative that encompasses pre-procurement assessments, medical device isolation architecture (MDIA), communication, validation, scanning, access control list remediation, patching, and secure remote connectivity. General Security Contractors, contractor personnel, subcontractors, and subcontractor personnel shall be subject to the same Federal laws, regulations, standards, and VA Directives and Handbooks as VA and VA personnel regarding information and information system security. Information Security Considerations A contractor/subcontractor shall request logical (technical) or physical access to VA information and VA information systems for their employees, subcontractors, and affiliates only to the extent necessary to perform the services specified in the contract, agreement, or task order. The contractor shall be responsible for safeguarding all government equipment, information and property provided for contractor use. At the close of each work period, government facilities, equipment, and materials shall be secured. All contractors, subcontractors, and third-party servicers and associates working with VA information are subject to the same investigative requirements as those of VA appointees or employees who have access to the same types of information. The level and process of background security investigations for contractors must be in accordance with VA Directive and Handbook 0710, Personnel Suitability and Security Program. The Office for Operations, Security, and Preparedness is responsible for these policies and procedures. A BI is not required per VA Information and Information System Security/Privacy Requirements for IT Contracts dated August 2008 if the following exception applies: Contract Personnel with limited and intermittent access to equipment connected to facility networks on which limited VA sensitive information may reside, including medical equipment contractors who install, maintain, and repair networked medical equipment such as CT scanners, EKG systems, ICU monitoring, etc. In this case, Veterans Health Administration facilities must have a duly executed VA Business Associate Agreement (BAA) in place with the vendor in accordance with VHA Handbook 1600.1, Business Associates, to assure compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) in addition to the contract. Contract personnel, if on site, should be escorted by VA IT Staff. Security Incident Investigation The term security incident means an event that has, or could have, resulted in unauthorized access to, loss or damage to VA assets, or sensitive information, or an action that breaches VA security procedures. The contractor/subcontractor shall immediately notify the COTR and simultaneously, the designated ISO and Privacy Officer for the contract of any known or suspected security/privacy incidents, or any unauthorized disclosure of sensitive information, including that contained in system(s) to which the contractor/subcontractor has access. To the extent known by the contractor/subcontractor, the contractor/subcontractor s notice to VA shall identify the information involved, the circumstances surrounding the incident (including to whom, how, when, and where the VA information or assets were placed at risk or compromised), and any other information that the contractor/subcontractor considers relevant. Liquidated Damages For Data Breach Consistent with the requirements of 38 U.S.C. §5725, a contract may require access to sensitive personal information. If so, the contractor is liable to VA for liquidated damages in the event of a data breach or privacy incident involving any SPI the contractor/subcontractor processes or maintains under this contract. However, it is the policy of VA to forgo collection of liquidated damages in the event the contractor provides payment of actual damages in an amount determined to be adequate by the agency. Based on the determinations of the independent risk analysis, the contractor shall be responsible for paying to the VA liquidated damages in the amount of $37.50 per affected individual to cover the cost of providing credit protection services to affected individuals consisting of the following: Notification. One year of credit monitoring services consisting of automatic daily monitoring of at least 3 relevant credit bureau reports. Data breach analysis. Fraud resolution services, including writing dispute letters, initiating fraud alerts and credit freezes, to assist affected individuals to bring matters to resolution. One year of identity theft insurance with $20,000.00 coverage at $0 deductible; and Necessary legal expenses the subjects may incur to repair falsified or damaged credit records, histories, or financial affairs. DELIVERABLES The Contractor shall perform/provide the following services: Training The service shall include on-site nursing clinical support for practice reinforcement that can be used for compliance rounds and hospital best practices. One time during the base year of the contract period and any subsequent option year, the service must provide one eight (8) hour day of on-site clinical consulting at the facility per 500 units. Practice reinforcement should include nursing staff interactions with the devices and recommending improved practices for medication safety. Written report shall be provided to the facility for each practice reinforcement visit. The service shall include a workshop with clinical peers to support customer adoption of CQI Reporter software and enhance interpretation skills of CQI data. Workshop shall be for a period of 2 days and hosted by the Contractor at Location (can be within VISN or general region) once during the base year of the contract and each subsequent option year (annually). Workshop shall cover defining and creating a systematic approach to analyzing Guardrails Reporter software alerts and refine drug libraries, dose limits, and clinical advisories to achieve maximum impact for the organization. The service shall include access to online education. Video content must be made available, upon request, to VA education staff and allowed to be uploaded by the VA to internal learning management systems. The service shall include Suite training sessions with clinical peers to refresh skills on the use of CQI Reporter and Editor training. The training sessions shall be available monthly and can be used as needed. The service shall provide tuition annually for up to two (2) representatives to attend the System Data Workshop. All contractor employees and subcontractor employees requiring access to VA information and VA information systems shall complete the following before being granted access to VA information and its systems: Sign and acknowledge (either manually or electronically) understanding of and responsibilities for compliance with the Contractor Rules of Behavior, Appendix E relating to access to VA information and information systems. Successfully complete the VA Cyber Security Awareness and Rules of Behavior training and annually complete required security training. Successfully complete the appropriate VA privacy training and annually complete required privacy training; and Successfully complete any additional cyber security or privacy training, as required for VA personnel with equivalent information system access [to be defined by the VA program official and provided to the contracting officer for inclusion in the solicitation document e.g., any role-based information security training required in accordance with NIST Special Publication 800-16, Information Technology Security Training Requirements.] The contractor shall provide to the contracting officer and/or the COTR a copy of the training certificates and certification of signing the Contractor Rules of Behavior for each applicable employee within 1 week of the initiation of the contract and annually thereafter, as required. Failure to complete the mandatory annual training and sign the Rules of Behavior annually, within the timeframe required, is grounds for suspension or termination of all physical or electronic access privileges and removal from work on the contract until such time as the training and documents are complete. Support The service shall include phone or email access to highly qualified Pharmacy Consultants and Clinical Infusion Data Consultants to address customer data set questions and concerns and assist with the interpretation of CQI data. The Contractor shall provide a turnaround time of 48 hours from the initial phone call or email communicating a customer issue. Qualified Pharmacy Consultants must be a RPh and have at least 3 years experience working with BD (formerly CareFusion) Continuous Quality Improvement (CQI) information to make recommendations for improved safety limits on specific pharmaceutical products. Clinical Infusion Data Consultants (formerly CQI Managers) must have at least 3 years experience working with BD CareFusion CQI information to make recommendations for improved safety limits on specific pharmaceutical products and other data set parameters. The service shall provide live technical telephone support with BD authorized support professionals based in the United States. The team must be ready to assist and provide support for equipment covered in this contract from 8:00am to 8:00pm EST, Monday through Friday. The service shall provide Clinical Infusion Data Consultant data support via phone or email from 8:00am to 8:00pm EST, Monday through Friday, for questions related to the use of the software and interpretation, review, and consulting of data. Data & Analytics The service shall provide real-time monitoring of the Systems Manager to ensure system uptime, functionality, optimization, and health in accordance with the national MOU/ISA. The service shall provide concise, actionable information on the hospital s infusion management practices, without requiring analytical or reporting software installation or in-house technical resources. This includes unlimited access to a web-based portal defined by hospital with benchmarking tools and the ability to view all infusions. The Government can request a quarterly phone call or report with the data analyst to review the findings in this report. The service shall provide benchmarking tools and the ability to view all infusions (not just those outside of prescribed ranges). This information must be web-based and be accessible to an unlimited number of users per hospital. These services would require hosting on a vendor platform but must not contain any sensitive information, in accordance with the national MOU/ISA. Software Updates & Maintenance If the Contractor releases updates to the software to enhance the security or operation of the software, the Contractor shall deliver the enhancement to the Government in machine-readable form with instructions to assist the Government with installing the enhancement. These enhancements will be provided to the Government within 60 days of their issuance or data of first commercial availability, with no additional charge to the Government, for all equipment currently in use. As applicable, the Contractor will install each enhancement remotely through the Contractor s remote access solution. The Contractor shall use commercially reasonable efforts to correct errors in the software that materially affect the functionality of the software. All labor, time, materials, equipment, travel, service manuals, and supplies necessary to keep the equipment operational during the contract period shall be included. If an enhancement requires a change to the Alaris system embedded software, then one time during each annual period, the Contractor will perform one (1) on-site technical service visit for up to eight (8) hours for each 80 units to install the latest version of the software, download CQI data and upload the Government s data set onto the licensed units. The contractor shall provide telephone support to the Government regarding the operation of and potential errors in the software. The Contractor shall deliver the product. After contacting the COR (or COR designee) at the VA, a specific time will be scheduled for delivery of the product. The service shall provide enhancements to the Suite MX software when commercially available enabling the same functionality of infusion pumps as a new Alaris system installation. This includes updates to the Alaris System to install the newest version of Suite MX software. The service shall provide System Manager service patch management of the operating system, systems manager application, and other software components, including rigorous testing before deployment and customized patch cycles and notifications options. All software patches and updates shall be provided at no additional cost to the Government. Remote management of the server shall be delivered in accordance with the most current version of the national MOU/ISA between VA and BD CareFusion. The service shall provide remote installation of server system patches, including the Operating System, Alaris Systems Manager, and other system components which will be patched regularly. Software update/enhancement installations shall be scheduled and performed outside normal business hours, 8:00am to 5:00pm EST Monday through Friday, of coverage at no additional charge to the Government (unless it would be detrimental to equipment up-time, as determined by the COR). Unscheduled Maintenance (Emergency Repair Service) The Contractor s Field Service Engineer (FSE) shall respond via phone call to the COR or his/her designee immediately after receipt of telephoned notification twenty-four (24) hours per day. If the problem cannot be corrected by phone, the FSE will commence work (on-site or remote desktop response) within two (2) hours after receipt of this second notification and will proceed progressively to completion without undue delay. This requirement for response time shall be the same for both service calls during the VA normal business hours and after-hour service calls. The COR will provide the Contractor with (a) an accurate description of the software error; (b) the steps necessary to reproduce the software error, if available; (c) if required, the data being processed at the time of the software error and associated log files; and (d) the severity of the software error, including the circumstances that lead to the software error. The COR and the Contractor will communicate and mutually agree on the severity level of the software error in writing. The severity will be determined based on potential impact to patient care delivery as well as potential patient adverse outcome as follows: High = significant risk of injury to a patient or full system downtime more than four hours Medium = moderate risk of injury to a patient or partial system downtime more than four hours (or full system more than one hour but less than two) Low = no risk of injury to a patient or partial system downtime less than four hours Scheduled Maintenance The Contractor shall perform patches, updates, and enhancements to ensure equipment and software perform in accordance with the latest OEM maintenance procedures and protocols. Patching shall be provided for all environments: pre-production, production, and training environments. Scheduled software maintenance shall be scheduled at least three (3) days in advance with the COR. An outline of the scheduled software maintenance procedures and schedule shall be provided to the COR. The Contractor shall provide and utilize procedures and checklists with worksheet originals indicating work performed and actual values obtained, as applicable. This documentation shall be provided to the COR at the completion of the scheduled software maintenance. The Contractor shall provide written description of scheduled software maintenance. This description shall include an itemized list of the procedures performed. Scheduled software maintenance services shall include, but need not be limited to, the following: Reviewing operating system software diagnostics to ensure that the system is operating in accordance with the manufacturer s specifications. Performing remedial software maintenance of non-emergent nature Returning the equipment to the operating condition, per OEM standards Providing documentation of services performed Services shall be performed from 8:00am to 8:00pm EST, Monday through Friday. All exceptions to the scheduled software maintenance schedule shall be arranged and approved in advance with the COR. Check in Requirements The Field Service Engineer must report to the Healthcare Technology Management (HTM) Department of the Ambulatory Care Center to sign in with HTM staff before work begins. Submit any mobile media devices that would be used on the system for a virus scan. Upon completion of work, the Field Service Engineer must report to HTM to sign out and brief HTM Staff or Supervisor if HTM Staff is unavailable concerning completion of service. At the end of briefing, Field Service Engineer will sign out in the HTM Department. HTM can be reached at 614-388-7123. Documentation & Reports The documentation shall include legible and detailed descriptions of the scheduled and unscheduled software maintenance (i.e., emergency software repairs (ESR)) and inspection procedures performed, including updates, replaced parts and services required to maintain the software within 15 days of service being provided. The legible and detailed field service report must be provided at minimum via the email address: VHACOSHTM@va.gov. A verbal service report indicating pass or fail must be provided to HTM staff prior to leaving the facility. If any safety concern is identified during the service visit the FSE must report to HTM staff immediately so that the equipment can be taken out of service if necessary. The ESR shall consist of a separate report for the item(s) covered under the specific contract. Grouping different software from different contracts on one ESR is prohibited. In addition, each ESR shall, at a minimum, document the following data legibly and in complete detail: Contractor information: Name of Contractor Contract Number Name of FSE who performed the services Contractor service ESR number/log number Date and time (starting and ending), software downtime, and hours on-site for service call VA purchase order numbers covering the call Description of problem reported by COR or Authorized VA employee Identification of software to be serviced: Software license and version number Inventory ID number Manufacturer name Device name, model number, and serial number Any other manufacturer identification numbers Itemized description of service performed: Labor and travel Software patches Parts (with part numbers) Materials and location of problem/corrective action Total cost to be billed, if applicable (i.e., service rendered after normal hours of coverage) * Signatures: FSE performing services described Authorized VA employee who witnessed service described *Any additional charges for work performed outside the scope of this contract shall be coordinated with the CO (Contracting Officer) and COR before service is initiated. Payments All invoices shall be submitted monthly in arrears. Invoices shall be properly prepared in accordance with FAR 52.212-4, shall contain sufficient detail, shall match with the service tickets for the work rendered, and shall match the contracting line-item numbers (CLINs). Invoices shall be sent electronically to the VA Financial Services Center for payment processing via their electronic e-Invoice system. At a minimum, invoices shall include the following details: Contract number Purchase order number (Correct purchase order number which will be issued by the Contracting Officer after the contract is awarded. Invoices without correct purchase order number shall be rejected and returned to the Contractor.) Item(s) covered (to include License numbers) Description of the services rendered Billing period in which the services were rendered Invoice number and date Competency and Certification of Personnel Servicing Equipment Each respondent must have an established business, with an office and full-time staff. The staff shall include a fully qualified FSE and fully qualified alternate FSE. Fully qualified is defined as having successfully completed OEM training required for the equipment identified on the schedule. The FSEs shall be authorized by the Contractor to perform the maintenance services. All work shall be performed by fully qualified competent FSEs. The Contractor shall provide copies of all OEM training certificates for FSEs showing types of equipment and dates of training for all equipment identified to be covered. When deemed appropriate, the COR reserves the right to prohibit Contractor personnel from working on VAMC equipment. Test Equipment: Upon request of the COR or the Contracting Officer, the Contractor shall provide a copy of the current Calibration Certification of all test equipment which is to be used by the Contractor to perform service under this contract. Calibration of equipment shall be traceable and in conformance with test equipment Original Equipment Manufacturer standards. All deliverables and tasks described in this PWS are to be provided as part of the agreement and are not limited to the list provided. Information Systems Hosting, Operations, Maintenance, or Use Bio-Medical devices and other equipment or systems containing media (hard drives, optical disks, etc.) with VA sensitive information must not be returned to the vendor at the end of lease, for trade-in, or other purposes. The options are: Vendor must accept the system without the drive. VA s initial medical device purchase includes a spare drive which must be installed in place of the original drive at time of turn-in; or VA must reimburse the company for media at a reasonable open market replacement cost at time of purchase. Due to the highly specialized and sometimes proprietary hardware and software associated with medical equipment/systems, if it is not possible for the VA to retain the hard drive. The equipment vendor must have an existing BAA if the device being traded in has sensitive information stored on it and hard drive(s) from the system are being returned physically intact; and Any fixed hard drive on the device must be non-destructively sanitized to the greatest extent possible without negatively impacting system operation. Selective clearing down to patient data folder level is recommended using VA approved and validated overwriting technologies/methods/tools. Applicable media sanitization specifications need to be preapproved and described in the purchase order or contract. A statement needs to be signed by the Director (System Owner) that states that the drive could not be removed and that (a) and (b) controls above are in place and completed. The ISO needs to maintain the documentation. VA Information Custodial Language Information made available to the contractor or subcontractor by VA for the performance or administration of this contract or information developed by the contractor/subcontractor in performance or administration of the contract shall be used only for those purposes and shall not be used in any other way without the prior written agreement of the VA. This clause expressly limits the contractor/subcontractor's rights to use data as described in Rights in Data - General, FAR 52.227-14(d) (1). The contractor/subcontractor must store, transport, or transmit VA sensitive information in an encrypted form, using VA-approved encryption tools that are, at a minimum, FIPS 140-2 validated. SYSTEM INTERCONNECTION a. Any VA External Computer System interconnections between VA Systems on the VA Network and VA Business Partner Systems residing outside the VA Network will require a signed Memorandum of Understanding (MOU) and Interconnection Security Agreement (ISA) collectively known as MOU ISA between the VA and the VA Business Partner. PERFORMANCE STANDARDS Deliverable Reference Paragraph Deliverable Description Standard Performance Threshold Method of Surveillance Potential Action if Standard Not Met Due to Fault of Contractor 3.1 Web-based refresher training for infusion data Provided monthly 90% Monthly surveillance No renewal of option year(s). Performance reflected in CPARS rating. Payment withheld for deliverable for impacted timeframe. 3.2 Access to Knowledge Portal by all registered staff Web-based portal is always accessible 95% Periodic surveillance of access by CE No renewal of option year(s). Performance reflected in CPARS rating. Payment withheld for deliverable for impacted timeframe. 3.2 Technical telephone support Call back within two (2) hours No more than 1 instance of non-compliance Periodic surveillance of access No renewal of option year(s). Performance reflected in CPARS rating. Payment withheld for deliverable for impacted timeframe. 3.2 Access to Pharmacy Consultants via phone/email As needed No more than 1 instance of non-compliance Periodic surveillance of access No renewal of option year(s). Performance reflected in CPARS rating. 3.2 One (1) on-site technical service visit for up to eight (8) hours for each 80 units As needed 100% Periodic surveillance of access No renewal of option year(s). Performance reflected in CPARS rating. Payment withheld for line item if not received. 3.2 One (1) on-site nursing clinical support for practice reinforcement for eight (8) hours for each 500 units) As needed 100% Periodic surveillance of access No renewal of option year(s). Performance reflected in CPARS rating. Payment withheld for line item if not received. 3.3 Infusion Analytics Services Data Analysts areavailable quarterly 100% Quarterly surveillance No renewal of option year(s). Performance reflected in CPARS rating. Payment withheld for deliverable for impacted timeframe. 3.4 Guardrails® Suite MX Software enhancements All changes/updates and maintenance, etc. are documented and reported to the COR within 8 hours 95% Inspection of service report by the COR No renewal of option year(s). Performance reflected in CPARS rating. Payment withheld for deliverable for impacted timeframe. 3.4 Server patches and updates All changes/updates and maintenance, etc. are documented and reported to the COR within 8 hours 95% Inspection of service report by the COR No renewal of option year(s). Performance reflected in CPARS rating. Payment withheld for deliverable for impacted timeframe. 3.4 Emergency Repair Service As needed 100% Inspection of service report by the COR No renewal of option year(s). Performance reflected in CPARS rating 3.5 Documentation & Reports For every maintenance event. Within 7 days of the event. 100% Inspection of the document or report by the COR No renewal of option year(s). Performance reflected in CPARS rating PERFORMANCE PERIOD The period of performance (POP) shall be for a base year and four (4) one (1) year options: Normal hours of work are defined as Monday through Friday from 8:00am to 8:00pm EST, excluding Federal holidays or as otherwise arranged with the COR. There are eleven (11) Federal holidays set by law (USC Title 5 Section 6103) that VA follows: Under current definitions, five (5) are set by date: New Year s Day January 1 Juneteenth National Independence Day June 19 Independence Day July 4 Veterans Day November 11 Christmas Day December 25 If any of the above falls on a Saturday, then Friday shall be observed as a holiday. Similarly, if one falls on a Sunday, then Monday shall be observed as a holiday. The other six (6) are set by a day of the week and month: Birthday of Martin Luther King, Jr. Third Monday in January Washington s Birthday Third Monda...
- Web Link
-
SAM.gov Permalink
(https://sam.gov/opp/070e8e4ff9b341d1af5722c91c1bde05/view)
- Place of Performance
- Address: Columbus VAACC 420 North James Road Columbus, Ohio, 43219, USA
- Country: USA
- Country: USA
- Record
- SN06817209-F 20230903/230901230103 (samdaily.us)
- Source
-
SAM.gov Link to This Notice
(may not be valid after Archive Date)
| FSG Index | This Issue's Index | Today's SAM Daily Index Page |