Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
SAMDAILY.US - ISSUE OF JUNE 10, 2024 SAM #8231
SOURCES SOUGHT

D -- VISN 20 Radiology CD Creation Solution

Notice Date
6/8/2024 6:47:33 AM
 
Notice Type
Sources Sought
 
NAICS
541511 — Custom Computer Programming Services
 
Contracting Office
260-NETWORK CONTRACT OFFICE 20 (36C260) VANCOUVER WA 98662 USA
 
ZIP Code
98662
 
Solicitation Number
36C26024Q0636
 
Response Due
6/21/2024 12:00:00 PM
 
Archive Date
07/21/2024
 
Point of Contact
Nazanin Kreiner, Contract Specialist, Phone: (208) 429-2033
 
E-Mail Address
nazanin.kreiner@va.gov
(nazanin.kreiner@va.gov)
 
Awardee
null
 
Description
THIS IS A SOURCES SOUGHT NOTICE ONLY. This is not a solicitation for bids, proposals, proposal abstracts, or quotations. The purpose of this Sources Sought Notice is to obtain information regarding the availability and capability of all qualified sources to perform a potential requirement. The responses received from interested contractors will assist the Government in determining the appropriate acquisition method. The Department of Veterans Affairs (VA), Network Contracting Office (NCO) 20, is conducting market research to identify potential sources which can provide the following in support of the The VA Northwest Health Network, Veterans Integrated Service Network (VISN 20): VISN 20 Radiology teams require a centralized, zero footprint CD creation and connectivity solution to manage import and export of images and exam measurements. Streamlining image and exam measurement communication increases the efficiency of operations allowing staff more time to focus on Veteran care. Further, it enhances patient safety by improving the level of communication accuracy. PERFORMANCE WORK STATEMENT VISN 20 Radiology CD Creation and Connectivity Solution VISN 20 Contract Title. VISN 20 Radiology CD Creation and Connectivity Solution Background. The VA Northwest Health Network, Veterans Integrated Service Network (VISN 20), is responsible for providing health care to Veterans in the states of Alaska, Washington, Oregon, most of the state of Idaho, and one county each in Montana and California. VISN 20 encompasses 135 counties which cover approximately 23% of the United States land mass; 17% of which are classified as health professional shortage areas. 67% of these same counties had a 2001 per capita income below $25,000. There are approximately 1.2 million Veterans living in the Pacific Northwest and Alaska, 18% of whom received VA services. The VISN 20 network of 8 health care facilities is comprised of 7 medical centers and 1 rehabilitation center. 3 of the health care facilities are 2-division campuses. These 11 health care sites support 36 Community Based Outpatient Clinics. VISN 20 Radiology teams require a centralized, zero footprint CD creation and connectivity solution to manage import and export of images and exam measurements. Streamlining image and exam measurement communication increases the efficiency of operations allowing staff more time to focus on Veteran care. Further, it enhances patient safety by improving the level of communication accuracy. Applicable Documents. In performance of the tasks associated with this Performance Work Statement, the Contractor shall comply with the following: 44 U.S.C. § 3541, Federal Information Security Management Act (FISMA) of 2002 FIPS Pub 201, Personal Identity Verification of Federal Employees and Contractors, March 2006 5 U.S.C. § 552a, as amended, The Privacy Act of 1974 42 U.S.C. § 2000d Title VI of the Civil Rights Act of 1964 VA Directive 0710, Personnel Suitability and Security Program, September 10, 2004 VA Directive 6102, Internet/Intranet Services, July 15, 2008 36 C.F.R. Part 1194 Electronic and Information Technology Accessibility Standards, July 1, 2003 Office of Management & Budget (OMB) Circular A-130, Management of Federal Information Resources, November 28, 2000 32 C.F.R. Part 199, Civilian Health and Medical Program of the Uniformed Services (CHAMPUS) An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule, October 2008 Sections 504 and 508 of the Rehabilitation Act (29 U.S.C. § 794d), as amended by the Workforce Investment Act of 1998 (P.L. 105-220), August 7, 1998 Homeland Security Presidential Directive (12) (HSPD-12) VA Directive 6500, Information Security Program, August 4, 2006 VA Handbook 6500.6, Contract Security, March 12, 2010 Program Management Accountability System (PMAS) portal (reference PWS References Technical Library at https://www.voa.va.gov/) National Institute Standards and Technology (NIST) Special Publications Scope. The Contractor must provide all hardware, software and services listed below. VISN facilities at which the system shall be installed and utilized are listed in Table 1. Server based system will be hosted by the VISN 20 Healthcare Technology Management (HTM) virtual server platform Nutanix at respective facilities. Software must be VA Technical Reference Model (TRM) Approved. Any deviation from these specifications must be approved in writing by the COR. Server based, zero footprint image import software to include: Document Scanning, to include OCR and Barcode scanning Patient study importing Importing of DICOM Images Ability to virtually print documents to DICOM Use access and centralized administrative management, configuration, logging, and audit Licensing and configuration for 85 document scanners within VISN 20 Server based, zero footprint CD creation and image export software to include: Outbox release of information (ROI) application Study and report burning from anywhere in VISN 20 on the existing CD burners Licensing and configuration for 17 CD Burners within VISN 20 Custom label creation Server based, zero footprint CD import software to include: CD-DICOM import functionality to remote facilities Rules based import and folder configurations Zero footprint user access Centralized auditing and logging Measurements integration with VISN 20 Radiology Reporting System Nuance Powerscribe 360 Auto-population of fluency templates with measurement data received from ultrasound imaging modalities via DICOM SR or HL7 Flexible configuration to map measurement data to Nuance PowerScribe 360 fields Direct integration with Nuance PowerScribe 360 Licensing and configuration for 61 ultrasound modalities within VISN 20 Licensing for export of 24,000 exam measurements to Nuance PowerScribe 360 Customizable electronic forms to include: Allow users to create custom electronic forms Add pulldown, text, and radio box fields Add background and other images to the form Supports writing or drawing on forms Autofill form fields with DICOM worklist or SR values Send Form as image(s) to PACS and/or measurements to Nuance PowerScribe 360 Project Management Project kickoff meeting and periodic project calls as scheduled with and determined by the COR Detailed project plan documents which shall include a schedule, environmental planning, hardware planning, software planning, data collection, data validation and staff training. Once the project plan is approved by the COR, the contractor shall implement the project plan Training Provide and execute a comprehensive staff training plan Provide follow on staff training as requested by the COR Maintenance and Support Telephone and email technical support Respond to critical malfunctions (issues that result in user work stoppage) within 1 business day of notification from the customer Respond to non-critical malfunctions or workflow inquires within 5 business days of notification from the customer Provide field service reports to the COR Table 1: VISN 20 Facilities VISN Station Address 20 463-VA Anchorage Health Care System 1201 North Muldoon Road Anchorage, AK 99504 20 531-VA Boise Medical Center 500 W. Fort Street Boise, ID 83702 20 648-VA Portland Medical Center 3710 SW US Veterans Hospital Road Portland, OR 97239-2999 20 653-VA Roseburg Health Care System 913 Garden Valley Boulevard Roseburg, OR 97470 20 663-VA Puget Sound Health Care System 1660 South Columbian Way Seattle, WA 98108-1597 20 668-VA Spokane Medical Center N. 4815 Assembly Street Spokane, WA 99205 20 687-Jonathan M. Wainwright Memorial VA Medical Center 77 Wainwright Drive Walla Walla, WA 99362 20 692-VA Southern Oregon Rehabilitation Center and Clinics 8495 Crater Lake Highway White City, OR 97503 Performance Period. The period of performance shall be 1, 12-month base period plus 2, additional 12-month option periods as stated below: Base Year 30 September 2024 29 September 2025 Option Year 1 30 September 2025 29 September 2026 Option Year 2 30 September 2026 29 September 2027 Place of Performance. Contract performance shall take place at the contractor s location(s) and at the locations in Table 1. Travel for Installation, Implementation and Training. The Government does not anticipate Contractor travel under this contract. No travel costs will be reimbursed by VA. Government Furnished Equipment/Information. The Contractor shall be allowed access to Government equipment including servers and network infrastructure. Information on Government equipment and systems shall be provided as necessary. No Government-owned property will be transferred into the Contractor s control. Additional software products may be provided by the Government as identified to facilitate Contractor access, e.g. Microsoft Terminal Services. Invoicing. Invoices shall be submitted electronically via the Financial Services Center Mandatory Electronic Invoice System, on a monthly basis. Invoices must include, at a minimum, the following information: Contractor name, purchase order number, period of service the billing covers, and a list of equipment items covered during the stated period of performance. This requirement is in accordance with VARR Clause 852.232-72 Electronic Submission of Payment Requests: http://www.fsc.va.gov/einvoice.asp. Electronic payments are net 30 days. Security Requirements. All contractor employees are subject to the same level of investigation as VA employees who have access to VA sensitive information or access to VA facilities. The background investigation includes the following requirements: 1) Completed documentation 2) Fingerprints 3) Completion of OPM s e-QIP Questionnaire. The Contractor is required to fulfill all of the security requirements. The Contractor, upon completion of fingerprinting, and an initial suitability determination, may be authorized tentative access to start the performance period of the contract, but only on condition of completion of all security requirements. This requirement is applicable to all subcontractor personnel requiring the same access. Refer to Appendix A for a complete list of security requirements. APPENDIX A Information and Information System Security/Privacy GENERAL Contractors, contractor personnel, subcontractors, and subcontractor personnel shall be subject to the same Federal laws, regulations, standards, and VA Directives and Handbooks as VA and VA personnel regarding information and information system security. ACCESS TO VA INFORMATION AND VA INFORMATION SYSTEMS a. A contractor/subcontractor shall request logical (technical) or physical access to VA information and VA information systems for their employees, subcontractors, and affiliates only to the extent necessary to perform the services specified in the contract, agreement, or task order. b. All contractors, subcontractors, and third-party servicers and associates working with VA information are subject to the same investigative requirements as those of VA appointees or employees who have access to the same types of information. The level and process of background security investigations for contractors must be in accordance with VA Directive and Handbook 0710, Personnel Suitability and Security Program. The Office for Operations, Security, and Preparedness is responsible for these policies and procedures. c. Custom software development and outsourced operations must be located in the U.S. to the maximum extent practical. If such services are proposed to be performed abroad and are not disallowed by other VA policy or mandates, the contractor/subcontractor must state where all non-U.S. services are provided and detail a security plan, deemed to be acceptable by VA, specifically to address mitigation of the resulting problems of communication, control, data protection, and so forth. Location within the U.S. may be an evaluation factor. d. The contractor or subcontractor must notify the Contracting Officer immediately when an employee working on a VA system or with access to VA information is reassigned or leaves the contractor or subcontractor s employ. The Contracting Officer must also be notified immediately by the contractor or subcontractor prior to an unfriendly termination. VA INFORMATION CUSTODIAL LANGUAGE a. Information made available to the contractor or subcontractor by VA for the performance or administration of this contract or information developed by the contractor/subcontractor in performance or administration of the contract shall be used only for those purposes and shall not be used in any other way without the prior written agreement of the VA. This clause expressly limits the contractor/subcontractor's rights to use data as described in Rights in Data - General, FAR 52.227-14(d) (1). b. Prior to termination or completion of this contract, contractor/subcontractor must not destroy information received from VA, or gathered/created by the contractor in the course of performing this contract without prior written approval by the VA. Any data destruction done on behalf of VA by a contractor/subcontractor must be done in accordance with National Archives and Records Administration (NARA) requirements as outlined in VA Directive 6300, Records and Information Management and its Handbook 6300.1 Records Management Procedures, applicable VA Records Control Schedules, and VA Handbook 6500.1, Electronic Media Sanitization. Self-certification by the contractor that the data destruction requirements above have been met must be sent to the VA Contracting Officer within 30 days of termination of the contract. c. The contractor/subcontractor must receive, gather, store, back up, maintain, use, disclose and dispose of VA information only in compliance with the terms of the contract and applicable Federal and VA information confidentiality and security laws, regulations and policies. If Federal or VA information confidentiality and security laws, regulations and policies become applicable to the VA information or information systems after execution of the contract, or if NIST issues or updates applicable FIPS or Special Publications (SP) after execution of this contract, the parties agree to negotiate in good faith to implement the information confidentiality and security laws, regulations and policies in this contract. d. The contractor/subcontractor shall not make copies of VA information except as authorized and necessary to perform the terms of the agreement or to preserve electronic information stored on contractor/subcontractor electronic storage media for restoration in case any electronic equipment or data used by the contractor/subcontractor needs to be restored to an operating state. If copies are made for restoration purposes, after the restoration is complete, the copies must be appropriately destroyed. e. If VA determines that the contractor has violated any of the information confidentiality, privacy, and security provisions of the contract, it shall be sufficient grounds for VA to withhold payment to the contractor or third party or terminate the contract for default or terminate for cause under Federal Acquisition Regulation (FAR) part 12. f. The contractor/subcontractor must store, transport, or transmit VA sensitive information in an encrypted for, using VA-approved encryption tolls that are, at minimum, FIPS 140-2 validated. g. Except for uses and disclosures of VA information authorized by this contract for performance of the contract, the contractor/subcontractor may use and disclose VA information only in two other situations: (i) in response to a qualifying order of a court of competent jurisdiction, or (ii) with VA s prior written approval. The contractor/subcontractor must refer all requests for, demands for production of, or inquiries about, VA information and information systems to the VA contracting officer for response. h. Notwithstanding the provision above, the contractor/subcontractor shall not release VA records protected by Title 38 U.S.C. 5705, confidentiality of medical quality assurance records and/or Title 38 U.S.C. 7332, confidentiality of certain health records pertaining to drug addiction, sickle cell anemia, alcoholism or alcohol abuse, or infection with human immunodeficiency virus. If the contractor/subcontractor is in receipt of a court order or other requests for the above mentioned information, that contractor/subcontractor shall immediately refer such court orders or other requests to the VA contracting officer for response. SECURITY INCIDENT INVESTIGATION a. The term security incident means an event that has, or could have, resulted in unauthorized access to, loss or damage to VA assets, or sensitive information, or an action that breaches VA security procedures. The contractor/subcontractor shall immediately notify the COTR and simultaneously, the designated ISO and Privacy Officer for the contract of any known or suspected security/privacy incidents, or any unauthorized disclosure of sensitive information, including that contained in system(s) to which the contractor/subcontractor has access. b. To the extent known by the contractor/subcontractor, the contractor/subcontractor s notice to VA shall identify the information involved, the circumstances surrounding the incident (including to whom, how, when, and where the VA information or assets were placed at risk or compromised), and any other information that the contractor/subcontractor considers relevant. c. With respect to unsecured protected health information, the business associate is deemed to have discovered a data breach when the business associate knew or should have known of a breach of such information. Upon discovery, the business associate must notify the covered entity of the breach. Notifications need to be made in accordance with the executed business associate agreement. d. In instances of theft or break-in or other criminal activity, the contractor/subcontractor must concurrently report the incident to the appropriate law enforcement entity (or entities) of jurisdiction, including the VA OIG and Security and Law Enforcement. The contractor, its employees, and its subcontractors and their employees shall cooperate with VA and any law enforcement authority responsible for the investigation and prosecution of any possible criminal law violation(s) associated with any incident. The contractor/subcontractor shall cooperate with VA in any civil litigation to recover VA information, obtain monetary or other compensation from a third party for damages arising from any incident, or obtain injunctive relief against any third party arising from, or related to, the incident. LIQUIDATED DAMAGES FOR DATA BREACH a. Consistent with the requirements of 38 U.S.C. §5725, a contract may require access to sensitive personal information. If so, the contractor is liable to VA for liquidated damages in the event of a data breach or privacy incident involving any SPI the contractor/subcontractor processes or maintains under this contract. b. The contractor/subcontractor shall provide notice to VA of a security incident as set forth in the Security Incident Investigation section above. Upon such notification, VA must secure from a non-Department entity or the VA Office of Inspector General an independent risk analysis of the data breach to determine the level of risk associated with the data breach for the potential misuse of any sensitive personal information involved in the data breach. The term 'data breach' means the loss, theft, or other unauthorized access, or any access other than that incidental to the scope of employment, to data containing sensitive personal information, in electronic or printed form, that results in the potential compromise of the confidentiality or integrity of the data. Contractor shall fully cooperate with the entity performing the risk analysis. Failure to cooperate may be deemed a material breach and grounds for contract termination. c. Each risk analysis shall address all relevant information concerning the data breach, including the following: (1) Nature of the event (loss, theft, unauthorized access); (2) Description of the event, including: (a) date of occurrence; (b) data elements involved, including any PII, such as full name, social security number, date of birth, home address, account number, disability code; (3) Number of individuals affected or potentially affected; (4) Names of individuals or groups affected or potentially affected; (5) Ease of logical data access to the lost, stolen or improperly accessed data in light of the degree of protection for the data, e.g., unencrypted, plain text; (6) Amount of time the data has been out of VA control; (7) The likelihood that the sensitive personal information will or has been compromised (made accessible to and usable by unauthorized persons); (8) Known misuses of data containing sensitive personal information, if any; (9) Assessment of the potential harm to the affected individuals; (10) Data breach analysis as outlined in 6500.2 Handbook, Management of Security and Privacy Incidents, as appropriate; and (11) Whether credit protection services may assist record subjects in avoiding or mitigating the results of identity theft based on the sensitive personal information that may have been compromised. d. Based on the determinations of the independent risk analysis, the contractor shall be responsible for paying to the VA liquidated damages in the amount of $42.00 per affected individual to cover the cost of providing credit protection services to affected individuals consisting of the following: (1) Notification; (2) One year of credit monitoring services consisting of automatic daily monitoring of at least 3 relevant credit bureau reports; (3) Data breach analysis; (4) Fraud resolution services, including writing dispute letters, initiating fraud alerts and credit freezes, to assist affected individuals to bring matters to resolution; (5) One year of identity theft insurance with $20,00.00 coverage at $0 deductible; and (6) Necessary legal expenses the subjects may incur to repair falsified or damaged credit records, histories, or financial affairs. Potential candidates having the capabilities necessary to provide the above stated supplies at a fair and reasonable price are invited to respond to this Sources Sought Notice via e-mail to Nazanin Kreiner at nazanin.kreiner@va.gov no later than June 21, 2023, 1:00PM MDT. No telephone inquiries will be accepted. RESPONSES SHOULD INCLUDE THE FOLLOWING INFORMATION: Company name, address, SAM UEI and business size; point of contact name, phone number, and e-mail address; whether services are presently offered on a current GSA Federal Supply Schedule contract. NAICS Code 541511 Size Standard: $34M employees is applicable to determine business size standard. Any questions or concerns may also be directed via email to Nazanin Kreiner at nazanin.kreiner@va.gov. Disclaimer and Important Notes: This Sources Sought Notice does not obligate the Government to award a contract or otherwise pay for the information provided in response. The Government reserves the right to use information provided by respondents for any purpose deemed necessary and legally appropriate. The Government will treat any information received as proprietary and will not share such information with other companies. Any organization responding to this Sources Sought Notice should ensure that its response is complete and sufficiently detailed to allow the Government to determine the organization's qualifications to perform the work. Respondents are advised that the Government is under no obligation to acknowledge receipt of the information received or provide feedback to respondents with respect to any information submitted. The Government may or may not issue a solicitation as a result of this announcement. There is no solicitation available at this time.
 
Web Link
SAM.gov Permalink
(https://sam.gov/opp/93ff8ea8e45d496cb017a494fb086cfb/view)
 
Place of Performance
Address: Department of Veteran Affairs Network Contracting Office 20 1601 E. Fourth Plain Blvd Bldg.17, Suite B428, Vancouver 98661, USA
Zip Code: 98661
Country: USA
 
Record
SN07090833-F 20240610/240608230106 (samdaily.us)
 
Source
SAM.gov Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's SAM Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.