Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
SAMDAILY.US - ISSUE OF MARCH 15, 2025 SAM #8510
SPECIAL NOTICE

N -- NEW - Vyaire SentrySuite Upgrade

Notice Date
3/13/2025 7:10:23 AM
 
Notice Type
Special Notice
 
NAICS
811210 —
 
Contracting Office
257-NETWORK CONTRACT OFFICE 17 (36C257) ARLINGTON TX 76006 USA
 
ZIP Code
76006
 
Solicitation Number
36C25725Q0406
 
Response Due
3/18/2025 8:00:00 AM
 
Archive Date
04/17/2025
 
Point of Contact
Contract Specialist, Akisha Woods, Phone: 682-403-3103
 
E-Mail Address
Akisha.Woods@va.gov
(Akisha.Woods@va.gov)
 
Awardee
null
 
Description
Statement of Work (SOW) General: The contractor shall provide all equipment, licenses, and services as listed in the equipment description below, meeting all technical specifications as seen, for the purpose of maintaining the SentrySuite and Vmax Applications at the VA Medical Center located in Dallas, TX, which is part of the VA North Texas Healthcare System (VANTHCS). The Vyaire SentrySuite and SentryConnect software systems are a platform for respiratory testing, integrated with the EMR and Vyntus respiratory testing devices. The SentrySuite platform provides a workflow for clinical personnel to perform respiratory testing efficiently and accurately. Description of Work: The contractor shall provide all required equipment as listed below in brand new condition with associated warranties. All equipment and software must be approved by the FDA where applicable and be sourced directly from the OEM. Equipment Description: SentrySuite Maintenance, Upgrades, and Training SentrySuite Backend Upgrade Upgrade backend from version 3.20.7 to version 3.30 Interface Workflow Support Maintain Mobile Review Maintain bi-directional interface with EMR system Support issue resolution and testing requirements due to EMR system updates Support server migration Provide administrative maintenance web-based training for super users Provide proactive notification of maintenance package releases for bug fixes and cybersecurity updates Provide software upgrades when available Provide direct phone line into Professional Services Provide priority response and resolution for calls into Professional Services Support report and predicted set customization Hours of Performance: Standard workhours are Monday through Friday 8:00 AM to 4:30 PM CST, with exception of the eleven recognized federal holidays: New Years Day, Martin Luther King Jr. Day, Presidents Day, Memorial Day, Juneteenth Independence Day, Independence Day, Labor Day, Columbus Day, Veterans Day, Thanksgiving Day, and Christmas Day. Documentation: Contractor shall provide a complete shipping report upon delivery of the equipment to Biomedical Staff in the Biomed Department. Payment will not be processed until all equipment has been received by the Biomed Department. Place of Performance: Department of Veterans Affairs Dallas VA Medical Center 4500 S. Lancaster Road Dallas, Texas 75216 Contracting Officer Representatives: Prior to contract award, the Contracting Officer shall designate a VA Medical Center employee as the COR. All work coordination shall be made through the COR. The Contractor shall be provided a copy of the letter of delegation authorizing the COR at the commencement of the term of the contract. No other person shall be authorized to act in such capacity unless appointed in writing by the Contracting Officer. Information Technology Security Requirements: The contractor, their personnel, and their subcontractors shall be subject to the Federal laws, regulations, standards, and VA Directives and Handbooks regarding information and information system security as delineated in this contract. The contractor shall comply with all Federal laws and regulations the VA has developed when VA sensitive information is accessed, used, stored, generated, transmitted, or exchanged by and between VA and a contractor. The information made available to the contractor by VA for the performance of this contract will be used only for the purposes of performance under this contract. Security Statement: Sensitive VA information is contained within the systems covered by this contract. Biomedical Engineering shall perform virus scans on all removable media prior to use on VA medical equipment. This includes all types of removable media, including media (e.g., USB devices, CDs, dongles, etc.) that has been issued by VA, media not issued by VA, and media brought in by vendors or independent service organizations. Within accordance of VA Directive 6500, Information Security Program, September 2007 The Vendor will not transfer any VA information to a location outside the VA and only to VA locations determined by the VA System Administrator. The information in these systems may be covered by the Privacy Act 1974 which contains criminal penalties of abuse of information. During onsite service, the Vendor shall be chaperoned by VA Personnel. However, the vendor shall not be issued a User ID/Password. Non-volatile memory devices, working or non-working, shall NOT be removed from the VA Medical Center Dallas until the ISO has certified that the data has been destroyed. For magnetic devices and media, the data destruction will be by degaussing. Other forms of cleansing will be used for non-magnetic media. The vendor will not have remote access to complete the repair(s) and preventive maintenance. GENERAL Contractors, contractor personnel, subcontractors, and subcontractor personnel shall be subject to the same Federal laws, regulations, standards, and VA Directives and Handbooks as VA and VA personnel regarding information and information system security. 2. ACCESS TO VA INFORMATION AND VA INFORMATION SYSTEMS a. A contractor/subcontractor shall request logical (technical) or physical access to VA information and VA information systems for their employees, subcontractors, and affiliates only to the extent necessary to perform the services specified in the contract, agreement, or task order. b. All contractors, subcontractors, and third-party servicers and associates working with VA information are subject to the same investigative requirements as those of VA appointees or employees who have access to the same types of information. The level and process of background security investigations for contractors must be in accordance with VA Directive and Handbook 0710, Personnel Suitability and Security Program. The Office for Operations, Security, and Preparedness is responsible for these policies and procedures. c. Contract personnel who require access to national security programs must have a valid security clearance. National Industrial Security Program (NISP) was established by Executive Order 12829 to ensure that cleared U.S. defense industry contract personnel safeguard the classified information in their possession while performing work on contracts, programs, bids, or research and development efforts. The Department of Veterans Affairs does not have a Memorandum of Agreement with Defense Security Service (DSS). Verification of a Security Clearance must be processed through the Special Security Officer located in the Planning and National Security Service within the Office of Operations, Security, and Preparedness. d. Custom software development and outsourced operations must be located in the U.S. to the maximum extent practical. If such services are proposed to be performed abroad and are not disallowed by other VA policy or mandates, the contractor/subcontractor must state where all non-U.S. services are provided and detail a security plan, deemed to be acceptable by VA, specifically to address mitigation of the resulting problems of communication, control, data protection, and so forth. Location within the U.S. may be an evaluation factor. e. The contractor or subcontractor must notify the Contracting Officer immediately when an employee working on a VA system or with access to VA information is reassigned or leaves the contractor or subcontractor s employ. The Contracting Officer must also be notified immediately by the contractor or subcontractor prior to an unfriendly termination. 3. VA INFORMATION CUSTODIAL LANGUAGE a. Information made available to the contractor or subcontractor by VA for the performance or administration of this contract or information developed by the contractor/subcontractor in performance or administration of the contract shall be used only for those purposes and shall not be used in any other way without the prior written agreement of the VA. This clause expressly limits the contractor/subcontractor's rights to use data as described in Rights in Data - General, FAR 52.227-14(d) (1). b. VA information should not be co-mingled, if possible, with any other data on the contractors/subcontractor s information systems or media storage systems in order to ensure VA requirements related to data protection and media sanitization can be met. If co-mingling must be allowed to meet the requirements of the business need, the contractor must ensure that VA s information is returned to the VA or destroyed in accordance with VA s sanitization requirements. VA reserves the right to conduct on site inspections of contractor and subcontractor IT resources to ensure data security controls, separation of data and job duties, and destruction/media sanitization procedures are in compliance with VA directive requirements. c. Prior to termination or completion of this contract, contractor/subcontractor must not destroy information received from VA, or gathered/created by the contractor in the course of performing this contract without prior written approval by the VA. Any data destruction done on behalf of VA by a contractor/subcontractor must be done in accordance with National Archives and Records Administration (NARA) requirements as outlined in VA Directive 6300, Records and Information Management and its Handbook 6300.1 Records Management Procedures, applicable VA Records Control Schedules, and VA Handbook 6500.1, Electronic Media Sanitization. Self-certification by the contractor that the data destruction requirements above have been met must be sent to the VA Contracting Officer within 30 days of termination of the contract. d. The contractor/subcontractor must receive, gather, store, back up, maintain, use, disclose and dispose of VA information only in compliance with the terms of the contract and applicable Federal and VA information confidentiality and security laws, regulations and policies. If Federal or VA information confidentiality and security laws, regulations and policies become applicable to the VA information or information systems after execution of the contract, or if NIST issues or updates applicable FIPS or Special Publications (SP) after execution of this contract, the parties agree to negotiate in good faith to implement the information confidentiality and security laws, regulations and policies in this contract. e. The contractor/subcontractor shall not make copies of VA information except as authorized and necessary to perform the terms of the agreement or to preserve electronic information stored on contractor/subcontractor electronic storage media for restoration in case any electronic equipment or data used by the contractor/subcontractor needs to be restored to an operating state. If copies are made for restoration purposes, after the restoration is complete, the copies must be appropriately destroyed. f. If VA determines that the contractor has violated any of the information confidentiality, privacy, and security provisions of the contract, it shall be sufficient grounds for VA to withhold payment to the contractor or third party or terminate the contract for default or terminate for cause under Federal Acquisition Regulation (FAR) part 12. g. If a VHA contract is terminated for cause, the associated BAA must also be terminated and appropriate actions taken in accordance with VHA Handbook 1600.01, Business Associate Agreements. Absent an agreement to use or disclose protected health information, there is no business associate relationship. h. The contractor/subcontractor must store, transport, or transmit VA sensitive information in an encrypted form, using VA-approved encryption tools that are, at a minimum, FIPS 140-2 validated. i. The contractor/subcontractor s firewall and Web services security controls, if applicable, shall meet or exceed VA s minimum requirements. VA Configuration Guidelines are available upon request. j. Except for uses and disclosures of VA information authorized by this contract for performance of the contract, the contractor/subcontractor may use and disclose VA information only in two other situations: (i) in response to a qualifying order of a court of competent jurisdiction, or (ii) with VA s prior written approval. The contractor/subcontractor must refer all requests for, demands for production of, or inquiries about, VA information and information systems to the VA contracting officer for response. k. Notwithstanding the provision above, the contractor/subcontractor shall not release VA records protected by Title 38 U.S.C. 5705, confidentiality of medical quality assurance records and/or Title 38 U.S.C. 7332, confidentiality of certain health records pertaining to drug addiction, sickle cell anemia, alcoholism or alcohol abuse, or infection with human immunodeficiency virus. If the contractor/subcontractor is in receipt of a court order or other requests for the above-mentioned information, that contractor/subcontractor shall immediately refer such court orders or other requests to the VA contracting officer for response. l. For service that involves the storage, generating, transmitting, or exchanging of VA sensitive information but does not require C&A or an MOU-ISA for system interconnection, the contractor/subcontractor must complete a Contractor Security Control Assessment (CSCA) on a yearly basis and provide it to the COTR. GENERAL RULES OF BEHAVIOR a. Rules of Behavior are part of a comprehensive program to provide complete information security. These rules establish standards of behavior in recognition of the fact that knowledgeable users are the foundation of a successful security program. Users must understand that taking personal responsibility for the security of their computer and the information it contains is an essential part of their job. b. The following rules apply to all VA contractors. I agree to: (1) Follow established procedures for requesting, accessing, and closing user accounts and access. I will not request or obtain access beyond what is normally granted to users or by what is outlined in the contract. (2) Use only systems, software, databases, and data which I am authorized to use, including any copyright restrictions. (3) I will not use other equipment (OE) (non-contractor owned) for the storage, transfer, or processing of VA sensitive information without a VA CIO approved waiver, unless it has been reviewed and approved by local management and is included in the language of the contract. If authorized to use OE IT equipment, I must ensure that the system meets all applicable 6500 Handbook requirements for OE. (4) Not use my position of trust and access rights to exploit system controls or access information for any reason other than in the performance of the contract. (5) Not attempt to override or disable security, technical, or management controls unless expressly permitted to do so as an explicit requirement under the contract or at the direction of the COTR or ISO. If I am allowed or required to have a local administrator account on a government-owned computer, that local administrative account does not confer me unrestricted access or use, nor the authority to bypass security or other controls except as expressly permitted by the VA CIO or CIO's designee. (6) Contractors use of systems, information, or sites is strictly limited to fulfill the terms of the contract. I understand no personal use is authorized. I will only use other Federal government information systems as expressly authorized by the terms of those systems. I accept that the restrictions under ethics regulations and criminal law still apply. (7) Grant access to systems and information only to those who have an official need to know. (8) Protect passwords from access by other individuals. (9) Create and change passwords in accordance with VA Handbook 6500 on systems and any devices protecting VA information as well as the rules of behavior and security settings for the particular system in question. (10) Protect information and systems from unauthorized disclosure, use, modification, or destruction. I will only use encryption that is FIPS 140-2 validated to safeguard VA sensitive information, both safeguarding VA sensitive information in storage and in transit regarding my access to and use of any information assets or resources associated with my performance of services under the contract terms with the VA. (11) Follow VA Handbook 6500.1, Electronic Media Sanitization to protect VA information. I will contact the COTR for policies and guidance on complying with this requirement and will follow the COTR's orders. (12) Ensure that the COTR has previously approved VA information for public dissemination, including e-mail communications outside of the VA as appropriate. I will not make any unauthorized disclosure of any VA sensitive information through the use of any means of communication including but not limited to e-mail, instant messaging, online chat, and web bulletin boards or logs. (13) Not host, set up, administer, or run an Internet server related to my access to and use of any information assets or resources associated with my performance of services under the contract terms with the VA unless explicitly authorized under the contract or in writing by the COTR. (14) Protect government property from theft, destruction, or misuse. I will follow VA directives and handbooks on handling Federal government IT equipment, information, and systems. I will not take VA sensitive information from the workplace without authorization from the COTR. (15) Only use anti-virus software, antispyware, and firewall/intrusion detection software authorized by VA. I will contact the COTR for policies and guidance on complying with this requirement and will follow the COTR's orders regarding my access to and use of any information assets or resources associated with my performance of services under the contract terms with VA. (16) Not disable or degrade the standard anti-virus software, antispyware, and/or firewall/intrusion detection software on the computer I use to access and use information assets or resources associated with my performance of services under the contract terms with VA. I will report anti-virus, antispyware, firewall or intrusion detection software errors, or significant alert messages to the COTR. (17) Understand that restoration of service of any VA system is a concern of all users of the system. (18) Complete required information security and privacy training, and complete required training for the particular systems to which I require access. PRIVACY Contractors and any subcontractors must adhere to the provisions of Public Law 104-191, Health Insurance Portability and Accountability Act (HIPAA) of 1996. This includes both the Privacy and Security Rules published by the Department of Health and Human Services (HHS). As required by HIPAA, HHS has promulgated rules governing the use and disclosure of protected health information by covered entities, Veterans Health Administration (VHA). In accordance with HIPAA, the contractor may be required to enter into a Business Associate Agreement (BAA) with VHA. Business associates must follow VHA privacy policies and practices when applicable. All contractors and business associates must receive privacy training annually. For contractors and business associates who do not have access to VHA computer systems, this requirement is met by completing VHA National Privacy Policy training, other VHA approved privacy training or contractor furnished training that meets the requirements of the HHS Standards for Privacy of Individually Identifiable Health Information as determined by VHA. For contractors and business associates who are granted access to VHA computer systems, this requirement is met by completing VHA National Privacy Policy training or other VHA approved privacy training. Proof of training is required upon request. Records Management Statement: 1. Contractor shall comply with all applicable records management laws and regulations, as well as National Archives and Records Administration (NARA) records policies, including but not limited to the Federal Records Act (44 U.S.C. chs. 21, 29, 31, 33), NARA regulations at 36 CFR Chapter XII Subchapter B, and those policies associated with the safeguarding of records covered by the Privacy Act of 1974 (5 U.S.C. 552a). These policies include the preservation of all records, regardless of form or characteristics, mode of transmission, or state of completion.� 2. In accordance with 36 CFR 1222.32, all data created for Government use and delivered to, or falling under the legal control of, the Government are Federal records subject to the provisions of 44 U.S.C. chapters 21, 29, 31, and 33, the Freedom of Information Act (FOIA) (5 U.S.C. 552), as amended, and the Privacy Act of 1974 (5 U.S.C. 552a), as amended and must be managed and scheduled for disposition only as permitted by statute or regulation.� 3. In accordance with 36 CFR 1222.32, Contractor shall maintain all records created for Government use or created in the course of performing the contract and/or delivered to, or under the legal control of the Government and must be managed in accordance with Federal law. Electronic records and associated metadata must be accompanied by sufficient technical documentation to permit understanding and use of the records and data.� 4. VA Medical Center Dallas and its contractors are responsible for preventing the alienation or unauthorized destruction of records, including all forms of mutilation. Records may not be removed from the legal custody of the VA Medical Center Dallas or destroyed except for in accordance with the provisions of the agency records schedules and with the written concurrence of the Head of the Contracting Activity. Willful and unlawful destruction, damage or alienation of Federal records is subject to the fines and penalties imposed by 18 U.S.C. 2701. In the event of any unlawful or accidental removal, defacing, alteration, or destruction of records, Contractor must report to VA Medical Center Dallas. The agency must report promptly to NARA in accordance with 36 CFR 1230. 5. The Contractor shall immediately notify the appropriate Contracting Officer upon discovery of any inadvertent or unauthorized disclosures of information, data, documentary materials, records or equipment. Disclosure of non-public information is limited to authorized personnel with a need-to-know as described in the [contract vehicle]. The Contractor shall ensure that the appropriate personnel, administrative, technical, and physical safeguards are established to ensure the security and confidentiality of this information, data, documentary material, records and/or equipment is properly protected. The Contractor shall not remove material from Government facilities or systems, or facilities or systems operated or maintained on the Government s behalf, without the express written permission of the Head of the Contracting Activity. When information, data, documentary material, records and/or equipment is no longer required, it shall be returned to VA Medical Center Dallas control or the Contractor must hold it until otherwise directed. Items returned to the Government shall be hand carried, mailed, emailed, or securely electronically transmitted to the Contracting Officer or address prescribed in the [contract vehicle]. Destruction of records is EXPRESSLY PROHIBITED unless in accordance with Paragraph (4). 6. The Contractor is required to obtain the Contracting Officer's approval prior to engaging in any contractual relationship (sub-contractor) in support of this contract requiring the disclosure of information, documentary material and/or records generated under, or relating to, contracts. The Contractor (and any sub-contractor) is required to abide by Government and VA Medical Center Dallas guidance for protecting sensitive, proprietary information, classified, and controlled unclassified information. 7. The Contractor shall only use Government IT equipment for purposes specifically tied to or authorized by the contract and in accordance with VA Medical Center Dallas policy.� 8. The Contractor shall not create or maintain any records containing any non-public VA Medical Center Dallas information that are not specifically tied to or authorized by the contract.� 9. The Contractor shall not retain, use, sell, or disseminate copies of any deliverable that contains information covered by the Privacy Act of 1974 or that which is generally protected from public disclosure by an exemption to the Freedom of Information Act.� 10. The VA Medical Center Dallas owns the rights to all data and records produced as part of this contract. All deliverables under the contract are the property of the U.S. Government for which VA Medical Center Dallas shall have unlimited rights to use, dispose of, or disclose such data contained therein as it determines to be in the public interest. Any Contractor rights in the data or deliverables must be identified as required by FAR 52.227-11 through FAR 52.227-20. 11. Training. � All Contractor employees assigned to this contract who create, work with, or otherwise handle records are required to take VHA-provided records management training, Talent Management System (TMS) Item #3873736, Records Management for Records Officers and Liaisons. The Contractor is responsible for confirming training has been completed according to agency policies, including initial training and any annual or refresher training.� VHA Supplemental Contract Requirements for Ensuring Adequate COVID-19 Safety Protocols for Federal Contractors Contractor employees who work in or travel to VHA locations must comply with the following: Documentation requirements: If fully vaccinated, shall show proof of vaccination NOTE: Acceptable proof of vaccination includes a signed record of immunization from a health care provider or pharmacy, a copy of the COVID-19 Vaccination Record Card (CDC Form MLS-319813_r, published on September 3, 2020), or a copy of medical records documenting the vaccination If unvaccinated and granted a medical or religious exception, shall show negative COVID-19 test results dated within three calendar days prior to desired entry date. Test must be approved by the Food and Drug Administration (FDA) for emergency use or full approval. This includes tests available by a doctor s order or an FDA approved over-the-counter test. Documentation cited in this section shall be digitally or physically maintained on each contractor employee while in a VA facility and is subject to inspection prior to entry to VA facilities and after entry for spot inspections by Contracting Officer Representatives (CORs) or other hospital personnel. Documentation will not be� collected� by the VA;� contractors� shall, at all times,� adhere to and ensure compliance with� federal laws designed to protect contractor employee health information� and personally identifiable information.� Contractor employees are subject to daily screening for COVID-19 and may be denied entry to VA facilities if they fail to pass screening protocols. As part of the screening process contractors may be asked screening questions found on the following website:� COVID-19 Screening Tool.� Regularly check the website for updates. Contractor employees who work away from VA locations, but who will have direct patient contact with VA patients shall self-screen utilizing the COVID-19 Screening Tool, in advance each day that they will have direct patient contact� and in accordance with their person or persons who coordinate COVID-19 workplace safety efforts at covered contractor workplaces.� Contractors� shall, at all times,� adhere to and ensure compliance with� federal laws designed to protect contractor employee health information� and personally identifiable information.� Contractor must immediately notify their COR or Contracting Officer if contract performance is jeopardized due to contractor employees being denied entry into VA Facilities.
 
Web Link
SAM.gov Permalink
(https://sam.gov/opp/e59af5c8dd6745718f399dcc121d137b/view)
 
Record
SN07370605-F 20250315/250314000103 (samdaily.us)
 
Source
SAM.gov Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's SAM Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.