Sources Sought Notice – Q– Offsite Gastroenterology Service
Notice Type: Sources Sought Notice
Posted Date:
Office Address:
Subject: Q-- Offsite Gastroenterology Service
Classification Code: Q - Medical services
Solicitation Number: VA26117N0132
Contact:
Setaside: N/AN/A
Place of Performance (address):
Place of Performance (zipcode): 89502-3828
Place of Performance Country:
Description:
Page 4 of 16
THIS IS A SOURCES SOUGHT NOTICE
(a) The Government does not intend to award a contract on the basis of this Sources Sought or to otherwise pay for the information solicited.
(b) Although proposal, offeror, contractor, and offeror may be used in this sources sought notice, any response will be treated as information only. It shall not be used as a proposal.
(c) Any information received from a contractor in response to this Sources Sought may be used in creating a solicitation. Any information received which is marked with a statement, such as proprietary or confidential, intended to restrict distribution will not be distributed outside of the Government, except as required by law.
(d) This Sources Sought is issued for the purpose of collecting information about the availability of Offsite Gastroenterology Service from different sources for the desired service listed in the Performance Work Statement (PWS).
(e) Contractors that feel they have an equal service are encouraged to provide a quote in response to this notice and/or email full information to
Contractors shall identify the NAICS code for the product being offered as well as their size status.
Contractors shall identify whether they have a GSA contract or not as well as whether this requirement is on their GSA contract.
Contractors shall furnish supporting documentation, which demonstrates that the proposed equal service meet or exceed the PWS.
Contractor shall identify any concerns or questions regarding the PWS.
Please respond no later than COB Monday 12/12/16.
Performance Work Statement for Off Site Gastroenterology Services
GENERAL:
Services Provided: The Contractor shall provide an Offsite Gastroenterology Service and a Board Certified or Board Eligible Physicians in Gastroenterology as established by the
Place of Performance TBD, or other physical locations designated by the Contractor as appropriate for the provision of care.
Authority: Title 38
Policy/Handbooks:
- VA Directive 1663:
VHA Directive 2006-041 Veterans Health Care Service Standards (expired but still in effect pending revision)
https://www1.va.gov/vhapublications/ViewPublication.asp pub_ID=1443
- VHA Handbook 1100.17: National Practitioner Data Bank Reports - http://www1.va.gov/vhapublications/ViewPublication.asp pub_ID=2135
- VHA Handbook 1100.18 Reporting And Responding To State Licensing Boards - http://www1.va.gov/vhapublications/ViewPublication.asp pub_ID=1364
- VHA Handbook 1100.19 Credentialing and Privileging - http://www.va.gov/vhapublications/ViewPublication.asp pub_ID=2910
VHA Handbook 1907.01 Health Information Management and Health Records: http://www1.va.gov/vhapublications/ViewPublication.asp pub_ID=2791
- Privacy Act of 1974 (5 U.S.C. 552a) as amended http://www.justice.gov/oip/foia_updates/Vol_XVII_4/page2.htm
Definitions/Acronyms- Terms used in this contract shall be interpreted as follows unless the context expressly requires a different construction and/or interpretation. In case of a conflict in language between the Definitions and other sections of this contract, the language in this section shall govern.
ACG:
ACGME:
ACLS: Advanced Cardiac Life Support
AOD: Admitting Officer of the Day
BLS: Basic Life Support
CCNE:
CDR: Contract Discrepancy Report
CEU: Certified Education Unit
CME: Continuing Medical Education
CMS:
Contracting Officer (CO) The person executing this contract on behalf of the Government with the authority to enter into and administer contracts and make related determinations and findings.
Contracting Officer s Representative (COR) A person appointed by the CO to take necessary action to ensure the Contractor performs in accordance with and adheres to the specifications contained in the contract and to protect the interest of the Government. The COR shall report to the CO promptly any indication of non-compliance in order that appropriate action can be taken.
COS: Chief of Staff
CPARS: Contractor Performance Assessment Reporting System
CPRS: Computerized Patient Recordkeeping System- electronic health record system used by the
Credentialing: Credentialing is the systematic process of screening and evaluating qualification and other credentials, including licensure, required education, relevant training and experience and current competence and health status.
ED:
FSMB:
Full Time Equivalent (FTE):
HHS:
HIPAA: Health Insurance Portability and Accountability Act
HR: Human Resources
ISO: Information Security Officer
Medical Emergency - a sudden onset of a medical condition manifesting itself by acute symptoms of sufficient severity that the absence of immediate medical attention could reasonably result in: Permanently placing a patient's health in jeopardy, causing other serious medical consequences, causing impairments to body functions, or causing serious or permanent dysfunction of any body-organ or part.
MOD: Medical Officer of the Day
National Provider Identifier (NPI): NPI is a standard, unique 10-digit numeric identifier required by HIPAA. The
NLNAC:
Non-Contract Provider - any person, organization, agency, or entity that is not directly or indirectly employed by the Contractor or any of its subcontractors
NP: Nurse Practitioner
NPPES: National Plan and Provider Enumeration System
PA: Physician Assistant
PALS: Pediatric Advanced Life Support
POP: Period of Performance
PPD: Purified Protein Derivative
PWS: Performance Work Statement
Privileging (Clinical Privileging): Privileging is the process by which a practitioner, licensed for 8independent practice; e.g., without supervision, direction, required sponsor, preceptor, mandatory collaboration, etc.; is permitted by law and the facility to practice independently, to provide specific medical or other patient care services within the scope of the individual s license, based upon the individual s clinical competence as determined by peer references, professional experience, health status, education, training and licensure. Clinical privileges must be facility-specific and provider-specific.
QA/QI: Quality Assurance/Quality Improvement
QM/PI: Quality Management/Performance Improvement
QASP: Quality Assurance Surveillance Plan
Veterans Integrated Services Network (VISN): The regional oversight for the
VISTA (Veterans Integrated Systems Technology Architecture): A PC based system that will capture and store clinical imagery, scanned documents and other non-textual data files and integrates them into patient s medical record and with the hospital information system.
VetPro: a federal web-based credentialing program for healthcare providers.
QUALIFICATIONS:
Staff/Facility
License - Contractor s physician(s) assigned by the Contractor to perform the services covered by this contract shall have a current license to practice medicine in the state of
All licenses held by the personnel working on this contract shall be full and unrestricted licenses. Contractor s physician(s) who have current, full and unrestricted licenses in one or more states, but who have, or ever had, a license restricted, suspended, revoked, voluntarily revoked, voluntarily surrendered pending action or denied upon application will not be considered for the purposes of this contract.
Board Certification - All Contractor s physician(s) shall be Board Certified /Board Eligible in Gastroenterology by the
Credentialing and Privileging Credentialing and privileging is to be done in accordance with the laws of the state of
If a Contractor s physician(s) is not credentialed and privileged or has credentials/privileges suspended or revoked, the Contractor shall furnish an acceptable substitute without any additional cost to the government.
Technical Proficiency - Contractor s physician(s) shall be technically proficient in the skills necessary to fulfill the government s requirements, including the ability to speak, understand, read and write English fluently. Contractor shall provide documents upon request of the CO/COR to verify current and ongoing competency, skills, certification and/or licensure related to the provision of care, treatment and/or services performed. Contractor shall provide verifiable evidence of all educational and training experiences including any gaps in educational history for all Contractor physician(s).
Standard Personnel Testing/Infection Control: Contractor shall provide statement that all required infection control testing is current and that the contractor is compliant with
National Provider Identifier (NPI): NPI is a standard, unique 10-digit numeric identifier required by HIPAA. The
Conflict of Interest: The Contractor and all Contractor s physician(s)are responsible for identifying and communicating to the CO and COR conflicts of interest at the time of proposal and during the entirety of contract performance. At the time of proposal, the Contractor shall provide a statement which describes, in a concise manner, all relevant facts concerning any past, present, or currently planned interest (financial, contractual, organizational, or otherwise) or actual or potential organizational conflicts of interest relating to the services to be provided.-- The Contractor shall also provide statements containing the same information for any identified consultants or subcontractors who shall provide services.-- The Contractor must also provide relevant facts that show how it s organizational and/or management system or other actions would avoid or mitigate any actual or potential organizational conflicts of interest. These statements shall be in response to the VAAR provision 852.209-70 Organizational Conflicts of Interest (
Citizenship related Requirements:
The Contractor certifies that the Contractor shall comply with any and all legal provisions contained in the Immigration and Nationality Act of 1952, As Amended; its related laws and regulations that are enforced by Homeland Security,
While performing services for the
If the Contractor fails to comply with any requirements outlined in the preceding paragraphs or its Agency regulations, the
This certification concerns a matter within the jurisdiction of an agency of
The Contractor agrees to obtain a similar certification from its subcontractors. The certification shall be made as part of the offerors response to the RFP using the subject attachment in Section D of the solicitation document.
Annual
Therefore, Contractor shall review the HHS OIG List of Excluded Individuals/Entities on the HHS OIG web site at http://oig.hhs.gov/exclusions/index.asp to ensure that the proposed Contractor s physician(s)are not listed. Contractor should note that any excluded individual or entity that submits a claim for reimbursement to a Federal health care program, or causes such a claim to be submitted, may be subject to a Civil Monetary Penalty (CMP) for each item or service furnished during a period that the person was excluded and may also be subject to treble damages for the amount claimed for each item or service. CMP s may also be imposed against the Contractor that employ or enter into contracts with excluded individuals to provide items or services to Federal program beneficiaries.
By submitting their proposal, the Contractor certifies that the HHS OIG List of Excluded Individuals/Entities has been reviewed and that the Contractors are and/or firm is not listed as of the date the offer/bid was signed.
Facility: The Contractors facility shall meet all federal, state and local fire and life safety codes and must be accessible and convenient for wheelchair patients and other handicapped or disabled Veterans.
Non Personal Healthcare Services: The parties agree that the Contractor and all Contractor s physician(s)shall not be considered
Indemnification: The Contractor shall be liable for, and shall indemnify and hold harmless the Government against, all actions or claims for loss of or damage to property or the injury or death of persons, arising out of or resulting from the fault, negligence, or act or omission of the Contractor, its agents, or employees.
Prohibition Against Self-Referral: Contractor s physicians are prohibited from referring
Inherent Government Functions: Contractor and Contractor s physician(s) shall not perform inherently governmental functions. This includes, but is not limited to, determination of agency policy, determination of Federal program priorities for budget requests, direction and control of government employees (outside a clinical context), selection or non-selection of individuals for Federal Government employment including the interviewing of individuals for employment, approval of position descriptions and performance standards for Federal employees, approving any contractual documents, approval of Federal licensing actions and inspections, and/or determination of budget policy, guidance, and strategy.
No Employee status: The Contractor shall be responsible for protecting Contractor s physician(s) furnishing services. To carry out this responsibility, the Contractor shall provide or certify that the following is provided for all their staff providing services under the resultant contract:
Workers compensation
Professional liability insurance
Health examinations
Income tax withholding, and
Social security payments.
Tort Liability: The Federal Tort Claims Act does not cover Contractor or Contractor s physician(s). When a Contractor or Contractor s physician(s) has been identified as a provider in a tort claim, the Contractor shall be responsible for notifying their legal counsel and/or insurance carrier. Any settlement or judgment arising from a Contractor s (or Contractor s physician(s)) action or non-action shall be the responsibility of the Contractor and/or insurance carrier.
Contingency Plan: Because continuity of care is an essential part of VAMC s medical services, the Contractor shall have a contingency plan in place to be utilized if the Contractor s physician(s) leaves Contractor s employment or is unable to continue performance in accordance with the terms and conditions of the resulting contract.
HOURS OF OPERATION/SCHEDULING:
Business Hours: Reno VAMC business hours, for administrative purposes, are generally Monday through Friday, from
Patient Access/Timeliness of Scheduling:
The Contractor shall schedule review of
The Contractor shall submit the proposed treatment plan for approval within five (5) working days after the consultation,
Written documentation associated with each visit shall be available to the
When requested, such written documentation shall be provided to the
Off-hours Coverage: None.
Cancellations: Contractor will advise VAMC daily of any patient cancellations, and provide rescheduling information/documentation.
Unless a state of emergency has been declared, the Contractor shall be responsible for providing services.
CONTRACTOR RESPONSIBILITIES
The Contractor shall furnish all personnel to provide services necessary to perform gastroenterology services to eligible beneficiaries of the VAMC. All services shall be performed at the Contractor s facility. Contractor shall provide professional and technical services to include materials, supplies, equipment and qualified supervision s specified herein.
Management and Supervision:
The Contractor shall be responsible for supervising the daily services provided under this contract by the Contractor s staff.
The Contractor shall have written policies and procedures regarding staff credentials and privileging.
The VAMC will provide to the Contractor policies, procedures and processes necessary to allow cooperative functioning between the agency and VAMC. Updates and refreshers will be provided to the Contractor upon request and when policy procedures or process changes.
The Contractor shall complete background investigations to insure that employees do not have a record of criminal offenses or substantiated incidents of patient abuse; and, if required to perform their duties, employees are properly licensed and insured to operate motor vehicles.
Standards of Care: The contract physician (s) care shall cover the range of gastroenterology services as would be provided in a state-of-the-art civilian medical treatment facility and the standard of care shall be of a quality, meeting or exceeding currently recognized TJC,
Clinical guidelines as established by the
VA Standards: VHA Directive 2006-041 Veterans Health Care Service Standards (expired but still in effect pending revision) https://www1.va.gov/vhapublications/ViewPublication.asp pub_ID=1443
The professional standards of the Joint Commission (TJC) http://www.jointcommission.org/standards_information/standards.aspx
The standards of the
The requirements contained in this PWS.
MEDICAL RECORDS
Authorities: Contractor s physician(s)providing healthcare services to
HIPAA: This contract and its requirements meet exception in 45 CFR 164.502(e), and do not require a BAA in order for Covered Entity to disclose Protected Health Information to: a health care provider for treatment. Based on this exception, a BAA is not required for this contract. Treatment and administrative patient records generated by this contract or provided to the Contractors by the
Disclosure: Contractor s physician(s) may have access to patient medical records: however, Contractor shall obtain permission from the
Professional Standards for Documenting Care: Care shall be appropriately documented in medical records in accordance with standard commercial practice and guidelines established by VHA Handbook 1907.01 Health Information Management and Health Records: http://www1.va.gov/vhapublications/ViewPublication.asp pub_ID=2791 and all guidelines provided by the VAMC.
Release of Information: The
Direct
Per the qualification section of this PWS, the Contractor shall provide the following staff:
Board Certified / Board Eligible Gastroenterology physicians
Scope of Care: Contractor s physician(s) (as appropriate and within scope of practice/privileging) shall be responsible for providing a full range of gastroenterology treatment and services.
Medications: Contractor physician(s) shall follow all established medication policies and procedures. No sample medications shall be provided to patients.
Discharge education: Contractor physician(s) shall provide discharge education and follow up instructions that are coordinated with the next care setting for all gastroenterology clinical or surgical patients.
PERFORMANCE STANDARDS, QUALITY ASSURANCE (QA) AND QUALITY IMPROVEMENT(QI)
Quality Management/Quality Assurance Surveillance: Contractor performance will be monitored by the government using the standards as outlined in this Performance Work Statement (PWS) and methods of surveillance detailed in the Quality Assurance Surveillance Plan (QASP). The QASP shall be attached to the resultant contract and shall define the methods and frequency of surveillance conducted.
Patient Complaints: The CO will resolve complaints concerning Contractor relations with the Government employees or patients. The CO is final authority on validating complaints. In the event that The Contractor is involved and named in a validated patient complaint, the Government reserves the right to refuse acceptance of the services of such personnel. This does not preclude refusal in the event of incidents involving physical or verbal abuse.
The Government reserves the right to refuse acceptance of any Contractor personnel at any time after performance begins, if personal or professional conduct jeopardizes patient care. Breaches of conduct include intoxication or debilitation resulting from drug use, theft, patient abuse, dereliction or negligence in performing directed tasks, or other conduct resulting in formal complaints by patient or other staff members to designated Government representatives. Standards for conduct shall mirror those prescribed by current federal personnel regulations. The CO and COR shall deal with issues raised concerning Contractor s conduct. The final arbiter on questions of acceptability is the CO.
Performance Standards:
Measure: Provider Quality Performance
Performance Requirement: Contractor shall furnish provider specific quality data for gastroenterology services for each provider working under this contract, as requested. Data should include the following elements:
A. Patient Care Performance
B. Medical/Clinical knowledge
C. Practiced Based Learning and Improvement
D. Interpersonal and Communication Skills
E. Professionalism
F. System Based Practice
Standard: Contractor provides documentation for all (100%) staff providing services under the contract. All staff (100%) meet Standards.
Acceptable Quality Level: 100% meet Standards
Surveillance Method: Document review
Frequency: As requested, but not more than once per year.
Incentive: Positive Past Performance
Disincentive: Negative Past Performance
Measure: Qualifications of Key Personnel
Performance Requirement: All Contractor physician(s) shall be Board Certified /Board Eligible in gastroenterology in accordance with the
Standard: All (100%) contract physicians are Board Certified /Board Eligible.
Acceptable Quality Level: 100%.
Surveillance Method: Random Inspection of qualification documents
Frequency: As required
Incentive: Favorable contactor performance evaluation.
Disincentive: Unfavorable contractor performance evaluation.
Measure: Scope of Practice/Privileging
Performance Requirement: Contractor s physician(s)perform within their individual scopes of practice/privileging.
Standard: All (100%) Contractor s physician(s) perform within their scope of practice/privileges 100% of the time.
Acceptable Quality Level: 100%. Contractor s physician(s) perform within their scope of practice/privileges 100%.of the time.
Surveillance Method: Random Inspection of records.
Frequency: As required.
Incentive: Favorable contactor performance evaluation.
Disincentive: Unfavorable contractor performance evaluation.
Measure: Patient Access
Performance Requirement: The Contractor shall provide services in accordance with the access requirements outlined in this PWS.
Standard: All (100%) Contractor s physician(s) are available to perform services.
Acceptable Quality Level: Contractor s physician(s) are available to perform services 100% of the time
Surveillance Method: Periodic Sampling of access and billing documents.
Frequency: As required.
Incentive: Favorable contactor performance evaluation.
Disincentive: Unfavorable contractor performance evaluation.
Measure: Patient Safety
Performance Requirement: Patient safety incidents shall be reported using Patient Safety Report. All incidents reported immediately (within 24 hours.)
Standard: All (100%) of patient safety incidents are reported using Patient Safety Report within 24 hours of incident.
Acceptable Quality Level: 100%.of patient safety incidents are reported using Patient Safety Report within 24 hours of incident.
Surveillance Method: Sampling of documents submitted.
Frequency: As required.
Incentive: Favorable contactor performance evaluation.
Disincentive: Unfavorable contractor performance evaluation.
Measure: Mandatory Training
Performance Requirement: Contractor shall complete all required training on time per VAMC policy
Standard: All (100%) of required training is complete on time by contract physician (s).
Acceptable Quality Level: 95%
Surveillance Method: Periodic Sampling
Frequency: As required.
Incentive: Favorable contactor performance evaluation.
Disincentive: Unfavorable contractor performance evaluation.
Measure: Privacy, Confidentiality and HIPAA
Performance Requirement:
Standard: All (100%) contractor physician (s) comply with all laws, regulations, policies and procedures relating to Privacy, Confidentiality and HIPAA
Acceptable Quality Level: 100%.
Surveillance Method: Periodic Sampling; Contractor shall provide evidence of annual or other required training, reports violations per this agreement and applicable law.
Frequency: As required.
Incentive: Favorable contactor performance evaluation.
Disincentive: Unfavorable contactor performance evaluation.
Registration with Contractor Performance Assessment Reporting System
As prescribed in Federal Acquisition Regulation (FAR) Part 42.15, the
Each Contractor whose contract award is estimated to exceed
For contracts with a period of one year or less, the contracting officer will perform a single evaluation when the contract is complete.-- For contracts exceeding one year, the contracting officer will evaluate the Contractor s performance annually.-- Interim reports will be filed each year until the last year of the contract, when the final report will be completed.-- The report shall be assigned in CPARS to the Contractor s designated representative for comment.-- The Contractor representative will have sixty (60) days to submit any comments and re-assign the report to the CO.
Failure for the Contractor s representative to respond to the evaluation within those sixty (60) days, will result in the Government s evaluation being placed on file in the database with a statement that the Contractor failed to respond; the Contractor s representative will be locked out of the evaluation and may no longer send comments.--
GOVERNMENT RESPONSIBILITIES
VA Support Personnel, Services or Equipment: None contemplated.
CO RESPONSIBILITIES:
The Contracting Officer is the only person authorized to approve changes or modify any of the requirements of this contract. The Contractor shall communicate with the Contracting Officer on all matters pertaining to contract administration. Only the Contracting Officer is authorized to make commitments or issue any modification to include (but not limited to) terms affecting price, quantity or quality of performance of this contract.
The Contracting Officer shall resolve complaints concerning Contractor relations with the Government employees or patients. The Contracting Officer is final authority on validating complaints. In the event the Contractor effects any such change at the direction of any person other than the Contracting Officer without authority, no adjustment shall be made in the contract price to cover an increase in costs incurred as a result thereof.
In the event that contracted services do not meet quality and/or safety expectations, the best remedy will be implemented, to include but not limited to a targeted and time limited performance improvement plan; increased monitoring of the contracted services; consultation or training for Contractor personnel to be provided by the
COR Responsibilities:
The COR shall be the
The COR will be responsible for monitoring the Contractor s performance to ensure all specifications and requirements are fulfilled. Quality Improvement data that will be collected for ongoing monitoring includes but is not limited to: enter data that may be collected.
This contract is established with payment by 1358, therefor, COR will NOT review and certify monthly invoices for payment. All invoices will be submitted to the local fee office for review and certification for payment.
All contract administration functions will be retained by the
SPECIAL CONTRACT REQUIREMENTS
The Contractors facility shall meet all federal, state and local fire and life safety codes and must be accessible and convenient for wheelchair patients and other handicapped or disabled Veterans.
Reports/Deliverables: The Contractor shall be responsible for complying with all reporting requirements established by the Contract. Contractor shall be responsible for assuring the accuracy and completeness of all reports and other documents as well as the timely submission of each. Contractor shall comply with contract requirements regarding the appropriate reporting formats, instructions, submission timetables, and technical assistance as required.
Billing:
Invoice requirements and supporting documentation: Payment to the Contractor shall be made monthly, in arrears, upon receipt of a properly prepared invoice. Payment for services will be at the rates agreed to in the PWS. The Contractor shall submit invoices using CMS Uniform Billing (UB-04) forms covering the services performed under this contract. The invoices shall contain the following information:
Contract Number and Purchase Order Number (if applicable)
Itemized statement of services rendered by CPT Code and Rates
Total Price
Payment Adjustments/Performance Related Payment Deductions:
The contractor shall be paid only for actual work performed.
Performance Deductions: None contemplated.
Payments in full/no billing
To the extent that the Veteran desires services which are not a
The Contractor shall not bill, charge, collect a deposit from, seek compensation, remuneration, or reimbursement from, or have any recourse against, any person or entity other than
Contractor Security Requirements (Handbook 6500.6)
Contractor Security Requirements (Handbook 6500.6): Contractors, contractor personnel, subcontractors, and subcontractor personnel shall be subject to the same Federal laws, regulations, standards, and VA Directives and Handbooks as
ACCESS TO VA INFORMATION AND VA INFORMATION SYSTEMS
A contractor/subcontractor shall request logical (technical) or physical access to
All contractors, subcontractors, and third-party servicers and associates working with
Contract personnel who require access to national security programs must have a valid security clearance. National Industrial Security Program (NISP) was established by Executive Order 12829 to ensure that cleared
Custom software development and outsourced operations must be located in the
The contractor or subcontractor must notify the Contracting Officer immediately when an employee working on a
VA INFORMATION CUSTODIAL LANGUAGE
Information made available to the contractor or subcontractor by
Prior to termination or completion of this contract, contractor/subcontractor must not destroy information received from
The contractor/subcontractor must receive, gather, store, back up, maintain, use, disclose and dispose of
The contractor/subcontractor shall not make copies of
If
If a VHA contract is terminated for cause, the associated BAA must also be terminated and appropriate actions taken in accordance with VHA Handbook 1600.01, Business Associate Agreements. Absent an agreement to use or disclose protected health information, there is no business associate relationship.
The contractor/subcontractor must store, transport, or transmit
The contractor/subcontractor s firewall and Web services security controls, if applicable, shall meet or exceed
Except for uses and disclosures of
Notwithstanding the provision above, the contractor/subcontractor shall not release
For service that involves the storage, generating, transmitting, or exchanging of
SECURITY INCIDENT INVESTIGATION
The term security incident means an event that has, or could have, resulted in unauthorized access to, loss or damage to
To the extent known by the contractor/subcontractor, the contractor/subcontractor s notice to
With respect to unsecured protected health information, the business associate is deemed to have discovered a data breach when the business associate knew or should have known of a breach of such information. Upon discovery, the business associate must notify the covered entity of the breach. Notifications need to be made in accordance with the executed business associate agreement.
In instances of theft or break-in or other criminal activity, the contractor/subcontractor must concurrently report the incident to the appropriate law enforcement entity (or entities) of jurisdiction, including the VA OIG and Security and Law Enforcement. The contractor, its employees, and its subcontractors and their employees shall cooperate with
LIQUIDATED DAMAGES FOR DATA BREACH
Consistent with the requirements of 38 U.S.C. --5725, a contract may require access to sensitive personal information. If so, the contractor is liable to
The contractor/subcontractor shall provide notice to
Each risk analysis shall address all relevant information concerning the data breach, including the following:
Nature of the event (loss, theft, unauthorized access);
Description of the event, including:
Date of occurrence;
Data elements involved, including any PII, such as full name, social security number, date of birth, home address, account number, disability code; (3) Number of individuals affected or potentially affected;
Names of individuals or groups affected or potentially affected;
Ease of logical data access to the lost, stolen or improperly accessed data in light of the degree of protection for the data, e.g., unencrypted, plain text;
Amount of time the data has been out of
The likelihood that the sensitive personal information will or has been compromised (made accessible to and usable by unauthorized persons);
Known misuses of data containing sensitive personal information, if any;
Assessment of the potential harm to the affected individuals;
Data breach analysis as outlined in 6500.2 Handbook, Management of Security and Privacy Incidents, as appropriate; and
Whether credit protection services may assist record subjects in avoiding or mitigating the results of identity theft based on the sensitive personal information that may have been compromised.
Based on the determinations of the independent risk analysis, the contractor shall be responsible for paying to the
Notification;
One year of credit monitoring services consisting of automatic daily monitoring of at least 3 relevant credit bureau reports;
Data breach analysis;
Fraud resolution services, including writing dispute letters, initiating fraud alerts and credit freezes, to assist affected individuals to bring matters to resolution;
One year of identity theft insurance with
Necessary legal expenses the subjects may incur to repair falsified or damaged credit records, histories, or financial affairs.
TRAINING
All contractor employees and subcontractor employees requiring access to
Sign and acknowledge (either manually or electronically) understanding of and responsibilities for compliance with the Contractor Rules of Behavior, Appendix E relating to access to
Successfully complete the VA Cyber Security Awareness and Rules of Behavior training and annually complete required security training;
Successfully complete the appropriate
Successfully complete any additional cyber security or privacy training, as required for
The contractor shall provide to the contracting officer and/or the COTR a copy of the training certificates and certification of signing the Contractor Rules of Behavior for each applicable employee within 1 week of the initiation of the contract and annually thereafter, as required.
Failure to complete the mandatory annual training and sign the Rules of Behavior annually, within the timeframe required, is grounds for suspension or termination of all physical or electronic access privileges and removal from work on the contract until such time as the training and documents are complete.
Link/URL: https://www.fbo.gov/spg/VA/VANCHCS/VANCHCS/VA26117N0132/listing.html
Combine Solicitation – Senior Justice Advisor
Riverbed Allows European Insurance Provider CBP to Take Control of Branch IT with a Software-Defined Edge
Advisor News
Annuity News
Health/Employee Benefits News
Life Insurance News