SAMDaily.us | SRCSGT | R | 509-23-4-5468-0013 - Replaces 36C24718C0056 - VISN 7 Electronic Pharmacy & Medical Reference Database - New Base + 4 (VA-23-00065343)

SAMDAILY.US - ISSUE OF APRIL 30, 2023 SAM #7824
SOURCES SOUGHT

R -- 509-23-4-5468-0013 - Replaces 36C24718C0056 - VISN 7 Electronic Pharmacy & Medical Reference Database - New Base + 4 (VA-23-00065343)

Notice Date: 4/28/2023 3:36:43 PM
Notice Type: Sources Sought
NAICS: 513130 —
Contracting Office: 247-NETWORK CONTRACT OFFICE 7 (36C247) AUGUSTA GA 30904 USA
ZIP Code: 30904
Solicitation Number: 36C24723R0078
Response Due: 5/3/2023 9:00:00 AM
Archive Date: 07/02/2023
Point of Contact: Leonard Robinson, Contract Specialist, Phone: 404-321-6111 x5508
E-Mail Address: leonard.robinson@va.gov
(leonard.robinson@va.gov)
Awardee: null
Description: The Department of Veterans Affairs, Network Contracting Office (NCO) 7 is conducting market research to help determine the availability and technical capabilities of qualified vendors who can provide access to the electronic medical references database to all hospitals and all clinics in VISN 7. This is a SOURCES SOUGHT NOTICE only for the purpose of Market Research. Response to this notice will be used for information and planning purposes. No proposals or quotes are being requested or accepted with this notice. THIS IS NOT A SOLICITATION FOR PROPOSALS or QUOTES and NO CONTRACT SHALL BE AWARDED FROM THIS NOTICE. This notice shall NOT be construed as solicitation or as an obligation on the part of the Department of Veterans Affairs (VA). Responses to this source sought is not a request to be added to a prospective bidders list or to receive a copy of the solicitation. The Department of Veterans Affairs, Veterans Integrated Service Network 7 (VISN 7) is seeking Service-Disabled Veteran Owned Small Businesses/Veteran Owned Small Businesses or Small Businesses (but will accept other than small business for market research purposes), capable of furnishing access to the electronic medical references database to all hospitals and all clinics in VISN 7. Interested and capable respondents are requested to provide the information below. All responses to this notice shall include: company name, address, point of contact, phone number, DUNS number (www.dnb.com), list of available compatible products, the geographical location the respondent is able to service, and documentation of authorized distributor certification (if a brand name product is intended for offer should the requirement go to solicitation). (1) Business size (small or large business concern), and number of employees; (2) Type of small business a. Service-Disabled Veteran Owned Small Business b. Veteran Owned Small Business c. Small Disadvantaged d. HUBZone e. Woman Owned f. Small Business The NAICS code is 513130, Book Publishers, and the Size Standard is 1000 employees. Responses must be received by no later than 12:00 p.m. Eastern Time, Friday, May 03, 2023. Responses shall be emailed to leonard.robinson@va.gov. This notice is to assist the VA in determining sources only. All contractors interested in doing business with the Government must be registered in the System for Award Management (SAM) database. The website for registration is www.sam.gov. Service-Disabled Veteran-Owned Small Businesses and Veteran-Owned Small Businesses should also indicate whether the company is verified by the VA in the Vendor Information Pages (VIP) Database at www.vetbiz.gov PERFORMANCE WORK STATEMENT VISN 7 Electronic Medical Reference Database 1. GENERAL: The contractor will provide access to the electronic medical references database to all hospitals and all clinics in VISN 7. This will be available seven days a week, 24 hours a day. Contractor staff will be available either by phone or e-mail to remedy any problems with access to the database or within the database. 2. BACKGROUND: VISN 7 encompasses all VA hospitals and community-based outpatient clinics in Alabama, Georgia and South Carolina. Having transitioned from hardcopy medical references to electronic reference databases; VISN 7 requires online web access to searchable medical reference databases for quick and easy retrieval of up to date and evidence based medical information for health care providers and patients. 3. PERIOD OF PERFORMANCE: One Base year with the possibility of four one-year option periods. (Actual period of performance will be based on actual date of award.) Base Year: 28 September 2023 to 27 September 2024 1st Option Period 28 September 2024 to 27 September 2025 2nd Option Period 28 September 2025 to 27 September 2026 3rd Option Period 28 September 2026 to 27 September 2027 4th Option Period 28 September 2027 to 27 September 2028 4. HOURS OF OPERATION: Hospital normal hours of operation are between 8am and 4:30pm, Monday through Friday, excluding holidays. Federal Holidays New Year s Day January 1st Martin Luther King s Birthday 3rd Monday in January President s Day 3rd Monday in February Memorial Day Last Monday in May Juneteenth June 19th Independence Day July 4th Labor Day 1st Monday in September Columbus Day 2nd Monday in October Veteran s Day November 11th Thanksgiving Day Last Thursday in November Christmas Day December 25th 5. PLACE OF PERFORMANCE: VISN 7 VA Medical Centers located in Alabama, Georgia, and South Carolina, locations: Department of Veterans Affairs Atlanta VAMC 1670 Clairmont Rd Decatur GA 30333 Department of Veterans Affairs Charlie Norwood VAMC One Freedom Way Augusta GA 30904 Department of Veterans Affairs Birmingham VAMC 700 South 19th St Birmingham AL 35233 Department of Veterans Affairs Central Alabama Health Care System 215 Perry Hill Rd Montgomery AL 36109 Department of Veterans Affairs Central Alabama Health Care Systems 2400 Hospital Rd Tuskegee AL 36083 Department of Veterans Affairs Ralph H. Johnson VAMC 109 Bee St Charleston SC 29493 Department of Veterans Affairs W B Dorn VA Medical Center 6349 Garners Ferry Rd Columbia SC 29209 Department of Veterans Affairs Carl Vinson VAMC 1826 Veterans Blvd Dublin GA 31021 Department of Veterans Affairs Tuscaloosa VAMC 3701 Loop Road East Tuscaloosa AL 35404 6. DAYS AND HOURS OF OPERATION: Monday thru Sunday, 24 hours/7 days a week. 7. PERFORMANCE REQUIREMENTS: Contractor will provide access to a Medical- Pharmacy database to VISN 7 hospitals and clinics. Database shall be available to staff without the need of password or user IDs. Contractor shall provide technical support either by phone or e-mail. Contractor will provide 24-hour access to this system seven (7) days a week. Contractor will be available 24/7 to correct problems. This will be accomplished through the company representative or a company helpline through contact with a VISN 7 Librarian. Training will be provided by the contractor either online or in person through a company representative. 8. GENERAL REQUIREMENTS: The contractor must provide 24/7 license rights for immediate access to unlimited simultaneous users from any web-enabled computer to employees in facilities/offices of the VA Southeast health Care Network, VISN 7, for deliverables equal to or exceeding the electronic drug reference database currently in use (Lexicomp) or Micromedex. The VA Southeast Health Care Network requires online access to a drug reference database that shall provide via one interface and one search platform, access to the following titles: (Brand Name or Equal items listed below a full description of each can be found in Attachment A) Alternative or Herbal Medicine Reference comprehensive drug information system drug interaction and reaction identification system international drug reference, that included international brand names and items patient education/teaching system that can be printed out Clinical Diagnostic tool related to emergency medicine Clinical Diagnostic tool to help with identification and diagnosis of a specific disease An IV compatibility and compounding reference to help with sterile compounding, similar to Trissels and Kings (other trade names) Material Safety Data Sheets (MSDS)- Poison identification and treatment system A pregnancy and lactation safety system for pharmacy, clinical database to help guide clinical decision making A medical, hazard and regulatory information system for emergency response guidelines Database shall provide drug information, dosing and therapeutic tools, and drug identification to ensure VA Southeast Health Care Network staff has tools necessary to provide safe and effective pharmaceutical care to Veterans. At a minimum, the reference shall provide: medication dosage calculators, tablet/capsule identification and emergency treatment administration, monitoring, compatibility, and admixing instructions for parenteral medications patient management and treatment protocols (including drugs, plants, household products) complementary and alternative medicine, including international coverage an international directory providing formulas, synonyms, and therapeutic courses of drugs and drug derivatives comprehensive drug monographs, drug consults, and references online, comprehensive reference resource that is able to offer specialty focused clinical resources including multi-drug interaction checker and evidence-based application for PDA devices. Status URL, account number, and password (if necessary). The electronic reference must be accessible remotely through Open Athens access management system, developed by Eduserv, as well as mobile devices such as Smartphone or iPad devices. The contractor shall provide usage statistics on a monthly basis. The format of the usage statistics is provided either via email or contractor provided login and should include session count, search count, and total document retrievals per title. Contractor shall provide online tutorials. Contractor shall also provide on-site training, briefings, and updates to Health Care Systems in the VA Southeast Health Care Network if requested. If a plug-in, additional software or recommended software is required for optimal use, please include specific requirements. Contractor will address any questions or problems encountered when using this product with supported software or hardware. Contractor shall provide technical support numbers. Customer service shall be available to troubleshoot website/connectivity issues via phone, email, etc. The contractor is expected to trouble shoot access as needed, but it will not be necessary to respond during non-operational hours. 9. PER REVIEW OF VA HANDBOOK 6500.6, CONTRACT SECURITY, APPENDIX A- INFORMATION SECURITY AND PRIVACY CHECKLIST: The C&A requirements do not apply and a Security Accreditation Package is not required. Acquisition of this service does not involve the storage, generating, transmitting, or exchanging of VA sensitive information to the vendor There may exist exposure to VA sensitive information, in particular to sensitive personal information (SPI) while implementing contractual services Minimum Statutory Requirements Prohibition on unauthorized disclosure: Information made available to the contractor or subcontractor by VA for the performance or administration of this contract or information developed by the contractor/subcontractor in performance or administration of the contract shall be used only for those purposes and shall not be used in any other way without the prior written agreement of the VA. This clause expressly limits the contractor/subcontractor's rights to use data as described in Rights in Data - General, FAR 52.227-14(d) (1). See VA Handbook 6500.6, Appendix C, paragraph 3.a. Requirement for data breach notification: Upon discovery of any known or suspected security/privacy incidents, or any unauthorized disclosure of sensitive information, including that contained in system(s) to which the contractor/subcontractor has access, the contractor/subcontractor shall immediately and simultaneously notify the COR, the designated ISO, and Privacy Officer for the contract. The term security incident means an event that has, or could have, resulted in unauthorized access to, loss or damage to VA assets, or sensitive information, or an action that breaches VA security procedures. See VA Handbook 6500.6, Appendix C, paragraph 6.a Requirement to pay liquidated damages in the event of a data breach: Consistent with the requirements of 38 U.S.C. §5725, a contract may require access to sensitive personal information. If so, the contractor is liable to VA for liquidated damages in the event of a data breach or privacy incident involving any SPI the contractor/subcontractor processes or maintains under this contract. The contractor/subcontractor shall provide notice to VA of a security incident as set forth in the Security Incident Investigation section above. Upon such notification, VA must secure from a non-Department entity or the VA Office of Inspector General an independent risk analysis of the data breach to determine the level of risk associated with the data breach for the potential misuse of any sensitive personal information involved in the data breach. The term 'data breach' means the loss, theft, or other unauthorized access, or any access other than that incidental to the scope of employment, to data containing sensitive personal information, in electronic or printed form, that results in the potential compromise of the confidentiality or integrity of the data. Contractor shall fully cooperate with the entity performing the risk analysis. Failure to cooperate may be deemed a material breach and grounds for contract termination. Each risk analysis shall address all relevant information concerning the data breach, including the following: (1) Nature of the event (loss, theft, unauthorized access); (2) Description of the event, including: (a) date of occurrence; (b) data elements involved, including any PII, such as full name, social security number, date of birth, home address, account number, disability code; (3) Number of individuals affected or potentially affected; (4) Names of individuals or groups affected or potentially affected; (5) Ease of logical data access to the lost, stolen or improperly accessed data in light of the degree of protection for the data, e.g., unencrypted, plain text; (6) Amount of time the data has been out of VA control; (7) The likelihood that the sensitive personal information will or has been compromised (made accessible to and usable by unauthorized persons); (8) Known misuses of data containing sensitive personal information, if any; (9) Assessment of the potential harm to the affected individuals; (10) Data breach analysis as outlined in 6500.2 Handbook, Management of Security and Privacy Incidents, as appropriate; and (11) Whether credit protection services may assist record subjects in avoiding or mitigating the results of identity theft based on the sensitive personal information that may have been compromised. Based on the determinations of the independent risk analysis, the contractor shall be responsible for paying to the VA liquidated damages in the amount of $37.50 per affected individual to cover the cost of providing credit protection services to affected individuals consisting of the following: (1) Notification; (2) One year of credit monitoring services consisting of automatic daily monitoring of at least 3 relevant credit bureau reports; (3) Data breach analysis; (4) Fraud resolution services, including writing dispute letters, initiating fraud alerts and credit freezes, to assist affected individuals to bring matters to resolution; (5) One year of identity theft insurance with $20,000.00 coverage at $0 deductible; and (6) Necessary legal expenses the subjects may incur to repair falsified or damaged credit records, histories, or financial affairs (see VA handbook 6500.6, appendix c, paragraph 7.a, 7.d) 10. INFORMATION SYSTEM DESIGN AND DEVELOPMENT: a. Information systems that are designed or developed for or on behalf of VA at non-VA facilities shall comply with all VA directives developed in accordance with FISMA, HIPAA, NIST, and related VA security and privacy control requirements for Federal information systems. This includes standards for the protection of electronic PHI, outlined in 45 C.F.R. Part 164, Subpart C, information and system security categorization level designations in accordance with FIPS 199 and FIPS 200 with implementation of all baseline security controls commensurate with the FIPS 199 system security categorization (reference Appendix D of VA Handbook 6500, VA Information Security Program). During the development cycle a Privacy Impact Assessment (PIA) must be completed, provided to the COR, and approved by the VA Privacy Service in accordance with Directive 6507, VA Privacy Impact Assessment. b. The contractor/subcontractor shall certify to the COR that applications are fully functional and operate correctly as intended on systems using the VA Federal Desktop Core Configuration (FDCC), and the common security configuration guidelines provided by NIST or the VA. This includes Internet Explorer 7 configured to operate on Windows XP and Vista (in Protected Mode on Vista) and future versions, as required. c. The standard installation, operation, maintenance, updating, and patching of software shall not alter the configuration settings from the VA approved and FDCC configuration. Information technology staff must also use the Windows Installer Service for installation to the default ""program files"" directory and silently install and uninstall. d. Applications designed for normal end users shall run in the standard user context without elevated system administration privileges. e. The security controls must be designed, developed, approved by VA, and implemented in accordance with the provisions of VA security system development life cycle as outlined in NIST Special Publication 800-37, Guide for Applying the Risk Management Framework to Federal Information Systems, VA Handbook 6500, Information Security Program and VA Handbook 6500.5, Incorporating Security and Privacy in System Development Lifecycle. f. The contractor/subcontractor is required to design, develop, or operate a System of Records Notice (SOR) on individuals to accomplish an agency function subject to the Privacy Act of 1974, (as amended), Public Law 93-579, December 31, 1974 (5 U.S.C. 552a) and applicable agency regulations. Violation of the Privacy Act may involve the imposition of criminal and civil penalties. g. The contractor/subcontractor agrees to: (1) Comply with the Privacy Act of 1974 (the Act) and the agency rules and regulations issued under the Act in the design, development, or operation of any system of records on individuals to accomplish an agency function when the contract specifically identifies: (a) The Systems of Records (SOR); and (b) The design, development, or operation work that the contractor/ subcontractor is to perform; (1) Include the Privacy Act notification contained in this contract in every solicitation and resulting subcontract and in every subcontract awarded without a solicitation, when the work statement in the proposed subcontract requires the redesign, development, or operation of a SOR on individuals that is subject to the Privacy Act; and (2) Include this Privacy Act clause, including this subparagraph (3), in all subcontracts awarded under this contract which requires the design, development, or operation of such a SOR. h. In the event of violations of the Act, a civil action may be brought against the agency involved when the violation concerns the design, development, or operation of a SOR on individuals to accomplish an agency function, and criminal penalties may be imposed upon the officers or employees of the agency when the violation concerns the operation of a SOR on individuals to accomplish an agency function. For purposes of the Act, when the contract is for the operation of a SOR on individuals to accomplish an agency function, the contractor/subcontractor is considered to be an employee of the agency. (1) ""Operation of a System of Records"" means performance of any of the activities associated with maintaining the SOR, including the collection, use, maintenance, and dissemination of records. (2) ""Record"" means any item, collection, or grouping of information about an individual that is maintained by an agency, including, but not limited to, education, financial transactions, medical history, and criminal or employment history and contains the person's name, or identifying number, symbol, or any other identifying particular assigned to the individual, such as a fingerprint or voiceprint, or a photograph. (3) ""System of Records"" means a group of any records under the control of any agency from which information is retrieved by the name of the individual or by some identifying number, symbol, or other identifying particular assigned to the individual. i. The vendor shall ensure the security of all procured or developed systems and technologies, including their subcomponents (hereinafter referred to as ""Systems""), throughout the life of this contract and any extension, warranty, or maintenance periods. This includes, but is not limited to workarounds, patches, hotfixes, upgrades, and any physical components (hereafter referred to as Security Fixes) which may be necessary to fix all security vulnerabilities published or known to the vendor anywhere in the Systems, including Operating Systems and firmware. The vendor shall ensure that Security Fixes shall not negatively impact the Systems. j. The vendor shall notify VA within 24 hours of the discovery or disclosure of successful exploits of the vulnerability which can compromise the security of the Systems (including the confidentiality or integrity of its data and operations, or the availability of the system). Such issues shall be remediated as quickly as is practical, but in no event longer than 7 days. k. When the Security Fixes involve installing third party patches (such as Microsoft OS patches or Adobe Acrobat), the vendor will provide written notice to the VA that the patch has been validated as not affecting the Systems within 10 working days. When the vendor is responsible for operations or maintenance of the Systems, they shall apply the Security Fixes within 7 days. l. All other vulnerabilities shall be remediated as specified in this paragraph in a timely manner based on risk, but within 60 days of discovery or disclosure. Exceptions to this paragraph (e.g. for the convenience of VA) shall only be granted with approval of the contracting officer and the VA Assistant Secretary for Office of Information and Technology. 11. INFORMATION SYSTEM HOSTING, OPERATION, MAINTENANCE, OR USE: a. For information systems that are hosted, operated, maintained, or used on behalf of VA at non-VA facilities, contractors/subcontractors are fully responsible and accountable for ensuring compliance with all HIPAA, Privacy Act, FISMA, NIST, FIPS, and VA security and privacy directives and handbooks. This includes conducting compliant risk assessments, routine vulnerability scanning, system patching and change management procedures, and the completion of an acceptable contingency plan for each system. The contractor's security control procedures must be equivalent, to those procedures used to secure VA systems. A Privacy Impact Assessment (PIA) must also be provided to the COR and approved by VA Privacy Service prior to operational approval. All external Internet connections to VA's network involving VA information must be reviewed and approved by VA prior to implementation. b. Adequate security controls for collecting, processing, transmitting, and storing of Personally Identifiable Information (PII), as determined by the VA Privacy Service, must be in place, tested, and approved by VA prior to hosting, operation, maintenance, or use of the information system, or systems by or on behalf of VA. These security controls are to be assessed and stated within the PIA and if these controls are determined not to be in place, or inadequate, a Plan of Action and Milestones (POA&M) must be submitted and approved prior to the collection of PII. 12. INVOICES: Payment will be made upon receipt of a properly prepared detailed invoice, prepared by the Contractor, validated by the Contracting Officer s Representative (COR), and submitted electronically through OB-10. A properly prepared invoice will contain: Invoice Number and Date Contractor s Name and Address Accurate Purchase Order Number Supply or Service provided Total amount due 13. PERFORMANCE MEASURERS PERFORMANCE MEASURES Performance measures are comprised of performance indicators (some characteristic of a deliverable that can be measured) and performance measures (a mark, measure or benchmark that government personnel use as a point of comparison when evaluating contractor performance). The Government performs surveillance to determine if the contractor exceeds, meets or does not meet these measures. This Performance Work Statement (PWS), includes performance measures. The Performance Requirements are listed below. The Government shall use these measures to determine contractor performance and shall compare contractor performance to the Acceptable Quality Level (AQL). REQUIRED SERVICE PERFORMANCE STANDARD MONITORING METHOD RESULTS FOR MEETING OR NOT MEETING THE PERFORMANCE STANDARDS Access to the Pharmacy-Medical database for all staff in VISN 7, Including CBOCs Contractor will provide 24-hour access to the requested Database 7 days a week. Employee access to the Awarded database system 24/7 by VISN 7 staff. Exercise Option Year or Not Exercise Option Year Emergency Maintenance performed in accordance with the Statement of Work (SOW). Contractor will be available 24/7 to correct problems This will be accomplished through the company rep or a company help line through contact with a VISN 7 Librarian. Employee complaints and company response to complaints. These will be monitored by the VISN 7 Library staff and reported to the contractor s rep for VISN 7. Exercise Option Year or Not Exercise Option Year Training Training will be provided by the contractor either online of in person through a company representative. Direct contact with VISN 7 Librarians. Exercise Option Year or Not Exercise Option Year 1. INCENTIVES AND DISINCENTIVES There are no incentives or disincentives. The Government shall use the scoring methods above for continuing contract performance. 2. METHODS OF QUALITY ASSURANCE SURVEILLANCE Various methods exist to monitor performance. The COR may use any surveillance methods listed below in the administration of this QASP. a. DIRECT OBSERVATION: The COR can perform periodically or through 100% surveillance. b. PERIODIC INSPECTION. The COR evaluates outcomes on a periodic basis. Inspections may be scheduled daily, weekly, monthly, quarterly, or annually or use unscheduled inspections. c. USER SURVEY: This method combines elements of validated user complaints and random sampling. Random survey is conducted to solicit user satisfaction. The COR may also generate inspections and sampling. d. VALIDATED USER/CUSTOMER COMPLAINTS. This method relies on the patient to identify deficiencies. Complaints are then investigated and validated. e.100% INSPECTION. The COR may evaluate all outcomes. f. RANDOM SAMPLING. This is designed to evaluate performance by randomly selecting and inspecting a sample of cases. g. Progress reports or status meetings. The COR will analyze contractor's progress reports. (Evaluate cost, schedule, etc.) 3. RATINGS Metrics and methods are designed to determine if performance exceeds, meets, or does not meet a given standard and acceptable quality level. A rating scale shall be used to determine a positive, neutral or negative outcome. The following ratings shall be used: 100% is positive, 95% is neutral, and 90% is negative. 4. DOCUMENTING PERFORMANCE a. ACCEPTABLE PERFORMANCE (100% RATING) The Government shall document positive performance. Any report may become a part of the supporting documentation for any contractual action. b. UNACCEPTABLE PERFORMANCE (90% RATING) When unacceptable performance occurs, the COR shall inform the contractor. This will normally be in writing unless circumstances necessitate verbal communication. In any case the COR shall document the discussion and place it in the COR file. When the COR determines formal written communication is required, the COR shall prepare a Contract Discrepancy Report (CDR), and present it to the contractor and a copy to the Contracting Officer. Any CDRs may become a part of the supporting documentation for any contractual action deemed necessary by the Contracting Officer.
Web Link: SAM.gov Permalink
(https://sam.gov/opp/62075f8ee4c247a2b460014ad880b248/view)
Place of Performance: Address: See Performance Work Statement
Record: SN06666505-F 20230430/230428230114 (samdaily.us)
Source: SAM.gov Link to This Notice
(may not be valid after Archive Date)

| FSG Index | This Issue's Index | Today's SAM Daily Index Page |

Loren Data's SAM Daily™

R -- 509-23-4-5468-0013 - Replaces 36C24718C0056 - VISN 7 Electronic Pharmacy & Medical Reference Database - New Base + 4 (VA-23-00065343)