Loren Data's SAM Daily™

fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
SAMDAILY.US - ISSUE OF MARCH 31, 2024 SAM #8160
AWARD

70 -- 7A21 DO OP3 Consult Tracking Mgr Plus - VISN

Notice Date
3/29/2024 1:26:39 PM
 
Notice Type
Award Notice
 
NAICS
541519 — Other Computer Related Services
 
Contracting Office
NETWORK CONTRACT OFFICE 23 (36C263) Saint Paul MN 55101 USA
 
ZIP Code
55101
 
Solicitation Number
36C26324N0549
 
Archive Date
04/13/2024
 
Point of Contact
Timothy Kimmel, Steve Hernandez
 
E-Mail Address
timothy.kimmel@va.gov, Steven.Hernandez3@va.gov
(timothy.kimmel@va.gov, Steven.Hernandez3@va.gov)
 
Award Number
36C26320D0067
 
Award Date
03/29/2024
 
Awardee
DOCUMENT STORAGE SYSTEMS INC Juno Beach FL 33408 USA
 
Award Amount
421953.19
 
Description
STATEMENT OF WORK (SOW) Contract Title: �� Consult Tracking Manager Plus (CTM+) - Perpetual License Scope: The Contractor shall provide CTM+ software installation / deployment at all eight healthcare systems with initial training for the following nine V23 sites:� Nebraska-Western Iowa, Central Iowa, Iowa City, Minneapolis, St. Cloud, Fargo, Black Hills (training @ Ft Meade & Hot Springs separately) and Sioux Falls. Contractor will provide maintenance & support subscription to fix bugs, install minor release upgrades and telephone support as needed when problems occur with the software for all eight healthcare systems. Four option years will include the CTM+ Perpetual License, the annual software subscription for maintenance and support for all eight healthcare systems and refresher training for nine sites annually.� Background: �� Consult management is a complicated task that has great impact on care delivery to our Veterans.� Ensuring Veterans are scheduled, and care is coordinated for consults entered within the V23 clinical facility or out in the community is a monumental job.� Variations in methods of managing consults and workload are found everywhere.� Management and tracking of open consults, in addition to, performing all actions necessary to coordinate the care delivery is complex and time consuming.� Our electronic, paper based, and non-integrated systems and solutions are not adequate to fill the need to efficiently and most importantly accurately coordinate consult management activities.� Business as usual today often requires teams to perform double entry of data, work from many separate systems and duplicative work efforts.� Significant efforts are made to manipulate existing reports into actionable tasks for staff. Our manual workflows are inefficient and put providers and care coordinators at risk for Veterans waiting longer than necessary to get scheduled appointments for the services they are referred for both in-house and in the community. Time spent on the laborious tracking methods used today could be more time spent actively engaging with Veterans thus improving outcomes and Veteran satisfaction. �As activities occur on consults throughout the day (comments, contact attempts, addition of SEOC, status changes, etc.) reports quickly become inaccurate causing additional touches to consult that may have already been actioned on.� Existing reports require additional software/windows open on the user�s computer reducing efficiency and subject to error.� Existing reports/methods lack clarity on next action needed for consults. A well-developed consult management program should include the ability to see at a glance when the consult was created, the status, and view comments made by all involved staff on one screen without having to manipulate through several different programs.� Doing so not only risks Veterans falling through the cracks due to complicated follow up but places an unnecessary burden on staff which impacts performance, employee satisfaction and morale.� Required Capabilities: V23 requires a clinical decision support tool (DST) used for real-time surveillance, alerting, documentation and reporting that is already approved for use within the VA Network.� Must interface with existing VA VistA/CPRS systems providing real-time data. �As actions occur throughout the day, they are reflected within the tool immediately. Consult Tracking Manager Plus (CTM+) is a web-based software solution that provides an instant, up-to-date dashboard view of the status of all patient consults in a clinical environment. This software application shows all actions required by a user`s role, and when a task is complete, it automatically moves through a queue and displays on the next person`s task list as an open item. Software maintenance & support; Unlimited licenses to all sites within V23 for Base Year and 4 Option Years. Provides write-back functionality to CPRS allowing staff to take actions on consults while reducing the number of programs/windows open on their computer desktop. Including: Documenting eligibility Documenting contact attempts Capturing Veteran preferences. Scheduling of appointments Any action/documentation available in the consult toolbox Instant �dashboard� view of the status of all consults Capable of multiple queries across a variety of medical departments, providing views and status of all clinical consults defined by location, service line and other parameters. Unique to each clinical service delivery department allowing for a department/service view of consult information in real time Computer �web based� solution to eliminate paper forms Optimized for access on mobile devices and/or computers on wheels. Not limited to management/reporting of Community Care consults but can be used facility wide for consult management. Provides functionality for managing and tracking RTC orders Provides functionality for patient results letters Addressing consults beyond the scheduled status (i.e. requesting records/completing consults) Product must have HL-7 communication interfaces with the VA VISTA system and Computer Patient Record System (CPRS) that are already approved by VA OI&T (development or �new� interfaces are not acceptable). The product must be listed as authorized for use on VA computer and network systems as identified in the Technical Reference Model (TRM) Technology/Standard List � startup, new development and or products currently under review WILL NOT be considered. Per the May 5th, 2015 memorandum from the VA Chief Information Security Officer (CISO) FIPS 140-2 Validate Full Disk Encryption (FOE) for Data at Rest in Database Management Systems (DBMS) and in accordance with Federal requirements and VA policy, database management must use Federal Information Processing Standards (FIPS) 140-2 compliant encryption to protect the confidentiality and integrity of VA information at rest at the application level. If FIPS 140-2 encryption at the application level is not technically possible, FIPS 140-2 compliant full disk encryption (FOE) must be implemented on the hard drive where the DBMS resides. Appropriate access enforcement and physical security control must also be implemented. All instances of deployment using this technology should be reviewed to ensure compliance with VA Handbook 6500 and National Institute of Standards and Technology (NIST) standards. The most important service that V23 will receive from using CTM+ is patient safety and quality of care both enhanced through clinicians receiving the right information at the right time about the right patient so that they can make better and more-timely decisions, improving not only outcomes, but the experience for the patients and their families as well as the clinicians. More meaningful, timely and considered documentation improves communication between providers. CTM+ delivers actionable patient information and medical knowledge into the workflow of clinicians at the point of care. This enables caregivers to intervene faster, reduce length of stay, and efficiently provide better, safer care. Better decisions alter the healthcare experience and outcome for each patient, while reducing costs. VHA expressed interest in enhancing its ability to monitor/track consults and other events within facilities.� Open consults are a major issue for all Veteran patients and VA healthcare providers, CTM+ will provide tools to accomplish this objective. DSS Support Services provides product support directly to the customer for most issues, whether user or server related. Support Services will: Work directly with users to address their issues with the CTM+ Product. Respond to issues reported to them in accordance with this document within the response times defined in this document. Help VHA Office of Information and Technology (OI&T) and/or Biomed staff configure setup of necessary licensed DSS Products to meet VHA�s and/or end-users needs. Advise VHA OI&T and/or Biomed staff as a Subject Matter Expert (SME) as it relates to licensed DSS Products and their configuration in internal meetings, new installations of licensed DSS Products, and end-user activities. Help VHA OI&T and/or Biomed staff on issues involving licensed DSS product infrastructure requirements, including hardware, bandwidth, and best practices. Keep the Veterans Administration Medical Center (VAMC) Points of Contact (POC) aware of issues that may impact their usage of licensed DSS products. Make reports by request available to VHA OI&T and/or BioMed staff, including: Summary of tickets opened for licensed DSS products for the last 30 or 7 days. Summary of tickets currently open and those closed in the past 7 days for licensed DSS products. Summary of known issues impacting the site along with their status and expected release date and workaround if available. Performance Monitoring: The Contractor shall provide the specific deliverables described below within each performance period: ��������������� Beginning of the Contract Year � Create a Delivery Schedule: If for any reason the scheduled time for a deliverable cannot be met, the contractor is required to explain why (include the original deliverable due date) in writing to the CO and COR, including a firm commitment of when the work shall be completed.� This notice shall cite the reasons for the delay, and the impact on the overall project.� The CO will then review the facts and issue a response in accordance with applicable regulations. � Monthly Progress Reports: ������������������������������� Once the Veterans� Health Administration (VHA) has purchased a license for the Document Storage Systems (DSS) product Consult Tracking Manager Plus, this product requires an annual maintenance support services package. This maintenance agreement is for bug fixes, install minor release upgrades as well as standard support services. The progress report will cover all work completed during the preceding month and will present the work to be accomplished during the subsequent month.� This report will also identify any problems that arose and a statement explaining how the problem was resolved.� This report will also identify any problems that have arisen but have not been completely resolved with an explanation. During the Base Year of the contract and implementation of the program, this will include installation and training dates for each site as they all �Go-Live�.� For every Option Year of the contract thereafter, this will include annual refresher training for each site.� This monthly progress report is due to the COR by the second workday following the end of each calendar month.� Security Requirements: The applications, supplies, and services furnished under this SOW must comply with One-VA Enterprise Architecture (EA), available at �http://www.ea.oit.va.gov/index.asp and more specifically the Technical Reference Model (One-VA TRM) in force at the time of issuance of each SOW.� VA reserves the right to assess SOW deliverables for EA compliance prior to acceptance. The contractor shall ensure adequate LAN/Internet, data, information, and system security in accordance with VA standard operating procedures and standard contract language, conditions laws, and regulations.� The contractor�s firewall and web server shall meet or exceed the government minimum requirements for security.� All government data shall be protected behind an approved firewall.� Any security violations or attempted violations shall be reported to the VA project manager and the VBA Headquarters Information Security Officer as soon as possible.� The contractor shall follow all applicable VA policies and procedures governing information security, especially those that pertain to certification accreditation. The Veterans Affair Acquisition Regulation (VAAR) security clause (cited below) must be included in all contracts: 7.1 Information Technology and Security Requirements ���� 1. SUBPART 839.2 � INFORMATION AND INFORMATION TECHNOLOGY SECURITY REQUIREMENTS ��������� 839.201 Contract clause for Information and Information Technology Security: a. Due to the threat of data breach, compromise or loss of information that resides on either VA-owned or contractor-owned systems, and to comply with Federal laws and regulations, VA has developed an Information and Information Technology Security clause to be used when VA sensitive information is accessed, used, stored, generated, transmitted, or exchanged by and between VA and a contractor, subcontractor or a third party in any format (e.g., paper, microfiche, electronic or magnetic portable media). ���� 2. 852.273-75 - SECURITY REQUIREMENTS FOR UNCLASSIFIED INFORMATION TECHNOLOGY RESOURCES The contractor, their personnel, and their subcontractors shall be subject to the Federal laws, regulations, standards, and VA Directives and Handbooks regarding information and information system security as delineated in this contract. 7.2 Contractor shall comply with all applicable requirements as outlined in VA Handbook 6500.6 �Contract Security� (See Attachment).� The contractor, their personnel, and their subcontractors shall be subject to the Federal laws, regulations, standards, and VA Directives and Handbooks regarding information and information system security as delineated in this contract.� 7.3 The contractor shall have a written Security Plan to assure that the requirements of the contract are met as specified herein.� The plan shall be for the physical facility at the contractor�s place of business, as well as for the remote transcriptionists� locations.� It shall address security issues, including identifying the security system employed to maintain patient confidentiality, and identifying the virus protection to be used.� 7.4 In addition, the following policies and laws are applicable to all services to be provided under this contract: Computer Security Act of 1987, PL 100-235 Privacy Act of 1974, 5 U.S.C. 552a Healthcare Insurance Portability and Accountability Act of 1996 (HIPPA) Fraud and Related Activity in Connection with Access Devices and Computers, 18 U.S.C. 1029-1030 Electronic Communications Privacy Act of 1986, PL 99-508 Title 38, U.S.C. 5701, VA Claims Confidentiality Statute Title 38, U.S.C. 5705, Confidentiality of Healthcare Quality Assurance Records Title 38, U.S.C. 7332, Confidentiality of Certain Medical Records Title 44, U.S.C 3542, Federal Information Security Management Act of 2002 7.5 Contractor shall notify the local facility ISO and/or Privacy Officer and COR upon detection of any actual or suspected compromise of security.� The local facility ISO and COR shall be notified of any employee who has been issued an Access Code and Verify Code to the VISTA. System who will no longer be performing transcription services for the Medical Center, so that their computer system access can be terminated.� This notification should occur prior to the contractor�s employee�s departure date or at the same time of departure.� Any individual making unauthorized disclosure may be held criminally liable for violations under the Act.� (See FAR 52.224-1 and 52.224-02). 7.6 Remote access requirements:� The Contractor shall have remote access to VA computer systems or network in the performance of the contract. VA has stringent policies and procedures covering remote access, therefore the following responsibilities are outlined below: 7.6.1 All remote connections to the VA network must be through the Office of Cyber and Information Security (OCIS) authorized configurations and access points. �All remote access to VA systems that contain sensitive information must be done through the One-VA Virtual Private Network (VPN).� After contract award and prior to VA granting access, the contractor shall be required to complete all security requirements. 7.6.2 The VA will provide secure and reliable remote access to systems, applications, and information on the VA network to the Contractor. 7.6.3 All contractor personnel requesting remote access shall sign a One-VA VPN Rules of Behavior. The Contractor shall be responsible to ensure contractor personnel follow the terms of the agreement. 7.6.4 VA will provide VPN software, host based personal firewall, and anti-virus software to the Contractor for necessary staff as determined by COR and contractor (normally project manager and alternate, conducting uploading and verification functions). 7.6.5 The Contractor shall install VA provided VPN software, host-based personnel firewall, and anti-virus protection software on all contractor computer systems that will connect to the VA network or computer systems. 7.6.6 The Contractor shall adhere to the remote access requirements, and ensure that systems are properly configured, and appropriate security mechanism and monitoring devices are up to date with best practices and technical standards. 7.7 Contractor Hardware and Software Maintenance:� Hardware and software that processes, stores or transmits VA sensitive information used in performance of this contract must be installed, configured and maintained to protect the availability, confidentiality and integrity of VA sensitive information. 7.7.1 Contractor operating systems, application software and virus protection must be installed, configured and maintained at the current release and security patches. 7.7.2�� The Contractor must notify the individual VA facility when changes are made to VA hardware and software. With the exception of emergency changes, the facility ISO must approve all changes to computer or network systems in advance. 7.7.3 Contract personnel must physically sign a VA Rules of Behavior before access is granted to VA information systems. In addition, each individual shall be required to re-sign an electronic version of the VA Rules of Behavior on an annual basis. A physical or electronic signature indicates the individual shall comply with VA information security policies and procedures. 7.8 The Contractor shall provide a list of all contract personnel working under this contract to the CO and COR within five (5) calendar days after notice of contract award.� An updated list shall be provided to the CO and COR annually at renewal of option years and whenever a change in contract personnel occurs.� 7.9 CONTRACTOR PERSONNEL SECURITY REQUIREMENTS � 7.9.1 All contractor employees who require access to the Department of Veterans Affairs� computer systems shall be the subject of a background investigation. If the investigation is not completed prior to the start date of the contract, the contractor shall be responsible for the actions of those individuals they provide to perform work for VA.� In addition, a contractor must have the following before access to VA Information Technology resources (network and/or protected data):� 1) A favorably adjudicated Special Agreement Check (SAC) or �Closed � No issues� SAC fingerprint results; 2) Training delineated in VA Handbook 6500.6 (Appendix C, Section 9); and 3) Signed �Contractor Rules of Behavior.� Position Sensitivity � The position sensitivity has been designated as Low Risk. Background Investigation - The level of background investigation commensurate with the required level of access is National Agency Check with Written Inquiries (NACI) � Tier 1. Contractor Responsibilities - The contractor shall bear the expense of obtaining background investigations. If the investigation is conducted by the Office of Personnel Management (OPM) through the VA, the contractor shall reimburse VA within 30 days.� The estimated cost for a low risk level background check is $231.00 each. The contractor shall submit or have their employees submit the following required forms to the VHA Service Center (VSC) through the CO and COR within 14 days of receipt: VSC Contract Security Services Request Form #1A VSC Contract Security Services Supplemental Request Form #1B (continuation of #1A) VA Form 0710, Authority for Release of Information Form Optional Form 306, Declaration for Federal Employment VSC Self-Certification of Continuous Service VA Handbook 6500.6, Contractor�s Rules of Behavior ����������������������� Along with the forms for access � training must also be completed in TMS: TMS Training - VA 10176, VA Privacy and Information Security Awareness and Rules of Behavior TMS Training - VA 10203, Privacy and HIPAA Training Here are self-enrollment instructions:���� ����Use Instructions for �Contractors� COR Information will be provided on request. ��������������� ����� * More forms may be required if fingerprints, background checks (NACI) or PIV sponsorship are required ����������������������� �� ** All forms may be provided to the Contractor by the COR ����������������������� *** COR may request additional information for the purpose of entering requests for access on behalf ����������������������� ������� of each contractor. Government Responsibilities The VA Office of Security and Law Enforcement will provide the necessary forms to the contractor or to the contractor�s employees after receiving a list of names and addresses. Upon receipt, the VA Office of Security and Law Enforcement will review the completed forms for accuracy and forward the forms to OPM to conduct the background investigation. The VA facility will pay for investigations conducted by the Office of Personnel Management (OPM) in advance. In these instances, the contractor shall reimburse the VA facility within 30 days. The VA Office of Security and Law Enforcement will notify the Contracting Officer and Contractor after adjudicating the results of the background investigations received from OPM. The Contracting Officer will ensure that the Contractor provides evidence that investigations have been completed or are in the process of being requested. Investigations by other than OPM - If the Contractor does not wish to use OPM to conduct the investigation, the following procedures shall be used. Upon agreement The VA Personnel Security office will request the investigation using VA Form 0237, Personnel Security Action Request and Certification. Background investigations from investigating agencies other than OPM are permitted if the agencies possess an OPM and Defense Security Service certification. A Cage Code number must be provided to the Office of Security and Law Enforcement, which will verify the information and advise the Contracting Officer whether access to the computer systems can be authorized. Unfavorable Determinations: The Contractor, when notified of an unfavorable determination by the Government, shall withdraw the employee from consideration from working under the contract.� Failure to comply with the Contractor personnel security requirements may result in termination of the contract for default.� Investigation Forms:� The necessary forms will be provided to the Contractor after submission to the VA of the list of names and addresses of employees requiring access to the VA computer system.� The Contracting Officer in conjunction with the on-site Information Security Officer will ensure that the Contractor provides evidence that investigations have been completed or are in the process of being requested. Places of Performance: Nebraska-Western Iowa VA Medical Center, 4101 Woolworth Ave, Omaha, NE� 68105 Central Iowa VA Medical Center, 3600 30th Street, Des Moines, IA� 50310 Iowa City VA Medical Center, 601 Highway 6 West, Iowa City, IA� 52246 Minneapolis VA Medical Center, One Veterans Drive, Minneapolis, MN� 55417 St. Cloud VA Medical Center, 4801 Veterans Drive, St. Cloud, MN� 56303 Fargo VA Medical Center, 2101 Elm Street N, Fargo, ND� 58102 Black Hills Healthcare System (Install at the one HCS / Training at both Med Ctrs): Ft Meade VA Medical Center, 113 Comanche Road, Fort Meade, SD� 57741 Hot Springs VA Medical Center, 500 North Fifth Street, Hot Springs, SD� 57747 Sioux Falls VA Medical Center, 2501 W. 22nd Street, Sioux Falls, SD� 57105 Periods of Performance: ������ Base Year:� September 1, 2020 � August 31, 2021 Option Year 1:� September 1, 2021 � August 31, 2022 Option Year 2:� September 1, 2022 � August 31, 2023 Option Year 3:� September 1, 2023 � August 31, 2024 Option Year 4:� September 1, 2024 � August 31, 2025 Delivery Schedule The Contractor shall be available from 8:00am to 4:30pm CST; Monday through Saturday, excluding federal holidays. Schedule of Roll-Out:� Facilities will be rolled-out based on VISN and Facility analysis of need and readiness for product.�
 
Web Link
SAM.gov Permalink
(https://sam.gov/opp/8a72fd2ba6a74ad98de612b72d3a18e7/view)
 
Place of Performance
Address: Juno Beach, FL 33408, USA
Zip Code: 33408
Country: USA
 
Record
SN07013777-F 20240331/240329230054 (samdaily.us)
 
Source
SAM.gov Link to This Notice
(may not be valid after Archive Date)

FSG Index  |  This Issue's Index  |  Today's SAM Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.