DISCLAIMER: THIS IS A SOURCE SOUGHT NOTICE ONLY. THIS SYNOPSIS IS NOT A REQUEST FOR QUOTE, PROPOSAL, OR BID. This notice is not a solicitation as defined by FAR 2.101, therefore it shall not be construed as a commitment by the Government to enter into a contract, nor does it restrict the Government to an acquisition approach. All information contained in this RFI is preliminary as well as subject to modification and is in no way binding on the Government. Information submitted in response to this notice is voluntary; the Government will not pay for information requested nor will it compensate any respondent for any cost incurred in developing information provided to the Government. The Government is requesting that restrictive or proprietary markings not be used in response to this notice. If a solicitation is released, it is will be synopsized in the Federal Business Opportunities (FedBizOpps) website or GSA. It is the responsibility of the interested parties to monitor these sites for additional information pertaining to this RFI.
1. Purpose: John L. McClellan Memorial Veterans Hospital hereby issues the following Sources Sought Notice as a Request for Information (RFI). This RFI is being used for Market Research purposes only to seek contractors with the capability to provide the Central Arkansas Veterans Healthcare System (CAVHS) with all labor, tools materials, supplies, equipment, cabling, licensing, personnel, supervision and transportation required to provide Mobile Positron Emission Tomography and Computed Tomography (PET-CT) Scans trailer system Lease to CAVHS facilities. See attached PWS for further details.
2. Place of Performance:
John L. McClellan Memorial Veterans Hospital
4300 West 7th Street
Little Rock, AR 72205
3. Opportunity: The CAVHS is seeking information from potential contractors on their ability to provide this service. THIS IS A REQUEST FOR INFORMATION (RFI) ONLY. Small Business Concerns are encouraged to provide responses to this RFI to assist the MEDVAMC in determining potential levels of competition available in the industry.
4. Contact Information:
Contracting Officer, Joseph Warren
Email address: [email protected]
Your responses to this notice is appreciated.
Performance Work Statement
Mobile PET CT Lease
Central Arkansas Veterans Healthcare System
Little Rock, AR
3/6/2024
1. PURPOSE
1.1 The purpose of this contract is to provide the Central Arkansas Veterans Healthcare System (CAVHS) with continuous lease of a PET CT system set up inside of a shielded parked trailer stationed outside of the John L. McClellan VAMC in Little Rock, AR.
1.2 The entire offering of a PET/CT Mobile Trailer shall meet all local, state, federal, industry, NHPP, NRC, Joint Commission NEC, NFPA, VA, OSHA, and other regulatory standards.
2. SCOPE
2.1 The Contractor shall provide, transport, install, and test all listed equipment. All products must meet all salient characteristics defined in this section.
2.2 All equipment and installation must meet manufacturers and VA specifications.
2.3 The Contractor shall furnish all supplies, equipment, facilities, expertise, and services required for delivery, installation, hookup, maintenance, and complete removal of the supplies and equipment.
2.4 The Contractor is responsible for any missing parts and components not included in order to carry out the installation.
2.5 The Contractor shall provide set up and maintenance of all equipment to ensure that it is able to operate at 96% or more of scheduled uptime.
2.6 The Contractor will be provided a minimum seventy-two (72) hours notice when the mobile unit is no longer required.
2.7 Mobile unit shall be delivered and removed, respectively, on a date and time mutually agreed upon between the COR and the Contractor.
2.8 Qualified CAVHS personnel may need to perform PET scans at any time therefore, the Mobile unit will be available, and the VA will have access on site 24 hours a day, 7 days a week (24/7) for the agreed upon period.
2.9 The Contractor shall be responsible to maintain all of the equipment in good working order at all times and shall reimburse the VA for any reasonable costs which may be associated with any defective workmanship or equipment failure as further defined herein.
2.10 SALIENT CHARACTERISTICS
2.10.1 PET/CT Scanner that meets or exceeds the following characteristics:
Canon Mobile Cartesion Prime Digital PET/CT Aero or equivalent, as listed below:
Extra-large 27 cm (axial FOV) digital PET detector with 1 to 1 coupling
Fast 263 psec time of flight or better to enable fast patient scanning at lower doses with optimal image quality
Allows for 1 bed acquisition of PET brains with scan times as fast as 5 minutes
Allows for 1 mm recons as small as 1 mm
Variable bed timing to facilitate 1 bed, longer acquisition for Prostate PSMA without extending the overall whole-body scan excessively
27 cm field of view to allow users to easily capture large heart scans
Large 4 cm CT detector with 0.5 mm slices providing low dose attenuation correction and best detail available
Single energy metal artifact reduction software algorithm that is FDA cleared to scan any metal in any part of the body, whether used prospectively or retrospectively
100% air-cooled design that does not require a chiller
Remote and automatic movement of the table in any direction (up/down, in/out and side to side)
Table can be moved from the front of gantry, back of gantry or remotely from the control room console
FDA cleared deep learning reconstruction available for both PET and CT
Maintains signal to noise with a 75% reduction in counts offering faster scans, significantly lower dose (images shown sub 8 mCi), and with higher quantitative accuracy
Large bore size with a 78 cm flared gantry opening
Includes 65″ X 36″ X 30″ console desk & two multifunction task chars with arms
Includes DICOM 3 Modality Worklist Management Service Class User System with Q/R & Store
Includes image quality phantom
Include power distribution unit
Applications training to include advanced cardiac CT course for technologists
Wall mount for display
Injector synchronization kit
Cardiac gating scan kit
ECG gated scanning, monitor, R-wave trigger
Gantry Rear control panel
Flex pedestal dual flow injector
Vitrea oncology advanced option
Neuro package
Respiratory gating acquisition software
Ability to function independently as a whole-body multi-slice CT
Auto kV can be set for protocols
Automatic couch height positioning compensation for incorrect patient positioning
Active collimation to eliminate exposure that is not used for diagnosis
Compliance with National Electronic Manufacturers Association (NEMA) standards XR25, XR26, & XR29.
Console with MS Windows 10 operating system and ergonomic operator controls
Applications, technical, and service support for customers 24 hours a day, seven days a week
Fire Suppression System
ADA compliant bathroom with either greywater tanks in underbelly or with connection to local sewer as desired by customer (see para 2.11.2.6).
Appropriate lead shielding and distance configured into the design in accordance with independent 3rd party health physicist calculations
AMST Standard Hot Lab Cabinet with installation of components and lead shielding around hot lab cabinet room
Support and Maintenance, including:
A Quality Assurance Program Which Meets or Exceeds Joint Commission Standards
Marketing Support
Operations Support
Parts and Service on Equipment that complies with OEM recommendations
All Service and Maintenance as required to maintain it in proper working order and suitable for use by CAVHS for patient care.
Schedule maintenance and ad hoc repair of equipment to ensure that it operates at 96% or more of scheduled uptime.
Twenty-four hour response time to resolve critical repair issues; defined as those that prohibit the system to be used for patient care.
Forty-eight hour response time to resolve urgent repair issues; defined as those that have a significant negative impact on workflow and/or comfort.
Five-day response time to resolve minor repair issues; defined as those that cause only a minor inconvenience to workflow and/or comfort or that are strictly cosmetic in nature.
Remote Diagnostic and Technical Support (Requires Internet Connection)
Orientation for Medical Center Staff
On-Site Applications Training
2.10.5 System Networking Interfaces
The PET CT shall be able to send DICOM images to both VistA Imaging and the commercial PACS (Philips Vue PACS) in use at CAHVS. Images may be sent directly to VistA & PACS or through a DICOM Router.
Must be compatible with DICOM Modality Worklist C-Find {MWL) to query exams.
Contractor’s equipment must be compatible with the VA existing equipment and/or IT systems.
The PET CT must be compatible with the VA s current and future patient health record systems, specifically VistA and Cerner.
At the end of the contract period, the Hard Drive must remain with the VA. Cost for a replacement Hard Drive should be included in the offeror s response.
2.11 DELIVERY AND INSTALLATION
2.11.1 DELIVERY – Contractor shall ship/deliver all equipment to the Central Arkansas Veterans Healthcare System, 4300 W. 7th St, Little Rock, AR 72205.
2.11.2 INSTALLATION
2.11.2.1 All equipment shall be setup/installed within 5 business days of delivery at Central Arkansas Veterans Healthcare System, 4300 West 7th Street, 5C-LR, Little Rock, AR, 72205.
2.11.2.2 Install all equipment to manufacturer s specifications maintaining Federal, and Local safety standards.
2.11.2.3 All work shall be completed between 8:00 a.m. and 4:30 p.m. Monday Friday. All federal holidays, excluded. Federal holidays are available at the Federal Holiday OPM Site.
2.11.2.4 If there is an operational conflict with installation, night or weekend installation may be required. Government will provide a 72 hours’ notice of change of installation hours.
2.11.2.5 The contractor shall coordinate all deliveries, staging areas, installations, and parking arrangements with the COR.
2.11.2.6 Contractor shall connect to the local sewer for patient waste disposal using CAVHS-provided access to the local sewer system.
2.11.2.7 The Contractor shall remove all related shipping debris and cleanup any construction associated with delivery and installation of the specified items. Contractor shall remove all packaging from the CAVHS premises. The Contractor shall be responsible for any damage to the building that occurs due to Contractor error or neglect.
2.12 SITE CONDITIONS
2.12.1 There shall be no smoking on CAVHS property at any time.
2.12.2 Food and drink will only be allowed in designated areas (cafeteria, etc.).
2.12.3 Contractor shall abide by all CAVHS rules and regulation in regard to COVID-19, including but not limited to screening procedures and use of proper PPE.
2.13 PERIOD OF PERFORMANCE
2.13.1 The period of performance shall be 12-months from a mutually agreed upon start date between VHA and the Contractor, with an option to renew for two additional 12-months periods after the start date. The start date will be as near the contract award date as possible, however see paragraph 2.13.2 for further guidance. The contract is subject to the availability of VA funds. No service shall be performed by the Contractor after dates indicated, unless authorized by the Contracting Officer in writing.
2.13.2 The PET CT trailer shall be set up on an existing concrete pad outside the John L. McClellan (JLM) VAMC in Little Rock, AR. T
2.14 EQUIPMENT MAINTENACE & REPAIRS
2.14.1 Equipment provided shall be in good working order at all times in order to provide high quality scans required under this solicitation and any resulting contract. Contractor shall be completely responsible for the preventive maintenance, emergency and general repairs, replacement of any defective parts/components, safety, cleaning, and upkeep of all equipment furnished by the Contractor. Preventative maintenance/repairs on the PET CT mobile unit and all associated equipment shall be performed in accordance with the Conformance Standards and manufacturer’s recommendations.
2.14.2 If the equipment should fail during normal working hours, emergency repairs will be performed on-site by qualified service engineers within a four-hour response time in order to reduce equipment downtime. Contract price shall be reduced by a reasonable amount in the event that the contractor is unable to meet the response times stated herein or as mutually agreed upon with the COR based upon patient scheduling. Notwithstanding, if it is determined that the equipment cannot be repaired on site within an agreed upon period of time, the contractor agrees to replace the Mobile Unit within forty-eight (48) hours of equipment failure. Contract price will be adjusted for any days in which the equipment cannot be used.
2.14.3 VA shall be responsible for the overall housekeeping of the unit including but not limited to removal and proper disposal of all debris on a daily basis or as often as necessary to maintain a sanitized and neat environment in accordance with the Conformance Standards.
2..14.4 The Contractor shall furnish and replace parts to meet times specified in this agreement. The Contractor has ready access to all parts, including unique and/or high mortality replacement parts. All parts supplied shall be compatible with existing equipment. The contract shall include all parts required. The Contractor shall use new or rebuilt parts. All parts shall be of current manufacture and have complete versatility with the presently installed equipment. All parts shall perform identically to the original equipment specifications. Rebuilt parts, used parts or those removed from another piece of equipment shall not be installed without specific approval by the CO or the COR.
3. INSPECTION AND ACCEPTANCE:
3.1 The Contractor shall conduct a joint inspection with the COR upon delivery of equipment.
3.2 Contractor shall provide dates of completion of punch list items and replacement parts and/or short ship items from the manufacturer(s).
3.3 The COR shall ensure all work is completed satisfactorily prior to acceptance. Disputes shall be resolved by the Contracting Officer.
4. DELIVERY/STORAGE REQUIREMENTS
4.1 Deliver materials to CAVHS in manufacturer’s original sealed containers with brand name marked thereon.
4.2 Package to prevent damage or deterioration during shipment, handling, storage and installation. Maintain protective covering in place and in good repair until removal is necessary.
4.3 Deliver specified items only when the site is ready for installation work to proceed.
4.4 Store products in dry condition inside enclosed facilities.
4.6 Any government requested delayed delivery up to 90 days after initial delivery date, shall be at no additional cost to the Government.
4.7 A pre-delivery meeting will be conducted 15 business days prior to initial negotiated delivery date for verification of delivery and installation dates.
4.8 Delivery and Installation will be coordinated through the COR.
5. DELIVERABLES
5.1 Operation and Maintenance Manuals
5.1.1 Binders – Quantity (1) for each equipment item.
5.1.2 Digital Copies- Quantity (1) for each equipment item.
5.2 Deliver compilation of all manufacturer recommended maintenance schedule and operation materials packaged in binder(s) to COR upon completion of installation.
6. OPERATOR TRAINING: Contractor shall provide on-site training of the equipment to the Users. Scheduling of operator training shall be coordinated with the CAVHS COR after installation is complete.
7. PROTECTION OF PROPERTY
7.1 Contractor shall protect all items from damage. The Contractor shall take precaution against damage to the building(s), grounds and furnishings. The Contractor shall repair or replace any items related to building(s) or grounds damaged accidentally or on purpose due to actions by the Contractor.
7.2 The Contractor shall perform an inspection of the building(s) and grounds with the COR prior to commencing work. To ensure that the Contractor shall be able to repair or replace any items, components, building(s) or grounds damaged due to negligence and/or actions taken by the Contractor. The source of all repairs beyond simple surface cleaning is the facility construction contractor (or appropriate subcontractor), so that building warranty is maintained. Concurrence from the VA Facilities Management POC and COR is required before the Contractor may perform any significant repair work. In all cases, repairs shall utilize materials of the same quality, size, texture, grade, and color to match adjacent existing work.
7.3 The Contractor shall be responsible for security of the areas in which the work is being performed prior to completion.
7.4 Contractor shall provide floor protection while working in all VA facilities. All material handling equipment shall have rubber wheels.
8. SECURITY REQUIREMENTS
8.1. SECURITY CLAUSE: “A&A requirements do not apply–Security Accreditation Package is not required”. Data will be under the control of VA at all times. Vendor remote support solution only has access to machine data and error logs. ePHI is not transferred nor accessible from the remote monitoring interface.
ACCESS TO VA INFORMATION AND VA INFORMATION SYSTEMS
a. The contractor will not have access to VA Desktop computers, nor will they have access to online resources belonging to the government while conducting services. If removal of equipment from the VA is required, any memory storage devices, such as hard drives, solid state drives and non-volatile memory units will remain in VA control and will not be removed from VA custody. ÂÂ
b. The contractor will not have access to protected Patient Health Information (PHI) and nor will they have the capability of accessing patient information during the services provided to the VA and if removal of equipment from the VA is required, any memory storage devices, such as hard drives, solid state drives and non-volatile memory units will remain in VA control and will not be removed from VA custody.  All research data available for Contractor analyses is de-identified.
c. Contractor shall comply with all applicable records management laws and regulations, as well as National Archives and Records Administration (NARA) records policies, including but not limited to the Federal Records Act (44 U.S.C. chs. 21, 29, 31, 33), NARA regulations at 36 CFR Chapter XII Subchapter B, and those policies associated with the safeguarding of records covered by the Privacy Act of 1974 (5 U.S.C. 552a). These policies include the preservation of all records, regardless of form or characteristics, mode of transmission, or state of completion.ÂÂ
d. In accordance with 36 CFR 1222.32, all data created for Government use and delivered to, or falling under the legal control of, the Government are Federal records subject to the provisions of 44 U.S.C. chapters 21, 29, 31, and 33, the Freedom of Information Act (FOIA) (5 U.S.C. 552), as amended, and the Privacy Act of 1974 (5 U.S.C. 552a), as amended and must be managed and scheduled for disposition only as permitted by statute or regulation.ÂÂ
e. In accordance with 36 CFR 1222.32, Contractor shall maintain all records created for Government use or created in the course of performing the contract and/or delivered to, or under the legal control of the Government and must be managed in accordance with Federal law. Electronic records and associated metadata must be accompanied by sufficient technical documentation to permit understanding and use of the records and data.ÂÂ
f. Central Arkansas Veterans Healthcare system and its contractors are responsible for preventing the alienation or unauthorized destruction of records, including all forms of mutilation. Records may not be removed from the legal custody of Central Arkansas Veterans Healthcare system or destroyed except for in accordance with the provisions of the agency records schedules and with the written concurrence of the Head of the Contracting Activity. Willful and unlawful destruction, damage or alienation of Federal records is subject to the fines and penalties imposed by 18 U.S.C. 2701. In the event of any unlawful or accidental removal, defacing, alteration, or destruction of records, Contractor must report to Central Arkansas Veterans Healthcare system. The agency must report promptly to NARA in accordance with 36 CFR 1230.
g. The Contractor shall immediately notify the appropriate Contracting Officer upon discovery of any inadvertent or unauthorized disclosures of information, data, documentary materials, records or equipment. Disclosure of non-public information is limited to authorized personnel with a need-to-know as described in the [contract vehicle]. The Contractor shall ensure that the appropriate personnel, administrative, technical, and physical safeguards are established to ensure the security and confidentiality of this information, data, documentary material, records and/or equipment is properly protected. The Contractor shall not remove material from Government facilities or systems, or facilities or systems operated or maintained on the Government’s behalf, without the express written permission of the Head of the Contracting Activity. When information, data, documentary material, records and/or equipment is no longer required, it shall be returned to Central Arkansas Veterans Healthcare system control or the Contractor must hold it until otherwise directed. Items returned to the Government shall be hand-carried, mailed, emailed, or securely electronically transmitted to the Contracting Officer or address prescribed in the [contract vehicle]. Destruction of records is EXPRESSLY PROHIBITED unless in accordance with Paragraph (4).
h.The Contractor is required to obtain the Contracting Officer’s approval prior to engaging in any contractual relationship (sub-contractor) in support of this contract requiring the disclosure of information, documentary material and/or records generated under, or relating to, contracts. The Contractor (and any sub-contractor) is required to abide by Government and Central Arkansas Veterans Healthcare system guidance for protecting sensitive, proprietary information, classified, and controlled unclassified information.
I. The Contractor shall only use Government IT equipment for purposes specifically tied to or authorized by the contract and in accordance with Central Arkansas Veterans Healthcare system policy.ÂÂ
J. The Contractor shall not create or maintain any records containing any non-public Central Arkansas Veterans Healthcare system information that are not specifically tied to or authorized by the contract.ÂÂ
kite Contractor shall not retain, use, sell, or disseminate copies of any deliverable that contains information covered by the Privacy Act of 1974 or that which is generally protected from public disclosure by an exemption to the Freedom of Information Act.ÂÂ
l. The Central Arkansas Veterans Healthcare system owns the rights to all data and records produced as part of this contract. All deliverables under the contract are the property of the U.S. Government for which Central Arkansas Veterans Healthcare system shall have unlimited rights to use, dispose of, or disclose such data contained therein as it determines to be in the public interest. Any Contractor rights in the data or deliverables must be identified as required by FAR 52.227-11 through FAR 52.227-20.
m. Training.  All Contractor employees assigned to this contract who create, work with or otherwise handle records are required to take [Agency]-provided records management training. The Contractor is responsible for confirming training has been completed according to agency policies, including initial training and any annual or refresher training.ÂÂ
8.3. VA INFORMATION CUSTODIAL LANGUAGE
a. Bio-Medical devices and other equipment or systems containing media (hard drives, optical disks, etc.) with VA sensitive information must not be returned to the vendor at the end of lease, for trade-in, or other purposes.
The options are:
(1) Vendor must accept the system without the drive;
(2) VA s initial medical device purchase includes a spare drive which must be installed in place of the original drive at time of turn-in; or
(3) VA must reimburse the company for media at a reasonable open market replacement cost at time of purchase occur that may
(4) Due to the highly specialized and sometimes proprietary hardware and software associated with medical equipment/systems, if it is not possible for the VA to retain the hard drive, then;
(a) The equipment vendor must have an existing BAA if the device being traded in has sensitive information stored on it and hard drive(s) from the system are being returned physically intact;
(b) Any fixed hard drive on the device must be non-destructively sanitized to the greatest extent possible without negatively impacting system operation. Selective clearing down to patient data folder level is recommended using VA approved and validated overwriting technologies/methods/tools. Applicable media sanitization specifications need to be preapproved and described in the purchase order or contract.
(c) A statement needs to be signed by the Director (System Owner) that states that the drive could not be removed and that (a) and (b) controls above are in place and completed.
The ISO needs to maintain the documentation.
8.4 SECURITY INCIDENT INVESTIGATION
a. The term security incident means an event that has, or could have, resulted in unauthorized access to, loss or damage to VA assets, or sensitive information, or an action that breaches VA security procedures. The contractor/subcontractor shall immediately notify the COR and simultaneously, the designated ISO and Privacy Officer for the contract of any known or suspected security/privacy incidents, or any unauthorized disclosure of sensitive information, including that contained in system(s) to which the contractor/subcontractor has access.
b. To the extent known by the contractor/subcontractor, the contractor/subcontractor s notice to VA shall identify the information involved, the circumstances surrounding the incident including to whom, how, when, and where the VA information or assets were placed at risk or compromised), and any other information that the contractor/subcontractor considers relevant.
c. With respect to unsecured protected health information, the business associate is deemed to have discovered a data breach when the business associate knew or should have known of a breach of such information. Upon discovery, the business associate must notify the covered entity of the breach. Notifications need to be made in accordance with the executed business associate agreement.
d. In instances of theft or break-in or other criminal activity, the contractor/subcontractor must concurrently report the incident to the appropriate law enforcement entity (or entities) of jurisdiction, including the VA OIG and Security and Law Enforcement. The contractor, its employees, and its subcontractors and their employees shall cooperate with VA and any law enforcement authority responsible for the investigation and prosecution of any possible criminal law violation(s) associated with any incident. The contractor/subcontractor shall cooperate with VA in any civil litigation to recover.
8.5 LIQUIDATED DAMAGES FOR DATA BREACH
a. Consistent with the requirements of 38 U.S.C. §5725, a contract may require access to sensitive personal information. If so, the contractor is liable to VA for liquidated damages in the event of a data breach or privacy incident involving any SPI the contractor/subcontractor processes or maintains under this contract.
b. The contractor/subcontractor shall provide notice to VA of a security incident as set forth in the Security Incident Investigation section above. Upon such notification, VA must secure from a non-Department entity or the VA Office of Inspector General an independent risk analysis of the data breach to determine the level of risk associated with the data breach for the potential misuse of any sensitive personal information involved in the data breach. The term ‘data breach’ means the loss, theft, or other unauthorized access, or any access other than that incidental to the scope of employment, to data containing sensitive personal information, in electronic or printed form, that results in the potential compromise of the confidentiality or integrity of the data. Contractor shall fully cooperate with the entity performing the risk analysis. Failure to cooperate may be deemed a material breach and grounds for contract termination.
c. Each risk analysis shall address all relevant information concerning the data breach, including the following:
(1) Nature of the event (loss, theft, unauthorized access);
(2) Description of the event, including:
(a) Date of occurrence;
(b) Data elements involved, including any PII, such as full name, social security number, date of birth, home address, account number, disability code;
(3) Number of individuals affected or potentially affected;
(4) Names of individuals or groups affected or potentially affected;
(5) Ease of logical data access to the lost, stolen or improperly accessed data in light of the degree of protection for the data, e.g., unencrypted, plain text;
(6) Amount of time the data has been out of VA control;
(7) The likelihood that the sensitive personal information will or has been compromised (made accessible to and usable by unauthorized persons); VA information, obtain monetary or other
(8) Known misuses of data containing sensitive personal information, if any;
(9) Assessment of the potential harm to the affected individuals;
(10) Data breach analysis as outlined in 6500.2 Handbook, Management of Security and
Privacy Incidents, as appropriate; and
(11) Whether credit protection services may assist record subjects in avoiding or mitigating the results of identity theft based on the sensitive personal information that may have been compromised.
d. Based on the determinations of the independent risk analysis, the contractor shall be responsible for paying to the VA liquidated damages in the amount of $37.50 per affected individual to cover the cost of providing credit protection services to affected individuals
consisting of the following:
(1) Notification;
(2) One year of credit monitoring services consisting of automatic daily monitoring of at least
3 relevant credit bureau reports;
(3) Data breach analysis;
(4) Fraud resolution services, including writing dispute letters, initiating fraud alerts and credit freezes, to assist affected individuals to bring matters to resolution;
(5) One year of identity theft insurance with $20,000.00 coverage at $0 deductible; and
(6) Necessary legal expenses the subjects may incur to repair falsified or damaged credit records, histories, or financial affairs.
8.6 CONFIDENTIALITY AND NONDISCLOSURE
It is agreed that:
a. The preliminary and final deliverables and all associated working papers, application source code, and other material deemed relevant by the VA which have been generated by the contractor in the performance of this task order are the exclusive property of the U.S. Government and shall be submitted to the CO at the conclusion of the task order.
b. The CO will be the sole authorized official to release verbally or in writing, any data, the draft deliverables, the final deliverables, or any other written or printed materials pertaining to this task order. No information shall be released by the contractor. Any request for information relating to this task order presented to the contractor shall be submitted to the CO for response.
c. Press releases, marketing material or any other printed or electronic documentation related to this project, shall not be publicized without the written approval of the CO.
8.7 REFERENCE (S):
1. VA Affairs Handbook 6500, Risk Management Framework for VA Information Systems Tier 3: VA Information Security Program, 10 Mar 2015.
2. Veterans Health Administration Procurement Manual (VHA PM) 11/3/2014.
3. VA Handbook 1901.01, Health Information Management and Health Records 19 Mar 15.
4. VHA Handbook 1605.5, Business Associate Agreements 22 July 2014
5. Memo: VA Maintenance/Installation (Warranty) Contracts (VAIQ 7058822), 24 Mar 2011.
6. VA Directive 0735, Homeland Security Presidential Directive 12 (HSPD-12) Program, dated February 17, 2011.
7. Veterans Affairs Handbook 6500.6 Contract Security, 12 Mar 2010.
8. Health Insurance Portability & Accountability Act (HIPAA) Privacy Rule (See 45 CRF 164, 502(a)(1).
9. VA Directive 0710, Personnel Security and Suitability Program, dated June 4, 2010.
10. VA Directive 6066, Protected Health Information.
11. Privacy Act of 1974 (5 U.S.C. 552a).
12. Homeland Security Presidential Directive (HSPD-12),
13. Federal Information Processing Standards Publication (FIPS) 201, Personal Identity Verification (PIV) of Federal Employees and Contractors, dated Feb 25, 2005, amended by FIPS 201-1, March 2006.
14. Social Security Act (42 U.S.C. § 1395x(u)): Health care and other related services, as mentioned in HIPAA regulations, are defined in detail under Section 1861(s) http://www.ssa.gov/OP_Home/ssact/title18/1861.htm.
15. VA Directive 6512, Secure Wireless Technology, dated 4 Nov 2009
