Inactive Total Small Business Set-Aside (FAR 19.5)

Section A - Solicitation/Contract Form CONTRACTOR INFORMATION TIN: CAGE: DUNS: Vendor Point of Contact: Phone: Email: Billing/Payment in Arrears. Naval Medical Center Contracting POC: Harold Woodley P... Section A - Solicitation/Contract Form CONTRACTOR INFORMATION TIN: CAGE: DUNS: Vendor Point of Contact: Phone: Email: Billing/Payment in Arrears. Naval Medical Center Contracting POC: Harold Woodley Phone: 757-953-7276 Fax: 757-953-5006 Email: harold.d.woodley.civ@mail.mil Product/Services for: Naval Medical Center Portsmouth, Simulation Center POC: Phone: Email: Vendor to reference RFQ N0018320Q0030 on all inquires. Note: Vendor will be required to provide billing electronically via the WAWF Electronic Invoicing Method. For additional information, a review of the following web sites may be required: https://wawf.eb.mil http://wawftraining Email: usn.detrick.navmedlogcomftdmd.list.nmlc-wawf@mail.mil PROMPT PAYMENT For Prompt Payment Act Purposes, this contract is: Subject to the 7-calender day constructive acceptance period. Vendor note: Government to award on an "all-or-none" basis. Award to be best value based upon past performance and price. Vendor past performance shall include the delivery of same or similar service for the items as described in Section B of the RFQ. Vendor quote to be inclusive of all parts, labor and travel AVAILABILITY OF FUNDS. Pursuant to Section I, Availability of Funds (FAR 52.232-18), of the contract, funds are not presently available for this contract. The Government’s obligation under this contract is contingent upon the availability of appropriated funds from which payment for contract purposes can be made. No legal liability on the part of the Government for any payment may arise until funds are made available to the Contracting Officer for this contract and until the Contractor receives notice of such availability, to be confirmed in writing to the Contracting Officer. Section B - Supplies or Services and Prices ITEM NO SUPPLIES/SERVICES QUANTITY UNIT UNIT PRICE AMOUNT 0001 ? 1 Each Recurring Annual Support FFP SimCapture Tier 1. See Section C for Performance Work Statement. FOB: Destination MILSTRIP: N0018320RCBT017 PURCHASE REQUEST NUMBER: N0018320RCBT017 PSC CD: J065 ?? ???? NET AMT ?? Section C - Descriptions and Specifications PERFORMANCE WORK STATEMENT PERFORMANCE WORK STATEMENT SimCapture Audio/Video System Simulation Center Vendor shall provide full maintenance support for the items listed in Section B. This contract shall provide for maintenance services which include on-site corrective repairs, normal working hour coverage (8:30 A.M. to 5:00) P.M. Monday through Friday excluding Federal Holidays) and routine preventive maintenance services to Department of Defense owned equipment, as listed on the: DD Form 1155 "Order for Supplies or Services". It shall include all systems, subsystem components, and assemblies, (i.e.: contractor responsible for total maintenance of entire system). All maintenance provisions shall apply to hardware, firmware, and software, as appropriate, unless otherwise stated. Vendor allowed to make repairs off-site. In the event of off-site repair, vendor will be responsible to arrange / pay for shipping both ways (to vendor & return to NMCP). Onsite repairs are to be responded to within 24 hour of service calls being placed to the vendor. General a. The Contractor shall comply with Federal, State, and Local Laws, plus any Federal Regulations as applicable to the performance of this contract. b. The Contractor shall not accept any instructions issued by any person employed by the U. S. Government, other than: the Contracting Officer (KO), all acting within the limits of their authority. c. The Contractor shall be qualified / authorized by the Original Equipment Manufacturer (OEM) in the repair of all equipment listed within this contract. Contractor shall maintain qualifications throughout entire contract period. Qualification includes but not limited to the certification of all repair persons and repair facilities by the OEM as being trained / qualified to perform required repairs. The Government shall maintain the right to seek proof of qualification prior to award and anytime during contract period of performance. Scope of Work a. The Contractor shall provide trained, experienced, English speaking personnel, labor, tools, diagnostic equipment, software, test phantoms, material, supplies, transportation, parts and equipment necessary to perform Preventive Maintenance (PM), Calibration (CAL), Safety testing (ST) and corrective maintenance. b. The Contractor shall provide telephonic communications with the Government to discuss technical matters relating to the performance of this contract. A systems operator will be made available to answer technical questions regarding system operations and applications. c. Equipment listed in this contract will be maintained to meet the original equipment manufacturer’s (OEM’s) specifications. d. Equipment and associated components shall be serviced as listed on: DD Form 1155, "Order for Supplies or Services". e. The Contractor Point of Contact (POC). The Contractor shall provide the name and telephone number of a primary and alternate English-speaking individual to act as their representative for the scheduling and coordination of service calls, and to be responsible for the coordination of the contract with the Government. Government furnished property, Materials and Services. a. The government certifies that the equipment to be maintained under this contract will be in good operating condition on the effective date of this contract. For the purpose of this contract, the clause, "good operating condition" means the conditions necessary for the equipment to function as intended without corrective maintenance. The Contractor agrees to leave the equipment in good operating condition at the expiration of this contract. During the final week of this contract, the Government will make final inspection of the equipment. Any correction of deficiencies noted during this inspection shall be resolved prior to contract end. The Government reserves the right to request the repair (at no additional cost to the Government) of items identified with latten defects after contract termination, when it has been determined that defects either are a result of contractor’s performance or should have been discovered during normal performance of work under this contract. b. The government will be responsible for maintaining the proper environment, including utilities and site requirements necessary for the system to function properly as specified by the OEM. c. The Government will operate the system in accordance with the instruction manual provided by the OEM. d. The Government will not be responsible for the damage or loss due to fire, theft, accident, or other disaster of Contractor supplies, materials, or for the personal belongings brought onto Government property by Contractor’s personnel. Contractor Furnished Property and Material. a. The Contractor shall provide all service literature, reference publications, laptop computers and diagnostic software to be used by the contractor service technicians and as required for the completion of the services in accordance with this contract. Replacement Parts. a. The Contractor shall have ready access to unique and/or high mortality replacement parts. All parts supplied shall be compatible with the existing system. In the event that replacements parts are required to be shipped. Shipping shall be performed in the fastest reasonable means possible (i.e., next day air) at no additional cost to the Government. b. The Contractor shall at their expense, replace all worn or defective parts necessary to restore the equipment to 100% operational condition as specified by the OEM. c. Contractor installed replacement parts shall become the property of the Government and the replaced malfunctioning part shall become the property of the Contractor. Replaced items shall be properly disposed of at no additional cost to the Government (contractor to pay all "environmental fees" where required). d. Freight, postage, and storage charges associated with shipment and receipt of replacement parts, and the return of parts shall be the responsibility of the Contractor. e. All replacement parts shall be new and certified as OEM replacement parts. In the event that new parts are not available, rebuilt parts and sub-assemblies are allowed provided that they are warranted to be free of defects for a period of time that meets or exceeds warranties of similar replacement parts. CONTRACTOR UNCLASSIFIED ACCESS Contractor Unclassified Access to Federally Controlled Facilities, Sensitive Information, Information Technology (IT) Systems or Protected Health Information (Jan 2017) Homeland Security Presidential Directive (HSPD)-12, requires government agencies to develop and implement Federal security standards for Federal employees and contractors. The Deputy Secretary of Defense Directive-Type Memorandum (DTM) 08-006 – "DoD Implementation of Homeland Security Presidential Directive – 12 (HSPD-12)" dated November 26, 2008 (or its subsequent DoD instruction) directs implementation of HSPD-12. This clause is in accordance with HSPD-12 and its implementing directives. APPLICABILITY This text applies to contractor employees requiring physical access to any area of a federally controlled base, facility or activity and/or requiring access to a DoN or DoD computer/network/system to perform certain unclassified sensitive duties. This clause also applies to contractor employees who access Privacy Act and Protected Health Information, provide support associated with fiduciary duties, or perform duties that have been identified as National Security Position, as advised by the command security manager. It is the responsibility of the responsible security officer of the command/facility where the work is performed to ensure compliance. Each contractor employee providing services at a Navy Command under this contract is required to obtain a Department of Defense Common Access Card (DoD CAC). Additionally, depending on the level of computer/network access, the contract employee will require a successful investigation as detailed below. ACCESS TO FEDERAL FACILITIES Per HSPD-12 and implementing guidance, all contractor employees working at a federally controlled base, facility or activity under this clause will require a DoD CAC. When access to a base, facility or activity is required contractor employees shall in-process with the Command’s Security Manager upon arrival to the Command and shall out-process prior to their departure at the completion of the individual’s performance under the contract. ACCESS TO DOD IT SYSTEMS In accordance with SECNAV M-5510.30, contractor employees who require access to DoN or DoD networks are categorized as IT-I, IT-II, or IT-III. The IT-II level, defined in detail in SECNAV M-5510.30, includes positions which require access to information protected under the Privacy Act, to include Protected Health Information (PHI). All contractor employees under this contract who require access to Privacy Act protected information are therefore categorized no lower than IT-II. IT Levels are determined by the requiring activity’s Command Information Assurance Manager. Contractor employees requiring privileged or IT-I level access, (when specified by the terms of the contract) require a Single Scope Background Investigation (SSBI) or T5 or T5R equivalent investigation , which is a higher level investigation than the National Agency Check with Law and Credit (NACLC)/T3/T3R described below. Due to the privileged system access, an investigation suitable for High Risk national security positions is required. Individuals who have access to system control, monitoring, or administration functions (e.g. system administrator, database administrator) require training and certification to Information Assurance Technical Level 1, and must be trained and certified on the Operating System or Computing Environment they are required to maintain. Access to sensitive IT systems is contingent upon a favorably adjudicated background investigation. When access to IT systems is required for performance of the contractor employee’s duties, such employees shall in-process with the Navy Command’s Security Manager and Information Assurance Manager upon arrival to the Navy command and shall out-process prior to their departure at the completion of the individual’s performance under the contract. Completion and approval of a System Authorization Access Request Navy (SAAR-N) form is required for all individuals accessing Navy Information Technology resources. The decision to authorize access to a government IT system/network is inherently governmental. The contractor supervisor is not authorized to sign the SAAR-N; therefore, the government employee with knowledge of the system/network access required or the COR shall sign the SAAR-N as the "supervisor". The SAAR-N shall be forwarded to the Command’s Security Manager at least 30 days prior to the individual’s start date. Failure to provide the required documentation at least 30 days prior to the individual’s start date may result in delaying the individual’s start date. When required to maintain access to required IT systems or networks, the contractor shall ensure that all employees requiring access complete annual Information Assurance (IA) training, and maintain a current requisite background investigation. The Contractor’s Security Representative shall contact the Command Security Manager for guidance when reinvestigations are required. ? INTERIM ACCESS The Command's Security Manager may authorize issuance of a DoD CAC and interim access to a DoN or DoD unclassified computer/network upon a favorable review of the investigative questionnaire and advance favorable fingerprint results. When the results of the investigation are received and a favorable determination is not made, the contractor employee working on the contract under interim access will be denied access to the computer network and this denial will not relieve the contractor of his/her responsibility to perform. DENIAL OR TERMINATION OF ACCESS The potential consequences of any requirement under this clause including denial or termination of physical or system access in no way relieves the contractor from the requirement to execute performance under the contract within the timeframes specified in the contract. Contractors shall plan ahead in processing their employees and subcontractor employees. The contractor shall insert this clause in all subcontracts when the subcontractor is permitted to have unclassified access to a federally controlled facility, federally-controlled information system/network and/or to government information, meaning information not authorized for public release. CONTRACTOR’S SECURITY REPRESENTATIVE The contractor shall designate an employee to serve as the Contractor’s Security Representative. Within three work days after contract award, the contractor shall provide to the requiring activity’s Security Manager and the Contracting Officer, in writing, the name, title, address and phone number for the Contractor’s Security Representative. The Contractor’s Security Representative shall be the primary point of contact on any security matter. The Contractor’s Security Representative shall not be replaced or removed without prior notice to the Contracting Officer and Command Security Manager. BACKGROUND INVESTIGATION REQUIREMENTS AND SECURITY APPROVAL PROCESS FOR CONTRACTORS ASSIGNED TO NATIONAL SECURITY POSITIONS OR PERFORMING SENSITIVE DUTIES Navy security policy requires that all positions be given a sensitivity value based on level of risk factors to ensure appropriate protective measures are applied. Contractor employees under this contract are recognized as Non-Critical Sensitive [ADP/IT-II] positions when the contract scope of work require physical access to a federally controlled base, facility or activity and/or requiring access to a DoD computer/network, to perform unclassified sensitive duties. This designation is also applied to contractor employees who access Privacy Act and Protected Health Information (PHI), provide support associated with fiduciary duties, or perform duties that have been identified as National Security Positions. At a minimum, each contractor employee must be a US citizen and have a favorably completed NACLC or T3 or T3R equivalent investigation to obtain a favorable determination for assignment to a non-critical sensitive or IT-II position. The investigation consists of a standard NAC and a FBI fingerprint check plus law enforcement checks and credit check. Each contractor employee filling a non-critical sensitive or IT-II position is required to complete: • SF-86 Questionnaire for National Security Positions (or equivalent OPM investigative product) • Two FD-258 Applicant Fingerprint Cards (or an electronic fingerprint submission) • Original Signed Release Statements Failure to provide the required documentation at least 30 days prior to the individual’s start date shall result in delaying the individual’s start date. Background investigations shall be reinitiated as required to ensure investigations remain current (not older than 10 years) throughout the contract performance period. The Contractor’s Security Representative shall contact the Command Security Manager for guidance when reinvestigations are required. Regardless of their duties or IT access requirements ALL contractor employees shall in-process with the Command’s Security Manager upon arrival to the command and shall out-process prior to their departure at the completion of the individual’s performance under the contract. Employees requiring IT access shall also check-in and check-out with the Navy Command’s Information Assurance Manager. Completion and approval of a System Authorization Access Request Navy (SAAR-N) form is required for all individuals accessing Navy Information Technology resources. The SAAR-N shall be forwarded to the Navy Command’s Security Manager at least 30 days prior to the individual’s start date. Failure to provide the required documentation at least 30 days prior to the individual’s start date shall result in delaying the individual’s start date. The contractor shall ensure that each contract employee requiring access to IT systems or networks complete annual Information Assurance (IA) training, and maintain a current requisite background investigation. Contractor employees shall accurately complete the required investigative forms prior to submission to the Command Security Manager. The Command’s Security Manager will review the submitted documentation for completeness prior to submitting it to the Office of Personnel Management (OPM); Potential suitability or security issues identified may render the contractor employee ineligible for the assignment. An unfavorable determination is final (subject to SF-86 appeal procedures) and such a determination does not relieve the contractor from meeting any contractual obligation under the contract. The Command’s Security Manager will forward the required forms to OPM for processing. Once the investigation is complete, the results will be forwarded by OPM to the DoD Central Adjudication Facility (CAF) for a determination. If the contractor employee already possesses a current favorably adjudicated investigation, the contractor shall submit a Visit Authorization Request (VAR) via the Joint Personnel Adjudication System (JPAS) or a hard copy VAR directly from the contractor’s Security Representative. Although the contractor will take JPAS "Owning" role over the contractor employee, the Command will take JPAS "Servicing" role over the contractor employee during the hiring process and for the duration of assignment under that contract. The contractor shall include the IT Position Category per SECNAV M-5510.30 for each employee designated on a VAR. The VAR requires annual renewal for the duration of the employee’s performance under the contract. ? NMCARS NMCARS 5237.102-90 Enterprise-wide Contractor Manpower Reporting Application (ECMRA) The contractor shall report contractor labor hours (including subcontractor labor hours) required for performance of services provided under this contract for Naval Medical Center, Portsmouth via a secure data collection site. Contracted services excluded from reporting are based on Product Service Codes (PSCs). The excluded PSCs are: (1) W, Lease/Rental of Equipment; (2) X, Lease/Rental of Facilities; (3) Y, Construction of Structures and Facilities; (4) D, Automatic Data Processing and Telecommunications, IT and Telecom- Telecommunications Transmission (D304) and Internet (D322) ONLY; (5) S, Utilities ONLY; (6) V, Freight and Shipping ONLY. The contractor is required to completely fill in all required data fields using the following web address https://www.ecmra.mil. Reporting inputs will be for the labor executed during the period of performance during each Government fiscal year (FY), which runs October 1 through September 30. While inputs may be reported any time during the FY, all data shall be reported no later than October 31 of each calendar year. Contractors may direct questions to the help desk, linked at https://www.ecmra.mil. (End of Text) Section E - Inspection and Acceptance ? ? INSPECTION AND ACCEPTANCE TERMS Supplies/services will be inspected/accepted at: CLIN INSPECT AT INSPECT BY ACCEPT AT ACCEPT BY 0001 Destination Government Destination Government Section F - Deliveries or Performance ? ? ? DELIVERY INFORMATION CLIN DELIVERY DATE QUANTITY SHIP TO ADDRESS DODAAC / CAGE 0001 POP 30-JUN-2020 TO 29-JUN-2021 N/A NAVAL MEDICAL CENTER SIMULATION CENTER 620 JOHN PAUL JONES CIRCLE BLDG 3 PORTSMOUTH VA 23708-2197 757-953-5839 FOB: Destination N00183 CLAUSES INCORPORATED BY REFERENCE ? 52.242-15 Stop-Work Order AUG 1989 ? DOCK DELIVERY Naval Medical Center Portsmouth (NMCP) Receiving Dock Hours of Operation: NMCP Receiving Dock is open Monday through Friday 0700 to 1600 (7:00 a.m. to 4:00 p.m.). excluding federal holidays. Receiving personnel may be reached at 757-953-5770. Section G - Contract Administration Data CLAUSES INCORPORATED BY FULL TEXT 252.232-7006 WIDE AREA WORKFLOW PAYMENT INSTRUCTIONS (DEC 2018) (a) Definitions. As used in this clause— "Department of Defense Activity Address Code (DoDAAC)" is a six position code that uniquely identifies a unit, activity, or organization. "Document type" means the type of payment request or receiving report available for creation in Wide Area WorkFlow (WAWF). "Local processing office (LPO)" is the office responsible for payment certification when payment certification is done external to the entitlement system. "Payment request" and "receiving report" are defined in the clause at 252.232-7003, Electronic Submission of Payment Requests and Receiving Reports. (b) Electronic invoicing. The WAWF system provides the method to electronically process vendor payment requests and receiving reports, as authorized by Defense Federal Acquisition Regulation Supplement (DFARS) 252.232-7003, Electronic Submission of Payment Requests and Receiving Reports. (c) WAWF access. To access WAWF, the Contractor shall— (1) Have a designated electronic business point of contact in the System for Award Management at https://www.sam.gov; and (2) Be registered to use WAWF at https://wawf.eb.mil/ following the step-by-step procedures for self-registration available at this web site. (d) WAWF training. The Contractor should follow the training instructions of the WAWF Web-Based Training Course and use the Practice Training Site before submitting payment requests through WAWF. Both can be accessed by selecting the "Web Based Training" link on the WAWF home page at https://wawf.eb.mil/. (e) WAWF methods of document submission. Document submissions may be via web entry, Electronic Data Interchange, or File Transfer Protocol. (f) WAWF payment instructions. The Contractor shall use the following information when submitting payment requests and receiving reports in WAWF for this contract or task or delivery order: (1) Document type. The Contractor shall submit payment requests using the following document type(s): (i) For cost-type line items, including labor-hour or time-and-materials, submit a cost voucher. (ii) For fixed price line items— (A) That require shipment of a deliverable, submit the invoice and receiving report specified by the Contracting Officer. ____________________________________________________________ (Contracting Officer: Insert applicable invoice and receiving report document type(s) for fixed price line items that require shipment of a deliverable.) (B) For services that do not require shipment of a deliverable, submit either the Invoice 2in1, which meets the requirements for the invoice and receiving report, or the applicable invoice and receiving report, as specified by the Contracting Officer. ____________Invoice_2 in 1 Service ______________________________________________ (Contracting Officer: Insert either "Invoice 2in1" or the applicable invoice and receiving report document type(s) for fixed price line items for services.) (iii) For customary progress payments based on costs incurred, submit a progress payment request. (iv) For performance based payments, submit a performance based payment request. (v) For commercial item financing, submit a commercial item financing request. (2) Fast Pay requests are only permitted when Federal Acquisition Regulation (FAR) 52.213-1 is included in the contract. [Note: The Contractor may use a WAWF "combo" document type to create some combinations of invoice and receiving report in one step.] (3) Document routing. The Contractor shall use the information in the Routing Data Table below only to fill in applicable fields in WAWF when creating payment requests and receiving reports in the system. Routing Data Table* Field Name in WAWF Data to be entered in WAWF Pay Official DoDAAC ?HQ0248 Issue By DoDAAC ?N00183 Admin DoDAAC** ?N00183 Inspect By DoDAAC ?N/A Ship To Code ?N/A Ship From Code ?N/A Mark For Code ?N/A Service Approver (DoDAAC) ?N/A Service Acceptor (DoDAAC) ?N00183 Accept at Other DoDAAC ?N/A LPO DoDAAC ?N00183 DCAA Auditor DoDAAC ?N/A Other DoDAAC(s) N/A ? (*Contracting Officer: Insert applicable DoDAAC information. If multiple ship to/acceptance locations apply, insert "See Schedule" or "Not applicable.") (**Contracting Officer: If the contract provides for progress payments or performance-based payments, insert the DoDAAC for the contract administration office assigned the functions under FAR 42.302(a)(13).) (4) Payment request. The Contractor shall ensure a payment request includes documentation appropriate to the type of payment request in accordance with the payment clause, contract financing clause, or Federal Acquisition Regulation 52.216-7, Allowable Cost and Payment, as applicable. (5) Receiving report. The Contractor shall ensure a receiving report meets the requirements of DFARS Appendix F. (g) WAWF point of contact. (1) The Contractor may obtain clarification regarding invoicing in WAWF from the following contracting activity’s WAWF point of contact. _USN.DETRICK.NAVMEDLOGCOMFTDMD.LIST.NMLC-WAWF@MAI.MIL___ (Contracting Officer: Insert applicable information or "Not applicable.") (2) Contact the WAWF helpdesk at 866-618-5988, if assistance is needed. (End of clause) Section H - Special Contract Requirements PRIVACY & SECURITY OF PHI BUSINESS ASSOCIATE AGREEMENT Privacy, Access, Use, and Disclosure of Protected Health Information 1. Introduction. In accordance with 45 C.F.R. §§ 164.502(e)(2) and 164.504(e), and DoDM 6025.18, "Implementation of the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule in DoD Health Care Programs," March 13, 2019, this document serves as a Business Associate Agreement (BAA) between the signatory Parties for purposes of the HIPAA and the "HITECH Act" amendments thereof, as implemented by the HIPAA Rules and DoD HIPAA issuances (both defined below). The Parties are (1) a DoD Military Health System (MHS) component command such as a Navy Medicine Medical Treatment Facility (MTF) (Naval Medical center or Naval hospital), or special mission command (research, public health, other), acting as a HIPAA covered entity, and (2) another Federal or Government organization, civilian academic institution, or other civilian entity, acting as a HIPAA Business Associate (BA). The HIPAA Rules require BAAs between covered entities and BAs. Implementing this BAA requirement, the applicable DoD HIPAA issuances (DoDM 6025.18) provides that requirements applicable to BAs must be incorporated (or incorporated by reference) into the contract or agreement between the Parties. 2. Definitions: a. Terms. Except as provided otherwise in this BAA, the following terms used in this BAA shall have the same meaning as those terms in the DoD HIPAA Rules (DoDM6025.18-): Data aggregation, designated record set, disclosure, health care operations, individual, minimum necessary, notice of privacy practices, protected health information (PHI), required by law, secretary, security incident, subcontractor, unsecured PHI, and use. b. Breach. means actual or possible loss of control, unauthorized disclosure of or unauthorized access to PHI or other Personally Identifiable Information (PII) (which may include, but is not limited to PHI), where persons other than authorized users gain access or potential access to such information for any purpose other than authorized purposes, where one or more individuals will be adversely affected. The foregoing definition is based on the definition of "Breach" in DoD Privacy Act issuances as defined herein. c. BA. shall generally have the same meaning as the term "BA" in the DoD HIPAA issuances, and in reference to this BAA, shall mean the entity (another Government organization, civilian academic institution, or other civilian organization), entering into agreement with a Navy Medicine MTF or special mission command. d. Agreement. means this BAA together with the documents or other arrangements under which the BA signatory performs services involving access to PHI on behalf of the MHS component signatory to this BAA. e. Covered Entity. shall generally have the same meaning as the term "covered entity" in the DoD HIPAA issuances, and in reference to this BAA, shall mean a Navy Medicine MTF or special mission command under the Bureau of Medicine and Surgery. f. DHA Privacy Office. means the Defense Health Agency (DHA) Privacy and Civil Liberties Office. The DHA Privacy Office Director is the HIPAA Privacy and Security Officer for DHA, including the National Capital Region Medical Directorate. g. DoD HIPAA Issuances. means the DoD issuances implementing the HIPAA Rules in the DoD MHS. These issuances are DoDM 6025.18 Implementation of the HIPAA Privacy Rule in DoD Health Care Programs," March 13, 2019; DoD Instruction 6025.18, Privacy of Individually Identifiable Health Information in DoD Health Care Programs of December 2009, and DoD Instruction 8580.02, Security of Individually Identifiable Health Information in DoD Health Care Programs of August 2015. h. DoD Privacy Act Issuances. means the DoD issuances implementing the Privacy Act, which are DoD Directive 5400.11, DoD Privacy Program of 29 October 2014, and DoD 5400.11-R, Department of Defense Privacy Program of 8 May 2007. i. HIPAA Rules. means, collectively, the HIPAA privacy, security, breach and enforcement rules, issued by the United States (US) Department of Health and Human Services (HHS) and codified at 45 C.F.R. §§ 160 and 164, Subpart E (Privacy), Subpart C (Security), Subpart D (Breach) and 45 C.F.R. § 160, Subparts C-D (Enforcement), as amended by the 2013 modifications to those Rules which implemented the "HITECH Act" provisions of Publication L. 111-5. See 78 Federal Regulation 5566-5702 of 25 January 2013 (with corrections at 78 Federal Regulation 32464 of 7 June 2013. Additi...