Inactive

. General Information Document Type: Combined Solicitation/Synopsis Solicitation Number: 36C26120Q0394 Posted Date: 26 February 2019 Original Response Date/Time: 28 February 2019 / 1:00PM PST Current ... . General Information Document Type: Combined Solicitation/Synopsis Solicitation Number: 36C26120Q0394 Posted Date: 26 February 2019 Original Response Date/Time: 28 February 2019 / 1:00PM PST Current Response Date: 28 February 2019 / 1:00PM PST Product or Service Code: J065 Set Aside: None NAICS Code: 811219 Contracting Office Address VA Southern Nevada Healthcare System 6900 N. Pecos Road, Building 6 North Las Vegas, NV 89086 Description This is a combined synopsis/solicitation for commercial items prepared in accordance with the format in Federal Acquisition Regulation (FAR) subpart 12.6, and Part 13, as supplemented with additional information included in this notice. This announcement constitutes the only solicitation; quotations are being requested, and a written solicitation document will not be issued. This solicitation is a request for quotations (RFQ). The solicitation document and incorporated provisions and clauses are those in effect through Federal Acquisition Circular 2020-04, dated 1-15-2020. The associated North American Industrial Classification System (NAICS) code for this procurement is 811219, with a small business size standard of $22.0M. The Department of Veteran Affairs Sierra Nevada Health Care System (VASNHCS) is seeking to negotiate a sole source award to, Carestream Health Inc. for equipment maintenance and service support of the Carestream DRX-Revolution Mobile X-Ray system and Digital Detectors. Evaluation of Options: Except when it is determined in accordance with FAR 17.206(b) not to be in the Government s best interests, the Government will evaluate offers for award purposes by adding the total price for all options to the total price for the basic requirement. Service requirement is stated for the following: Services Line Item Description Qty Unit Unit Price Total Price 0001 Service Agreement for Carestream DRX-Revolution Mobile X-Ray systems (Base Period) 12 Months 1001 Service Agreement for Carestream DRX-Revolution Mobile X-Ray systems (Option Period 1) 12 Months 2001 Service Agreement for Carestream DRX-Revolution Mobile X-Ray systems (Option Period 2) 12 Months Statement of Work Section I BACKGROUND: Contract maintenance services are required to service the medical equipment/support systems listed in Section 4 of this document. There are no VA employees currently trained or qualified to perform this work. DESCRIPTION AND SCOPE OF WORK: The contractor shall furnish a parts only contract to include support labor at preferred rates, technical support, proprietary diagnostic software, detector accident protection and expertise necessary to support calibration and repair of four Carestream DRX SYSTEMS of the Carestream DRX Revolution X-ray systems with Digital Detectors at VA Sierra Nevada Health Care System (VASNHCS) located at 975 Kirman Ave, Reno, NV 89502. Description of system and options to be covered under this service agreement: Description Model# Serial # Manufacturer Portable X-ray DRX Revolution 632 Carestream Portable X-ray DRX Revolution 634 Carestream Portable X-ray DRX Revolution 635 Carestream Portable X-ray DRX Revolution 636 Carestream Detector DRX-1C 134300138935 Carestream Detector DRX-1C 153100144204 Carestream Detector DRX-1c 132700138064 Carestream Detector DRX-1C 143100141403 Carestream DELIVERABLES SCHEDULE Contractor response times for repair calls: Initial telephone response will be 30 minutes or less. If the contractor s telephones are not answered by technical personnel, a technical maintenance representative will respond by telephone to VASNHCS within one hour of receiving a service call. CONTRACTOR RESOURCE REQUIREMENTS & QUALIFICATIONS Service providers must have been engaged in maintaining/ servicing the equipment listed in Paragraph 4. Due to the criticality of the X-ray Systems, the contracted vendor must have a field service representative located in the Reno, NV area who has received maintenance training specific to the models of equipment listed in paragraph 4. Field service representatives must provide, upon request, evidence of appropriate training for the equipment they are servicing. Subcontracting of maintenance services will not be allowed without coordination with the contracting officer s technical representative (COTR) and written permission of the Contracting Officer. The service contractor will maintain a sufficient parts inventory to keep equipment downtime to a minimum. The inventory will be replenished as needed to support the services outlined on this statement of work. Parts replaced by the contractor become property of the contractor unless required to be maintained by VASNHCS due to on-going evaluation of equipment/system identified on incident report or sentinel event. Contractor will provide the necessary manpower and supervision to properly execute the maintenance and repair program. Only manufacturer approved factory service parts shall be used. Contractor must have legal access to OEM proprietary diagnostic software. PERFORMANCE STANDARDS AND QUALITY ASSURANCE Service contractor must furnish all proprietary tools and materials (e.g., service manuals, diagnostic software, etc.) required to maintain the equipment to manufacturer s operational specifications. Service contractor to provide the latest software updates when made available by the equipment manufacturer. These upgrades include; operating system software, basic application software and software options purchased with the equipment. Service documentation - A documentation package acceptable for JCAHO purposes will be maintained by the contractor and made available to VASNHCS. Required documentation includes: Service Histories. The contractor will maintain a permanent record of service histories for equipment listed in Section 4. Documentation of unscheduled repairs: - At the conclusion of each repair and scheduled maintenance visit the contractor will provide a written service report indicating the date of service, the model, serial number and location of equipment serviced, the name of the representative, and the services performed and parts replaced. The reports will be delivered to the Biomedical Engineering Office, located at 975 Kirman Avenue, Reno, NV. The office is located in Building 1, Room 366-1. Service contractor will provide all services necessary to provide timely corrective action on all manufacturer hazard alerts/recall notices. GOVERNMENT REPRESENTATIVE, SUPPORT, REPORTING AND COMMUNICATIONS All services will be performed during normal VA business hours, 7:30 AM - 4:00 PM, Monday Friday, except Federal Holidays. Contractor may work outside normal business hours by arrangement with Biomedical Engineering if such services are provided without additional charge to the government, or if after-hours service is a service covered under the contractor s maintenance agreement. Contractor may also work outside of normal business hours if a request for services outside of the scope of this contract is coordinated with Biomedical Engineering. VASNHCS Biomedical Engineering will work with the service contractor to provide a designated area for the purpose of servicing the equipment listed in Section 4. In most cases work will be performed in the area where the equipment is used for patient care. Inventory changes: - Equipment may be added or deleted from the service contract as needed upon notification by the contracting officer (to be documented in writing via contract amendment). Pricing of added equipment will be the same unit price as established for the same model anesthesia system in contractor s original bid, or by agreement of contractor and contracting officer if additional equipment is a model which is not already covered by contract terms. Deleted equipment will be credited in the full amount if deleted before any maintenance or repair has been performed on it. LOCATION OF WORK AND TRAVEL Contractor Check-In: - The contractor s representative will contact Biomedical Engineering at (775)784-3940 prior to performing any maintenance services. Work to be performed will be at the place of equipment use in the locations indicated below: VA Sierra Nevada Health Care System Main campus located at 975 Kirman Avenue, Reno, NV INSURANCE/WARRANTIES Service contractor guarantees that the system image is of diagnostic quality after each completed service visit. The expectation is that the service contractor will provide the industry standard 90 day warranty for repairs/services. Section II 1. CONTRACTOR PERSONNEL SECURITY REQUIREMENTS 1.1 All contractor employees and subcontractors working with sensitive VA information are subject to the same investigative requirements as those of regular VA appointees or employees who have access to the same type of data or information. These personnel shall be the subject of a background investigation and must receive a favorable adjudication from the VA Office of Security and Law Enforcement prior to contract performance. This requirement is applicable to all subcontractor personnel requiring the same access. If the investigation is not completed prior to the start date of the contract, the prime contractor will be responsible for the actions of those individuals they provide to perform work for VA. 1.2 Position Sensitivity - The position sensitivity shall be as designated by the VA Sponsor or COR assigned to the contract. Most investigations required are Low Risk although some key positions may be designated at higher levels. The risk level designations for public trust positions and the corresponding background investigation levels are defined in VA Directive 0710. 1.3 Performance - Contract performance shall not commence prior to confirmation from the SIC that the investigative documents have been submitted. The VA Security and Investigation Center (SIC) will notify the VA Contracting Officer, VA Sponsor (COR), and the contractor upon receipt of the appropriate investigative documents. 1.4 Contractor Responsibilities - The contractor shall complete the required documents for each individual and provide a copy to the COR and the contracting officer within five days of contract award. The information is necessary for the contracting officer or designee to initiate the investigation with the VA Security and Investigation Center (SIC) in a Contractor Request Database (CRD). Email contact information must be provided for the prime contractor point of contact responsible for ensuring completion of this contract requirement. Failure to provide this information to the COR could result in the forms being returned by the SIC. 1.5 The contractor shall submit or have their employees submit directly to the VA Security and Investigation Center (SIC) the necessary forms as instructed via an email from the CRD relative to the level of background investigation requested. Contractors shall be informed of due dates to complete all portions of the investigative package. Reminder notifications will be sent if the complete package is not submitted by the due date. The contractor shall prescreen all personnel requiring access to the computer systems to ensure they are able to read, write, speak, and understand the English language. The contractor shall inform the contract employee that when filling out Standard Form 85, that there should be no gaps in employment history. Any gaps in employment history on Standard Form 85or 85P may result in the SIC rejecting the documentation for investigation. The SIC provides a help desk and necessary forms via the VA forms web site, http://www.va.gov/vaforms/search_action.asp: Contractor shall submit the following required forms to the VA Office of Security and Law Enforcement within 30 days of receipt: Standard Form 85P, Questionnaire for Public Trust Positions Standard Form 85P-S, Supplemental Questionnaire for Selected Positions VA Form 0710, Authority for Release of Information Form Optional Form 306, Declaration for Federal Employment Optional Form 612, Optional Application for Federal Employment FFD258 U.S. Department of Justice Fingerprint Applicant Chart 1.6 Contractors who have a current favorable background investigation conducted by another Federal agency may be accepted through reciprocation. Members of the SIC staff will coordinate verification of existing favorable background investigations. 1.7 Failure to comply with the contractor personnel security requirements may result in termination of the contract for default. 2. ACCESS TO VA INFORMATION AND VA INFORMATION SYSTEMS 2.1 A contractor/subcontractor shall request logical (technical) or physical access to VA information and VA information systems for their employees, subcontractors, and affiliates only to the extent necessary to perform the services specified in the contract, agreement, or task order. 2.2 All contractors, subcontractors, and third-party servicers and associates working with VA information are subject to the same investigative requirements as those of VA appointees or employees who have access to the same types of information. The level and process of background security investigations for contractors must be in accordance with VA Directive and Handbook 0710, Personnel Suitability and Security Program. The Office for Operations, Security, and Preparedness is responsible for these policies and procedures. 2.3 Contract personnel who require access to national security programs must have a valid security clearance. National Industrial Security Program (NISP) was established by Executive Order 12829 to ensure that cleared U.S. defense industry contract personnel safeguard the classified information in their possession while performing work on contracts, programs, bids, or research and development efforts. The Department of Veterans Affairs does not have a Memorandum of Agreement with Defense Security Service (DSS). Verification of a Security Clearance must be processed through the Special Security Officer located in the Planning and National Security Service within the Office of Operations, Security, and Preparedness. 2.4 Custom software development and outsourced operations must be located in the U.S. to the maximum extent practical. If such services are proposed to be performed abroad and are not disallowed by other VA policy or mandates, the contractor/subcontractor must state where all non-U.S. services are provided and detail a security plan, deemed to be acceptable by VA, specifically to address mitigation of the resulting problems of communication, control, data protection, and so forth. Location within the U.S. may be an evaluation factor. 2.5 The contractor or subcontractor must notify the Contracting Officer immediately when an employee working on a VA system or with access to VA information is reassigned or leaves the contractor or subcontractor s employ. The Contracting Officer must also be notified immediately by the contractor or subcontractor prior to an unfriendly termination. 3. VA INFORMATION CUSTODIAL LANGUAGE 3.1 Information made available to the contractor or subcontractor by VA for the performance or administration of this contract or information developed by the contractor/subcontractor in performance or administration of the contract shall be used only for those purposes and shall not be used in any other way without the prior written agreement of the VA. This clause expressly limits the contractor/subcontractor's rights to use data as described in Rights in Data - General, FAR 52.227-14(d) (1). 3.2 VA information should not be co-mingled, if possible, with any other data on the contractors/subcontractor s information systems or media storage systems in order to ensure VA requirements related to data protection and media sanitization can be met. If co-mingling must be allowed to meet the requirements of the business need, the contractor must ensure that VA s information is returned to the VA or destroyed in accordance with VA s sanitization requirements. VA reserves the right to conduct onsite inspections of contractor and subcontractor IT resources to ensure data security controls, separation of data and job duties, and destruction/media sanitization procedures are in compliance with VA directive requirements. 3.3 Prior to termination or completion of this contract, contractor/subcontractor must not destroy information received from VA, or gathered/created by the contractor in the course of performing this contract without prior written approval by the VA. Any data destruction done on behalf of VA by a contractor/subcontractor must be done in accordance with National Archives and Records Administration (NARA) requirements as outlined in VA Directive 6300, Records and Information Management and its Handbook 6300.1 Records Management Procedures, applicable VA Records Control Schedules, and VA Handbook 6500.1, Electronic Media Sanitization. Self-certification by the contractor that the data destruction requirements above have been met must be sent to the VA Contracting Officer within 30 days of termination of the contract. 3.4 The contractor/subcontractor must receive, gather, store, back up, maintain, use, disclose and dispose of VA information only in compliance with the terms of the contract and applicable Federal and VA information confidentiality and security laws, regulations and policies. If Federal or VA information confidentiality and security laws, regulations and policies become applicable to the VA information or information systems after execution of the contract, or if NIST issues or updates applicable FIPS or Special Publications (SP) after execution of this contract, the parties agree to negotiate in good faith to implement the information confidentiality and security laws, regulations and policies in this contract. 3.5 The contractor/subcontractor shall not make copies of VA information except as authorized and necessary to perform the terms of the agreement or to preserve electronic information stored on contractor/subcontractor electronic storage media for restoration in case any electronic equipment or data used by the contractor/subcontractor needs to be restored to an operating state. If copies are made for restoration purposes, after the restoration is complete, the copies must be appropriately destroyed. 3.6 If VA determines that the contractor has violated any of the information confidentiality, privacy, and security provisions of the contract, it shall be sufficient grounds for VA to withhold payment to the contractor or third party or terminate the contract for default or terminate for cause under Federal Acquisition Regulation (FAR) part 12. 3.7 If a VHA contract is terminated for cause, the associated BAA must also be terminated and appropriate actions taken in accordance with VHA Handbook 1600.01, Business Associate Agreements. Absent an agreement to use or disclose protected health information, there is no business associate relationship. 3.8 The contractor/subcontractor must store, transport, or transmit VA sensitive information in an encrypted form, using VA-approved encryption tools that are, at a minimum, FIPS 140-2 validated. 3.9 The contractor/subcontractor s firewall and Web services security controls, if applicable, shall meet or exceed VA s minimum requirements. VA Configuration Guidelines are available upon request. 3.10 Except for uses and disclosures of VA information authorized by this contract for performance of the contract, the contractor/subcontractor may use and disclose VA information only in two other situations: (i) in response to a qualifying order of a court of competent jurisdiction, or (ii) with VA s prior written approval. The contractor/subcontractor must refer all requests for, demands for production of, or inquiries about, VA information and information systems to the VA contracting officer for response. 3.11 Notwithstanding the provision above, the contractor/subcontractor shall not release VA records protected by Title 38 U.S.C. 5705, confidentiality of medical quality assurance records and/or Title 38 U.S.C. 7332, confidentiality of certain health records pertaining to drug addiction, sickle cell anemia, alcoholism or alcohol abuse, or infection with human immunodeficiency virus. If the contractor/subcontractor is in receipt of a court order or other requests for the above-mentioned information, that contractor/subcontractor shall immediately refer such court orders or other requests to the VA contracting officer for response. 3.12 For service that involves the storage, generating, transmitting, or exchanging of VA sensitive information but does not require C&A or an MOU-ISA for system interconnection, the contractor/subcontractor must complete a Contractor Security Control Assessment (CSCA) on a yearly basis and provide it to the COR. 4. SECURITY INCIDENT INVESTIGATION 4.1 The term security incident means an event that has, or could have, resulted in unauthorized access to, loss or damage to VA assets, or sensitive information, or an action that breaches VA security procedures. The contractor/subcontractor shall immediately notify the COR and simultaneously, the designated ISO and Privacy Officer for the contract of any known or suspected security/privacy incidents, or any unauthorized disclosure of sensitive information, including that contained in system(s) to which the contractor/subcontractor has access. 4.2 To the extent known by the contractor/subcontractor, the contractor/subcontractor s notice to VA shall identify the information involved, the circumstances surrounding the incident (including to whom, how, when, and where the VA information or assets were placed at risk or compromised), and any other information that the contractor/subcontractor considers relevant. 4.3 With respect to unsecured protected health information, the business associate is deemed to have discovered a data breach when the business associate knew or should have known of a breach of such information. Upon discovery, the business associate must notify the covered entity of the breach. Notifications need to be made in accordance with the executed business associate agreement. 4.4 In instances of theft or break-in or other criminal activity, the contractor/subcontractor must concurrently report the incident to the appropriate law enforcement entity (or entities) of jurisdiction, including the VA OIG and Security and Law Enforcement. The contractor, its employees, and its subcontractors and their employees shall cooperate with VA and any law enforcement authority responsible for the investigation and prosecution of any possible criminal law violation(s) associated with any incident. The contractor/subcontractor shall cooperate with VA in any civil litigation to recover VA information, obtain monetary or other compensation from a third party for damages arising from any incident, or obtain injunctive relief against any third party arising from, or related to, the incident. 5. LIQUIDATED DAMAGES FOR DATA BREACH 5.1 Consistent with the requirements of 38 U.S.C. 5725, a contract may require access to sensitive personal information. If so, the contractor is liable to VA for liquidated damages in the event of a data breach or privacy incident involving any SPI the contractor/subcontractor processes or maintains under this contract. However, it is the policy of VA to forgo collection of liquidated damages in the event the contractor provides payment of actual damages in an amount determined to be adequate by the agency. 5.2 The contractor/subcontractor shall provide notice to VA of a security incident as set forth in the Security Incident Investigation section above. Upon such notification, VA must secure from a non-Department entity or the VA Office of Inspector General an independent risk analysis of the data breach to determine the level of risk associated with the data breach for the potential misuse of any sensitive personal information involved in the data breach. The term 'data breach' means the loss, theft, or other unauthorized access, or any access other than that incidental to the scope of employment, to data containing sensitive personal information, in electronic or printed form, that results in the potential compromise of the confidentiality or integrity of the data. Contractor shall fully cooperate with the entity performing the risk analysis. Failure to cooperate may be deemed a material breach and grounds for contract termination. 5.3 Each risk analysis shall address all relevant information concerning the data breach, including the following: Nature of the event (loss, theft, unauthorized access); Description of the event, including: date of occurrence; data elements involved, including any PII, such as full name, social security number, date of birth, home address, account number, disability code; Number of individuals affected or potentially affected; Names of individuals or groups affected or potentially affected; Ease of logical data access to the lost, stolen or improperly accessed data in light of the degree of protection for the data, e.g., unencrypted, plain text; Amount of time the data has been out of VA control; The likelihood that the sensitive personal information will or has been compromised (made accessible to and usable by unauthorized persons); Known misuses of data containing sensitive personal information, if any; Assessment of the potential harm to the affected individuals; Data breach analysis as outlined in 6500.2 Handbook, Management of Security and Privacy Incidents, as appropriate; and Whether credit protection services may assist record subjects in avoiding or mitigating the results of identity theft based on the sensitive personal information that may have been compromised. 5.4 Based on the determinations of the independent risk analysis, the contractor shall be responsible for paying to the VA liquidated damages in the amount of $37.50 per affected individual to cover the cost of providing credit protection services to affected individuals consisting of the following: Notification; One year of credit monitoring services consisting of automatic daily monitoring of at least 3 relevant credit bureau reports; Data breach analysis; Fraud resolution services, including writing dispute letters, initiating fraud alerts and credit freezes, to assist affected individuals to bring matters to resolution; One year of identity theft insurance with $20,000.00 coverage at $0 deductible; and Necessary legal expenses the subjects may incur to repair falsified or damaged credit records, histories, or financial affairs. 6. TRAINING 6.1 All contractor employees and subcontractor employees requiring access to VA information and VA information systems shall complete the following before being granted access to VA information and its systems: Sign and acknowledge (either manually or electronically) understanding of and responsibilities for compliance with the Contractor Rules of Behavior, Appendix E relating to access to VA information and information systems; Successfully complete the VA Cyber Security Awareness and Rules of Behavior training and annually complete required security training; Successfully complete the appropriate VA privacy training and annually complete required privacy training; and Successfully complete any additional cyber security or privacy training, as required for VA personnel with equivalent information system access [to be defined by the VA program official and provided to the contracting officer for inclusion in the solicitation document e.g., any role-based information security training required in accordance with NIST Special Publication 800-16, Information Technology Security Training Requirements.] 6.2 The contractor shall provide to the contracting officer and/or the COR a copy of the training certificates and certification of signing the Contractor Rules of Behavior for each applicable employee within 1 week of the initiation of the contract and annually thereafter, as required. 6.3 Failure to complete the mandatory annual training and sign the Rules of Behavior annually, within the timeframe required, is grounds for suspension or termination of all physical or electronic access privileges and removal from work on the contract until the training and documents are complete. 7. INCORPORATION OF OIG STATEMENT The following statement is applicable to contractor dispensing opticians. OIG STATEMENT: Providers and contracting entities have an affirmative duty to check the program exclusion status of individuals and entities prior to entering into employment or contractual relationships or run the risk of civil monetary penalties (CMP) liability if they fail to do so. The contractor shall provide a signed annual report, to the COR, stating that each individual or entity under this contract has been checked against the OIG List of Excluded Individuals/Entities http://www.oig.hhs.gov/fraud/exclusions.html, and the contractor found no individual or entity had been excluded from participation in Medicare, Medicaid and other Federal health care programs. The report will be due each year on the renewal date of the contract. 8. INCORPORATION OF STATEMENT OF COMMITMENT AND UNDERSTANDING The following contract statement is applicable to all contractor personnel. STATEMENT OF COMMITMENT AND UNDERSTANDING The contractor shall complete the attached training and certify completion of the training and understanding of their commitment to protect sensitive VA information obtained as a result of performance of this contract. 9. INCORPORATION OF JOINT COMMISSION ON ACCREDITATION OF HEALTH CARE ORGANIZATIONS (JOINT COMMISSION), CMS, AND OTHER SPECIAL REQUIREMENTS. The following is applicable to the dispensing opticians. JOINT COMMISSION ON ACCREDITATION OF HEALTH CARE ORGANIZATIONS (JOINT COMMISSION), CMS AND OTHER SPECIAL REQUIREMENTS Where the contract does not require Joint Commission accreditation or other regulatory requirements regarding worker competency, the contractor must perform the required work in accordance with Joint Commission and CMS standards. The contractor must demonstrate that he/she has met or exceeded Joint Commission and CMS requirements. The contractor is required to develop and maintain the following documents for each contractor employee working on the contract: credentials and qualifications for the job; a current competence assessment checklist (an assessment of knowledge, skills, abilities and behaviors required to perform a job correctly and skillfully; includes knowledge and skills required to provide care for certain patient populations, as appropriate.); a current performance evaluation supporting ability of the contractor employee to successfully perform the work required in this contract; and listing of relevant continuing education for the last two years. The contractor will provide current copies of these records at the time of contract award and annually on the anniversary date of contract award to the COR, or upon request, for each contractor employee working on the contract. The contractor will be responsible to ensure that contractor employees providing work on this contract are fully trained (for opticians: certified by the appropriate certifying body) and completely competent to perform the required work. The contractor is required to maintain records that document competence/performance level of the contractor employees who participate in this contract are in accordance with Joint Commission, CMS and other regulatory body requirements. The contractor will provide a current copy of the competence assessment checklist and annual performance evaluation to the COR for each contractor employee working under this contract upon award and annually thereafter. When changes in contractor personnel are approved in accordance with the Key Personnel clause of the contract, the contractor must provide evidence of orientation, the current competence assessment, and current performanc...