Combine Solicitation – 65– CIRRUS PHOTO WITH PRINTER
Notice Type: Combine Solicitation
Posted Date:
Office Address:
Subject: 65-- CIRRUS PHOTO WITH PRINTER
Classification Code: 65 - Medical, dental & veterinary equipment & supplies
Solicitation Number: VA24417Q1656
Contact:
Setaside: Service-Disabled Veteran-Owned Small BusinessService-Disabled Veteran-Owned Small Business
Place of Performance (address): BUTLER HCC;
Place of Performance (zipcode): 16001
Place of Performance Country:
Description:
Network Contracting Office 4
Veterans Integrated Service Network 4 Facilities
VA HANDBOOK 6500.6 MARCH 12, 2010 APPENDIX D
D-
(i) This is a combined synopsis/solicitation for CIRRUS 800, BRAND NAME OR EQUAL, as prepared in accordance with the format in Subpart 12.6, as supplemented with additional information included in this notice. This announcement constitutes the only solicitation; quotes are being requested and a written solicitation will not be issued. A firm-fixed price purchase order is anticipated.
(ii) The solicitation number is VA244-17-Q-1656 and is issued as a request for quotation (RFQ).
(iii) The solicitation document and incorporated provisions and clauses are those in effect through Federal Acquisition Circular 2005-95
(iv) This solicitation is set aside 100% for Service-Disabled Veteran-Owned Small Businesses and the associated NAICS 339112 code has a small business size standard of 1000.
(v) Contract Line Items (CLIN):
ITEM NUMBER
DESCRIPTION OF SUPPLIES/SERVICES
QUANTITY
UNIT
UNIT PRICE
AMOUNT
0001
Cirrus photo 800 with Printer and CP table or equivalent must have the following specifications; Easy switching between fundus images registered with OCT scans and maps MulitMode Naviator-interactive
1.00
EA
__________________
__________________
0002
Installation
1.00
JB
__________________
__________________
0003
Shipping
1.00
EA
__________________
__________________
0004
Service Manual x 2 Operator Manual x 2
2.00
EA
__________________
__________________
0005
Training
1.00
JB
__________________
__________________
GRAND TOTAL
__________________
(vi) Comparable products must be brand name or equal in the following specifications:
STATEMENT OF NEED
CLIN #1
Cirrus photo 800 with Printer and CP table or equivalent must have the following specifications;
120Volts
Auto FOCUS
Auto FLASH
Color Image Separation (
Enhanced Depth Imaging (EDI)
Fundus Auto fluoresence:
Wheelchair accessible
Network printer, sliding keyboard shelf, network isolator
Operating system windows embedded
Capable to do OCT scan, Fundus Photography, Fleurescein Angiography, Fundus and Autofluorescence
GPA (Guided Progression Analysis). This report must display the forecasted measurements in future years.
Must have the ability to import and integrate with OCT 5000/HFA 750i at VA
Retina protocol : OCT MAC 200x200, with exact scanning speed at 27,000 A-scans -a second
Macular progression analysis, 5 line raster.
Glaucoma protocol: OCT RNFL, progression analysis
Cornea: includes lenses for anterior segment imaging.
Must Ability to provide an automated Glaucoma Scan report that is on the same 1 page report with the HFA 750i, which is called Combined Report.
Must come with 1 year warranty parts and labor
Be on Vista Imaging Approved DICOM Modality Interfaces List
Must be compatible with
STATEMENT OF WORK- DELIVERY, INSTALLATION, TRAINING
STATEMENT OF WORK PART A GENERAL INFORMATION
A.1 INTRODUCTION This contract is for the purchase, delivery, installation, and training of 1 (one) Cirrus Photo 800 with Printer and CP table or equivalent to meet the needs of
A.2 BACKGROUND The equipment is an Optical Coherence Tomography (OCT) Multi-Modality fundus imaging system including fluorescein and ICG angiography ,color and fundus auto fluorescence. The equipment has advanced algorithms to measure and display layers. Fovea Finder and Auto Center automatically ensure that measurements are made in the correct locations, taking the pressure off the operator to perfectly center the scans. Data cubes are automatically registered with data from prior visits, allowing for more detailed comparisons. Diversified normative databases for ONH, RNFL and macular thickness facilitate even more at-a-glance assessments. Enabling efficient cross-modality analysis, allows easy switching between fundus images registered with OCT scans and maps.
A.3 SCOPE OF WORK This agreement will secure the hardware, software, and installation/configuration services needed to implement the Cirrus photo 800 with printer or equivalent. The hardware, software, and installation/configuration services covered by this agreement.
STATEMENT OF WORK PART B WORK REQUIREMENTS
The vendor:
B.1.1 Will provide delivery of one (1) Cirrus Photo 800 with printer or equivalent to
B1.2 The one (1) Cirrus Photo 800 with printer or equivalent must have the following specifications:
B1.2.1 Printer
B1.2.2 Easy switching between fundus images registered with OCT scans and maps
B1.2.3 Color Image Separation (
B1.2.4 Voltage System: 120V
B1.2.5 Filters for green, blue and fundus auto fluorescence images, UV/IR barrier filters and +FA + ICGA exciter and barrier filters, FA+ICGA exciter and barrier filters
B1.2.6 Database for patient information and images with field angle, FA time, R/L recognition and date of visit are stored
B1.2.7 Asymmetric, suitable for wheelchairs
B1.2.8 Network printer, sliding keyboard shelf, network isolator
B1.2.9 Auto Focus
B1.2.10
B1.2.11 16 flash levels (30Ws)
B1.2.12 24 flash levels (80Ws)
B1.2.13
B1.2.
B1.2.15 Capable to do OCT scan, Fundus Photography, Fleurescein Angiography, Fundus and Auto fluorescence
B1.2.16 Operating system windows embedded
B1.2.17 Hard drive storage over 30,000 fundus images with OCT cube scans
B1.2.18 Two operator manuals
B1.2.19 Two service manuals
B1.2.20 One year warranty parts and labor
B1.2.21 Staff training (Clinical)
B1.2.22 Shipping
B1.2.23 Installation
B1.2. 24 Must have the ability to import and integrate with OCT 5000/HFA 750i at VA
Retina protocol : OCT MAC 200x200, with exact scanning speed at 27,000 A-scans -a second, Macular progression analysis, 5 line raster.
Glaucoma protocol: OCT RNFL, progression analysis
Cornea: includes lenses for anterior segment imaging.
B1.2.25 Must Ability to provide an automated Glaucoma Scan report that is on the same 1 page report with the HFA 750i, which is called Combined Report.
STATEMENT OF WORK GENERAL REQUIREMENTS
C.1. The contractor shall adhere to the job site requirements listed below:
C.1.1. All personnel to adhere to site safety requirements PPE at a minimum to include hard hats, safety glasses, high-visibility clothing, hard sole shoes.
C.1.2. All personnel subject to a 30-minute site safety orientation conducted by
C.1.3. Vendor responsible for unloading, handling, unpacking; clean up to dumpster provided by GC
C.1.4. Vendor to schedule deliveries through
C.1.5.
C.1.6. Vendor responsible for protecting product after installation
C.1.7. Standard work hours are Monday Friday,
C.1.8. Contractor shall provide proof of insurance to COR before any work starts
STATEMENT OF WORK PART D SUPPORTING INFORMATION
D.1. Place of
D.2. Period of Performance Period covers installation and verification/testing of operations to ensure the equipment operate as marketed.
D.3. Special Considerations
D.3.1. Contractor Furnished Materials and Services
D.3.1.1. Equipment to transport equipment (e.g., dollies, pallet jacks, etc.)
D.3.1.2. Tools necessary to finalize installation of equipment (e.g., installation of casters, setup of shelving)
D.3.2. Government Furnished Materials and Services
D.3.2.1. Elevator access, power, and as optimal an operating environment as can be reasonably achieved.
D.3.3. Qualifications of Key Personnel Each party will determine the level of skills and adequate training for personnel supplied.
______________________________________
Authorized Company Representative Signature
D.3.4. Contractor s Statement of Release - In consideration of the modification agreed to herein as complete equitable adjustment, the Contractor hereby releases the Government from any and all liability under this contract for further equitable adjustments attributable to this modification.
D.3.5.
VA INFORMATION AND INFORMATION SYSTEM SECURITY/PRIVACY LANGUAGE
GENERAL
Contractors, contractor personnel, subcontractors, and subcontractor personnel shall be subject to the same Federal laws, regulations, standards, and VA Directives and Handbooks as
ACCESS TO VA INFORMATION AND VA INFORMATION SYSTEMS
A contractor/subcontrator shall request logical (technical) or physical access to
All contractors, subcontractors, and third-party servicers and associates working with
Contract personnel who require access to national security programs must have a valid security clearance. National Industrial Security Program (NISP) was established by Executive Order 12829 to ensure that cleared
Custom software development and outsourced operations must be located in the
The contractor or subcontractor must notify the Contracting Officer immediately when an employee working on a
VA INFORMATION CUSTODIAL LANGUAGE
Information made available to the contractor or subcontractor by
Prior to termination or completion of this contract, contractor/subcontractor must not destroy information received from
The contractor/subcontractor must receive, gather, store, back up, maintain, use, disclose and dispose of
The contractor/subcontractor shall not make copies of
If
If a VHA contract is terminated for cause, the associated BAA must also be terminated and appropriate actions taken in accordance with VHA Handbook 1600.01, Business Associate Agreements. Absent an agreement to use or disclose protected health information, there is no business associate relationship.
The contractor/subcontractor must store, transport, or transmit
The contractor/subcontractor s firewall and Web services security controls, if applicable, shall meet or exceed
Except for uses and disclosures of
Notwithstanding the provision above, the contractor/subcontractor shall not release
SECURITY INCIDENT INVESTIGATION
The term security incident means an event that has, or could have, resulted in unauthorized access to, loss or damage to
To the extent known by the contractor/subcontractor, the contractor/subcontractor s notice to
With respect to unsecured protected health information, the business associate is deemed to have discovered a data breach when the business associate knew or should have known of a breach of such information. Upon discovery, the business associate must notify the covered entity of the breach. Notifications need to be made in accordance with the executed business associate agreement.
In instances of theft or break-in or other criminal activity, the contractor/subcontractor must concurrently report the incident to the appropriate law enforcement entity (or entities) of jurisdiction, including the VA OIG and Security and Law Enforcement. The contractor, its employees, and its subcontractors and their employees shall cooperate with
LIQUIDATED DAMAGES FOR DATA BREACH
Consistent with the requirements of 38 U.S.C. --5725, a contract may require access to sensitive personal information. If so, the contractor is liable to
The contractor/subcontractor shall provide notice to
Each risk analysis shall address all relevant information concerning the data breach, including the following:
NATURE OF THE EVENT (LOSS, THEFT, UNAUTHORIZED ACCESS);
DESCRIPTION OF THE EVENT, INCLUDING:
(A) DATE OF OCCURRENCE;
(B) DATA ELEMENTS INVOLVED, INCLUDING ANY PII, SUCH AS FULL NAME, SOCIAL SECURITY NUMBER, DATE OF BIRTH, HOME ADDRESS, ACCOUNT NUMBER, DISABILITY CODE;
(3) NUMBER OF INDIVIDUALS AFFECTED OR POTENTIALLY AFFECTED;
(4) NAMES OF INDIVIDUALS OR GROUPS AFFECTED OR POTENTIALLY AFFECTED;
(5) EASE OF LOGICAL DATA ACCESS TO THE LOST, STOLEN OR IMPROPERLY ACCESSED DATA IN LIGHT OF THE DEGREE OF PROTECTION FOR THE DATA, E.G., UNENCRYPTED, PLAIN TEXT;
(6) AMOUNT OF TIME THE DATA HAS BEEN OUT OF VA CONTROL;
(7) THE LIKELIHOOD THAT THE SENSITIVE PERSONAL INFORMATION WILL OR HAS BEEN COMPROMISED (MADE ACCESSIBLE TO AND USABLE BY UNAUTHORIZED PERSONS);
(8) KNOWN MISUSES OF DATA CONTAINING SENSITIVE PERSONAL INFORMATION, IF ANY;
(9) ASSESSMENT OF THE POTENTIAL HARM TO THE AFFECTED INDIVIDUALS;
(10) DATA BREACH ANALYSIS AS OUTLINED IN 6500.2 HANDBOOK, MANAGEMENT OF SECURITY AND PRIVACY INCIDENTS, AS APPROPRIATE; AND
(11) WHETHER CREDIT PROTECTION SERVICES MAY ASSIST RECORD SUBJECTS IN AVOIDING OR MITIGATING THE RESULTS OF IDENTITY THEFT BASED ON THE SENSITIVE PERSONAL INFORMATION THAT MAY HAVE BEEN COMPROMISED.
Based on the determinations of the independent risk analysis, the contractor shall be responsible for paying to the
(1) NOTIFICATION;
(2) ONE YEAR OF CREDIT MONITORING SERVICES CONSISTING OF AUTOMATIC DAILY MONITORING OF AT LEAST 3 RELEVANT CREDIT BUREAU REPORTS;
(3) DATA BREACH ANALYSIS;
(4) FRAUD RESOLUTION SERVICES, INCLUDING WRITING DISPUTE LETTERS, INITIATING FRAUD ALERTS AND CREDIT FREEZES, TO ASSIST AFFECTED INDIVIDUALS TO BRING MATTERS TO RESOLUTION;
(5) ONE YEAR OF IDENTITY THEFT INSURANCE WITH
(6) Necessary legal expenses the subjects may incur to repair falsified or damaged credit records, histories, or financial affairs.
TRAINING
All contractor employees and subcontractor employees requiring access to
Sign and acknowledge (either manually or electronically) understanding of and responsibilities for compliance with the Contractor Rules of Behavior, Appendix E relating to access to
Successfully complete the VA Cyber Security Awareness and Rules of Behavior training and annually complete required security training;
Successfully complete the appropriate
Successfully complete any additional cyber security or privacy training, as required for
The contractor shall provide to the contracting officer and/or the COTR a copy of the training certificates and certification of signing the Contractor Rules of Behavior for each applicable employee within 1 week of the initiation of the contract and annually thereafter, as required.
Failure to complete the mandatory annual training and sign the Rules of Behavior annually, within the timeframe required, is grounds for suspension or termination of all physical or electronic access privileges and removal from work on the contract until such time as the training and documents are complete.
PERSONAL IDENTITY VERIFICATION OF CONTRACTOR PERSONNEL
All personnel employed by the Contractor and performing work VAPHS must comply with Homeland Security Presidential Directive 12 (HSPD-12).----
a.--------------All Contractor employees who require access to the
i.------------Position Sensitivity - The position sensitivity has been designated as low risk.
ii.------------Background Investigation - The level of background investigation commensurate with the required level of access is T1, form required is a SF85
iii.------------Contractor Responsibilities
1.--------------The contractor shall bear the expense of obtaining background investigations, regardless of the final adjudication determination. A Bill of Collections shall be generated by the
2.--------------The Contractor shall review the packet of information provided by the
3.--------------The Contractor, when notified of an unfavorable determination by the Government, shall withdraw the employee from consideration from working under the contract.
4.--------------Contractor shall provide names of backup personnel to COR for investigation within two weeks of replacement.
5.--------------Failure to comply with the Contractor personnel security requirements may result in termination of the contract for default.
iv.------------Government Responsibilities
1.--------------Upon contract award, the
2.--------------The
3.--------------
(viii) The provision at 52.212-1, Instructions to Offerors -- Commercial, applies to this acquisition and the following clauses AND instructions are added as addenda:
CLAUSES:
52.211-6 Brand Name or Equal (
52.214-21 Descriptive Literature (
852.211-73 Brand Name or Equal. (
852-219-10 VA Notice of Total Service-Disabled Veteran-Owned Small Business Set-Aside
(ix) Evaluation of this requirement will be based on PRICE ONLY.
(x) Offerors are advised to include a completed copy of the provision at 52.212-3, Offeror Representations and Certifications -- Commercial Items, with its offer if has not been completed on SAM.gov.
(xi) The clause at 52.212-4, Contract Terms and Conditions -- Commercial Items, applies to this acquisition and the following clauses are added as addenda:
(End of Clause)
52.252-2 CLAUSES INCORPORATED BY REFERENCE (
This contract incorporates one or more clauses by reference, with the same force and effect as if they were given in full text. Upon request, the Contracting Officer will make their full text available. Also, the full text of a clause may be accessed electronically at this/these address(es):
(End of Clause)
852.203-70
852.246-71 Inspection (
(xii) The clause at 52.212-5, Contract Terms and Conditions Required To Implement Statutes Or Executive Orders -- Commercial Items, applies to this acquisition and the following additional FAR clauses cited in the clause are applicable to the acquisition:
52.204-10 Reporting Executive Compensation & First-Tier Subcontract Awards (
52.209-6 Protecting the Government s Interest When Subcontracting with Contractors Debarred, Suspended, or Proposed for Debarment (
52.219-28 Post Award Small Business Program Representation (
52.222-19 Child Labor--Cooperation with Authorities and Remedies (
52.222-21 Prohibition of Segregated Facilities (
52.222-26 Equal Opportunity (
52.222-36 Equal Opportunity for Workers with Disabilities (
52.222-50 Combating Trafficking in Persons (
52.223-18 Encouraging Contractor Policies to Ban Text Messaging While Driving (
52.225-3 Buy American--Free Trade Agreements--Israeli Trade Act (
52.225-13 Restrictions on Certain Foreign Purchases (
52.232-34 Payment by Electronic Funds Transfer--Other than System for Award Management (
52.232-40 Providing Accelerated Payments to Small Business Subcontractors
(xiii) There are no additional contract requirements, terms or conditions.
(xiv) The Defense Priorities and Allocations System (DPAS) ratings are NOT APPLICABLE.
(xv) Quotes must be emailed to [email protected] and received no later than
NO LATES WILL BE ACCEPTED
(xvi) For information regarding the solicitation, please contact
**MUST BE RETURNED WITH QUOTE**
VA Privacy Training for Personnel without Access to VA Computer Systems
or Direct Access or Use to VA Sensitive Information
The
This document satisfies the basic privacy training requirement for a contractor, volunteer, or other personnel only if the individual does not use or have access to any
If you have direct access to protected health information or access to a
What is VA Sensitive Information/Data
All Department information and/or data on any storage media or in any form or format, which requires protection due to the risk of harm that could result from inadvertent or deliberate disclosure, alteration, or destruction of the information. The term includes not only information that identifies an individual but also other information whose improper use or disclosure could adversely affect the ability of an agency to accomplish its mission, proprietary information, and records about individuals requiring protection under applicable confidentiality provisions.
What is Protected Health Information
The HIPAA Privacy Rule defines protected health information as Individually Identifiable Health Information transmitted or maintained in any form or medium by a covered entity, such as VHA.
What is an Incidental Disclosure
An incidental disclosure is one where an individual s information may be disclosed incidentally even though appropriate safeguards are in place. Due to the nature of
For example:
You overhear a healthcare provider s conversation with another provider or patient even when the conversation is taken place appropriately.
You may see limited Veteran information on sign-in sheets or white boards within a treating area of the facility.
Hearing a Veteran s name being called out for an appointment or when the Veteran is being transported/escorted to and from an appointment.
Safeguards You Must Follow To Secure VA Sensitive Information:
Secure any
Don t take
Don t take pictures using a personal camera without the permission from the Medical Center Director.
Any protected health information overheard or seen in
Do not share
Immediately report lost or stolen Personal Identity Verification (PIV) or Veteran Health Identification Cards (VHIC), any
Do not use a
Do not ask another
What are the Six Privacy Laws and Statutes Governing VA
Freedom of Information Act (FOIA) compels disclosure of reasonably described
Privacy Act of 1974 provides for the confidentiality of personal information about a living individual who is a
Health Insurance Portability and Accountability Act (HIPAA) provides for the improvement of the efficiency and effectiveness of health care systems by encouraging the development of health information systems through the establishment of standards and requirements for the electronic transmission, privacy, and security of certain health information.
38 U.S.C. 5701 provides for the confidentiality of all
38 U.S.C. 7332 provides for the confidentiality of drug abuse, alcoholism and alcohol abuse, infection with the human immunodeficiency virus (HIV) and sickle cell anemia medical records and health information.
38 U.S.C. 5705 provides for the confidentiality of designated medical-quality assurance documents.
What are the Privacy Rules Concerning Use and Disclosure
You are not authorized to use or disclose protected health information. In general, VHA personnel may only use information for purposes of treatment, payment or healthcare operations when they have a need-to-know in the course of their official job duties. VHA may only disclose protected health information upon written request by the individual who is the subject of the information or as authorized by law.
How is Privacy Enforced
There are both civil and criminal penalties, including monetary penalties that may be imposed if a privacy violation has taken place. Any willful negligent or intentional violation of an individual s privacy by
Know your
YOU ARE RESPONSIBLE FOR PROTECTING THE CONFIDENTIAL INFORMATION OF OUR VETERANS
__________________________________________ ________________
Employee (Print Name) Date
__________________________________________
Employee Signature
__________________________________________
Print
__________________________________________
Print
PROVIDE A COPY OF THIS FORM TO YOUR SUPERVISOR/CONTRACTING OFFICER
FOR DATA ENTRY INTO TALENT MANAGEMENT SYSTEM
CONTRACTOR RULES OF BEHAVIOR
**MUST BE RETURNED WITH QUOTE**
This User Agreement contains rights and authorizations regarding my access to and use of any information assets or resources associated with my performance of services under the contract terms with the
1. GENERAL TERMS AND CONDITIONS FOR ALL ACTIONS AND ACTIVITIES UNDER THE CONTRACT:
I understand and agree that I have no reasonable expectation of privacy in accessing or using any
I consent to reviews and actions by the
I consent to reviews and actions by authorized
I understand and accept that unauthorized attempts or acts to access, upload, change, or delete information on Federal Government systems; modify Federal government systems; deny access to Federal government systems; accrue resources for unauthorized use on Federal government systems; or otherwise misuse Federal government systems or resources are prohibited.
I understand that such unauthorized attempts or acts are subject to action that may result in criminal, civil, or administrative penalties. This includes penalties for violations of Federal laws including, but not limited to, 18 U.S.C. --1030 (fraud and related activity in connection with computers) and 18 U.S.C. --2701 (unlawful access to stored communications).
I agree that OI&T staff, in the course of obtaining access to information or systems on my behalf for performance under the contract, may provide information about me including, but not limited to, appropriate unique personal identifiers such as date of birth and social security number to other system administrators, Information Security Officers (ISOs), or other authorized staff without further notifying me or obtaining additional written or verbal permission from me.
I understand I must comply with
I will report suspected or identified information security/privacy incidents to the COTR and to the local ISO or Privacy Officer as appropriate.
2. GENERAL RULES OF BEHAVIOR
Rules of Behavior are part of a comprehensive program to provide complete information security. These rules establish standards of behavior in recognition of the fact that knowledgeable users are the foundation of a successful security program. Users must understand that taking personal responsibility for the security of their computer and the information it contains is an essential part of their job.
The following rules apply to all
Follow established procedures for requesting, accessing, and closing user accounts and access. I will not request or obtain access beyond what is normally granted to users or by what is outlined in the contract.
Use only systems, software, databases, and data which I am authorized to use, including any copyright restrictions.
I will not use other equipment (OE) (non-contractor owned) for the storage, transfer, or processing of
Not use my position of trust and access rights to exploit system controls or access information for any reason other than in the performance of the contract.
Not attempt to override or disable security, technical, or management controls unless expressly permitted to do so as an explicit requirement under the contract or at the direction of the COTR or ISO. If I am allowed or required to have a local administrator account on a government-owned computer, that local administrative account does not
VA HANDBOOK 6500.6 MARCH 12, 2010
APPENDIX D
APPENDIX D
D-
D-
confer me unrestricted access or use, nor the authority to bypass security or other controls except as expressly permitted by the VA CIO or CIO's designee.
Contractors use of systems, information, or sites is strictly limited to fulfill the terms of the contract. I understand no personal use is authorized. I will only use other Federal government information systems as expressly authorized by the terms of those systems. I accept that the restrictions under ethics regulations and criminal law still apply.
Grant access to systems and information only to those who have an official need to know.
Protect passwords from access by other individuals.
Create and change passwords in accordance with VA Handbook 6500 on systems and any devices protecting
Protect information and systems from unauthorized disclosure, use, modification, or destruction. I will only use encryption that is FIPS 140-2 validated to safeguard
Follow VA Handbook 6500.1, Electronic Media Sanitization to protect
Ensure that the COTR has previously approved
Not host, set up, administer, or run an
Protect government property from theft, destruction, or misuse. I will follow
VA HANDBOOK 6500.6 MARCH 12, 2010
APPENDIX D
D-4
Only use anti-virus software, antispyware, and firewall/intrusion detection software authorized by
Not disable or degrade the standard anti-virus software, antispyware, and/or firewall/intrusion detection software on the computer I use to access and use information assets or resources associated with my performance of services under the contract terms with
Understand that restoration of service of any
Complete required information security and privacy training, and complete required training for the particular systems to which I require access.
3. ADDITIONAL CONDITIONS FOR USE OF NON- VA INFORMATION TECHNOLOGY RESOURCES
When required to complete work under the contract, I will directly connect to the
Remote access to non-public
I will not have both a
I understand that I may not obviate or evade my responsibility to adhere to
4. STATEMENT ON LITIGATION
This User Agreement does not and should not be relied upon to create any other right or benefit, substantive or procedural, enforceable by law, by a party to litigation with the United States Government.
COMBINED SYNOPSIS SOLICITATION
5. ACKNOWLEDGEMENT AND ACCEPTANCE
I acknowledge receipt of this User Agreement. I understand and accept all terms and conditions of this User Agreement, and I will comply with the terms and conditions of this agreement and any additional
Print or type your full name Signature
Last 4 digits of SSN Date
Office Phone Position Title
Contractor s Company Please complete and return the original signed
stated in the terms of the contract.
**MUST BE RETURNED WITH QUOTE**
BUSINESS ASSOCIATE AGREEMENT BETWEEN THE DEPARTMENT OF VETERANS AFFAIRS VETERANS HEALTH ADMINISTRATION, BUTLER HCC AND
The purpose of this Business Associate Agreement (Agreement) is to establish requirements for the
Scope. Under this Agreement and other applicable contracts or agreements, will provide CIRRUS 800 services to, for, or on behalf of BUTLER HCC.
In order for to provide such services, BUTLER HCC will disclose PHI to , and will use or disclose PHI in accordance with this Agreement.
Definitions. Unless otherwise provided, the following terms used in this Agreement have the same meaning as defined by the HIPAA Rules: Breach, Data Aggregation, Designated Record Set, Disclosure, Health Care Operations, Individual, Minimum Necessary, Notice of Privacy Practices, Protected Health Information (PHI), Required by Law, Secretary, Security Incident, Subcontractor, Unsecured Protected Health Information, and Use.
Business Associate shall have the same meaning as described at 45 C.F.R. '' 160.103. For the purposes of this Agreement, Business Associate shall refer to , including its employees, officers, or any other agents that create, receive, maintain, or transmit PHI as described below.
Covered Entity shall have the same meaning as the term is defined at 45 C.F.R. '' 160.103. For the purposes of this Agreement, Covered Entity shall refer to BUTLER HCC.
Protected Health Information or PHI shall have the same meaning as described at 45 C.F.R. '' 160.103. Protected Health Information and PHI as used in this Agreement include Electronic Protected Health Information and EPHI. For the purposes of this Agreement and unless otherwise provided, the term shall also refer to PHI that Business Associate creates, receives, maintains, or transmits on behalf of Covered Entity or receives from Covered Entity or another Business Associate.
Subcontractor shall have the same meaning as the term is defined at 45 C.F.R. '' 160.103. For the purposes of this Agreement, Subcontractor shall refer to a contractor of any person or entity, other than Covered Entity, that creates, receives, maintains, or transmits PHI under the terms of this Agreement.
Terms and Conditions. Covered Entity and Business Associate agree as follows:
1. Ownership of PHI. PHI is and remains the property of Covered Entity as long as Business Associate creates, receives, maintains, or transmits PHI, regardless of whether a compliant Business Associate agreement is in place.
2. Use and Disclosure of PHI by Business Associate. Unless otherwise provided, Business Associate:
A. May not use or disclose PHI other than as permitted or required by this Agreement, or in a manner that would violate the HIPAA Privacy Rule if done by Covered Entity, except that it may use or disclose PHI:
(1) As required by law or to carry out its legal responsibilities;
(2) For the proper management and administration of Business Associate; or
(3) To provide Data Aggregation services relating to the health care operations of Covered Entity.
3. Obligations of Business Associate. In connection with any Use or Disclosure of PHI, Business Associate must:
A. Consult with Covered Entity before using or disclosing PHI whenever Business Associate is uncertain whether the Use or Disclosure is authorized under this Agreement.
B. Implement appropriate administrative, physical, and technical safeguards and controls to protect PHI and document applicable policies and procedures to prevent any Use or Disclosure of PHI other than as provided by this Agreement.
C. Provide satisfactory assurances that PHI created or received by Business Associate under this Agreement is protected to the greatest extent feasible.
D. Notify Covered Entity within twenty-four (24) hours of Business Associate s discovery of any potential access, acquisition, use, disclosure, modification, or destruction of either secured or unsecured PHI in violation of this Agreement, including any Breach of PHI.
(1) Any incident as described above will be treated as discovered as of the first day on which such event is known to Business Associate or, by exercising reasonable diligence, would have been known to Business Associate.
(2) Notification shall be sent to the ELAINE RAY; [email protected] and to the VHA Health Information Access Office, Business Associate Program Manager by email at [email protected].
(3) Business Associate shall not notify individuals or the
E. Provide a written report to Covered Entity of any potential access, acquisition, use, disclosure, modification, or destruction of either secured or unsecured PHI in violation of this Agreement, including any Breach of PHI, within ten (10) business days of the initial notification.
(1) The written report of an incident as described above will document the following:
(a) The identity of each Individual whose PHI has been, or is reasonably believed by Business Associate to have been, accessed, acquired, used, disclosed, modified, or destroyed;
(b) A description of what occurred, including the date of the incident and the date of the discovery of the incident (if known);
(c) A description of the types of secured or unsecured PHI that was involved;
(d) A description of what is being done to investigate the incident, to mitigate further harm to Individuals, and to protect against future incidents; and
(e) Any other information as required by 45 C.F.R. '--' 164.404(c) and 164.410.
(2) The written report shall be addressed to:
F. To the greatest extent feasible, mitigate any harm due to a Use or Disclosure of PHI by Business Associate in violation of this Agreement that is known or, by exercising reasonable diligence, should have been known to Business Associate.
G. Use only contractors and Subcontractors that are physically located within a jurisdiction subject to the laws of
(1) Must ensure that the terms of any Agreement between Business Associate and a contractor or Subcontractor are at least as restrictive as Business Associate Agreement between Business Associate and Covered Entity.
(2) Must ensure that contractors and Subcontractors agree to the same restrictions and conditions that apply to Business Associate and obtain satisfactory written assurances from them that they agree to those restrictions and conditions.
(3) May not amend any terms of such Agreement without Covered Entity s prior written approval.
I. Within five (5) business days of a written request from Covered Entity:
(1) Make available information for Covered Entity to respond to an Individual s request for access to PHI about him/her.
(2) Make available information for Covered Entity to respond to an Individual s request for amendment of PHI about him/her and, as determined by and under the direction of Covered Entity, incorporate any amendment to the PHI.
(3) Make available PHI for Covered Entity to respond to an Individual s request for an accounting of Disclosures of PHI about him/her.
J. Business Associate may not take any action concerning an individual s request for access, amendment, or accounting other than as instructed by Covered Entity.
K. To the extent Business Associate is required to carry out Covered Entity's obligations under Subpart E of 45 CFR Part 164, comply with the provisions that apply to Covered Entity in the performance of such obligations.
L. Provide to the Secretary of
M. Upon completion or termination of the applicable contract(s) or agreement(s), return or destroy, as determined by and under the direction of Covered Entity, all PHI and other
N. Be liable to Covered Entity for civil or criminal penalties imposed on Covered Entity, in accordance with 45 C.F.R. '--' 164.402 and 164.410, and with the HITECH Act, 42 U.S.C. '--' 17931(b), 17934(c), for any violation of the HIPAA Rules or this Agreement by Business Associate.
4. Obligations of Covered Entity. Covered Entity agrees that it:
A. Will not request Business Associate to make any Use or Disclosure of PHI in a manner that would not be permissible under Subpart E of 45 C.F.R. Part 164 if made by Covered Entity, except as permitted under Section 2 of this Agreement.
C. Has obtained or will obtain from Individuals any authorization necessary for Business Associate to fulfill its obligations under this Agreement.
5. Amendment. Business Associate and Covered Entity will take such action as is necessary to amend this Agreement for Covered Entity to comply with the requirements of the HIPAA Rules or other applicable law.
6. Termination.
A. Automatic Termination. This Agreement will automatically terminate upon completion of Business Associate s duties under all underlying Agreements or by termination of such underlying Agreements.
B. Termination Upon Review. This Agreement may be terminated by Covered Entity, at its discretion, upon review as provided by Section 9 of this Agreement.
C. Termination for Cause. In the event of a material breach by Business Associate, Covered Entity:
(1) Will provide an opportunity for Business Associate to cure the breach or end the violation within the time specified by Covered Entity, and;
(2) May terminate this Agreement and underlying contract(s) if Business Associate does not cure the breach or end the violation within the time specified by Covered Entity.
D. Effect of Termination. Termination of this Agreement will result in cessation of activities by Business Associate involving PHI under this Agreement.
E. Survival. The obligations of Business Associate under this Section shall survive the termination of this Agreement as long as Business Associate creates, receives, maintains, or transmits PHI, regardless of whether a compliant Business Associate Agreement is in place.
7. No Third Party Beneficiaries. Nothing expressed or implied in this Agreement confers any rights, remedies, obligations, or liabilities whatsoever upon any person or entity other than Covered Entity and Business Associate, including their respective successors or assigns.
8. Other Applicable Law. This Agreement does not abrogate any responsibilities of the parties under any other applicable law.
9. Review Date. The provisions of this Agreement will be reviewed by Covered Entity every two years from Effective Date to determine the applicability and accuracy of the Agreement based on the circumstances that exist at the time of review.
10. Effective Date. This Agreement shall be effective on the last signature date below.
By: By:
Title: Title:
Date: Date:
Link/URL: https://www.fbo.gov/spg/VA/PiVAMC646/PiVAMC646/VA24417Q1656/listing.html



Combine Solicitation – 65– FIELD ANALYZER
Advisor News
- The overlooked retirement security risk that must be addressed
- What advisors should know about hedge funds in retirement planning
- Retirement control is top success measure for middle class, ACLI says
- Industry groups applaud House passage of Financial Exploitation Prevention Act
- Younger workers more likely to be eligible for a retirement plan after changing jobs
More Advisor NewsAnnuity News
- Malibu Life Holdings Completes Acquisition of TruSpire, Establishing Malibu USA and Accelerating Entry into the U.S. Retail Annuity Market
- Why job boards are failing insurance agencies
- MassMutual Ranks No. 100 on the 2026 Fortune 500® List
- What’s fueling record annuity growth?
- Jackson Named InvestmentNews 2026 Annuities Provider of the Year
More Annuity NewsHealth/Employee Benefits News
- Former city DPW director wants opportunity to 'defend my actions' in light of separation agreement
- CDPHP, MVP Health Care among insurers seeking rate increases
- How health insurers get a free pass to deny coverage from a 52‑year‑old law meant to protect worker pensions
- Reports from Capital One AG Describe Recent Advances in Managed Care (Factors Affecting Medical Appointment Adherence among Adolescents and Young Adults with Kidney Disease: A Longitudinal Cohort Study): Managed Care
- Studies from University of Alabama Further Understanding of Neurology (Understanding stroke caregiving in rural contexts: a qualitative study of family caregivers’ cultural values, coping behaviors, and technology use): Health and Medicine – Neurology
More Health/Employee Benefits NewsLife Insurance News
- NAIFA praises House committee approval of Clarity for Compensation Act
- PHL Variable liquidation pushed out to 2027, Connecticut regulators say
- ‘Recession-Proof’ Insurance Is Trending. Safety Net or Scam?
- Winged Keel Group Expands National Presence and PPLI Leadership, Welcomes SBSI, Inc. (dba NFP Insurance Solutions)
- MassMutual Ranks No. 100 on the 2026 Fortune 500® List
More Life Insurance News