Negative Pressure Units (Rental only
Department of the Army, U.S. Army Medical Command | Published August 9, 2016 - Deadline August 31, 2016
Document Type:Combined Solicitation/SynopsisDate: August 09, 2016Subject: BPA (Rental) Bariatric Bed Frame w LAL/ AP Mattress and PumpSolicitation Number: W91YTZ-16-T-0332Response Date: August 31, 2016 at 10:00 AM ESTPoint of Contact: email@example.comSet Aside: Unrestricted Place of Performance: Blanchfield Army Community Hospital, Fort Campbell, KYPeriod of Performance: 12 September 2016 through 30 September 2021NAICS Code: 325413- Size Standard: 500 Employee
Contracting Office AddressDepartment of the ArmyUS Army Medical CommandArmy Health Contracting Activity (Provisional) Regional Health Contracting Office - Cell Building 332, 43 Central Hospital CourtFort Gordon, GA 30905
This is a combined synopsis/solicitation for commercial services prepared in accordance with the format in Subpart 12.6, as supplemented with additional information included in this notice. This announcement constitutes the only solicitation; quotations are being requested and a separate written solicitation will not be issued. The solicitation document and incorporated provisions and clauses are those in effect through Federal Acquisition Circular 2005-89... The Army Health Contracting Activity-Atlantic, Regional Health Contracting Office - Cell, US Army Medical Command intends to solicit, negotiate, and award a Single-Award Blanket Purchase Agreement (BPA), however, the Government reserves the right to issue multiple awards for Medical Equipment to be delivered at Fort Campbell, Kentucky. This is a brand name only. See 52.212-1 Instructions to Offertory and 52.212-2 Evaluation of commercial items and 52.211-6 Brand Name or Equal.Clauses and provisions throughout this solicitation can be viewed by accessing website http://farsite.hill.af.mil/vffara.htm . FAR provision 52.212-1 [Instructions to Offerors Commercial Items] applies to this acquisition. FAR provision 52.212-1 [Instructions to Offerors Commercial] applies to this acquisition to include the following addenda: All offers are cautioned that if selected for award, they must be registered in the System for Award Management (SAM) program. The SAM can be accessed via the internet at https://www.sam.gov/portal/public/SAM/. Confirmation of SAM registration will be validated prior to awarding a contract. The provision at FAR 52.212-2, Evaluation - Commercial Items and any addendums to this provision apply to this acquisition. The clause at FAR 52.212-5, Contract Terms and Conditions to Implement Statutes or Executive Orders - Commercial Items applies to this acquisition.
Vendors shall include a completed copy of FAR provision 52.212-3 Alt 1, Offeror Representations and Certifications with their offer. Offerors shall include a confirmation of receipt of any amendments to this solicitation. Failure to submit a confirmation could result in the offer being determined non- responsive. Clause 52.212-4 Contract Terms and Conditions-Commercial items, applies to this acquisition to include any applicable addenda.
Section B - Supplies or Services and Prices
ITEM NO SUPPLIES/SERVICES QUANTITY UNIT UNIT PRICE AMOUNT0001 1 Day RC1000UBRCMEDSURG Bariatric Bed Frame With LAL/AP Mattress and PumpRA3000E (Rental)
ITEM NO SUPPLIES/SERVICES QUANTITY UNIT UNIT PRICE AMOUNT0002 1 Day RC 1000UB RA 3000E 1000 # BARI Frame with LAL/AP Mattress and Pump(Rental)
ITEM NO SUPPLIES/SERVICES QUANTITY UNIT UNIT PRICE AMOUNT0003 1 Day RC 1000UB 1000 # BARI Frame (Rental)
ITEM NO SUPPLIES/SERVICES QUANTITY UNIT UNIT PRICE AMOUNT0004 1 Day RC 1000UB RA3000B 1000 # BARI FRAME w a BARI LAL/AP Mattress and Pump (Rental)
ITEM NO SUPPLIES/SERVICES QUANTITY UNIT UNIT PRICE AMOUNT0005 1 Day RA3000B BARI LAL/AP Mattress and Pump(Rental)
ITEM NO SUPPLIES/SERVICES QUANTITY UNIT UNIT PRICE AMOUNT0006 1 Day
RAAV Dolphin Mattress and Pump(Rental)
ITEM NO SUPPLIES/SERVICES QUANTITY UNIT UNIT PRICE AMOUNT0007 1 Day RAAVB BARI Dolphin Mattress and Pump (Rental)
INSPECTION AND ACCEPTANCE TERMS
Supplies/services will be inspected/accepted at:
CLIN INSPECT AT INSPECT BY ACCEPT AT ACCEPT BY 0001 Destination Government Destination Government BLANKET PURCHASE AGREEMENT
BLANKET PURCHASE AGREEMENTBetweenContractor To Be Determined (TBD)AndRegional Health Contracting Office - Atlantic (Provisional)
1. Authority: This agreement is established in accordance with Federal Acquisition Regulation (FAR) Part 13, Subpart 13.303, Blanket Purchase Agreements (BPAs). This BPA will be reviewed by the Contracting Officer at least once annually before the anniversary of the effective date, and revised to conform to all requirements of Statutes, Executive Orders, and the FAR. Revisions will be evidenced by a modification to the BPA.
2. Description of Agreement: Contractor(s) TBD shall provide all supplies in accordance with the terms and conditions of this agreement. The ordering period for this BPA is two (5) years from the date of award.
3. Extent of Obligation: Contractor(s) TBD proposal is hereby incorporated into this BPA. The Government is obligated only to the extent of calls (orders) placed by authorized individuals and the purchase limitations of this BPA. Calls (orders) will be made by placing calls for the item required. Payment will be made for actual items provided to the Government.
4. Purchase Limitations:
MINBPA Call Limit = $25,000.00MAX BPA Master Dollar Limit = $50,000.00 over the life of the BPA (five (5) years from the date of award).
5. Individual(s) Authorized to Purchase under the BPA: A listing of individuals authorized to place purchases/calls under this agreement shall be identified by the Regional Health Contracting Office -Cell, Fort Gordon, GA in writing to the contractor, and shall be identified by organization component, title and dollar limitation per call for each individual authorized to place purchases/calls.
Calls placed by individuals not on the list are not authorized and shall not be honored by the contractor. Services provided by the contractor in violation of this authorization will be treated as an unauthorized commitment and may result in termination of this agreement by the government. Changes in the list shall require the signature of the Administering Contracting Officer.
Authorized individuals to place orders/calls:
-US Army Medical Command, Regional Health Contracting Office- Cell, Fort Gordon, GA cell-Warranted Contracting Officer only.
6. Delivery Tickets: All shipments under this agreement shall be accompanied by delivery tickets, sales slips, or a copy of the invoice that shall contain the following minimum information:
a. Name of contractor.b. BPA number.c. Date of call.d. Purchase No.e. Itemized list of supplies to include Serial/Product number and model number of equipment/supplies.f. Quantity, unit price, extension of each item, less applicable discounts.g. Date of delivery or shipment.
The contractor shall create a separate invoice for each call. Invoices shall include, at minimum, the information stated under "Delivery Tickets", above. The period of any discounts will commence on the date of invoice receipt. A summary invoice shall be submitted at least monthly or upon expiration of this BPA, whichever occurs first, for all deliveries made during a billing period, identifying the delivery tickets covered therein, stating their total dollar value, and supported by receipt copies of the delivery tickets.
Additionally, invoice payments will be made via the Government-wide Purchase Card (GPC). GPC is a Government-wide commercial purchase card provided by VISA for the purchase/payment of certain supplies and services.
Note: The contractor shall be responsible for any and all transaction service charges incurred for the acceptance of GPC payments.
The contractor shall submit invoices for calls placed by authorized callers to the attention of the ordering individual who will verify material receipt and provide government purchase card (GPC) information for payment transaction approvals.
Invoice billings will be generated and emailed or faxed to the authorized ordering individual upon completion of service. Each invoice is generated upon completion of service. The billings are based upon the negotiated pricing list.
8. Numbering Of Purchases/Calls Placed Under This Agreement.
Each order under this agreement shall be assigned a call number with a prefix. The prefix X will be used for all calls placed under this BPA. Numbers will consist of three numeric characters, i.e., 001, 002, 003, etc., therefore call numbers will read, for example, X001, X002, X003, etc.
Orders shall be placed by authorized personnel as calls against this BPA via FAX, mail order, telephonically (with written follow-up) and/or Electronic Data Interchange (EDI).
Pricing will be reviewed by the Contractor and the customer prior to the end of each 12 month term of the agreement, in order to assess potential price adjustments based on actual volumes achieved during the year. Pricing shall be based on published catalog price list and any discounts offered. Prices to the Government shall be as low as, or lower than, those charged to the contractor's most favored customers for comparable quantities of similar items or services. During the term of this BPA, an authorized representative of the contractor may meet with the customer on a quarterly basis to review compliance to the estimated levels.
10. Shipping Instructions:
DO NOT UNDER ANY CIRCUMSTANCES SHIP ITEMS TO ADDRESSES OTHER THAN THOSE SPECIFIED HEREIN. TO DO SO IS IN VIOLATION OF THIS ORDER AND COST OF SHIPMENT TO ADDRESS OTHER THAN THAT SPECIFIED IN THIS ORDER WILL NOT BE PAID UNLESS THE SHIP TO/DELIVERY ADDRESS IS CHANGED BY MODIFICATION TO THE ORDER SIGNED BY A CONTRACTING OFFICER.
SHIP TO THE FOLLOWING ADDRESS:
BLANCHFIELD ARMY COMMUNITY HOSPITAL20TH STREET, BLDG 2434FORT CAMPBELL, KY 40121
EXTERIOR OF ALL SHIPPING CARTONS MUST BE MARKED WITH CONTRACT/PURCHASE ORDER NUMBER. IF YOU ARE "DROP SHIPPING" ENSURE YOUR SHIPPER COMPLIES WITH THESE INSTRUCTIONS. CARTONS WITHOUT IDENTIFICATION WILL BE RETURNED "FREIGHT COLLECT".
STATEMENT OF NEEDSBLANCHFIELD ARMY COMMUNITY HOSPITAL FORT CAMPBELL, KY
STATEMENT OF NEED:
The following points represent the general features of that specialty/therapy hospital bed the Government requires.
3. Minimum Requirements / Specifications/ Salient Characteristics:• The bed shall be able to be adjusted to various positions that are needed for the patient's wellbeing, Flowler, Trendelenburg, Reverse Terendelenburg, and Cardiac Chair position. Bed may also need to provide rotation of varying degrees.• The offeror would bring the equipment into the facility for rental that would correspond with the supply items. There will be an inventory done during the case of which disposable items are used. After the case, the representative would remove all items from the facility and receive payment from Logistics.• The Bed shall allow for the offload or redistribution of pressure to assist in the reduction of pressure ulcers/bedsores.• The Mattress fabric shall be such that it keeps skin cool and dry, while providing a barrier to fluid, bacteria and like substances.• The Bed must be able to comfortably accommodate patients of varying weights, up to 1,000 pounds. Bed may also be able to weigh the patient.• Bed provides for better backup in the event of a power failure or transport of patient. Bed may have a locking wheel mechanism.• The offeror must be able to deliver services and set up 24/7 with 4-6 hour delivery.• The offeror must be able to deliver on weekends and holidays.
4. Delivery Terms:
All deliveries shall be at Blanchfield Army Community Hospital, Fort Campbell, KY. This will be completed in accordance with the offeror's commercial schedule.
5. Inspection and Acceptance:
Inspection and acceptance shall be performed by the Government personnel at the Government Facilities. Disposable supplies and instrument sets will be returned to the vendor after the cases are completed.
CLAUSES INCORPORATED BY REFERENCE
52.212-4 Contract Terms and Conditions--Commercial Items MAY 2015
CLAUSES INCORPORATED BY FULL TEXT
ADDENDUM TO 52.212-4
(w) The non-FAR Part 12 discretionary FAR, DFARS, AFARS, and LOCAL clauses included herein are incorporated into this contract either by reference or in full text. If incorporated by reference, see clause 52.252-2 herein for locations where full text can be found.
(End of Clause)
CLAUSES INCORPORATED BY REFERENCE
52.204-10 Reporting Executive Compensation and First-Tier Subcontract Awards OCT 2015 52.209-6 Protecting the Government's Interest When Subcontracting With Contractors Debarred, Suspended, or Proposed for Debarment OCT 2015 52.219-4 Notice of Price Evaluation Preference for HUB Zone Small Business Concerns OCT 2014 52.222-3 Convict Labor JUN 2003 52.222-19 Child Labor -- Cooperation with Authorities and Remedies FEB 2016 52.222-21 Prohibition Of Segregated Facilities APR 2015 52.222-26 Equal Opportunity APR 2015 52.222-36 Equal Opportunity for Workers with Disabilities JUL 2014 52.222-50 Combating Trafficking in Persons MAR 2015 52.222-51 Exemption from Application of the Service Contract Labor Standards to Contracts for Maintenance, Calibration, or Repair of Certain Equipment--Requirements MAY 2014 52.223-3 Hazardous Material Identification And Material Safety Data JAN 1997 52.223-18 Encouraging Contractor Policies To Ban Text Messaging While Driving AUG 2011 52.225-13 Restrictions on Certain Foreign Purchases JUN 2008 52.232-36 Payment by Third Party MAY 2014 52.232-39 Unenforceability of Unauthorized Obligations JUN 2013 52.232-40 Providing Accelerated Payments to Small Business Subcontractors DEC 2013 52.233-3 Protest After Award AUG 1996 52.233-4 Applicable Law for Breach of Contract Claim OCT 2004 252.203-7000 Requirements Relating to Compensation of Former DoD Officials SEP 2011 252.203-7002 Requirement to Inform Employees of Whistleblower Rights SEP 2013 252.204-7003 Control Of Government Personnel Work Product APR 1992 252.225-7036 Buy American--Free Trade Agreement--Balance of Payments Program--Basic (Nov 2014) NOV 2014 252.225-7048 Export-Controlled Items JUN 2013 252.232-7003 Electronic Submission of Payment Requests and Receiving Reports JUN 2012 252.232-7009 Mandatory Payment by Government wide Commercial Purchase Card DEC 2006 252.232-7010 Levies on Contract Payments DEC 2006
CLAUSES INCORPORATED BY FULL TEXT
52.209-10 Prohibition on Contracting With Inverted Domestic Corporations. (NOV 2015)
(a) Definitions. As used in this clause--Inverted domestic corporation means a foreign incorporated entity that meets the definition of an inverted domestic corporation under 6 U.S.C. 395(b), applied in accordance with the rules and definitions of 6 U.S.C. 395(c).Subsidiary means an entity in which more than 50 percent of the entity is owned--(1) Directly by a parent corporation; or(2) Through another subsidiary of a parent corporation.(b) If the contractor reorganizes as an inverted domestic corporation or becomes a subsidiary of an inverted domestic corporation at any time during the period of performance of this contract, the Government may be prohibited from paying for Contractor activities performed after the date when it becomes an inverted domestic corporation or subsidiary. The Government may seek any available remedies in the event the Contractor fails to perform in accordance with the terms and conditions of the contract as a result of Government action under this clause.
(c) Exceptions to this prohibition are located at 9.108-2.
(d) In the event the Contractor becomes either an inverted domestic corporation or a subsidiary of an inverted domestic corporation during contract performance, the Contractor shall give written notice to the Contracting Officer within five business days from the date of the inversion event.
(End of clause)
52.219-28 POST-AWARD SMALL BUSINESS PROGRAM REREPRESENTATION (JULY 2013)
(a) Definitions. As used in this clause--
Long-term contract means a contract of more than five years in duration, including options. However, the term does not include contracts that exceed five years in duration because the period of performance has been extended for a cumulative period not to exceed six months under the clause at 52.217-8, Option to Extend Services, or other appropriate authority.
Small business concern means a concern, including its affiliates that is independently owned and operated, not dominant in the field of operation in which it is bidding on Government contracts, and qualified as a small business under the criteria in 13 CFR Part 121 and the size standard in paragraph (c) of this clause. Such a concern is ``not dominant in its field of operation'' when it does not exercise a controlling or major influence on a national basis in a kind of business activity in which a number of business concerns are primarily engaged. In determining whether dominance exists, consideration shall be given to all appropriate factors, including volume of business, number of employees, financial resources, competitive status or position, ownership or control of materials, processes, patents, license agreements, facilities, sales territory, and nature of business activity.
(b) If the Contractor represented that it was a small business concern prior to award of this contract, the Contractor shall re-represent its size status according to paragraph (e) of this clause or, if applicable, paragraph (g) of this clause, upon the occurrence of any of the following:
(1) Within 30 days after execution of a novation agreement or within 30 days after modification of the contract to include this clause, if the novation agreement was executed prior to inclusion of this clause in the contract.
(2) Within 30 days after a merger or acquisition that does not require a novation or within 30 days after modification of the contract to include this clause, if the merger or acquisition occurred prior to inclusion of this clause in the contract.
(3) For long-term contracts--
(i) Within 60 to 120 days prior to the end of the fifth year of the contract; and
(ii) Within 60 to 120 days prior to the date specified in the contract for exercising any option thereafter.
(c) The Contractor shall represent its size status in accordance with the size standard in effect at the time of this representation that corresponds to the North American Industry Classification System (NAICS) code assigned to this contract. The small business size standard corresponding to this NAICS code can be found at http://www.sba.gov/content/table-small-business-size-standards.
(d) The small business size standard for a Contractor providing a product which it does not manufacture itself, for a contract other than a construction or service contract, is 500 employees.
(e) Except as provided in paragraph (g) of this clause, the Contractor shall make the representation required by paragraph (b) of this clause by validating or updating all its representations in the Representations and Certifications section of the System for Award Management (SAM) and its other data in SAM, as necessary, to ensure that they reflect the Contractor's current status. The Contractor shall notify the contracting office in writing within the timeframes specified in paragraph (b) of this clause that the data have been validated or updated, and provide the date of the validation or update.
(f) If the Contractor represented that it was other than a small business concern prior to award of this contract, the Contractor may, but is not required to, take the actions required by paragraphs (e) or (g) of this clause.
(g) If the Contractor does not have representations and certifications in SAM, or does not have a representation in SAM for the NAICS code applicable to this contract, the Contractor is required to complete the following representation and submit it to the contracting office, along with the contract number and the date on which the representation was completed:
The Contractor represents that it ( ) is, ( ) is not a small business concern under NAICS Code -532291 assigned to contract number .
(Contractor to sign and date and insert authorized signer's name and title).
(End of clause)
52.252-2 CLAUSES INCORPORATED BY REFERENCE (FEB 1998)
This contract incorporates one or more clauses by reference, with the same force and effect as if they were given in full text. Upon request, the Contracting Officer will make their full text available. Also, the full text of a clause may be accessed electronically at this/these address (is):
(End of clause)
52.252-6 AUTHORIZED DEVIATIONS IN CLAUSES (APR 1984)
(a) The use in this solicitation or contract of any Federal Acquisition Regulation (48 CFR Chapter 1) clause with an authorized deviation is indicated by the addition of "(DEVIATION)" after the date of the clause.
(b) The use in this solicitation or contract of any DOD FAR Supplement (48 CFR Chapter 2) clause with an authorized deviation is indicated by the addition of "(DEVIATION)" after the name of the regulation.
(End of clause)
252.204-7012 SAFEGUARDING COVERED DEFENSE INFORMATION AND CYBER INCIDENT REPORTING (DEVIATION 2016-O0001) (OCT 2015)
(a) Definitions. As used in this clause-
"Adequate security" means protective measures that are commensurate with the consequences and probability of loss, misuse, or unauthorized access to, or modification of information.
"Compromise" means disclosure of information to unauthorized persons, or a violation of the security policy of a system, in which unauthorized intentional or unintentional disclosure, modification, destruction, or loss of an object, or the copying of information to unauthorized media may have occurred.
"Contractor attributional/proprietary information" means information that identifies the contractor(s), whether directly or indirectly, by the grouping of information that can be traced back to the contractor(s) (e.g., program description, facility locations), personally identifiable information, as well as trade secrets, commercial or financial information, or other commercially sensitive information that is not customarily shared outside of the company."Contractor information system" means an information system belonging to, or operated by or for, the Contractor.
"Controlled technical information" means technical information with military or space application that is subject to controls on the access, use, reproduction, modification, performance, display, release, disclosure, or dissemination. Controlled technical information would meet the criteria, if disseminated, for distribution statements B through F using the criteria set forth in DoD Instruction 5230.24, Distribution Statements on Technical Documents. The term does not include information that is lawfully publicly available without restrictions.
"Covered contractor information system" means an information system that is owned, or operated by or for, a contractor and that processes, stores, or transmits covered defense information."Covered defense information" means unclassified information that-(i) Is-(A) Provided to the contractor by or on behalf of DOD in connection with the performance of the contract; or(B) Collected, developed, received, transmitted, used, or stored by or on behalf of the contractor in support of the performance of the contract; and(ii) Falls in any of the following categories:(A) Controlled technical information.(B) Critical information (operations security). Specific facts identified through the Operations Security process about friendly intentions, capabilities, and activities vitally needed by adversaries for them to plan and act effectively so as to guarantee failure or unacceptable consequences for friendly mission accomplishment (part of Operations Security process).(C) Export control. Unclassified information concerning certain items, commodities, technology, software, or other information whose export could reasonably be expected to adversely affect the United States national security and nonproliferation objectives. To include dual use items; items identified in export administration regulations, international traffic in arms regulations and munitions list; license applications; and sensitive nuclear technology information.(D) Any other information, marked or otherwise identified in the contract, that requires safeguarding or dissemination controls pursuant to and consistent with law, regulations, and Government wide policies (e.g., privacy, proprietary business information)."Cyber incident" means actions taken through the use of computer networks that result in an actual or potentially adverse effect on an information system and/or the information residing therein.
"Forensic analysis" means the practice of gathering, retaining, and analyzing computer-related data for investigative purposes in a manner that maintains the integrity of the data."Malicious software" means computer software or firmware intended to perform an unauthorized process that will have adverse impact on the confidentiality, integrity, or availability of an information system. This definition includes a virus, worm, Trojan horse, or other code-based entity that infects a host, as well as spyware and some forms of adware."Media" means physical devices or writing surfaces including, but is not limited to, magnetic tapes, optical disks, magnetic disks, large-scale integration memory chips, and printouts onto which information is recorded, stored, or printed within an information system.
‘‘Operationally critical support'' means supplies or services designated by the Government as critical for airlift, sealift, intermodal transportation services, or logistical support that is essential to the mobilization, deployment, or sustainment of the Armed Forces in a contingency operation."Rapid(ly) report(ing)" means within 72 hours of discovery of any cyber incident."Technical information" means technical data or computer software, as those terms are defined in the clause at DFARS 252.227-7013, Rights in Technical Data-Non Commercial Items, regardless of whether or not the clause is incorporated in this solicitation or contract. Examples of technical information include research and engineering data, engineering drawings, and associated lists, specifications, standards, process sheets, manuals, technical reports, technical orders, catalog-item identifications, data sets, studies and analyses and related information, and computer software executable code and source code.
(b) Adequate security. The Contractor shall provide adequate security for all covered defense information on all covered contractor information systems that support the performance of work under this contract. To provide adequate security, the Contractor shall-
(1) Implement information systems security protections on all covered contractor information systems including, at a minimum-
(i) For covered contractor information systems that are part of an Information Technology (IT) service or system operated on behalf of the Government-(A) Cloud computing services shall be subject to the security requirements specified in the clause 252.239-7010, Cloud Computing Services, of this contract; and(B) Any other such IT service or system (i.e., other than cloud computing) shall be subject to the security requirements specified elsewhere in this contract; or(ii) For covered contractor information systems that are not part of an IT service or system operated on behalf of the Government and therefore are not subject to the security requirement specified at paragraph (b)(1)(i) of this clause-(A) The security requirements in National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171, "Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations,"(see http://dx.doi.org/10.6028/NIST.SP.800-171) that is in effect at the time the solicitation is issued or as authorized by the Contracting Officer with the exception of the derived security requirement 3.5.3 "Use of multifactor authentication for local and network access to privileged accounts and for network access to non-privileged accounts", which will be required not later than 9 months after award of the contract, if the Contractor notified the contracting officer in accordance with paragraph (c) of the provision 252.204-7008, Compliance with Safeguarding Covered Defense Information Controls (DEVIATION 2016-O0001)(OCT 2015); or
(B) Alternative but equally effective security measures used to compensate for the inability to satisfy a particular requirement and achieve equivalent protection approved in writing by an authorized representative of the DoD Chief Information Officer (CIO) prior to contract award; and
(2) Apply other information systems security measures when the Contractorreasonably determines that information systems security measures, in addition to those identified in paragraph (b)(1) of this clause, may be required to provide adequate security in a dynamic environment based on an assessed risk or vulnerability.
(c) Cyber incident reporting requirement.
(1) When the Contractor discovers a cyber incident that affects a covered contractor information system or the covered defense information residing therein, or that affects the contractor's ability to perform the requirements of the contract that are designated as operationally critical support, the Contractor shall-
(i) Conduct a review for evidence of compromise of covered defense information, including, but not limited to, identifying compromised computers, servers, specific data, and user accounts. This review shall also include analyzing covered contractor information system(s) that were part of the cyber incident, as well as other information systems on the Contractor's network(s), that may have been accessed as a result of the incident in order to identify compromised covered defense information, or that affect the Contractor's ability to provide operationally critical support; and(ii) Rapidly report cyber incidents to DoD at http://dibnet.dod.mil.(2) Cyber incident report. The cyber incident report shall be treated as information created by or for DoD and shall include, at a minimum, the required elements at http://dibnet.dod.mil.(3) Medium assurance certificate requirement. In order to report cyber incidents in accordance with this clause, the Contractor or subcontractor shall have or acquire a DoD-approved medium assurance certificate to report cyber incidents. For information on obtaining a DoD-approved medium assurance certificate, see http://iase.disa.mil/pki/eca/Pages/index.aspx.(d) Malicious software. The Contractor or subcontractors that discover and isolate malicious software in connection with a reported cyber incident shall submit the malicious software in accordance with instructions provided by the Contracting Officer.(e) Media preservation and protection. When a Contractor discovers a cyber incident has occurred, the Contractor shall preserve and protect images of all known affected information systems identified in paragraph (c)(1)(i) of this clause and all relevant monitoring/packet capture data for at least 90 days from the submission of the cyber incident report to allow DoD to request the media or decline interest.(f) Access to additional information or equipment necessary for forensic analysis. Upon request by DoD, the Contractor shall provide DoD with access to additional information or equipment that is necessary to conduct a forensic analysis.(g) Cyber incident damage assessment activities. If DoD elects to conduct a damage assessment, the Contracting Officer will request that the Contractor provide all of the damage assessment information gathered in accordance with paragraph (e) of this clause.
(h) DoD safeguarding and use of contractor attributional/proprietary information. The Government shall protect against the unauthorized use or release of information obtained from the contractor (or derived from information obtained from the contractor) under this clause that includes contractor attributional/proprietary information, including such information submitted in accordance with paragraph (c). To the maximum extent practicable, the Contractor shall identify and mark attributional/proprietary information. In making an authorized release of such information, the Government will implement appropriate procedures to minimize the contractor attributional/proprietary information that is included in such authorized release, seeking to include only that information that is necessary for the authorized purpose(s) for which the information is being released.(i) Use and release of contractor attributional/proprietary information not created by or for DoD. Information that is obtained from the contractor (or derived from information obtained from the contractor) under this clause that is not created by or for DoD is authorized to be released outside of DoD-(1) To entities with missions that may be affected by such information;(2) To entities that may be called upon to assist in the diagnosis, detection, or mitigation of cyber incidents;(3) To Government entities that conduct counterintelligence or law enforcement investigations;(4) For national security purposes, including cyber situational awareness and defense purposes (including with Defense Industrial Base (DIB) participants in the program at 32 CFR part 236); or(5) To a support services contractor ("recipient") that is directly supporting Government activities under a contract that includes the clause at 252.204-7009, Limitations on the Use or Disclosure of Third-Party Contractor Reported Cyber Incident Information.(j) Use and release of contractor attributional/proprietary information created by or for DoD. Information that is obtained from the contractor (or derived from information obtained from the contractor) under this clause that is created by or for DoD (including the information submitted pursuant to paragraph (c) of this clause) is authorized to be used and released outside of DoD for purposes and activities authorized by paragraph (i) of this clause, and for any other lawful Government purpose or activity, subject to all applicable statutory, regulatory, and policy based restrictions on the Government's use and release of such information.(k) The Contractor shall conduct activities under this clause in accordance with applicable laws and regulations on the interception, monitoring, access, use, and disclosure of electronic communications and data.(l) Other safeguarding or reporting requirements. The safeguarding and cyber incident reporting required by this clause in no way abrogates the Contractor's responsibility for other safeguarding or cyber incident reporting pertaining to its unclassified information systems as required by other applicable clauses of this contract, or as a result of other applicable U.S. Government statutory or regulatory requirements.(m) Subcontracts. The Contractor shall-
(1) Include the substance of this clause, including this paragraph (m), in all subcontracts, including subcontracts for commercial items; and(2) Require subcontractors to rapidly report cyber incidents directly to DoD at http://dibnet.dod.mil and the prime Contractor. This includes providing the incident report number, automatically assigned by DoD, to the prime Contractor (or next higher-tier subcontractor) as soon as practicable.
(End of clause)
252.204-7015 DISCLOSURE OF INFORMATION TO LITIGATION SUPPORT CONTRACTORS (FEB 2014)
(a) Definitions. As used in this clause:
Litigation support means administrative, technical, or professional services provided in support of the Government during or in anticipation of litigation.
Litigation support contractor means a contractor (including an expert or technical consultant) providing litigation support under a contract with the Department of Defense that contains this clause.
Sensitive information means confidential information of a commercial, financial, proprietary, or privileged nature. The term includes technical data and computer software, but does not include information that is lawfully, publicly available without restriction.
(b) Authorized disclosure. Notwithstanding any other provision of this solicitation or contract, the Government may disclose to a litigation support contractor, for the sole purpose of litigation support activities, any information, including sensitive information, received-
(1) Within or in connection with a quotation or offer; or
(2) In the performance of or in connection with a contract.
(c) Flowdown. Include the substance of this clause, including this paragraph (c), in all subcontracts, including subcontracts for commercial items.
(End of clause)252.244-7000 SUBCONTRACTS FOR COMMERCIAL ITEMS (JUN 2013)
(a) The Contractor is not required to flow down the terms of any Defense Federal Acquisition Regulation Supplement (DFARS) clause in subcontracts for commercial items at any tier under this contract, unless so specified in the particular clause.
(b) While not required, the Contractor may flow down to subcontracts for commercial items a minimal number of additional clauses necessary to satisfy its contractual obligation.
(c) The Contractor shall include the terms of this clause, including this paragraph (c), in subcontracts awarded under this contract, including subcontracts for the acquisition of commercial items.
(End of clause)
Invoicing, Receipt, Acceptance and Property Transfer (iRAPT) - formerly known as WAWF
iRAPT is the authorized method to electronically process vendor request for payment. This application allows DOD vendors to submit and track Invoices and Receipt/Acceptance documents electronically. Contractor shall (i) register to use iRAPT at https://wawf.eb.mil and (ii) ensure an electronic business point of contract (POC) is designated in the System for Award Management at https://www.sam.gov within ten (10) calendar days after award of this contract/order.
Questions concerning payments should be directed to the Defense Finance and Accounting Service (DFAS) location listed in Block 18a of your purchase order/contract. Please have your purchase order/contract number ready when calling about payments.
You can easily access payment and receipt information using the DFAS web site at http://www.dfas.mil/money/vendor . Your purchase order/contract number or invoice number will be required to inquire status of your payment.
The following codes and information will be required to assure successful flow of iRAPT documents.
Foreign Vendors will submit banking information in the Comments Tab of the iRAPT invoice.
TYPE OF DOCUMENT [X the appropriate block]
___ Invoice (Contractor Only)
___ Invoice and Receiving Report (COMBO)
__X_ Invoice as 2-in-1 (Services Only)
___ Receiving Report (Government Only)
ISSUE BY DODAAC: W91YTZ
ADMIN BY DODAAC: W91YTZ
INSPECT BY DODAAC: W34GMS
ACCEPT BY DODAAC: W34GMS
SHIP TO DODAAC: W34GMS
PAYMENT OFFICE FISCAL STATION CODE: HQ0490
EMAIL POINTS OF CONTACT LISTING: (Use Group e-mail accounts if applicable)
INSPECTOR Primary: Alternate:
ACCEPTOR Primary: Alternate:
RECEIVING OFFICE POC: Primary: Alternate: CONTRACT ADMINISTRATOR/ SPECIALIST: firstname.lastname@example.org
CONTRACTING OFFICER: See Block 31b on SF1449 for email address.
Any modification requests must be in writing and submitted to: ADMIN DODAAC.
(End of clause)
HCAA Local Clause 5001 - Non-Defense Health Agency (Non-DHA) Health Insurance Portability and Accountability Act (HIPAA) Business Associate Agreement (BAA) (7 July 2014)
In accordance with 45 CFR 164.502(e)(2) and 164.504(e) and paragraph C.220.127.116.11 of DoD 6025.18-R, "DoD Health Information Privacy Regulation," January 24, 2003, this document serves as a BAA between the signatory parties for purposes of the HIPAA and the "HITECH Act" amendments thereof, as implemented by the HIPAA Rules and DoD HIPAA Issuances (both defined below). The parties are a DoD Military Health System (MHS) component, acting as a HIPAA covered entity, and a DoD contractor, acting as a HIPAA business associate. The HIPAA Rules require BAAs between covered entities and business associates. Implementing this BAA requirement, the applicable DoD HIPAA Issuance (DoD 6025.18-R, paragraph C18.104.22.168) provides that requirements applicable to business associates must be incorporated (or incorporated by reference) into the contract or agreement between the parties.
(a) Catchall Definition. Except as provided otherwise in this BAA, the following terms used in this BAA shall have the same meaning as those terms in the DoD HIPAA Rules: Data Aggregation, Designated Record Set, Disclosure, Health Care Operations, Individual, Minimum Necessary, Notice of Privacy Practices (NoPP), Protected Health Information (PHI), Required By Law, Secretary, Security Incident, Subcontractor, Unsecured Protected Health Information, and Use.
-Breach means actual or possible loss of control, unauthorized disclosure of or unauthorized access to PHI or other PII (which may include, but is not limited to PHI), where persons other than authorized users gain access or potential access to such information for any purpose other than authorized purposes, where one or more individuals will be adversely affected. The foregoing definition is based on the definition of breach in DoD Privacy Act Issuances as defined herein.
-Business Associate shall generally have the same meaning as the term "business associate" in the DoD HIPAA Issuances, and in reference to this BAA, shall mean [insert name of Business Associate signatory to this BAA].
-Agreement means this BAA together with the documents and/or other arrangements under which the Business Associate signatory performs services involving access to PHI on behalf of the MHS component signatory to this BAA.
-Covered Entity shall generally have the same meaning as the term "covered entity" in the DoD HIPAA Issuances, and in reference to this BAA, shall mean [insert name of MHS component signatory to this BAA].
-DHA Privacy Office means the DHA Privacy and Civil Liberties Office. The DHA Privacy Office Director is the HIPAA Privacy and Security Officer for DHA, including the National Capital Region Medical Directorate (NCRMD).
-DoD HIPAA Issuances means the DoD issuances implementing the HIPAA Rules in the DoD Military Health System (MHS). These issuances are DoD 6025.18-R (2003), DoDI 6025.18 (2009), and DoD 8580.02-R (2007).
-DoD Privacy Act Issuances means the DoD issuances implementing the Privacy Act, which are DoDD 5400.11 (2007) and DoD 5400.11-R (2007).
-HHS Breach means a breach that satisfies the HIPAA Breach Rule definition of breach in 45 CFR 164.402.
-HIPAA Rules means, collectively, the HIPAA Privacy, Security, Breach and Enforcement Rules, issued by the U.S. Department of Health and Human Services (HHS) and codified at 45 CFR Part 160 and Part 164, Subpart E (Privacy), Subpart C (Security), Subpart D (Breach) and Part 160, Subparts C-D (Enforcement), as amended by the 2013 modifications to those Rules, implementing the "HITECH Act" provisions of Pub. L. 111-5. See 78 FR 5566-5702 (Jan. 25, 2013) (with corrections at 78 FR 32464 (June 7, 2013)). Additional HIPAA rules regarding electronic transactions and code sets (45 CFR Part 162) are not addressed in this BAA and are not included in the term HIPAA Rules.-Service-Level Privacy Office means one or more offices within the military services (Army, Navy, or Air Force) with oversight authority over Privacy Act and HIPAA privacy compliance.
I. Obligations and Activities of Business Associate
(a) The Business Associate shall not use or disclose PHI other than as permitted or required by the Agreement or as required by law.
(b) The Business Associate shall use appropriate safeguards, and comply with the DoD HIPAA Rules with respect to electronic PHI, to prevent use or disclosure of PHI other than as provided for by the Agreement.
(c) The Business Associate shall report to Covered Entity any Breach of which it becomes aware, and shall proceed with breach response steps as required by Part V of this BAA. With respect to electronic PHI, the Business Associate shall also respond to any security incident of which it becomes aware in accordance with any Information Assurance provisions of the Agreement. If at any point the Business Associate becomes aware that a security incident involves a Breach, the Business Associate shall immediately initiate breach response as required by part V of this BAA.
(d) In accordance with 45 CFR 164.502(e)(1)(ii)) and 164.308(b)(2), respectively), as applicable, the Business Associate shall ensure that any subcontractors that create, receive, maintain, or transmit PHI on behalf of the Business Associate agree to the same restrictions, conditions, and requirements that apply to the Business Associate with respect to such PHI.
(e) The Business Associate shall make available PHI in a Designated Record Set, to the Covered Entity or, as directed by the Covered Entity, to an Individual, as necessary to satisfy the Covered Entity obligations under 45 CFR 164.524.
(f) The Business Associate shall make any amendment(s) to PHI in a Designated Record Set as directed or agreed to by the Covered Entity pursuant to 45 CFR 164.526, or take other measures as necessary to satisfy Covered Entity's obligations under 45 CFR 164.526.
(g) The Business Associate shall maintain and make available the information required to provide an accounting of disclosures to the Covered Entity or an individual as necessary to satisfy the Covered Entity's obligations under 45 CFR 164.528.
(h) To the extent the Business Associate is to carry out one or more of Covered Entity's obligation(s) under the HIPAA Privacy Rule, the Business Associate shall comply with the requirements of HIPAA Privacy Rule that apply to the Covered Entity in the performance of such obligation(s); and
(i) The Business Associate shall make its internal practices, books, and records available to the Secretary for purposes of determining compliance with the HIPAA Rules.
II. Permitted Uses and Disclosures by Business Associate
(a) The Business Associate may only use or disclose PHI as necessary to perform the services set forth in the Agreement or as required by law. The Business Associate is not permitted to de-identify PHI under DoD HIPAA issuances or the corresponding 45 CFR 164.514(a)-(c), nor is it permitted to use or disclose de-identified PHI, except as provided by the Agreement or directed by the Covered Entity.
(b) The Business Associate agrees to use, disclose and request PHI only in accordance with the HIPAA Privacy Rule "minimum necessary" standard and corresponding DHA policies and procedures as stated in the DoD HIPAA Issuances.
(c) The Business Associate shall not use or disclose PHI in a manner that would violate the DoD HIPAA Issuances or HIPAA Privacy Rules if done by the Covered Entity, except uses and disclosures for the Business Associate's own management and administration and legal responsibilities or for data aggregation services as set forth in the following three paragraphs.
(d) Except as otherwise limited in the Agreement, the Business Associate may use PHI for the proper management and administration of the Business Associate or to carry out the legal responsibilities of the Business Associate. The foregoing authority to use PHI does not apply to disclosure of PHI, which is covered in the next paragraph.
(e) Except as otherwise limited in the Agreement, the Business Associate may disclose PHI for the proper management and administration of the Business Associate or to carry out the legal responsibilities of the Business Associate, provided that disclosures are required by law, or the Business Associate obtains reasonable assurances from the person to whom the PHI is disclosed that it will remain confidential and used or further disclosed only as required by law or for the purposes for which it was disclosed to the person, and the person notifies the Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.
(f) Except as otherwise limited in the Agreement, the Business Associate may use PHI to provide Data Aggregation services relating to the Covered Entity's health care operations.
III. Provisions for Covered Entity to Inform Business Associate of Privacy Practices and Restrictions
(a) The Covered Entity shall provide the Business Associate with the notice of privacy practices that the Covered Entity produces in accordance with 45 CFR 164.520 and the corresponding provision of the DoD HIPAA Issuances.