Annual Maintenance for Midas Rex
Department of the Navy, Bureau of Medicine and Surgery | Published August 24, 2016 - Deadline September 3, 2016
Section A - Solicitation/Contract Form
CLAUSES INCORPORATED BY FULL TEXT
TIN: CAGE: DUNS:
Vendor Point of Contact: Phone: Vendor email:
Billing/Payment in Arrears.
Naval Medical Center Contracting POC: Harold WoodleyPhone: 757-953-7276Fax: 757-953-5006Email: firstname.lastname@example.org
Product/Services for:Naval Medical Center Portsmouth, Biomedical EngineeringPOC: HM2 Cody LeisterPhone: 757-953-5336Email: email@example.com
Vendor to reference RFQ number N00183-16-T-0199 on all inquires.
PROMPT PAYMENTFor Prompt Payment Act Purposes, this contract is:Subject to the 7-calender day constructive acceptance period.
"AVAILABILITY OF FUNDS. Pursuant to Section I, Availability of Funds (FAR 52.232-18), of the contract, funds are not presently available for this contract. The Government's obligation under this contract is contingent upon the availability of appropriated funds from which payment for contract purposes can be made. No legal liability on the part of the Government for any payment may arise until funds are made available to the Contracting Officer for this contract and until the Contractor receives notice of such availability, to be confirmed in writing to the Contracting Officer.
Note to vendors:
• Government reserves the right to make award on an "all-or-none" basis.• Award to be best value based upon past performance and lowest price technically acceptable.
Section B - Supplies or Services and Prices
ITEM NO SUPPLIES/SERVICES QUANTITY UNIT UNIT PRICE AMOUNT0001 12 Months Annual Maintenance for Midas Rex SystemFFPin the Main Operating Room. See Section C for Statement of Work.FOB: DestinationMILSTRIP: N0018317RQSU015PURCHASE REQUEST NUMBER: N0018317RQSU015
ITEM NO SUPPLIES/SERVICES QUANTITY UNIT UNIT PRICE AMOUNT000101 #EM200, Handpiece, SurgicalFFP16 each: 13L0208, 13L0207, 13L0279, 13L0280, 06C0115, 08J0075, 10E0157, 12D0282, 12F0332, 12G0419, 12I0082, 13A0107, 09I0140, 12L0009, 12G0037, 13G0051.FOB: DestinationPURCHASE REQUEST NUMBER: N0018317RQSU015
ITEM NO SUPPLIES/SERVICES QUANTITY UNIT UNIT PRICE AMOUNT000102 #PM100, Handpiece, SurgicalFFP2 each: P00810159, P00457419.FOB: DestinationPURCHASE REQUEST NUMBER: N0018317RQSU015
ITEM NO SUPPLIES/SERVICES QUANTITY UNIT UNIT PRICE AMOUNT000103 #EC300, Driving Control, Adaptive,FFPPowered, 4 each: 51724, 51863, 72280, 72279.FOB: DestinationPURCHASE REQUEST NUMBER: N0018317RQSU015
Section C - Descriptions and Specifications
CLAUSES INCORPORATED BY FULL TEXT
SUP 5252.204-9400 Contractor Unclassified Access to Federally Controlled Facilities, Sensitive Information, Information Technology (IT) Systems or Protected Health Information (July 2013)
Homeland Security Presidential Directive (HSPD)-12, requires government agencies to develop and implement Federal security standards for Federal employees and contractors. The Deputy Secretary of Defense Directive-Type Memorandum (DTM) 08-006 - "DoD Implementation of Homeland Security Presidential Directive - 12 (HSPD-12)" dated November 26, 2008 (or its subsequent DoD instruction) directs implementation of HSPD-12. This clause is in accordance with HSPD-12 and its implementing directives.
APPLICABILITY This clause applies to contractor employees requiring physical access to any area of a federally controlled base, facility or activity and/or requiring access to a DoN or DoD computer/network/system to perform certain unclassified sensitive duties. This clause also applies to contractor employees who access Privacy Act and Protected Health Information, provide support associated with fiduciary duties, or perform duties that have been identified by DON as National Security Position, as advised by the command security manager. It is the responsibility of the responsible security officer of the command/facility where the work is performed to ensure compliance.
Each contractor employee providing services at a Navy Command under this contract is required to obtain a Department of Defense Common Access Card (DoD CAC). Additionally, depending on the level of computer/network access, the contract employee will require a successful investigation as detailed below.
ACCESS TO FEDERAL FACILITIES Per HSPD-12 and implementing guidance, all contractor employees working at a federally controlled base, facility or activity under this clause will require a DoD CAC. When access to a base, facility or activity is required contractor employees shall in-process with the Navy Command's Security Manager upon arrival to the Navy Command and shall out-process prior to their departure at the completion of the individual's performance under the contract.
ACCESS TO DOD IT SYSTEMS In accordance with SECNAV M-5510.30, contractor employees who require access to DoN or DoD networks are categorized as IT-I, IT-II, or IT-III. The IT-II level, defined in detail in SECNAV M-5510.30, includes positions which require access to information protected under the Privacy Act, to include Protected Health Information (PHI). All contractor employees under this contract who require access to Privacy Act protected information are therefore categorized no lower than IT-II. IT Levels are determined by the requiring activity's Command Information Assurance Manager. Contractor employees requiring privileged or IT-I level access, (when specified by the terms of the contract) require a Single Scope Background Investigation (SSBI) which is a higher level investigation than the National Agency Check with Law and Credit (NACLC) described below. Due to the privileged system access, a SSBI suitable for High Risk public trusts positions is required. Individuals who have access to system control, monitoring, or administration functions (e.g. system administrator, database administrator) require training and certification to Information Assurance Technical Level 1, and must be trained and certified on the Operating System or Computing Environment they are required to maintain.
Access to sensitive IT systems is contingent upon a favorably adjudicated background investigation. When access to IT systems is required for performance of the contractor employee's duties, such employees shall in-process with the Navy Command's Security Manager and Information Assurance Manager upon arrival to the Navy command and shall out-process prior to their departure at the completion of the individual's performance under the contract. Completion and approval of a System Authorization Access Request Navy (SAAR-N) form is required for all individuals accessing Navy Information Technology resources. The decision to authorize access to a government IT system/network is inherently governmental. The contractor supervisor is not authorized to sign the SAAR-Ni therefore, the government employee with knowledge of the system/network access required or the COR shall sign the SAAR-N as the "supervisor".
The SAAR-N shall be forwarded to the Navy Command's Security Manager at least 30 days prior to the individual's start date. Failure to provide the required documentation at least 30 days prior to the individual's start date may result in delaying the individual's start date.
When required to maintain access to required IT systems or networks, the contractor shall ensure that all employees requiring access complete annual Information Assurance (IA) training, and maintain a current requisite background investigation. The Contractor's Security Representative shall contact the Command Security Manager for guidance when reinvestigations are required.
INTERIM ACCESS The Navy Command' s Security Manager may authorize issuance of a DoD CAC and interim access to a DoN or DoD unclassified computer/network upon a favorable review of the investigative questionnaire and advance favorable fingerprint results. When the results of the investigation are received and a favorable determination is not made, the contractor employee working on the contract under interim access will be denied access to the computer network and this denial will not relieve the contractor of his/her responsibility to perform.
DENIAL OR TERMINATION OF ACCESS The potential consequences of any requirement under this clause including denial or termination of physical or system access in no way relieves the contractor from the requirement to execute performance under the contract within the timeframes specified in the contract. Contractors shall plan ahead in processing their employees and subcontractor employees. The contractor shall insert this clause in all subcontracts when the subcontractor is permitted to have unclassified access to a federally controlled facility, federally-controlled information system/network and/or to government information, meaning information not authorized for public release.
CONTRACTOR'S SECURITY REPRESENTATIVE The contractor shall designate an employee to serve as the Contractor's Security Representative. Within three work days after contract award, the contractor shall provide to the requiring activity's Security Manager and the Contracting Officer, in writing, the name, title, address and phone number for the Contractor's Security Representative. The Contractor's Security Representative shall be the primary point of contact on any security matter. The Contractor's Security Representative shall not be replaced or removed without prior notice to the Contracting Officer and Command Security Manager.
BACKGROUND INVESTIGATION REQUIREMENTS AND SECURITY APPROVAL PROCESS FOR CONTRACTORS ASSIGNED TO NATIONAL SECURITY POSITIONS OR PERFORMING SENSITIVE DUTIES Navy security policy requires that all positions be given a sensitivity value based on level of risk factors to ensure appropriate protective measures are applied. Navy recognizes contractor employees under this contract as Non-Critical Sensitive [ADP/IT-II] when the contract scope of work require physical access to a federally controlled base, facility or activity and/or requiring access to a DoD computer/network, to perform unclassified sensitive duties. This designation is also applied to contractor employees who access Privacy Act and Protected Health Information (PHI), provide support associated with fiduciary duties, or perform duties that have been identified by DON as National Security Positions. At a minimum, each contractor employee must be a US citizen and have a favorably completed NACLC to obtain a favorable determination for assignment to a non-critical sensitive or IT-II position. The NACLC consists of a standard NAC and a FBI fingerprint check plus law enforcement checks and credit check. Each contractor employee filling a non-critical sensitive or IT-II position is required to complete:
* SF-86 Questionnaire for National Security Positions (or equivalent OPM investigative product) * Two FD-258 Applicant Fingerprint Cards (or an electronic fingerprint submission) * Original Signed Release Statements
Failure to provide the required documentation at least 30 days prior to the individual's start date shall result in delaying the individual's start date. Background investigations shall be reinitiated as required to ensure investigations remain current (not older than 10 years) throughout the contract performance period. The Contractor's Security Representative shall contact the Command Security Manager for guidance when reinvestigations are required.
Regardless of their duties or IT access requirements ALL contractor employees shall in-process with the Navy Command's Security Manager upon arrival to the Navy command and shall out-process prior to their departure at the completion of the individual's performance under the contract. Employees requiring IT access shall also check-in and check-out with the Navy Command's Information Assurance Manager. Completion and approval of a System Authorization Access Request Navy (SAAR-N) form is required for all individuals accessing Navy Information Technology resources. The SAAR-N shall be forwarded to the Navy Command's Security Manager at least 30 days prior to the individual's start date. Failure to provide the required documentation at least 30 days prior to the individual's start date shall result in delaying the individual's start date.
The contractor shall ensure that each contract employee requiring access to IT systems or networks complete annual Information Assurance (IA) training, and maintain a current requisite background investigation. Contractor employees shall accurately complete the required investigative forms prior to submission to the Navy Command Security Manager. The Navy Command's Security Manager will review the submitted documentation for completeness prior to submitting it to the Office of Personnel Management (OPM). Suitability/security issues identified by the Navy may render the contractor employee ineligible for the assignment. An unfavorable determination made by the Navy is final (subject to SF-86 appeal procedures) and such a determination does not relieve the contractor from meeting any contractual obligation under the contract. The Navy Command's Security Manager will forward the required forms to OPM for processing. Once the investigation is complete, the results will be forwarded by OPM to the DON Central Adjudication Facility (CAF) for a determination.
If the contractor employee already possesses a current favorably adjudicated investigation, the contractor shall submit a Visit Authorization Request (VAR) via the Joint Personnel Adjudication System (JPAS) or a hard copy VAR directly from the contractor's Security Representative. Although the contractor will take JPAS "Owning" role over the contractor employee, the Navy Command will take JPAS "Servicing" role over the contractor employee during the hiring process and for the duration of assignment under that contract. The contractor shall include the IT Position Category per SECNAV M-5510.30 for each employee designated on a VAR. The VAR requires annual renewal for the duration of the employee's performance under the contract.
BACKGROUND INVESTIGATION REQUIREMENTS AND SECURITY APPROVAL PROCESS FOR CONTRACTORS ASSIGNED TO OR PERFORMING NON-SENSITIVE DUTIES Contractor employee whose work is unclassified and non-sensitive (e.g., performing certain duties such as lawn maintenance, vendor services, etc ...) and who require physical access to publicly accessible areas to perform those duties shall meet the following minimum requirements:
* Must be either a US citizen or a US permanent resident with a minimum of 3 years legal residency in the United States (as required by The Deputy Secretary of Defense DTM 08-006 or its subsequent DoD instruction) and * Must have a favorably completed National Agency Check with Written Inquiries (NACI) including a FBI fingerprint check prior to installation access.
To be considered for a favorable trustworthiness determination, the Contractor's Security Representative must submit for all employees each of the following:
* SF-85 Questionnaire for Non-Sensitive Positions * Two FD-258 Applicant Fingerprint Cards (or an electronic fingerprint submission) * Original Signed Release Statements
The contractor shall ensure each individual employee has a current favorably completed National Agency Check with Written Inquiries (NACI) or ensure successful FBI fingerprint results have been gained and investigation has been processed with OPM.
Failure to provide the required documentation at least 30 days prior to the individual's start date may result in delaying the individual's start date.
* Consult with your Command Security Manager and Information Assurance Manager for local policy when IT-III (non-sensitive) access is required for non-US citizens outside the United States.
THE MINIMUM REQUIREMENTS ARE AS FOLLOWS:
Vendor to provide repair / maintenance of Midas Rex Surgery equipment manufactured by Medtronic as listed in Section B (details below). Selected vendor must be certified / an authorized agent of the Original Equipment Manufacturer (OEM). The Government reserves the right to verify relationship between the OEM and selected vendor prior to award and anytime during the period of performance.
Primary method of repair will be by "repair by exchange". At the vendor's discretion repairs may be performed on site or by a direct repair of equipment. In the event of Repair by Exchange, exchanged item must be of equal or greater commercial value and technical function. The Government (MOR Supply Manager) shall retain the right to determine whether replaced equipment is of equal or better value / technical function.
The items listed in Section B are the major components of the Midas Rex system. The vendor shall maintain the system in its entirety to include any motors, cables, foot controllers, consoles and up to 6 attachments. Pricing for the auxiliary items (cables, foot switches, attachments etc) are to be included within the cost of items listed in Section B.
Vendor's qualifications are to be complete and current. As a minimum selected vendor shall have minimum 5 years of experience maintaining Medtronic Midas Rex Equipment with a minimum of 2 years experience in the maintenance and repair of all items listed.
Vendor's price to be inclusive of all costs, including all parts, labor and transportation including Shipping (for "Repair by Exchange", the Government will pay outbound shipping; vendor to pay return shipping).
All items to be maintained by the OEM guidelines and the terms of this contract.
Vendor shall not be held responsible for repairs resulting from neglect or abuse. Any suspected abuse or neglect should be identified and reported prior to repair. Point of contact for additional work: NMCP Contracting Officer. No additional repairs (outside boundaries of completed award) are authorized.
All items covered by this contract shall be repaired by the selected vendor (and its agents). Vendor shall not be held responsible for correction of repairs made by the Government or any other unauthorized agent.
All replacement parts are to be new where possible; the use of rebuilt / remanufactured parts while acceptable shall be kept to a minimum. All replacement parts (to include remanufactured) must be certified as equal or better by the OEM. All repairs are to be completed by a repair facility that is OEM authorized / certified. The Government reserves the right to request proof of OEM Certification. No repair or supplied part will be allowed if it voids the original manufacturer's certification or voids any manufacturer's warranty. The intent of this requirement is to provide a timely repair of equipment damaged as a result of normal wear and tear. The vendor shall not be responsible for repairs or replacement of equipment which simply "updates" equipment.
All repairs shall be completed as soon as possible. The vendor is to make a "best effort" to complete all repairs within 3 business days of reported failure.
Vendor to warrant that all repairs have been accomplished using the most current OEM recommendations. Vendor to warrant all repairs for a minimum of 90 days. All repaired items shall be cleaned of industrial products (grease, oil, metal shavings "etc") prior to return to NMCP. In the event of Repair by Exchange selected vendor is to provide the Government of detailed description of returned items to include but not limited to include serial number and model numbers. At the time of this award the current inventory is as follows ( the Government shall reserve the right to update inventory of exchanged items only after a significant change has occurred (15% change or greater in inventory)):
Model Serial # Item Man ECN Acq1 NA 1210082 Handpiece Medtronic 2 EM200 06C0115 Handpiece Medtronic 121283 25-Feb-143 EM200 08J0075 Handpiece Medtronic 121284 25-Feb-144 EM200 10E0157 Handpiece Medtronic 121285 25-Feb-145 EM200 12D0282 Handpiece Medtronic 121286 25-Feb-146 EM200 12F0332 Handpiece Medtronic 121287 25-Feb-147 EM200 12G0419 Handpiece Medtronic 121288 25-Feb-148 EM200 13A0107 Handpiece Medtronic 121290 25-Feb-149 EM200 13L0207 Handpiece Medtronic 120647 21-Feb-1410 EM200 13L0208 Handpiece Medtronic 120646 21-Feb-1411 EM200 13L0279 Handpiece Medtronic 120653 24-Feb-1412 EM200 13L0280 Handpiece Medtronic 120654 24-Feb-1413 EM200 13L0281 Handpiece Medtronic 120655 24-Feb-1414 NA B9888 Handpiece Medtronic 15 PM100 P00457419 Handpiece Medtronic 107181 12-Mar-1016 NA P00810159 Handpiece Medtronic 17 EC300 51724 Console Medtronic 104311 5-Aug-0918 EC300 51863 Console Medtronic 104884 25-Sep-0919 EC300 72279 Console Medtronic 107415 3-May-1020 EC300 72280 Console Medtronic 107414 3-May-1021 466592 92929 Console Medtronic 092929 20-May-0322 466592 92930 Console Medtronic 092930 20-May-0323 466592 92931 Console Medtronic 092931 20-May-0324 NA AFC08917 Console Medtronic 25 NA L0085 Console Medtronic 26 EM200 12G0037 Handpiece Medtronic 27 EM200 13G0051 Handpiece Medtronic 28 EM200 09I0140 Handpiece Medtronic 29 EM200 1210009 Handpiece Medtronic
Section E - Inspection and Acceptance
INSPECTION AND ACCEPTANCE TERMS
Supplies/services will be inspected/accepted at:
CLIN INSPECT AT INSPECT BY ACCEPT AT ACCEPT BY 0001 Destination Government Destination Government 000101 N/A N/A N/A Government 000102 N/A N/A N/A Government 000103 N/A N/A N/A Government Section F - Deliveries or Performance
CLIN DELIVERY DATE QUANTITY SHIP TO ADDRESS DODAAC 0001 POP 01-OCT-2016 TO30-SEP-2017 N/A NAVAL MEDICAL CENTERBIOMEDICAL ENGINEERING54 LEWIS MINOR STREETBLDG. 250PORTSMOUTH VA 23708-2297757-953-5336FOB: Destination N00183 000101 N/A N/A N/A N/A 000102 N/A N/A N/A N/A 000103 N/A N/A N/A N/A
CLAUSES INCORPORATED BY REFERENCE
52.242-15 Stop-Work Order AUG 1989 Section G - Contract Administration Data
CLAUSES INCORPORATED BY FULL TEXT
252.232-7006 WIDE AREA WORKFLOW PAYMENT INSTRUCTIONS (JUN 2012)(a) Definitions. As used in this clause--"Department of Defense Activity Address Code (DoDAAC)" is a six position code that uniquely identifies a unit, activity, or organization."Document type" means the type of payment request or receiving report available for creation in Wide Area WorkFlow (WAWF)."Local processing office (LPO)" is the office responsible for payment certification when payment certification is done external to the entitlement system.(b) Electronic invoicing. The WAWF system is the method to electronically process vendor payment requests and receiving reports, as authorized by DFARS 252.232-7003, Electronic Submission of Payment Requests and Receiving Reports.(c) WAWF access. To access WAWF, the Contractor shall--(1) Have a designated electronic business point of contact in the Central Contractor Registration at https://www.acquisition.gov; and(2) Be registered to use WAWF at https://wawf.eb.mil/ following the step-by-step procedures for self-registration available at this Web site.(d) WAWF training. The Contractor should follow the training instructions of the WAWF Web-Based Training Course and use the Practice Training Site before submitting payment requests through WAWF. Both can be accessed by selecting the "Web Based Training" link on the WAWF home page at https://wawf.eb.mil/.(e) WAWF methods of document submission. Document submissions may be via Web entry, Electronic Data Interchange, or File Transfer Protocol.(f) WAWF payment instructions. The Contractor must use the following information when submitting payment requests and receiving reports in WAWF for this contract/order:(1) Document type. The Contractor shall use the following document type(s).
2 IN 1 SERVICES ONLY-----------------------------------------------------------------------(2) Inspection/acceptance location. The Contractor shall select the following inspection/acceptance location(s) in WAWF, as specified by the contracting officer.DESTINATION / DESTINATION-----------------------------------------------------------------------(3) Document routing. The Contractor shall use the information in the Routing Data Table below only to fill in applicable fields in WAWF when creating payment requests and receiving reports in thesystem.
Routing Data Table*Field Name in WAWF Data to be entered in WAWFPay Official DoDAAC HQ0248Issue By DoDAAC N00183Admin DoDAAC N00183Inspect By DoDAAC N/AShip To Code N/AShip From Code N/AMark For Code N/AService Approver (DoDAAC) N/AService Acceptor (DoDAAC) N00183Accept at Other DoDAAC N/ALPO DoDAAC N00183DCAA Auditor DoDAAC N/AOther DoDAAC(s) N/A
(4) Payment request and supporting documentation. The Contractor shall ensure a payment request includes appropriate contract line item and subline item descriptions of the work performed or supplies delivered, unit price/cost per unit, fee (if applicable), and all relevant back-up documentation, as defined in DFARS Appendix F, (e.g. timesheets) in support of each payment request.(5) WAWF email notifications. The Contractor shall enter the email address identified below in the "Send Additional Email Notifications" field of WAWF once a document is submitted in the system.
WAWF Acceptor/COR Email Address: firstname.lastname@example.org -----------------------------------------------------------------------
(g) WAWF point of contact.
(1) The Contractor may obtain clarification regarding invoicing in WAWF from the following contracting activity's WAWF point of email@example.com -----------------------------------------------------------------------
(2) For technical WAWF help, contact the WAWF helpdesk at 866-618-5988.(End of clause)
Section H - Special Contract Requirements
CLAUSES INCORPORATED BY FULL TEXT
NMCARS 5237.102-90 Enterprise-wide Contractor Manpower Reporting Application (ECMRA)The contractor shall report contractor labor hours (including subcontractor labor hours) required for performance of services provided under this contract for the [NAMED COMPONENT] via a secure data collection site. Contracted services excluded from reporting are based on Product Service Codes (PSCs). The excluded PSCs are:(1) W, Lease/Rental of Equipment; (2) X, Lease/Rental of Facilities; (3) Y, Construction of Structures and Facilities; (4) S, Utilities ONLY; (5) V, Freight and Shipping ONLY. The contractor is required to completely fill in all required data fields using the following web address https://doncmra.nmci.navy.mil. Reporting inputs will be for the labor executed during the period of performance during each Government fiscal year (FY), which runs October 1 through September 30. While inputs may be reported any time during the FY, all data shall be reported no later than October 31 of each calendar year. Contractors may direct questions to the help desk, linked at https://doncmra.nmci.navy.mil.(End of Text)
PRIVACY AND SECURITY OF PROTECTED HEALTH INFORMATION
In accordance with DoD 6025.18-R "Department of Defense Health Information Privacy Regulation," January 24, 2003, the Contractor meets the definition of Business Associate. Therefore, a Business Associate Agreement is required to comply with both the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security regulations. This clause serves as that agreement whereby the Business Associate agrees to abide by all applicable HIPAA Privacy and Security requirements regarding health information as defined in this clause, and in DoD 6025.18-R and DoD 8580.02, as amended. Additional requirements will be addressed when implemented.
a. Definitions. As used in this clause generally refer to the Code of Federal Regulations (CFR) definition unless a more specific provision exists in DoD 6025.18-R or DoD 8580.02.
(1) HITECH Act shall mean the Health Information Technology for Economic and Clinical Health Act included in the American Recovery and Reinvestment Act of 2009.
(2) Individual has the same meaning as the term "individual" in 45 CFR 160.103 and shall include a person who qualifies as a personal representative in accordance with 45 CFR 164.502(g).
(3) Privacy Rule means the Standards for Privacy of Individually Identifiable Health Information at 45 CFR part 160 and part 164, subparts A and E.
(4) Protected Health Information has the same meaning as the term "protected health information" in 45 CFR 160.103, limited to the information created or received by the Business Associate from or on behalf of the Government pursuant to the Contract.
(5) Electronic Protected Health Information has the same meaning as the term "electronic protected health information" in 45 CFR 160.103.
(6) Required by Law has the same meaning as the term "required by law" in 45 CFR 164.103.
(7) Secretary means the Secretary of the Department of Health and Human Services or his/her designee.
(8) Security Incident will have the same meaning as the term "security incident" in 45 CFR 164.304, limited to the information created or received by Business Associate from or on behalf of Covered Entity.
(9) Security Rule means the Health Insurance Reform: Security Standards at 45 CFR part 160, 162 and part 164, subpart C.
(10) Terms used, but not otherwise defined, in this Clause shall have the same meaning as those terms in 45 CFR 160.103, 160.502, 164.103, 164.304, and 164.501.
b. The Business Associate shall not use or further disclose Protected Health Information other than as permitted or required by the Contract or as Required by Law.
c. The Business Associate shall use appropriate safeguards to maintain the privacy of the Protected Health Information and to prevent use or disclosure of the Protected Health Information other than as provided for by this Contract.
d. The HIPAA Security administrative, physical, and technical safeguards in 45 CFR 164.308, 164.310, and 164.312, and the requirements for policies and procedures and documentation in 45 CFR 164.316 shall apply to Business Associate. The additional requirements of Title XIII of the HITECH Act that relate to the security and that are made applicable with respect to covered entities shall also be applicable to Business Associate. The Business Associate agrees to use administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the electronic protected health information that it creates, receives, maintains, or transmits in the execution of this Contract.
e. The Business Associate shall, at their own expense, take action to mitigate, to the extent practicable, any harmful effect that is known to the Business Associate of a use or disclosure of Protected Health Information by the Business Associate in violation of the requirements of this Clause. These mitigation actions will include as a minimum those listed in the TMA Breach Notification Standard Operating Procedure (SOP), which is available at: http://www.tricare.mil/tmaprivacy/breach.cfm
f. The Business Associate shall report to the Government any security incident involving protected health information of which it becomes aware.
g. The Business Associate shall report to the Government any use or disclosure of the Protected Health Information not provided for by this Contract of which the Business Associate becomes aware.
h. The Business Associate shall ensure that any agent, including a sub Business Associate, to whom it provides Protected Health Information received from, or created or received by the Business Associate, on behalf of the Government, agrees to the same restrictions and conditions that apply through this Contract to the Business Associate with respect to such information.
i. The Business Associate shall ensure that any agent, including a subBusiness Associate, to whom it provides electronic Protected Health Information, agrees to implement reasonable and appropriate safeguards to protect it.
j. The Business Associate shall provide access, at the request of the Government, and in the time and manner reasonably designated by the Government to Protected Health Information in a Designated Record Set, to the Government or, as directed by the Government, to an Individual in order to meet the requirements under 45 CFR 164.524.
k. The Business Associate shall make any amendment(s) to Protected HealthInformation in a Designated Record Set that the Government directs or agrees to pursuant to 45 CFR 164.526 at the request of the Government, and in the time and manner reasonably designated by the Government.
l. The Business Associate shall make internal practices, books, and records relating to the use and disclosure of Protected Health Information received from, or created or received by the Business Associate, on behalf of the Government, available to the Government, or at the request of the Government to the Secretary, in a time and manner reasonably designated by the Government or the Secretary, for purposes of the Secretary determining the Government's compliance with the Privacy Rule.
m. The Business Associate shall document such disclosures of Protected Health Information and information related to such disclosures as would be required for the Government to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR 164.528.
n. The Business Associate shall provide to the Government or an Individual, in time and manner reasonably designated by the Government, information collected in accordance with this Clause of the Contract, to permit the Government to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR 164.528.
2. General Use and Disclosure Provisions
Except as otherwise limited in this Clause, the Business Associate may use or disclose Protected Health Information on behalf of, or to provide services to, the Government for treatment, payment, or healthcare operations purposes, in accordance with the specific use and disclosure provisions below, if such use or disclosure of Protected Health Information would not violate the HIPAA Privacy Rule, the HIPAA Security Rule, DoD 6025.18-R or DoD 8580.02 if done by the Government. The additional requirements of Title XIII of the HITECH Act that relate to privacy and that are made applicable with respect to covered entities shall also be applicable to Business Associate.
3. Specific Use and Disclosure Provisions
a. Except as otherwise limited in this Clause, the Business Associate may use Protected Health Information for the proper management and administration of the Business Associate or to carry out the legal responsibilities of the Business Associate.b. Except as otherwise limited in this Clause, the Business Associate may disclose Protected Health Information for the proper management and administration of the Business Associate, provided that disclosures are required by law, or the Business Associate obtains reasonable assurances from the person to whom the information is disclosed that it will remain confidential and used or further disclosed only as required by law or for the purpose for which it was disclosed to the person, and the person notifies the Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.
c. Except as otherwise limited in this Clause, the Business Associate may use Protected Health Information to provide Data Aggregation services to the Government as permitted by 45 CFR 164.504(e)(2)(i)(B).
d. Business Associate may use Protected Health Information to report violations of law to appropriate Federal and State authorities, consistent with 45 CFR 164.502(j)(1).
4. Obligations of the Government
Provisions for the Government to Inform the Business Associate of Privacy Practices and Restrictions
a. The Government shall provide the Business Associate with the notice of privacy practices that the Government produces in accordance with 45 CFR 164.520.
b. The Government shall provide the Business Associate with any changes in, or revocation of, permission by Individual to use or disclose Protected HealthInformation, if such changes affect the Business Associate's permitted or required uses and disclosures.
c. The Government shall notify the Business Associate of any restriction to the use or disclosure of Protected Health Information that the Government has agreed to in accordance with 45 CFR 164.522.
5. Permissible Requests by the Government
The Government shall not request the Business Associate to use or discloseProtected Health Information in any manner that would not be permissible under the HIPAA Privacy Rule, the HIPAA Security Rule, or any applicable Government regulations (including without limitation, DoD 6025.18-R and DoD 8580.02) if done by the Government, except for providing Data Aggregation services to the Government and for management and administrative activities of the Business Associate as otherwise permitted by this clause.
a. Termination. A breach by the Business Associate of this clause, may subject the Business Associate to termination under any applicable default or termination provision of this Contract.
b. Effect of Termination.
(1) If this contract has records management requirements, the records subject to the Clause should be handled in accordance with the records management requirements. If this contract does not have records management requirements, the records should be handled in accordance with paragraphs (2) and (3) below
(2) If this contract does not have records management requirements, except as provided in paragraph (3) of this section, upon termination of this Contract, for any reason, the Business Associate shall return or destroy all Protected Health Information received from the Government, or created or received by the Business Associate on behalf of the Government. This provision shall apply to Protected Health Information that agents of the Business Associate may come in contact. The Business Associate shall retain no copies of the Protected Health Information.
(3) If this contract does not have records management provisions and the Business Associate determines that returning or destroying the Protected Health Information is infeasible, the Business Associate shall provide to the Government notification of the conditions that make return or destruction infeasible. Upon mutual agreement of the Government and the Business Associate that return or destruction of Protected Health Information is infeasible, the Business Associate shall extend the protections of this Contract to such Protected Health Information and limit further uses and disclosures of such Protected Health Information to those purposes that make the return or destruction infeasible, for so long as the Business Associate maintains such Protected Health Information.
a. Regulatory References. A reference in this Clause to a section in DoD 6025.18-R, DoD 8580.02, Privacy Rule or Security Rule means the section currently in effect or as amended, and for which compliance is required. b. Survival. The respective rights and obligations of Business Associate under the "Effect of Termination" provision of this Clause shall survive the termination of this Contract.
c. Interpretation. Any ambiguity in this Clause shall be resolved in favor of a meaning that permits the Government to comply with DoD 6025.18-R, DoD 8580.02, the HIPAA Privacy Rule or the HIPAA Security Rule.Section I - Contract Clauses
CLAUSES INCORPORATED BY REFERENCE
52.203-3 Gratuities APR 1984 52.204-7 System for Award Management JUL 2013 52.204-13 System for Award Management Maintenance JUL 2013 52.209-10 Prohibition on Contracting With Inverted Domestic Corporations NOV 2015 52.212-5 Contract Terms and Conditions Required to Implement Statutes or Executive Orders--Commercial Items JUN 2016 52.222-50 Combating Trafficking in Persons MAR 2015 52.223-18 Encouraging Contractor Policies To Ban Text Messaging While Driving AUG 2011 52.232-1 Payments APR 1984 52.232-8 Discounts For Prompt Payment FEB 2002 52.232-23 Alt I Assignment of Claims (May 2014) - Alternate I APR 1984 52.233-3 Protest After Award AUG 1996 52.237-2 Protection Of Government Buildings, Equipment, And Vegetation APR 1984 52.237-3 Continuity Of Services JAN 1991 52.243-1 Changes--Fixed Price AUG 1987 52.249-1 Termination For Convenience Of The Government (Fixed Price) (Short Form) APR 1984 52.249-8 Default (Fixed-Price Supply & Service) APR 1984 252.203-7000 Requirements Relating to Compensation of Former DoD Officials SEP 2011 252.203-7002 Requirement to Inform Employees of Whistleblower Rights SEP 2013 252.204-7003 Control Of Government Personnel Work Product APR 1992 252.204-7012 Safeguarding Covered Defense Information and Cyber Incident Reporting. DEC 2015 252.211-7003 Item Unique Identification and Valuation MAR 2016 252.211-7008 Use of Government-Assigned Serial Numbers SEP 2010 252.225-7048 Export-Controlled Items JUN 2013 252.232-7003 Electronic Submission of Payment Requests and Receiving Reports JUN 2012 252.239-7001 Information Assurance Contractor Training and Certification JAN 2008 252.243-7001 Pricing Of Contract Modifications DEC 1991
CLAUSES INCORPORATED BY FULL TEXT
52.204-19 INCORPORATION BY REFERENCE OF REPRESENTATIONS AND CERTIFICATIONS (DEC 2014)
The Contractor's representations and certifications, including those completed electronically via the System for Award Management (SAM), are incorporated by reference into the contract.
(End of clause)
52.219-6 NOTICE OF TOTAL SMALL BUSINESS SET-ASIDE (NOV 2011)
"Small business concern," as used in this clause, means a concern, including its affiliates, that is independently owned and operated, not dominant in the field of operation in which it is bidding on Government contracts, and qualified as a small business under the size standards in this solicitation.
(b) Applicability. This clause applies only to--(1) Contracts that have been totally set aside or reserved for small business concerns; and(2) Orders set aside for small business concerns under multiple-award contracts as described in 8.405-5 and 16.505(b)(2)(i)(F).
(c) General. (1) Offers are solicited only from small business concerns. Offers received from concerns that are not small business concerns shall be considered nonresponsive and will be rejected.
(2) Any award resulting from this solicitation will be made to a small business concern.
(d) Agreement. A small business concern submitting an offer in its own name shall furnish, in performing the contract, only end items manufactured or produced by small business concerns in the United States or its outlying areas. If this procurement is processed under simplified acquisition procedures and the total amount of this contract does not exceed $25,000, a small business concern may furnish the product of any domestic firm. This paragraph does not apply to construction or service contracts.
(End of clause)
52.232-18 AVAILABILITY OF FUNDS (APR 1984)
Funds are not presently available for this contract. The Government's obligation under this contract is contingent upon the availability of appropriated funds from which payment for contract purposes can be made. No legal liability on the part of the Government for any payment may arise until funds are made available to the Contracting Officer for this contract and until the Contractor receives notice of such availability, to be confirmed in writing by the Contracting Officer.
(End of clause)
52.232-39 UNENFORCEABILITY OF UNAUTHORIZED OBLIGATIONS (JUN 2013)
(a) Except as stated in paragraph (b) of this clause, when any supply or service acquired under this contract is subject to any End User License Agreement (EULA), Terms of Service (TOS), or similar legal instrument or agreement, that includes any clause requiring the Government to indemnify the Contractor or any person or entity for damages, costs, fees, or any other loss or liability that would create an Anti-Deficiency Act violation (31 U.S.C. 1341), the following shall govern:
(1) Any such clause is unenforceable against the Government.
(2) Neither the Government nor any Government authorized end user shall be deemed to have agreed to such clause by virtue of it appearing in the EULA, TOS, or similar legal instrument or agreement. If the EULA, TOS, or similar legal instrument or agreement is invoked through an ``I agree'' click box or other comparable mechanism (e.g., ``click-wrap'' or ``browse-wrap'' agreements), execution does not bind the Government or any Government authorized end user to such clause.
(3) Any such clause is deemed to be stricken from the EULA, TOS, or similar legal instrument or agreement.
(b) Paragraph (a) of this clause does not apply to indemnification by the Government that is expressly authorized by statute and specifically authorized under applicable agency regulations and procedures.
(End of clause)
52.243-1 CHANGES--FIXED-PRICE (AUG 1987) - ALTERNATE I (APR 1984)
(a) The Contracting Officer may at any time, by written order, and without notice to the sureties, if any, make changes within the general scope of this contract in any one or more of the following:
(1) Description of services to be performed.
(2) Time of performance (i.e., hours of the day, days of the week, etc.).
(3) Place of performance of the services.
(b) If any such change causes an increase or decrease in the cost of, or the time required for, performance of any part of the work under this contract, whether or not changed by the order, the Contracting Officer shall make an equitable adjustment in the contract price, the delivery schedule, or both, and shall modify the contract.
(c) The Contractor must assert its right to an adjustment under this clause within 30 days from the date of receipt of the written order. However, if the Contracting Officer decides that the facts justify it, the Contracting Officer may receive and act upon a proposal submitted before final payment of the contract.
(d) If the Contractor's proposal includes the cost of property made obsolete or excess by the change, the Contracting Officer shall have the right to prescribe the manner of the disposition of the property.
(e) Failure to agree to any adjustment shall be a dispute under the Disputes clause. However, nothing in this clause shall excuse the Contractor from proceeding with the contract as changed.
(End of clause)
52.252-2 CLAUSES INCORPORATED BY REFERENCE (FEB 1998)
This contract incorporates one or more clauses by reference, with the same force and effect as if they were given in full text. Upon request, the Contracting Officer will make their full text available. Also, the full text of a clause may be accessed electronically at this/these address(es):
FAR Clauses http://acquisition.gov/comp/far/index.htm
DFAR Clauses http://www.acq.osd.mil/dpap/dars/dfars/index.htm
(End of clause)
252.203-7999 PROHIBITION ON CONTRACTING WITH ENTITIES THAT REQUIRE CERTAIN INTERNAL CONFIDENTIALITY AGREEMENTS (DEVIATION 2015-O0010)(FEB 2015) (a) The Contractor shall not require employees or subcontractors seeking to report fraud, waste, or abuse to sign or comply with internal confidentiality agreements or statements prohibiting or otherwise restricting such employees or contactors from lawfully reporting such waste, fraud, or abuse to a designated investigative or law enforcement representative of a Federal department or agency authorized to receive such information.(b) The Contractor shall notify employees that the prohibitions and restrictions of any internal confidentiality agreements covered by this clause are no longer in effect. (c) The prohibition in paragraph (a) of this clause does not contravene requirements applicable to Standard Form 312, Form 4414, or any other form issued by a Federal department or agency governing the nondisclosure of classified information. (d)(1) In accordance with section 743 of Division E, Title VIII, of the Consolidated and Further Continuing Resolution Appropriations Act, 2015, (Pub. L. 113-235), use of funds appropriated (or otherwise made available) under that or any other Act may be prohibited, if the Government determines that the Contractor is not in compliance with the provisions of this clause. (2) The Government may seek any available remedies in the event the Contractor fails to perform in accordance with the terms and conditions of the contract as a result of Government action under this clause.