Docstoc

COUNTY OF SANTA CLARA_ CALIFORNIA

Document Sample
COUNTY OF SANTA CLARA_ CALIFORNIA Powered By Docstoc
					      COUNTY OF SAN MATEO, CALIFORNIA




           REQUEST FOR PROPOSAL

CORE CLINICAL HEALTH INFORMATION SYSTEM/
  INPATIENT ELECTRONIC HEALTH RECORD


            RFP # ISD 1805

        Proposals must be submitted to:


              San Mateo County
       Information Services Department
      Cyndy Chin, Administrative Assistant
              222 W. 39th Avenue
          San Mateo, California 94403


               By 2:00 P.M. PST
               February 4, 2011
This Page Intentionally Blank




          Page 2 of 82
                           REQUEST FOR PROPOSALS
                                    FOR
        CORE CLINICAL HEALTH INFORMATION SYSTEM/
          INPATIENT ELECTRONIC HEALTH RECORD
Condition of Submission

This Request for Proposals (RFP) is neither a commitment nor a contract of any kind.
The County of San Mateo reserves the right to pursue any and/or all ideas generated by
this request. The costs for developing the proposals are entirely the responsibility of the
proposers and shall not be reimbursed. The County reserves the right to reject any and
all proposals and/or terminate the RFP process if deemed in the best interest of the
County. The County reserves the right to waive any requirements of this RFP when it
determines that waiving a requirement is in the best interest of the County.

Government Code Sections 6550 et. seq., the “Public Record Act,” defines a public
record as any writing containing information relating to the conduct of the public
business. The Public Record Act provides that public records shall be disclosed upon
written request, and that any citizen has a right to inspect any public record, unless the
document is exempted from disclosure.

The County of San Mateo cannot represent or guarantee that any information submitted
in response to this RFP will be confidential. If the County receives a request for any
document submitted in response to this request, it will not assert any privileges that may
exist on behalf of the person or business entity submitting the proposal. It is the
responsibility of the person or business entity submitting the proposal to assert any
applicable privileges or reasons why the document should not be produced. The
County will attempt in a timely manner to inform the person or business entity that
submitted a proposal of the public records request in order to permit the person or
business entity to assert any applicable privileges.




                                        Page 3 of 82
                                      Contents
       1.   Purpose of the Request for Proposal
       2.   Timeline
       3.   General Conditions of Submission
       4.   Proposal Contents
       5.   Service Capabilities
       6.   Proposal Submission
       7.   Evaluation of Proposals
       8.   Protest Process
       9.   Contract Negotiation and Inability to Negotiate a Contract
    Attachment: Sample County Contract Template, Supporting Materials &
           Contractor Declaration



APPENDICES

      Appendix A1 through Appendix F are required to be submitted with the
                      proposal.

APPENDIX A1          TECHNICAL REQUIREMENTS RESPONSE FORM FOR
                     CLIENT SERVER SOLUTION
APPENDIX A2          TECHNICAL REQUIREMENTS RESPONSE FORM FOR A
                     SaaS SOLUTION
APPENDIX B           FUNCTIONALITY AND INTEGRATION RESPONSE FORM
APPENDIX C1          IMPLEMENTATION, PROJECT MANAGEMENT, TRAINING,
                     AND ON-GOING SUPPORT FOR A CLIENT SERVER
                     SOLUTION
APPENDIX C2          IMPLEMENTATION, PROJECT MANAGEMENT, TRAINING,
                     AND ON-GOING SUPPORT FOR A SaaS SOLUTION
APPENDIX D           PROPOSAL COST RESPONSE FORM (Excel Spreadsheet)
APPENDIX E            SaaS/ASP SECURITY ASSESSMENT CHECKLIST
APPENDIX F            FUNCTIONAL REQUIREMENTS (Excel Spreadsheet)

Exhibit 1            CURRENT INTERFACE LIST




                                       Page 4 of 82
1. Purpose of the Request for Proposal


                                     INTRODUCTION

San Mateo Medical Center (SMMC) is requesting proposals from qualified suppliers to
provide, install, implement, support and maintain a software solution for a Core Health
Clinical Information System for inpatient care to achieve Meaningful Use of Certified
Electronic Health Record (EHR) Technology and manage and support the delivery of
efficient, cost-effective, and high quality healthcare within the organization.

We are also querying vendors who respond to this RFP regarding their ability to
integrate the various existing systems outlined in this RFP into an integrated EHR
package that will provide continuity of care for our patients across the entire enterprise.

This document provides background on the SMMC organization, vendor selection
process, SMMC’s functional and technical requirements, and other pertinent
information.

       Additional requirements of the software include:

             Must be HIPAA compliant.
             Must have secure web based access.
             Must generate reports required for state and payor requirements.
             Must generate letters to the referring provider/agency as well as other
              notification tools to complete the transfer process.
             Must facilitate compliance by SMMC of all applicable laws and regulations.
             At the time of implementation, must be certified under the Office of the
              National Coordinator for Health IT rules for Meaningful Use.

SMMC will consider an on-site client server solution or a Software as a Service (SaaS)
solution. However, the proposed solution must be a proven base system. SMMC is not
interested in beta systems or purchasing professional services to design and develop a
system. The integrated solution must meet the technical, support, service, and
business requirements as defined in this RFP.

This project will be under the direction of the SMMC Executive Leadership Group and
SMMC Information Technology Governance Committee and it will be coordinated
through the Core Clinical Health RFP Evaluation Committee.

1.2 Service Providers

The County welcomes proposals from all qualified service providers. The County may,
at its sole discretion, enter into contract with one or more qualified service providers.

1.3 Contact with County Employees
                                         Page 5 of 82
As of the issuance date of this RFP and continuing until the final date for submission of
proposals, all proposers are specifically directed not to hold meetings, conferences or
technical discussions with any County employee for purposes of responding to this
RFP except as otherwise permitted by this RFP. Any proposer found to be acting in
any way contrary to this directive may result in the proposer being disqualified from
entering into any contract that may result from this RFP.

Proposers should submit questions or concerns about the process as outlined in
Paragraph 2.1. The proposer should not otherwise ask any County employees
questions about the RFP or related issues, either orally or by written communication.


1.4 Background

San Mateo Medical Center


      SMMC is a fully accredited 448 bed acute and long-term care hospital and outlying clinic
      system owned and operated by the County of San Mateo. The system has grown over
      the years and today provides inpatient and outpatient care to the communities within
      San Mateo County in Northern California.

      SMMC employs its own physicians and is recognized as providing services which
      include acute inpatient care, long-term care facility and services, Psychiatric Emergency
      Service, inpatient psychiatric services and operation of a comprehensive medical
      emergency room. Inpatient services include medical/surgical care as well as specialized
      services such as psychiatry and therapies such as recreational services for Long Term
      Care patients. Although we see OB patients in our clinics, SMMC does not have a
      Labor and Delivery service. In addition, although we do serve pediatric patients, we do
      not have a dedicated pediatric unit; the great majority of our inpatients are adult.

      Inpatient units at the Main campus include two Medical/Surgical units totaling 62 beds, a
      7-bed ICU and a 34 bed inpatient psychiatric unit. The other 345 beds are for long-term
      care patients, 64 beds in 2 units on the main campus and 281 beds at the Burlingame
      facility; at this time one of the long-term care units at the main campus is closed.
      Proposals should include information about data for all types of beds including the long-
      term care beds, especially around documentation systems and integration of that data
      within a comprehensive patient record.

      Outpatient services include both primary care and specialty clinics located at SMMC and
      at satellite facilities throughout the county.

      Further information about SMMC can be obtained at their website:
      www.sanmateomedicalcenter.org


SMMC Information Services Department


      San Mateo Medical Center IT Vision

      The SMMC Information Technology vision is a paperless/paper-lite, automated,
      integrated delivery system that traverses the continuum of care. The goal is to leverage
      systems and technology to improve patient care, physician and employee satisfaction
                                         Page 6 of 82
and patient safety and to support effective revenue management to create a distinct
competitive advantage.

Specifically SMMC seeks to deploy Information Technology tools to:

      Advance patient safety and quality of care
      Improve coordination of care across the continuum
      Enhance patient, family and staff satisfaction
      Improve the delivery of timely, efficient and cost-effective care
      Optimize “Revenue Cycle” processes
      Enhance evidence-based clinical and administrative decision making
      Ensure compliance with all regulatory and accreditation standards


Two key drivers will play a major role in the sequencing and timing of the deployment of
Information Technology tools/solutions to achieve these goals:

      Both the clinic system and the SMMC Emergency Department (ED) are currently
       using EHR technology; eClinicalWorks is being used by all primary and specialty
       care clinics and Pulsecheck from Picis is the ED system. Data from all systems
       must be available to all providers across the Health system.

      The ability to meet the ARRA (Americans Recovery and Reinvestment Act)
       Meaningful Use criteria in order to maximize the incentive award is critical to the
       funding of this initiative and must be considered in the planned scope and
       approach of the implementation.



SMMC Information Services

Information systems and technology for SMMC is centralized in the County’s Information
Services Department (ISD), which is responsible for all systems, planning, development
and support. Business units comprising ISD are:

      Application Services – provides a comprehensive array of services
                 o Strategy
                 o Solutions
                 o Sourcing
                 o Support

      Technical Services
                 o Data Center Operations
                 o Operations
                 o Customer Service
                 o Field Support




                                    Page 7 of 82
           Technical Environment


   Technical Standards – Intel Platform

   SERVER
Operating system                      Windows Server 2003-2008/Windows Active Directory
                                      Intel Dual Core 3.0 GHZ – 2MB cache, fiber/GBE NIC
Hardware                              (redundant), Integration to an EMC Clarion SAN is via fiber
                                      connectivity.

Backup                                CommVault and/or Tivoli Storage Manager
Server redundancy/cluster             Depends on application
Disk array                            Typically RAID 5

   DESKTOP/LAPTOP HARDWARE
Mid-level PC with 17” monitor         Dell Optiplex Ultra small form factor PC
Monitor settings                      1024 x 768/ high color
Laptop                                Dell models

    DESKTOP/LAPTOP SOFTWARE
Operating System                      Windows XP with Service Pack 2/3
Office applications                   Microsoft Office 2003 Professional, SP2
Email                                 Novell Groupwise
Terminal emulation                    Attachmate
PDF reader                            Adobe Acrobat Reader 7.0
Desktop database                      Microsoft Access 2003
Internet browser                      Microsoft Internet Explorer 6.0/7.0
Antivirus                             McAfee
Java                                  Java Version 1.4.x
Encryption – Laptop Only              Guardian Edge

   PRINTERS
                                      HP LaserJet – Group - Mid-range printer is 4250TN
Laser                                 HP LaserJet – MFP is HP 4345TN
                                      HP LaserJet – standalone is HP2105D
Impact                                Not supported
Label                                 Zebra with network connectivity
Network interface                     HP- Internal Jet Direct


   Technical Standards – Proprietary Platform (Midrange)

   SERVER
Operating system                      AIX , OS400, Sun Solaris
                                      64bit processor, connectivity to SAN a must, dual NIC,
Hardware                              redundant power supply. Manufacturer configuration approval
                                      required.
Backup                                Internal for OS, integration into enterprise backup required.
                                          Page 8 of 82
                                        SMMC ISD uses CommVault and Tivoli Storage Manager.
Server redundancy                       Depends on application
Disk array                              Depends on application
Virtualization                          Supported based on application

   COMMUNICATION
Protocol                                TCP/IP
Topology                                Ethernet
Routers/ switches                       Cisco
Bandwidth – network                     Gigabit (sx/lx)
Bandwidth – to the desktop              10/100 MB/ second
Backbone                                Fiber optic
Cable to the desktop                    Category 5e UTP with RJ45 connections


   REMOTE AUTHENTICATION/SUPPORT
Cisco VPN/SSL

  UPS
Must specify requirements from manufacturer. Computer room has UPS.

   There are two data centers available, one at the Medical Center and the other at the County
   Center in Redwood City. Both support virtualization and are connected through a robust WAN.
   County clinics are networked via the AT&T Opteman solution.

   There is a wireless network in place supported by Cisco hardware; standard is 802.1x.


   2. Timeline
   The following timeline will be followed for this RFP

       1) Release of RFP                               Mon         12-20-10
       2) Deadline for written questions               Wed         1-12-11 2PM PST
       3) Answers to written questions                 Thurs       1-20-11
       4) Proposal Due Date                            Fri          2-4-11 2PM PST
       5) Start Review of Proposals                    Mon          2-7-11
       6) Recommendation to ISD Director               Fri          3-4-11
       7) Last Date to Submit Protest                  Fri          3-18-11 2PM PST
       8) Determination of Protest                     Mon          3-28-11
       9) Board Approval                               To Be Determined
       10) Contract Start Date                         To Be Determined




                                             Page 9 of 82
2.1 Submittal of Questions

Proposers are encouraged to submit written questions about this RFP. Questions are
to be received at the County by 2PM, PST on Wed, Jan 12, 2011. Questions shall
reference this RFP by number and be in writing and faxed or emailed to:

      Cyndy Chin, Administrative Assistant
      Email: CChin@co.sanmateo.ca.us
      FAX: 650-627-9160

Answers to questions will be distributed by fax or email no later than Thurs, Jan. 20,
2011, to all who receive a copy of this RFP.



3. General Conditions of Submission

The submitted proposal shall be used to determine the proposer’s capability of
rendering the services to be provided. The failure of a proposer to fully comply with the
instructions in this RFP may eliminate its proposal from further evaluation. The County
reserves the sole right to evaluate the contents of proposals submitted in response to
this RFP and to select one or more successful contractor(s) or none at all. The County
reserves the right to waive any requirements of this RFP when it determines that
waiving a requirement is in the best interest of the County. The proposal is to include
contact information, including principle contacts and officers, main and local business
addresses, tax identification number, voice and fax phone numbers, and email address.
The selected proposal’s content will be included as an exhibit in the final contract.

4. Proposal Contents



4.1 Service Requirements


Project Application Scope and Description

   The primary objective of this project is to identify an integrated clinical information system
   solution from a single vendor of choice to support the delivery of inpatient care at SMMC.


   Consideration will also be given to the comprehensive scope of applications within a
   vendor’s offerings to allow SMMC to move towards a fully integrated Hospital
   Information/Clinical Information (HIS/CIS) environment in the future. Integration of the
   various EHR “pieces” is critical to having a user-friendly solution; this is a key piece of the
   proposal.


   SMMC is requesting proposals for an integrated solution that supports the following specific
   applications/functional areas:


                                       Page 10 Applications/Functionality
                  Hospital-based Core Clinical of 82
           Provider Order Entry (CPOE) for all services
           Clinical Decision Support (CDS)
           Nursing and Ancillary Clinical Documentation (assessment, care plans)
           Multidisciplinary Clinical Documentation (care providers including MDs)
           Intensive Care Services (ICU)
           Peri-Operative services Documentation
           Pharmacy / Medication Management
           Infusion Center Management (Chemotherapy only, no Radiation
            Therapy)
           Telemetry and Patient Monitor Integration
                    Additional Support Applications/Functionality
           Enterprise Document Management System (EDMS)
           Reporting Tools



                              Possible Future Applications
           Referral Management System
           Affiliated Physician Portal
           Patient Portal
           Personal Health Record


SMMC’s patient mix is broad and will require functionality that supports multiple care
delivery settings including inpatient acute and critical care for adults and children, inpatient
and outpatient surgery, long-term care, inpatient psychiatric care as well as support for
respiratory therapy, rehabilitation and pharmacy services.

SMMC is committed to selecting an information system that supports the development of
evidence based care and promotes and tracks quality outcomes. To that end, this RFP
contains requirements that support the building of an infrastructure to support improvement
in core measures and other quality indicators, such as The Joint Commission Patient Safety
goals and IHI quality indicators.


Lastly, the goal of achieving a paperless/paper-lite patient chart environment must be
supported through a complementary document management/imaging solution. It is also
SMMC’s intention to utilize the Document Management solution on an enterprise-wide basis
beyond the integration with patient-centric clinical systems. Initially this will include the
Patient Registration and Patient Business Services (PBS) departments and expand beyond
that as opportunities arise.


Various clinical systems will remain unchanged within the SMMC organization and
integration with these must be addressed to ensure a comprehensive view of a patient’s
care delivery. The clinical systems that will remain in place and require integration with your
proposed solution include (at a minimum):
          Picis Emergency Department Information System (Pulsecheck)
          Siemens Novius Laboratory Information System
          Siemens Radiology Information System
          eClinicalWorks Ambulatory EMR
                                        Page 11 of 82
   There are several in-place systems that may be evaluated for replacement as part of this
      proposal:
       ResQ: Resource and OR scheduling
       Quadramed: Acuity
       Dietary on-line: Food and nutrition orders are not done through Invision but through
          an on-line program developed in-house
       Restraints: Restraint protocols are managed through an in-house developed
          program
       Siemens Pharmacy Information System (inpatient) –SMMC would prefer to keep this
          system in place; however, because CPOE and Medication Administration and
          Reconciliation are very dependent upon the inpatient Pharmacy, there might be a
          need to replace it.

   Other systems which will be key to a full patient record include Softmed in the Health
   Information Management (HIM) department and Achieve, used in the Long Term care units.

   The implementation will also require integration of your proposed clinical solution with the
   following revenue cycle incumbent solutions at SMMC (a current list of interfaced systems
   and applications can be found in Exhibit 1):
             eClinicalWorks—enterprise patient scheduling
             Invision – Patient Management and Patient Accounting
             SoftMed – HIM

   In addition, the integration of other EHR systems throughout the San Mateo County Health
   system must be considered. The need of all providers across the Health System to share
   data in order to improve patient care is great. At this time, the primary system is an Avatar
   (Netsmart) EHR system currently in place in the Behavioral Health division and soon to be
   implemented within Family Health.


   Based on an accepted proposal, there may also be requirements for data conversions or
   additional interfaces to/ from various existing systems. This will be discussed further after
   proposal review.


   SMMC ASSUMPTIONS
   The system will include the following components:

             Production, Test and Training Environments
             User Training
             Integration with existing clinical systems


Planning and Volume Statistics
   The data below represents the key clinical and business statistics for SMMC. This
   information is intended to be used as a reference to assist in the completion of your
   response including pricing, sizing of processor(s), main memory, disk storage, and
   necessary subsystems/third-party software.
                                          Page 12 of 82
                             San Mateo Medical Center Operational Data
                                                             FY09-10         Projected
                              Item                        Period Ending   (within 3 years)
                                                             6/30/10
       Total Number of Beds                                    448              448
       Number of Beds by Specialty
              Medical/Surgical                                 62               62
              ICU/CCU                                          7                 7
               Psychiatric                                     34               34
               Long Term Care (LTC)                           345               345


       Number of Operating Rooms                               3                 4
       Annual Discharges-Acute Care                           2795             3075
       Annual Inpatient Days-Acute Care                      12396            13635
       Average LOS-Acute Care                                  4.4              4.5
       Annual Discharges-Psych                                826               908
       Annual Inpatient Days-Psych                            9746            10720
       Average LOS-Psych                                      11.8             11.8
       Annual Discharges-LTC                                  479               546
       Annual Inpatient Days-LTC                             102957           113252
       Average LOS-LTC                                        215               215
       Annual ED Visits                                      35515            39066
       Annual Psych Emergency Visits                          3494             3843
       Annual Hospital Outpatient Visits (excluding
       ED & Same Days)                                       238572           262429
       Number of satellite clinic sites                        9                 9
       Number of Physicians On-staff                          150               150
       Planned Concurrent Users                               600               600




4.2 History/Organizational Background

The proposal should describe the following: the proposer’s company’s history, mission,
programs, and services; administrative structure; and experience, including length of
time in providing similar services. Please include any past experience with local
government agencies. Also, describe how this program will fit into your overall
organization. Attach an organizational chart of your San Francisco/Bay Area region
operation.

                                          Page 13 of 82
Please use the format below for this information.


PROPOSER’S CORPORATE INFORMATION

      1.     EXECUTIVE SUMMARY

             Include an executive summary which should be a one or two page summary
             intended to provide the Evaluation Committee with an overview of the significant
             business features of the proposal.

      2.     PROPOSER EXPERIENCE/INFORMATION

             The Proposer shall include in their proposal a statement of relevant experience.
             The Proposer should thoroughly describe, in the form of a narrative, its
             experience and success as well as the experience and success of
             subcontractors, if applicable in providing and/or supporting the proposed system.


             In addition, Proposers are required to provide the following information:

                 a. Vendor Primary Contact:
                         1) Name:
                         2) Title:
                         3) Office/Location Address:
                         4) Phone Number:
                         5) Fax Number:
                         6) Email Address:
                         7) Organization’s Internet Home Page:
                 b. Please list names, title, background and tenure of the executive
                    leadership of your organization and/or of your Healthcare Information
                    System division if part of a larger/broader organization.
                 c. Identify the locations (city, state) of the following:
                         1) Corporate Headquarters:
                         2) Programming/Technical Support Personnel:
                         3) Field Engineering:
                         4) Client Education Personnel:
                         5) Consulting Services Personnel:
                 d. Under the laws of which state the vendor is incorporated:
                 e. What is the number of employees in your organization, categorized by:
                         1) Total:
                         2) Management/Administration:
                         3) Marketing /Sales:
                         4) Research and Development:
                         5) Installation:
                                            Page 14 of 82
                 6) Ongoing Application Support:
                 7) Customer Service/Telephone Support:
                 8) Other:
        f. Provide input on the number and type of clinical resources you have on
     staff.
        g. How long has your company been in the business of Clinical Information
     systems?
        h. What percentage of your company business involves Clinical Information
     systems?
        Please provide the following financial information for each of the last three
        fiscal years (specific to your software division if part of large company):


                                          FY 2010         FY 2009          FY 2008
       Annual Revenue

       Net Profit

       Total Assets

       Total Debt

       % Net Revenue spent on
       Research and Development

        i.   Are there any established user groups associated with your organization
             or proposed product?             Please describe your organization’s
             sponsorship of these groups and how your organization works with them:


        j.   Provide a complete disclosure if Proposer, its subsidiaries, parent, other
             corporate affiliates, or subcontractors have defaulted in its performance
             on a contract during the past five years which has led the other party to
             terminate the contract. If so, identify the parties involved and the
             circumstances of the default or termination.

        k. A list of any lawsuits filed against the Proposer, its subsidiaries, parent,
           other corporate affiliates, or subcontractors in the past five years and the
           outcome of those lawsuits. Identify the parties involved and
           circumstances. Also, describe any civil or criminal litigation or
           investigation pending.

3.   FINANCIAL STABILITY/PROPOSER FINANCIAL INFORMATION

     Proposer shall submit copies of the most recent years independently audited
     financial statements, as well as those for the preceding three years, if they exist.
     The submission shall include the audit opinion, balance sheet, income statement,
     retained earnings, cash flows, and notes to the financial statements. If
     independently audited financial statements do not exist for the Proposer, the
     Proposer shall state the reason and, instead, submit sufficient information such
     as the latest Dun and Bradstreet report to enable the Evaluation Committee to

                                 Page 15 of 82
               determine the financial stability of the Proposer. The Proposer shall supply any
               additional financial information requested by SMMC ISD in a timely manner.

4.3 References

Please provide the following information for three references. It is important that you include
references that are similar to SMMC in terms of size, clinical services, scope of applications and
technology environment. If possible, provide at least one reference site from the state of
California, preferably from the San Francisco Bay Area. SMMC will not contact any references
without your permission. Please use the format below to provide this information.

       Reference #1:
          a)   Organization Name:
          b)   Organization Address:
          c)   Size and Type of Facility:
          d)   Name and Release Version of Application(s) Installed:
          e)   Application(s) Live-dates:
          f)   Nature of Relationship between Vendor and Reference Site (i.e., partner, beta site):


          g)   Individual with sufficient knowledge and experience to speak on the implementation
                process, product functionality, vendor support, and documentation and training.
                   Name:
                   Title:
                   Phone number:
                   Contact email address:
        Reference #2:
          a)   Organization Name:
          b)   Organization Address:
          c)   Size and Type of Facility:
          d)   Name and Release Version of Application(s) Installed:
          e)   Application(s) Live-dates:
          f)   Nature of Relationship between Vendor and Reference Site (i.e., partner, beta site):


          g)   Individual with sufficient knowledge and experience to speak on the implementation
                process, product functionality, vendor support, and documentation and training.
                   Name:
                   Title:
                   Phone number:
                   Contact email address:
        Reference #3:
          a)   Organization Name:
          b)   Organization Address:
          c)   Size and Type of Facility:
          d)   Name and Release Version of Application(s) Installed:

                                             Page 16 of 82
         e)    Application(s) Live-dates:
         f)    Nature of Relationship between Vendor and Reference Site (i.e., partner, beta site):


         g)    Individual with sufficient knowledge and experience to speak on the implementation
                process, product functionality, vendor support, and documentation and training.
                     Name:
                     Title:
                     Phone number:
                     Contact email address:




5. Service Capabilities

5.1 The proposal should define the scope of work and specific services being
offered in your proposal and should include the information listed in the sections
below:



5.1.1 TECHNICAL REQUIREMENTS

      SMMC is seeking a contractor to provide a complete solution to satisfy the technical,
      functionality, and integration requirements and one who is capable of providing the
      stated capacity and service levels as well as the training and technical support required
      to maintain the system in an operational status.

      The technical requirements are to be defined referencing the technical requirements in
      Appendices A1 and A2. Proposers submitting a proposal for a client server solution
      must submit Appendix A1; whereas Proposers submitting a proposal for a SaaS solution
      must submit Appendix A2. Proposers submitting a proposal for both types of solutions
      must submit Appendix A1 and Appendix A2.

      Proposers must submit a thorough narrative supported by references to the technical
      documentation in response to questions asked in Appendix A1 or Appendix A2.



5.1.2 VENDOR PROPOSED PRODUCT INFORMATION

      Please complete the table below regarding the proposed applications:

                                                   Applications
                                                               Developed In-     Current Status                # Live
          Supported            Application        Module           House,       (i.e., in development, beta,
         Functionality                                         Integrated, or                                  Clients
         (Ref Section II-D)
                               Suite Name         Name                              or generally available
                                                                Interfaced?              w/version # )


       Hospital-based Core Clinical Applications
        Provider Order
         Entry/all order
         services
                                               Page 17 of 82
                                      Applications
 Clinical Decision
  Support


 Nursing and
  Ancillary Clinical
  Documentation
  (assessment,
  care plans)
 Multidisciplinary
  Clinical
  Documentation
  including
  providers
 Intensive Care
  Services (ICU)
 Perioperative
  Services,
  including
  documentation
 Infusion Center
  Management

 Telemetry and
  Patient Monitor
  Integration

Additional Support Applications
 Enterprise
  Document
  Management
  System (EDMS)
 Reporting Tools

Possible Future Applications
 Referral
  Management
  System
 Affiliated
  Physician Portal


 Patient Portal



 Personal Health
  Record




                                  Page 18 of 82
5.1.3 SYSTEM SUPPORT REQUIREMENTS

                             Function                                      Vendor Use Only
                                                                    Yes   No        Comments

       1) A dedicated support team is guaranteed.
       2) Toll free telephone support is available 7 days a
          week, 24 hours a day.
       3) Web-access support is available 7 days a week, 24
          hours a day.
       4) Telephone support response times are guaranteed.
          Specify the response time.
       5) For the proposed hardware, please identify the party
          responsible for support.
       6) For the proposed software, please identify the party
          responsible for support.
       7) Is a preferred or “premier” customer support status
          offered?
       8) Is a warranty for the application(s) available? What is
          the warranty period?



    System Support - Additional Requirements
       1.   Where are your customer support offices located?
       2.   What are your standard support hours? Are they based on client local time? Do you offer
            extended support hours? Is there an additional charge for this and if so, what is that
            charge?
       3.   Define the recommended size and skill set of the IT staff to support your proposed core
            clinical product(s) at an organization of SMMC’s size and complexity.
       4.   Assuming SMMC contracts with another party for hardware, networking, etc., how are
            lines of responsibility drawn?
       5.   Describe the process for resolving client issues and problems:
                a)   Discuss issue logging and tracking.
                b)   Explain service request prioritization.
                c)   Describe escalation procedures.
                d)   Discuss status reporting.
                e)   Provide average turnaround times for problem resolutions.
                f)   What documentation/acknowledgement is communicated to SMMC when a
                     problem/issue is communicated to the vendor?
       6.   Describe your methodology for new version/releases of your software:
                     a) Development.
                     b) Testing.
                     c) Distribution.
                     d) Installation.
                                               Page 19 of 82
                  e) Notification.
     7.   How often are new versions released?
     8.   What is the recommended / standard timeframe for taking new releases?
     9.   When a new version of your product is released, will you guarantee upward conversion
          to the new release at no additional cost to SMMC?
     10. Can new software be applied and tested in the training system before it is applied to the
         production system?
     11. Is the training database/environment a mirror image of the production files and the
         systems test database?
     12. Can the test/training environment be ‘refreshed’ or synchronized from the production
         environment by SMMC independent of vendor participation? Please explain.
     13. How are customizations – vendor and customer-created – accommodated in new
         releases, i.e., not overwritten?
     14. How many levels of software releases are supported?
     15. Does the vendor organization support a remote hosted model for their software? Please
         describe offering.

5.1.4 IMPLEMENTATION APPROACH
     1.   Please describe your typical approach to implementing the proposed core clinical
          solutions at an organization of SMMC’s size and complexity.
     2.   Please describe a high-level recommended installation sequence and timetable for the
          proposed core clinical applications with the intended goal of maximizing ARRA HITECH
          incentive monies through reaching Meaningful Use in a timely manner. Please include a
          description of suggested implementation phases and timing (e.g., Phase 1:
          Orders/Results, Phase 2: Clinical Documentation, etc.)
     3.   Provide a sample implementation work plan for the proposed applications indicating the
          tasks required, the relative sequence of tasks, the party responsible for each task, and
          the approximate time required to complete each task.
     4.   Describe the anticipated vendor and SMMC personnel and/or outside resources
          required/ recommended to install your proposed solutions outlined in #2 above (skill level
          and numbers).
     5.   Discuss activities/assistance that could be provided by vendor personnel in addition to
          those provided for in your work plan and implementation cost estimate and describe how
          these additional services would be billed.      .
     6.   Describe your formal procedure for system acceptance, including hardware and
          software.
     7.   Describe your methodology for conversion of current system files, specifically:
             a)   Patient demographics.
             b)   Clinical documentation (discrete data and transcribed reports). Please provide
                  input on two methods for this data:
                     1.   Converting discrete data/transcribed reports to your CIS.
                     2.   In-loading of a subset of paper charts via your document management
                          solution.
     8.   For any identified automated conversions, who would be responsible for developing:
             a)   Extracts from the current system?
             b)   Input/edit/updates to your system?
                                        Page 20 of 82
     9.   What is your recommendation for converting existing clinical data from the incumbent
          Siemens Invision system -- to your proposed CIS as discrete data, to your proposed
          document management solution, other? How have other clients addressed historical
          clinical data conversions?

5.1.5 CLINICAL CONTENT

     1.   Please describe your typical approach and/or options to building the clinical content
          needed for order entry/CPOE to achieve standardization and patient safety (e.g., order
          sets, clinical decision support, standardized documentation, etc.).
     2.   Describe the types and number of order sets and alerts/reminders you provide with the
          order entry module, i.e., ‘starter set’? If you provide these, please provide details.
     3.   Describe your system ability for dealing with standardized order sets by specific
          physicians vs. diagnosis?
     4.   Describe in detail the clinical content that is provided with your clinical system. Provide
          numbers and types of content including order sets (if not described in #2 above), clinical
          rules and alerts, care plans, etc.
     5.   Describe how the clinical content is maintained in your application.
                                                       rd
     6.   Does your system support the import of 3 party clinical content? If so, please describe
          the process and how is existing content impacted.
                   rd
     7.   List the 3 party vendors that you are aligned with for providing clinical content.
                                                  rd
          Describe any additional costs for this 3 party software.
     8.   Describe how your system allows the ability to aggregate data directly from the CDR for
          regulatory initiatives – e.g., THE JOINT COMMISSION core measures, CMS core
          measures, IHI sepsis bundle compliance, SMMC specific databases, etc.
     9.   Describe your system’s ability to integrate various care protocols into general
          assessment, scoring, implementation and on-going reassessment into the EMR – i.e.,
          falls, pressure ulcers, groin management, restraints, rehab protocols, moderate sedation
          protocols, central line placement protocols, etc.
     10. Describe how the system assists with adherence to national patient safety goals from
         THE JOINT COMMISSION or National Quality Forum guidelines – program screening,
         implementation, compliance monitoring, etc.
             a.   High risk medication alerts
             b.   Look alike, sound alike drugs
             c.   Drug concentrations
             d.   IV Conscious sedation
             e.   Monitoring of hospital acquired infections
             f.   Patient identification
             g.   Clinical alarms
             h.   Critical values
             i.   Medication reconciliation
     11. Describe the system’s ability to pick up symptom or pattern recognition of symptoms of
         patient’s in trouble and triggers the end-user?




                                           Page 21 of 82
5.1.6 FUNCTIONALITY AND INTEGRATION REQUIREMENTS (APPENDIX B)
     Proposers must complete and submit with their proposals the functional and integration
     requirements referenced in Appendix B.



5.1.7 TRAINING

                                Function                                     Vendor Use Only
                                                                    Yes    No            Comments

       1)    Documentation is available in hard copy.
       2)    Documentation is available on-line.

       3)    On-line documentation can be printed on demand.
       4)    Documentation is available on CD or DVD

       5)    Documentation manuals accurately reflect the most
             current software release.
       6)    Vendor-supplied training can be conducted on-site at
             SMMC.

     Training - Additional requirements
            a) Provide a summary description of the documentation provided with the system including:
                    a) System administration manuals (including use of decision and edit tables).
                    b) Technical documentation (including detailed HL7 interface specs and data
                       schema).
                    c) User reference manuals.
                    d) Training manuals.
            b) Describe the training approach for user personnel. Outline training classes/sessions
               offered, course content, approximate length of time for each session and approximate
               ratio of hands-on practice vs. lecture.
            c) Describe any computer-based instruction modules available for training during installation
               and for on-going training.
            d) Describe the training provided to operations and technical support personnel.
            e) Describe the training for the report writer or reporting mechanism? Describe how this is
               accomplished and what is the cost?
            f) Describe the training available to information systems and user department core group
               personnel for product orientation in advance of system file, table, profile and parameter
               building.
            g) Describe any ongoing training available to customers included in the
               maintenance/support arrangement at no additional cost (not including out-of-pocket
               expenses).
            h) Discuss options available for training new personnel after initial implementation.
     Provide a listing of all standard reports that are provided by the system (for each module) and a
     sampling of each with your response.




                                                   Page 22 of 82
Additional Note:
      The implementation, project management, training, and ongoing support requirements
      are to be defined referencing the requirements in Appendices C1 and C2. Proposers
      submitting a proposal for a client server solution must submit Appendix C1; whereas
      Proposers submitting a proposal for a SaaS solution must submit Appendix C2.
      Proposers submitting a proposal for both types of solutions must submit Appendix C1
      and Appendix C2.

      Proposers must submit a thorough narrative supported by references to the
      implementation, project management, training, and ongoing support in response to
      questions asked in Appendix C1 and/or Appendix C2.


  5.1.8 STRATEGIC DIRECTION

      This section gathers information related to the strategic direction of the vendor and defines the
      contractual requirements of SMMC. Please answer each question completely, concisely, and
      accurately.

      1.   Strategic Requirements
           a) Has your company acquired or merged with any other organizations in the past three
               years?      If so, please describe.
           b) Are you a subsidiary of or under the control of any other corporation, individual, or other
               entity?      If yes, please provide entity name.
           c) Describe your corporate vision for how information technology will support the healthcare
               environment of the future (i.e., over the complete continuum of care).
           d) Describe how workflow tools are integrated into your products and how they can be
               customized by the client.
           e) Identify your product’s strengths and its areas for improvement.
           f) What are your plans to address these improvement opportunities?
           g) Describe your organization’s vision for providing web-based applications, technologies,
              or value-added services.
           h) Describe how your system supports the development of evidence based care and
              promotes and tracks quality outcomes.
           i) How does your system support the building of an infrastructure to support improvement
              in core measures and other quality indicators, such at THE JOINT COMMISSION
              Patient Safety goals and IHI quality indicators?
           j) What reporting capabilities are available with your system for reporting core measure
              performance?
           k) Can the proposed solution support all relevant California state regulatory requirements?

           l) Describe any work you are doing with designing or developing systems to assist
              healthcare organizations meet Leap Frog standards.
           m) Describe the work you’ve completed or will complete to ensure that your applications will
              support clients with the expanded HIPAA requirements stemming from the ARRA
              HITECH Act (security and privacy focused).
           n) Please provide examples of operational efficiencies and process integration benefits
              achieved by clients through the use of your system (attach materials, as needed).
           o) Discuss your efforts to provide interfacing to ‘smart’ IV pumps and please specify those
              manufacturers that you have interfaced with to date.

                                             Page 23 of 82
              p) Describe how your system has incorporated the use of bar-coding, RFID and proximity
                 technology into the care delivery process. Do you partner with other vendors to support
                 these features and/or is software internal to your product. Please provide detail
                 information on this focus area.
              q) Describe how your system can support a community-wide HIE (health information
                 exchange) initiative to consolidated patient clinical information across disparate entities,
                 i.e., RHIO (regional health information organization) and/or CMPI (community master
                 patient index).
              r) Please describe how your system handles bed management. Is this function part of your
                 CIS or you’re his? Assuming it is part of your CIS and assuming that SMMC will remain
                 on their Invision system for Registration/ADT, how will that affect the bed management
                 processes within your CIS?
                                                                                rd
              s) What constraints do you see with the integration of a 3 party laboratory system (Novius
                 LIS)?
              t) SMMC plans to keep their incumbent EDIS (Pulsecheck) in place initially. What data
                 points would you recommend for integration between your CIS and SMMC’s Pulsecheck
                 ED System to ensure a comprehensive clinical record for patients that span the
                 ED/Inpatient continuum? Have you integrated with Pulsecheck? Have you integrated
                 with other ED systems? What challenges have you encountered?
              u) Please outline how your proposed solution supports the ARRA HITECH Meaningful Use
                 requirements. Include a table of the required Meaningful Use functionality (by year) and
                 how your proposed solution meets these requirements currently or planned. Include
                 both core and menu set items in this description.



5.1.9 Contractual Information
            Indicate, in the following table, your agreement to the contractual requirements identified.
            Some requirements identified below relate to language included in the County’s standard
            contract template, a copy of which is attached to this RFP. If you cannot agree to a
            requirement, explicitly state such in your response and provide alternative contract language
            for consideration.

                              Requirement                                            Vendor Response
                                                                          Yes   No            Comments

       a)    Should SMMC contract with your organization, there
             are no pending litigation activities involving your
             organization that could have an impact on SMMC.
       b)    Your organization will contract guaranteed prices for
             software systems that are currently under
             development and not yet installed.
       c)    Your organization will contract for “not to exceed”
             installation fees.
       d)    Your organization will stipulate that the contract will be
             entered into under, and governed by, the laws of
             California. (See Section 15 of the County’s standard
             agreement.)
       e)    Your organization will stipulate that any dispute
             arising under the contract will be venued in the
             County of San Mateo or the United States District
             Court for the Northern District of California. (See
             Section 15 of the County’s standard agreement.)




                                                    Page 24 of 82
                      Requirement                                         Vendor Response
                                                               Yes   No            Comments

f)   Your organization will agree to unconditionally
     guarantee all items against defects in materials,
     workmanship, and performance for one year from
     date of installation by SMMC unless otherwise
     specified.
g)   Proposed acquisition and ongoing maintenance or
     support costs include any future enhancements or
     upgrades to the application modules. If not, indicate
     additional costs in the cost quotation.
h)   Your organization can and will comply with the
     County’s non-discrimination policy. (See Section 11
     of the County’s standard agreement.)
i)   Your organization can and will comply with the
     County’s equal employment opportunity policy. (See
     Section 11 of the County’s standard agreement.)
j)   Your organization can and will comply with the
     County’s policy regarding employee benefits. (See
     Section 11 of the County’s standard agreement.)
k)   Your organization can and will comply with the
     County’s jury duty policy. (See Section 17 of the
     County’s standard agreement.)
l)   Your organization can and will comply with the
     County’s hold harmless language. (See Section 7 of
     the County’s standard agreement.)
m) Your organization can and will comply with the
   County’s insurance requirements. (See Section 8 of
   the County’s standard agreement.)
n)   Your organization is able and commits to comply with
     all other terms of the County’s standard contract. (If
     not, provide an explanation for the inability to comply
     with the required term(s). If no objections are stated,
     County will assume the proposer is prepared to sign
     the County contract as-is.)



Contractual Information - Additional Requirements
     i.      How many contracts for proposed systems have you signed in the last three years?
             Please specify for each component.
     ii.     How many of those clients have completed implementation of your system? (List the
             applications installed for each client.)
     iii.    Have any of your customers cancelled a contract in the last two years before, during, or
             after an installation?    If yes, why? (Specify organization and location.)
     iv.     Describe how you will commit to providing changes mandated by Federal (e.g., HIPAA,
             FDA), State, Accrediting (e.g., THE JOINT COMMISSION), and standards (e.g., HL7)
             organizations. Are there any additional costs for these updates?
     v.      Describe your approach and timing to accommodate the mandated change to HIPAA
             v5010 format and ICD-10 diagnosis code set.
     vi.     Have you obtained ONC certification in support of ARRA HITECH requirements
              (available beginning October 2009)?
      vii.    Please list the clients that have purchased your CORE HIS within the last two years.


                                           Page 25 of 82
5.1.10 Application Design

                                     Function                                        Vendor Response
                                                                              Yes   No        Comments

       a)        If the application is Windows-based, can your system
                 run under VMWare Workstation (virtualized
                 environment)?
       b)        Is the application object oriented design with flexibility
                 to add custom fields and modification easily? Explain.
       c)        Does the application provide a tool to migrate
                 customization to new software releases? If so,
                 describe.
       d)        Does the application have web access capability for
                 view-only?
       e)        Does the application have web access capability for
                 ordering, results processing, and clinician charting?
       f)        Is the e-mail interface capable of notification and
                 routing of reports?
       g)        Can the systems support the use of email distribution
                 lists?
       h)        Is the e-mail interface part of a secure messaging
                 system?
       i)        How is PHI encoded in email?


      Application Design- Additional Requirements
            i)     What language is the application written in?
            ii) Describe the processing model used in the application, such as 2, 3, or multi-tier.
        iii)       Describe the distribution and centralization capabilities for data, application, and interface
                   processing across physical platforms.
        iv)        Describe how capacity planning is accomplished. Include any calculations and
                   documents in your response.
        v)         Provide a schematic showing the logical design of the proposed applications that
                   identifies all databases and files and indicates the direction of data flow.
        vi)        How are databases mirrored for failure tolerance?
        vii) Does the system support voice recognition as an input mechanism?            If so, please
             explain how and if there are any third party products or components required.
        viii) Please provide a list of all reports, including security reports, and report libraries
              that come standard with the system.

5.1.11 Security




                                                       Page 26 of 82
                           Function                                     Vendor Response
                                                                 Yes   No        Comments

a)   Does the application security utilize RDBMS security
     roles?
b)   Can the application security utilize enterprise directory
     services for user authentication?
c)   Can SMMC enforce password standards, such as
     length, expiration, and character sets in your
     application?
d)   For your application, is the authentication process
     encrypted?
e)   Are users able to change passwords through the
     application at their own discretion?
f)   Does your product provide security controls to restrict
     access by:
     i     Application module
     ii    On-line function
     iii   Screen within function
     iv    Data element/section of chart
     v     User ID
g)   Can groups of user security be changed at one time?
h)   Can security be copied from one user or group to
     another then modified?
i)   Can user-defined security criteria be set?
j)   Is there an audit trail for security changes?
k)   Is one sign-on process sufficient to control access to
     all authorized functions/modules?
l)   Are separate passwords required for specific screens
     or modules?
m) Can one user be signed on to multiple devices
   simultaneously (i.e., using the same password)?
n)   Does the system provide use statistics by user ID?
o)   Does the system provide an audit trail that can be
     used to identify transactions or data accesses that
     have been performed by:
     i     Input Device
     ii    Function
     iii   Patient/Record
     iv    User Role
     v     User Identity
p)   Are all transactions identified with a user ID?
q)   Does the system provide additional security for Web
     access (if available)?
r)   Does the system include options for:
     i     Failed access attempts to be tracked and
            reported?
     ii    Specifying the number of failed attempts allowed?
     iii   Action upon maximum failed attempts?
s)   Can audit logs be archived and recalled as needed?
                                           Page 27 of 82
                                 Function                                        Vendor Response
                                                                    Yes      No             Comments

       t)    Does the system have a “time out” feature that
             automatically signs off a user if a workstation has
             been left unattended for a SMMC-defined time
             period?
       u)    Can system “time out” parameters be modified by
             SMMC without vendor assistance?
       v)    Does the system allow for controlling/removing
             access for users no longer needing access?
       w) Can SMMC define a period after which an unused
          sign-on is deactivated/disabled from the system?
       x)    Can vendor support personnel access the system
             without SMMC knowledge?
       y)    Does the system have a function that will
             automatically “log off” ALL users?
       z)    Does the system support electronic signature?


      Security - Additional Requirements
            i) Describe how the system provides for the capability to restrict access to particular records
               within the system, based on user ID or specified fields (i.e., discharged facility).
            ii) How is single sign-on to all applications implemented?
            iii) Describe your approach to utilizing biometric and/or proximity/RFPD device solutions for
                 user authentication.       Do you have any of these solutions in production?           If
                 so, describe the environment and benefits delivered.
            iv) Please describe the ability of software to conform to SSL and describe any other
                encryption capabilities of the software.


5.1.12 Database
                                Function                                         Vendor Response
                                                                   Yes      No             Comments

      a)    Is the database schema documented and provided to
            SMMC?
      b)    Does the database schema identify all databases and
            files and indicate direction of data flow?
      c)    Is the database schema automatically updated and
            re-distributed as new releases are made available?
      d)    Do the database schema/tables have a standards
            convention?
      e)    Is there an entity relationship model for the
            application?



     Database - Additional Requirements
            i) Is the DBMS used standard or proprietary?                 If proprietary, describe the structure
               and any required support procedures.
            ii) How many database servers and mirrors are recommended?                             Is there a
                production, test/training and development environment as delivered, etc.?

                                                   Page 28 of 82
            iii) Describe a plan and tools used to inspect, report on, and repair the database(s).
            iv) Describe your database mirroring.            How is the “correct” copy known?
            v) Describe database backup plans.
            vi) What different levels of database support does your company provide?
            vii) How do you package your database installs and upgrades for your application?         Is
                 the upgrade/install configurable to different database environments (i.e., schema name,
                 database names, table space names…)?

5.1.13 Data Dictionaries and File Design
                a)   Does your system have "master files" where universal information can be entered
                     once and accessed by other applications (e.g., patient demographic information)?
                           Does this apply to all applications proposed?
                b)   Are any files updated in a batch mode?       If so, please indicate which files, the
                     frequency in which these files are updated and the length of time necessary for
                     batch updates to be performed.          Can the online functions be active while
                     batch updates are done?
                c)   Can all data elements be viewed, printed, interfaced, updated, reported on and/or
                     listed as needed? Identify any that cannot.
                d)   Does the system allow the user to restrict printing and display of confidential data
                     elements if flagged in the data dictionary?

5.1.14 Data Access and Storage
                a)   Describe database storage model used by application, such as relational, network,
                     or hierarchical.       How will this affect the report writing capabilities of the
                     system?
                b)   Describe the use of SAN (Block Level) and/or NAS (File Level) protocols associated
                     with the proposed solution.           What SAN/NAS storage vendors and products
                     are certified to work with your system?
                c)   Describe the recommended storage solution, hierarchy, sizing/capacity, speed, etc.


                d)   Does the proposed system include:
                     i) User-defined menus
                     ii) User-defined screens/start-pages
                     iii) User-defined fields
                     iv) User-defined function keys
                     v) User-customizable patient summary screens (data from demographics, allergies,
                        documentation, orders, flowsheets, results, etc.)
                e)      Are required fields SMMC-definable?
                f)      How is data integrity maintained?           What tools are used?


   5.1.15 Interfaces

                              Function                                        Vendor Response
                                                                   Yes   No             Comments

       a)   Do you support the use of interface engines? If yes,
            comment on which engine(s) are supported.
                                                 Page 29 of 82
                         Function                                       Vendor Response
                                                             Yes   No            Comments

b)   Are all system interfaces HL7 compliant?
c)   Do you provide detailed interface specifications?
d)   Do you make technical staff available to answer
     questions and assist in data mapping with other
     vendors?
e)   Does the vendor support controlled user access to
     monitor the interfaces and to stop/start the
     interfaces?
f)   Is there an interface error log on the system and can
     client personnel access it?
g)   Does the system attempt to re-send transactions in
     the event of a failure?

Interface - Additional Requirements
     1. Describe your overall design approach to developing, testing, implementing and
        upgrading system interfaces to third party systems.
     2. Provide a list of the interfaces that have been developed/implemented for your CIS.
        Include type of interface and vendor/system interfaced to/from.
     3. Provide a list of the medical device (telemetry monitors, EKGs, ventilators, etc.) interfaces
        that you have developed/implemented for your CIS.
     4. Please discuss how you have taken steps towards interoperability in support of the
        Continuity of Care Document (CCD) and Continuity or Care Record (CCR) core data sets.
        Please indicate if you have implemented the CCD or CCR XML schema with any clients
        and if so, to what other clinical software systems.
     5. SMMC’s specific interface requirements include the following, please describe your ability
        to interface to each and include pricing in the Systems Costs section (Section 8.0). We
        have listed the minimum various types of transactions and systems involved below.
             a. ADT (bi-directional)
                i.      Inbound to CIS and Document Management from Invision
               ii.      Outbound from CIS and Document Mgmt to Invision (to avoid data
                        discrepancies; may not be required if patient demographic data cannot be
                        edited in the CIS and Document Mgmt system)
             b. Orders/Results (bi-directional including order status/results and inquiry) If
                     proposing these systems
                i.      Orders Outbound from CIS to Novius Lab and Siemens RIS
               ii.      Orders & Order Status/Results Inbound to CIS from Novius Lab, Siemens
                        RIS
             c. Charges (uni-directional)
                i.      Hospital-based Charges Outbound from CIS to Invision
               ii.      Professional Charges Outbound from CIS to Invision
             d. Transcription (uni-directional)
                i.      Transcription Inbound to CIS and/or EDMS from Webmedx
             e. Pulsecheck EDIS Integration Requirements
                i.      Medication Orders Inbound to CIS Pharmacy module from Pulsecheck


                                          Page 30 of 82
                        ii.       Comprehensive clinical data from Pulsecheck EDIS to CIS (supporting CCD
                                  standards):
                                      a. Height/weight, allergies/reactions, advanced directive, clinical
                                         history, reason for visit, problem list, ED documentation, medications
                                         (home and administered while in ED) and time of meds
                                         administration in the ED to the CIS eMAR.
                        iii.      Order processing for ED orders. Currently done from Pulsecheck to Invision
                                  and then to Lab and Rad. If proposal includes a different solution, please
                                  outline it here.
                   f.          eClinicalWorks (eCW) Ambulatory EMR Integration Requirements
                         i.       Bi-directional between CIS and eCW AEMR to support patient continuum
                                      a. User defined / CCD elements and/or documents to support continuity
                                         of care, e.g., Height/weight, allergies/reactions, advanced directive,
                                         clinical history, problem list, ‘home’ medications, lab values, etc.
                                      b. Potential orders to ancillaries; current process as defined above for
                                         Pulsecheck.
                                      c.   Messaging to support notification of PCP of hospital admission and
                                           outbound discharge summaries.
                   g. Additional Interfaces
                         i.       Based on information provided, outline any other interfaces to be proposed
                                  with explanation of purpose and systems affected. Examples could include
                                  medication interfaces with Pyxis, Pharmacy, etc or others.


5.1.16 Hardware and Operating System
                                      Function                                     Vendor Response
                                                                          Yes    No            Comments

    a)    Does the system require nightly procedures/daily
          processing? If so, describe. Will the system remain in
          production?
    b)    Without replacing the proposed CPU, can the capacity of
          each of the following be increased by 100% (doubled):
           i)    Memory
           ii)   Disk Storage – platform specific or SAN
    c)    Does the system support the use of wireless notebook
          computers/tablet PCs for entry of patient information?
    d)    Does the system support the use of handheld devices
          for entry of patient information? Describe.
    e)    Does the system support the following data input modes:
           i)    Light pen
           ii)   Bar code reader
           iii) Touch screen



  Hardware and Operating System - Additional Requirements
         i) What is the latest generation technology platform(s) that the system is offered on?
            Please provide an approximate breakdown of how many clients are running on this and
            the previous still-supported platform options.
         ii) What operating systems are supported?        Approximately how many clients run on
             each operating system?        What operating system is the application developed in?
                                         Page 31 of 82
                   What operating system(s) was, or is, the application ported to and in what order?


      iii) Describe the approach used in determining an appropriate hardware sizing and
           configuration for SMMC.    Identify data, assumptions and calculations used.
      iv) For each of the following, identify 1) Vendor-certified solutions (or standard minimum)
          and recommended configuration requirements, 2) Data connectivity/integration approach
          between device and the system, and 3) system-specific software required to be installed
          in the device.
              a)   End user systems, including but not limited to: O/S, CPU, disk drive capacity,
                   system memory, and monitor size:
                       1)   Local desktop workstation
                       2)   Handheld tablet workstation
                       3)   Handheld device
                       4)   Remote/Off Site Workstation
              b)   Data input systems:
                       1)   Bar code solution
                       2)   Scanners (specify for both single and large scale scanning stations)


                       3)   Voice capture
                       4)   External images – ex., .jpeg from digital camera
                       5)   Electronic signature capture
              c)   Output systems:
                       1)   Laser printer
                       2)   Impact printer
                       3)   Label printer
                       4)   Bar code printer
      v) What Web browser and version is recommended?            What Web browsers are
         supported?     Are systems specific add-in components required?
      vi) Describe environment and space requirements for proposed hardware. Include a
          description of the requirements for space, heating, location, flooring, ventilation, air
          conditioning, and fire protection.


5.1.17 Network
         a)    For each transaction (per application) provide bandwidth and response times
               required.
         b)    How much traffic will be generated per transaction?
         c)    What is the expected number of transactions per day for SMMC?
         d)    What type of network architecture is supported?
         e)    What type of integration into Active Directory or LDAP does the application support?


         f)    On the wide area network what is the minimum response time required?
         g)    How does the application respond across a T1 or DSL Connection? Is the use of
               Citrix or Terminal Services required to ensure efficient response time?

                                             Page 32 of 82
              h)     Can end users desktop support DHCP? If no, explain.
              i)     Describe technical design of Web access capability (if any).
              j)     Does vendor require access to application servers?           How is security handled?



5.1. 18 Remote Access
              a)     Describe in detail the remote access methods you currently support for your
                     application.
              b)     Do you have client(s) currently connecting to your application via an Internet VPN
                     connection?        If so, what is the minimum bandwidth required?
              c)     Does your product offer web-based remote access that provides full access to
                     application’s functionality? If so, please describe. If not, please describe limitations
                     to access that would result.
              d)     Does your solution support SSL for remote access security?

5.1.19 Operations/Disaster Recovery
              a)     Does your system support disk shadowing?
              b)     Are there any special disaster recovery considerations for your application?
              c)     Does SMMC have the ability to perform disk compression, initialize files, tapes,
                     disks, packs, etc.?
              d)     For your application, is downtime required for any function?             If so, explain.

              e)     For your application, describe your backup methodology.
              f)     How are back-up configuration files handled?
              g)     Define your uptime performance warranty.



5.1.20 Functional Requirements (Excel insert – APPENDIX F)
     This section gathers information related to the functional requirements of SMMC and how well
     your proposed product(s) meets these requirements.

     SMMC is requesting information on all of the functionality outlined in Section 4.1 Project
     Application Scope and Description.

     Please use the enclosed Excel workbook “SMMC Appendix F Func Reqs” to document your
     responses to the functional requirements.

     The seven tabs (highlighted in yellow) comprise the primary ‘core’ modules that SMMC will be
     focused on in “Phase 1” of their deployment. The two tabs highlighted in blue comprises
     additional functionality that SMMC would like detail responses on for their consideration.

         1.    Vendor Instructions
         2.    Hospital-based Core Clinicals
         3.    Critical Care
         4.    Enterprise Document Management System (EDMS)
         5.    Portals
         6.    Global Functions
         7.    HIM
         8.    Reporting Tools

                                               Page 33 of 82
          9.   Pharmacy

      In addition to specific requirements outlined in the detailed Excel worksheets please provide
      information (and pricing) on software that you offer to support the following areas:

           Referral Management System                        Cardio Vascular Information System (CVIS)
           Case Management System                            Personal Health Record
           Perioperative Services                            Long Term Care—functionality and record
                                                               integration




      5.1.21 Cost Proposal – Clearly define and itemize all costs associated with the
      services defined in your proposal, to include travel if required. Please use the
      Cost Proposal form (Excel Spreadsheet)—Appendix D.

      The pricing must clearly define all costs expected to be incurred by SMMC during
      implementation and throughout the term of the contract. They must clearly separate one-
      time costs, implementation/installation costs, and recurring costs over a five-year period.

      If the software is compatible with multiple hardware platforms, please propose a
      recommended platform for the SMMC environment and infrastructure standards as noted
      in Section 2.0.

      The proposed configuration should reflect a high-availability/redundant model and also
      include disaster recovery recommendations.


      5.1.22 Describe start-up requirements and the lead-time necessary to begin
      providing services.

      5.1.23 Describe your invoicing, remittance, and reconciliation process. Note the
      County invoicing requirements as specified in Exhibit B of the standard County
      Agreement (attached).


5.2 Proposal Format and Submission

All proposals should be typewritten; have consecutively numbered pages, including any
exhibits, charts, or other attachments; and be securely bound.
Proposals shall be organized into the following major sections:
     Title Page
     Letter of Transmittal
     Table of Contents
     Executive Summary
     Scope of Services
     Company Background
     Client References
                                             Page 34 of 82
    Cost Proposal
    Exceptions to the RFP
    Required Attachments (including the Contractor’s Declaration From)
    Statement of Compliance with County conditions

The proposer must sign proposals. An unsigned proposal may be rejected.

All proposals must remain valid for a period of not less than 180 days from the
submission. This includes pricing as well as nominated engagement staff.

All proposals can be amended or withdrawn before the deadline has been reached.

Submit one (1) original and seven (7) double-sided copies. Also on one (1) CD-ROM
submit an electronic copy of the proposal.

Submit proposal and include the name and address of the proposer on the outside of
the package and in a cover letter. Address or deliver proposals before the deadline to:

    San Mateo County
    RFP # ISD 1805
    Cyndy Chin, Administrative Assistant
    222W. 39th Avenue
    San Mateo, California 94403



6. Final Filing Date

Proposals must be received by the County by 2PM PST on Feb 4, 2011.




                                       Page 35 of 82
6.1 Additional Information

If the County determines, at its sole discretion, that additional information is required or
desirable beyond that provided in the proposal(s) of any of the proposer(s), County shall
invite the proposer(s) to make oral and/or written presentations to the Evaluation
Committee.

7. Evaluation of Proposals

An Evaluation Committee will be composed of at least one representative from each of
the following departments: Nursing, Ancillary services, Providers, Revenue Cycle and
HIM. In addition, the committee will also include the Chief Medical Information Officer,
the Chief Medical Officer, the Health System IT Deputy Director and an ISD
Relationship Manager. The Evaluation Committee will evaluate proposals and the
qualifications of proposers submitting proposals. The evaluation criteria include, but are
not limited to, those listed below in paragraph 7.1, “Evaluation Criteria”. The Evaluation
Committee will submit to the Director of Information Services the recommendation of the
Committee’s evaluation. The Director can accept or reject any recommendation.

7.1 Evaluation Criteria

Each proposal will be assessed by the Evaluation Committee based upon the
evaluation criteria that will include the following:

(Not listed in order of importance)
        Proposer’s experience;
        Capability and experience of key personnel;
        Quality of references;
        Clarity of understanding of the scope of services to be provided;
        Experience with other public or private agencies to provide case study numbers;
        History of successfully providing similar services;
        History of successfully managing other contracts with public or private agencies;
        Ability to satisfy SMMC’s functional requirements;
        Ability to meet required timeline;
        Proposal cost and;
        Ability to comply with the County’s contract requirements.

The County may consider any other criteria it deems relevant, and the Evaluation
Committee is free to make any recommendations it deems to be in the best interest of
the County.

7.2 Notification

Notification of the Information Services Director’s recommendation will be done by fax
transmission and/or by e-mail when the selection process is completed. Please be sure
to include all requested contact information.

8. Protest Process

If a proposer desires to protest the selection decision, the proposer must submit a
                                        Page 36 of 82
written protest within five (5) business days after the delivery of the notice letter about
the decision. The written protest should be submitted to the Director of Information
Services as outlined below. Protests received after the deadline will not be accepted.
Protests must be in writing, must include the name and address of the Proposer and the
Request for Proposals numbers, and must state the specific ground(s) for the protest. A
protest that merely addresses a single aspect of the selected proposal, e.g., comparing
the cost of the selected proposal in relation to the non-selected proposal, is not
sufficient to support a protest. A successful protest will include sufficient evidence and
analysis to support a conclusion that the selected proposal, taken as a whole, is an
inferior proposal.

The Director of Information Services will respond to a protest in writing, and the County
may, at its election, set up a meeting with the proposer to discuss the concerns raised
by the protest. The decision of the Director of Information Services will be final.

The protest must reference this RFP by number, be in writing, include contact
information for the protesting party, and be faxed or emailed to:

       Kathleen Boutte Foster, Deputy Director Information Management Services-
       Health, ISD
       and Cyndy Chin, Administrative Assistant,
       ISD Email: kbfoster@co.sanmateo.ca.us and cchin@co.sanmateo.ca.us
       FAX: (650) 627-9160




9. Contract Negotiation and Inability to Negotiate a Contract

After a proposer has been selected by the Director of Information Services, the County
and such proposer will negotiate a contract for submission to the County’s Board of
Supervisors for consideration and possible approval. Sole authority for acceptance of
any such agreement lies with the County’s Board of Supervisors, and submission of an
agreement to the Board of Supervisors is not a guarantee that it will be executed. If a
satisfactory contract cannot be negotiated, the County may, in its sole discretion,
negotiate with another vendor.




                                        Page 37 of 82
County Contract Template & Contractor Declaration Form
                            AGREEMENT BETWEEN THE COUNTY OF SAN MATEO AND
                                           [Contractor name]


         THIS AGREEMENT, entered into this _____ day of _______________ , 20_____, by
         and between the COUNTY OF SAN MATEO, hereinafter called "County," and
         [Contractor name here], hereinafter called "Contractor";

                                                     W I T N E S S E T H:


        WHEREAS, pursuant to Government Code, Section 31000, County may contract with independent
contractors for the furnishing of such services to or for County or any Department thereof;

        WHEREAS, it is necessary and desirable that Contractor be retained for the purpose of [Enter
information here].


         NOW, THEREFORE, IT IS HEREBY AGREED BY THE PARTIES HERETO AS FOLLOWS:

1.           Exhibits and Attachments
The following exhibits and attachments are included hereto and incorporated by reference herein:

Exhibit A—Services
Exhibit B—Payments and rates
Attachment H—HIPAA Business Associate requirements
Attachment I—§ 504 Compliance
Attachment IP – Intellectual Property (**if the IP Attachment does not apply to this contract then delete this line**)

2.           Services to be performed by Contractor
In consideration of the payments set forth herein and in Exhibit “B,” Contractor shall perform services for County
in accordance with the terms, conditions and specifications set forth herein and in Exhibit “A.”



3.            Payments
In consideration of the services provided by Contractor in accordance with all terms, conditions and specifications
set forth herein and in Exhibit "A," County shall make payment to Contractor based on the rates and in the
manner specified in Exhibit "B." The County reserves the right to withhold payment if the County determines that
the quantity or quality of the work performed is unacceptable. In no event shall the County’s total fiscal obligation
under this Agreement exceed [Write out amount], [$Amount].

4.                                                 Term and Termination
Subject to compliance with all terms and conditions, the term of this Agreement shall be from [Month and day],
20[Last 2 digits of year] through [Month and day], 20[Last 2 digits of year].

This Agreement may be terminated by Contractor, the [Name of County Department Head] or his/her designee at
any time without a requirement of good cause upon thirty (30) days’ written notice to the other party.

In the event of termination, all finished or unfinished documents, data, studies, maps, photographs, reports, and
materials (hereafter referred to as materials) prepared by Contractor under this Agreement shall become the
property of the County and shall be promptly delivered to the County. Upon termination, the Contractor may
make and retain a copy of such materials. Subject to availability of funding, Contractor shall be entitled to receive
payment for work/services provided prior to termination of the Agreement. Such payment shall be that portion of
the full payment which is determined by comparing the work/services completed to the work/services required by
the Agreement.
                                                               38
5.           Availability of Funds
The County may terminate this Agreement or a portion of the services referenced in the Attachments and Exhibits
based upon unavailability of Federal, State, or County funds, by providing written notice to Contractor as soon as
is reasonably possible after the County learns of said unavailability of outside funding.

6.            Relationship of Parties
Contractor agrees and understands that the work/services performed under this Agreement are performed as an
independent Contractor and not as an employee of the County and that Contractor acquires none of the rights,
privileges, powers, or advantages of County employees.

7.                                                        Hold Harmless
Contractor shall indemnify and save harmless County, its officers, agents, employees, and servants from all
claims, suits, or actions of every name, kind, and description, brought for, or on account of: (A) injuries to or
death of any person, including Contractor, or (B) damage to any property of any kind whatsoever and to
whomsoever belonging, (C) any sanctions, penalties, or claims of damages resulting from Contractor’s failure to
comply with the requirements set forth in the Health Insurance Portability and Accountability Act of 1996 (HIPAA)
and all Federal regulations promulgated thereunder, as amended, or (D) any other loss or cost, including but not
limited to that caused by the concurrent active or passive negligence of County, its officers, agents, employees,
or servants, resulting from the performance of any work required of Contractor or payments made pursuant to this
Agreement, provided that this shall not apply to injuries or damage for which County has been found in a court of
competent jurisdiction to be solely liable by reason of its own negligence or willful misconduct.

The duty of Contractor to indemnify and save harmless as set forth herein, shall include the duty to defend as set
forth in Section 2778 of the California Civil Code.

8.                                          Assignability and Subcontracting
Contractor shall not assign this Agreement or any portion thereof to a third party or subcontract with a third party
to provide services required by contractor under this Agreement without the prior written consent of County. Any
such assignment or subcontract without the County’s prior written consent shall give County the right to
automatically and immediately terminate this Agreement.

9.                                                              Insurance
The Contractor shall not commence work or be required to commence work under this Agreement unless and
until all insurance required under this paragraph has been obtained and such insurance has been approved by
Risk Management, and Contractor shall use diligence to obtain such insurance and to obtain such approval. The
Contractor shall furnish the County with certificates of insurance evidencing the required coverage, and there
shall be a specific contractual liability endorsement extending the Contractor's coverage to include the contractual
liability assumed by the Contractor pursuant to this Agreement. These certificates shall specify or be endorsed to
provide that thirty (30) days' notice must be given, in writing, to the County of any pending change in the limits of
liability or of any cancellation or modification of the policy.

         (1)   Worker's Compensation and Employer's Liability Insurance The Contractor shall have in
               effect during the entire life of this Agreement Workers' Compensation and Employer's Liability
               Insurance providing full statutory coverage. In signing this Agreement, the Contractor certifies, as
               required by Section 1861 of the California Labor Code, that it is aware of the provisions of
               Section 3700 of the California Labor Code which requires every employer to be insured against
               liability for Worker's Compensation or to undertake self-insurance in accordance with the provisions
               of the Code, and will comply with such provisions before commencing the performance of the work
               of this Agreement.

         (2)   Liability Insurance The Contractor shall take out and maintain during the life of this Agreement
               such Bodily Injury Liability and Property Damage Liability Insurance as shall protect him/her while
               performing work covered by this Agreement from any and all claims for damages for bodily injury,
               including accidental death, as well as any and all claims for property damage which may arise from
               contractors operations under this Agreement, whether such operations be by himself/herself or by
               any sub-contractor or by anyone directly or indirectly employed by either of them. Such insurance
               shall be combined single limit bodily injury and property damage for each occurrence and shall be
               not less than the amount specified below.


                                                             39
              Such insurance shall include:
              (a) Comprehensive General Liability . . . . . . . . . . . . . . . . . .               $1,000,000
              (b) Motor Vehicle Liability Insurance . . . . . . . . . . . . . . . . . .             $1,000,000
              (c)  Professional Liability . . . . . . . . . . . . . . . . . . . . . . . . . . . .   $1,000,000

County and its officers, agents, employees and servants shall be named as additional insured on any such
policies of insurance, which shall also contain a provision that the insurance afforded thereby to the County, its
officers, agents, employees and servants shall be primary insurance to the full limits of liability of the policy, and
that if the County or its officers and employees have other insurance against the loss covered by such a policy,
such other insurance shall be excess insurance only.

In the event of the breach of any provision of this section, or in the event any notice is received which indicates
any required insurance coverage will be diminished or canceled, the County of San Mateo at its option, may,
notwithstanding any other provision of this Agreement to the contrary, immediately declare a material breach of
this Agreement and suspend all further work pursuant to this Agreement.

10.                               Compliance with laws; payment of Permits/Licenses
All services to be performed by Contractor pursuant to this Agreement shall be performed in accordance with all
applicable Federal, State, County, and municipal laws, ordinances and regulations, including, but not limited to,
the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and the Federal Regulations
promulgated thereunder, as amended, and will comply with the Business Associate requirements set forth in
Attachment “H,” and the Americans with Disabilities Act of 1990, as amended, and Section 504 of the
Rehabilitation Act of 1973, as amended and attached hereto and incorporated by reference herein as Attachment
“I,” which prohibits discrimination on the basis of handicap in programs and activities receiving any Federal or
County financial assistance. Such services shall also be performed in accordance with all applicable ordinances
and regulations, including, but not limited to, appropriate licensure, certification regulations, provisions pertaining
to confidentiality of records, and applicable quality assurance regulations. In the event of a conflict between the
terms of this Agreement and State, Federal, County, or municipal law or regulations, the requirements of the
applicable law will take precedence over the requirements set forth in this Agreement. Further, Contractor
certifies that the Contractor and all of its subcontractors will adhere to all applicable provisions of Chapter 4.106
of the San Mateo County Ordinance Code, which regulates the use of disposable food service ware .

Contractor will timely and accurately complete, sign, and submit all necessary documentation of compliance.

11.                                        Non-Discrimination and Other Requirements
A.          Section 504 applies only to Contractors who are providing services to members of the public.
            Contractor shall comply with § 504 of the Rehabilitation Act of 1973, which provides that no otherwise
            qualified handicapped individual shall, solely by reason of a disability, be excluded from the
            participation in, be denied the benefits of, or be subjected to discrimination in the performance of this
            Agreement.
B.          General non-discrimination. No person shall, on the grounds of race, color, religion, ancestry,
            gender, age (over 40), national origin, medical condition (cancer), physical or mental disability, sexual
            orientation, pregnancy, childbirth or related medical condition, marital status, or political affiliation be
            denied any benefits or subject to discrimination under this Agreement.
C.          Equal employment opportunity. Contractor shall ensure equal employment opportunity based on
            objective standards of recruitment, classification, selection, promotion, compensation, performance
            evaluation, and management relations for all employees under this Agreement. Contractor’s equal
            employment policies shall be made available to County of San Mateo upon request.
D.          Violation of Non-discrimination provisions. Violation of the non-discrimination provisions of this
            Agreement shall be considered a breach of this Agreement and subject the Contractor to penalties,
            to be determined by the County Manager, including but not limited to
                i)     termination of this Agreement;
                ii)    disqualification of the Contractor from bidding on or being awarded a County contract for a
                       period of up to 3 years;
                iii)   liquidated damages of $2,500 per violation;
                iv)    imposition of other appropriate contractual and civil remedies and sanctions, as determined
                       by the County Manager.




                                                                           40
To effectuate the provisions of this section, the County Manager shall have the authority to examine Contractor’s
employment records with respect to compliance with this paragraph and/or to set off all or any portion of the
amount described in this paragraph against amounts due to Contractor under the Contract or any other Contract
between Contractor and County.

Contractor shall report to the County Manager the filing by any person in any court of any complaint of
discrimination or the filing by any person of any and all charges with the Equal Employment Opportunity
Commission, the Fair Employment and Housing Commission or any other entity charged with the investigation of
allegations within 30 days of such filing, provided that within such 30 days such entity has not notified Contractor
that such charges are dismissed or otherwise unfounded. Such notification shall include the name of the
complainant, a copy of such complaint, and a description of the circumstance. Contractor shall provide County
with a copy of their response to the Complaint when filed.

E.          Compliance with Equal Benefits Ordinance. With respect to the provision of
            employee benefits, Contractor shall comply with the County Ordinance which
            prohibits contractors from discriminating in the provision of employee
            benefits between an employee with a domestic partner and an employee with
            a spouse.
     F..    The Contractor shall comply fully with the non-discrimination requirements
            required by 41 CFR 60-741.5(a), which is incorporated herein as if fully set
            forth.

12.                      Compliance with Contractor Employee Jury Service Ordinance
Contractor shall comply with the County Ordinance with respect to provision of jury duty pay to employees and
have and adhere to a written policy that provides that its employees shall receive from the Contractor, on an
annual basis, no less than five days of regular pay for actual jury service in San Mateo County. The policy may
provide that employees deposit any fees received for such jury service with the Contractor or that the Contractor
deduct from the employees’ regular pay the fees received for jury service.

13.                              Retention of Records, Right to Monitor and Audit
(a) CONTRACTOR shall maintain all required records for three (3) years after the COUNTY makes final payment
and all other pending matters are closed, and shall be subject to the examination and/or audit of the County, a
Federal grantor agency, and the State of California.

(b) Reporting and Record Keeping: CONTRACTOR shall comply with all program and fiscal reporting
requirements set forth by appropriate Federal, State and local agencies, and as required by the COUNTY.

(c) CONTRACTOR agrees to provide to COUNTY, to any Federal or State department having monitoring or
review authority, to COUNTY's authorized representatives, and/or their appropriate audit agencies upon
reasonable notice, access to and the right to examine all records and documents necessary to determine
compliance with relevant Federal, State, and local statutes, rules and regulations, and this Agreement, and to
evaluate the quality, appropriateness and timeliness of services performed.

14.                                                    Merger Clause
This Agreement, including the Exhibits attached hereto and incorporated herein by reference, constitutes the sole
Agreement of the parties hereto and correctly states the rights, duties, and obligations of each party as of this
document's date. In the event that any term, condition, provision, requirement or specification set forth in this
body of the agreement conflicts with or is inconsistent with any term, condition, provision, requirement or
specification in any exhibit and/or attachment to this agreement, the provisions of this body of the agreement
shall prevail. Any prior agreement, promises, negotiations, or representations between the parties not expressly
stated in this document are not binding. All subsequent modifications shall be in writing and signed by the
parties.

15.           Controlling Law and Venue
The validity of this Agreement and of its terms or provisions, as well as the rights and duties of the parties
hereunder, the interpretation, and performance of this Agreement shall be governed by the laws of the State of
California. Any dispute arising out of this Agreement shall be venued either in the San Mateo County Superior
Court or in the United States District Court for the Northern District of California.


                                                             41
16.         Notices
            Any notice, request, demand, or other communication required or permitted hereunder shall be
            deemed to be properly given when both (1) transmitted via facsimile to the telephone number listed
            below and (2) either deposited in the United State mail, postage prepaid, or when deposited for
            overnight delivery with an established overnight courier that provides a tracking number showing
            confirmation of receipt, for transmittal, charges prepaid, addressed to:

                         In the case of County, to:


                         In the case of Contractor, to:


            In the event that the facsimile transmission is not possible, notice shall be given
            both by United States mail and an overnight courier as outlined above.


IN WITNESS WHEREOF, the parties hereto, by their duly authorized representatives, have affixed their hands.

                                                 COUNTY OF SAN MATEO


                                                 By:
                                                 President, Board of Supervisors, San Mateo County


                                                 Date:

ATTEST:


By:
Clerk of Said Board


D.      [Contractor Name Here]

Contractor’s Signature

Date:
        Long Form Agreement/Business Associate v 8/19/08




                                                          42
                                        Exhibit “A” – SERVICES
                            AGREEMENT BETWEEN COUNTY OF SAN MATEO
                                 AND VENDOR NAME (BOLD CAPS)
      In consideration of the payments set forth in Exhibit “B”, Contractor shall provide the following services:

SCOPE OF WORK




The methods and techniques used to provide services to the County are within the Contractor’s
discretion, but subject to County Information Services Department’s technology policies, guidelines, and
requirements. The amount of time, specific hours, and location of the performance of the Contractor’s
Services is also left to the Contractor’s discretion provided that Contractor coordinates with County
Departments as needed.


                             Exhibit “B” – PAYMENTS AND RATES
                            AGREEMENT BETWEEN COUNTY OF SAN MATEO
                                 AND VENDOR NAME (BOLD CAPS)
In consideration of the services provided by Contractor in Exhibit “A”, County shall pay
Contractor based on the following fee schedule:

        1. SCHEDULE OF CHARGES



Contractor will provide the County’s Information Services Department with original receipts for
all reimbursable expenses. Contractor shall be reimbursed for mileage at $0.505 per mile, and
Direct costs for lodging, meals, car rental, and airfare. Meals shall be at the County’s per diem
Rate of $45 per day.

Contractor will invoice on monthly basis. The County will submit payment within thirty (30) days
of receipt of invoice.

In no event shall the total payment for services under this Agreement exceed XXX ($). The
County will have the right to withhold payment if the County determines that the quantity or
quality of work performed is unacceptable.

Contractor agrees that the requirements of this Agreement pertaining to the protection of
Proprietary rights and confidentiality shall survive termination of this Agreement.




                                                             43
                                         Attachment H
                   Health Insurance Portability and Accountability Act (HIPAA)
                               Business Associate Requirements

                                             Definitions
        Terms used, but not otherwise defined, in this Schedule shall have the same meaning as those
terms are defined in 45 Code of Federal Regulations section 160.103 164.304 and 164.501. (All
regulatory references in this Schedule are to Title 45 of the Code of Federal Regulations unless
otherwise specified.)

       a. Designated Record Set. “Designated Record Set” shall have the same meaning as the
            term “designated record set” in Section 164.501.
       b. Electronic Protected Health Information. “Electronic Protected Health Information” (“EPHI”)
            means individually identifiable health information that is transmitted or maintained in
            electronic media, limited to the information created, received, maintained or transmitted by
            Business Associate from or on behalf of Covered Entity.
       c.   Individual. “Individual” shall have the same meaning as the term “individual” in Section
            160.103 and shall include a person who qualifies as a personal representative in
            accordance with Section 164.502(g).
       d.   Privacy Rule. “Privacy Rule” shall mean the Standards for Privacy of Individually
            Identifiable Health Information at 45 Code of Federal Regulations Part 160 and Part 164,
            Subparts A and E.
       e.   Protected Health Information. “Protected Health Information” shall have the same meaning
            as the term “protected health information” in Section 160.103 and is limited to the
            information created or received by Contractor from or on behalf of County.
       f.   Required By Law. “Required by law” shall have the same meaning as the term “required by
            law” in Section 164.103.
       g.   Secretary. “Secretary” shall mean the Secretary of the United States Department of Health
            and Human Services or his or her designee.
       h.   Security Incident. “Security Incident” shall mean the attempted or successful unauthorized
            access, use, disclosure, modification, or destruction of information or interference with
            systems operations in an information system, but does not include minor incidents that
            occur on a daily basis, such as scans, “pings”, or unsuccessful random attempts to
            penetrate computer networks or servers maintained by Business Associate
       i.   Security Rule. “Security Rule” shall mean the Standards for the Protection of Electronic
            Protected Health Information at 45 CFR Part 160 and Part 164, Subparts A and C.

                          Obligations and Activities of Contractor

       a. Contractor agrees to not use or further disclose Protected Health Information other than as
            permitted or required by the Agreement or as required by law.
       b.   Contractor agrees to use appropriate safeguards to prevent the use or disclosure of the
            Protected Health Information other than as provided for by this Agreement.
       c.   Contractor agrees to mitigate, to the extent practicable, any harmful effect that is known to
            Contractor of a use or disclosure of Protected Health Information by Contractor in violation
            of the requirements of this Agreement.




                                                -1-
        d. Contractor agrees to report to County any use or disclosure of the Protected Health
             Information not provided for by this Agreement.
        e.   Contractor agrees to ensure that any agent, including a subcontractor, to whom it provides
             Protected Health Information received from, or created or received by Contractor on behalf
             of County, agrees to the same restrictions and conditions that apply through this Agreement
             to Contractor with respect to such information.
        f.   If Contractor has protected health information in a designated record set, Contractor agrees
             to provide access, at the request of County, and in the time and manner designated by
             County, to Protected Health Information in a Designated Record Set, to County or, as
             directed by County, to an Individual in order to meet the requirements under Section
             164.524.
        g.   If Contractor has protected health information in a designated record set, Contractor agrees
             to make any amendment(s) to Protected Health Information in a Designated Record Set
             that the County directs or agrees to make pursuant to Section 164.526 at the request of
             County or an Individual, and in the time and manner designed by County.
        h.   Contractor agrees to make internal practices, books, and records relating to the use and
             disclosure of Protected Health Information received from, or created or received by
             Contractor on behalf of, County available to the County or to the Secretary, in a time and
             manner designated by the County or the Secretary, for purposes of the Secretary
             determining County’s compliance with the Privacy Rule.
        i.   Contractor agrees to document such disclosures of Protected Health Information and
             information related to such disclosures as would be required for County to respond to a
             request by an Individual for an accounting of disclosures of Protected Health Information in
             accordance with Section 164.528.
        j.   Contractor agrees to provide to County or an Individual in the time and manner designated
             by County, information collected in accordance with Section (i) of this Schedule, to permit
             County to respond to a request by an Individual for an accounting of disclosures of
             Protected Health Information in accordance with Section 164.528.
        k.   Contractor shall implement administrative, physical, and technical safeguards that
             reasonably and appropriately protect the confidentiality, integrity, and availability of EPHI
             that Contractor creates, receives, maintains, or transmits on behalf of County.
        l.   Contractor shall conform to generally accepted system security principles and the
             requirements of the final HIPAA rule pertaining to the security of health information.
        m.   Contractor shall ensure that any agent to whom it provides EPHI, including a subcontractor,
             agrees to implement reasonable and appropriate safeguards to protect such EPHI.
        n.   Contractor shall report to County any Security Incident within 5 business days of becoming
             aware of such incident.
        o.   Contractor shall makes its policies, procedures, and documentation relating to the security
             and privacy of protected health information, including EPHI, available to the Secretary of
             the U.S. Department of Health and Human Services and, at County’s request, to the County
             for purposes of the Secretary determining County’s compliance with the HIPAA privacy and
             security regulations.

                      Permitted Uses and Disclosures by Contractor
        Except as otherwise limited in this Schedule, Contractor may use or disclose Protected Health
Information to perform functions, activities, or services for, or on behalf of, County as specified in the
Agreement; provided that such use or disclosure would not violate the Privacy Rule if done by County.




                                                 -2-
                               Obligations of County

a. County shall provide Contractor with the notice of privacy practices that County produces in
     accordance with Section 164.520, as well as any changes to such notice.
b. County shall provide Contractor with any changes in, or revocation of, permission by
     Individual to use or disclose Protected Health Information, if such changes affect
     Contractor’s permitted or required uses and disclosures.
c.   County shall notify Contractor of any restriction to the use or disclosure of Protected Health
     Information that County has agreed to in accordance with Section 164.522.




                                         -3-
                               Permissible Requests by County
         County shall not request Contractor to use or disclose Protected Health Information in any
manner that would not be permissible under the Privacy Rule if done by County, unless the Contractor
will use or disclose Protected Health Information for, and if the Agreement provides for, data
aggregation or management and administrative activities of Contractor.

Duties Upon Termination of Agreement

       a. Upon termination of the Agreement, for any reason, Contractor shall return or destroy all
            Protected Health Information received from County, or created or received by Contractor on
            behalf of County. This provision shall apply to Protected Health Information that is in the
            possession of subcontractors or agents of Contractor. Contractor shall retain no copies of
            the Protected Health Information.
       b.   In the event that Contractor determines that returning or destroying Protected Health
            Information is infeasible, Contractor shall provide to County notification of the conditions
            that make return or destruction infeasible. Upon mutual agreement of the Parties that
            return or destruction of Protected Health Information is infeasible, Contractor shall extend
            the protections of the Agreement to such Protected Health Information and limit further uses
            and disclosures of such Protected Health Information to those purposes that make the
            return or destruction infeasible, for so long as Contractor maintains such Protection Health
            Information.

                                           Miscellaneous

       a. Regulatory References. A reference in this Schedule to a section in the Privacy Rule
            means the section as in effect or as amended, and for which compliance is required.
       b. Amendment. The Parties agree to take such action as is necessary to amend this
            Schedule from time to time as is necessary for County to comply with the requirements of
            the Privacy Rule and the Health Insurance Portability and Accountability Act, Public Law
            104-191.
       c.   Survival. The respective rights and obligations of Contractor under this Schedule shall
            survive the termination of the Agreement.
       d.   Interpretation. Any ambiguity in this Schedule shall be resolved in favor of a meaning that
            permits County to comply with the Privacy Rule.
       e.   Reservation of Right to Monitor Activities. County reserves the right to monitor the security
            policies and procedures of Contractor

                                                                                         (rev. 8/08)




                                                -4-
       Assurance of Compliance with Section 504 of the Rehabilitation Act of 1973, as Amended

       The undersigned (hereinafter called the "Contractor(s)") hereby agrees that it will comply with Section 504
       of the Rehabilitation Act of 1973, as amended, all requirements imposed by the applicable DHHS
       regulation, and all guidelines and interpretations issued pursuant thereto.

The Contractor(s) gives/give this assurance in consideration of for the purpose of obtaining contracts
      after the date of this assurance. The Contractor(s) recognizes/recognize and agrees/agree that
      contracts will be extended in reliance on the representations and agreements made in this
      assurance. This assurance is binding on the Contractor(s), its successors, transferees, and
      assignees, and the person or persons whose signatures appear below are authorized to sign
      this assurance on behalf of the Contractor(s).

       The Contractor(s): (Check a or b)

                             a. Employs fewer than 15 persons.

                       b. Employs 15 or more persons and, pursuant to section 84.7 (a)
                       of the regulation (45 C.F.R. 84.7 (a), has designated the following
                                      person(s) to coordinate its efforts to comply with the
                       DHHS           regulation.

               _____________________________________________________
               Name of 504 Person - Type or Print

               _____________________________________________________
               Name of Contractor(s) - Type or Print

               _____________________________________________________
               Street Address or P.O. Box

               _____________________________________________________
               City, State, Zip Code

       I certify that the above information is complete and correct to the best of my knowledge.

               _____________________________________________________
               Signature

               _____________________________________________________
               Title of Authorized Official

               _____________________________________________________
               Date

       *Exception: DHHS regulations state that:

               "If a recipient with fewer than 15 employees finds that, after consultation with a disabled
               person seeking its services, there is no method of complying with (the facility
               accessibility regulations) other than making a significant alteration in its existing facilities,
               the recipient may, as an alternative, refer the handicapped person to other providers of
               those services that are accessible."




                                                        5
Attachment IP – Intellectual Property Rights

1. The County of San Mateo (“County”), shall and does own all titles, rights and interests in all
   Work Products created by Contractor and its subcontractors (collectively “Vendors”) for the
   County under this Agreement. Contractor may not sell, transfer, or permit the use of any
   Work Products without the express written consent of the County.

2. “Work Products” are defined as all materials, tangible or not, created in whatever medium
   pursuant to this Agreement, including without limitation publications, promotional or
   educational materials, reports, manuals, specifications, drawings and sketches, computer
   programs, software and databases, schematics, marks, logos, graphic designs, notes,
   matters and combinations thereof, and all forms of intellectual property.

3. Contractor shall not dispute or contest, directly or indirectly, the County’s exclusive right and
   title to the Work Products nor the validity of the intellectual property embodied therein.
   Contractor hereby assigns, and if later required by the County, shall assign to the County all
   titles, rights and interests in all Work Products. Contractor shall cooperate and cause
   subcontractors to cooperate in perfecting County’s titles, rights or interests in any Work
   Product, including prompt execution of documents as presented by the County.

4. To the extent any of the Work Products may be protected by U.S. Copyright laws, Parties
   agree that the County commissions Vendors to create the copyrightable Work Products,
   which are intended to be work-made-for-hire for the sole benefit of the County and the
   copyright of which is vested in the County.

5. In the event that the title, rights, and/or interests in any Work Products are deemed not to be
   “work-made-for-hire” or not owned by the County, Contractor hereby assigns and shall
   require all persons performing work pursuant to this Agreement, including its subcontractors,
   to assign to the County all titles, rights, interests, and/or copyrights in such Work Product.
   Should such assignment and/or transfer become necessary or if at any time the County
   requests cooperation of Contractor to perfect the County’s titles, rights or interests in any
   Work Product, Contractor agrees to promptly execute and to obtain execution of any
   documents (including assignments) required to perfect the titles, rights, and interests of the
   County in the Work Products with no additional charges to the County beyond that identified
   in this Agreement or subsequent change orders. The County, however, shall pay all filing
   fees required for the assignment, transfer, recording, and/or application.

6. Contractor agrees that before commencement of any subcontract work it will incorporate this
   Schedule I to contractually bind or otherwise oblige its subcontractors and personnel
   performing work under this Agreement such that the County’s titles, rights, and interests in
   Work Products are preserved and protected as intended herein.




                                                -1-
2
Contractor’s Declaration Form

                                  I. CONTRACTOR INFORMATION
      Contractor                                                  Phone:
          Name:
 Contact Person:                                                      Fax:
       Address:



II. EQUAL BENEFITS (check one or more boxes)
Contractors with contracts in excess of $5,000 must treat spouses and domestic partners
equally as to employee benefits.
      Contractor complies with the County’s Equal Benefits Ordinance by:
            offering equal benefits to employees with spouses and employees with domestic
            partners. cash equivalent payment to eligible employees in lieu of equal benefits.
            offering a
      Contractor does not comply with the County’s Equal Benefits Ordinance.
      Contractor is exempt from this requirement because:
            Contractor has no employees, does not provide benefits to employees’ spouses,
            or the contract is for $5,000 or less.
            Contractor is a party to a collective bargaining agreement that began on
            (date) and expires on          (date), and intends to offer equal benefits when said
            agreement expires.

                            III. NON-DISCRIMINATION (check appropriate box)
       Finding(s) of discrimination have been issued against Contractor within the past year
       by the Equal Employment Opportunity Commission, Fair Employment and Housing
       Commission, or other investigative entity. Please see attached sheet of paper
       explaining the outcome(s) or remedy for the discrimination.
       No finding of discrimination has been issued in the past year against the Contractor by
       the Equal Employment Opportunity Commission, Fair Employment and Housing
       Commission, or any other entity.

                        IV. EMPLOYEE JURY SERVICE (check one or more boxes)
Contractors with original or amended contracts in excess of $100,000 must have and adhere to
a written policy that provides its employees living in San Mateo County up to five days regular
pay for actual jury service in the County.
       Contractor complies with the County’s Employee Jury Service Ordinance.
       Contractor does not comply with the County’s Employee Jury Service Ordinance.
       Contractor is exempt from this requirement because:
            the contract is for $100,000 or less.
           Contractor is a party to a collective bargaining agreement that began on
           (date) and expires on           (date), and intends to comply when the collective
           bargaining agreement expires.


I declare under penalty of perjury under the laws of the State of California that the foregoing is true and correct, and
that I am authorized to bind this entity contractually.
                                                                                                             3
________________________________________                   ______________________________________
Signature                                                  Name

________________________________________                   ______________________________________
Date Title




Request for Proposal: Enterprise Clinical Information System Nov. 2010              4
                                        APPENDIX A1
                          TECHNICAL REQUIREMENTS RESPONSE FORM
                               FOR A CLIENT SERVER SOLUTION

If proposing a client server solution, please complete and submit Appendix A1 with your proposal.

 A.    TECHNICAL REQUIREMENTS

       1. Description of System

           a. Provide a description of the proposed product, database, software and services, including
              how the proposed system will meet or exceed the requirements stated in the entire RFP.
              Include sufficient technical information about the application, operating environment and
              performance data to enable the County to determine whether or not the proposed system
              meets the technical environment prerequisites.

           b. Identify/list all software required for the solution that is not supplied directly by the
              Proposer (any/all third party software).

           c. Provide an overview and/or benchmarks relating to the system’s ability to process
              information in real time. Include the number of concurrent users as well as named users
              the proposed system will accommodate and state the maximum number of recommended
              users.

           d. Identify any requirement to purchase interfaces from other vendors to work with the
              proposed solution.

           e. Define the scalability of the proposed system.

                     i.   Can the system be purchased in modules and expanded?
                    ii.   How scalable is the proposed software regarding the number of users?
                   iii.   Does the system scale in parallel, i.e. can additional application servers be
                          configured in a load-balanced cluster?
                   iv.    Can the database, application and data analysis components be configured to
                          reside on separate independent servers, so that one impacted subsystem does
                          not affect the overall solution?

           f.   Identify how many users are can access the proposed system. (Concurrent users).

           g. Identify if the proposed software is COM (Component Object Model) compliant.

           h. Identify if the proposed software is ODBC, OLE-DB or OLAP compliant. Identify any
              drivers provided.

           i.   Describe licenses required for the software (concurrent / per seat and the number
                associated).

           j.   Describe how the system protects database records while it is being accessed by one
                user, so that multiple users will not attempt to change the record at the same time.




Request for Proposal: Enterprise Clinical Information System Nov. 2010                       5
           k. Identify if the solution’s database is ACID (Atomicity, Consistency, Isolation and Durability)
              compliant, and how it provides transaction rollback capability in the event of a failed
              transaction.

           l.   Define the requirements for a test system. Include all related components (hardware,
                software, etc.) Include test system costs.

           m. Describe the maximum number of database records that can be stored.

           n. Define which third party reporting tools the system is compatible with the proposed
              system.

           o. Describe the ability to test interfaces to the HIS system.

           p. Provide the data dictionary and schema with the system.

           q. Describe the minimum monitor and screen resolution limit.

           r.   Describe the process for change management or customer notification.

           s. Describe the current version number and release date, including how often target dates
              are met.

           t.   Provide continuous application and system support 24 hours a day, 365 days per year.

           u. Provide the company escalation and response plan, and describe how issues are triaged
              and escalated.

           v. Provide the average response time of the proposed system, including the average
              page/screen flip time.

           w. Describe the level of customization available without a programmer or vendor support.

           x. Provide the location of the closest service representative.

           y. Define the system uptime. Include planned downtime windows.

       2. Equipment and Software

           a. Provide detailed server hardware specifications, including but not limited to:
                   i.  operating system,
                  ii.  processors type and speed,
                 iii.  redundancy
                 iv.   system configuration
                  v.   hard drive size

           b. Include a list of all hardware and software components SMMC must purchase.

           c. Describe the proposed system architecture.

           d. Describe the proposed systems transaction processing capabilities.

           e. Describe how the client software components are able to coexist with other software and
              applications on end-user workstations.
Request for Proposal: Enterprise Clinical Information System Nov. 2010                    6
           f.   Describe the reporting software compatible with the proposed system. (Crystal Reports,
                Excel, Access, etc.)

           g. Describe hardware support and escalation process.

           h. Describe any maintenance and support the client is expected to do.

       3. Backup/Recovery

           a. Describe the backup capabilities for the proposed system.

           b. Describe the process for automatic reprogramming and/or recovery after a failure due to
              hardware, software or absence of power.

           c. Describe the capabilities for periodically exporting data stored in the database, and if it
              can be exported to MS Excel, MS Access or other software.

       4. Network/Hardware

           a. Proposer must meet the SMMC ISD technical requirements listed in section B 4,
              “Technical Environment.”

           b. Provide a system/network design diagram, which provides a visual summary of the
              system’s servers, network and ancillary components and their relationships.

           c. Describe any proprietary equipment utilized.

           d. Describe any special networking requirements, i.e. dedicated/segregated network
              segments, VLANs, etc.

           e. Describe the response time expected with the proposed system.

       5. Data Management

           a. Describe the data management approach.

           b. Explain if the data is stored in separate databases.

           c. Provide a copy of the Service Level Agreement.

           d. Explain how the information can be retrieved from the archive. Explain how the data is
              stored within the database, including if it can be stored in a separate database.

       6. Storage

           a. Explain how data is archived (e.g., on demand, automatically, via optical disk, etc.)


           b. Describe how the system will store the data on non-proprietary media and in an industry-
              standard format. Proposer should also specify the type of media used for long-term
              storage and the format in which it is stored.




Request for Proposal: Enterprise Clinical Information System Nov. 2010                     7
           c. Describe the archival scheme for the system, including the recommended length of time
              data is retained on the production system and the availability of data for reporting after
              archiving.

           d. Describe the maximum size of the database and the largest currently operating production
              and archive directories.

           e. Describe the long-term storage options available for the system.

           f.   Describe how the system will print information on demand. Proposer must specify any
                special hardware or required printers necessary for printing.

           g. Explain how long Batches remain in the system.

       7. Integration

           a. Describe if the system supports a web-based front end or if a client install is required.

           b. Define the system’s capability to support multiple browser types (i.e. Internet Explorer,
              Mozilla Firefox, and Opera) on different platforms, and the minimum version of each
              browser supported if the system supports web-based access.

           c. Specify all browser plug-ins necessary to utilize web-based features.

           d. Specify the web service standards used and the functionality exposed through the web
              services, if the system supports the use of web service protocols such as SOAP.

           e. Describe if the system can integrate with the existing registration information system via
              outbound HL7 interface.


       8. Critical Updates, Patches and Antivirus

           a. Describe the process for approving and installing operating system Critical Updates.
              Attach the Proposer policy regarding Microsoft Critical Updates.

           b. Describe or attach the company Service Pack policy for the proposed solution.


           c. Describe any issues that may occur when running Antivirus software in real-time on the
              workstations.

           d. Describe or attach the company policy regarding the use of anti-virus software with the
              proposed system.


           e. Describe the disclosure policies related to security vulnerabilities found in the system,
              including procedures in place to notify customers of potential flaws, and the average time
              between a flaw being discovered and corrective action taken.

       9. Application Security Features

           a. Describe the system’s compliance with LDAP (Lightweight Directory Access Protocol),
              and how the system can be configured to authenticate users against it.
Request for Proposal: Enterprise Clinical Information System Nov. 2010                    8
           b. Describe how the proposed solution can be configured to authenticate users against an
              Active Directory 2003 tree, if possible.

           c. Describe how the solution audits user access and privilege use and the information that is
              logged.

           d. Describe how the solution allows SMMC to configure minimum password difficulty
              requirements, and password lockout policies.

           e. Describe how the solution allows system administrators to set a password expiration
              policy, thereby requiring end-users to change their passwords at a specified interval.

           f.    Describe how the solution encrypts sensitive information transmitted across the network
                 and internet, and specify the algorithms used.

           g. Specify whether the system establishes user identity via:

                 i. A user ID and password; or
                ii. Two-factor authentication, such as a smart-card and a PIN. If two-factor authentication
                    is available or used, Proposer must describe the hardware requirements, the
                    authentication process, and any supplies needed for ongoing implementation.

           h. Describe how access privileges are configured in the system, and whether or not
              privileges can be based on group designations.

           i.    Describe how different levels of security and privileges are established.

           j.    Specify if a “user inactivity timeout” feature is available that forces a user to re-
                 authenticate if idle for a preconfigured amount of time.

           k. Describe how the system utilizes electronic signatures and electronic confirmation.

       10. Security

           Explain how the security and confidentiality of the system data collected and entered into the
           system will be maintained.

       11. Escrow

           a. Explain your company’s ability to make available a software escrow account and include
               the source code and all products released during the maintenance term, including third
              party software. List the products that your company will hold in an escrow account and a
              list of those products that cannot be held and explain why.

           b. Explain in detail the process to retrieve the software source code.

           c. Provide written evidence of ability to provide and maintain a Software Escrow account in
              the form of a letter from an escrow agent or other acceptable third party.




Request for Proposal: Enterprise Clinical Information System Nov. 2010                         9
                                        APPENDIX A2
                          TECHNICAL REQUIREMENTS RESPONSE FORM
                                    FOR A SAAS SOLUTION

If proposing a SaaS solution, please complete and submit Appendix A2 with your proposal.

 A.    TECHNICAL REQUIREMENTS

       1. Description of System

           a. Provide a description of the proposed product, database, software and services, including
              how the proposed system will meet or exceed the requirements stated in the entire RFP.
              Include sufficient technical information about the application, operating environment and
              performance data to enable SMMC to determine whether or not the proposed system
              meets the technical environment prerequisites.

           b. Identify/list all software required for the solution that is not supplied directly by the
              Proposer (any/all third party software).

           c. Provide an overview and/or benchmarks relating to the system’s ability to process
              information in real time. Include the number of concurrent users as well as named users
              the proposed system will accommodate and state the maximum number of recommended
              users.

           d. Identify any requirement to purchase interfaces from other vendors to work with the
              proposed solution.

           e. Define the scalability of the proposed system.

                     i.   Can the system be purchased in modules and expanded?
                    ii.   How scalable is the proposed software regarding the number of users?
                   iii.   Does the system scale in parallel, i.e. can additional application servers be
                          configured in a load-balanced cluster?
                   iv.    Can the database, application and data analysis components be configured to
                          reside on separate independent servers, so that one impacted subsystem does
                          not affect the overall solution?

           f.   Identify how many users are can access the proposed system. (Concurrent users).

           g. Identify if the proposed software is COM (Component Object Model) compliant.

           h. Identify if the proposed software is ODBC, OLE-DB or OLAP compliant. Identify any
              drivers provided.

           i.   Describe licenses required for the software (concurrent / per seat and the number
                associated).

           j.   Describe how the system protects database records being accessed by multiple users, so
                that users cannot attempt to change a record at the same time.

           k. Identify if the solution’s database is ACID (Atomicity, Consistency, Isolation and Durability)
              compliant, and how it provides transaction rollback capability in the event of a failed
              transaction.

Request for Proposal: Enterprise Clinical Information System Nov. 2010                      10
           l.   Define the requirements for a test system. Include all related components (hardware,
                software, etc.) Include test system costs.

           m. Describe the maximum number of database records that can be stored.

           n. Define which third party reporting tools the proposed system is compatible with the
              proposed system.

           o. Describe the ability to test interfaces with the Hospital Information System (HIS).

           p. Provide the data dictionary and schema with the system.

           q. Describe the minimum monitor and screen resolution limit.

           r.   Describe the process for change management or customer notification.

           s. Describe the current generally available (GA) version number and release date, including
              how often new GA releases are made available.

           t.   Provide continuous application and system support 24 hours a day, 365 days per year.
                Describe the process for requesting support during standard business hours and after
                hours.

           u. Provide the company escalation and response plan, and describe how issues are triaged
              and escalated.

           v. Provide the average response time of the proposed system, including the page/screen flip
              time.

           w. Describe the level of customization available without a programmer or vendor support.

           x. Provide the location of the closest service representative.

           y. Define the system uptime. Include planned downtime windows.

       2. Equipment and Software

           a. Provide detailed workstation hardware specifications, including but not limited to,
              operating system, RAM, size of the hard drive, type of monitors, barcode devices,
              scanning devices, barcode printing devices, etc.

           b. Provide detailed hardware specifications for any customer-hosted components being
              proposed.

           c. Describe how the client software components are able to coexist with other software and
              applications on end-user workstations.

           d. Describe the proposed system architecture.

           e. Describe hardware support and escalation process for any customer-hosted component.

           f.   Describe any customer required maintenance/support tasks, and any relevant
                maintenance schedules.

Request for Proposal: Enterprise Clinical Information System Nov. 2010                  11
           g. Describe the reporting software compatible with the proposed system. (Crystal Reports,
              Excel, Access, etc.)

       3. Backup/Recovery

           a. Describe the backup capabilities for the proposed system, including:

                  i. Process for how backups are performed
                 ii. Process for Tenant-initiated backups
                iii. Service availability guarantee

           b. Describe in detail your company’s Disaster Recovery plan, including requirements for
              zero-downtime.

           c. Describe the notification provided if an application failure occurs.

           d. Describe the process for automatic reprogramming and/or recovery after a failure due to
              hardware, software or absence of power.

           e. Describe the capabilities for periodically exporting data stored in the database, and if it
              can be exported to MS Excel, MS Access or other software. Specify supported export
              formats (i.e. Excel, CVS, etc.)

       4. Network/Hardware

           a. Proposer must meet the SMMC ISD technical requirements listed in section B 4,
              “Technical Environment.”

           b. Provide a system/network design diagram, which provides a visual summary of the
              system’s servers, network and ancillary components and their relationships.

           c. Describe any proprietary equipment utilized.

           d. Describe any special networking requirements, i.e. dedicated/segregated network
              segments. VLANs, etc.

           e. Describe the average response time expected with the proposed system.

       5. Storage

           a. Explain how data is archived (e.g., on demand, automatically, via optical disk, etc.)

           b. Describe how the system will store the data on non-proprietary media and in an industry-
              standard format. Proposer should also specify the type of media used for long-term
              storage and the format in which it is stored.

           c. Describe the archival scheme for the system, including the recommended length of time
              data is retained on the production system and the availability of data for reporting after
              archival.


           d. Describe the maximum size of the database and the largest currently operating production
              and archive systems.

Request for Proposal: Enterprise Clinical Information System Nov. 2010                   12
           e. Describe the long-term storage options available for the system.


           f.   Describe how the system will print information on demand. Proposer must specify any
                special hardware or required printers necessary for printing.


           g. Explain how the data is stored within the database, including if it can be stored in a
              separate database for disparate customers and/or locations. Explain how data from
              multiple tenants/customers is segregated and arranged.


           h. Explain how the information can be retrieved from the archive.


           i.   Explain how long batches remain in the system.


       6. Data Management

           a. Describe the data management approach.

           b. Explain if the data is stored in separate databases.

            c. Discuss how databases are kept confidential and how data co-mingling/sharing is
               prevented.

           d. Provide a copy of the Service Level Agreement.

       7. Integration

           a. Define the system’s capability to support multiple browser types (i.e. Internet Explorer,
              Mozilla Firefox, and Opera) on different platforms, and the minimum version of each
              browser supported if the system supports web-based access.

           b. Specify all browser plug-ins necessary to utilize web-based features.

           c. Specify the web service standards used and the functionality exposed through the web
              services, if the system supports the use of web service protocols such as SOAP.

           d. Describe if the system can integrate with the existing Registration information system via
              outbound HL7 interface.

           e. Complete and submit the SaaS Security Assessment Checklist.

       8. Critical Updates, Patches and Antivirus

           a. Describe the process for approving and installing operating system Critical Updates.
              Attach the Proposer policy regarding Microsoft Critical Updates.

           b. Describe or attach the company Service Pack policy for the proposed solution.

           c. Describe the Antivirus software used to protect data in real-time on the vendor’s servers.
Request for Proposal: Enterprise Clinical Information System Nov. 2010                  13
           d. Describe any issues that may occur when running Antivirus software in real-time on the
              workstations.

           e. Describe or attach the company policy regarding the use of anti-virus software with the
              proposed system.

           f.   Describe the disclosure policies related to security vulnerabilities found in the system,
                including procedures in place to notify customers of potential flaws, and the average time
                between a flaw being discovered and corrective action taken.

       9. Application Security Features

           a. Describe the system’s compliance with LDAP (Lightweight Directory Access Protocol),
              and how the system can be configured to authenticate users against it.

           b. Describe how the proposed solution can be configured to authenticate users against an
              Active Directory 2003 tree, if possible.

           c. Describe how the solution audits user access and privilege use and the information that is
              logged.

           d. Describe how the solution allows SMMC to configure minimum password difficulty
              requirements, and password lockout policies.

           e. Describe how the solution allows system administrators to set a password expiration
              policy, thereby requiring end-users to change their passwords at a specified interval.

           f.   Describe how the solution encrypts sensitive information transmitted across the network
                and internet, and specify the algorithms used.

           g. Specify whether the system establishes user identity via:

                    i.   A user ID and password; or
                   ii.   Two-factor authentication, such as a smart-card and a PIN. If two-factor
                             authentication is available or used, Proposer must describe the hardware
                             requirements, the authentication process, and any supplies needed for
                             ongoing implementation.

           h. Describe how access privileges are configured in the system, and whether or not
              privileges can be based on group designations.

           i.   Describe how different levels of security and privileges are established.

           j.   Specify if a “user inactivity timeout” feature is available that forces a user to re-
                authenticate if idle for a preconfigured amount of time.

           k. Describe how the system utilizes electronic signatures and electronic confirmation.

       10. Security

           a. Describe network security features used to protect customer data/information (i.e.
              firewalls, network segmentation, etc.)

Request for Proposal: Enterprise Clinical Information System Nov. 2010                       14
           b. Explain the type of physical security used to protect customer information in vendor data
              centers and co-location facilities.

           c. Explain the type of electronic security used (i.e. biometrics, authentication and
              surveillance) at vendor and co-location facilities.

           d. Explain how the security and confidentiality of the system data collected and entered into
              the system will be maintained.

       11. Escrow

           a. Explain your company’s ability to make available a software escrow account and include
              the source code and all products released during the maintenance term, including third
              party software. List the products that your company will hold in an escrow account and a
              list of those products that cannot be held and explain why.

           b. Explain in detail the process to retrieve the software source code.

           c. Provide written evidence of ability to provide and maintain a Software Escrow account in
              the form of a letter from an escrow agent or other acceptable third party.

           d. Explain in detail the build environment needed to support and/or compile the source code
              in the Software Escrow Account.




Request for Proposal: Enterprise Clinical Information System Nov. 2010                  15
                                      APPENDIX B
                     FUNCTIONALITY AND INTEGRATION RESPONSE FORM

The functionality and integration requirements of the RFP are listed in this section. Proposer, if
proposing more than one type of solution, please submit a Functionality and Integration form for each
solution.

Proposed solution (check one): Client Server: _______                  SaaS: ______

Proposer Name: ______________________________________________

A.      FUNCTIONALITY REQUIREMENTS

In addition to this section of functionality, see the attached Excel spreadsheet and respond to available
functionality questions in the tabs.

Response Code: Proposer should place the appropriate letter designation in the “Availability” column
according to the following codes and their description:

        A. Specification is one that currently exists in the proposed software, in the current production
           version and included in SMMC’s price. All costs must be reported on the cost response form.

        B. Specification is not in the proposed software but is a planned enhancement or will be added
           at no additional cost.

        C. Specification is not part of the proposed software but will be added at additional cost included
           in SMMC’s price. All such additional costs must be reported on an attachment to the cost
           response form.

        D. Specification is not available in the proposed software.

References: Please provide any additional information requested or any additional information useful to
the proposal in the comments column. If referencing attachments or other included information, write the
location (Section/Page Number) of the discussion of the specification in the Proposer’s proposal.
Technical materials may be submitted as part of the proposal, and should be clearly labeled as such. If
your availability response is “B” or “C”, please provide the estimated delivery date in the appropriate
column below.
                                                        Availability




                                                                         Est.
 Item                    Description                                                  Comments
                                                                       Delivery
   #
                                                                        Date


 General
       Obtain a high level of integration between
 1.    component modules to minimize
       redundant data
       Facilitate user access to patient and
 2.    supportive information, and maximize
       patient safety



Request for Proposal: Enterprise Clinical Information System Nov. 2010                      16
Appendix B
Page 2 of 6

         Input data that is easy, fast and intuitive,
  3.     and places an emphasis on user
         friendliness
         Complies with all relevant HIPAA
  4.
         regulations

         Supports local, regional, and national
  5.
         vocabularies, updates and enhancements

         Includes an integrated standard
  6.
         nomenclature of clinical terms

         Can utilize ICD-9, ICD-10 and CPT4
  7.
         coding

  8.     Ability to collect demographic information


  9.     Ability to collect referring facility


  10.    Ability to collect referring provider

         Ability to collect additional information
  11.
         related to the requested transfer
         Ability to provide electronic
  12.    communication channels between
         referring physician and SMMC
         Ability to share information real-time with
  13.    transport, emergency department and
         admitting office
         Ability to provide work flow questions for
         each specialty or department being
  14.    requested (i.e. a list of questions for a
         neurology transfer and a separate list for
         a surgery transfer)
         Automated reminders of open calls
  15.
         needing attention

  16.    Customizable drop down menus

 Patient history

         Capture, store, display and report on
  17.
         patient history




Request for Proposal: Enterprise Clinical Information System Nov. 2010   17
Appendix B
Page 3 of 6

         Capture, store, and report on history
         collected from outside sources
  18.


 Report Generation
        Formatting reports is flexible to allow for
 19.    different formats as needed (e.g. graphs,
        summaries, details, etc.)
         Generate reports regarding single or
  20.
         multiple patients

         Report on statistics on number of transfer
  21.
         requests by department and acceptance
         Ability to meet all reporting requirements
         ensuring compliance with regulatory
  22.
         mandates such as Title 9, Title 22, CMS,
         EMTALA

  23.    Generate hardcopy or electronic output

 Interoperability
        Ability to receive and transmit (interface)
  24.   to other information systems using
        standards such as HL7
        Ability to utilize different devices to enter
        and retrieve data, such as, but not limited
  25.
        to:
                  Laptops including wireless
                  Handheld notebook computers
                     and tablets running Microsoft
  26.                Windows, Pocket PC,
                     Windows Mobile, Linux Mobile
                     operating systems
  27.             iPods/iPads/iPhone
                  Other SmartPhones that
                    include email and/or data
  28.
                    storage such as BlackBerry,
                    Android-based, etc
         Receive and store various clinical data
         from multiple sources, such as:
  29.
             Ambulatory EMR (eCW)

             Siemens Invision




Request for Proposal: Enterprise Clinical Information System Nov. 2010   18
Appendix B
Page 4 of 6


         Receive and store patient demographics
  30.
         (ADT)

         Ability to save and retrieve scanned
  31.
         documents
 Data Quality
       System provides the ability to ensure
       clean data by providing the following:
 32.
         Resolution of data type conflicts

             Resolution of naming and key
  33.         conflicts

             Removal, correction or flagging of
  34.         bad data


  35.        Maintenance logs

         Ability for the system to clean, purge and
  36.
         archive data
 Security
         Authorize administrators to assign
  37.
         restrictions or privileges to users/groups

         Support user name and passwords for
  38.
         individual users.

  39.    Support use of strong passwords

         Enforce a limit of consecutive invalid
  40.
         attempts by a user.
         Identify all users who have accessed data
  41.    over a given time period, including data
         and time of access (audit trails)
         Ability to identify specific information as
  42.
         confidential.
         Ability to provide confidential access
  43.    accessible by users with specific
         confidential privileges/rights.
         Retain data until purged, deleted,
  44.
         archived or deliberately removed

         Provide a method for archiving and
  45.
         retrieving health record information

Request for Proposal: Enterprise Clinical Information System Nov. 2010   19
     Appendix B
     Page 5 of 6


              Provide assurance that security policies
       46.
              are being followed or enforced.
              Define and identify security relevant
              events and the data to be collected and
       47.
              communicated as determined by policy
              and/or regulation
              Ability to allow authorized entities read-
              only access to data according to agreed
              upon uses and only as part of an
       48.
              identified audit, subject to appropriate
              authentication, authorization and access
              control functionality
              Ability to access the system securely via
       49.
              the web (intranet / internet)

       50.    Ability to audit system



     B. INTEGRATION REQUIREMENTS




PROPOSER NAME: ____________________________________________



ID           QUESTION                                                         ANSWER / EXPLANATION
             List the type of interfaces offered and classify them based
             on the choices below:

             a. Push model (vendor receives unsolicited messages,
                e.g. ADT)
      1.
             b. Pull model (vendor sends unsolicited messages, e.g.
                Charges)

             c. Query/Response model (query is sent from vendor and
                response is sent back)




     Request for Proposal: Enterprise Clinical Information System Nov. 2010             20
 Appendix B
 Page 6 of 6


PROPOSER NAME: ____________________________________________




        Is the HL7 (Version 2.x) standard supported? If so, which
  2.
        version?




        If the HL7 (Version 2.x) standard is supported what events
  3.
        are accepted?




        See Exhibit 1 and identify what interfaces are standard
  4.
        support.




  5.    What Interface Engine is used and/or supported?




        What is the format or standard type of data transmitted on each connection type?

               Interface                                                           # of
                           Format                      Connectivity       Freq
               Provided                                                            connections
                           (HL7,          Version /    Type               (Real
               (ADT,
                           Fixed,         Variant      (TCP/IP,           Time,
               Charge,
                           ASCII, etc.)                SNA, etc.)         Batch)
               etc.)

  6.




        Comments:



 Request for Proposal: Enterprise Clinical Information System Nov. 2010                  21
                                    APPENDIX C1
        IMPLEMENTATION, PROJECT MANAGEMENT, TRAINING, AND ONGOING SUPPORT
                           FOR A CLIENT SERVER SOLUTION

If proposing a client server solution, please submit Appendix C1 in your proposal.

1. Project Implementation Plan and Project Management Team

   a. Include the implementation plan the Proposer intends to employ for the project and an
      explanation of how it will support the project requirements and logically lead to the required
      deliverables. The description shall include the organization of the project team, including
      accountability and lines of authority.

   b. Describe services to be provided to ensure success of the project e.g. publicize the system to
      employees, organizing support infrastructure and processes, consulting on content set up and
      management etc.

   c. Describe how the relationship between SMMC and Proposer will be managed from an account
      and technical support perspective.

   d. Describe what is required of SMMC to ensure the successful implementation of the system.

   e. Include the steps that will be undertaken to identify and resolve any issues or problems before,
      during and after the implementation.

   f.   Include a list of proposed project staff and key personnel.

   g. Provide resumes, experience narratives and at least one reference for key personnel who will be
      assigned to the project, if awarded the contract.

   h. Explain the relationship of the project management team with the Proposer, including job title and
      years of employment with the Proposer; role to be played in connection with the proposal;
      relevant certifications and experience.

2. Statement of Work (SOW) - Training Plan

   a. Include a description for training of both real time and batch responses for three different
      audiences:

        i.     Power users/administrators, general users, content creators and instructors.
        ii.    Technical administrators of the proposed system.
        iii.   Technical operations staff and support staff for the proposed system.

   b. Describe the type and quantity of training that will be provided for each audience. The description
      must include:

         i.    The methods by which training will be provided e.g. online, on-site, webcast, self paced
               online courses etc;
         ii.   A recommended training curriculum;
        iii.   Explain how the Proposer will work with SMMC to determine training needs and tailor the
               curriculum;


Request for Proposal: Enterprise Clinical Information System Nov. 2010                   22
        iv.   Explain the type of training that will be provided at what stage/phase of the project as well as
              follow-up training after implementation;
        v.    Explain the ability to provide training at a County location.

   c. Describe the training facility requirements for physical layout, communication needs (internet
      connectivity, etc), projectors, # of computers, etc. that are needed to fulfill the proposed training
      plan. Identify which elements of the training facility will be supplied by the Proposer.

3. SOW - Project Work Plan

   Include a detailed work plan for the implementation and operation of the proposed system.

   a. Task Level -The plan shall include all activities necessary for a successful project down to the
      task level. No task can exceed more than eighty hours in the work plan.

   b. Identify All Resources - The plan shall clearly identify all Proposer (including subcontractors)
      and using agency resources required to successfully complete the project. Provide job
      descriptions and the number of personnel to be assigned to tasks supporting implementation of
      the project. Identify County resources needed for each task.

   c. Deliverables – describe the deliverables of each task.

   d. Time lines – describe the timeline of each task.

   e. Acceptance criteria – describe the criteria used to determine completion of each task.

   f.   Plan Progress Charts - The plan shall include appropriate progress/Gantt charts that reflect the
        proposed schedule and all major milestones. A sample project plan shall be submitted using
        Microsoft Project.

4. System Documentation

   a. Describe the documentation provided to facilitate system implementation.

   b. Describe the System Administrator documentation provided.

   c. Attach a listing summarizing available stock (“canned”) reports provided by the solution and a
      sample of each.

   d. Describe how system documentation is provided (online, hard copy etc) for the initial
      implementation as well as future updates and releases.

5. Acceptance Test Plan

   Include an acceptance test plan. The plan shall individually address each system component that
   comprises of the proposed system, approach for load testing, and number of people to be involved in
   testing. The plan should document the acceptance testing approach, resources and/or tools that may
   be used to validate the functions and features of the proposed system. Include an example test plan
   that is representative of the structure, content, and level of detail planned for this project.




Request for Proposal: Enterprise Clinical Information System Nov. 2010                    23
6. Risk Management

   Submit a risk assessment using the methodology published by the Project Management Institute or
   other comparable methodology. Include risk mitigation strategies as well as the resources the using
   agency may utilize to reduce risk.

7. On-Going Service and Support

   a. Describe the post implementation follow-up activities that will be provided by the Proposer,
      specifically addressing the following tasks:

              i. Post-live system debugging to bring application into full conformance with documentation,
                 proposal and modification specifications
             ii. Six-month and 12-month post live operational (non-technical) audits to review SMMC
                 utilization of the software and to provide recommendations for optimizing benefits.
            iii. Describe how application and support documentation is updated and distributed.

   b. Provide the normal hours and describe the channels (phone, email, web, etc.) for support.
      Describe how after hours support is provided. Describe the support and escalation process,
      including response times.

   c. Indicate the current version of the package. Indicate when the next major version of the package
      will be available. For major software upgrades, describe how often upgrades are released, how
      upgrades are defined, developed, tested and released, how customers are notified and educated
      about the upgrade. Describe the decision process on how new features and functions get
      included in the product.

   d. Explain if the cost of upgrades is included in the annual hosting fee.

   e. Explain if software upgrades, or other maintenance window, will impose a service disruption on
      the system. If yes, discuss frequency and duration of the service disruptions.

   f.   Explain if there is a user group. If yes, explain how often they meet and where the meetings are
        held. Include if the user group is a separate independent organization or funded and organized
        by the Proposer.

8. Value Added Services (Optional)

   Proposers are encouraged but not required to propose any optional value added services they
   believe would help the using agency to effectively implement, operate or use the proposed system.
   Information provided in this section must not exceed two (2) pages in length.




Request for Proposal: Enterprise Clinical Information System Nov. 2010                  24
                                   APPENDIX C2
        IMPLEMENTATION, PROJECT MANAGEMENT, TRAINING, AND ONGOING SUPPORT
                               FOR A SAAS SOLUTION

If proposing a SaaS solution, please submit Appendix C2 and Exhibit G in your proposal.

1. Project Implementation Plan and Project Management Team

   a. Include the implementation plan the Proposer intends to employ for the project and an
      explanation of how it will support the project requirements and logically lead to the required
      deliverables. The description shall include the organization of the project team, including
      accountability and lines of authority.

   b. Describe services to be provided to ensure success of the project e.g. publicize the system to
      employees, organizing support infrastructure and processes, consulting on content set up and
      management etc.

   c. Describe how the relationship between SMMC and Proposer will be managed from an account
      and technical support perspective.

   d. Describe what is required of SMMC to ensure the successful implementation of the system.

   e. Include the steps that will be undertaken to identify and resolve any issues or problems before,
      during and after the implementation.

   f.   Include a list of proposed project staff and key personnel.

   g. Provide resumes, experience narratives and at least one reference for key personnel who will be
      assigned to the project, if awarded the contract.

   h. Explain the relationship of the project management team with the Proposer, including job title and
      years of employment with the Proposer; role to be played in connection with the proposal;
      relevant certifications and experience.

2. Statement of Work (SOW) - Training Plan

   a. Include a description for training of both real time and batch responses for three different
      audiences:

        i. Power users/administrators, general users, content creators and instructors.
        ii. Technical administrators of the proposed system.
        iii. Technical operations staff and support staff for the proposed system.

   b. Describe the type and quantity of training that will be provided for each audience. The description
      must include:

          i. The methods by which training will be provided e.g. online, on-site, webcast, self paced online
             courses etc;
         ii. A recommended training curriculum;
        iii. Explain how the Proposer will work with SMMC to determine training needs and tailor the
             curriculum;
        iv. Explain the type of training that will be provided at what stage/phase of the project as well as
             follow-up training after implementation;

Request for Proposal: Enterprise Clinical Information System Nov. 2010                   25
        v. Explain the ability to provide training at a County location.

   c. Describe the training facility requirements for physical layout, communication needs (internet
      connectivity, etc), projectors, # of computers, etc that are needed to fulfill the proposed training
      plan. Identify which elements of the training facility will be supplied by the Proposer.

3. SOW - Project Work Plan

   Include a detailed work plan for the implementation and operation of the proposed system.

   a. Task Level -The plan shall include all activities necessary for a successful project down to the
      task level. No task can exceed more than eighty hours in the work plan.

   b. Identify All Resources - The plan shall clearly identify all Proposer (including subcontractors)
      and using agency resources required to successfully complete the project. Provide job
      descriptions and the number of personnel to be assigned to tasks supporting implementation of
      the project. Identify County resources needed for each task.

   c. Deliverables – describe the deliverables of each task.

   d. Time lines – describe the timeline of each task.

   e. Acceptance criteria – describe the criteria used to determine completion of each task.

   f.   Plan Progress Charts - The plan shall include appropriate progress/Gantt charts that reflect the
        proposed schedule and all major milestones. A sample project plan shall be submitted using
        Microsoft Project.

4. System Documentation

   a. Describe the documentation provided to facilitate system implementation.

   b. Describe the System Administrator documentation provided.

   c. Attach a listing summarizing available stock (“canned”) reports provided by the solution and a
      sample of each.

   d. Describe how system documentation is provided (online, hard copy etc) for the initial
      implementation as well as future updates and releases.

5. Acceptance Test Plan

   Include an acceptance test plan. The plan shall individually address each system component that
   comprises of the proposed system, approach for load testing, and number of people to be involved in
   testing. The plan should document the acceptance testing approach, resources and/or tools that may
   be used to validate the functions and features of the proposed system. Include an example test plan
   that is representative of the structure, content, and level of detail planned for this project.


6. Risk Management

   Submit a risk assessment using the methodology published by the Project Management Institute or
   other comparable methodology. Include risk mitigation strategies as well as the resources the using
   agency may utilize to reduce risk.
Request for Proposal: Enterprise Clinical Information System Nov. 2010                   26
7. On-Going Service and Support

   a. Describe the post implementation follow-up activities that will be provided by the Proposer,
      specifically addressing the following tasks:

          i. Post-live system debugging to bring application into full conformance with documentation,
             proposal and modification specifications
         ii. Six-month and 12-month post live operational (non-technical) audits to review SMMC
             utilization of the software and to provide recommendations for optimizing benefits.
        iii. Describe how application and support documentation is updated and distributed.

   b. Provide the normal hours and describe the channels (phone, email, web, etc.) for support.
      Describe how after hours support is provided. Describe the support and escalation process,
      including response times.

   c. Indicate the current version of the package. Indicate when the next major version of the package
      will be available. For major software upgrades, describe how often upgrades are released, how
      upgrades are defined, developed, tested and released, how customers are notified and educated
      about the upgrade. Describe the decision process on how new features and functions get
      included in the product.

   d. Explain if the cost of upgrades is included in the annual hosting fee.

   e. Explain if software upgrades, or other maintenance window, will impose a service disruption on
      the system. If yes, discuss frequency and duration of the service disruptions.

   f.   Explain if there is a user group. If yes, explain how often they meet and where the meetings are
        held. Include if the user group is a separate independent organization or funded and organized
        by the Proposer.

8. Value Added Services (Optional)

   Proposers are encouraged but not required to propose any optional value added services they
   believe would help the using agency to effectively implement, operate or use the proposed system.
   Information provided in this section must not exceed two (2) pages in length.




Request for Proposal: Enterprise Clinical Information System Nov. 2010                 27
                                                            APPENDIX D
                                                SaaS SECURITY ASSESSMENT CHECKLIST

Application Name: ______________________________________________Vendor Name: ___________________________________

                                                     ASP/SAAS SECURITY ASSESSMENT CHECKLIST

Briefly describe the purpose of the application. Include an overview of the application architecture, and identify the data that will be 1)
stored on the application server at the Vendor site, and 2) that will be transmitted between the application and the County. Also include
information on the user authentication process.
  County
  Policy        Description of County Requirement         Details on How Vendor           Other Security
   Ref. #                                                  Meets Requirement          Measures That Mitigate            Comments
                                                                                            This Risk
  16.3.4     The Vendor has a written Disaster
             Recovery Plan that offers a viable
             approach to restoring operations following
             an emergency situation.
 16.3.4a     The Vendor site has adequate, redundant
             physical and/or logical network
             connectivity to ensure continued
             operations following a network failure.
 16.3.4b     The Vendor performs system/application
             database backups on a schedule that is
             consistent with the importance of the
             application.
 16.3.4b     Backup media are treated with a level of
             security commensurate with the
             classification level of the data they contain.
 16.3.4c     Vendor servers are closely monitored for
             both performance and availability.
 16.3.4d     The Vendor is willing to sign a Service
             level Agreement (SLA) that is consistent
             with the importance of the application to
             SMMC.
  16.3.5     The Vendor has a formal, written Security
             Policy, and is willing to provide a copy of
             this policy to SMMC on request.

Request for Proposal: Enterprise Clinical Information System Nov. 2010                              28
 County        Description of County Requirement             Details on How Vendor      Other Security
 Policy                                                       Meets Requirement      Measures That Mitigate   Comments
  Ref. #                                                                                   This Risk
 16.3.5a     If users access the application directly on
             the Vendor server, user authentication
             involves more than a simple User
             ID/password combination, such as one-
             time password technology.
 16.3.5b     Once granted access, Users are limited to
             authorized activities only; i.e., customers
             are prevented from accessing either
             applications or data that belong to other
             customers.
 16.3.5c     Vendor network connectivity is protected
             by firewalls, intrusion detection/ prevention
             systems, etc. designed to protect against
             attack.
 16.3.5d     The equipment hosting the Department’s
             application is located in a physically
             secure facility that employs access control
             measures, such as badges, card key
             access, or keypad entry systems.
 16.3.5d     Vendor servers are kept in locked
             areas/cages that limit access to authorized
             personnel.

 16.3.5e     Vendor staff is bonded, and/or have been
             subjected to background checks.
 16.3.5f     Vendor servers are hardened against
             attack and operating system and security-
             related software patches are applied
             regularly.
 16.3.5f     Commercially available anti-virus software
             is used on the servers, and is maintained
             in a current state with all updates.



Request for Proposal: Enterprise Clinical Information System Nov. 2010                   29
 16.3.5g     Vendor servers are monitored on a
             continuous basis, and logs are kept of all
             activity.
 16.3.5g,    The Vendor is willing to report security
 16.3.5h,    breaches and/or security issues to SMMC.
  16.3.5i
 16.3.5h     The Vendor conducts regular vulnerability
             assessments, using viable third-party
             organizations, designed to assess both the
             Vendor’s network infrastructure and the
             individual servers that host applications.
 16.3.5h     The Vendor implements “fixes” to correct
             vulnerabilities discovered during security
             audits.
 16.3.5i     The Vendor has a formal, written Incident
             Response Plan.
   N/A       (Desirable) The network infrastructure
             hosting the Department application is “air-
             gapped” from any other network or
             customer that the Vendor may have. This
             means that in an ideal situation, the
             application environment used by SMMC
             uses a separate, dedicated server and a
             separate network infrastructure.
   N/A       Identify the APIs that may be part of the
             solution, and indicate industry standards or
             best practices employed to ensure security
             of the data and the integration (e.g., web
             services, directory services, XML,
             scripting, etc.)
   N/A       What application security standards, if any,
             are followed? (e.g., OASIS, WC3, etc.).




Request for Proposal: Enterprise Clinical Information System Nov. 2010   30
 County
 Policy        Description of County Requirement                Details on How Vendor      Other Security
 Ref. #                                                          Meets Requirement      Measures That Mitigate   Comments
                                                                                                Risk
   N/A       If the application processes credit card
             information, has the application been
             certified as PCI compliant? Include
             information on the level of compliance
             (e.g., Merchant Level 2) and how the
             application has been certified.
  Policy     Data    “in   motion,”    including  user
  13.0,      authentication information and credentials,
Encryption   are encrypted.

  Policy     Data “at rest” (stored on the application
  13.0,      server), including user authentication
Encryption   information and credentials, are encrypted.
  Policy     Encryption or hashing algorithms utilized
  13.0,      by the Vendor application infrastructure
Encryption   use standard algorithms that have been
             published, evaluated and accepted by the
             general cryptographic community for the
             kind of data it protects.

   N/A       The Vendor is willing to permit on-site
             visits by County staff in order to evaluate
             security measures in place.

   N/A       If the Vendor will be connecting to SMMC
             via a private connection (such as a
             dedicated T1 circuit), the Vendor agrees
             that the circuit will terminate on the
             county’s extranet, and operation of the
             circuit will fall within the policies related to
             network connections from non-County
             entities.



Request for Proposal: Enterprise Clinical Information System Nov. 2010                      31
 County
 Policy       Description of County Requirement              Details on How           Other Security Measures
 Ref. #                                                      Vendor Meets                That Mitigate Risk         Comments
                                                              Requirement
   N/A       If access to the application uses the
             Internet, data traffic between the County
             and the Vendor is protected through the
             implementation        of   SSL-VPN     or
             equivalent technology.



Contractor Signature: ___________________________                        County CIO’s Office Approval: ______________________

Print Name: ____________________________________                         Title:   ___________________________________________

Firm Name: ____________________________________                          Date: _____________________

Date: __________________________________________




Request for Proposal: Enterprise Clinical Information System Nov. 2010                      32
EXHIBIT 1


 CURRENT SMMC INTERFACES
           INTERFACE NAME                 DATA PATH                       DATA TYPE

                                     7R7M->OPL->INVISION
 7R7M_FMS                            PA                                   CHARGES
 ACHIEVE ADT                         INV->OPL->ACHIEVE                       ADT
 DSG PAYMENTS                        DSG->OPL->INVISION PA                CHARGES
 DSS EXTRACTS                        DSS->OPL->SMMC                       PT/PA INFO
 DSS_SMMC                            DSS->OPL->SMMC                        PA INFO
 ECW_ADT_ERRORS                      ECW->OPL->FILE                      ADT ERRORS
 ECW_INV                             ECW->OPL->INV                           ADT
 ECW_INV_ORM                         ECW->OPL->INV                         ORDERS
 ECW_LCR                             ECW->OPL->LCR              RESULTS/PROGRESS NOTES
 ER LOG                              INV->OPL->FILE                       ED PT ADT
 FIRSTWATCH ADT                      INV->OPL->FILE                 FIRSTWATCH PT ADT
 GRV3_CDEMS                          INV->OPL->CDEMS DB                      ADT
 GRV3_HCLLBB                         INV->OPL->BLOODBANK                     ADT
 GRV3_OLB26                          INV->OPL->LAB                        ADT/ORDER
 GRV3_PHM                            INV->OPL->PHARM                      ADT/ORDER
 HCLLBB_ERROR                        IVN->OPL->FILE                      ADT ERRORS
 HCLLBB_INV                          BLOODBANK->OPL->INV                     DFT
 HCLLBB_OLB26                        BLOODBANK->OPL->LAB                   RESULTS
 INV_ECW                             INV->OPL->ECW                           ADT
 INV_PES                             INV->OPL->FILE                       PES PT ADT
 OLB26 PULSECHECK                    ECW->OPL->LCR              RESULTS/PROGRESS NOTES
 OLB26_CDEMS                         LAB->OPL->CDEMS DB                    RESULTS
 OLB26_ECW_1                         LAB->OPL->ECW1                        RESULTS
 OLB26_ECW_2                         ECW1->OPL->ECW                        RESULTS
 OLB26_HCLLBB                        LAB->OPL->BLOODBAK                    ORDERS
 OLB26_INV                           LAB->OPL->INV                   DFT, ORDERS, OSU
 OLB26_LCR                           LAB->OPL->LCR                         RESULTS
 OLB26_PHM                           LAB->OPL->PHARM                       RESULTS
                                     ERROR->OPL->ERROR
                                                                         ERROR, ALERT
 OPL_ERROR                           FILE
 ORCH_ECW                            ORCHARD->OPL->ECW                     RESULTS
 ORCHARD_LCR                         ORCHARD->OPL->LCR                     RESULTS
 ORF                                 INV->OPL->ORF                           ADT
 PAYMENT POSTING                     FTP->OPL->INV PA                     CHARGES
 PES LOG                             INV->OPL->FILE                        PES ADT
 PHM_INV                             PHARM->OPL->INV                       RAS INF
 POWERPATH CHARGES                   POWERPATH->OPL->INV                  CHARGES
 POWERPATH GRV3                      POWERPATH->OPL->INV                     ADT
                                     POWERPATH->OPL-
 POWERPATH RESULTS                   >LCR                                  RESULTS
                                     POWERPATH->OPL-
                                                                           ERRORS
 POWERPATH_ERROR                     >FILE
 POWERSC_RAD26                       POWERSC->OPL->RAD                     RESULTS
 PSYCH NOTIFY                        INV->OPL->FILE                       PSYCH ADT
                                     INV->OPL-
 PULSECHECK ADT                      >PULSECHECK                             ADT
                                     PULSECHECK->OPL-
                                     >INV
 PULSECHECK BILLING                                                       CHARGES

Request for Proposal: Enterprise Clinical Information System Nov. 2010                   33
                                     PULSECHECK->OPL-
 PULSECHECK INV ORD                  >INV                                  ORDERS
                                     PULSECHECK->OPL-
 PULSECHECK INV UPD                  >INV                                   ADT
                                     INV->OPL-
 PULSECHECK ORDERS                   >PULSECHECK                           ORDERS
                                     PULSECHECK->OPL-
 PULSECHECK RESULTS                  >LCR                                 RESULTS
                                     PULSECHECK->OPL-
 PULSECHECK_BCF_I1                   >INV PA                             IP CHARGES
                                     PULSECHECK->OPL-
 PULSECHECK_BCF_I2                   >INV PA                             IP CHARGES
                                     PULSECHECK->OPL-
 PULSECHECK_BCF_O1                   >INV PA                             OP CHARGES
                                     PULSECHECK->OPL-
 PULSECHECK_BCF_O2                   >INV PA                             OP CHARGES
 PWP_INV_ICD9                        POWERPATH->OPL->INV                    ICD9
 QUADRAMED ADT                       INV->OPL->QUADRAMED                    ADT
 RAD_ECW                             RAD->OPL->ECW                        RESULTS
                                     RAD->OPL-
 RAD26 PULSECHECK                    >PULSECHECK                          RESULTS
 RAD26_POWERSC                       RAD->OPL->POWERSC                     ORDERS
 RADIOLOGY ADT                       INV->OPL->RAD                   ORDERS, ADT, OSU
 RADIOLOGY BILLING                   RAD->OPL->INV PA                     CHARGES
 RADIOLOGY_CDEMS                     RAD->OPL->CDEMS DB                   RESULTS
 RADIOLOGY_INV                       RAD->OPL->INV                       ORDERS, OSU
 RADIOLOGY_LCR                       RAD->OPL->LCR                        RESULTS
 RX_AOBF                             PHARM->OPL->INV PA                   CHARGES
 SMMC_DSS                            SMMC->OPL->DSS                      PT/PA INFO
 SOFTMED ADT                         INV->OPL->SOFTMED                      ADT
 SOFTMED UPD                         SOFTMED->OPL->INV                      ADT
                                     TRACKSTAR->OPL->INV
 TRACKSTAR BILLING                   PA                                   CHARGES
 WEBMEDX_ADT                         INV->OPL->WEBMEDX                      ADT
 WEBMEDX_RESULTS                     WEBMEDX->OPL->LCR                    RESULTS
 WELL_COPAY                          WELL->OPL->INV PA                    CHARGES
 ZIP_EAD                             ZIP->OPL->INV                          ADT




Request for Proposal: Enterprise Clinical Information System Nov. 2010                  34

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:17
posted:12/17/2011
language:Latin
pages:82