template

Reviews
Shared by: gigi12
Categories
Tags
Stats
views:
60
rating:
not rated
reviews:
0
posted:
11/16/2008
language:
pages:
0
REQUEST FOR OFFER Office of HIPAA Compliance HIPAA Disaster Recovery & Emergency Mode Operations Expert RFO No.: OHC 07-023 Prepared by: California Department of Health Care Services Office of HIPAA Compliance MS 4721 P.O. Box 997413 Sacramento, CA 95899-7413 Issue Date: November 16, 2007 Page 1 of 11 REQUEST FOR OFFER Office of HIPAA Compliance 1. BACKGROUND AND OVERVIEW The Security Rule of the Health Insurance Portability and Accountability Act (HIPAA) specifies the availability of medical information. Direct language in the rule speaks to the availability of information in disaster mode. The Department of Health Care Services, Office of HIPAA Compliance (DHCSOHC) is responsible for guiding all HIPAA-related compliance work throughout the Department. DHCS-OHC provides oversight, coordination, resource procurement, project management support, and monitor and control, among other tasks, for HIPAA activities within DHCS through a centralized project management approach. Under an Inter-Agency Agreement, OHC also supports HIPAA activities in the California Department of Public Health (CDPH). To perform this work, DHCS-OHC utilizes state and contract staff. DHCS-OHC will utilize the California Multiple Award Schedule (CMAS) to engage one (1) person to provide HIPAA Disaster Recovery & Emergency Mode Operations Expert services. 2. SOLICITATION AND RESPONSES A single CMAS vendor will be selected to provide all required services under this solicitation; multiple awards will not be entertained. Work will be performed and reimbursed on a time and materials basis. The hours projected by the vendor will be at a maximum of 1880 hours. Vendor cost shall not exceed maximum cost to complete the project. Any excess time spent completing tasks shall be at no cost to the State. Rates submitted are for evaluation purposes only and may be different in the final agreement. The vendor response must disclose any other vendors which will have a financial interest in providing the required services, and the nature of their involvement. The CMAS vendor selected will be for the best value based on cost and vendor/staff qualifications determined from vendor proposals, interviews (as needed), and reference checks. Submit responses to this Statement of Work (SOW) in Microsoft Word format to the Mailing or Physical Address on the next page: 1. One (1) copy via e-mail to: erghe.poston@dhcs.ca.gov including: 2. One (1) copy of the DGS CMAS Contract including the Labor Category and Hourly Rates. 3. Four (4) hardcopies delivered by December 7, 2007 at 12 P.M. (noon). 4. Mark all proposal packages: CONFIDENTIAL. DO NOT OPEN UNTIL AFTER 12 P.M., December 7, 2007, OHC-07-023. 5. Late proposals will not be accepted. 6. Delivery and receipt of timely proposals are the responsibility of the vendor. Page 2 of 11 REQUEST FOR OFFER Office of HIPAA Compliance Mailing Address: Attn: Erghe Poston Department of Health Care Services Office of HIPAA Compliance MS Code 4722 P.O. Box 997413 Sacramento, CA 95899-7413 Phone: (916) 552-9062 Physical Address: Attention: Erghe Poston Department of Health Care Services Office of HIPAA Compliance 1501 Capitol Ave., MS Code 4722 Sacramento, CA 95814-5006 Phone: (916) 552-9062 erghe.poston@dhcs.ca.gov 3. KEY DATES FOR THIS RFO Below is the tentative time schedule for this RFO. It is recognized that time is of the essence. All prospective respondents are advised of the following schedule and will be expected to adhere to the required dates and times. Event RFO Released Questions due Response to questions due Proposals due to DHCS Oral interviews (if requested) Estimated Award Notification Date Proposed contract start date 4. STATEMENT OF WORK The scope of work in this contract is to fulfill the deliverables stated in Section 5.1 of this RFO. The selected contractor is also expected to be a subject matter expert in the area of Disaster Recovery (DR) and provide that expertise to State staff as needed. Work in the area of HIPAA DR has taken place within the DHCS. It is expected that those efforts be continued under this contract. Objective: DHCS-OHC seeks one (1) HIPAA DR and Emergency Mode Operations (EMO) Expert to work with the DHCS Information Security Office (DHCS-ISO) and CDPH-ISO to develop, execute, and monitor HIPAA Business Continuity Programs for each department. Date / Time (If applicable) November 16, 2007 November 28, 2007 November 30, 2007 December 7, 2007 by 12 P.M. (noon) To be announced via e-mail, fax, telephone, or in writing January 5, 2008 February 18, 2008 Page 3 of 11 REQUEST FOR OFFER Office of HIPAA Compliance 5. DELIVERABLES AND REQUIRED ACTIVITIES 5.1 Deliverables 1. Plan and coordinate development of formal Business Continuity and Contingency Programs, consisting of ongoing emergency operations documentation for business units to meet HIPAA requirements for EMO 2. Review existing disaster recovery documentation, policies, written procedures and designs, and provide recommendations based on HIPAA requirements and industry best practices for disaster recovery 3. With the assistance of subject matter experts, create complete disaster recovery documentation packages which meet state and departmental requirements, are complete and of the highest quality, and have all necessary internal approvals 4. For all DHCS and CDPH critical systems, provide expert knowledge and assistance in developing disaster recovery test plans, including checklists, structured walk throughs, simulations and functional exercises 5. Develop a formalized training curriculum for DR coordinators 6. Review and document enterprise DR needs as it pertains to the backup and restoration process, including off-site media storage and alternate or redundant sites as needed 7. Review and document the organizations’ current physical security mechanisms and make recommendations if necessary to preserve vital hardware components (e.g., file and print servers) 8. Make recommendations that would ensure DHCS and CDPH implement adequate system administration, including up-to-date inventories of hardware, software, and media storage 9. Represent the DHCS-ISO and/or CDPH-ISO as required on disaster recoveryrelated issues 10. Provide regular status to OHC, the DHCS-ISO, and CDPH-ISO 11. Provide adequate knowledge transfer to state staff 12. Formalize a process of including business continuity and contingency planning into all ‘new’ system development at each stage of the system development lifecycle 6. VENDOR REQUIREMENTS 6.1 Required Skills/Experience To ensure the success of the contractor, DHCS requires that the skill set of the proposed consultant include the following expertise: 1. In-depth knowledge and experience of Backup, Contingency, DR and EMO requirements 2. Two (2) years experience in Business Continuity & Contingency Planning 3. Operational experience in a midrange computing environment Page 4 of 11 REQUEST FOR OFFER Office of HIPAA Compliance 4. Experience in a role involving direct customer contact (internal and external customers) 5. Experience in writing high quality documentation. 6. Excellent oral communication skills 7. Must be self-motivated, team player, and able to immediately contribute to a fast paced, deadline intensive environment 6.2 Desirable Skills/Experience The following skills are desirable of the proposed consultant: 1. In-depth knowledge of California State Operational Recovery requirements 2. Experience in multiplatform environments, including Windows 2000, XP, Unix, Server mainframe (MVS), and DB2 3. Experience with California State Administrative Manual requirements 4. Experience with Public Healthcare programs 5. College education 6. Certified Business Continuity Planner (CBCP) 6.3 Vendor Staff Resume To the extent possible, resumes should be brief (i.e., no longer than four pages) and should include the name of each previous employer and the beginning and end dates (include month and year) for employment and specific job/role(s). Resumes should not include personal information such as a social security number, home address, home telephone number, marital status, sex, birth date, age, etc. Resumes submitted without previous employer names and beginning and end dates (month and year) for employment will not be evaluated. Do not submit multiple resumes. Proposals with multiple resumes will not be reviewed. 7. RESPONSES TO THE REQUEST FOR OFFER (RFO) Responses should include (at a minimum) the following information: 1. 2. 3. 4. 5. Resume for one (1) proposed staff person; Reference for proposed staff (provide at least two (2) references); Total cost of the proposal (Template is provided in Appendix A); Copy of contractor’s CMAS contract; Copy of contractor’s Small Business Certification (if applicable) 8. ACCEPTANCE CRITERIA It shall be the State’s sole determination as to whether a work product document has been successfully completed and is acceptable to the State. Page 5 of 11 REQUEST FOR OFFER Office of HIPAA Compliance In the course of project activities, the contractor will be producing documentation of technical research, technical alternatives and approaches, technical compliance solution evaluations and options, technical recommendations, and other work products that support and record the contractor’s work. 9. ADDITIONAL INFORMATION AND CRITERIA Personnel commitments made in the contractor’s offer shall not be changed without prior written approval of the DHCS-OHC IT Section Chief. Staffing shall include those named individuals at the levels of effort proposed. DHCS-OHC must approve in advance and in writing any permanent or temporary changes to the contractor’s key personnel. 10. PERFORMANCE EVALUATION The contractor’s performance under the agreement shall be evaluated at the conclusion of the term. The evaluation shall include, but not be limited to: 1. Whether the contracted work or services were completed as specified in the agreement and reasons for and amount of any cost overruns. 2. Whether the contracted work or services met the quality standards specified in the agreement. 3. Whether the contractor fulfilled all requirements of the agreement. 4. Factors outside the control of the contractor, which caused difficulties in contractor performance. 11. PROGRESS REPORTS OR MEETINGS The contractor shall submit progress reports or attend meetings with State personnel at intervals determined by DHCS to determine if the contractor is on the right track, whether the project is on schedule, provide communication of interim findings, and afford occasions for airing difficulties or special problems encountered so that remedies can be developed quickly. At the conclusion of the agreement and if applicable, the contractor shall hold a final meeting at which the contractor shall present any findings, conclusions, and recommendations. If required by the agreement, the contractor shall submit a comprehensive written final report. Page 6 of 11 REQUEST FOR OFFER Office of HIPAA Compliance 12. OTHER REPORTING REQUIREMENTS On a monthly basis, the contractor shall complete a time sheet. Time sheets will be attached to the monthly invoice. Invoices are expected in a timely manner. The contractor will develop and provide ad-hoc reports as deemed appropriate and necessary. 13. TRAVEL/TRAINING Travel necessary to complete the deliverables of the SOW must be approved in advance by the State and reimbursed under general State guidelines for travel reimbursement, with the exception of relocation costs. Reloc ation costs are the responsibility of the contractor and will not be reimbursed by the State. A set amount of $1,000 will be budgeted for all travel/training during the term of the agreement. 14. TERMS AND CONDITIONS The agreement will be issued on a time and material basis. The hours projected will be at a maximum. The contractor cost shall not exceed maximum cost to complete the project. Any excess shall not be at the cost to the State. All bidders must agree to the general terms and conditions of the CMAS. 14.1 Amendments to the CMAS Purchase Order Any purchase order resulting from this RFO may be amended to extend the contract term, contract total, and the Statement of Work at any time by mutual agreement of the parties. All such amendments shall be in writing and issued only upon written concurrence of the contractor. 14.2 Cancellation/Termination A. This agreement may be canceled or terminated without cause by either party by giving thirty (30) calendar days advance written notice to the other party. Such notification shall state the effective date of termination or cancellation and include any final performance and/or payment/invoicing instructions/requirements. B. Upon receipt of the notice of termination or cancellation from California Department of Health Care Services (DHCS), contractor shall take immediate steps to stop performance and to cancel or reduce subsequent contract costs. Page 7 of 11 REQUEST FOR OFFER Office of HIPAA Compliance C. Contractor shall be entitled to payment for all allowable costs authorized under this agreement, including authorized non-cancelable obligations incurred up to the date of termination or cancellation, provided such expenses do not exceed the stated maximum amounts payable. 15. CONFLICT OF INTEREST EXCLUSION 1. The vendor selected to provide services under this SOW will be excluded from responding to future DHCS-OHC solicitations related to HIPAA project SOWs developed under this agreement. 2. The vendor selected to provide the services under this SOW may respond to other DHCS-OHC solicitations that are not related to future SOWs developed under this agreement. 16. KEY ASSUMPTIONS DHCS retains overall responsibility and ownership of any documentation created under the terms of this contract. 17. STATE RESPONSIBILITIES All contractor communications will be addressed to the IT Section Chief who has the authority to act for DHCS in all aspects of this SOW. Additionally, DHCS responsibilities include the following: a. b. c. d. e. f. g. h. i. j. Provide overall task direction to contractor staff; Serve as the interface between the contractor staff and DHCS; Attend project status meetings; Help resolve and escalate issues, as necessary; Review and/or approve all work products; Notification of any change in work plan or scope; Provide facilities for meetings; Make available appropriate staff for achieving tasks of this contract by providing timely access to subject matter experts; Provide workstation equipment, necessary software and office space; and Obtain security clearance to provide contractor staff access to the building during normal business hours. Page 8 of 11 REQUEST FOR OFFER Office of HIPAA Compliance 18. PERIOD OF PERFORMANCE The term of the agreement is expected to be one (1) year (estimated to be February 18, 2008 to February 17, 2009). The agreement term may change if DHCS makes an award earlier than expected or if DHCS cannot execute the agreement in a timely manner due to unforeseen delays. 19. SERVICE LOCATION/HOURS Services shall be performed at the space provided by DHCS, currently located at the East End Complex, Capitol Avenue, Sacramento, 95814. All work must be completed onsite, unless specifically approved by DHCS. Services shall be provided during working hours of 8:00 a.m. to 5:00 p.m., Monday through Friday, except official State holidays. 20. FUNDING LIMIT A maximum of $240,000 is anticipated to be made available to obtain the services described in this SOW. Funding for each state fiscal year is subject to an annual appropriation by the State Legislature or Congress. If full funding does not become available, DHCS will cancel the agreement or amend it to reflect reduced funding and reduced activities. Continuation beyond the first state fiscal year is also subject to the contractor’s successful performance. Without prior DHCS authorization, you may not expend funds set aside for one budget period in a subsequent budget period. 21. QUESTIONS ON STATEMENT OF WORK Immediately notify DHCS if you need clarification about the services sought or have questions about the CMAS instructions or requirements. Put your questions in writing and transmit them to DHCS as instructed below. DHCS’ response to a vendor’s inquiry will be transmitted by fax or e-mail to the requestor. DHCS will transmit the question(s) and response(s) to those vendor’s who received the SOW, via e-mail. DHCS reserves the right not to accept or respond to individual inquiries based on the nature of the inquiry. At its discretion, DHCS may contact an inquirer to seek clarification of any question or inquiry received. Page 9 of 11 REQUEST FOR OFFER Office of HIPAA Compliance 21.1 What to include in an inquiry: 1. Your name, name of your firm, mailing address, area code and telephone number, fax number and e-mail address (if applicable). 2. A description of the subject or issue in question or SOW discrepancy found. 3. SOW section, page number or other information useful in identifying the specific problem or issue in question. 4. Remedy sought, if any. 21.2 Label and submit all questions and inquiries as follows: Questions: OHC 07-023 Department of Health Care Services Office of HIPAA Compliance Attn: Erghe Poston Fax questions to: (916) 449-5125. E-mail questions to: erghe.poston@dhcs.ca.gov Verbal inquiries are discouraged unless the inquiry involves an immaterial issue surrounding clarification of CMAS instructions, general submission questions (i.e., content, format), steps of the CMAS process, or simple clarification of SOW requirements. DHCS reserves the right not to accept or respond to individual verbal inquiries based on the nature of the inquiry. Spontaneous verbal remarks provided in response to verbal inquires may not be binding on DHCS unless later confirmed in writing. Vendors that fail to report a known or suspected problem with this SOW or fail to seek clarification and/or correction of this SOW shall submit a proposal at his/her own risk. 21.3 QUESTION DEADLINE Fax or e-mail your questions to DHCS no later than November 28, 2007 at 12 P.M. (noon). Errors in the SOW or its instructions may be reported up to the proposal submission due date. Page 10 of 11 DHS Office of REQUEST FOR OFFER HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT HIPAA Compliance APPENDIX A: COST TEMPLATE Name Labor Category Function HIPAA Disaster Recovery & Emergency Mode Operations Expert Est. Hours 1880 Hourly Rate $ Projected Cost $ Travel Cost Total Cost $ $ $1,000.00 $ NOTE: These hours are for cost proposal evaluation purposes and actual contract hours may vary – Do not change these hours. Page 11 of 11

Related docs
Template
Views: 20  |  Downloads: 0
Template
Views: 5  |  Downloads: 0
template
Views: 11  |  Downloads: 0
template
Views: 3  |  Downloads: 0
Template
Views: 16  |  Downloads: 0
Template
Views: 11  |  Downloads: 0
QUALIFICATION TEMPLATE
Views: 29  |  Downloads: 1
a4 template
Views: 15  |  Downloads: 1
ijoe template
Views: 3  |  Downloads: 0
download template
Views: 2  |  Downloads: 0
Airplane Template
Views: 0  |  Downloads: 0
for project template
Views: 84  |  Downloads: 1
Template Guide
Views: 0  |  Downloads: 0
abstract template
Views: 3  |  Downloads: 0
Other docs by gigi12
Pros and Cons of Reverse Mergers:
Views: 619  |  Downloads: 38
Shareholders Resolution Approving Increasing the Size of the Board
Views: 231  |  Downloads: 3
Contribution Agreement - eBay Inc eBay Belgium Holdings S A and iBazar SA and Internet Auction Co Ltd
Views: 370  |  Downloads: 2
Form FinCEN101 (PDF) Suspicious Activity Report - Securities And Futures Industry
Views: 518  |  Downloads: 6
CorpDocs-Board Resolution Approving a Proposed Contract
Views: 159  |  Downloads: 4
InVision Technologies Inc Ammendments and Bylaws
Views: 174  |  Downloads: 1
Sample Articles of Organization for a Delaware Statuatory Close Company
Views: 911  |  Downloads: 4
seeing is believing
Views: 209  |  Downloads: 2
Chart of Key Employee Benefit Plans and Programs
Views: 332  |  Downloads: 6
CORPDOCS Board Resolution Authorizing Split-Dollar Insurance Plan
Views: 185  |  Downloads: 1
Initial Notification of COBRA Rights
Views: 391  |  Downloads: 5
Form 6251 Alternative Minimum Tax-Individuals
Views: 1175  |  Downloads: 6
Stephen Colbert
Views: 253  |  Downloads: 0
The Hindu-Yogi Science of Breath
Views: 293  |  Downloads: 18
Agreement and Plan of Merger - Alcoa Inc and Cordant Technologies Inc
Views: 197  |  Downloads: 2