6515--ObservSmart Patient Rounding/Monitoring

Subject: 6515--ObservSmart Patient Rounding/Monitoring
Solicitation Number: 36C24123Q0482
Notice Type: PRESOL
NAICS: 334510
Notice Published: 09-18-23
Response Due: 09-20-23

Agency: Department of Veterans Affairs
Contact: Manasés Cabrera, Contracting Specialist This email address is being protected from spambots. You need JavaScript enabled to view it. Ph: (781) 687-4418
Office Address: TOGUS, ME 04330
Place of Performance: Department of Veterans Affairs VAMC Bedford 200 Springs Road, Bedford 01730

Related Notices:
        09-18-23 SOLICIT

Click for official SAM (FBO) notice, additional information, and accompanying attachments

Statement of Work Patient Safety/Monitoring System. Bedford VA Healthcare System Bedford VA Healthcare System is a seeking a vendor to submit a proposal to provide and install a patient safety monitoring, daily rounding, and compliance system for the Mental Health Inpatient Unit. This Statement of Work (SOW) is comprehensive and inclusive. System capabilities not specifically stated are excluded in this Scope of Work. Purpose: Installation of a patient safety and monitoring system (both hardware and software devices) in all Inpatient Units to document and record patient safety and rounding checks. The system will record the safety checks and rounding using the vendor software and hardware systems. This contract will be a five-year BPA. Scope of Work: The Contractor will: Conduct an on-site walkthrough with client s staff located at 200 Springs Road, Bedford MA 01730. Date and Time TBD upon award of contract. Provide specific hardware, software, and service with the following Salient Characteristics: Innovative patient observation solution that validates and documents patient s checks and rounding compliance. The observation solution will be designed explicitly for complex clinical workflows and challenging patient population care. Provide an individual patient wearable device that can be worn on the outside of the patient s wrist or arm, is lightweight and comfortable for the patient to wear, is water resistant where the patient can take showers or baths wearing it, is easy to clean, should have at least a 12 month battery life span, has a band or strap that is adjustable and can be cut off and discarded after use, is anti-microbial, is Bluetooth or wireless capable with computer, laptop and/or tablet hardware/software technologies. Software and hardware should be able to link or sync with the patient s wearable device. Software and hardware should allow for a pictorial identification of the patient wearing the individual device. Software and hardware should allow for customization for individual patient risk factors indicators that can be color-coded and displayed in real time. Software and hardware should prioritize the patient checks and rounding and customize individual time intervals information. Software and hardware should allow for a pre-countdown for each patient prior to their specific check or rounding as well as provide visual cues, numbers, and colors at the one-minute due or pass due intervals. Software and hardware should immediately alert medical staff if checks/rounding are passed due or are missed completely and should escalate the notification to supervision or other medical personnel. Software and hardware should also allow for escalation of alerts to primary, secondary, and tertiary personnel as needed. Software and hardware should also alert when 1:1 observation is no longer at the designated proximity or location and should notify medical personnel when the patient s sitter or monitor is dosing off and if the sitter or monitor does not respond. Software and hardware should allow for data stamping and time stamping of individual checks and rounding. Software and hardware should allow for real-time synchronization of patient transfers. Software and hardware should allow for a dashboard view of all unit tablets and display data in real time. System and hardware should allow for real-time data reporting as needed by the Client. Software and hardware should allow for HIPPA compliant, fully secure cloud-based data storage for client s data. This access will be 24 hours a day, 7 days a week, 365 days a year (including weekends and holidays). Create system documentation in a format compatible with VA software and computer system as directed. Provide all labor, materials, software, hardware, transportation, and equipment to complete the furnishing, installation, assembly, set up and testing of the software and hardware systems, to include: Patient individual wearable monitoring devices or beacons Individual patient wearable monitoring devices straps and bands Implementation and User training: A one-time initial training of staff is required during the go-live period. Two trainers will be required to be on site for up to 5 days, Monday-Friday. 2-3 units will be brought online initially, followed by the remaining ones after that. An additional 2.5 days of implementation training will also be required twice a year. Perform all work pursuant to a plan developed by the CLIENT. Purchase, deliver, assemble, test, and modify computer equipment and software as specified on the completed equipment and software list. Furnish and install all necessary conduit, cabling, boxes, conversion, routing and switching equipment, and programming labor required for complete and fully operational systems. Mark all cables, regardless of length, with permanent, non-handwritten number of letter cable markers within six inches of both ends. There shall be no unmarked cables at any places in the system. Marking codes used on cables shall correspond to the codes shown on system drawings. Warranty the entire system installation for a minimum of one year from the data of system acceptance by the CLIENT. Component, system, and hardware warranties shall be honored for the term established by the manufacturer, if greater than one year. Provide a designated supervisor present and in responsible charge on the project site during all phases of the installation and testing of the project. Test the monitoring system and demonstrate to the CLIENT that they are functioning effectively. The governing overall requirement is complete and functional systems. Provide a project maintenance binder with all manufacturer s specific operation and maintenance instructions manuals for each piece of equipment installed. Provide operation, maintenance and training sessions on complete systems, hardware, and software components at the beginning of each fiscal year for up to the lifetime of the contract and/or at the CLIENT s request and during normal CLIENT business operation hours. Provide the following training and support: 24 x 7 (365-days) troubleshooting, workflow support or process problem solving, and compliance analytics as needed. 24 x 7 (365-days) ongoing support, maintenance of software and hardware, as well as providing any upgrades to software, devices, hardware, and operating platforms that are and will become available. Assign a project manager for the work of this project after the bid is awarded. Make the project workspace available during regular business hours or as directed by the Client Coordinate with the Contractor to schedule the workspace for the installation work as needed. Provide the Contractor with updated project plans, schematic drawings, and a schedule of overall project date as needed. Period of Performance: This contract will be a BPA: 9/30/2023 9/29/2028 Place of Performance Monitoring System to be used in the Bedford VA Healthcare System located at 200 Springs Road, Bedford, MA 01730 Deliverables Schedule: All deliverables are to be delivered no later than 30 calendar days from the awarded of the contract. Applicable Standards: Vendor will provide 24 x 7 (365-days) ongoing support, including maintenance of software and hardware, as well as providing any upgrades to software, devices, hardware, and operating platforms that are and will become available. Acceptance Criteria: See Section 2) items a-o, Provide specific hardware, software and service characteristics. Special Requirements: Vendor will provide a separate document describing the characteristics of the product(s), services(s), hardware and software being provided to the Client. Type of Contract/Payment Schedule: The project acceptance will be contingent upon the available budget. Therefore, a detailed schedule of payments (by phase, pre-payment, quarter, etc.) is required. NARA Records Management Language for Contracts (May 2017) Contractor shall comply with all applicable records management laws and regulations, as well as National Archives and Records Administration (NARA) records policies, including but not limited to the Federal Records Act (44 U.S.C. chs. 21, 29, 31, 33), NARA regulations at 36 CFR Chapter XII Subchapter B, and those policies associated with the safeguarding of records covered by the Privacy Act of 1974 (5 U.S.C. 552a). These policies include the preservation of all records, regardless of form or characteristics, mode of transmission, or state of completion.  In accordance with 36 CFR 1222.32, all data created for Government use and delivered to, or falling under the legal control of, the Government are Federal records subject to the provisions of 44 U.S.C. chapters 21, 29, 31, and 33, the Freedom of Information Act (FOIA) (5 U.S.C. 552), as amended, and the Privacy Act of 1974 (5 U.S.C. 552a), as amended and must be managed and scheduled for disposition only as permitted by statute or regulation.  In accordance with 36 CFR 1222.32, Contractor shall maintain all records created for Government use or created in the course of performing the contract and/or delivered to, or under the legal control of the Government and must be managed in accordance with Federal law. Electronic records and associated metadata must be accompanied by sufficient technical documentation to permit understanding and use of the records and data.  VA North Texas Health Care System and its contractors are responsible for preventing the alienation or unauthorized destruction of records, including all forms of mutilation. Records may not be removed from the legal custody of VA North Texas Health Care System or destroyed except for in accordance with the provisions of the agency records schedules and with the written concurrence of the Head of the Contracting Activity. Willful and unlawful destruction, damage or alienation of Federal records is subject to the fines and penalties imposed by 18 U.S.C. 2701. In the event of any unlawful or accidental removal, defacing, alteration, or destruction of records, Contractor must report to VA North Texas Health Care System. The agency must report promptly to NARA in accordance with 36 CFR 1230. The Contractor shall immediately notify the appropriate Contracting Officer upon discovery of any inadvertent or unauthorized disclosures of information, data, documentary materials, records, or equipment. Disclosure of non-public information is limited to authorized personnel with a need-to-know as described in the [contract vehicle]. The Contractor shall ensure that the appropriate personnel, administrative, technical, and physical safeguards are established to ensure the security and confidentiality of this information, data, documentary material, records and/or equipment is properly protected. The Contractor shall not remove material from Government facilities or systems, or facilities or systems operated or maintained on the Government s behalf, without the express written permission of the Head of the Contracting Activity. When information, data, documentary material, records and/or equipment is no longer required, it shall be returned to VA North Texas Health Care System control, or the Contractor must hold it until otherwise directed. Items returned to the Government shall be hand carried, mailed, emailed, or securely electronically transmitted to the Contracting Officer or address prescribed in the [contract vehicle]. Destruction of records is EXPRESSLY PROHIBITED unless in accordance with Paragraph (4). The Contractor is required to obtain the Contracting Officer's approval prior to engaging in any contractual relationship (sub-contractor) in support of this contract requiring the disclosure of information, documentary material and/or records generated under, or relating to, contracts. The Contractor (and any sub-contractor) is required to abide by Government and VA North Texas Health Care System guidance for protecting sensitive, proprietary information, classified, and controlled unclassified information. The Contractor shall only use Government IT equipment for purposes specifically tied to or authorized by the contract and in accordance with VA North Texas Health Care System policy.  The Contractor shall not create or maintain any records containing any non-public VA North Texas Health Care System information that are not specifically tied to or authorized by the contract.  The Contractor shall not retain, use, sell, or disseminate copies of any deliverable that contains information covered by the Privacy Act of 1974 or that which is generally protected from public disclosure by an exemption to the Freedom of Information Act.  The VA North Texas Health Care System owns the rights to all data and records produced as part of this contract. All deliverables under the contract are the property of the U.S. Government for which VA North Texas Health Care System shall have unlimited rights to use, dispose of, or disclose such data contained therein as it determines to be in the public interest. Any Contractor rights in the data or deliverables must be identified as required by FAR 52.227-11 through FAR 52.227-20. Training.  All Contractor employees assigned to this contract who create, work with, or otherwise handle records are required to take VHA-provided records management training, Talent Management System (TMS) Item #10176, Privacy and Information Security, Rules of Behavior. The Contractor is responsible for confirming training has been completed according to agency policies, including initial training and any annual or refresher training.  Privacy Contractors and any subcontractors must adhere to the provisions of Public Law 104-191, Health Insurance Portability and Accountability Act (HIPAA) of 1996. This includes both the Privacy and Security Rules published by the Department of Health and Human Services (HHS). As required by HIPAA, HHS has promulgated rules governing the use and disclosure of protected health information by covered entities, Veterans Health Administration (VHA). In accordance with HIPAA, the contractor may be required to enter into a Business Associate Agreement (BAA) with VHA. Business associates must follow VHA privacy policies and practices when applicable. All contractors and business associates must receive privacy training annually. For contractors and business associates who do not have access to VHA computer systems, this requirement is met by completing VHA National Privacy Policy training, other VHA approved privacy training or contractor furnished training that meets the requirements of the HHS Standards for Privacy of Individually Identifiable Health Information as determined by VHA. For contractors and business associates who are granted access to VHA computer systems, this requirement is met by completing VHA National Privacy Policy training or other VHA approved privacy training. Proof of training is required upon request. Information Technology Security requirements section    As prescribed in 839.201, insert the following clause: The contractor, their personnel, and their subcontractors shall be subject to the Federal laws, regulations, standards, and VA Directives and Handbooks regarding information and information system security as delineated in this contract.    1. GENERAL  Contractors, contractor personnel, subcontractors, and subcontractor personnel shall be  subject to the same Federal laws, regulations, standards, and VA Directives and Handbooks  as VA and VA personnel regarding information and information system security.    2. ACCESS TO VA INFORMATION AND VA INFORMATION SYSTEMS  A contractor/subcontractor shall request logical (technical) or physical access to VA information and VA information systems for their employees, subcontractors, and affiliates only to the extent necessary to perform the services specified in the contract, agreement, or task order.  All contractors, subcontractors, and third-party servicers and associates working with VA information are subject to the same investigative requirements as those of VA appointees or employees who have access to the same types of information. The level and process of background security investigations for contractors must be in accordance with VA Directive and Handbook 0710, Personnel Suitability and Security Program. The Office for Operations, Security, and Preparedness is responsible for these policies and procedures.  Contract personnel who require access to national security programs must have a valid security clearance. National Industrial Security Program (NISP) was established by Executive Order 12829 to ensure that cleared U.S. defense industry contract personnel safeguard the classified information in their possession while performing work on contracts, programs, bids, or research and development efforts. The Department of Veterans Affairs does not have a Memorandum of Agreement with Defense Security Service (DSS). Verification of a Security Clearance must be processed through the Special Security Officer located in the Planning and National Security Service within the Office of Operations, Security, and Preparedness.  Custom software development and outsourced operations must be located in the U.S. to the maximum extent practical. If such services are proposed to be performed abroad and are not disallowed by other VA policy or mandates, the contractor/subcontractor must state where all non-U.S. services are provided and detail a security plan, deemed to be acceptable by VA, specifically to address mitigation of the resulting problems of communication, control, data protection, and so forth. Location within the U.S. may be an evaluation factor.  The contractor or subcontractor must notify the Contracting Officer immediately when an employee working on a VA system or with access to VA information is reassigned or leaves, he contractor or subcontractor s employ. The Contracting Officer must also be notified immediately by the contractor or subcontractor prior to an unfriendly termination.  3. VA INFORMATION CUSTODIAL LANGUAGE  Information made available to the contractor or subcontractor by VA for the performance or administration of this contract or information developed by the contractor/subcontractor in performance or administration of the contract shall be used only for those purposes and shall not be used in any other way without the prior written agreement of the VA. This clause expressly limits the contractor/subcontractor's rights to use data as described in Rights in Data - General, FAR 52.227-14(d) (1).  VA information should not be co-mingled, if possible, with any other data on the contractors/subcontractor s information systems or media storage systems to ensure VA requirements related to data protection and media sanitization can be met. If co-mingling must be allowed to meet the requirements of the business need, the contractor must ensure that VA s information is returned to the VA or destroyed in accordance with VA s sanitization requirements. VA reserves the right to conduct onsite inspections of contractor and subcontractor IT resources to ensure data security controls, separation of data and job duties, and destruction/media sanitization procedures follow VA directive requirements.  Prior to termination or completion of this contract, contractor/subcontractor must not destroy information received from VA, or gathered/created by the contractor while performing this contract without prior written approval by the VA. Any data destruction done on behalf of VA by a contractor/subcontractor must be done in accordance with National Archives and Records Administration (NARA) requirements as outlined in VA Directive 6300, Records and Information Management and its Handbook 6300.1 Records Management Procedures, applicable VA Records Control Schedules, and VA Handbook 6500.1, Electronic Media Sanitization. Self-certification by the contractor that the data destruction requirements above have been met must be sent to the VA Contracting Officer within 30 days of termination of the contract.  The contractor/subcontractor must receive, gather, store, back up, maintain, use, disclose and dispose of VA information only in compliance with the terms of the contract and applicable Federal and VA information confidentiality and security laws, regulations, and policies. If Federal or VA information confidentiality and security laws, regulations and policies become applicable to the VA information or information systems after execution of the contract, or if NIST issues or updates applicable FIPS or Special Publications (SP) after execution of this contract, the parties agree to negotiate in good faith to implement the information confidentiality and security laws, regulations, and policies in this contract.  The contractor/subcontractor shall not make copies of VA information except as authorized and necessary to perform the terms of the agreement or to preserve electronic information stored on contractor/subcontractor electronic storage media for restoration in case any electronic equipment or data used by the contractor/subcontractor needs to be restored to an operating state. If copies are made for restoration purposes, after the restoration is complete, the copies must be appropriately destroyed.  If VA determines that the contractor has violated any of the information confidentiality, privacy, and security provisions of the contract, it shall be sufficient grounds for VA to withhold payment to the contractor or third party or terminate the contract for default or terminate for cause under Federal Acquisition Regulation (FAR) part 12.  If a VHA contract is terminated for cause, the associated BAA must also be terminated and appropriate actions taken in accordance with VHA Handbook 1600.01, Business Associate Agreements. Absent an agreement to use or disclose protected health information, there is no business associate relationship.  The contractor/subcontractor must store, transport, or transmit VA sensitive information in an encrypted form, using VA-approved encryption tools that are, at a minimum, FIPS 140-2 validated.  The contractor/subcontractor s firewall and Web services security controls, if applicable, shall meet or exceed VA s minimum requirements. VA Configuration Guidelines are available upon request.  Except for uses and disclosures of VA information authorized by this contract for performance of the contract, the contractor/subcontractor may use and disclose VA information only in two other situations: (i) in response to a qualifying order of a court of competent jurisdiction, or (ii) with VA s prior written approval. The contractor/subcontractor must refer all requests for, demands for production of, or inquiries about, VA information and information systems to the VA contracting officer for response.  Notwithstanding the provision above, the contractor/subcontractor shall not release VA records protected by Title 38 U.S.C. 5705, confidentiality of medical quality assurance records and/or Title 38 U.S.C. 7332, confidentiality of certain health records pertaining to drug addiction, sickle cell anemia, alcoholism or alcohol abuse, or infection with human immunodeficiency virus. If the contractor/subcontractor is in receipt of a court order or other requests for the above-mentioned information, that contractor/subcontractor shall immediately refer such court orders or other requests to the VA contracting officer for response.  For service that involves the storage, generating, transmitting, or exchanging of VA sensitive information but does not require C&A or an MOU-ISA for system interconnection, the contractor/subcontractor must complete a Contractor Security Control Assessment (CSCA) on a yearly basis and provide it to the COR.  GENERAL RULES OF BEHAVIOR  Rules of Behavior are part of a comprehensive program to provide complete information security. These rules establish standards of behavior in recognition of the fact that knowledgeable users are the foundation of a successful security program. Users must understand that taking personal responsibility for the security of their computer and the information it contains is an essential part of their job.  The following rules apply to all VA contractors. I agree to:  Follow established procedures for requesting, accessing, and closing user accounts and access. I will not request or obtain access beyond what is normally granted to users or by what is outlined in the contract.  Use only systems, software, databases, and data which I am authorized to use, including any copyright restrictions.  I will not use other equipment (OE) (non-contractor owned) for the storage, transfer, or processing of VA sensitive information without a VA CIO approved waiver, unless it has been reviewed and approved by local management and is included in the language of the contract. If authorized to use OE IT equipment, I must ensure that the system meets all applicable 6500 Handbook requirements for OE.  Not use my position of trust and access rights to exploit system controls or access information for any reason other than in the performance of the contract.  Not attempt to override or disable security, technical, or management controls unless expressly permitted to do so as an explicit requirement under the contract or at the direction of the COR or ISO. If I am allowed or required to have a local administrator account on government-owned computer, that local administrative account does not confer me unrestricted access or use, nor the authority to bypass security or other controls except as expressly permitted by the VA CIO or CIO's designee.  Contractors use of systems, information, or sites is strictly limited to fulfill the terms of the contract. I understand no personal use is authorized. I will only use other Federal government information systems as expressly authorized by the terms of those systems. I accept that the restrictions under ethics regulations and criminal law still apply.  Grant access to systems and information only to those who have an official need to know.  Protect passwords from access by other individuals.  Create and change passwords in accordance with VA Handbook 6500 on systems and any devices protecting VA information as well as the rules of behavior and security settings for the system in question.  Protect information and systems from unauthorized disclosure, use, modification, or destruction. I will only use encryption that is FIPS 140-2 validated to safeguard VA sensitive information, both safeguarding VA sensitive information in storage and in transit regarding my access to and use of any information assets or resources associated with my performance of services under the contract terms with the VA.  Follow VA Handbook 6500.1, Electronic Media Sanitization to protect VA information. I will contact the COR for policies and guidance on complying with this requirement and will follow the COR's orders.  Ensure that the COR has previously approved VA information for public dissemination, including e-mail communications outside of the VA as appropriate. I will not make any unauthorized disclosure of any VA sensitive information using any means of communication including but not limited to e-mail, instant messaging, online chat, and web bulletin boards or logs.  Not host, set up, administer, or run an Internet server related to my access to and use of any information assets or resources associated with my performance of services under the contract terms with the VA unless explicitly authorized under the contract or in writing by the COR.  Protect government property from theft, destruction, or misuse. I will follow VA directives and handbooks on handling Federal government IT equipment, information, and systems. I will not take VA sensitive information from the workplace without authorization from the COR.  Only use anti-virus software, antispyware, and firewall/intrusion detection software authorized by VA. I will contact the COR for policies and guidance on complying with this requirement and will follow the COR's orders regarding my access to and use of any information assets or resources associated with my performance of services under the contract terms with VA.  Not disable or degrade the standard anti-virus software, antispyware, and/or firewall/intrusion detection software on the computer I use to access and use information assets or resources associated with my performance of services under the contract terms with VA. I will report anti-virus, antispyware, firewall or intrusion detection software errors, or significant alert messages to the COR.  Understand that restoration of service of any VA system is a concern of all users of the system.  Complete required information security and privacy training, and complete required training for the systems to which I require access.