Statement of Work (SOW) Transaction #: 689-25-3-7933-0180 Mobile MRI Scanner Lease General: This document highlights the technical specifications and services being requested by the VA Connecticut Healthcare System for consideration towards the lease of a Siemens mobile 1.5t MRI Scanner. The Siemens mobile MRI scanner will provide routine MRI scanning capabilities while the current in-house 3t mri scanner undergoes an upgrade. Background/Justification: The current 3T MRI scanner is greater than 12 years old and has come to the end of its service lifecycle. The MRI section routinely completes 6800 MRI scans per year; about half of the mri scans are completed using the 3t mri scanner. The MRI section has been operated at capacity for many years, in fact we currently have CITC charges to cover the MRI needs of VACT. This lease will allow VACT to continue to provide MRI scans at our current level during the 3T mri scanner upgrade. The 3t upgrade is expected to take about 3-4 months. This lease will allow for some 900 mri scan to be completed at VACT instead of routing them to CITC. Electing to send the displaced MRI scans to CITC would create additional costs for the VA. Leasing an MRI scanner (without staff) would also create additional costs. Description of Work: Under this proposal, the vendor shall provide One (1) Siemens Magnetom Aera 1.5T MRI system housed in a mobile coach. The vendor shall provide all software, hardware, accessories, and coils for the Siemens Magnetom Aera scanner to included, but not limited to: Tim Application Suite - Neuro Suite - Angio Suite - Cardiac Suite - Body Suite - Onco Suite - Breast Suite - Ortho Suite - Pediatric Suite - Scientific Suite Further included - High performance host computer - Patient communication: standard headphones and MagnaCoil In-Ear headset - Siemens unique TimCT FastView localizer and CAIPIRINHA - syngo MR software including - 1D/2D PACE - BLADE - iPAT² - Phoenix - Inline Diffusion - WARP - MDDW (Multiple Direction Diffusion Weighting) - CISS - DE RS Upgrade Magnet Cooling System RS ecoline MR System Delivery RS myExam Brain Ass RS syngo Expert-i XA MR General Engine #B Tim Planning Suite #B syngo TimCT FastView #B Advanced Diffusion #N RS Standard Coil Package 24-ch #Ae This package includes: - Head/Neck 16 DirectConnect - Spine 24 DirectConnect - Body 6 - Flex Large 4 - Flex Small 4 - Flex Coil inter RS Shoulder 16 Coil Kit #A RS Tx/Rx Knee 15 Flair 1.5T #A RS Foot/Ankle 16 #A Under this proposal, the vendor shall provide all software, hardware, accessories, operator and service training, and manuals for the Philips ViewForum workstation upgrade. The vendor shall provide all required service labor, travel, and parts for the Philips ViewForum required for it to function normally and safely prior to first patient use. All services performed shall be in accordance with the original equipment manufacturer (OEM) specifications. Product delivery will be the responsibility of the vendor working with the CT VAMC warehouse POC. The vendor will be responsible for delivery and installation of the equipment. Summary of Service & Equipment Specifications: Equipment, Software, Hardware, Labor, Travel, Delivery & Installation for the Philips ViewForum upgrade from Windows 7 to Windows 10 will be provided by vendor including but not limited to the below items: 459801830281 ViewForum Replacement Pack CCC-L11 Standard 12 month warranty Clinical applications training Hours of Performance: Normal hours of coverage are Monday through Friday 8:00 AM to 9:00 PM EST excluding federal holidays. All service will be performed during normal hours of coverage unless requested or approved by the Contracting Officer s Representative (COR). Federal Holidays observed by the VAMC are: New Year s Day Martin Luther King Day Presidents Day Memorial Day Juneteenth Day Independence Day Labor Day Columbus/Indigenous People s Day Veterans Day Thanksgiving Day Christmas Day NOTE: Hardware/software update/upgrade installations will be scheduled and performed at a mutually agreed upon time at no additional charge to the Government (unless it would be detrimental to equipment up-time; to be determined by the COR or designated representatives. Government provides software/hardware upgrade/update. There shall be no additional charge for time spent at the site during or after the normal hours of coverage awaiting the arrival of additional FSE and/or delivery of parts. Training Provided / Training Materials: On-site clinical applications training for technologists during go-live On-site follow-up clinical applications training for technologists once technologists have hands-on experience with the system On-site clinical applications training for physicians during go-live Technologists who complete the clinical applications training shall receive continuing education credits (CMEs) Vendor shall be responsible for accommodating different personnel shifts for clinical applications training during go-live Vendor to provide all appropriate training materials and equipment manuals for proper end user training and reference Service Requirements: Vendor is encouraged to include any offerings for service, warranty, and training that may exceed the minimum requirements, to include information on their service support structure during the lease period. VPN/Remote Access The vendor shall provide any and all equipment service programs, such as remote diagnostics, during the lease period. The system shall provide vendor remote diagnostics via VPN. The vendor shall either utilize the VA national site-to-site VPN or work with the Office of Cyber and Information Security and the VAMC Information Systems Security Officer to establish a client-based VPN. Service and Operator Manuals The vendor shall provide the following documentation for the proposed systems: Two (2) copies of operator instruction manuals (one (1) electronic and one (1) physical copy) Two (2) copies of a service manuals (one (1) electronic and one (1) physical copy) Minimum Warranty The system and accessories shall be covered under the manufacturer s warranty and shall include all parts and labor for the period of this lease This warranty must include PMs as required by the manufacturer. The manufacturer s factory-trained field service representatives shall perform installation and maintenance during the lease period. Conformance Standards: Contractor shall provide service and ensure that the equipment functions in accordance with the equipment manufacturer s technical performance specifications. Contractor shall conform to all regulations to include but not be limited to federal, state, and local governing any chemicals, equipment or work which may be used or performed in the work under this contract. Preventative Maintenance: Perform system scheduled maintenance inspections as outlined in the user s manual developed by the manufacturer for the main devices and any peripheral devices of the system. Parts & Software Exchange: All parts and software required for the installation of the system (excludes instruments and accessories) are covered. Part Protection: Preferred pricing on repairs or replacement due to accidental damage. Labor & Travel Expenses: All labor and travel conducted during normal business hours: Monday through Friday, 8:00 AM to 9:00PM EST (excludes vendor company holidays) are covered via the lease. Certified Trained Technicians and Key Personnel: Technicians shall include fully qualified Facility Service Engineers (FSE) and a fully qualified FSE who will serve as the backup and show proof of competency, as shown by training conducted on said system. "Fully Qualified" is based upon training and on experience in the field. For training, the FSE(s) has successfully completed a formalized training program, for the equipment identified in this statement of work. For field experience, the FSE(s) has a minimum of two years of experience (except for equipment newly on the market) with respect to scheduled and unscheduled preventive and remedial maintenance. Proof of training shall be provided upon demand and be immediately sent via fax, upon demand to the COR. All FSE s and technicians shall be authorized by the Contractor to perform the maintenance services. All work shall be performed by "Fully Qualified" competent FSE's. The COR and/or designated representative specifically reserve the right to reject any of the Contractor's personnel and refuse them permission to work on the VAMC equipment. It is anticipated that any hospital regulatory inspections (TJC, etc.) will have the vendor providing proof that they meet industry standards of quality, and traceable standards, as used to calibrate this device- system, at the time of the maintenance event. Service Manuals/Tools/Equipment: All required service manuals, tools, and equipment are to be provided by the vendor. Check in Requirements: The Field Service Engineer must report to the Biomedical Engineering Department to obtain a badge and sign in with the Biomedical Engineering Service before work begins. Submit any mobile media devices that would be used on the system to a virus scan. Upon completion of work, the Field Service Engineer must report to the Biomedical Engineering Service to sign out and brief Biomedical Staff or Supervisor if Biomedical Staff is unavailable concerning completion of service. At the end of briefing Field Service Engineer will return the badge and sign out in the Biomedical Engineering Department. Documentation: Contractor shall furnish a detailed field service report upon completion of work to Biomedical Staff in the Biomed Department. Payment will not be processed until a properly completed service report is received. The service report shall contain, at a minimum, the following information: Identification of equipment to be serviced: VA EE Number Vendor Inventory ID number Manufacturer Name Device Name Model Number Serial Number System ID Name of contractor and contract number Name of FSE who performed services Contractor service ESR number/log number Date, time (starting and ending), equipment downtime and hours on-site for service call VA purchase order number(s) covering the call if outside normal working hours Total time spent performing maintenance. Detailed narrative and itemized description of the services required and performed including: Labor and travel Parts (with part numbers) Materials Location Corrective Action Copies of all test reports Complete list of parts replaced (when applicable) Date and time the repair/support was completed Total Cost to be billed (if applicable i.e., part(s) not covered, or service rendered after normal hours of coverage). Signatures: FSE performing services described Authorized VA employee who witnessed service described NOTE: - Any additional charges claimed must be approved by the COR or designated representative before service is completed! The service report shall itemize every item in the specification. Each item shall state the "as found" condition or values, the "calibrated to" or "adjusted to" values, the factory design tolerances, and a complete description of all work performed concerning the items. Included will be a list of new parts used and recommended future repairs. Reporting Requirements: The Contractor shall be required to report to the Clinical Engineering Department to log in. This check- in is mandatory. When the service is completed, the FSE shall document services rendered on a legible ESR(s). The FSE shall be required to log out with Biomedical Engineering and submit the ESR(s) to the COR or designated representative. ALL ESRs shall be submitted to the equipment user for an "acceptance signature" and to the COR or designated representative for an "authorization signature". If COR or designated representative is unavailable, a signed, authorized copy of the ESR will be left with the user. Place of Performance: Department of Veterans Affairs VA Connecticut Healthcare System West Haven VA Medical Center 950 Campbell Avenue West Haven, CT 06516 Contracting Officer Representatives: Prior to contract award, the Contracting Officer shall designate a VA Medical Center employee as the COR. All work coordination shall be made through the COR. The Contractor shall be provided a copy of the letter of delegation authorizing the COR at the commencement of the term of the contract. No other person shall be authorized to act in such capacity unless appointed in writing by the Contracting Officer. Information Technology Security Requirements: The contractor, their personnel, and their subcontractors shall be subject to the Federal laws, regulations, standards, and VA Directives and Handbooks regarding information and information system security as delineated in this contract. The contractor shall comply with all Federal laws and regulations the VA has developed when VA sensitive information is accessed, used, stored, generated, transmitted, or exchanged by and between VA and a contractor. The information made available to the contractor by VA for the performance of this contract will be used only for the purposes of performance under this contract. The certification and accreditation requirements do not apply to this requirement and a security accreditation package is not required. Security Statement: Sensitive VA information is contained within the systems covered by this contract. Biomedical Engineering shall perform virus scans on all removable media prior to use on VA medical equipment. This includes all types of removable media, including media (e.g., USB devices, CDs, dongles, etc.) that has been issued by VA, media not issued by VA, and media brought in by vendors or independent service organizations. Within accordance of VA Directive 6500, Information Security Program, September 2007 The Vendor will not transfer any VA information to a location outside the VA and only to VA locations determined by the VA System Administrator. The information in these systems may be covered by the Privacy Act 1974 which contains criminal penalties of abuse of information. During onsite service, the Vendor shall be chaperoned by VA Personnel. However, the vendor shall not be issued a User ID/Password. Non-volatile memory devices, working or non-working, shall NOT be removed from the VA Medical Center West Haven until the ISO has certified that the data has been destroyed. For magnetic devices and media, the data destruction will be by degaussing. Other forms of cleansing will be used for non-magnetic media. The vendor will not have remote access to complete the repair(s) and preventive maintenance. GENERAL Contractors, contractor personnel, subcontractors, and subcontractor personnel shall be subject to the same Federal laws, regulations, standards, and VA Directives and Handbooks as VA and VA personnel regarding information and information system security. 2. ACCESS TO VA INFORMATION AND VA INFORMATION SYSTEMS a. A contractor/subcontractor shall request logical (technical) or physical access to VA information and VA information systems for their employees, subcontractors, and affiliates only to the extent necessary to perform the services specified in the contract, agreement, or task order. b. All contractors, subcontractors, and third-party servicers and associates working with VA information are subject to the same investigative requirements as those of VA appointees or employees who have access to the same types of information. The level and process of background security investigations for contractors must be in accordance with VA Directive and Handbook 0710, Personnel Suitability and Security Program. The Office for Operations, Security, and Preparedness is responsible for these policies and procedures. c. Contract personnel who require access to national security programs must have a valid security clearance. National Industrial Security Program (NISP) was established by Executive Order 12829 to ensure that cleared U.S. defense industry contract personnel safeguard the classified information in their possession while performing work on contracts, programs, bids, or research and development efforts. The Department of Veterans Affairs does not have a Memorandum of Agreement with Defense Security Service (DSS). Verification of a Security Clearance must be processed through the Special Security Officer located in the Planning and National Security Service within the Office of Operations, Security, and Preparedness. d. Custom software development and outsourced operations must be located in the U.S. to the maximum extent practical. If such services are proposed to be performed abroad and are not disallowed by other VA policy or mandates, the contractor/subcontractor must state where all non-U.S. services are provided and detail a security plan, deemed to be acceptable by VA, specifically to address mitigation of the resulting problems of communication, control, data protection, and so forth. Location within the U.S. may be an evaluation factor. e. The contractor or subcontractor must notify the Contracting Officer immediately when an employee working on a VA system or with access to VA information is reassigned or leaves the contractor or subcontractor s employ. The Contracting Officer must also be notified immediately by the contractor or subcontractor prior to an unfriendly termination. 3. VA INFORMATION CUSTODIAL LANGUAGE a. Information made available to the contractor or subcontractor by VA for the performance or administration of this contract or information developed by the contractor/subcontractor in performance or administration of the contract shall be used only for those purposes and shall not be used in any other way without the prior written agreement of the VA. This clause expressly limits the contractor/subcontractor's rights to use data as described in Rights in Data - General, FAR 52.227-14(d) (1). b. VA information should not be co-mingled, if possible, with any other data on the contractors/subcontractor s information systems or media storage systems in order to ensure VA requirements related to data protection and media sanitization can be met. If co-mingling must be allowed to meet the requirements of the business need, the contractor must ensure that VA s information is returned to the VA or destroyed in accordance with VA s sanitization requirements. VA reserves the right to conduct on site inspections of contractor and subcontractor IT resources to ensure data security controls, separation of data and job duties, and destruction/media sanitization procedures are in compliance with VA directive requirements. c. Prior to termination or completion of this contract, contractor/subcontractor must not destroy information received from VA, or gathered/created by the contractor in the course of performing this contract without prior written approval by the VA. Any data destruction done on behalf of VA by a contractor/subcontractor must be done in accordance with National Archives and Records Administration (NARA) requirements as outlined in VA Directive 6300, Records and Information Management and its Handbook 6300.1 Records Management Procedures, applicable VA Records Control Schedules, and VA Handbook 6500.1, Electronic Media Sanitization. Self-certification by the contractor that the data destruction requirements above have been met must be sent to the VA Contracting Officer within 30 days of termination of the contract. d. The contractor/subcontractor must receive, gather, store, back up, maintain, use, disclose and dispose of VA information only in compliance with the terms of the contract and applicable Federal and VA information confidentiality and security laws, regulations and policies. If Federal or VA information confidentiality and security laws, regulations and policies become applicable to the VA information or information systems after execution of the contract, or if NIST issues or updates applicable FIPS or Special Publications (SP) after execution of this contract, the parties agree to negotiate in good faith to implement the information confidentiality and security laws, regulations and policies in this contract. e. The contractor/subcontractor shall not make copies of VA information except as authorized and necessary to perform the terms of the agreement or to preserve electronic information stored on contractor/subcontractor electronic storage media for restoration in case any electronic equipment or data used by the contractor/subcontractor needs to be restored to an operating state. If copies are made for restoration purposes, after the restoration is complete, the copies must be appropriately destroyed. f. If VA determines that the contractor has violated any of the information confidentiality, privacy, and security provisions of the contract, it shall be sufficient grounds for VA to withhold payment to the contractor or third party or terminate the contract for default or terminate for cause under Federal Acquisition Regulation (FAR) part 12. g. If a VHA contract is terminated for cause, the associated BAA must also be terminated and appropriate actions taken in accordance with VHA Handbook 1600.01, Business Associate Agreements. Absent an agreement to use or disclose protected health information, there is no business associate relationship. h. The contractor/subcontractor must store, transport, or transmit VA sensitive information in an encrypted form, using VA-approved encryption tools that are, at a minimum, FIPS 140-2 validated. i. The contractor/subcontractor s firewall and Web services security controls, if applicable, shall meet or exceed VA s minimum requirements. VA Configuration Guidelines are available upon request. j. Except for uses and disclosures of VA information authorized by this contract for performance of the contract, the contractor/subcontractor may use and disclose VA information only in two other situations: (i) in response to a qualifying order of a court of competent jurisdiction, or (ii) with VA s prior written approval. The contractor/subcontractor must refer all requests for, demands for production of, or inquiries about, VA information and information systems to the VA contracting officer for response. k. Notwithstanding the provision above, the contractor/subcontractor shall not release VA records protected by Title 38 U.S.C. 5705, confidentiality of medical quality assurance records and/or Title 38 U.S.C. 7332, confidentiality of certain health records pertaining to drug addiction, sickle cell anemia, alcoholism or alcohol abuse, or infection with human immunodeficiency virus. If the contractor/subcontractor is in receipt of a court order or other requests for the above-mentioned information, that contractor/subcontractor shall immediately refer such court orders or other requests to the VA contracting officer for response. l. For service that involves the storage, generating, transmitting, or exchanging of VA sensitive information but does not require C&A or an MOU-ISA for system interconnection, the contractor/subcontractor must complete a Contractor Security Control Assessment (CSCA) on a yearly basis and provide it to the COTR. GENERAL RULES OF BEHAVIOR a. Rules of Behavior are part of a comprehensive program to provide complete information security. These rules establish standards of behavior in recognition of the fact that knowledgeable users are the foundation of a successful security program. Users must understand that taking personal responsibility for the security of their computer and the information it contains is an essential part of their job. b. The following rules apply to all VA contractors. I agree to: (1) Follow established procedures for requesting, accessing, and closing user accounts and access. I will not request or obtain access beyond what is normally granted to users or by what is outlined in the contract. (2) Use only systems, software, databases, and data which I am authorized to use, including any copyright restrictions. (3) I will not use other equipment (OE) (non-contractor owned) for the storage, transfer, or processing of VA sensitive information without a VA CIO approved waiver, unless it has been reviewed and approved by local management and is included in the language of the contract. If authorized to use OE IT equipment, I must ensure that the system meets all applicable 6500 Handbook requirements for OE. (4) Not use my position of trust and access rights to exploit system controls or access information for any reason other than in the performance of the contract. (5) Not attempt to override or disable security, technical, or management controls unless expressly permitted to do so as an explicit requirement under the contract or at the direction of the COTR or ISO. If I am allowed or required to have a local administrator account on a government-owned computer, that local administrative account does not confer me unrestricted access or use, nor the authority to bypass security or other controls except as expressly permitted by the VA CIO or CIO's designee. (6) Contractors use of systems, information, or sites is strictly limited to fulfill the terms of the contract. I understand no personal use is authorized. I will only use other Federal government information systems as expressly authorized by the terms of those systems. I accept that the restrictions under ethics regulations and criminal law still apply. (7) Grant access to systems and information only to those who have an official need to know. (8) Protect passwords from access by other individuals. (9) Create and change passwords in accordance with VA Handbook 6500 on systems and any devices protecting VA information as well as the rules of behavior and security settings for the particular system in question. (10) Protect information and systems from unauthorized disclosure, use, modification, or destruction. I will only use encryption that is FIPS 140-2 validated to safeguard VA sensitive information, both safeguarding VA sensitive information in storage and in transit regarding my access to and use of any information assets or resources associated with my performance of services under the contract terms with the VA. (11) Follow VA Handbook 6500.1, Electronic Media Sanitization to protect VA information. I will contact the COTR for policies and guidance on complying with this requirement and will follow the COTR's orders. (12) Ensure that the COTR has previously approved VA information for public dissemination, including e-mail communications outside of the VA as appropriate. I will not make any unauthorized disclosure of any VA sensitive information through the use of any means of communication including but not limited to e-mail, instant messaging, online chat, and web bulletin boards or logs. (13) Not host, set up, administer, or run an Internet server related to my access to and use of any information assets or resources associated with my performance of services under the contract terms with the VA unless explicitly authorized under the contract or in writing by the COTR. (14) Protect government property from theft, destruction, or misuse. I will follow VA directives and handbooks on handling Federal government IT equipment, information, and systems. I will not take VA sensitive information from the workplace without authorization from the COTR. (15) Only use anti-virus software, antispyware, and firewall/intrusion detection software authorized by VA. I will contact the COTR for policies and guidance on complying with this requirement and will follow the COTR's orders regarding my access to and use of any information assets or resources associated with my performance of services under the contract terms with VA. (16) Not disable or degrade the standard anti-virus software, antispyware, and/or firewall/intrusion detection software on the computer I use to access and use information assets or resources associated with my performance of services under the contract terms with VA. I will report anti-virus, antispyware, firewall or intrusion detection software errors, or significant alert messages to the COTR. (17) Understand that restoration of service of any VA system is a concern of all users of the system. (18) Complete required information security and privacy training, and complete required training for the particular systems to which I require access. PRIVACY Contractors and any subcontractors must adhere to the provisions of Public Law 104-191, Health Insurance Portability and Accountability Act (HIPAA) of 1996. This includes both the Privacy and Security Rules published by the Department of Health and Human Services (HHS). As required by HIPAA, HHS has promulgated rules governing the use and disclosure of protected health information by covered entities, Veterans Health Administration (VHA). In accordance with HIPAA, the contractor may be required to enter into a Business Associate Agreement (BAA) with VHA. Business associates must follow VHA privacy policies and practices when applicable. All contractors and business associates must receive privacy training annually. For contractors and business associates who do not have access to VHA computer systems, this requirement is met by completing VHA National Privacy Policy training, other VHA approved privacy training or contractor furnished training that meets the requirements of the HHS Standards for Privacy of Individually Identifiable Health Information as determined by VHA. For contractors and business associates who are granted access to VHA computer systems, this requirement is met by completing VHA National Privacy Policy training or other VHA approved privacy training. Proof of training is required upon request. Safety Requirements: In the performance of this contract, the Contractor shall take such safety precautions as the Contracting Officer may determine to be reasonably necessary to protect the lives and health of occupants of the building. The Contracting Officer shall notify the Contractor of any safety issues and the action necessary to correct these issues. Such notice, when served to the Contractor or his representative at the work site shall be deemed sufficient for the corrective actions to be taken. If the Contractor fails or refuses to comply promptly, the Contracting Officer may issue an order stopping all or part of the work and hold the Contractor in default. Additional Charges: There shall be no additional charge for time spent at the site (during, or after the normal hours of coverage) awaiting the arrival of additional FSE and/or delivery of parts. Reporting Required Services Beyond the Contract Scope: The Contractor shall immediately, but no later than 24 (twenty-four) consecutive hours after discovery, notify the COR and/or designated representative (in writing) of the existence or the development of any defects in, or repairs required, to the scheduled equipment which the Contractor considers he/she is not responsible for under the terms of the contract. The Contractor shall furnish to the COR or designated representative a written estimate of the cost to make necessary repairs. Condition of Equipment: The Contractor shall accept responsibility for the equipment. Failure to inspect the equipment prior to contract award will not relieve the Contractor from performance of the requirements of this contract. Test Equipment: Prior to commencement of work on this contract, the Contractor shall provide the VAMC with a copy of the current calibration certification of all test equipment which is to be used by the Contractor on VAMC's equipment. This certification shall also be provided on a periodic basis when requested by the VAMC. Test equipment calibration shall be traceable to the Original Equipment Manufacture s standard. Identification, Parking, Smoking, and VA Regulations: The Contractor's FSE's shall always wear visible identification while on the premises of the VAMC. The Contractor shall park in the appropriate designated parking areas. Information on parking is available from the VA Police Section. The VAMC will not invalidate or make reimbursement for parking violations of the Contractor under any conditions. Smoking is prohibited inside any buildings at the VAMC. Possession of weapons is prohibited. Enclosed containers, including tool kits, shall be subject to search. Violations of VA regulations may result in citation answerable in the United States (Federal) District Court, not a local district, state, or municipal court. Transportation Charges: All costs associated with transportation, from shipping point to the destination specified above, and all costs of removal after contract completion, shall be paid by the Contractor and incorporated in the price proposal. The Contractor shall be responsible for all damage in transit including any transportation costs for replacement. Compliance with OSHA Bloodborne Pathogens Standard: The Contractor shall comply with the Federal/California OSHA Bloodborne Pathogens Standard. The Contractor shall: Have methods by which all employees are educated as to risks associated with bloodborne pathogens. Have policies and procedures which reduce the risk of employee exposure to bloodborne pathogens. Have mechanisms for employee counseling and treatment following exposure to bloodborne pathogens. Provide appropriate personal protective equipment/clothing such as gloves, gowns, masks, protective eyewear, mouthpieces for the employee during performance of the contract. Miscellaneous: Additional equipment may be added and/or removed throughout the life of this contract and shall be considered within scope. Contractor Personnel Security Requirements: Security Requirements: All contractor personnel shall obtain a short-term identification badge issued by the COR or government designated representative. Such badge shall be worn by the individual and prominently always displayed while on VA Property. No employee of the contractor shall enter the project site without a valid identification badge issued by the VA. To obtain a short-term identification badge, contractor personnel shall present to the COR a valid (non-expired) photo identification issued by a US federal, state, or local government agency. Escort will be provided as required in sensitive work areas. The C&A requirements do not apply, and the security accreditation package is not required. The identified Sole Source Vendor shall be subject to the Federal laws, regulations, standards, and VA Directives and Handbooks regarding information and information system security as delineated in standard acquisition guidelines. Per the VA handbook 6500.6, no VA sensitive information will be transferred, shared, or stored with vendor. As such, no additional mechanisms will be needed to ensure the protection of information. Records Management Statement: 1. Contractor shall comply with all applicable records management laws and regulations, as well as National Archives and Records Administration (NARA) records policies, including but not limited to the Federal Records Act (44 U.S.C. chs. 21, 29, 31, 33), NARA regulations at 36 CFR Chapter XII Subchapter B, and those policies associated with the safeguarding of records covered by the Privacy Act of 1974 (5 U.S.C. 552a). These policies include the preservation of all records, regardless of form or characteristics, mode of transmission, or state of completion. 2. In accordance with 36 CFR 1222.32, all data created for Government use and delivered to, or falling under the legal control of, the Government are Federal records subject to the provisions of 44 U.S.C. chapters 21, 29, 31, and 33, the Freedom of Information Act (FOIA) (5 U.S.C. 552), as amended, and the Privacy Act of 1974 (5 U.S.C. 552a), as amended and must be managed and scheduled for disposition only as permitted by statute or regulation. 3. In accordance with 36 CFR 1222.32, Contractor shall maintain all records created for Government use or created in the course of performing the contract and/or delivered to, or under the legal control of the Government and must be managed in accordance with Federal law. Electronic records and associated metadata must be accompanied by sufficient technical documentation to permit understanding and use of the records and data. 4. VA Medical Center West Haven and its contractors are responsible for preventing the alienation or unauthorized destruction of records, including all forms of mutilation. Records may not be removed from the legal custody of the VA Medical Center West Haven or destroyed except for in accordance with the provisions of the agency records schedules and with the written concurrence of the Head of the Contracting Activity. Willful and unlawful destruction, damage or alienation of Federal records is subject to the fines and penalties imposed by 18 U.S.C. 2701. In the event of any unlawful or accidental removal, defacing, alteration, or destruction of records, Contractor must report to VA Medical Center West Haven. The agency must report promptly to NARA in accordance with 36 CFR 1230. 5. The Contractor shall immediately notify the appropriate Contracting Officer upon discovery of any inadvertent or unauthorized disclosures of information, data, documentary materials, records or equipment. Disclosure of non-public information is limited to authorized personnel with a need-to-know as described in the [contract vehicle]. The Contractor shall ensure that the appropriate personnel, administrative, technical, and physical safeguards are established to ensure the security and confidentiality of this information, data, documentary material, records and/or equipment is properly protected. The Contractor shall not remove material from Government facilities or systems, or facilities or systems operated or maintained on the Government s behalf, without the express written permission of the Head of the Contracting Activity. When information, data, documentary material, records and/or equipment is no longer required, it shall be returned to VA Medical Center West Haven control or the Contractor must hold it until otherwise directed. Items returned to the Government shall be hand carried, mailed, emailed, or securely electronically transmitted to the Contracting Officer or address prescribed in the [contract vehicle]. Destruction of records is EXPRESSLY PROHIBITED unless in accordance with Paragraph (4). 6. The Contractor is required to obtain the Contracting Officer's approval prior to engaging in any contractual relationship (sub-contractor) in support of this contract requiring the disclosure of information, documentary material and/or records generated under, or relating to, contracts. The Contractor (and any sub-contractor) is required to abide by Government and VA Medical Center West Haven guidance for protecting sensitive, proprietary information, classified, and controlled unclassified information. 7. The Contractor shall only use Government IT equipment for purposes specifically tied to or authorized by the contract and in accordance with VA Medical Center West Haven policy. 8. The Contractor shall not create or maintain any records containing any non-public VA Medical Center West Haven information that are not specifically tied to or authorized by the contract. 9. The Contractor shall not retain, use, sell, or disseminate copies of any deliverable that contains information covered by the Privacy Act of 1974 or that which is generally protected from public disclosure by an exemption to the Freedom of Information Act. 10. The VA Medical Center West Haven owns the rights to all data and records produced as part of this contract. All deliverables under the contract are the property of the U.S. Government for which VA Medical Center West Haven shall have unlimited rights to use, dispose of, or disclose such data contained therein as it determines to be in the public interest. Any Contractor rights in the data or deliverables must be identified as required by FAR 52.227-11 through FAR 52.227-20. 11. Training.  All Contractor employees assigned to this contract who create, work with, or otherwise handle records are required to take VHA-provided records management training, Talent Management System (TMS) Item #3873736, Records Management for Records Officers and Liaisons. The Contractor is responsible for confirming training has been completed according to agency policies, including initial training and any annual or refresher training. VHA Supplemental Contract Requirements for Ensuring Adequate COVID-19 Safety Protocols for Federal Contractors 1. Contractor employees who work in or travel to VHA locations must comply with the following: Documentation requirements: If fully vaccinated, shall show proof of vaccination NOTE: Acceptable proof of vaccination includes a signed record of immunization from a health care provider or pharmacy, a copy of the COVID-19 Vaccination Record Card (CDC Form MLS-319813_r, published on September 3, 2020), or a copy of medical records documenting the vaccination If unvaccinated and granted a medical or religious exception, shall show negative COVID-19 test results dated within three calendar days prior to desired entry date. Test must be approved by the Food and Drug Administration (FDA) for emergency use or full approval. This includes tests available by a doctor s order or an FDA approved over-the-counter test. Documentation cited in this section shall be digitally or physically maintained on each contractor employee while in a VA facility and is subject to inspection prior to entry to VA facilities and after entry for spot inspections by Contracting Officer Representatives (CORs) or other hospital personnel. Documentation will not be collected by the VA; contractors shall, at all times, adhere to and ensure compliance with federal laws designed to protect contractor employee health information and personally identifiable information. Contractor employees are subject to daily screening for COVID-19 and may be denied entry to VA facilities if they fail to pass screening protocols. As part of the screening process contractors may be asked screening questions found on the following website: COVID-19 Screening Tool. Regularly check the website for updates. Contractor employees who work away from VA locations, but who will have direct patient contact with VA patients shall self-screen utilizing the COVID-19 Screening Tool, in advance each day that they will have direct patient contact and in accordance with their person or persons who coordinate COVID-19 workplace safety efforts at covered contractor workplaces. Contractors shall, at all times, adhere to and ensure compliance with federal laws designed to protect contractor employee health information and personally identifiable information. Contractor must immediately notify their COR or Contracting Officer if contract performance is jeopardized due to contractor employees being denied entry into VA Facilities.
