|Agency:||Department of the Navy|
|Level of Government:||Federal|
|Posted Date:||Oct 3, 2017|
|Due Date:||Oct 8, 2017|
Solicitation Number :
Notice Type :
Added: Oct 03, 2017 8:40 am
Section A - Solicitation/Contract Form
ITEM NO SUPPLIES/SERVICES QUANTITY UNIT UNIT PRICE AMOUNT
Supplies/services will be inspected/accepted at:
CLIN INSPECT AT INSPECT BY ACCEPT AT ACCEPT BY
CLIN DELIVERY DATE QUANTITY SHIP TO ADDRESS DODAAC / CAGE
CLAUSES INCORPORATED BY FULL TEXT
INVOICE AND RECEIVING REPORT COMBO
Routing Data Table*
WAWF Acceptor/COR Email Address: email@example.com
(1) The Contractor may obtain clarification regarding invoicing in WAWF from the following contracting activity's WAWF point of contact.
PRIVACY & SECURITY OF PHI
In accordance with DoD 6025.18-R "Department of Defense Health Information Privacy Regulation," January 24, 2003, the Contractor meets the definition of Business Associate. Therefore, a Business Associate Agreement is required to comply with both the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security regulations. This clause serves as that agreement whereby the Business Associate agrees to abide by all applicable HIPAA Privacy and Security requirements regarding health information as defined in this clause, and in DoD 6025.18-R and DoD 8580.02, as amended. Additional requirements will be addressed when implemented.
a. Definitions. As used in this clause generally refer to the Code of Federal Regulations (CFR) definition unless a more specific provision exists in DoD 6025.18-R or DoD 8580.02.
(1) HITECH Act shall mean the Health Information Technology for Economic and Clinical Health Act included in the American Recovery and Reinvestment Act of 2009.
(2) Individual has the same meaning as the term "individual" in 45 CFR 160.103 and shall include a person who qualifies as a personal representative in accordance with 45 CFR 164.502(g).
(3) Privacy Rule means the Standards for Privacy of Individually Identifiable Health Information at 45 CFR part 160 and part 164, subparts A and E.
(4) Protected Health Information has the same meaning as the term "protected health information" in 45 CFR 160.103, limited to the information created or received by the Business Associate from or on behalf of the Government pursuant to the Contract.
(5) Electronic Protected Health Information has the same meaning as the term "electronic protected health information" in 45 CFR 160.103.
(6) Required by Law has the same meaning as the term "required by law" in 45 CFR 164.103.
(7) Secretary means the Secretary of the Department of Health and Human Services or his/her designee.
(8) Security Incident will have the same meaning as the term "security incident" in 45 CFR 164.304, limited to the information created or received by Business Associate from or on behalf of Covered Entity.
(9) Security Rule means the Health Insurance Reform: Security Standards at 45 CFR part 160, 162 and part 164, subpart C.
(10) Terms used, but not otherwise defined, in this Clause shall have the same meaning as those terms in 45 CFR 160.103, 160.502, 164.103, 164.304, and 164.501.
b. The Business Associate shall not use or further disclose Protected Health Information other than as permitted or required by the Contract or as Required by Law.
c. The Business Associate shall use appropriate safeguards to maintain the privacy of the Protected Health Information and to prevent use or disclosure of the Protected Health Information other than as provided for by this Contract.
d. The HIPAA Security administrative, physical, and technical safeguards in 45 CFR 164.308, 164.310, and 164.312, and the requirements for policies and procedures and documentation in 45 CFR 164.316 shall apply to Business Associate. The additional requirements of Title XIII of the HITECH Act that relate to the security and that are made applicable with respect to covered entities shall also be applicable to Business Associate. The Business Associate agrees to use administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the electronic protected health information that it creates, receives, maintains, or transmits in the execution of this Contract.
e. The Business Associate shall, at their own expense, take action to mitigate, to the extent practicable, any harmful effect that is known to the Business Associate of a use or disclosure of Protected Health Information by the Business Associate in violation of the requirements of this Clause. These mitigation actions will include as a minimum those listed in the TMA Breach Notification Standard Operating Procedure (SOP), which is available at: http://www.tricare.mil/tmaprivacy/breach.cfm
f. The Business Associate shall report to the Government any security incident involving protected health information of which it becomes aware.
g. The Business Associate shall report to the Government any use or disclosure of the Protected Health Information not provided for by this Contract of which the Business Associate becomes aware.
h. The Business Associate shall ensure that any agent, including a sub Business Associate, to whom it provides Protected Health Information received from, or created or received by the Business Associate, on behalf of the Government, agrees to the same restrictions and conditions that apply through this Contract to the Business Associate with respect to such information.
i. The Business Associate shall ensure that any agent, including a subBusiness Associate, to whom it provides electronic Protected Health Information, agrees to implement reasonable and appropriate safeguards to protect it.
j. The Business Associate shall provide access, at the request of the Government, and in the time and manner reasonably designated by the Government to Protected Health Information in a Designated Record Set, to the Government or, as directed by the Government, to an Individual in order to meet the requirements under 45 CFR 164.524.
k. The Business Associate shall make any amendment(s) to Protected Health
l. The Business Associate shall make internal practices, books, and records relating to the use and disclosure of Protected Health Information received from, or created or received by the Business Associate, on behalf of the Government, available to the Government, or at the request of the Government to the Secretary, in a time and manner reasonably designated by the Government or the Secretary, for purposes of the Secretary determining the Government's compliance with the Privacy Rule.
m. The Business Associate shall document such disclosures of Protected Health Information and information related to such disclosures as would be required for the Government to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR 164.528.
n. The Business Associate shall provide to the Government or an Individual, in time and manner reasonably designated by the Government, information collected in accordance with this Clause of the Contract, to permit the Government to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR 164.528.
2. General Use and Disclosure Provisions
Except as otherwise limited in this Clause, the Business Associate may use or disclose Protected Health Information on behalf of, or to provide services to, the Government for treatment, payment, or healthcare operations purposes, in accordance with the specific use and disclosure provisions below, if such use or disclosure of Protected Health Information would not violate the HIPAA Privacy Rule, the HIPAA Security Rule, DoD 6025.18-R or DoD 8580.02 if done by the Government. The additional requirements of Title XIII of the HITECH Act that relate to privacy and that are made applicable with respect to covered entities shall also be applicable to Business Associate.
3. Specific Use and Disclosure Provisions
a. Except as otherwise limited in this Clause, the Business Associate may use Protected Health Information for the proper management and administration of the Business Associate or to carry out the legal responsibilities of the Business Associate.
c. Except as otherwise limited in this Clause, the Business Associate may use Protected Health Information to provide Data Aggregation services to the Government as permitted by 45 CFR 164.504(e)(2)(i)(B).
d. Business Associate may use Protected Health Information to report violations of law to appropriate Federal and State authorities, consistent with 45 CFR 164.502(j)(1).
4. Obligations of the Government
Provisions for the Government to Inform the Business Associate of Privacy Practices and Restrictions
a. The Government shall provide the Business Associate with the notice of privacy practices that the Government produces in accordance with 45 CFR 164.520.
b. The Government shall provide the Business Associate with any changes in, or revocation of, permission by Individual to use or disclose Protected Health
c. The Government shall notify the Business Associate of any restriction to the use or disclosure of Protected Health Information that the Government has agreed to in accordance with 45 CFR 164.522.
5. Permissible Requests by the Government
The Government shall not request the Business Associate to use or disclose
a. Termination. A breach by the Business Associate of this clause, may subject the Business Associate to termination under any applicable default or termination provision of this Contract.
b. Effect of Termination.
(1) If this contract has records management requirements, the records subject to the Clause should be handled in accordance with the records management requirements. If this contract does not have records management requirements, the records should be handled in accordance with paragraphs (2) and (3) below
(2) If this contract does not have records management requirements, except as provided in paragraph (3) of this section, upon termination of this Contract, for any reason, the Business Associate shall return or destroy all Protected Health Information received from the Government, or created or received by the Business Associate on behalf of the Government. This provision shall apply to Protected Health Information that agents of the Business Associate may come in contact. The Business Associate shall retain no copies of the Protected Health Information.
(3) If this contract does not have records management provisions and the Business Associate determines that returning or destroying the Protected Health Information is infeasible, the Business Associate shall provide to the Government notification of the conditions that make return or destruction infeasible. Upon mutual agreement of the Government and the Business Associate that return or destruction of Protected Health Information is infeasible, the Business Associate shall extend the protections of this Contract to such Protected Health Information and limit further uses and disclosures of such Protected Health Information to those purposes that make the return or destruction infeasible, for so long as the Business Associate maintains such Protected Health Information.
a. Regulatory References. A reference in this Clause to a section in DoD 6025.18-R, DoD 8580.02, Privacy Rule or Security Rule means the section currently in effect or as amended, and for which compliance is required.
c. Interpretation. Any ambiguity in this Clause shall be resolved in favor of a meaning that permits the Government to comply with DoD 6025.18-R, DoD 8580.02, the HIPAA Privacy Rule or the HIPAA Security Rule.
CLAUSES INCORPORATED BY REFERENCE
CLAUSES INCORPORATED BY FULL TEXT
(End of provision)
52.203-19 PROHIBITION ON REQUIRING CERTAIN INTERNAL CONFIDENTIALITY AGREEMENTS OR STATEMENTS (JAN 2017)
(End of clause)
52.252-2 CLAUSES INCORPORATED BY REFERENCE (FEB 1998)
This contract incorporates one or more clauses by reference, with the same force and effect as if they were given in full text. Upon request, the Contracting Officer will make their full text available. Also, the full text of a clause may be accessed electronically at this/these address(es):
FAR Clauses http://acquisition.gov/comp/far/index.htm
DFAR Clauses http://www.acq.osd.mil/dpap/dars/dfars/index.htm
(End of clause)
Contracting Office Address :
54 Lewis Minor St
Portsmouth, Virginia 23708-2297
Place of Performance :
Naval Medical Center Portsmouth
54 Lewis Minor Street
Portsmouth, Virginia 23708
Primary Point of Contact. :
Harold D Woodley
Secondary Point of Contact :
Curtis Price, Jr.,
TRY FOR FREE
Not a USAOPPS Member Yet?
Get unlimited access to thousands of active local, state and federal government bids and awards in All 50 States.