FBO NCO15 MATOC SUBCONTRACTING SPECIAL NOTICE THIS INFORMATION IS POSTED FOR SUBCONTRACTING OPPORTUNITIES ONLY. PROPOSALS WILL NOT BE CONSIDERED FROM ANY FIRMS OTHER THAN THE TWELVE (9) PREVIOUSLY SELECTED NCO15 CG CATEGORY I MATOC CONTRACTORS ONLY. NO SOLICITATION DOCUMENT WILL BE POSTED FOR THIS REQUIREMENT. THIS NOTICE IS PROVIDED FOR INFORMATIONAL PURPOSES ONLY. THEREFORE, FAR 5.203 DOES NOT APPLY. IDIQ TASK ORDER FOR 657A4-23-350, Remove and Replace Site Monument and Sign. The attached project requirements are provided for informational purposes only. THE NINE (9) NCO15 CG CATEGORY I MATOC CONTRACTORS AND CURRENT CONTRACT NUMERS ARE LISTED BELOW: Vendor Name IDIQ Contract Number Company POC Contact number FALCON JV, LLC 36C25518D0069 Seth Malley
[email protected] 630-701-1492 BRISTON CONSTRUCTION, LLC - DBA - BRISTON MECHANICAL 36C25518D0071 Brandon Carr
[email protected] 480-776-5810 GUARANTEE INTERIORS, INC. 36C25518D0072 Robert Farrell
[email protected] 314-881-3331 TL SERVICES, INC. 36C25518D0073 Dan Powel
[email protected] 479-653-6332 VALIANT CONSTRUCTION LLC 36C25518D0074 Aly Collings
[email protected] 502-562-0037 Ext 2005 FLOYD CONSTRUCTION CORPORATION 36C25518D0075 Terrance Floyd
[email protected] 316-648-4529 WFV CONSTRUCTION 36C25518D0076 Mitch Dallas
[email protected] 816-914-0641 RB CONSTRUCTION COMPANY 36C25518D0079 Russ Beaver
[email protected] 618-974-9682 BKM CONSTRUCTION LLC 36C25518D0080 Brent Motley
[email protected] 913-297-0049 Statement of Work 657A4-23-350 Remove and Replace Site Monument and Building-Mounted Sign Scope of Work The Statement of Work is for performance of work associated with Construction Documents for the project 657A4-23-350 Remove & Replace Site Monument and Building-Mounted Sign at the John J. Pershing VA Medical Center, 1500 North Westwood Blvd Poplar Bluff, MO 63901 Project Description Overview This project will consist of the demolition and construction of the site monument sign just north of the main entrance into the John J Pershing VAMC and construction of a second site monument at the front of Building 1. These site monuments will allow real time messages to be distributed to veterans, staff, and the general public when an emergent or urgent situation is evolving. This messaging system would allow the broadcast of date and temperature, safety messages to include directional information, required PPE, and as well as any changes in hospital status to people entering the facility. This project will also consist of the demolition and construction of the exterior building-mounted sign at the top of Building 1. The sign serves as a landmark sign due to its position at the top of Building 1 and can be seen from a distance in the City of Poplar Bluff. Repairs were required in 2022 due wind damage and the deterioration of materials over time. The sign face was replaced as a temporary measure to control visual damage. However, due to the sign s age, it s likely that other existing materials will be unable to withstand external forces and fail in time. In addition, the sign is outdated and doesn t meet the VA Signage Design Guide s new logo. The contractor shall provide Poplar Bluff VA Medical Center with the proper skilled labor, equipment, materials, supplies, and supervision for performance of all work indicated or referenced within this Statement of Work and by the corresponding Construction Documents (plans, specifications, and other provided documents). Scope items to be included in the work are shown by the Description of Work and Technical Requirements within this Scope of Work. Description of Work Contractor shall review all as-built drawings, current conditions, and specifications to complete the following work: Demolish the existing site monument, minimizing impact to traffic flow into the facility and install two new site monuments with electronic message center for the John J Pershing VA Medical Center. See Appendix Figures 1-4, 9 for existing site monument and locations and Figure 5 for an example VAMC site monument that meets the facility s general aesthetic requirements. The Contractor shall provide and install a new increased double-sided digital display at 5' x 8' minimum, outdoor application near main entrance and a new single-sided digital display at 3 x 5 minimum, outdoor application near front of hospital. See Figure 9 for two locations. Sign resolutions shall be 8mm pixel. The contractor shall provide all power and data connections as needed, fed from Building 2 for infrastructure support and signage control. The signs shall have the capability of showing different displays at the two locations and being controlled remotely via VA-approved software with network capability or contractor supplied hardware and software provided in Building 2 (LRC) for accessibility. Installation of the control system shall include training for a minimum of 10 individuals. Demolish the existing Building 1, building-mounted VA Department of Veterans Affairs sign and replace with a new illuminated VA U.S. Department of Veterans Affairs sign. See Appendix Figure 6-9 for the existing sign, location, and example. This project will remove, in its entirety, the existing signage. The new sign will be in the same approximate location and sized accordingly to match the existing sign area. The contractor shall provide power as needed. Work includes any repair work necessary as part of existing sign and mounting structure removal and the new sign installation, to include remediation of any issues with brick or stone discoloration, etc where existing was removed. Contractor to provide survey to determine all existing underground utilities where earthwork is being performed. Contractor shall locate and mark utilities with paint, stakes, or flags. Where new underground electric crosses existing utilities lines, the contractor shall hand excavate. Site monument and building-mounted sign shall be in accordance with the VA Signage Design Guide (https://www.cfm.va.gov/til/dManual/dmSignage.pdf). The contractor shall not abandon in place any utilities. Site restoration shall include sod installation where necessary. The contractor shall provide all necessary equipment, materials, and labor to provide functional exterior building-mounted sign and site monuments with electronic message center. Site monuments and sign shall be equipped with photoelectric sensor. 6-ft fencing shall be required; however, temporary construction barriers and cones may be used as a short-term barrier for the building-mounted sign and site monument as long as site conditions are restored prior to the end of work each day. Work shall include all required electrical, communications, and structural work, including seismic considerations. The contractor shall provide all engineering and load calculations required for installation and provide to the COR shop drawings stamped by a Professional Engineer for review and approval. Prior to the production of any stamped shop drawings, the contractor shall provide the COR with three (3) schematics of the building-mounted sign and three (3) schematics of each site monument to select from for approval. See Figures 5 and 8 for examples. Site monuments shall incorporate brick that matches Building 1 to tie into station aesthetic. Technical Requirements Provide administrative requirements including insurance, bonding (if required), Schedule, Infection Control Risk Assessment, permits, all VA required documentation and permits, all required safety documentation, participate in construction progress meetings, submittals, close-out documentation, warranty, as-built drawings and all other documentation specified. Protect the environment and structures that remain adjacent to the work area from damage. Any damage to the area adjacent to the work area will be repaired by the contractor at no cost to the Government. Contractor to coordinate with surrounding ongoing hospital operations relative to the need to cease construction due to critical procedures, etc. Contractor is required to perform all hazardous material remediation and removal for this project as stated in the project drawings and specifications. Provide IH services where required. Contractor must attend a Pre-Construction meeting with the Contracting Officer, Contracting Officers Representative, the A/E, the Integrated Project Team (IPT Team), and Facility Leadership. Contractor to furnish a comprehensive construction schedule in Microsoft Project or similar within two (2) weeks of award. Investigate areas of work to be performed and report to the Contracting Officers Representative (COR) if existing conditions that do not align with the Construction Documents after accessing previously undisturbed areas. Any deviation from the Contract Documents will only be allowed with the approval of the Contracting Officers Representative in writing. The contractor is to perform all work associated within the project Construction Documents. Pay application shall be submitted in pencil copy to the COR prior to formal application for payment. The pencil copy shall be accompanied by certified payroll, job site sign in documentation, and any other time/attendance documentation. The Government shall not pay for materials that are not on site or stored off site. Criteria for Project Execution: VA Office of Construction & Facilities Management Design Manual National Codes and Standards (e.g., NFPA, NEC, Natl. Plumbing Code, EPA, OSHA, etc.) VA Design Alerts VA Quality Alerts Technical Summaries Estimating Manual Seismic Requirements Existing Conditions The Contractor is expected to be familiar with the existing conditions and the work to be performed. The Contractor shall verify all areas requiring work as stated in the Technical Requirement portion of this Statement of Work prior to the commencement of work. A pre-bid walkthrough will be held on site. Questions may not be asked on site or directed to individuals. All questions shall be in writing submitted to the Contracting Officer by the specified deadline. Questions that do not make the deadline will not be answered. Lack of attendance or omission of questions at the pre-bid walkthrough shall not be subject to modification due to site condition or details. Submittals, Inspection, and Acceptance All submittals for each item must be approved prior to purchase and/or installation. Project Safety Plan Demolition Debris management plan All Submittals/Samples required by Project Specifications including but not limited to: Description of each product Submittal Drawings and/or Manufacturer s literature/data as required by the specifications Samples as required by the specifications Test reports as required by the specifications Material Certificates of compliance Contractor certification Recycled Content of sustainable materials specified Photographs of existing conditions Field Inspection Installer qualifications Additional submittals may be required at the request of the Contracting Officer or COR. The COR will approve/disapprove Contractor s submittals. Any submittal that is disapproved shall be addressed by the Contractor in a timely manner but no less than five (5) days. If more time is needed to address disapproved submittals, the Contractor may ask, in writing for additional time from the COR. The COR will accomplish inspection and acceptance of the work on behalf of the Contracting Officer. Any work that is to be covered shall be inspected by the COR prior to covering. All work must be accepted by the COR on behalf of the Contracting Officer. Any work that is found to be unacceptable by the COR shall be removed, replaced, or redone. Safety/Infection Control/Security The Contractor is wholly responsible for work site safety. The Contractor shall implement a safety program that protects the lives and health of personnel inside and immediately surrounding the work area, prevents damage to property, and avoids normal work or patient flow interruptions. To accomplish this end, the Contractor shall provide an OSHA certified Competent Person to be onsite at all times while work is being performed, erect appropriate safety barricades, signs, signal lights, etc. as well as comply with the requirements of all Federal, State, and Local safety laws, rules, and regulations. The Contractor must submit copies of certifications for safety training of the Competent Person stationed onsite to the COR before work begins. All Infection Control procedures and requirements shall be followed. Equipment required may include, but not be limited to: tact mats, negative pressure air machines with HEPA filtering, vacuuming debris, etc. The Contractor shall follow the requirements of the Infection Control Risk Assessment. Privacy & safety training shall be completed by all contractor personnel prior to the commencement of work. The Contractor is responsible for meeting with VA Police at the John J. Pershing VAMC to acquire the proper badges for personnel prior to starting work. The Contractor is required to assure that all personnel have their issued badges on their person before entering the facility, and to safeguard the badges from possible theft or damage. Work to be performed after normal working hours, will require notification with the VA Police prior to beginning work. Test and Performance The Contractor shall notify the Contracting Officer s Representative one (1) week in advance of any performance, inspection, or acceptance tests that are to be conducted. The tests shall be performed in the presence of the Contracting Officer s Representative. Schedule of Work The Contractor shall discuss work hours with the Contraction Officer s Representative prior to the commencement of work. Normal working hours shall be from 8:00 am to 4:30 pm. The Contractor and Contraction Officer s Representative will agree on the hours of operations for this scope of work. The Contractor is responsible for notifying VA Police of the time, location, and work to be performed before every off-hour engagement. Period of Performance This contract is expected to start upon Notice to Proceed and be completed within 180 Calendar Days of award. Liability of Contractor Any damage to government property caused by the Contractor shall be repaired or replaced by the Contractor at no cost to the government. The Contractor shall not disconnect any service or utilities without prior approval of the COR. No less than a two (2) weeks notice shall be given to the COR if interruption is needed. The government will not be held liable for any costs incurred due to time constraints needed for service or utility interruptions. Labor Laws The Davis-Bacon Act applies to this project. Site Cleanup and Restoration The Contractor shall remove waste generated every day from the worksite. Waste shall be deposited in an appropriate dumpster provided by the Contractor and located in an area approved by the COR and removed from the grounds every week or when full. The Contractor is responsible for the procurement of waste services, and no government leased or owned dumpster shall be used to dispose of construction waste. All recyclable materials shall be recycled at appropriate facilities. Invoices or receipts related to the recycling of construction waste shall be sent to the Contracting Officer s Representative. Any material in good condition that can be reused elsewhere in the facility shall be stored in an appropriate location for later use to reduce overall maintenance costs of the government. The Contracting Officer s Representative shall denote such location, if required. Upon completion of work, the Contractor is responsible for any punch list items accrued during the final walkthrough by the Contracting Officer s Representative. This contract will not be fulfilled until all items are addressed in a timely manner, inspected by the Contracting Officer s Representative, and have his approval. Execution The Contractor will perform all work and provide the labor and equipment needed to meet this Statement of Work and the following Construction Documents. The government shall not loan or provide any labor or equipment. The government is not responsible for costs incurred due to mismanagement of labor or lack of proper equipment. ----END---- Appendix Figure 1 Existing Site Monument. Demo and Replace with New (Min. 5' x 8' Display). Figure 2 Existing Site Monument. Demo and Replace with New (Min. 5' x 8' Display). Figure 3 Existing Site Monument. Demo and Replace with New (Min. 5' x 8' Display). Figure 4 Location for New Site Monument (Min. 3 x 5 Display). Figure 5 Example 5 x 8 Display Site Monument Figure 6 Existing Building-Mounted Sign Figure 7 Existing Building-Mounted Sign* *Photo from 2021. VA sign face (only) was replaced in 2022. Figure 8 Example Building-Mounted Illuminated Sign Figure 9 Approximate Locations VA INFORMATION AND INFORMATION SYSTEM SECURITY/PRIVACY LANGUAGE FOR INCLUSION INTO CONTRACTS GENERAL Contractors, contractor personnel, subcontractors, and subcontractor personnel shall be subject to the same Federal laws, regulations, standards, and VA Directives and Handbooks as VA and VA personnel regarding information and information system security. ACCESS TO VA INFORMATION AND VA INFORMATION SYSTEMS A contractor/subcontrator shall request logical (technical) or physical access to VA information and VA information systems for their employees, subcontractors, and affiliates only to the extent necessary to perform the services specified in the contract, agreement, or task order. The contractor or subcontractor must notify the Contracting Officer immediately when an employee working on a VA system or with access to VA information is reassigned or leaves the contractor or subcontractor s employ. The Contracting Officer must also be notified immediately by the contractor or subcontractor prior to an unfriendly termination. VA INFORMATION CUSTODIAL LANGUAGE Information made available to the contractor or subcontractor by VA for the performance or administration of this contract or information developed by the contractor/subcontractor in performance or administration of the contract shall be used only for those purposes and shall not be used in any other way without the prior written agreement of the VA. This clause expressly limits the contractor/subcontractor's rights to use data as described in Rights in Data - General, FAR 52.227-14(d) (1). If VA determines that the contractor has violated any of the information confidentiality, privacy, security, and other provisions of the contract, it shall be sufficient grounds for VA to withhold payment to the contractor or third party or terminate the contract for default or terminate for cause under Federal Acquisition Regulation (FAR) part 12. SECURITY INCIDENT INVESTIGATION The term security incident means an event that has, or could have, resulted in unauthorized access to, loss or damage to VA assets, or sensitive information, or an action that breaches VA security procedures. The contractor/subcontractor shall immediately notify the COTR and simultaneously, the designated ISO and Privacy Officer for the contract of any known or suspected security/privacy incidents, or any unauthorized disclosure of sensitive information, including that contained in system(s) to which the contractor/subcontractor has access. To the extent known by the contractor/subcontractor, the contractor/subcontractor s notice to VA shall identify the information involved, the circumstances surrounding the incident (including to whom, how, when, and where the VA information or assets were placed at risk or compromised), and any other information that the contractor/subcontractor considers relevant. With respect to unsecured protected health information, the business associate is deemed to have discovered a data breach when the business associate knew or should have known of a breach of such information. Upon discovery, the business associate must notify the covered entity of the breach. Notifications need to be made in accordance with the executed business associate agreement. In instances of theft or break-in or other criminal activity, the contractor/subcontractor must concurrently report the incident to the appropriate law enforcement entity (or entities) of jurisdiction, including the VA OIG and Security and Law Enforcement. The contractor, its employees, and its subcontractors and their employees shall cooperate with VA and any law enforcement authority responsible for the investigation and prosecution of any possible criminal law violation(s) associated with any incident. The contractor/subcontractor shall cooperate with VA in any civil litigation to recover VA information, obtain monetary or other compensation from a third party for damages arising from any incident, or obtain injunctive relief against any third party arising from, or related to, the incident. LIQUIDATED DAMAGES FOR DATA BREACH Consistent with the requirements of 38 U.S.C. §5725, a contract may require access to sensitive personal information. If so, the contractor is liable to VA for liquidated damages in the event of a data breach or privacy incident involving any SPI the contractor/subcontractor processes or maintains under this contract. The contractor/subcontractor shall provide notice to VA of a security incident as set forth in the Security Incident Investigation section above. Upon such notification, VA must secure from a non-Department entity or the VA Office of Inspector General an independent risk analysis of the data breach to determine the level of risk associated with the data breach for the potential misuse of any sensitive personal information involved in the data breach. The term 'data breach' means the loss, theft, or other unauthorized access, or any access other than that incidental to the scope of employment, to data containing sensitive personal information, in electronic or printed form, that results in the potential compromise of the confidentiality or integrity of the data. Contractor shall fully cooperate with the entity performing the risk analysis. Failure to cooperate may be deemed a material breach and grounds for contract termination. Each risk analysis shall address all relevant information concerning the data breach, including the following: NATURE OF THE EVENT (LOSS, THEFT, UNAUTHORIZED ACCESS); DESCRIPTION OF THE EVENT, INCLUDING: (A) DATE OF OCCURRENCE; (B) DATA ELEMENTS INVOLVED, INCLUDING ANY PII, SUCH AS FULL NAME, SOCIAL SECURITY NUMBER, DATE OF BIRTH, HOME ADDRESS, ACCOUNT NUMBER, DISABILITY CODE; (3) NUMBER OF INDIVIDUALS AFFECTED OR POTENTIALLY AFFECTED; (4) NAMES OF INDIVIDUALS OR GROUPS AFFECTED OR POTENTIALLY AFFECTED; (5) EASE OF LOGICAL DATA ACCESS TO THE LOST, STOLEN OR IMPROPERLY ACCESSED DATA IN LIGHT OF THE DEGREE OF PROTECTION FOR THE DATA, E.G., UNENCRYPTED, PLAIN TEXT; (6) AMOUNT OF TIME THE DATA HAS BEEN OUT OF VA CONTROL; (7) THE LIKELIHOOD THAT THE SENSITIVE PERSONAL INFORMATION WILL OR HAS BEEN COMPROMISED (MADE ACCESSIBLE TO AND USABLE BY UNAUTHORIZED PERSONS); (8) KNOWN MISUSES OF DATA CONTAINING SENSITIVE PERSONAL INFORMATION, IF ANY; (9) ASSESSMENT OF THE POTENTIAL HARM TO THE AFFECTED INDIVIDUALS; (10) DATA BREACH ANALYSIS AS OUTLINED IN 6500.2 HANDBOOK, MANAGEMENT OF SECURITY AND PRIVACY INCIDENTS, AS APPROPRIATE; AND (11) WHETHER CREDIT PROTECTION SERVICES MAY ASSIST RECORD SUBJECTS IN AVOIDING OR MITIGATING THE RESULTS OF IDENTITY THEFT BASED ON THE SENSITIVE PERSONAL INFORMATION THAT MAY HAVE BEEN COMPROMISED. Based on the determinations of the independent risk analysis, the contractor shall be responsible for paying to the VA liquidated damages in the amount of $__37.50__ per affected individual to cover the cost of providing credit protection services to affected individuals consisting of the following: (1) NOTIFICATION; (2) ONE YEAR OF CREDIT MONITORING SERVICES CONSISTING OF AUTOMATIC DAILY MONITORING OF AT LEAST 3 RELEVANT CREDIT BUREAU REPORTS; (3) DATA BREACH ANALYSIS; (4) FRAUD RESOLUTION SERVICES, INCLUDING WRITING DISPUTE LETTERS, INITIATING FRAUD ALERTS AND CREDIT FREEZES, TO ASSIST AFFECTED INDIVIDUALS TO BRING MATTERS TO RESOLUTION; (5) ONE YEAR OF IDENTITY THEFT INSURANCE WITH $20,000.00 COVERAGE AT $0 DEDUCTIBLE; AND (6) Necessary legal expenses the subjects may incur to repair falsified or damaged credit records, histories, or financial affairs. TRAINING All contractor employees and subcontractor employees requiring access to VA information and VA information systems shall complete the following before being granted access to VA information and its systems: Successfully complete the appropriate VA privacy training and annually complete required privacy training (See below training); and Successfully complete any additional cyber security or privacy training, as required for VA personnel with equivalent information system access The contractor shall provide to the contracting officer and/or the COTR a copy of the training certificates for each applicable employee within 1 week of the initiation of the contract and annually thereafter, as required. Failure to complete the mandatory annual training, within the timeframe required, is grounds for suspension or termination of all physical or electronic access privileges and removal from work on the contract until such time as the training and documents are complete. 7. ADDITIONAL REQUIREMENTS a. The COR is responsible for coordinating with the Police prior to contractor arrival to identify the names of contractor personnel so that Police can ensure sufficient number of contractor badges are available for issuance prior to beginning work. COR is also responsible for signing out and signing in temporary contractor badges. b. The COR is also responsible for maintaining copies of signed Privacy training for all contractors according to RCS 10-1. c. Any work performed outside of official VA business hours after hours will require escorts. d. Escort duties for un-cleared contractors are strictly limited to government officials, specifically VA employees. At no time are contractors allowed to escort other contractors. VA Privacy Training for Personnel without Access to VA Computer Systems or Direct Access or Use to VA Sensitive Information The Department of Veterans Affairs, VA must comply with all applicable privacy and confidentiality statutes and regulations. One of the requirements in VA is to have all personnel trained annually on privacy requirements. Privacy represents what must be protected by VA in the collection, use, and disclosure of personal information whether the medium is electronic, paper or verbal. This document satisfies the basic privacy training requirement for a contractor, volunteer, or other personnel only if the individual does not use or have access to any VA computer system such as Time and Attendance, PAID, CPRS, VistA Web, VA sensitive information or protected health information (PHI), whether paper or electronic. You will find this training outlines your roles and responsibility for protecting VA sensitive information (medical, financial, or educational) that you may incidentally or accidentally see or overhear. If you have direct access to protected health information or access to a VA computer system where there is protected health information such as CPRS, VistA Web, you must take Privacy and HIPAA Focused Training (TMS 10203). VA Privacy and Information Security Awareness and Rules of Behavior (TMS 10176) is always required in order to use or gain access to a VA computer systems or VA sensitive information, whether or not protected health information is included. Both trainings are located within the VA Talent Management System (TMS): https://www.tms.va.gov What is VA Sensitive Information/Data? All Department information and/or data on any storage media or in any form or format, which requires protection due to the risk of harm that could result from inadvertent or deliberate disclosure, alteration, or destruction of the information. The term includes not only information that identifies an individual but also other information whose improper use or disclosure could adversely affect the ability of an agency to accomplish its mission, proprietary information, and records about individuals requiring protection under applicable confidentiality provisions. What is Protected Health Information? The HIPAA Privacy Rule defines protected health information as Individually Identifiable Health Information transmitted or maintained in any form or medium by a covered entity, such as VHA. What is an Incidental Disclosure? An incidental disclosure is one where an individual s information may be disclosed incidentally even though appropriate safeguards are in place. Due to the nature of VA communications and practices, as well as the various environments in which Veterans receive healthcare or other services from VA, the potential exists for a Veteran s protected health information or VA sensitive information to be disclosed incidentally. For example: You overhear a healthcare provider s conversation with another provider or patient even when the conversation is taken place appropriately. You may see limited Veteran information on sign-in sheets or white boards within a treating area of the facility. Hearing a Veteran s name being called out for an appointment or when the Veteran is being transported/escorted to and from an appointment. Safeguards You Must Follow To Secure VA Sensitive Information: Secure any VA sensitive information found in unsecured public areas (parking lot, trash can, or vacated area) until information can be given to your supervisor or Privacy Officer. You must report such incidents to your Privacy Officer timely. Don t take VA sensitive information off facilities grounds without VA permission unless the VA information is general public information, i.e., brochures/pamphlets. Don t take pictures using a personal camera without the permission from the Medical Center Director. Any protected health information overheard or seen in VA should not be discussed or shared with anyone who does not have a need to know the information in the performance of their official job duties, this includes spouses, employers or colleagues. Do not share VA access cards, keys, or codes to enter the facility. Immediately report lost or stolen Personal Identity Verification (PIV) or Veteran Health Identification Cards (VHIC), any VA keys or keypad lock codes to your supervisor or VA police. Do not use a VA computer using another VA employee s access and password. Do not ask another VA employee to access your own protected health information. You must request this information in writing from the Release of Information section at your facility. What are the Six Privacy Laws and Statutes Governing VA? Freedom of Information Act (FOIA) compels disclosure of reasonably described VA records or a reasonably segregated portion of the records to any person upon written request unless one or more of the nine exemptions apply. Privacy Act of 1974 provides for the confidentiality of personal information about a living individual who is a United States citizen or an alien lawfully admitted to U.S. and whose information is retrieved by the individual s name or other unique identifier, e.g. Social Security Number. Health Insurance Portability and Accountability Act (HIPAA) provides for the improvement of the efficiency and effectiveness of health care systems by encouraging the development of health information systems through the establishment of standards and requirements for the electronic transmission, privacy, and security of certain health information. 38 U.S.C. 5701 provides for the confidentiality of all VA patient and claimant information, with special protection for their names and home addresses. 38 U.S.C. 7332 provides for the confidentiality of drug abuse, alcoholism and alcohol abuse, infection with the human immunodeficiency virus (HIV) and sickle cell anemia medical records and health information. 38 U.S.C. 5705 provides for the confidentiality of designated medical-quality assurance documents. What are the Privacy Rules Concerning Use and Disclosure? You are not authorized to use or disclose protected health information. In general, VHA personnel may only use information for purposes of treatment, payment or healthcare operations when they have a need-to-know in the course of their official job duties. VHA may only disclose protected health information upon written request by the individual who is the subject of the information or as authorized by law. How is Privacy Enforced? There are both civil and criminal penalties, including monetary penalties that may be imposed if a privacy violation has taken place. Any willful negligent or intentional violation of an individual s privacy by VA personnel, contract staff, volunteers, or others may result in such corrective action as deemed appropriate by VA including the potential loss of employment, contract, or volunteer status. Know your VA/VHA Privacy Officer and Information Security Officer. These are the individuals to whom you can report any potential violation of protected health information or VA sensitive information, or any other concerns regarding privacy of VA sensitive information. YOU ARE RESPONSIBLE FOR PROTECTING THE CONFIDENTIAL INFORMATION OF OUR VETERANS __________________________________________ ________________ Employee (Print Name) Date __________________________________________ Employee Signature __________________________________________ Print Name of Contract Agency, if contractor __________________________________________ Print Name of VHA Department/Supervisor/Local COR PROVIDE A COPY OF THIS FORM TO YOUR SUPERVISOR/LOCAL COR FOR DATA ENTRY INTO TALENT MANAGEMENT SYSTEM RECORDS MANAGEMENT OBLIGATIONS 1. APPLICABILITY This clause applies to all Contractors whose employees create, work with, or otherwise handle Federal records, as defined in Section B, regardless of the medium in which the record exists.  2. DEFINITIONS Federal Record as defined in 44 U.S.C. § 3301, includes all recorded information, regardless of form or characteristics, made or received by a Federal agency under Federal law or in connection with the transaction of public business and preserved or appropriate for preservation by that agency or its legitimate successor as evidence of the organization, functions, policies, decisions, procedures, operations, or other activities of the United States Government or because of the informational value of data in them.  The term Federal record: a. includes Department of Veterans Affairs, Veterans Health Administration records. b. does not include personal materials. c. applies to records created, received, or maintained by Contractors pursuant to their Department of Veterans Affairs, Veterans Health Administration contract. d. may include deliverables and documentation associated with deliverables. 3. REQUIREMENTS a. Contractor shall comply with all applicable records management laws and regulations, as well as National Archives and Records Administration (NARA) records policies, including but not limited to the Federal Records Act (44 U.S.C. chs. 21, 29, 31, 33), NARA regulations at 36 CFR Chapter XII Subchapter B, and those policies associated with the safeguarding of records covered by the Privacy Act of 1974 (5 U.S.C. 552a). These policies include the preservation of all records, regardless of form or characteristics, mode of transmission, or state of completion. b. In accordance with 36 CFR 1222.32, all data created for Government use and delivered to, or falling under the legal control of, the Government are Federal records subject to the provisions of 44 U.S.C. chapters 21, 29, 31, and 33, the Freedom of Information Act (FOIA) (5 U.S.C. 552), as amended, and the Privacy Act of 1974 (5 U.S.C. 552a), as amended and must be managed and scheduled for disposition only as permitted by statute or regulation. c. In accordance with 36 CFR 1222.32, Contractor shall maintain all records created for Government use or created in the course of performing the contract and/or delivered to, or under the legal control of the Government and must be managed in accordance with Federal law. Electronic records and associated metadata must be accompanied by sufficient technical documentation to permit understanding and use of the records and data. d. John J. Pershing VA Medical Center and its contractors are responsible for preventing the alienation or unauthorized destruction of records, including all forms of mutilation. Records may not be removed from the legal custody of John J. Pershing VA Medical Center or destroyed except for in accordance with the provisions of the agency records schedules and with the written concurrence of the Head of the Contracting Activity. Willful and unlawful destruction, damage or alienation of Federal records is subject to the fines and penalties imposed by 18 U.S.C. 2701. In the event of any unlawful or accidental removal, defacing, alteration, or destruction of records, Contractor must report to John J. Pershing VA Medical Center. The agency must report promptly to NARA in accordance with 36 CFR 1230. e. The Contractor shall immediately notify the appropriate Contracting Officer upon discovery of any inadvertent or unauthorized disclosures of information, data, documentary materials, records or equipment. Disclosure of non-public information is limited to authorized personnel with a need-to-know as described in the [contract vehicle]. The Contractor shall ensure that the appropriate personnel, administrative, technical, and physical safeguards are established to ensure the security and confidentiality of this information, data, documentary material, records and/or equipment is properly protected. The Contractor shall not remove material from Government facilities or systems, or facilities or systems operated or maintained on the Government s behalf, without the express written permission of the Head of the Contracting Activity. When information, data, documentary material, records and/or equipment is no longer required, it shall be returned to John J. Pershing VA Medical Center s control or the Contractor must hold it until otherwise directed. Items returned to the Government shall be hand carried, mailed, emailed, or securely electronically transmitted to the Contracting Officer or address prescribed in the contract. Destruction of records is EXPRESSLY PROHIBITED unless in accordance with Paragraph (4). f. The Contractor is required to obtain the Contracting Officer's approval prior to engaging in any contractual relationship (sub-contractor) in support of this contract requiring the disclosure of information, documentary material and/or records generated under, or relating to, contracts. The Contractor (and any sub-contractor) is required to abide by Government and John J. Pershing VA Medical Center s guidance for protecting sensitive, proprietary information, classified, and controlled unclassified information. g. The Contractor shall only use Government IT equipment for purposes specifically tied to or authorized by the contract and in accordance with John J. Pershing VA Medical Center s policy. h. The Contractor shall not create or maintain any records containing any non-public John J. Pershing VA Medical Center s information that are not specifically tied to or authorized by the contract. i. The Contractor shall not retain, use, sell, or disseminate copies of any deliverable that contains information covered by the Privacy Act of 1974 or that which is generally protected from public disclosure by an exemption to the Freedom of Information Act. j. The John J. Pershing VA Medical Center owns the rights to all data and records produced as part of this contract. All deliverables under the contract are the property of the U.S. Government for which John J. Pershing VA Medical Center shall have unlimited rights to use, dispose of, or disclose such data contained therein as it determines to be in the public interest. Any Contractor rights in the data or deliverables must be identified as required by FAR 52.227-11 through FAR 52.227-20. k. Training. All Contractor employees assigned to this contract who create, work with, or otherwise handle records are required to take VHA-provided records management training. The Contractor is responsible for confirming training has been completed according to agency policies, including initial training and any annual or refresher training. 4. FLOWDOWN OF REQUIREMENTS TO SUBCONTRACTORS a. The Contractor shall incorporate the substance of this clause, its terms and requirements including this paragraph, in all subcontracts under this contract, and require written subcontractor acknowledgment of same. b. Violation by a subcontractor of any provision set forth in this clause will be attributed to the Contractor. VHA Supplemental Contract Requirements for Ensuring Adequate COVID-19 Safety Protocols for Federal Contractors Contractor employees who work in or travel to VHA locations must comply with the following: Documentation requirements: If fully vaccinated, shall show proof of vaccination NOTE: Acceptable proof of vaccination includes a signed record of immunization from a health care provider or pharmacy, a copy of the COVID-19 Vaccination Record Card (CDC Form MLS-319813_r, published on September 3, 2020), or a copy of medical records documenting the vaccination If unvaccinated and granted a medical or religious exception, shall show negative COVID-19 test results dated within three calendar days prior to desired entry date. Test must be approved by the Food and Drug Administration (FDA) for emergency use or full approval. This includes tests available by a doctor s order or an FDA approved over-the-counter test. Documentation cited in this section shall be digitally or physically maintained on each contractor employee while in a VA facility and is subject to inspection prior to entry to VA facilities and after entry for spot inspections by Contracting Officer Representatives (CORs) or other hospital personnel. Documentation will not be collected by the VA; contractors shall, at all times, adhere to and ensure compliance with federal laws designed to protect contractor employee health information and personally identifiable information. Contractor employees are subject to daily screening for COVID-19 and may be denied entry to VA facilities if they fail to pass screening protocols. As part of the screening process contractors may be asked screening questions found on the following website: COVID-19 Screening Tool. Regularly check the website for updates. Contractor employees who work away from VA locations, but who will have direct patient contact with VA patients shall self-screen utilizing the COVID-19 Screening Tool, in advance each day that they will have direct patient contact and in accordance with their person or persons who coordinate COVID-19 workplace safety efforts at covered contractor workplaces. Contractors shall, at all times, adhere to and ensure compliance with federal laws designed to protect contractor employee health information and personally identifiable information. Contractor must immediately notify their COR or Contracting Officer if contract performance is jeopardized due to contractor employees being denied entry into VA Facilities. For indefinite delivery contracts: Contractor agrees to comply with VHA Supplemental Contract Requirements for any task or delivery orders issued prior to this modification when performance has already commenced.