REQUEST FOR PROPOSAL · 2010. 12. 21. · SMMC will consider an on-site client server solution or a...

COUNTY OF SAN MATEO, CALIFORNIA

REQUEST FOR PROPOSAL

CORE CLINICAL HEALTH INFORMATION SYSTEM/ INPATIENT ELECTRONIC HEALTH RECORD

RFP # ISD 1805

Proposals must be submitted to:

San Mateo County Information Services Department

Cyndy Chin, Administrative Assistant 222 W. 39th Avenue

San Mateo, California 94403

By 2:00 P.M. PST February 4, 2011

Page 2 of 82

This Page Intentionally Blank

Page 3 of 82

REQUEST FOR PROPOSALS FOR

CORE CLINICAL HEALTH INFORMATION SYSTEM/ INPATIENT ELECTRONIC HEALTH RECORD

Condition of Submission

This Request for Proposals (RFP) is neither a commitment nor a contract of any kind. The County of San Mateo reserves the right to pursue any and/or all ideas generated by this request. The costs for developing the proposals are entirely the responsibility of the proposers and shall not be reimbursed. The County reserves the right to reject any and all proposals and/or terminate the RFP process if deemed in the best interest of the County. The County reserves the right to waive any requirements of this RFP when it determines that waiving a requirement is in the best interest of the County.

Government Code Sections 6550 et. seq., the “Public Record Act,” defines a public record as any writing containing information relating to the conduct of the public business. The Public Record Act provides that public records shall be disclosed upon written request, and that any citizen has a right to inspect any public record, unless the document is exempted from disclosure.

The County of San Mateo cannot represent or guarantee that any information submitted in response to this RFP will be confidential. If the County receives a request for any document submitted in response to this request, it will not assert any privileges that may exist on behalf of the person or business entity submitting the proposal. It is the responsibility of the person or business entity submitting the proposal to assert any applicable privileges or reasons why the document should not be produced. The County will attempt in a timely manner to inform the person or business entity that submitted a proposal of the public records request in order to permit the person or business entity to assert any applicable privileges.

Page 4 of 82

Contents

1. Purpose of the Request for Proposal

2. Timeline

3. General Conditions of Submission

4. Proposal Contents

5. Service Capabilities

6. Proposal Submission

7. Evaluation of Proposals

8. Protest Process

9. Contract Negotiation and Inability to Negotiate a Contract

Attachment: Sample County Contract Template, Supporting Materials & Contractor Declaration

APPENDICES

Appendix A1 through Appendix F are required to be submitted with the proposal.

APPENDIX A1 TECHNICAL REQUIREMENTS RESPONSE FORM FOR

CLIENT SERVER SOLUTION

APPENDIX A2 TECHNICAL REQUIREMENTS RESPONSE FORM FOR A SaaS SOLUTION

APPENDIX B FUNCTIONALITY AND INTEGRATION RESPONSE FORM

APPENDIX C1 IMPLEMENTATION, PROJECT MANAGEMENT, TRAINING, AND ON-GOING SUPPORT FOR A CLIENT SERVER SOLUTION

APPENDIX C2 IMPLEMENTATION, PROJECT MANAGEMENT, TRAINING, AND ON-GOING SUPPORT FOR A SaaS SOLUTION

APPENDIX D PROPOSAL COST RESPONSE FORM (Excel Spreadsheet)

APPENDIX E SaaS/ASP SECURITY ASSESSMENT CHECKLIST

APPENDIX F FUNCTIONAL REQUIREMENTS (Excel Spreadsheet)

Exhibit 1 CURRENT INTERFACE LIST

Page 5 of 82

1. Purpose of the Request for Proposal

INTRODUCTION

San Mateo Medical Center (SMMC) is requesting proposals from qualified suppliers to provide, install, implement, support and maintain a software solution for a Core Health Clinical Information System for inpatient care to achieve Meaningful Use of Certified Electronic Health Record (EHR) Technology and manage and support the delivery of efficient, cost-effective, and high quality healthcare within the organization.

We are also querying vendors who respond to this RFP regarding their ability to integrate the various existing systems outlined in this RFP into an integrated EHR package that will provide continuity of care for our patients across the entire enterprise.

This document provides background on the SMMC organization, vendor selection process, SMMC’s functional and technical requirements, and other pertinent information.

Additional requirements of the software include:

Must be HIPAA compliant. Must have secure web based access. Must generate reports required for state and payor requirements. Must generate letters to the referring provider/agency as well as other

notification tools to complete the transfer process. Must facilitate compliance by SMMC of all applicable laws and regulations. At the time of implementation, must be certified under the Office of the

National Coordinator for Health IT rules for Meaningful Use.

SMMC will consider an on-site client server solution or a Software as a Service (SaaS) solution. However, the proposed solution must be a proven base system. SMMC is not interested in beta systems or purchasing professional services to design and develop a system. The integrated solution must meet the technical, support, service, and business requirements as defined in this RFP. This project will be under the direction of the SMMC Executive Leadership Group and SMMC Information Technology Governance Committee and it will be coordinated through the Core Clinical Health RFP Evaluation Committee.

1.2 Service Providers The County welcomes proposals from all qualified service providers. The County may, at its sole discretion, enter into contract with one or more qualified service providers. 1.3 Contact with County Employees

Page 6 of 82

As of the issuance date of this RFP and continuing until the final date for submission of proposals, all proposers are specifically directed not to hold meetings, conferences or technical discussions with any County employee for purposes of responding to this RFP except as otherwise permitted by this RFP. Any proposer found to be acting in any way contrary to this directive may result in the proposer being disqualified from entering into any contract that may result from this RFP.

Proposers should submit questions or concerns about the process as outlined in Paragraph 2.1. The proposer should not otherwise ask any County employees questions about the RFP or related issues, either orally or by written communication. 1.4 Background

San Mateo Medical Center

SMMC is a fully accredited 448 bed acute and long-term care hospital and outlying clinic system owned and operated by the County of San Mateo. The system has grown over the years and today provides inpatient and outpatient care to the communities within San Mateo County in Northern California. SMMC employs its own physicians and is recognized as providing services which include acute inpatient care, long-term care facility and services, Psychiatric Emergency Service, inpatient psychiatric services and operation of a comprehensive medical emergency room. Inpatient services include medical/surgical care as well as specialized services such as psychiatry and therapies such as recreational services for Long Term Care patients. Although we see OB patients in our clinics, SMMC does not have a Labor and Delivery service. In addition, although we do serve pediatric patients, we do not have a dedicated pediatric unit; the great majority of our inpatients are adult. Inpatient units at the Main campus include two Medical/Surgical units totaling 62 beds, a 7-bed ICU and a 34 bed inpatient psychiatric unit. The other 345 beds are for long-term care patients, 64 beds in 2 units on the main campus and 281 beds at the Burlingame facility; at this time one of the long-term care units at the main campus is closed. Proposals should include information about data for all types of beds including the long-term care beds, especially around documentation systems and integration of that data within a comprehensive patient record. Outpatient services include both primary care and specialty clinics located at SMMC and at satellite facilities throughout the county. Further information about SMMC can be obtained at their website: www.sanmateomedicalcenter.org

SMMC Information Services Department

San Mateo Medical Center IT Vision The SMMC Information Technology vision is a paperless/paper-lite, automated, integrated delivery system that traverses the continuum of care. The goal is to leverage systems and technology to improve patient care, physician and employee satisfaction

Page 7 of 82

and patient safety and to support effective revenue management to create a distinct competitive advantage.

Specifically SMMC seeks to deploy Information Technology tools to:

Advance patient safety and quality of care Improve coordination of care across the continuum Enhance patient, family and staff satisfaction Improve the delivery of timely, efficient and cost-effective care Optimize “Revenue Cycle” processes Enhance evidence-based clinical and administrative decision making Ensure compliance with all regulatory and accreditation standards

Two key drivers will play a major role in the sequencing and timing of the deployment of Information Technology tools/solutions to achieve these goals:

Both the clinic system and the SMMC Emergency Department (ED) are currently

using EHR technology; eClinicalWorks is being used by all primary and specialty care clinics and Pulsecheck from Picis is the ED system. Data from all systems must be available to all providers across the Health system.

The ability to meet the ARRA (Americans Recovery and Reinvestment Act)

Meaningful Use criteria in order to maximize the incentive award is critical to the funding of this initiative and must be considered in the planned scope and approach of the implementation.

SMMC Information Services

Information systems and technology for SMMC is centralized in the County’s Information Services Department (ISD), which is responsible for all systems, planning, development and support. Business units comprising ISD are:

Application Services – provides a comprehensive array of services

o Strategy o Solutions o Sourcing o Support

Technical Services o Data Center Operations o Operations o Customer Service o Field Support

Page 8 of 82

Technical Environment

Technical Standards – Intel Platform SERVER

Operating system Windows Server 2003-2008/Windows Active Directory

Hardware Intel Dual Core 3.0 GHZ – 2MB cache, fiber/GBE NIC (redundant), Integration to an EMC Clarion SAN is via fiber connectivity.

Backup CommVault and/or Tivoli Storage Manager

Server redundancy/cluster Depends on application Disk array Typically RAID 5

DESKTOP/LAPTOP HARDWARE

Mid-level PC with 17” monitor Dell Optiplex Ultra small form factor PC

Monitor settings 1024 x 768/ high color Laptop Dell models

DESKTOP/LAPTOP SOFTWARE

Operating System Windows XP with Service Pack 2/3 Office applications Microsoft Office 2003 Professional, SP2 Email Novell Groupwise Terminal emulation Attachmate PDF reader Adobe Acrobat Reader 7.0 Desktop database Microsoft Access 2003 Internet browser Microsoft Internet Explorer 6.0/7.0 Antivirus McAfee Java Java Version 1.4.x Encryption – Laptop Only Guardian Edge

PRINTERS

Laser HP LaserJet – Group - Mid-range printer is 4250TN HP LaserJet – MFP is HP 4345TN HP LaserJet – standalone is HP2105D

Impact Not supported Label Zebra with network connectivity Network interface HP- Internal Jet Direct

Technical Standards – Proprietary Platform (Midrange) SERVER

Operating system AIX , OS400, Sun Solaris

Hardware 64bit processor, connectivity to SAN a must, dual NIC, redundant power supply. Manufacturer configuration approval required.

Backup Internal for OS, integration into enterprise backup required.

Page 9 of 82

SMMC ISD uses CommVault and Tivoli Storage Manager.

Server redundancy Depends on application

Disk array Depends on application

Virtualization Supported based on application

COMMUNICATION

Protocol TCP/IP

Topology Ethernet

Routers/ switches Cisco

Bandwidth – network Gigabit (sx/lx)

Bandwidth – to the desktop 10/100 MB/ second

Backbone Fiber optic

Cable to the desktop Category 5e UTP with RJ45 connections

REMOTE AUTHENTICATION/SUPPORT

Cisco VPN/SSL

UPS

Must specify requirements from manufacturer. Computer room has UPS.

There are two data centers available, one at the Medical Center and the other at the County Center in Redwood City. Both support virtualization and are connected through a robust WAN. County clinics are networked via the AT&T Opteman solution. There is a wireless network in place supported by Cisco hardware; standard is 802.1x. 2. Timeline

The following timeline will be followed for this RFP

1) Release of RFP Mon 12-20-10 2) Deadline for written questions Wed 1-12-11 2PM PST 3) Answers to written questions Thurs 1-20-11 4) Proposal Due Date Fri 2-4-11 2PM PST 5) Start Review of Proposals Mon 2-7-11 6) Recommendation to ISD Director Fri 3-4-11 7) Last Date to Submit Protest Fri 3-18-11 2PM PST 8) Determination of Protest Mon 3-28-11 9) Board Approval To Be Determined 10) Contract Start Date To Be Determined

Page 10 of 82

2.1 Submittal of Questions

Proposers are encouraged to submit written questions about this RFP. Questions are to be received at the County by 2PM, PST on Wed, Jan 12, 2011. Questions shall reference this RFP by number and be in writing and faxed or emailed to:

Cyndy Chin, Administrative Assistant Email: [email protected] FAX: 650-627-9160

Answers to questions will be distributed by fax or email no later than Thurs, Jan. 20, 2011, to all who receive a copy of this RFP. 3. General Conditions of Submission

The submitted proposal shall be used to determine the proposer’s capability of rendering the services to be provided. The failure of a proposer to fully comply with the instructions in this RFP may eliminate its proposal from further evaluation. The County reserves the sole right to evaluate the contents of proposals submitted in response to this RFP and to select one or more successful contractor(s) or none at all. The County reserves the right to waive any requirements of this RFP when it determines that waiving a requirement is in the best interest of the County. The proposal is to include contact information, including principle contacts and officers, main and local business addresses, tax identification number, voice and fax phone numbers, and email address. The selected proposal’s content will be included as an exhibit in the final contract.

4. Proposal Contents

4.1 Service Requirements

Project Application Scope and Description

The primary objective of this project is to identify an integrated clinical information system solution from a single vendor of choice to support the delivery of inpatient care at SMMC. Consideration will also be given to the comprehensive scope of applications within a vendor’s offerings to allow SMMC to move towards a fully integrated Hospital Information/Clinical Information (HIS/CIS) environment in the future. Integration of the various EHR “pieces” is critical to having a user-friendly solution; this is a key piece of the proposal.

SMMC is requesting proposals for an integrated solution that supports the following specific applications/functional areas:

Hospital-based Core Clinical Applications/Functionality

Provider Order Entry (CPOE) for all services Clinical Decision Support (CDS) Nursing and Ancillary Clinical Documentation (assessment, care plans) Multidisciplinary Clinical Documentation (care providers including MDs) Intensive Care Services (ICU) Peri-Operative services Documentation Pharmacy / Medication Management Infusion Center Management (Chemotherapy only, no Radiation

Therapy) Telemetry and Patient Monitor Integration

Additional Support Applications/Functionality

Enterprise Document Management System (EDMS) Reporting Tools Possible Future Applications

Referral Management System Affiliated Physician Portal Patient Portal Personal Health Record

SMMC’s patient mix is broad and will require functionality that supports multiple care delivery settings including inpatient acute and critical care for adults and children, inpatient and outpatient surgery, long-term care, inpatient psychiatric care as well as support for respiratory therapy, rehabilitation and pharmacy services. SMMC is committed to selecting an information system that supports the development of evidence based care and promotes and tracks quality outcomes. To that end, this RFP contains requirements that support the building of an infrastructure to support improvement in core measures and other quality indicators, such as The Joint Commission Patient Safety goals and IHI quality indicators. Lastly, the goal of achieving a paperless/paper-lite patient chart environment must be supported through a complementary document management/imaging solution. It is also SMMC’s intention to utilize the Document Management solution on an enterprise-wide basis beyond the integration with patient-centric clinical systems. Initially this will include the Patient Registration and Patient Business Services (PBS) departments and expand beyond that as opportunities arise.

Various clinical systems will remain unchanged within the SMMC organization and integration with these must be addressed to ensure a comprehensive view of a patient’s care delivery. The clinical systems that will remain in place and require integration with your proposed solution include (at a minimum):

Picis Emergency Department Information System (Pulsecheck)

Siemens Novius Laboratory Information System

Siemens Radiology Information System

eClinicalWorks Ambulatory EMR

Page 11 of 82

Page 12 of 82

There are several in-place systems that may be evaluated for replacement as part of this proposal:

ResQ: Resource and OR scheduling

Quadramed: Acuity

Dietary on-line: Food and nutrition orders are not done through Invision but through an on-line program developed in-house

Restraints: Restraint protocols are managed through an in-house developed program

Siemens Pharmacy Information System (inpatient) –SMMC would prefer to keep this system in place; however, because CPOE and Medication Administration and Reconciliation are very dependent upon the inpatient Pharmacy, there might be a need to replace it.

Other systems which will be key to a full patient record include Softmed in the Health Information Management (HIM) department and Achieve, used in the Long Term care units.

The implementation will also require integration of your proposed clinical solution with the following revenue cycle incumbent solutions at SMMC (a current list of interfaced systems and applications can be found in Exhibit 1):

eClinicalWorks—enterprise patient scheduling

Invision – Patient Management and Patient Accounting

SoftMed – HIM

In addition, the integration of other EHR systems throughout the San Mateo County Health system must be considered. The need of all providers across the Health System to share data in order to improve patient care is great. At this time, the primary system is an Avatar (Netsmart) EHR system currently in place in the Behavioral Health division and soon to be implemented within Family Health.

Based on an accepted proposal, there may also be requirements for data conversions or additional interfaces to/ from various existing systems. This will be discussed further after proposal review.

SMMC ASSUMPTIONS The system will include the following components:

Production, Test and Training Environments User Training Integration with existing clinical systems

Planning and Volume Statistics

The data below represents the key clinical and business statistics for SMMC. This information is intended to be used as a reference to assist in the completion of your response including pricing, sizing of processor(s), main memory, disk storage, and necessary subsystems/third-party software.

Page 13 of 82

San Mateo Medical Center Operational Data

Item FY09-10

Period Ending 6/30/10

Projected (within 3 years)

Total Number of Beds 448 448

Number of Beds by Specialty

Medical/Surgical 62 62

ICU/CCU 7 7

Psychiatric 34 34

Long Term Care (LTC) 345 345

Number of Operating Rooms 3 4

Annual Discharges-Acute Care 2795 3075

Annual Inpatient Days-Acute Care 12396 13635

Average LOS-Acute Care 4.4 4.5

Annual Discharges-Psych 826 908

Annual Inpatient Days-Psych 9746 10720

Average LOS-Psych 11.8 11.8

Annual Discharges-LTC 479 546

Annual Inpatient Days-LTC 102957 113252

Average LOS-LTC 215 215

Annual ED Visits 35515 39066

Annual Psych Emergency Visits 3494 3843

Annual Hospital Outpatient Visits (excluding ED & Same Days) 238572

262429

Number of satellite clinic sites 9 9

Number of Physicians On-staff 150 150

Planned Concurrent Users 600 600

4.2 History/Organizational Background The proposal should describe the following: the proposer’s company’s history, mission, programs, and services; administrative structure; and experience, including length of time in providing similar services. Please include any past experience with local government agencies. Also, describe how this program will fit into your overall organization. Attach an organizational chart of your San Francisco/Bay Area region operation.

Page 14 of 82

Please use the format below for this information. PROPOSER’S CORPORATE INFORMATION

1. EXECUTIVE SUMMARY

Include an executive summary which should be a one or two page summary intended to provide the Evaluation Committee with an overview of the significant business features of the proposal.

2. PROPOSER EXPERIENCE/INFORMATION

The Proposer shall include in their proposal a statement of relevant experience. The Proposer should thoroughly describe, in the form of a narrative, its experience and success as well as the experience and success of subcontractors, if applicable in providing and/or supporting the proposed system.

In addition, Proposers are required to provide the following information:

a. Vendor Primary Contact:

1) Name:

2) Title:

3) Office/Location Address:

4) Phone Number:

5) Fax Number:

6) Email Address:

7) Organization’s Internet Home Page:

b. Please list names, title, background and tenure of the executive leadership of your organization and/or of your Healthcare Information System division if part of a larger/broader organization.

c. Identify the locations (city, state) of the following:

1) Corporate Headquarters:

2) Programming/Technical Support Personnel:

3) Field Engineering:

4) Client Education Personnel:

5) Consulting Services Personnel:

d. Under the laws of which state the vendor is incorporated:

e. What is the number of employees in your organization, categorized by:

1) Total:

2) Management/Administration:

3) Marketing /Sales:

4) Research and Development:

5) Installation:

Page 15 of 82

6) Ongoing Application Support:

7) Customer Service/Telephone Support:

8) Other:

f. Provide input on the number and type of clinical resources you have on staff.

g. How long has your company been in the business of Clinical Information systems?

h. What percentage of your company business involves Clinical Information systems?

Please provide the following financial information for each of the last three fiscal years (specific to your software division if part of large company):

FY 2010 FY 2009 FY 2008

Annual Revenue

Net Profit

Total Assets

Total Debt

% Net Revenue spent on Research and Development

i. Are there any established user groups associated with your organization

or proposed product? Please describe your organization’s sponsorship of these groups and how your organization works with them:

j. Provide a complete disclosure if Proposer, its subsidiaries, parent, other

corporate affiliates, or subcontractors have defaulted in its performance on a contract during the past five years which has led the other party to terminate the contract. If so, identify the parties involved and the circumstances of the default or termination.

k. A list of any lawsuits filed against the Proposer, its subsidiaries, parent,

other corporate affiliates, or subcontractors in the past five years and the outcome of those lawsuits. Identify the parties involved and circumstances. Also, describe any civil or criminal litigation or investigation pending.

3. FINANCIAL STABILITY/PROPOSER FINANCIAL INFORMATION

Proposer shall submit copies of the most recent years independently audited financial statements, as well as those for the preceding three years, if they exist. The submission shall include the audit opinion, balance sheet, income statement, retained earnings, cash flows, and notes to the financial statements. If independently audited financial statements do not exist for the Proposer, the Proposer shall state the reason and, instead, submit sufficient information such as the latest Dun and Bradstreet report to enable the Evaluation Committee to

Page 16 of 82

determine the financial stability of the Proposer. The Proposer shall supply any additional financial information requested by SMMC ISD in a timely manner.

4.3 References Please provide the following information for three references. It is important that you include references that are similar to SMMC in terms of size, clinical services, scope of applications and technology environment. If possible, provide at least one reference site from the state of California, preferably from the San Francisco Bay Area. SMMC will not contact any references without your permission. Please use the format below to provide this information.

Reference #1:

a) Organization Name:

b) Organization Address:

c) Size and Type of Facility:

d) Name and Release Version of Application(s) Installed:

e) Application(s) Live-dates:

f) Nature of Relationship between Vendor and Reference Site (i.e., partner, beta site):

g) Individual with sufficient knowledge and experience to speak on the implementation process, product functionality, vendor support, and documentation and training.

Name:

Title:

Phone number:

Contact email address:

Reference #2: a) Organization Name:







Name:

Title:

Phone number:


Reference #3: a) Organization Name:




Page 17 of 82




Name:

Title:

Phone number:


5. Service Capabilities

5.1 The proposal should define the scope of work and specific services being offered in your proposal and should include the information listed in the sections below:

5.1.1 TECHNICAL REQUIREMENTS

SMMC is seeking a contractor to provide a complete solution to satisfy the technical, functionality, and integration requirements and one who is capable of providing the stated capacity and service levels as well as the training and technical support required to maintain the system in an operational status. The technical requirements are to be defined referencing the technical requirements in Appendices A1 and A2. Proposers submitting a proposal for a client server solution must submit Appendix A1; whereas Proposers submitting a proposal for a SaaS solution must submit Appendix A2. Proposers submitting a proposal for both types of solutions must submit Appendix A1 and Appendix A2. Proposers must submit a thorough narrative supported by references to the technical documentation in response to questions asked in Appendix A1 or Appendix A2.

5.1.2 VENDOR PROPOSED PRODUCT INFORMATION

Please complete the table below regarding the proposed applications:

Applications

Supported Functionality (Ref Section II-D)

Application Suite Name

Module Name

Developed In-House,

Integrated, or Interfaced?

Current Status (i.e., in development, beta,

or generally available w/version # )

# Live Clients

Hospital-based Core Clinical Applications

Provider Order Entry/all order services

Page 18 of 82

Applications

Clinical Decision Support

Nursing and Ancillary Clinical Documentation (assessment, care plans)

Multidisciplinary Clinical Documentation including providers

Intensive Care Services (ICU)

Perioperative Services, including documentation

Infusion Center Management

Telemetry and Patient Monitor Integration

Additional Support Applications

Enterprise Document Management System (EDMS)

Reporting Tools

Possible Future Applications

Referral Management System

Affiliated Physician Portal

Patient Portal

Personal Health Record

Page 19 of 82

5.1.3 SYSTEM SUPPORT REQUIREMENTS

Function Vendor Use Only

Yes No Comments

1) A dedicated support team is guaranteed.

2) Toll free telephone support is available 7 days a week, 24 hours a day.

3) Web-access support is available 7 days a week, 24 hours a day.

4) Telephone support response times are guaranteed. Specify the response time.

5) For the proposed hardware, please identify the party responsible for support.

6) For the proposed software, please identify the party responsible for support.

7) Is a preferred or “premier” customer support status offered?

8) Is a warranty for the application(s) available? What is the warranty period?

System Support - Additional Requirements

1. Where are your customer support offices located?

2. What are your standard support hours? Are they based on client local time? Do you offer extended support hours? Is there an additional charge for this and if so, what is that charge?

3. Define the recommended size and skill set of the IT staff to support your proposed core clinical product(s) at an organization of SMMC’s size and complexity.

4. Assuming SMMC contracts with another party for hardware, networking, etc., how are lines of responsibility drawn?

5. Describe the process for resolving client issues and problems:

a) Discuss issue logging and tracking.

b) Explain service request prioritization.

c) Describe escalation procedures.

d) Discuss status reporting.

e) Provide average turnaround times for problem resolutions.

f) What documentation/acknowledgement is communicated to SMMC when a problem/issue is communicated to the vendor?

6. Describe your methodology for new version/releases of your software:

a) Development.

b) Testing.

c) Distribution.

d) Installation.

Page 20 of 82

e) Notification.

7. How often are new versions released?

8. What is the recommended / standard timeframe for taking new releases?

9. When a new version of your product is released, will you guarantee upward conversion to the new release at no additional cost to SMMC?

10. Can new software be applied and tested in the training system before it is applied to the production system?

11. Is the training database/environment a mirror image of the production files and the systems test database?

12. Can the test/training environment be ‘refreshed’ or synchronized from the production environment by SMMC independent of vendor participation? Please explain.

13. How are customizations – vendor and customer-created – accommodated in new releases, i.e., not overwritten?

14. How many levels of software releases are supported?

15. Does the vendor organization support a remote hosted model for their software? Please describe offering.

5.1.4 IMPLEMENTATION APPROACH

1. Please describe your typical approach to implementing the proposed core clinical

solutions at an organization of SMMC’s size and complexity.

2. Please describe a high-level recommended installation sequence and timetable for the proposed core clinical applications with the intended goal of maximizing ARRA HITECH incentive monies through reaching Meaningful Use in a timely manner. Please include a description of suggested implementation phases and timing (e.g., Phase 1: Orders/Results, Phase 2: Clinical Documentation, etc.)

3. Provide a sample implementation work plan for the proposed applications indicating the tasks required, the relative sequence of tasks, the party responsible for each task, and the approximate time required to complete each task.

4. Describe the anticipated vendor and SMMC personnel and/or outside resources required/ recommended to install your proposed solutions outlined in #2 above (skill level and numbers).

5. Discuss activities/assistance that could be provided by vendor personnel in addition to those provided for in your work plan and implementation cost estimate and describe how these additional services would be billed. .

6. Describe your formal procedure for system acceptance, including hardware and software.

7. Describe your methodology for conversion of current system files, specifically:

a) Patient demographics.

b) Clinical documentation (discrete data and transcribed reports). Please provide input on two methods for this data:

1. Converting discrete data/transcribed reports to your CIS.

2. In-loading of a subset of paper charts via your document management solution.

8. For any identified automated conversions, who would be responsible for developing:

a) Extracts from the current system?

b) Input/edit/updates to your system?

Page 21 of 82

9. What is your recommendation for converting existing clinical data from the incumbent Siemens Invision system -- to your proposed CIS as discrete data, to your proposed document management solution, other? How have other clients addressed historical clinical data conversions?

5.1.5 CLINICAL CONTENT

1. Please describe your typical approach and/or options to building the clinical content needed for order entry/CPOE to achieve standardization and patient safety (e.g., order sets, clinical decision support, standardized documentation, etc.).

2. Describe the types and number of order sets and alerts/reminders you provide with the order entry module, i.e., ‘starter set’? If you provide these, please provide details.

3. Describe your system ability for dealing with standardized order sets by specific physicians vs. diagnosis?

4. Describe in detail the clinical content that is provided with your clinical system. Provide numbers and types of content including order sets (if not described in #2 above), clinical rules and alerts, care plans, etc.

5. Describe how the clinical content is maintained in your application.

6. Does your system support the import of 3rd party clinical content? If so, please describe the process and how is existing content impacted.

7. List the 3rd party vendors that you are aligned with for providing clinical content. Describe any additional costs for this 3rd party software.

8. Describe how your system allows the ability to aggregate data directly from the CDR for regulatory initiatives – e.g., THE JOINT COMMISSION core measures, CMS core measures, IHI sepsis bundle compliance, SMMC specific databases, etc.

9. Describe your system’s ability to integrate various care protocols into general assessment, scoring, implementation and on-going reassessment into the EMR – i.e., falls, pressure ulcers, groin management, restraints, rehab protocols, moderate sedation protocols, central line placement protocols, etc.

10. Describe how the system assists with adherence to national patient safety goals from THE JOINT COMMISSION or National Quality Forum guidelines – program screening, implementation, compliance monitoring, etc.

a. High risk medication alerts

b. Look alike, sound alike drugs

c. Drug concentrations

d. IV Conscious sedation

e. Monitoring of hospital acquired infections

f. Patient identification

g. Clinical alarms

h. Critical values

i. Medication reconciliation

11. Describe the system’s ability to pick up symptom or pattern recognition of symptoms of patient’s in trouble and triggers the end-user?

Page 22 of 82

5.1.6 FUNCTIONALITY AND INTEGRATION REQUIREMENTS (APPENDIX B)

Proposers must complete and submit with their proposals the functional and integration requirements referenced in Appendix B.

5.1.7 TRAINING

Function Vendor Use Only

Yes No Comments

1) Documentation is available in hard copy.

2) Documentation is available on-line.

3) On-line documentation can be printed on demand.

4) Documentation is available on CD or DVD

5) Documentation manuals accurately reflect the most current software release.

6) Vendor-supplied training can be conducted on-site at SMMC.

Training - Additional requirements

a) Provide a summary description of the documentation provided with the system including:

a) System administration manuals (including use of decision and edit tables).

b) Technical documentation (including detailed HL7 interface specs and data schema).

c) User reference manuals.

d) Training manuals.

b) Describe the training approach for user personnel. Outline training classes/sessions offered, course content, approximate length of time for each session and approximate ratio of hands-on practice vs. lecture.

c) Describe any computer-based instruction modules available for training during installation and for on-going training.

d) Describe the training provided to operations and technical support personnel.

e) Describe the training for the report writer or reporting mechanism? Describe how this is accomplished and what is the cost?

f) Describe the training available to information systems and user department core group personnel for product orientation in advance of system file, table, profile and parameter building.

g) Describe any ongoing training available to customers included in the maintenance/support arrangement at no additional cost (not including out-of-pocket expenses).

h) Discuss options available for training new personnel after initial implementation.

Provide a listing of all standard reports that are provided by the system (for each module) and a sampling of each with your response.

Page 23 of 82

Additional Note: The implementation, project management, training, and ongoing support requirements are to be defined referencing the requirements in Appendices C1 and C2. Proposers submitting a proposal for a client server solution must submit Appendix C1; whereas Proposers submitting a proposal for a SaaS solution must submit Appendix C2. Proposers submitting a proposal for both types of solutions must submit Appendix C1 and Appendix C2. Proposers must submit a thorough narrative supported by references to the implementation, project management, training, and ongoing support in response to questions asked in Appendix C1 and/or Appendix C2.

5.1.8 STRATEGIC DIRECTION

This section gathers information related to the strategic direction of the vendor and defines the contractual requirements of SMMC. Please answer each question completely, concisely, and accurately. 1. Strategic Requirements

a) Has your company acquired or merged with any other organizations in the past three years? If so, please describe.

b) Are you a subsidiary of or under the control of any other corporation, individual, or other entity? If yes, please provide entity name.

c) Describe your corporate vision for how information technology will support the healthcare environment of the future (i.e., over the complete continuum of care).

d) Describe how workflow tools are integrated into your products and how they can be customized by the client.

e) Identify your product’s strengths and its areas for improvement.

f) What are your plans to address these improvement opportunities?

g) Describe your organization’s vision for providing web-based applications, technologies, or value-added services.

h) Describe how your system supports the development of evidence based care and promotes and tracks quality outcomes.

i) How does your system support the building of an infrastructure to support improvement in core measures and other quality indicators, such at THE JOINT COMMISSION Patient Safety goals and IHI quality indicators?

j) What reporting capabilities are available with your system for reporting core measure performance?

k) Can the proposed solution support all relevant California state regulatory requirements?

l) Describe any work you are doing with designing or developing systems to assist healthcare organizations meet Leap Frog standards.

m) Describe the work you’ve completed or will complete to ensure that your applications will support clients with the expanded HIPAA requirements stemming from the ARRA HITECH Act (security and privacy focused).

n) Please provide examples of operational efficiencies and process integration benefits achieved by clients through the use of your system (attach materials, as needed).

o) Discuss your efforts to provide interfacing to ‘smart’ IV pumps and please specify those manufacturers that you have interfaced with to date.

Page 24 of 82

p) Describe how your system has incorporated the use of bar-coding, RFID and proximity technology into the care delivery process. Do you partner with other vendors to support these features and/or is software internal to your product. Please provide detail information on this focus area.

q) Describe how your system can support a community-wide HIE (health information exchange) initiative to consolidated patient clinical information across disparate entities, i.e., RHIO (regional health information organization) and/or CMPI (community master patient index).

r) Please describe how your system handles bed management. Is this function part of your CIS or you’re his? Assuming it is part of your CIS and assuming that SMMC will remain on their Invision system for Registration/ADT, how will that affect the bed management processes within your CIS?

s) What constraints do you see with the integration of a 3rd party laboratory system (Novius LIS)?

t) SMMC plans to keep their incumbent EDIS (Pulsecheck) in place initially. What data points would you recommend for integration between your CIS and SMMC’s Pulsecheck ED System to ensure a comprehensive clinical record for patients that span the ED/Inpatient continuum? Have you integrated with Pulsecheck? Have you integrated with other ED systems? What challenges have you encountered?

u) Please outline how your proposed solution supports the ARRA HITECH Meaningful Use requirements. Include a table of the required Meaningful Use functionality (by year) and how your proposed solution meets these requirements currently or planned. Include both core and menu set items in this description.

5.1.9 Contractual Information

Indicate, in the following table, your agreement to the contractual requirements identified. Some requirements identified below relate to language included in the County’s standard contract template, a copy of which is attached to this RFP. If you cannot agree to a requirement, explicitly state such in your response and provide alternative contract language for consideration.

Requirement Vendor Response

Yes No Comments

a) Should SMMC contract with your organization, there are no pending litigation activities involving your organization that could have an impact on SMMC.

b) Your organization will contract guaranteed prices for software systems that are currently under development and not yet installed.

c) Your organization will contract for “not to exceed” installation fees.

d) Your organization will stipulate that the contract will be entered into under, and governed by, the laws of California. (See Section 15 of the County’s standard agreement.)

e) Your organization will stipulate that any dispute arising under the contract will be venued in the County of San Mateo or the United States District Court for the Northern District of California. (See Section 15 of the County’s standard agreement.)

Page 25 of 82

Requirement Vendor Response

Yes No Comments

f) Your organization will agree to unconditionally guarantee all items against defects in materials, workmanship, and performance for one year from date of installation by SMMC unless otherwise specified.

g) Proposed acquisition and ongoing maintenance or support costs include any future enhancements or upgrades to the application modules. If not, indicate additional costs in the cost quotation.

h) Your organization can and will comply with the County’s non-discrimination policy. (See Section 11 of the County’s standard agreement.)

i) Your organization can and will comply with the County’s equal employment opportunity policy. (See Section 11 of the County’s standard agreement.)

j) Your organization can and will comply with the County’s policy regarding employee benefits. (See Section 11 of the County’s standard agreement.)

k) Your organization can and will comply with the County’s jury duty policy. (See Section 17 of the County’s standard agreement.)

l) Your organization can and will comply with the County’s hold harmless language. (See Section 7 of the County’s standard agreement.)

m) Your organization can and will comply with the County’s insurance requirements. (See Section 8 of the County’s standard agreement.)

n) Your organization is able and commits to comply with all other terms of the County’s standard contract. (If not, provide an explanation for the inability to comply with the required term(s). If no objections are stated, County will assume the proposer is prepared to sign the County contract as-is.)

Contractual Information - Additional Requirements

i. How many contracts for proposed systems have you signed in the last three years? Please specify for each component.

ii. How many of those clients have completed implementation of your system? (List the applications installed for each client.)

iii. Have any of your customers cancelled a contract in the last two years before, during, or after an installation? If yes, why? (Specify organization and location.)

Page 26 of 82

iv. Describe how you will commit to providing changes mandated by Federal (e.g., HIPAA, FDA), State, Accrediting (e.g., THE JOINT COMMISSION), and standards (e.g., HL7) organizations. Are there any additional costs for these updates?

v. Describe your approach and timing to accommodate the mandated change to HIPAA v5010 format and ICD-10 diagnosis code set.

vi. Have you obtained ONC certification in support of ARRA HITECH requirements (available beginning October 2009)?

vii. Please list the clients that have purchased your CORE HIS within the last two years.

5.1.10 Application Design

Function Vendor Response

Yes No Comments

a) If the application is Windows-based, can your system run under VMWare Workstation (virtualized environment)?

b) Is the application object oriented design with flexibility to add custom fields and modification easily? Explain.

c) Does the application provide a tool to migrate customization to new software releases? If so, describe.

d) Does the application have web access capability for view-only?

e) Does the application have web access capability for ordering, results processing, and clinician charting?

f) Is the e-mail interface capable of notification and routing of reports?

g) Can the systems support the use of email distribution lists?

h) Is the e-mail interface part of a secure messaging system?

i) How is PHI encoded in email?

Application Design- Additional Requirements

i) What language is the application written in?

ii) Describe the processing model used in the application, such as 2, 3, or multi-tier.

iii) Describe the distribution and centralization capabilities for data, application, and interface processing across physical platforms.

iv) Describe how capacity planning is accomplished. Include any calculations and documents in your response.

v) Provide a schematic showing the logical design of the proposed applications that identifies all databases and files and indicates the direction of data flow.

vi) How are databases mirrored for failure tolerance?

Page 27 of 82

vii) Does the system support voice recognition as an input mechanism? If so, please explain how and if there are any third party products or components required.

viii) Please provide a list of all reports, including security reports, and report libraries that come standard with the system.

5.1.11 Security


Yes No Comments

a) Does the application security utilize RDBMS security roles?

b) Can the application security utilize enterprise directory services for user authentication?

c) Can SMMC enforce password standards, such as length, expiration, and character sets in your application?

d) For your application, is the authentication process encrypted?

e) Are users able to change passwords through the application at their own discretion?

f) Does your product provide security controls to restrict access by:

i Application module

ii On-line function

iii Screen within function

iv Data element/section of chart

v User ID

g) Can groups of user security be changed at one time?

h) Can security be copied from one user or group to another then modified?

i) Can user-defined security criteria be set?

j) Is there an audit trail for security changes?

k) Is one sign-on process sufficient to control access to all authorized functions/modules?

l) Are separate passwords required for specific screens or modules?

m) Can one user be signed on to multiple devices simultaneously (i.e., using the same password)?

n) Does the system provide use statistics by user ID?

o) Does the system provide an audit trail that can be used to identify transactions or data accesses that have been performed by:

i Input Device

ii Function

iii Patient/Record

iv User Role

v User Identity

p) Are all transactions identified with a user ID?

Page 28 of 82


Yes No Comments

q) Does the system provide additional security for Web access (if available)?

r) Does the system include options for:

i Failed access attempts to be tracked and reported?

ii Specifying the number of failed attempts allowed?

iii Action upon maximum failed attempts?

s) Can audit logs be archived and recalled as needed?

t) Does the system have a “time out” feature that automatically signs off a user if a workstation has been left unattended for a SMMC-defined time period?

u) Can system “time out” parameters be modified by SMMC without vendor assistance?

v) Does the system allow for controlling/removing access for users no longer needing access?

w) Can SMMC define a period after which an unused sign-on is deactivated/disabled from the system?

x) Can vendor support personnel access the system without SMMC knowledge?

y) Does the system have a function that will automatically “log off” ALL users?

z) Does the system support electronic signature?

Security - Additional Requirements

i) Describe how the system provides for the capability to restrict access to particular records within the system, based on user ID or specified fields (i.e., discharged facility).

ii) How is single sign-on to all applications implemented?

iii) Describe your approach to utilizing biometric and/or proximity/RFPD device solutions for user authentication. Do you have any of these solutions in production? If so, describe the environment and benefits delivered.

iv) Please describe the ability of software to conform to SSL and describe any other encryption capabilities of the software.

5.1.12 Database


Yes No Comments

a) Is the database schema documented and provided to SMMC?

b) Does the database schema identify all databases and files and indicate direction of data flow?

c) Is the database schema automatically updated and re-distributed as new releases are made available?

d) Do the database schema/tables have a standards convention?

Page 29 of 82


Yes No Comments

e) Is there an entity relationship model for the application?

Database - Additional Requirements

i) Is the DBMS used standard or proprietary? If proprietary, describe the structure and any required support procedures.

ii) How many database servers and mirrors are recommended? Is there a production, test/training and development environment as delivered, etc.?

iii) Describe a plan and tools used to inspect, report on, and repair the database(s).

iv) Describe your database mirroring. How is the “correct” copy known?

v) Describe database backup plans.

vi) What different levels of database support does your company provide?

vii) How do you package your database installs and upgrades for your application? Is the upgrade/install configurable to different database environments (i.e., schema name, database names, table space names…)?

5.1.13 Data Dictionaries and File Design

a) Does your system have "master files" where universal information can be entered once and accessed by other applications (e.g., patient demographic information)? Does this apply to all applications proposed?

b) Are any files updated in a batch mode? If so, please indicate which files, the frequency in which these files are updated and the length of time necessary for batch updates to be performed. Can the online functions be active while batch updates are done?

c) Can all data elements be viewed, printed, interfaced, updated, reported on and/or listed as needed? Identify any that cannot.

d) Does the system allow the user to restrict printing and display of confidential data elements if flagged in the data dictionary?

5.1.14 Data Access and Storage

a) Describe database storage model used by application, such as relational, network, or hierarchical. How will this affect the report writing capabilities of the system?

b) Describe the use of SAN (Block Level) and/or NAS (File Level) protocols associated with the proposed solution. What SAN/NAS storage vendors and products are certified to work with your system?

c) Describe the recommended storage solution, hierarchy, sizing/capacity, speed, etc.

d) Does the proposed system include:

i) User-defined menus

ii) User-defined screens/start-pages

iii) User-defined fields

iv) User-defined function keys

Page 30 of 82

v) User-customizable patient summary screens (data from demographics, allergies, documentation, orders, flowsheets, results, etc.)

e) Are required fields SMMC-definable?

f) How is data integrity maintained? What tools are used?

5.1.15 Interfaces


Yes No Comments

a) Do you support the use of interface engines? If yes, comment on which engine(s) are supported.

b) Are all system interfaces HL7 compliant?

c) Do you provide detailed interface specifications?

d) Do you make technical staff available to answer questions and assist in data mapping with other vendors?

e) Does the vendor support controlled user access to monitor the interfaces and to stop/start the interfaces?

f) Is there an interface error log on the system and can client personnel access it?

g) Does the system attempt to re-send transactions in the event of a failure?

Interface - Additional Requirements

1. Describe your overall design approach to developing, testing, implementing and upgrading system interfaces to third party systems.

2. Provide a list of the interfaces that have been developed/implemented for your CIS. Include type of interface and vendor/system interfaced to/from.

3. Provide a list of the medical device (telemetry monitors, EKGs, ventilators, etc.) interfaces that you have developed/implemented for your CIS.

4. Please discuss how you have taken steps towards interoperability in support of the Continuity of Care Document (CCD) and Continuity or Care Record (CCR) core data sets. Please indicate if you have implemented the CCD or CCR XML schema with any clients and if so, to what other clinical software systems.

5. SMMC’s specific interface requirements include the following, please describe your ability to interface to each and include pricing in the Systems Costs section (Section 8.0). We have listed the minimum various types of transactions and systems involved below.

a. ADT (bi-directional)

i. Inbound to CIS and Document Management from Invision

ii. Outbound from CIS and Document Mgmt to Invision (to avoid data discrepancies; may not be required if patient demographic data cannot be edited in the CIS and Document Mgmt system)

b. Orders/Results (bi-directional including order status/results and inquiry) If proposing these systems

i. Orders Outbound from CIS to Novius Lab and Siemens RIS

ii. Orders & Order Status/Results Inbound to CIS from Novius Lab, Siemens RIS

c. Charges (uni-directional)

Page 31 of 82

i. Hospital-based Charges Outbound from CIS to Invision

ii. Professional Charges Outbound from CIS to Invision

d. Transcription (uni-directional)

i. Transcription Inbound to CIS and/or EDMS from Webmedx

e. Pulsecheck EDIS Integration Requirements

i. Medication Orders Inbound to CIS Pharmacy module from Pulsecheck

ii. Comprehensive clinical data from Pulsecheck EDIS to CIS (supporting CCD standards):

a. Height/weight, allergies/reactions, advanced directive, clinical history, reason for visit, problem list, ED documentation, medications (home and administered while in ED) and time of meds administration in the ED to the CIS eMAR.

iii. Order processing for ED orders. Currently done from Pulsecheck to Invision and then to Lab and Rad. If proposal includes a different solution, please outline it here.

f. eClinicalWorks (eCW) Ambulatory EMR Integration Requirements

i. Bi-directional between CIS and eCW AEMR to support patient continuum

a. User defined / CCD elements and/or documents to support continuity of care, e.g., Height/weight, allergies/reactions, advanced directive, clinical history, problem list, ‘home’ medications, lab values, etc.

b. Potential orders to ancillaries; current process as defined above for Pulsecheck.

c. Messaging to support notification of PCP of hospital admission and outbound discharge summaries.

g. Additional Interfaces

i. Based on information provided, outline any other interfaces to be proposed with explanation of purpose and systems affected. Examples could include medication interfaces with Pyxis, Pharmacy, etc or others.

5.1.16 Hardware and Operating System


Yes No Comments

a) Does the system require nightly procedures/daily processing? If so, describe. Will the system remain in production?

b) Without replacing the proposed CPU, can the capacity of each of the following be increased by 100% (doubled):

i) Memory

ii) Disk Storage – platform specific or SAN

c) Does the system support the use of wireless notebook computers/tablet PCs for entry of patient information?

d) Does the system support the use of handheld devices for entry of patient information? Describe.

e) Does the system support the following data input modes:

i) Light pen

ii) Bar code reader

Page 32 of 82


Yes No Comments

iii) Touch screen

Hardware and Operating System - Additional Requirements

i) What is the latest generation technology platform(s) that the system is offered on? Please provide an approximate breakdown of how many clients are running on this and the previous still-supported platform options.

ii) What operating systems are supported? Approximately how many clients run on each operating system? What operating system is the application developed in? What operating system(s) was, or is, the application ported to and in what order?

iii) Describe the approach used in determining an appropriate hardware sizing and configuration for SMMC. Identify data, assumptions and calculations used.

iv) For each of the following, identify 1) Vendor-certified solutions (or standard minimum) and recommended configuration requirements, 2) Data connectivity/integration approach between device and the system, and 3) system-specific software required to be installed in the device.

a) End user systems, including but not limited to: O/S, CPU, disk drive capacity, system memory, and monitor size:

1) Local desktop workstation

2) Handheld tablet workstation

3) Handheld device

4) Remote/Off Site Workstation

b) Data input systems:

1) Bar code solution

2) Scanners (specify for both single and large scale scanning stations)

3) Voice capture

4) External images – ex., .jpeg from digital camera

5) Electronic signature capture

c) Output systems:

1) Laser printer

2) Impact printer

3) Label printer

4) Bar code printer

v) What Web browser and version is recommended? What Web browsers are supported? Are systems specific add-in components required?

vi) Describe environment and space requirements for proposed hardware. Include a description of the requirements for space, heating, location, flooring, ventilation, air conditioning, and fire protection.

Page 33 of 82

5.1.17 Network

a) For each transaction (per application) provide bandwidth and response times required.

b) How much traffic will be generated per transaction?

c) What is the expected number of transactions per day for SMMC?

d) What type of network architecture is supported?

e) What type of integration into Active Directory or LDAP does the application support?

f) On the wide area network what is the minimum response time required?

g) How does the application respond across a T1 or DSL Connection? Is the use of Citrix or Terminal Services required to ensure efficient response time?

h) Can end users desktop support DHCP? If no, explain.

i) Describe technical design of Web access capability (if any).

j) Does vendor require access to application servers? How is security handled?

5.1. 18 Remote Access

a) Describe in detail the remote access methods you currently support for your application.

b) Do you have client(s) currently connecting to your application via an Internet VPN connection? If so, what is the minimum bandwidth required?

c) Does your product offer web-based remote access that provides full access to application’s functionality? If so, please describe. If not, please describe limitations to access that would result.

d) Does your solution support SSL for remote access security? 5.1.19 Operations/Disaster Recovery

a) Does your system support disk shadowing?

b) Are there any special disaster recovery considerations for your application?

c) Does SMMC have the ability to perform disk compression, initialize files, tapes, disks, packs, etc.?

d) For your application, is downtime required for any function? If so, explain.

e) For your application, describe your backup methodology.

f) How are back-up configuration files handled?

g) Define your uptime performance warranty.

5.1.20 Functional Requirements (Excel insert – APPENDIX F) This section gathers information related to the functional requirements of SMMC and how well your proposed product(s) meets these requirements. SMMC is requesting information on all of the functionality outlined in Section 4.1 Project Application Scope and Description. Please use the enclosed Excel workbook “SMMC Appendix F Func Reqs” to document your responses to the functional requirements.

Page 34 of 82

The seven tabs (highlighted in yellow) comprise the primary ‘core’ modules that SMMC will be focused on in “Phase 1” of their deployment. The two tabs highlighted in blue comprises additional functionality that SMMC would like detail responses on for their consideration.

1. Vendor Instructions

2. Hospital-based Core Clinicals

3. Critical Care

4. Enterprise Document Management System (EDMS)

5. Portals

6. Global Functions

7. HIM

8. Reporting Tools

9. Pharmacy

In addition to specific requirements outlined in the detailed Excel worksheets please provide information (and pricing) on software that you offer to support the following areas:

Referral Management System

Case Management System

Perioperative Services

Cardio Vascular Information System (CVIS)

Personal Health Record

Long Term Care—functionality and record integration

5.1.21 Cost Proposal – Clearly define and itemize all costs associated with the services defined in your proposal, to include travel if required. Please use the Cost Proposal form (Excel Spreadsheet)—Appendix D. The pricing must clearly define all costs expected to be incurred by SMMC during implementation and throughout the term of the contract. They must clearly separate one-time costs, implementation/installation costs, and recurring costs over a five-year period. If the software is compatible with multiple hardware platforms, please propose a recommended platform for the SMMC environment and infrastructure standards as noted in Section 2.0. The proposed configuration should reflect a high-availability/redundant model and also include disaster recovery recommendations. 5.1.22 Describe start-up requirements and the lead-time necessary to begin providing services. 5.1.23 Describe your invoicing, remittance, and reconciliation process. Note the County invoicing requirements as specified in Exhibit B of the standard County Agreement (attached).

Page 35 of 82

5.2 Proposal Format and Submission All proposals should be typewritten; have consecutively numbered pages, including any exhibits, charts, or other attachments; and be securely bound. Proposals shall be organized into the following major sections:

Title Page Letter of Transmittal Table of Contents Executive Summary Scope of Services Company Background Client References Cost Proposal Exceptions to the RFP Required Attachments (including the Contractor’s Declaration From)

Statement of Compliance with County conditions

The proposer must sign proposals. An unsigned proposal may be rejected. All proposals must remain valid for a period of not less than 180 days from the submission. This includes pricing as well as nominated engagement staff. All proposals can be amended or withdrawn before the deadline has been reached. Submit one (1) original and seven (7) double-sided copies. Also on one (1) CD-ROM submit an electronic copy of the proposal. Submit proposal and include the name and address of the proposer on the outside of the package and in a cover letter. Address or deliver proposals before the deadline to:

San Mateo County RFP # ISD 1805 Cyndy Chin, Administrative Assistant 222W. 39th Avenue San Mateo, California 94403

6. Final Filing Date

Proposals must be received by the County by 2PM PST on Feb 4, 2011.

Page 36 of 82

6.1 Additional Information

If the County determines, at its sole discretion, that additional information is required or desirable beyond that provided in the proposal(s) of any of the proposer(s), County shall invite the proposer(s) to make oral and/or written presentations to the Evaluation Committee.

7. Evaluation of Proposals

An Evaluation Committee will be composed of at least one representative from each of the following departments: Nursing, Ancillary services, Providers, Revenue Cycle and HIM. In addition, the committee will also include the Chief Medical Information Officer, the Chief Medical Officer, the Health System IT Deputy Director and an ISD Relationship Manager. The Evaluation Committee will evaluate proposals and the qualifications of proposers submitting proposals. The evaluation criteria include, but are not limited to, those listed below in paragraph 7.1, “Evaluation Criteria”. The Evaluation Committee will submit to the Director of Information Services the recommendation of the Committee’s evaluation. The Director can accept or reject any recommendation.

7.1 Evaluation Criteria

Each proposal will be assessed by the Evaluation Committee based upon the evaluation criteria that will include the following: (Not listed in order of importance) Proposer’s experience; Capability and experience of key personnel; Quality of references; Clarity of understanding of the scope of services to be provided; Experience with other public or private agencies to provide case study numbers; History of successfully providing similar services; History of successfully managing other contracts with public or private agencies; Ability to satisfy SMMC’s functional requirements; Ability to meet required timeline; Proposal cost and; Ability to comply with the County’s contract requirements. The County may consider any other criteria it deems relevant, and the Evaluation Committee is free to make any recommendations it deems to be in the best interest of the County.

7.2 Notification

Notification of the Information Services Director’s recommendation will be done by fax transmission and/or by e-mail when the selection process is completed. Please be sure to include all requested contact information.

8. Protest Process

If a proposer desires to protest the selection decision, the proposer must submit a

Page 37 of 82

written protest within five (5) business days after the delivery of the notice letter about the decision. The written protest should be submitted to the Director of Information Services as outlined below. Protests received after the deadline will not be accepted. Protests must be in writing, must include the name and address of the Proposer and the Request for Proposals numbers, and must state the specific ground(s) for the protest. A protest that merely addresses a single aspect of the selected proposal, e.g., comparing the cost of the selected proposal in relation to the non-selected proposal, is not sufficient to support a protest. A successful protest will include sufficient evidence and analysis to support a conclusion that the selected proposal, taken as a whole, is an inferior proposal.

The Director of Information Services will respond to a protest in writing, and the County may, at its election, set up a meeting with the proposer to discuss the concerns raised by the protest. The decision of the Director of Information Services will be final.

The protest must reference this RFP by number, be in writing, include contact information for the protesting party, and be faxed or emailed to:

Kathleen Boutte Foster, Deputy Director Information Management Services-Health, ISD

and Cyndy Chin, Administrative Assistant, ISD Email: [email protected] and [email protected] FAX: (650) 627-9160

9. Contract Negotiation and Inability to Negotiate a Contract

After a proposer has been selected by the Director of Information Services, the County and such proposer will negotiate a contract for submission to the County’s Board of Supervisors for consideration and possible approval. Sole authority for acceptance of any such agreement lies with the County’s Board of Supervisors, and submission of an agreement to the Board of Supervisors is not a guarantee that it will be executed. If a satisfactory contract cannot be negotiated, the County may, in its sole discretion, negotiate with another vendor.

mailto:[email protected]

38

County Contract Template & Contractor Declaration Form

AGREEMENT BETWEEN THE COUNTY OF SAN MATEO AND [Contractor name]

THIS AGREEMENT, entered into this _____ day of _______________ , 20_____, by and between the COUNTY OF SAN MATEO, hereinafter called "County," and [Contractor name here], hereinafter called "Contractor";

W I T N E S S E T H:

WHEREAS, pursuant to Government Code, Section 31000, County may contract with independent

contractors for the furnishing of such services to or for County or any Department thereof;

WHEREAS, it is necessary and desirable that Contractor be retained for the purpose of [Enter information here].

NOW, THEREFORE, IT IS HEREBY AGREED BY THE PARTIES HERETO AS FOLLOWS: 1. Exhibits and Attachments The following exhibits and attachments are included hereto and incorporated by reference herein: Exhibit A—Services Exhibit B—Payments and rates Attachment H—HIPAA Business Associate requirements Attachment I—§ 504 Compliance Attachment IP – Intellectual Property (**if the IP Attachment does not apply to this contract then delete this line**) 2. Services to be performed by Contractor In consideration of the payments set forth herein and in Exhibit “B,” Contractor shall perform services for County in accordance with the terms, conditions and specifications set forth herein and in Exhibit “A.”

3. Payments In consideration of the services provided by Contractor in accordance with all terms, conditions and specifications set forth herein and in Exhibit "A," County shall make payment to Contractor based on the rates and in the manner specified in Exhibit "B." The County reserves the right to withhold payment if the County determines that the quantity or quality of the work performed is unacceptable. In no event shall the County’s total fiscal obligation under this Agreement exceed [Write out amount], [$Amount]. 4. Term and Termination Subject to compliance with all terms and conditions, the term of this Agreement shall be from [Month and day], 20[Last 2 digits of year] through [Month and day], 20[Last 2 digits of year]. This Agreement may be terminated by Contractor, the [Name of County Department Head] or his/her designee at any time without a requirement of good cause upon thirty (30) days’ written notice to the other party. In the event of termination, all finished or unfinished documents, data, studies, maps, photographs, reports, and materials (hereafter referred to as materials) prepared by Contractor under this Agreement shall become the property of the County and shall be promptly delivered to the County. Upon termination, the Contractor may make and retain a copy of such materials. Subject to availability of funding, Contractor shall be entitled to receive payment for work/services provided prior to termination of the Agreement. Such payment shall be that portion of the full payment which is determined by comparing the work/services completed to the work/services required by the Agreement.

39

5. Availability of Funds The County may terminate this Agreement or a portion of the services referenced in the Attachments and Exhibits based upon unavailability of Federal, State, or County funds, by providing written notice to Contractor as soon as is reasonably possible after the County learns of said unavailability of outside funding. 6. Relationship of Parties Contractor agrees and understands that the work/services performed under this Agreement are performed as an independent Contractor and not as an employee of the County and that Contractor acquires none of the rights, privileges, powers, or advantages of County employees. 7. Hold Harmless Contractor shall indemnify and save harmless County, its officers, agents, employees, and servants from all claims, suits, or actions of every name, kind, and description, brought for, or on account of: (A) injuries to or death of any person, including Contractor, or (B) damage to any property of any kind whatsoever and to whomsoever belonging, (C) any sanctions, penalties, or claims of damages resulting from Contractor’s failure to comply with the requirements set forth in the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and all Federal regulations promulgated thereunder, as amended, or (D) any other loss or cost, including but not limited to that caused by the concurrent active or passive negligence of County, its officers, agents, employees, or servants, resulting from the performance of any work required of Contractor or payments made pursuant to this Agreement, provided that this shall not apply to injuries or damage for which County has been found in a court of competent jurisdiction to be solely liable by reason of its own negligence or willful misconduct. The duty of Contractor to indemnify and save harmless as set forth herein, shall include the duty to defend as set forth in Section 2778 of the California Civil Code. 8. Assignability and Subcontracting Contractor shall not assign this Agreement or any portion thereof to a third party or subcontract with a third party to provide services required by contractor under this Agreement without the prior written consent of County. Any such assignment or subcontract without the County’s prior written consent shall give County the right to automatically and immediately terminate this Agreement. 9. Insurance The Contractor shall not commence work or be required to commence work under this Agreement unless and until all insurance required under this paragraph has been obtained and such insurance has been approved by Risk Management, and Contractor shall use diligence to obtain such insurance and to obtain such approval. The Contractor shall furnish the County with certificates of insurance evidencing the required coverage, and there shall be a specific contractual liability endorsement extending the Contractor's coverage to include the contractual liability assumed by the Contractor pursuant to this Agreement. These certificates shall specify or be endorsed to provide that thirty (30) days' notice must be given, in writing, to the County of any pending change in the limits of liability or of any cancellation or modification of the policy.

(1) Worker's Compensation and Employer's Liability Insurance The Contractor shall have in effect during the entire life of this Agreement Workers' Compensation and Employer's Liability Insurance providing full statutory coverage. In signing this Agreement, the Contractor certifies, as required by Section 1861 of the California Labor Code, that it is aware of the provisions of Section 3700 of the California Labor Code which requires every employer to be insured against liability for Worker's Compensation or to undertake self-insurance in accordance with the provisions of the Code, and will comply with such provisions before commencing the performance of the work of this Agreement.

(2) Liability Insurance The Contractor shall take out and maintain during the life of this Agreement

such Bodily Injury Liability and Property Damage Liability Insurance as shall protect him/her while performing work covered by this Agreement from any and all claims for damages for bodily injury, including accidental death, as well as any and all claims for property damage which may arise from contractors operations under this Agreement, whether such operations be by himself/herself or by any sub-contractor or by anyone directly or indirectly employed by either of them. Such insurance shall be combined single limit bodily injury and property damage for each occurrence and shall be not less than the amount specified below.

40

Such insurance shall include: (a) Comprehensive General Liability . . . . . . . . . . . . . . . . . . $1,000,000 (b) Motor Vehicle Liability Insurance . . . . . . . . . . . . . . . . . . $1,000,000 (c) Professional Liability . . . . . . . . . . . . . . . . . . . . . . . . . . . . $1,000,000

County and its officers, agents, employees and servants shall be named as additional insured on any such policies of insurance, which shall also contain a provision that the insurance afforded thereby to the County, its officers, agents, employees and servants shall be primary insurance to the full limits of liability of the policy, and that if the County or its officers and employees have other insurance against the loss covered by such a policy, such other insurance shall be excess insurance only.

In the event of the breach of any provision of this section, or in the event any notice is received which indicates any required insurance coverage will be diminished or canceled, the County of San Mateo at its option, may, notwithstanding any other provision of this Agreement to the contrary, immediately declare a material breach of this Agreement and suspend all further work pursuant to this Agreement.

10. Compliance with laws; payment of Permits/Licenses All services to be performed by Contractor pursuant to this Agreement shall be performed in accordance with all applicable Federal, State, County, and municipal laws, ordinances and regulations, including, but not limited to, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and the Federal Regulations promulgated thereunder, as amended, and will comply with the Business Associate requirements set forth in Attachment “H,” and the Americans with Disabilities Act of 1990, as amended, and Section 504 of the Rehabilitation Act of 1973, as amended and attached hereto and incorporated by reference herein as Attachment “I,” which prohibits discrimination on the basis of handicap in programs and activities receiving any Federal or County financial assistance. Such services shall also be performed in accordance with all applicable ordinances and regulations, including, but not limited to, appropriate licensure, certification regulations, provisions pertaining to confidentiality of records, and applicable quality assurance regulations. In the event of a conflict between the terms of this Agreement and State, Federal, County, or municipal law or regulations, the requirements of the applicable law will take precedence over the requirements set forth in this Agreement. Further, Contractor certifies that the Contractor and all of its subcontractors will adhere to all applicable provisions of Chapter 4.106 of the San Mateo County Ordinance Code, which regulates the use of disposable food service ware. Contractor will timely and accurately complete, sign, and submit all necessary documentation of compliance. 11. Non-Discrimination and Other Requirements A. Section 504 applies only to Contractors who are providing services to members of the public.

Contractor shall comply with § 504 of the Rehabilitation Act of 1973, which provides that no otherwise qualified handicapped individual shall, solely by reason of a disability, be excluded from the participation in, be denied the benefits of, or be subjected to discrimination in the performance of this Agreement.

B. General non-discrimination. No person shall, on the grounds of race, color, religion, ancestry, gender, age (over 40), national origin, medical condition (cancer), physical or mental disability, sexual orientation, pregnancy, childbirth or related medical condition, marital status, or political affiliation be denied any benefits or subject to discrimination under this Agreement.

C. Equal employment opportunity. Contractor shall ensure equal employment opportunity based on objective standards of recruitment, classification, selection, promotion, compensation, performance evaluation, and management relations for all employees under this Agreement. Contractor’s equal employment policies shall be made available to County of San Mateo upon request.

D. Violation of Non-discrimination provisions. Violation of the non-discrimination provisions of this Agreement shall be considered a breach of this Agreement and subject the Contractor to penalties, to be determined by the County Manager, including but not limited to

i) termination of this Agreement; ii) disqualification of the Contractor from bidding on or being awarded a County contract for a

period of up to 3 years; iii) liquidated damages of $2,500 per violation; iv) imposition of other appropriate contractual and civil remedies and sanctions, as determined

by the County Manager.

41

To effectuate the provisions of this section, the County Manager shall have the authority to examine Contractor’s employment records with respect to compliance with this paragraph and/or to set off all or any portion of the amount described in this paragraph against amounts due to Contractor under the Contract or any other Contract between Contractor and County. Contractor shall report to the County Manager the filing by any person in any court of any complaint of discrimination or the filing by any person of any and all charges with the Equal Employment Opportunity Commission, the Fair Employment and Housing Commission or any other entity charged with the investigation of allegations within 30 days of such filing, provided that within such 30 days such entity has not notified Contractor that such charges are dismissed or otherwise unfounded. Such notification shall include the name of the complainant, a copy of such complaint, and a description of the circumstance. Contractor shall provide County with a copy of their response to the Complaint when filed.

E. Compliance with Equal Benefits Ordinance. With respect to the provision of

employee benefits, Contractor shall comply with the County Ordinance which prohibits contractors from discriminating in the provision of employee benefits between an employee with a domestic partner and an employee with a spouse.

F.. The Contractor shall comply fully with the non-discrimination requirements required by 41 CFR 60-741.5(a), which is incorporated herein as if fully set forth.

12. Compliance with Contractor Employee Jury Service Ordinance Contractor shall comply with the County Ordinance with respect to provision of jury duty pay to employees and have and adhere to a written policy that provides that its employees shall receive from the Contractor, on an annual basis, no less than five days of regular pay for actual jury service in San Mateo County. The policy may provide that employees deposit any fees received for such jury service with the Contractor or that the Contractor deduct from the employees’ regular pay the fees received for jury service. 13. Retention of Records, Right to Monitor and Audit (a) CONTRACTOR shall maintain all required records for three (3) years after the COUNTY makes final payment and all other pending matters are closed, and shall be subject to the examination and/or audit of the County, a Federal grantor agency, and the State of California. (b) Reporting and Record Keeping: CONTRACTOR shall comply with all program and fiscal reporting requirements set forth by appropriate Federal, State and local agencies, and as required by the COUNTY. (c) CONTRACTOR agrees to provide to COUNTY, to any Federal or State department having monitoring or review authority, to COUNTY's authorized representatives, and/or their appropriate audit agencies upon reasonable notice, access to and the right to examine all records and documents necessary to determine compliance with relevant Federal, State, and local statutes, rules and regulations, and this Agreement, and to evaluate the quality, appropriateness and timeliness of services performed. 14. Merger Clause This Agreement, including the Exhibits attached hereto and incorporated herein by reference, constitutes the sole Agreement of the parties hereto and correctly states the rights, duties, and obligations of each party as of this document's date. In the event that any term, condition, provision, requirement or specification set forth in this body of the agreement conflicts with or is inconsistent with any term, condition, provision, requirement or specification in any exhibit and/or attachment to this agreement, the provisions of this body of the agreement shall prevail. Any prior agreement, promises, negotiations, or representations between the parties not expressly stated in this document are not binding. All subsequent modifications shall be in writing and signed by the parties. 15. Controlling Law and Venue The validity of this Agreement and of its terms or provisions, as well as the rights and duties of the parties hereunder, the interpretation, and performance of this Agreement shall be governed by the laws of the State of California. Any dispute arising out of this Agreement shall be venued either in the San Mateo County Superior Court or in the United States District Court for the Northern District of California.

42

16. Notices Any notice, request, demand, or other communication required or permitted hereunder shall be

deemed to be properly given when both (1) transmitted via facsimile to the telephone number listed below and (2) either deposited in the United State mail, postage prepaid, or when deposited for overnight delivery with an established overnight courier that provides a tracking number showing confirmation of receipt, for transmittal, charges prepaid, addressed to:

In the case of County, to: In the case of Contractor, to:

In the event that the facsimile transmission is not possible, notice shall be given both by United States mail and an overnight courier as outlined above.

IN WITNESS WHEREOF, the parties hereto, by their duly authorized representatives, have affixed their hands.

COUNTY OF SAN MATEO

By: President, Board of Supervisors, San Mateo County Date:

ATTEST: By: Clerk of Said Board

D. [Contractor Name Here] Contractor’s Signature Date:

Long Form Agreement/Business Associate v 8/19/08

43

Exhibit “A” – SERVICES AGREEMENT BETWEEN COUNTY OF SAN MATEO

AND VENDOR NAME (BOLD CAPS) In consideration of the payments set forth in Exhibit “B”, Contractor shall provide the following services:

SCOPE OF WORK The methods and techniques used to provide services to the County are within the Contractor’s discretion, but subject to County Information Services Department’s technology policies, guidelines, and requirements. The amount of time, specific hours, and location of the performance of the Contractor’s Services is also left to the Contractor’s discretion provided that Contractor coordinates with County Departments as needed.

Exhibit “B” – PAYMENTS AND RATES AGREEMENT BETWEEN COUNTY OF SAN MATEO

AND VENDOR NAME (BOLD CAPS) In consideration of the services provided by Contractor in Exhibit “A”, County shall pay Contractor based on the following fee schedule:

1. SCHEDULE OF CHARGES Contractor will provide the County’s Information Services Department with original receipts for all reimbursable expenses. Contractor shall be reimbursed for mileage at $0.505 per mile, and Direct costs for lodging, meals, car rental, and airfare. Meals shall be at the County’s per diem Rate of $45 per day. Contractor will invoice on monthly basis. The County will submit payment within thirty (30) days of receipt of invoice. In no event shall the total payment for services under this Agreement exceed XXX ($). The County will have the right to withhold payment if the County determines that the quantity or quality of work performed is unacceptable. Contractor agrees that the requirements of this Agreement pertaining to the protection of Proprietary rights and confidentiality shall survive termination of this Agreement.

Attachment H

Health Insurance Portability and Accountability Act (HIPAA) Business Associate Requirements

Definitions

Terms used, but not otherwise defined, in this Schedule shall have the same meaning as those

terms are defined in 45 Code of Federal Regulations section 160.103 164.304 and 164.501. (All regulatory references in this Schedule are to Title 45 of the Code of Federal Regulations unless otherwise specified.)

a. Designated Record Set. “Designated Record Set” shall have the same meaning as the

term “designated record set” in Section 164.501. b. Electronic Protected Health Information. “Electronic Protected Health Information” (“EPHI”)

means individually identifiable health information that is transmitted or maintained in electronic media, limited to the information created, received, maintained or transmitted by Business Associate from or on behalf of Covered Entity.

c. Individual. “Individual” shall have the same meaning as the term “individual” in Section 160.103 and shall include a person who qualifies as a personal representative in accordance with Section 164.502(g).

d. Privacy Rule. “Privacy Rule” shall mean the Standards for Privacy of Individually Identifiable Health Information at 45 Code of Federal Regulations Part 160 and Part 164, Subparts A and E.

e. Protected Health Information. “Protected Health Information” shall have the same meaning as the term “protected health information” in Section 160.103 and is limited to the information created or received by Contractor from or on behalf of County.

f. Required By Law. “Required by law” shall have the same meaning as the term “required by law” in Section 164.103.

g. Secretary. “Secretary” shall mean the Secretary of the United States Department of Health and Human Services or his or her designee.

h. Security Incident. “Security Incident” shall mean the attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with systems operations in an information system, but does not include minor incidents that occur on a daily basis, such as scans, “pings”, or unsuccessful random attempts to penetrate computer networks or servers maintained by Business Associate

i. Security Rule. “Security Rule” shall mean the Standards for the Protection of Electronic Protected Health Information at 45 CFR Part 160 and Part 164, Subparts A and C.

Obligations and Activities of Contractor

a. Contractor agrees to not use or further disclose Protected Health Information other than as

permitted or required by the Agreement or as required by law. b. Contractor agrees to use appropriate safeguards to prevent the use or disclosure of the

Protected Health Information other than as provided for by this Agreement. c. Contractor agrees to mitigate, to the extent practicable, any harmful effect that is known to

Contractor of a use or disclosure of Protected Health Information by Contractor in violation of the requirements of this Agreement.

- 1 -

d. Contractor agrees to report to County any use or disclosure of the Protected Health Information not provided for by this Agreement.

e. Contractor agrees to ensure that any agent, including a subcontractor, to whom it provides Protected Health Information received from, or created or received by Contractor on behalf of County, agrees to the same restrictions and conditions that apply through this Agreement to Contractor with respect to such information.

f. If Contractor has protected health information in a designated record set, Contractor agrees to provide access, at the request of County, and in the time and manner designated by County, to Protected Health Information in a Designated Record Set, to County or, as directed by County, to an Individual in order to meet the requirements under Section 164.524.

g. If Contractor has protected health information in a designated record set, Contractor agrees to make any amendment(s) to Protected Health Information in a Designated Record Set that the County directs or agrees to make pursuant to Section 164.526 at the request of County or an Individual, and in the time and manner designed by County.

h. Contractor agrees to make internal practices, books, and records relating to the use and disclosure of Protected Health Information received from, or created or received by Contractor on behalf of, County available to the County or to the Secretary, in a time and manner designated by the County or the Secretary, for purposes of the Secretary determining County’s compliance with the Privacy Rule.

i. Contractor agrees to document such disclosures of Protected Health Information and information related to such disclosures as would be required for County to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with Section 164.528.

j. Contractor agrees to provide to County or an Individual in the time and manner designated by County, information collected in accordance with Section (i) of this Schedule, to permit County to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with Section 164.528.

k. Contractor shall implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of EPHI that Contractor creates, receives, maintains, or transmits on behalf of County.

l. Contractor shall conform to generally accepted system security principles and the requirements of the final HIPAA rule pertaining to the security of health information.

m. Contractor shall ensure that any agent to whom it provides EPHI, including a subcontractor, agrees to implement reasonable and appropriate safeguards to protect such EPHI.

n. Contractor shall report to County any Security Incident within 5 business days of becoming aware of such incident.

o. Contractor shall makes its policies, procedures, and documentation relating to the security and privacy of protected health information, including EPHI, available to the Secretary of the U.S. Department of Health and Human Services and, at County’s request, to the County for purposes of the Secretary determining County’s compliance with the HIPAA privacy and security regulations.

Permitted Uses and Disclosures by Contractor

Except as otherwise limited in this Schedule, Contractor may use or disclose Protected Health

Information to perform functions, activities, or services for, or on behalf of, County as specified in the Agreement; provided that such use or disclosure would not violate the Privacy Rule if done by County.

- 2 -

Obligations of County

a. County shall provide Contractor with the notice of privacy practices that County produces in accordance with Section 164.520, as well as any changes to such notice.

b. County shall provide Contractor with any changes in, or revocation of, permission by Individual to use or disclose Protected Health Information, if such changes affect Contractor’s permitted or required uses and disclosures.

c. County shall notify Contractor of any restriction to the use or disclosure of Protected Health Information that County has agreed to in accordance with Section 164.522.

- 3 -

- 4 -

Permissible Requests by County

County shall not request Contractor to use or disclose Protected Health Information in any

manner that would not be permissible under the Privacy Rule if done by County, unless the Contractor will use or disclose Protected Health Information for, and if the Agreement provides for, data aggregation or management and administrative activities of Contractor.

Duties Upon Termination of Agreement

a. Upon termination of the Agreement, for any reason, Contractor shall return or destroy all

Protected Health Information received from County, or created or received by Contractor on behalf of County. This provision shall apply to Protected Health Information that is in the possession of subcontractors or agents of Contractor. Contractor shall retain no copies of the Protected Health Information.

b. In the event that Contractor determines that returning or destroying Protected Health Information is infeasible, Contractor shall provide to County notification of the conditions that make return or destruction infeasible. Upon mutual agreement of the Parties that return or destruction of Protected Health Information is infeasible, Contractor shall extend the protections of the Agreement to such Protected Health Information and limit further uses and disclosures of such Protected Health Information to those purposes that make the return or destruction infeasible, for so long as Contractor maintains such Protection Health Information.

Miscellaneous

a. Regulatory References. A reference in this Schedule to a section in the Privacy Rule

means the section as in effect or as amended, and for which compliance is required. b. Amendment. The Parties agree to take such action as is necessary to amend this

Schedule from time to time as is necessary for County to comply with the requirements of the Privacy Rule and the Health Insurance Portability and Accountability Act, Public Law 104-191.

c. Survival. The respective rights and obligations of Contractor under this Schedule shall survive the termination of the Agreement.

d. Interpretation. Any ambiguity in this Schedule shall be resolved in favor of a meaning that permits County to comply with the Privacy Rule.

e. Reservation of Right to Monitor Activities. County reserves the right to monitor the security policies and procedures of Contractor

(rev. 8/08)

Assurance of Compliance with Section 504 of the Rehabilitation Act of 1973, as Amended The undersigned (hereinafter called the "Contractor(s)") hereby agrees that it will comply with Section 504 of the Rehabilitation Act of 1973, as amended, all requirements imposed by the applicable DHHS regulation, and all guidelines and interpretations issued pursuant thereto.

The Contractor(s) gives/give this assurance in consideration of for the purpose of obtaining contracts after the date of this assurance. The Contractor(s) recognizes/recognize and agrees/agree that contracts will be extended in reliance on the representations and agreements made in this assurance. This assurance is binding on the Contractor(s), its successors, transferees, and assignees, and the person or persons whose signatures appear below are authorized to sign this assurance on behalf of the Contractor(s). The Contractor(s): (Check a or b)

a. Employs fewer than 15 persons.

5

b. Employs 15 or more persons and, pursuant to section 84.7 (a) of the regulation (45 C.F.R. 84.7 (a), has designated the following

person(s) to coordinate its efforts to comply with the DHHS regulation.

_____________________________________________________ Name of 504 Person - Type or Print _____________________________________________________ Name of Contractor(s) - Type or Print _____________________________________________________ Street Address or P.O. Box _____________________________________________________ City, State, Zip Code

I certify that the above information is complete and correct to the best of my knowledge.

_____________________________________________________ Signature _____________________________________________________ Title of Authorized Official _____________________________________________________ Date

*Exception: DHHS regulations state that:

"If a recipient with fewer than 15 employees finds that, after consultation with a disabled person seeking its services, there is no method of complying with (the facility accessibility regulations) other than making a significant alteration in its existing facilities, the recipient may, as an alternative, refer the handicapped person to other providers of those services that are accessible."

Attachment IP – Intellectual Property Rights

1. The County of San Mateo (“County”), shall and does own all titles, rights and interests in all

Work Products created by Contractor and its subcontractors (collectively “Vendors”) for the County under this Agreement. Contractor may not sell, transfer, or permit the use of any Work Products without the express written consent of the County.

2. “Work Products” are defined as all materials, tangible or not, created in whatever medium

pursuant to this Agreement, including without limitation publications, promotional or educational materials, reports, manuals, specifications, drawings and sketches, computer programs, software and databases, schematics, marks, logos, graphic designs, notes, matters and combinations thereof, and all forms of intellectual property.

3. Contractor shall not dispute or contest, directly or indirectly, the County’s exclusive right and

title to the Work Products nor the validity of the intellectual property embodied therein. Contractor hereby assigns, and if later required by the County, shall assign to the County all titles, rights and interests in all Work Products. Contractor shall cooperate and cause subcontractors to cooperate in perfecting County’s titles, rights or interests in any Work Product, including prompt execution of documents as presented by the County.

4. To the extent any of the Work Products may be protected by U.S. Copyright laws, Parties

agree that the County commissions Vendors to create the copyrightable Work Products, which are intended to be work-made-for-hire for the sole benefit of the County and the copyright of which is vested in the County.

5. In the event that the title, rights, and/or interests in any Work Products are deemed not to be

“work-made-for-hire” or not owned by the County, Contractor hereby assigns and shall require all persons performing work pursuant to this Agreement, including its subcontractors, to assign to the County all titles, rights, interests, and/or copyrights in such Work Product. Should such assignment and/or transfer become necessary or if at any time the County requests cooperation of Contractor to perfect the County’s titles, rights or interests in any Work Product, Contractor agrees to promptly execute and to obtain execution of any documents (including assignments) required to perfect the titles, rights, and interests of the County in the Work Products with no additional charges to the County beyond that identified in this Agreement or subsequent change orders. The County, however, shall pay all filing fees required for the assignment, transfer, recording, and/or application.

6. Contractor agrees that before commencement of any subcontract work it will incorporate this

Schedule I to contractually bind or otherwise oblige its subcontractors and personnel performing work under this Agreement such that the County’s titles, rights, and interests in Work Products are preserved and protected as intended herein.

- 1 -

2

Contractor’s Declaration Form

I. CONTRACTOR INFORMATION

Contractor Name:

Phone:

Contact Person: Fax: Address:

II. EQUAL BENEFITS (check one or more boxes) Contractors with contracts in excess of $5,000 must treat spouses and domestic partners equally as to employee benefits.

Contractor complies with the County’s Equal Benefits Ordinance by: offering equal benefits to employees with spouses and employees with domestic

offering a cash equivalent payment to eligible employees in lieu of equal benefits. Contractor does not comply with the County’s Equal Benefits Ordinance. Contractor is exempt from this requirement because:

Contractor has no employees, does not provide benefits to employees’ spouses, or the contract is for $5,000 or less.

Contractor is a party to a collective bargaining agreement that began on (date) and expires on (date), and intends to offer equal benefits when said agreement expires.

III. NON-DISCRIMINATION (check appropriate box)

Finding(s) of discrimination have been issued against Contractor within the past year by the Equal Employment Opportunity Commission, Fair Employment and Housing Commission, or other investigative entity. Please see attached sheet of paper explaining the outcome(s) or remedy for the discrimination.

No finding of discrimination has been issued in the past year against the Contractor by the Equal Employment Opportunity Commission, Fair Employment and Housing Commission, or any other entity.

IV. EMPLOYEE JURY SERVICE (check one or more boxes)

Contractors with original or amended contracts in excess of $100,000 must have and adhere to a written policy that provides its employees living in San Mateo County up to five days regular pay for actual jury service in the County.

Contractor complies with the County’s Employee Jury Service Ordinance.

Contractor does not comply with the County’s Employee Jury Service Ordinance.

Contractor is exempt from this requirement because: the contract is for $100,000 or less.

Contractor is a party to a collective bargaining agreement that began on (date) and expires on (date), and intends to comply when the collective bargaining agreement expires.

I declare under penalty of perjury under the laws of the State of California that the foregoing is true and correct, and that I am authorized to bind this entity contractually.

3

Request for Proposal: Enterprise Clinical Information System Nov. 2010 4

________________________________________ ______________________________________ Signature Name ________________________________________ ______________________________________ Date Title


APPENDIX A1

TECHNICAL REQUIREMENTS RESPONSE FORM FOR A CLIENT SERVER SOLUTION

If proposing a client server solution, please complete and submit Appendix A1 with your proposal.

A. TECHNICAL REQUIREMENTS

1. Description of System

a. Provide a description of the proposed product, database, software and services, including how the proposed system will meet or exceed the requirements stated in the entire RFP. Include sufficient technical information about the application, operating environment and performance data to enable the County to determine whether or not the proposed system meets the technical environment prerequisites.

b. Identify/list all software required for the solution that is not supplied directly by the

Proposer (any/all third party software).

c. Provide an overview and/or benchmarks relating to the system’s ability to process information in real time. Include the number of concurrent users as well as named users the proposed system will accommodate and state the maximum number of recommended users.

d. Identify any requirement to purchase interfaces from other vendors to work with the

proposed solution.

e. Define the scalability of the proposed system.

i. Can the system be purchased in modules and expanded? ii. How scalable is the proposed software regarding the number of users? iii. Does the system scale in parallel, i.e. can additional application servers be

configured in a load-balanced cluster? iv. Can the database, application and data analysis components be configured to

reside on separate independent servers, so that one impacted subsystem does not affect the overall solution?

f. Identify how many users are can access the proposed system. (Concurrent users).

g. Identify if the proposed software is COM (Component Object Model) compliant.

h. Identify if the proposed software is ODBC, OLE-DB or OLAP compliant. Identify any

drivers provided.

i. Describe licenses required for the software (concurrent / per seat and the number associated).

j. Describe how the system protects database records while it is being accessed by one

user, so that multiple users will not attempt to change the record at the same time.


k. Identify if the solution’s database is ACID (Atomicity, Consistency, Isolation and Durability) compliant, and how it provides transaction rollback capability in the event of a failed transaction.

l. Define the requirements for a test system. Include all related components (hardware,

software, etc.) Include test system costs.

m. Describe the maximum number of database records that can be stored.

n. Define which third party reporting tools the system is compatible with the proposed system.

o. Describe the ability to test interfaces to the HIS system.

p. Provide the data dictionary and schema with the system.

q. Describe the minimum monitor and screen resolution limit.

r. Describe the process for change management or customer notification.

s. Describe the current version number and release date, including how often target dates

are met.

t. Provide continuous application and system support 24 hours a day, 365 days per year.

u. Provide the company escalation and response plan, and describe how issues are triaged and escalated.

v. Provide the average response time of the proposed system, including the average

page/screen flip time.

w. Describe the level of customization available without a programmer or vendor support.

x. Provide the location of the closest service representative.

y. Define the system uptime. Include planned downtime windows.

2. Equipment and Software

a. Provide detailed server hardware specifications, including but not limited to: i. operating system, ii. processors type and speed, iii. redundancy iv. system configuration v. hard drive size

b. Include a list of all hardware and software components SMMC must purchase.

c. Describe the proposed system architecture. d. Describe the proposed systems transaction processing capabilities. e. Describe how the client software components are able to coexist with other software and

applications on end-user workstations.


f. Describe the reporting software compatible with the proposed system. (Crystal Reports, Excel, Access, etc.)

g. Describe hardware support and escalation process. h. Describe any maintenance and support the client is expected to do.

3. Backup/Recovery

a. Describe the backup capabilities for the proposed system.

b. Describe the process for automatic reprogramming and/or recovery after a failure due to hardware, software or absence of power.

c. Describe the capabilities for periodically exporting data stored in the database, and if it

can be exported to MS Excel, MS Access or other software.

4. Network/Hardware

a. Proposer must meet the SMMC ISD technical requirements listed in section B 4, “Technical Environment.”

b. Provide a system/network design diagram, which provides a visual summary of the

system’s servers, network and ancillary components and their relationships. c. Describe any proprietary equipment utilized. d. Describe any special networking requirements, i.e. dedicated/segregated network

segments, VLANs, etc. e. Describe the response time expected with the proposed system.

5. Data Management

a. Describe the data management approach. b. Explain if the data is stored in separate databases. c. Provide a copy of the Service Level Agreement. d. Explain how the information can be retrieved from the archive. Explain how the data is

stored within the database, including if it can be stored in a separate database.

6. Storage

a. Explain how data is archived (e.g., on demand, automatically, via optical disk, etc.)

b. Describe how the system will store the data on non-proprietary media and in an industry-

standard format. Proposer should also specify the type of media used for long-term storage and the format in which it is stored.


c. Describe the archival scheme for the system, including the recommended length of time data is retained on the production system and the availability of data for reporting after archiving.

d. Describe the maximum size of the database and the largest currently operating production

and archive directories.

e. Describe the long-term storage options available for the system. f. Describe how the system will print information on demand. Proposer must specify any

special hardware or required printers necessary for printing.

g. Explain how long Batches remain in the system.

7. Integration

a. Describe if the system supports a web-based front end or if a client install is required. b. Define the system’s capability to support multiple browser types (i.e. Internet Explorer,

Mozilla Firefox, and Opera) on different platforms, and the minimum version of each browser supported if the system supports web-based access.

c. Specify all browser plug-ins necessary to utilize web-based features. d. Specify the web service standards used and the functionality exposed through the web

services, if the system supports the use of web service protocols such as SOAP. e. Describe if the system can integrate with the existing registration information system via

outbound HL7 interface.

8. Critical Updates, Patches and Antivirus

a. Describe the process for approving and installing operating system Critical Updates. Attach the Proposer policy regarding Microsoft Critical Updates.

b. Describe or attach the company Service Pack policy for the proposed solution. c. Describe any issues that may occur when running Antivirus software in real-time on the

workstations. d. Describe or attach the company policy regarding the use of anti-virus software with the

proposed system.

e. Describe the disclosure policies related to security vulnerabilities found in the system, including procedures in place to notify customers of potential flaws, and the average time between a flaw being discovered and corrective action taken.

9. Application Security Features

a. Describe the system’s compliance with LDAP (Lightweight Directory Access Protocol),

and how the system can be configured to authenticate users against it.


b. Describe how the proposed solution can be configured to authenticate users against an

Active Directory 2003 tree, if possible. c. Describe how the solution audits user access and privilege use and the information that is

logged. d. Describe how the solution allows SMMC to configure minimum password difficulty

requirements, and password lockout policies. e. Describe how the solution allows system administrators to set a password expiration

policy, thereby requiring end-users to change their passwords at a specified interval. f. Describe how the solution encrypts sensitive information transmitted across the network

and internet, and specify the algorithms used. g. Specify whether the system establishes user identity via:

i. A user ID and password; or ii. Two-factor authentication, such as a smart-card and a PIN. If two-factor authentication

is available or used, Proposer must describe the hardware requirements, the authentication process, and any supplies needed for ongoing implementation.

h. Describe how access privileges are configured in the system, and whether or not

privileges can be based on group designations. i. Describe how different levels of security and privileges are established. j. Specify if a “user inactivity timeout” feature is available that forces a user to re-

authenticate if idle for a preconfigured amount of time. k. Describe how the system utilizes electronic signatures and electronic confirmation.

10. Security

Explain how the security and confidentiality of the system data collected and entered into the system will be maintained.

11. Escrow

a. Explain your company’s ability to make available a software escrow account and include the source code and all products released during the maintenance term, including third party software. List the products that your company will hold in an escrow account and a list of those products that cannot be held and explain why.

b. Explain in detail the process to retrieve the software source code. c. Provide written evidence of ability to provide and maintain a Software Escrow account in

the form of a letter from an escrow agent or other acceptable third party.


APPENDIX A2 TECHNICAL REQUIREMENTS RESPONSE FORM

FOR A SAAS SOLUTION If proposing a SaaS solution, please complete and submit Appendix A2 with your proposal.

A. TECHNICAL REQUIREMENTS

1. Description of System

a. Provide a description of the proposed product, database, software and services, including how the proposed system will meet or exceed the requirements stated in the entire RFP. Include sufficient technical information about the application, operating environment and performance data to enable SMMC to determine whether or not the proposed system meets the technical environment prerequisites.

b. Identify/list all software required for the solution that is not supplied directly by the

Proposer (any/all third party software). c. Provide an overview and/or benchmarks relating to the system’s ability to process

information in real time. Include the number of concurrent users as well as named users the proposed system will accommodate and state the maximum number of recommended users.

d. Identify any requirement to purchase interfaces from other vendors to work with the

proposed solution. e. Define the scalability of the proposed system.

i. Can the system be purchased in modules and expanded? ii. How scalable is the proposed software regarding the number of users? iii. Does the system scale in parallel, i.e. can additional application servers be

configured in a load-balanced cluster? iv. Can the database, application and data analysis components be configured to

reside on separate independent servers, so that one impacted subsystem does not affect the overall solution?

f. Identify how many users are can access the proposed system. (Concurrent users). g. Identify if the proposed software is COM (Component Object Model) compliant. h. Identify if the proposed software is ODBC, OLE-DB or OLAP compliant. Identify any

drivers provided. i. Describe licenses required for the software (concurrent / per seat and the number

associated). j. Describe how the system protects database records being accessed by multiple users, so

that users cannot attempt to change a record at the same time. k. Identify if the solution’s database is ACID (Atomicity, Consistency, Isolation and Durability)

compliant, and how it provides transaction rollback capability in the event of a failed transaction.


l. Define the requirements for a test system. Include all related components (hardware, software, etc.) Include test system costs.

m. Describe the maximum number of database records that can be stored. n. Define which third party reporting tools the proposed system is compatible with the

proposed system. o. Describe the ability to test interfaces with the Hospital Information System (HIS). p. Provide the data dictionary and schema with the system. q. Describe the minimum monitor and screen resolution limit. r. Describe the process for change management or customer notification. s. Describe the current generally available (GA) version number and release date, including

how often new GA releases are made available. t. Provide continuous application and system support 24 hours a day, 365 days per year.

Describe the process for requesting support during standard business hours and after hours.

u. Provide the company escalation and response plan, and describe how issues are triaged

and escalated. v. Provide the average response time of the proposed system, including the page/screen flip

time. w. Describe the level of customization available without a programmer or vendor support. x. Provide the location of the closest service representative. y. Define the system uptime. Include planned downtime windows.

2. Equipment and Software

a. Provide detailed workstation hardware specifications, including but not limited to, operating system, RAM, size of the hard drive, type of monitors, barcode devices, scanning devices, barcode printing devices, etc.

b. Provide detailed hardware specifications for any customer-hosted components being

proposed. c. Describe how the client software components are able to coexist with other software and

applications on end-user workstations.

d. Describe the proposed system architecture.

e. Describe hardware support and escalation process for any customer-hosted component.

f. Describe any customer required maintenance/support tasks, and any relevant maintenance schedules.


g. Describe the reporting software compatible with the proposed system. (Crystal Reports, Excel, Access, etc.)

3. Backup/Recovery

a. Describe the backup capabilities for the proposed system, including:

i. Process for how backups are performed ii. Process for Tenant-initiated backups iii. Service availability guarantee

b. Describe in detail your company’s Disaster Recovery plan, including requirements for

zero-downtime. c. Describe the notification provided if an application failure occurs. d. Describe the process for automatic reprogramming and/or recovery after a failure due to

hardware, software or absence of power. e. Describe the capabilities for periodically exporting data stored in the database, and if it

can be exported to MS Excel, MS Access or other software. Specify supported export formats (i.e. Excel, CVS, etc.)

4. Network/Hardware

a. Proposer must meet the SMMC ISD technical requirements listed in section B 4,

“Technical Environment.” b. Provide a system/network design diagram, which provides a visual summary of the

system’s servers, network and ancillary components and their relationships.

c. Describe any proprietary equipment utilized.

d. Describe any special networking requirements, i.e. dedicated/segregated network segments. VLANs, etc.

e. Describe the average response time expected with the proposed system.

5. Storage

a. Explain how data is archived (e.g., on demand, automatically, via optical disk, etc.) b. Describe how the system will store the data on non-proprietary media and in an industry-

standard format. Proposer should also specify the type of media used for long-term storage and the format in which it is stored.

c. Describe the archival scheme for the system, including the recommended length of time

data is retained on the production system and the availability of data for reporting after archival.

d. Describe the maximum size of the database and the largest currently operating production

and archive systems.


e. Describe the long-term storage options available for the system.

f. Describe how the system will print information on demand. Proposer must specify any

special hardware or required printers necessary for printing.

g. Explain how the data is stored within the database, including if it can be stored in a

separate database for disparate customers and/or locations. Explain how data from multiple tenants/customers is segregated and arranged.

h. Explain how the information can be retrieved from the archive.

i. Explain how long batches remain in the system. 6. Data Management

a. Describe the data management approach. b. Explain if the data is stored in separate databases.

c. Discuss how databases are kept confidential and how data co-mingling/sharing is

prevented.

d. Provide a copy of the Service Level Agreement.

7. Integration

a. Define the system’s capability to support multiple browser types (i.e. Internet Explorer, Mozilla Firefox, and Opera) on different platforms, and the minimum version of each browser supported if the system supports web-based access.

b. Specify all browser plug-ins necessary to utilize web-based features.

c. Specify the web service standards used and the functionality exposed through the web

services, if the system supports the use of web service protocols such as SOAP.

d. Describe if the system can integrate with the existing Registration information system via outbound HL7 interface.

e. Complete and submit the SaaS Security Assessment Checklist.

8. Critical Updates, Patches and Antivirus

a. Describe the process for approving and installing operating system Critical Updates. Attach the Proposer policy regarding Microsoft Critical Updates.

b. Describe or attach the company Service Pack policy for the proposed solution. c. Describe the Antivirus software used to protect data in real-time on the vendor’s servers.


d. Describe any issues that may occur when running Antivirus software in real-time on the

workstations. e. Describe or attach the company policy regarding the use of anti-virus software with the

proposed system. f. Describe the disclosure policies related to security vulnerabilities found in the system,

including procedures in place to notify customers of potential flaws, and the average time between a flaw being discovered and corrective action taken.

9. Application Security Features

a. Describe the system’s compliance with LDAP (Lightweight Directory Access Protocol),

and how the system can be configured to authenticate users against it. b. Describe how the proposed solution can be configured to authenticate users against an

Active Directory 2003 tree, if possible. c. Describe how the solution audits user access and privilege use and the information that is

logged. d. Describe how the solution allows SMMC to configure minimum password difficulty

requirements, and password lockout policies. e. Describe how the solution allows system administrators to set a password expiration

policy, thereby requiring end-users to change their passwords at a specified interval. f. Describe how the solution encrypts sensitive information transmitted across the network

and internet, and specify the algorithms used. g. Specify whether the system establishes user identity via:

i. A user ID and password; or ii. Two-factor authentication, such as a smart-card and a PIN. If two-factor

authentication is available or used, Proposer must describe the hardware requirements, the authentication process, and any supplies needed for ongoing implementation.

h. Describe how access privileges are configured in the system, and whether or not

privileges can be based on group designations. i. Describe how different levels of security and privileges are established. j. Specify if a “user inactivity timeout” feature is available that forces a user to re-

authenticate if idle for a preconfigured amount of time. k. Describe how the system utilizes electronic signatures and electronic confirmation.

10. Security

a. Describe network security features used to protect customer data/information (i.e.

firewalls, network segmentation, etc.)


b. Explain the type of physical security used to protect customer information in vendor data centers and co-location facilities.

c. Explain the type of electronic security used (i.e. biometrics, authentication and

surveillance) at vendor and co-location facilities. d. Explain how the security and confidentiality of the system data collected and entered into

the system will be maintained. 11. Escrow

a. Explain your company’s ability to make available a software escrow account and include the source code and all products released during the maintenance term, including third party software. List the products that your company will hold in an escrow account and a list of those products that cannot be held and explain why.

b. Explain in detail the process to retrieve the software source code. c. Provide written evidence of ability to provide and maintain a Software Escrow account in

the form of a letter from an escrow agent or other acceptable third party.

d. Explain in detail the build environment needed to support and/or compile the source code in the Software Escrow Account.


APPENDIX B FUNCTIONALITY AND INTEGRATION RESPONSE FORM

The functionality and integration requirements of the RFP are listed in this section. Proposer, if proposing more than one type of solution, please submit a Functionality and Integration form for each solution. Proposed solution (check one): Client Server: _______ SaaS: ______ Proposer Name: ______________________________________________ A. FUNCTIONALITY REQUIREMENTS In addition to this section of functionality, see the attached Excel spreadsheet and respond to available functionality questions in the tabs. Response Code: Proposer should place the appropriate letter designation in the “Availability” column according to the following codes and their description:

A. Specification is one that currently exists in the proposed software, in the current production version and included in SMMC’s price. All costs must be reported on the cost response form.

B. Specification is not in the proposed software but is a planned enhancement or will be added

at no additional cost.

C. Specification is not part of the proposed software but will be added at additional cost included in SMMC’s price. All such additional costs must be reported on an attachment to the cost response form.

D. Specification is not available in the proposed software.

References: Please provide any additional information requested or any additional information useful to the proposal in the comments column. If referencing attachments or other included information, write the location (Section/Page Number) of the discussion of the specification in the Proposer’s proposal. Technical materials may be submitted as part of the proposal, and should be clearly labeled as such. If your availability response is “B” or “C”, please provide the estimated delivery date in the appropriate column below.

Item #

Description

Ava

ilab

ility

Est. Delivery

Date

Comments

General

1. Obtain a high level of integration between component modules to minimize redundant data

2. Facilitate user access to patient and supportive information, and maximize patient safety


Appendix B Page 2 of 6

3. Input data that is easy, fast and intuitive, and places an emphasis on user friendliness

4. Complies with all relevant HIPAA regulations

5. Supports local, regional, and national vocabularies, updates and enhancements

6. Includes an integrated standard nomenclature of clinical terms

7. Can utilize ICD-9, ICD-10 and CPT4 coding

8. Ability to collect demographic information

9. Ability to collect referring facility

10. Ability to collect referring provider

11. Ability to collect additional information related to the requested transfer

12. Ability to provide electronic communication channels between referring physician and SMMC

13. Ability to share information real-time with transport, emergency department and admitting office

14.

Ability to provide work flow questions for each specialty or department being requested (i.e. a list of questions for a neurology transfer and a separate list for a surgery transfer)

15. Automated reminders of open calls needing attention

16. Customizable drop down menus

Patient history

17. Capture, store, display and report on patient history



18.

Capture, store, and report on history collected from outside sources

Report Generation

19. Formatting reports is flexible to allow for different formats as needed (e.g. graphs, summaries, details, etc.)

20. Generate reports regarding single or multiple patients

21. Report on statistics on number of transfer requests by department and acceptance

22.

Ability to meet all reporting requirements ensuring compliance with regulatory mandates such as Title 9, Title 22, CMS, EMTALA

23. Generate hardcopy or electronic output

Interoperability

24. Ability to receive and transmit (interface) to other information systems using standards such as HL7

25.

Ability to utilize different devices to enter and retrieve data, such as, but not limited to:

Laptops including wireless

26.

Handheld notebook computers and tablets running Microsoft Windows, Pocket PC, Windows Mobile, Linux Mobile operating systems

27. iPods/iPads/iPhone

28.

Other SmartPhones that include email and/or data storage such as BlackBerry, Android-based, etc

29.

Receive and store various clinical data from multiple sources, such as: Ambulatory EMR (eCW) Siemens Invision



30. Receive and store patient demographics (ADT)

31. Ability to save and retrieve scanned documents

Data Quality

32.

System provides the ability to ensure clean data by providing the following: Resolution of data type conflicts

33. Resolution of naming and key

conflicts

34. Removal, correction or flagging of

bad data

35. Maintenance logs

36. Ability for the system to clean, purge and archive data

Security

37. Authorize administrators to assign restrictions or privileges to users/groups

38. Support user name and passwords for individual users.

39. Support use of strong passwords

40. Enforce a limit of consecutive invalid attempts by a user.

41. Identify all users who have accessed data over a given time period, including data and time of access (audit trails)

42. Ability to identify specific information as confidential.

43. Ability to provide confidential access accessible by users with specific confidential privileges/rights.

44. Retain data until purged, deleted, archived or deliberately removed

45. Provide a method for archiving and retrieving health record information



46. Provide assurance that security policies are being followed or enforced.

47.

Define and identify security relevant events and the data to be collected and communicated as determined by policy and/or regulation

48.

Ability to allow authorized entities read-only access to data according to agreed upon uses and only as part of an identified audit, subject to appropriate authentication, authorization and access control functionality

49. Ability to access the system securely via the web (intranet / internet)

50. Ability to audit system

B. INTEGRATION REQUIREMENTS

PROPOSER NAME: ____________________________________________

ID

QUESTION

ANSWER / EXPLANATION

1.

List the type of interfaces offered and classify them based on the choices below: a. Push model (vendor receives unsolicited messages,

e.g. ADT) b. Pull model (vendor sends unsolicited messages, e.g.

Charges) c. Query/Response model (query is sent from vendor and

response is sent back)



PROPOSER NAME: ____________________________________________

2. Is the HL7 (Version 2.x) standard supported? If so, which version?

3. If the HL7 (Version 2.x) standard is supported what events are accepted?

4. See Exhibit 1 and identify what interfaces are standard support.

5. What Interface Engine is used and/or supported?

6.

What is the format or standard type of data transmitted on each connection type?

Interface Provided (ADT, Charge, etc.)

Format (HL7, Fixed, ASCII, etc.)

Version / Variant

Connectivity Type (TCP/IP, SNA, etc.)

Freq (Real Time, Batch)

# of connections

Comments:


APPENDIX C1 IMPLEMENTATION, PROJECT MANAGEMENT, TRAINING, AND ONGOING SUPPORT

FOR A CLIENT SERVER SOLUTION

If proposing a client server solution, please submit Appendix C1 in your proposal. 1. Project Implementation Plan and Project Management Team

a. Include the implementation plan the Proposer intends to employ for the project and an

explanation of how it will support the project requirements and logically lead to the required deliverables. The description shall include the organization of the project team, including accountability and lines of authority.

b. Describe services to be provided to ensure success of the project e.g. publicize the system to employees, organizing support infrastructure and processes, consulting on content set up and management etc.

c. Describe how the relationship between SMMC and Proposer will be managed from an account

and technical support perspective. d. Describe what is required of SMMC to ensure the successful implementation of the system. e. Include the steps that will be undertaken to identify and resolve any issues or problems before,

during and after the implementation. f. Include a list of proposed project staff and key personnel. g. Provide resumes, experience narratives and at least one reference for key personnel who will be

assigned to the project, if awarded the contract. h. Explain the relationship of the project management team with the Proposer, including job title and

years of employment with the Proposer; role to be played in connection with the proposal; relevant certifications and experience.

2. Statement of Work (SOW) - Training Plan

a. Include a description for training of both real time and batch responses for three different

audiences:

i. Power users/administrators, general users, content creators and instructors. ii. Technical administrators of the proposed system. iii. Technical operations staff and support staff for the proposed system.

b. Describe the type and quantity of training that will be provided for each audience. The description

must include:

i. The methods by which training will be provided e.g. online, on-site, webcast, self paced online courses etc;

ii. A recommended training curriculum; iii. Explain how the Proposer will work with SMMC to determine training needs and tailor the

curriculum;


iv. Explain the type of training that will be provided at what stage/phase of the project as well as follow-up training after implementation;

v. Explain the ability to provide training at a County location.

c. Describe the training facility requirements for physical layout, communication needs (internet connectivity, etc), projectors, # of computers, etc. that are needed to fulfill the proposed training plan. Identify which elements of the training facility will be supplied by the Proposer.

3. SOW - Project Work Plan

Include a detailed work plan for the implementation and operation of the proposed system. a. Task Level -The plan shall include all activities necessary for a successful project down to the

task level. No task can exceed more than eighty hours in the work plan. b. Identify All Resources - The plan shall clearly identify all Proposer (including subcontractors)

and using agency resources required to successfully complete the project. Provide job descriptions and the number of personnel to be assigned to tasks supporting implementation of the project. Identify County resources needed for each task.

c. Deliverables – describe the deliverables of each task. d. Time lines – describe the timeline of each task. e. Acceptance criteria – describe the criteria used to determine completion of each task. f. Plan Progress Charts - The plan shall include appropriate progress/Gantt charts that reflect the

proposed schedule and all major milestones. A sample project plan shall be submitted using Microsoft Project.

4. System Documentation a. Describe the documentation provided to facilitate system implementation. b. Describe the System Administrator documentation provided.

c. Attach a listing summarizing available stock (“canned”) reports provided by the solution and a

sample of each. d. Describe how system documentation is provided (online, hard copy etc) for the initial

implementation as well as future updates and releases.

5. Acceptance Test Plan

Include an acceptance test plan. The plan shall individually address each system component that comprises of the proposed system, approach for load testing, and number of people to be involved in testing. The plan should document the acceptance testing approach, resources and/or tools that may be used to validate the functions and features of the proposed system. Include an example test plan that is representative of the structure, content, and level of detail planned for this project.


6. Risk Management

Submit a risk assessment using the methodology published by the Project Management Institute or other comparable methodology. Include risk mitigation strategies as well as the resources the using agency may utilize to reduce risk.

7. On-Going Service and Support

a. Describe the post implementation follow-up activities that will be provided by the Proposer, specifically addressing the following tasks:

i. Post-live system debugging to bring application into full conformance with documentation,

proposal and modification specifications ii. Six-month and 12-month post live operational (non-technical) audits to review SMMC

utilization of the software and to provide recommendations for optimizing benefits. iii. Describe how application and support documentation is updated and distributed.

b. Provide the normal hours and describe the channels (phone, email, web, etc.) for support.

Describe how after hours support is provided. Describe the support and escalation process, including response times.

c. Indicate the current version of the package. Indicate when the next major version of the package

will be available. For major software upgrades, describe how often upgrades are released, how upgrades are defined, developed, tested and released, how customers are notified and educated about the upgrade. Describe the decision process on how new features and functions get included in the product.

d. Explain if the cost of upgrades is included in the annual hosting fee. e. Explain if software upgrades, or other maintenance window, will impose a service disruption on

the system. If yes, discuss frequency and duration of the service disruptions. f. Explain if there is a user group. If yes, explain how often they meet and where the meetings are

held. Include if the user group is a separate independent organization or funded and organized by the Proposer.

8. Value Added Services (Optional)

Proposers are encouraged but not required to propose any optional value added services they believe would help the using agency to effectively implement, operate or use the proposed system. Information provided in this section must not exceed two (2) pages in length.


APPENDIX C2 IMPLEMENTATION, PROJECT MANAGEMENT, TRAINING, AND ONGOING SUPPORT

FOR A SAAS SOLUTION

If proposing a SaaS solution, please submit Appendix C2 and Exhibit G in your proposal.

1. Project Implementation Plan and Project Management Team a. Include the implementation plan the Proposer intends to employ for the project and an

explanation of how it will support the project requirements and logically lead to the required deliverables. The description shall include the organization of the project team, including accountability and lines of authority.

b. Describe services to be provided to ensure success of the project e.g. publicize the system to employees, organizing support infrastructure and processes, consulting on content set up and management etc.

c. Describe how the relationship between SMMC and Proposer will be managed from an account

and technical support perspective. d. Describe what is required of SMMC to ensure the successful implementation of the system. e. Include the steps that will be undertaken to identify and resolve any issues or problems before,

during and after the implementation. f. Include a list of proposed project staff and key personnel. g. Provide resumes, experience narratives and at least one reference for key personnel who will be

assigned to the project, if awarded the contract. h. Explain the relationship of the project management team with the Proposer, including job title and

years of employment with the Proposer; role to be played in connection with the proposal; relevant certifications and experience.

2. Statement of Work (SOW) - Training Plan

a. Include a description for training of both real time and batch responses for three different

audiences:

i. Power users/administrators, general users, content creators and instructors. ii. Technical administrators of the proposed system. iii. Technical operations staff and support staff for the proposed system.

b. Describe the type and quantity of training that will be provided for each audience. The description

must include:

i. The methods by which training will be provided e.g. online, on-site, webcast, self paced online courses etc;

ii. A recommended training curriculum; iii. Explain how the Proposer will work with SMMC to determine training needs and tailor the

curriculum; iv. Explain the type of training that will be provided at what stage/phase of the project as well as

follow-up training after implementation;


v. Explain the ability to provide training at a County location. c. Describe the training facility requirements for physical layout, communication needs (internet

connectivity, etc), projectors, # of computers, etc that are needed to fulfill the proposed training plan. Identify which elements of the training facility will be supplied by the Proposer.

3. SOW - Project Work Plan

Include a detailed work plan for the implementation and operation of the proposed system. a. Task Level -The plan shall include all activities necessary for a successful project down to the

task level. No task can exceed more than eighty hours in the work plan. b. Identify All Resources - The plan shall clearly identify all Proposer (including subcontractors)

and using agency resources required to successfully complete the project. Provide job descriptions and the number of personnel to be assigned to tasks supporting implementation of the project. Identify County resources needed for each task.

c. Deliverables – describe the deliverables of each task. d. Time lines – describe the timeline of each task. e. Acceptance criteria – describe the criteria used to determine completion of each task. f. Plan Progress Charts - The plan shall include appropriate progress/Gantt charts that reflect the

proposed schedule and all major milestones. A sample project plan shall be submitted using Microsoft Project.

4. System Documentation a. Describe the documentation provided to facilitate system implementation. b. Describe the System Administrator documentation provided.

c. Attach a listing summarizing available stock (“canned”) reports provided by the solution and a

sample of each. d. Describe how system documentation is provided (online, hard copy etc) for the initial

implementation as well as future updates and releases.

5. Acceptance Test Plan

Include an acceptance test plan. The plan shall individually address each system component that comprises of the proposed system, approach for load testing, and number of people to be involved in testing. The plan should document the acceptance testing approach, resources and/or tools that may be used to validate the functions and features of the proposed system. Include an example test plan that is representative of the structure, content, and level of detail planned for this project.

6. Risk Management

Submit a risk assessment using the methodology published by the Project Management Institute or other comparable methodology. Include risk mitigation strategies as well as the resources the using agency may utilize to reduce risk.


7. On-Going Service and Support

a. Describe the post implementation follow-up activities that will be provided by the Proposer, specifically addressing the following tasks:

i. Post-live system debugging to bring application into full conformance with documentation,

proposal and modification specifications ii. Six-month and 12-month post live operational (non-technical) audits to review SMMC

utilization of the software and to provide recommendations for optimizing benefits. iii. Describe how application and support documentation is updated and distributed.

b. Provide the normal hours and describe the channels (phone, email, web, etc.) for support.

Describe how after hours support is provided. Describe the support and escalation process, including response times.

c. Indicate the current version of the package. Indicate when the next major version of the package

will be available. For major software upgrades, describe how often upgrades are released, how upgrades are defined, developed, tested and released, how customers are notified and educated about the upgrade. Describe the decision process on how new features and functions get included in the product.

d. Explain if the cost of upgrades is included in the annual hosting fee. e. Explain if software upgrades, or other maintenance window, will impose a service disruption on

the system. If yes, discuss frequency and duration of the service disruptions. f. Explain if there is a user group. If yes, explain how often they meet and where the meetings are

held. Include if the user group is a separate independent organization or funded and organized by the Proposer.

8. Value Added Services (Optional)

Proposers are encouraged but not required to propose any optional value added services they believe would help the using agency to effectively implement, operate or use the proposed system. Information provided in this section must not exceed two (2) pages in length.

APPENDIX D SaaS SECURITY ASSESSMENT CHECKLIST

Application Name: ______________________________________________Vendor Name: ___________________________________

ASP/SAAS SECURITY ASSESSMENT CHECKLIST

Briefly describe the purpose of the application. Include an overview of the application architecture, and identify the data that will be 1) stored on the application server at the Vendor site, and 2) that will be transmitted between the application and the County. Also include information on the user authentication process.

County Policy Ref. #

Description of County Requirement

Details on How Vendor

Meets Requirement

Other Security

Measures That Mitigate This Risk

Comments

16.3.4 The Vendor has a written Disaster Recovery Plan that offers a viable approach to restoring operations following an emergency situation.

16.3.4a The Vendor site has adequate, redundant physical and/or logical network connectivity to ensure continued operations following a network failure.

16.3.4b The Vendor performs system/application database backups on a schedule that is consistent with the importance of the application.

16.3.4b Backup media are treated with a level of security commensurate with the classification level of the data they contain.

16.3.4c Vendor servers are closely monitored for both performance and availability.

16.3.4d The Vendor is willing to sign a Service level Agreement (SLA) that is consistent with the importance of the application to SMMC.

16.3.5 The Vendor has a formal, written Security Policy, and is willing to provide a copy of this policy to SMMC on request.





Meets Requirement

Other Security

Measures That Mitigate This Risk

Comments

16.3.5a If users access the application directly on the Vendor server, user authentication involves more than a simple User ID/password combination, such as one-time password technology.

16.3.5b Once granted access, Users are limited to authorized activities only; i.e., customers are prevented from accessing either applications or data that belong to other customers.

16.3.5c Vendor network connectivity is protected by firewalls, intrusion detection/ prevention systems, etc. designed to protect against attack.

16.3.5d The equipment hosting the Department’s application is located in a physically secure facility that employs access control measures, such as badges, card key access, or keypad entry systems.

16.3.5d

Vendor servers are kept in locked areas/cages that limit access to authorized personnel.

16.3.5e Vendor staff is bonded, and/or have been subjected to background checks.

16.3.5f Vendor servers are hardened against attack and operating system and security-related software patches are applied regularly.

16.3.5f Commercially available anti-virus software is used on the servers, and is maintained in a current state with all updates.


16.3.5g Vendor servers are monitored on a

continuous basis, and logs are kept of all activity.

16.3.5g, 16.3.5h,

16.3.5i

The Vendor is willing to report security breaches and/or security issues to SMMC.

16.3.5h The Vendor conducts regular vulnerability assessments, using viable third-party organizations, designed to assess both the Vendor’s network infrastructure and the individual servers that host applications.

16.3.5h The Vendor implements “fixes” to correct vulnerabilities discovered during security audits.

16.3.5i The Vendor has a formal, written Incident Response Plan.

N/A (Desirable) The network infrastructure hosting the Department application is “air-gapped” from any other network or customer that the Vendor may have. This means that in an ideal situation, the application environment used by SMMC uses a separate, dedicated server and a separate network infrastructure.

N/A Identify the APIs that may be part of the solution, and indicate industry standards or best practices employed to ensure security of the data and the integration (e.g., web services, directory services, XML, scripting, etc.)

N/A What application security standards, if any, are followed? (e.g., OASIS, WC3, etc.).





Meets Requirement

Other Security

Measures That Mitigate Risk

Comments

N/A If the application processes credit card information, has the application been certified as PCI compliant? Include information on the level of compliance (e.g., Merchant Level 2) and how the application has been certified.

Policy 13.0,

Encryption

Data “in motion,” including user authentication information and credentials, are encrypted.

Policy 13.0,

Encryption

Data “at rest” (stored on the application server), including user authentication information and credentials, are encrypted.

Policy 13.0,

Encryption

Encryption or hashing algorithms utilized by the Vendor application infrastructure use standard algorithms that have been published, evaluated and accepted by the general cryptographic community for the kind of data it protects.

N/A The Vendor is willing to permit on-site visits by County staff in order to evaluate security measures in place.

N/A If the Vendor will be connecting to SMMC via a private connection (such as a dedicated T1 circuit), the Vendor agrees that the circuit will terminate on the county’s extranet, and operation of the circuit will fall within the policies related to network connections from non-County entities.





Details on How Vendor Meets Requirement

Other Security Measures

That Mitigate Risk

Comments

N/A If access to the application uses the Internet, data traffic between the County and the Vendor is protected through the implementation of SSL-VPN or equivalent technology.

Contractor Signature: ___________________________ County CIO’s Office Approval: ______________________ Print Name: ____________________________________ Title: ___________________________________________ Firm Name: ____________________________________ Date: _____________________ Date: __________________________________________

EXHIBIT 1

CURRENT SMMC INTERFACES

INTERFACE NAME DATA PATH DATA TYPE

7R7M_FMS 7R7M->OPL->INVISION PA CHARGES

ACHIEVE ADT INV->OPL->ACHIEVE ADT

DSG PAYMENTS DSG->OPL->INVISION PA CHARGES

DSS EXTRACTS DSS->OPL->SMMC PT/PA INFO

DSS_SMMC DSS->OPL->SMMC PA INFO

ECW_ADT_ERRORS ECW->OPL->FILE ADT ERRORS

ECW_INV ECW->OPL->INV ADT

ECW_INV_ORM ECW->OPL->INV ORDERS

ECW_LCR ECW->OPL->LCR RESULTS/PROGRESS NOTES

ER LOG INV->OPL->FILE ED PT ADT

FIRSTWATCH ADT INV->OPL->FILE FIRSTWATCH PT ADT

GRV3_CDEMS INV->OPL->CDEMS DB ADT

GRV3_HCLLBB INV->OPL->BLOODBANK ADT

GRV3_OLB26 INV->OPL->LAB ADT/ORDER

GRV3_PHM INV->OPL->PHARM ADT/ORDER

HCLLBB_ERROR IVN->OPL->FILE ADT ERRORS

HCLLBB_INV BLOODBANK->OPL->INV DFT

HCLLBB_OLB26 BLOODBANK->OPL->LAB RESULTS

INV_ECW INV->OPL->ECW ADT

INV_PES INV->OPL->FILE PES PT ADT

OLB26 PULSECHECK ECW->OPL->LCR RESULTS/PROGRESS NOTES

OLB26_CDEMS LAB->OPL->CDEMS DB RESULTS

OLB26_ECW_1 LAB->OPL->ECW1 RESULTS

OLB26_ECW_2 ECW1->OPL->ECW RESULTS

OLB26_HCLLBB LAB->OPL->BLOODBAK ORDERS

OLB26_INV LAB->OPL->INV DFT, ORDERS, OSU

OLB26_LCR LAB->OPL->LCR RESULTS

OLB26_PHM LAB->OPL->PHARM RESULTS

OPL_ERROR ERROR->OPL->ERROR FILE

ERROR, ALERT

ORCH_ECW ORCHARD->OPL->ECW RESULTS

ORCHARD_LCR ORCHARD->OPL->LCR RESULTS

ORF INV->OPL->ORF ADT

PAYMENT POSTING FTP->OPL->INV PA CHARGES

PES LOG INV->OPL->FILE PES ADT

PHM_INV PHARM->OPL->INV RAS INF POWERPATH CHARGES POWERPATH->OPL->INV CHARGES

POWERPATH GRV3 POWERPATH->OPL->INV ADT

POWERPATH RESULTS POWERPATH->OPL->LCR RESULTS

POWERPATH_ERROR POWERPATH->OPL->FILE

ERRORS

POWERSC_RAD26 POWERSC->OPL->RAD RESULTS

PSYCH NOTIFY INV->OPL->FILE PSYCH ADT

PULSECHECK ADT INV->OPL->PULSECHECK ADT

PULSECHECK BILLING

PULSECHECK->OPL->INV CHARGES



PULSECHECK INV ORD PULSECHECK->OPL->INV ORDERS

PULSECHECK INV UPD PULSECHECK->OPL->INV ADT

PULSECHECK ORDERS INV->OPL->PULSECHECK ORDERS

PULSECHECK RESULTS PULSECHECK->OPL->LCR RESULTS

PULSECHECK_BCF_I1 PULSECHECK->OPL->INV PA IP CHARGES

PULSECHECK_BCF_I2 PULSECHECK->OPL->INV PA IP CHARGES

PULSECHECK_BCF_O1 PULSECHECK->OPL->INV PA OP CHARGES

PULSECHECK_BCF_O2 PULSECHECK->OPL->INV PA OP CHARGES

PWP_INV_ICD9 POWERPATH->OPL->INV ICD9

QUADRAMED ADT INV->OPL->QUADRAMED ADT

RAD_ECW RAD->OPL->ECW RESULTS

RAD26 PULSECHECK RAD->OPL->PULSECHECK RESULTS

RAD26_POWERSC RAD->OPL->POWERSC ORDERS

RADIOLOGY ADT INV->OPL->RAD ORDERS, ADT, OSU

RADIOLOGY BILLING RAD->OPL->INV PA CHARGES

RADIOLOGY_CDEMS RAD->OPL->CDEMS DB RESULTS

RADIOLOGY_INV RAD->OPL->INV ORDERS, OSU

RADIOLOGY_LCR RAD->OPL->LCR RESULTS

RX_AOBF PHARM->OPL->INV PA CHARGES

SMMC_DSS SMMC->OPL->DSS PT/PA INFO

SOFTMED ADT INV->OPL->SOFTMED ADT

SOFTMED UPD SOFTMED->OPL->INV ADT

TRACKSTAR BILLING TRACKSTAR->OPL->INV PA CHARGES

WEBMEDX_ADT INV->OPL->WEBMEDX ADT

WEBMEDX_RESULTS WEBMEDX->OPL->LCR RESULTS

WELL_COPAY WELL->OPL->INV PA CHARGES

ZIP_EAD ZIP->OPL->INV ADT

Date post:	25-Sep-2020
Category:	Documents
Upload:	others
View:	0 times
Download:	0 times

REQUEST FOR PROPOSAL · 2010. 12. 21. · SMMC will consider an on-site client server solution or a...

Documents