RFP No: 4011 INVITATION: Sealed proposals, subject to the attached conditions, will be received at this office until July 25, 2017 @ 3:00 p.m. Central Time for the acquisition of a No-Wrong-Door Information and Tracking System described below for Mississippi Division of Medicaid. Scope: Implement, host, and maintain a No-Wrong-Door Information and Tracking System that coordinates care, increases access to Long-Term Services and Supports (LTSS) and incorporates Core Standardization Assessment Instruments, Conflict-free Case Management services, and Electronic Visit Verification capability. VENDOR WEB CONFERENCE: June 29, 2017 at 3:00 p.m. Central Time NOTE: THIS RFP CONTAINS MANDATORY REQUIREMENTS TO WHICH NO EXCEPTION MAY BE TAKEN. SEE SECTION VII, ITEM 2, FOR DETAILS. The Vendor must submit proposals and direct inquiries to: Michelle Smith Technology Consultant Information Technology Services 3771 Eastwood Drive Jackson, MS 39211 (601) 432-8057 [email protected]To prevent opening by unauthorized individuals, all copies of the proposal must be sealed in the package. The following must be clearly typed on a label affixed to the package in a clearly visible location: PROPOSAL, SUBMITTED IN RESPONSE TO RFP NO. 4011 due July 25, 2017 @ 3:00 p.m., ATTENTION: Michelle Smith ___________________________________ Craig P. Orgeron, Ph.D. Executive Director, ITS
Transcript
RFP No: 4011
INVITATION: Sealed proposals, subject to the attached conditions, will be received at this office until July 25, 2017 @ 3:00 p.m. Central Time for the acquisition of a No-Wrong-Door Information and Tracking System described below for Mississippi Division of Medicaid.
Scope: Implement, host, and maintain a No-Wrong-Door Information and Tracking System that coordinates care, increases access to Long-Term Services and Supports (LTSS) and incorporates Core Standardization Assessment Instruments, Conflict-free Case Management services, and Electronic Visit Verification capability. VENDOR WEB CONFERENCE: June 29, 2017 at 3:00 p.m. Central Time NOTE: THIS RFP CONTAINS MANDATORY REQUIREMENTS TO WHICH NO EXCEPTION MAY BE TAKEN. SEE SECTION VII, ITEM 2, FOR DETAILS.
The Vendor must submit proposals and direct inquiries to:
Michelle Smith Technology Consultant
Information Technology Services 3771 Eastwood Drive Jackson, MS 39211
To prevent opening by unauthorized individuals, all copies of the proposal must be sealed in the package. The following must be clearly typed on a label affixed to the package in a clearly visible location:
PROPOSAL, SUBMITTED IN RESPONSE TO RFP NO. 4011
due July 25, 2017 @ 3:00 p.m., ATTENTION: Michelle Smith
___________________________________ Craig P. Orgeron, Ph.D. Executive Director, ITS
RFP No.: 4011 ITS RFP Response Checklist
Project No.: 42954 Revised: 6/14/2017
2
ITS RFP Response Checklist
RFP Response Checklist: These items should be included in your response to RFP No. 4011. _____ 1) One clearly marked original response and five (5) identical copies of the
complete proposal submitted in three-ring binders, as well as an electronic copy on USB or disk. Label the front and spine of the three-ring, loose-leaf binder with the Vendor name and RFP number. Include the items listed below inside the binder. Please DO NOT include a copy of the RFP in the binder.
_____ 2) Submission Cover Sheet, signed and dated. (Section I)
_____ 3) Proposal Bond, if applicable (Section I)
_____ 4) Proposal Exception Summary, if applicable (Section V)
_____ 5) Vendor response to RFP Questionnaire (Section VI)
_____ 6) Point-by-point response to Technical Specifications (Section VII)
_____ 7) Vendor response to Cost Information Submission (Section VIII)
_____ 8) References (Section IX)
RFP No.: 4011 Table of Contents
Project No.: 42954 Revised: 7/1/2013
3
Table of Contents
SECTION I ...................................................................................................................... 4
SECTION I SUBMISSION COVER SHEET & CONFIGURATION SUMMARY
Provide the following information regarding the person responsible for the completion of your proposal. This person should also be the person the Mississippi Department of Information Technology Services, (ITS), should contact for questions and/or clarifications. Name Phone #
Address Fax #
E-mail
Subject to acceptance by ITS, the Vendor acknowledges that by submitting a proposal AND signing in the space indicated below, the Vendor is contractually obligated to comply with all items in this Request for Proposal (RFP), including the Standard Contract in Exhibit A and the Business Associate Agreement in Exhibit B, except those listed as exceptions on the Proposal Exception Summary Form. If no Proposal Exception Summary Form is included, the Vendor is indicating that he takes no exceptions. This acknowledgement also contractually obligates any and all subcontractors that may be proposed. Vendors who sign below may not later take exception to any point during contract negotiations. The Vendor further certifies that the company represented here is an authorized dealer in good standing of the products/services included in this proposal.
_______________________________/_________________ Original signature of Officer in Bind of Company/Date
Name (typed or printed)
Title
Company name
Physical address
State of Incorporation
CONFIGURATION SUMMARY
The Vendor must provide a summary of the main components of products/services offered in this proposal using 100 words or less.
RFP No.: 4011 Proposal Bonds
Project No.: 42954 Revised: 7/1/2013
5
PROPOSAL BONDS A Proposal Bond is not required for this procurement.
The objective of the Proposal Submission Requirements section is to provide Vendors with the information required to submit a response to this Request for Proposal (RFP). A Vendor who has responded to previous RFPs issued by ITS should not assume that the requirements are the same, as changes may have been made.
1. Failure to follow any instruction within this RFP may, at the State’s sole discretion, result in the disqualification of the Vendor’s proposal.
2. The State has no obligation to locate or acknowledge any information in the Vendor’s proposal that is not presented under the appropriate outline according to these instructions and in the proper location.
3. The Vendor’s proposal must be received, in writing, by the office of ITS by the date and time specified. ITS is not responsible for any delays in delivery or expenses for the development or delivery of proposals. Any proposal received after proposal opening time will be returned unopened. Any proposal received with insufficient postage will be returned unopened.
4. Proposals or alterations by fax, e-mail, or phone will not be accepted.
5. Original signatures are required on one copy of the Submission Cover Sheet and Configuration Summary, and the Vendor’s original submission must be clearly identified as the original. The Vendor’s original proposal must include the Proposal Bond, (if explicitly required in Section IV).
6. ITS reserves the right to reject any proposals, including those with exceptions, prior to and at any time during negotiations.
7. ITS reserves the right to waive any defect or irregularity in any proposal procedure.
8. The Vendor may intersperse their response following each RFP specification but must not otherwise alter or rekey any of the original text of this RFP. If the State determines that the Vendor has altered any language in the original RFP, the State may, in its sole discretion, disqualify the Vendor from further consideration. The RFP issued by ITS is the official version and will supersede any conflicting RFP language submitted by the Vendor.
9. The Vendor must conform to the following standards in the preparation of the Vendor’s proposal:
9.1 The Vendor is required to submit one clearly marked original response and five (5) identical copies of the complete proposal, including all sections and exhibits, in separate three-ring binders.
9.2 To prevent opening by unauthorized individuals, all copies of the proposal must be in a sealed package. A label containing the information on the RFP cover page must be clearly typed and affixed to the package in a clearly visible location.
9.4 Respond to the sections and exhibits in the same order as this RFP.
9.5 Label and tab the responses to each section and exhibit, using the corresponding headings from the RFP.
9.6 If the Vendor does not agree with any item in any section, then the Vendor must list the item on the Proposal Exception Summary Form. (See Section V for additional instructions regarding Vendor exceptions.)
9.7 Occasionally, an outline point in an attachment requests information which is not applicable to the products/services proposed. If the Vendor is certain the point does not apply to the given RFP, the Vendor should respond with “NOT APPLICABLE”.
9.8 Where an outline point asks a question or requests information, the Vendor must respond with the specific answer or information requested.
9.9 When an outline point/attachment is a statement provided for the Vendor’s information only, the Vendor need only read that point. The Vendor acknowledges having read and accepting, or taking exception to, all sections by signing the Submission Cover Sheet and providing a Proposal Exception Summary Form.
9.10 Where a minimum requirement has been identified, respond by stating the item (e.g., device name/model number, guaranteed response time) proposed and how it will meet the specifications.
9.11 The Vendor must fully respond to each requirement within the Technical Specifications by fully describing the manner and degree by which the proposal meets or exceeds said requirements.
10. It is the responsibility of the Vendor to clearly identify all costs associated with any item or series of items in this RFP. The Vendor must include and complete all parts of the cost proposal in a clear and accurate manner. Omissions, errors, misrepresentations, or inadequate details in the Vendor’s cost proposal may be grounds for rejection of the Vendor’s proposal. Costs that are not clearly identified will be borne by the Vendor. The Vendor must complete the Cost Information Submission in this RFP, which outlines the minimum requirements for providing cost information. The Vendor should supply supporting details as described in the Cost Information Submission.
11. ITS reserves the right to request additional information or clarification of a Vendor’s proposal. The Vendor’s cooperation during the evaluation process in providing ITS staff with adequate responses to requests for clarification will be considered a factor in the evaluation of the Vendor’s overall responsiveness. Lack of such cooperation or failure to provide the information in the manner required may, at the State’s discretion, result in the disqualification of the Vendor’s proposal.
12. Unsolicited clarifications and updates submitted after the deadline for proposals will be accepted or rejected at the sole discretion of ITS.
13. Unsolicited clarifications in the evaluation and selection of lowest and best proposal will be considered only if all the following conditions are met:
13.1 A clarification to a proposal that includes a newly announced product line or service with equal or additional capability to be provided at or less than the proposed price will be considered.
13.2 Information provided must be in effect nationally and have been formally and publicly announced through a news medium that the Vendor normally uses to convey customer information.
13.3 Clarifications must be received early enough in the evaluation process to allow adequate time for re-evaluation.
13.4 The Vendor must follow procedures outlined herein for submitting updates and clarifications.
13.5 The Vendor must submit a statement outlining the circumstances for the clarification.
13.6 The Vendor must submit one clearly marked original and five (5) copies of the clarification.
13.7 The Vendor must be specific about which part of the original proposal is being changed by the clarification (i.e., must include exact RFP reference to section and outline point).
14. Communications with State From the issue date of this RFP until a Vendor is selected and the selection is announced, responding Vendors or their representatives may not communicate, either orally or in writing regarding this RFP with any statewide elected official, state officer or employee, member of the legislature or legislative employee except as noted herein. To ensure equal treatment for each responding Vendor, all questions regarding this RFP must be submitted in writing to the State’s contact person for the selection process, and not later than the last date for accepting responding Vendor questions provided in this RFP. All such questions will be answered officially by the State in writing. All such questions and answers will become addenda to this RFP, and they will be posted to the ITS web site. Vendors failing to comply with this requirement will be subject to disqualification.
14.1 The State’s contact person for the selection process is: Michelle Smith, Technology Consultant, 3771 Eastwood Drive, Jackson, MS 39211, 601-432-8057, [email protected].
14.2 Vendor may consult with State representatives as designated by the State’s contact person identified in 14.1 above in response to State-initiated inquiries. Vendor may consult with State representatives during scheduled oral presentations and demonstrations excluding site visits.
RFP No.: 4011 Section III: Vendor Information
Project No.: 42954 Revised: 7/1/2013
9
SECTION III VENDOR INFORMATION
The objective of the Vendor Information section of this RFP is to provide Vendors with information required to respond to the RFP successfully.
1. Interchangeable Designations The terms “Vendor” and “Contractor” are referenced throughout this RFP. Generally, references to the “Vendor” are used in conjunction with the proposing organization and procurement process leading up to the final RFP selection and award. The term “Contractor” denotes the role assumed, post-award, by the winning Vendor. Additionally, the terms “State of Mississippi,” “State” or “ITS” may be used interchangeably throughout this RFP to denote the political entity issuing the RFP and requesting responses from Vendors throughout these specifications. References to a specific agency, institution or other political entity represent the client or customer on whose behalf ITS is issuing the RFP.
2. Vendor’s Responsibility to Examine RFP Vendors must examine all documents, forms, specifications, standard provisions, and instructions.
3. Proposal as Property of State All written proposal material becomes the property of the State of Mississippi.
4. Written Amendment to RFP Any interpretation of an ITS RFP will be made by written amendment only. The State will not be responsible for any other explanation of this RFP. A copy of any amendment will be posted on the ITS website, together with the associated RFP specification. Vendors are required to check the ITS website periodically for RFP amendments before the proposal opening date at: http://www.its.ms.gov/Procurement/Pages/RFPS_Awaiting.aspx Any and all amendments will be posted no later than noon, seven days prior to the proposal opening date listed on the cover page of this RFP. If you are unable to access the ITS website, you may contact the ITS technology consultant listed on page one of this RFP and request a copy.
5. Oral Communications Not Binding Only transactions which are in writing from ITS may be considered official. No negotiations, decisions, or actions shall be executed by any Vendor as a result of any discussions with any State employee.
6. Vendor’s Responsibility for Delivery Vendors must ensure, through reasonable and sufficient follow-up, proper compliance with, and fulfillment of all schedules and deliverables specified within the body of this RFP. The State will not be responsible for the failure of any delivery medium for submission of information to or from the Vendor, including but not limited to, public and private carriers, U.S. mail, Internet Service Providers, facsimile, or e-mail.
7. Evaluation Criteria The State's intent in issuing this RFP is to award a contract to the lowest and best responsive Vendor who meets specifications, considering price and other factors. The Vendor’s past performance, cooperation, and ability to provide service and training are general factors that will be weighed in the selection process. More specific information concerning evaluation criteria is presented in Technical Specifications.
8. Multiple Awards ITS reserves the right to make multiple awards.
9. Right to Award in Whole or Part ITS reserves the right to approve an award by individual items or in total, whichever is deemed to be in the best interest of the State of Mississippi.
10. Right to Use Proposals in Future Projects The State reserves the right to evaluate the awarded proposal from this RFP, including all products and services proposed therein, along with the resulting contractual terms, for possible use in future projects if (a) it is deemed to be in the best interest of the State to do so; and (b) the Vendor is willing to extend a cost less than or equal to that specified in the awarded proposal and resulting contract. A decision concerning the utilization of a Vendor’s proposal for future projects is solely at the discretion of the State and requires the agreement of the proposing Vendor. The State’s decision to reuse an awarded proposal will be based upon such criteria as: (1) the customer’s business requirements; (2) elapsed time since the award of the original project; and/or (3) research on changes in the Vendor, market, and technical environments since the initial award.
11. Price Changes During Award or Renewal Period A price increase will not be accepted during the award period or the renewal period, unless stipulated in the contract. However, the State will always take advantage of price decreases.
12. Right to Request Information The State reserves the right to request information relative to a Vendor’s references and financial status and to visit a Vendor’s facilities during normal working hours. The State also reserves the right to request a current financial statement, prepared and certified by an independent auditing firm, and reserves the right to require that Vendors document their financial ability to provide the products and services proposed up to the total dollar amount of the Vendor’s cost proposal. The State reserves the right to request information about the Vendor from any previous customer of the Vendor of whom the State is aware, even if that customer is not included in the Vendor’s list of references.
13. Vendor Personnel For RFPs including professional services specifications, the Vendor will be required to provide and/or certify the following for each individual included in the Vendor’s proposal:
13.1 A direct telephone number at which the individual may be contacted for a telephone interview. The State will pay toll charges in the continental United States. The Vendor must arrange a toll-free number for all other calls.
RFP No.: 4011 Section III: Vendor Information
Project No.: 42954 Revised: 7/1/2013
11
13.2 That, if onsite interviews are required, the individual can be at the specified location in Mississippi within the timeframe specified. All costs associated with onsite interviews will be the responsibility of the Vendor.
13.3 That the individual is proficient in spoken and written English;
13.4 That the individual is a U.S. citizen or that the individual meets and will maintain employment eligibility requirements in compliance with all INS regulations. The Vendor must provide evidence of identification and employment eligibility prior to the award of a contract that includes any personnel who are not U. S. citizens.
13.5 That the personnel assigned to a project will remain a part of the project throughout the duration of the contract as long as the personnel are employed by the Vendor, unless replaced by the Vendor at the request of the State. This requirement includes the responsibility for ensuring all non-citizens maintain current INS eligibility throughout the duration of the contract.
14. Vendor Imposed Constraints The Vendor must specifically document what limitations, if any, exist in working with any other Contractor acting in the capacity of the State’s business partner, subcontractor or agent who may be managing any present or future projects; performing quality assurance; integrating the Vendor’s software; and/or providing web-hosting, hardware, networking or other processing services on the State’s behalf. The project relationship may be based on roles as either equal peers; supervisory – subordinate; or subordinate – supervisory, as determined by the State. The State recognizes that the Vendor may have trade secrets, intellectual property and/or business relationships that may be subject to its corporate policies or agreements. The State must understand these issues in order to decide to what degree they may impact the State’s ability to conduct business for this project. These considerations will be incorporated accordingly into the proposal evaluation and selection process. The understanding reached between the Vendor and the State with regard to this business relationship precludes the Vendor from imposing any subsequent limitations of this type in future project undertakings by the State.
15. Best and Final Offer The State reserves the right to solicit Best and Final Offers (BAFOs) from Vendors, principally in situations in which proposal costs eclipse available funding or the State believes none of the competing proposals presents a Best Value (lowest and best proposal) opportunity. Because of the time and expense incurred by both the Vendor community and the State, BAFOs are not routinely conducted. Vendors should offer their best pricing with the initial solicitation. Situations warranting solicitation of a BAFO will be considered an exceptional practice for any procurement. Vendors that remain in a competitive range within an evaluation may be requested to tender Best and Final Offers, at the sole discretion of the State. All such Vendors will be provided an equal opportunity to respond with a Best and Final Offer under a procedure to be defined by the State that encompasses the specific, refined needs of a project, as part of the BAFO solicitation. The State may re-evaluate and amend the original project specifications should it be deemed necessary in order to improve the opportunity for attaining Best Value scenarios from among the remaining competing Vendors. All BAFO proceedings will be uniformly
RFP No.: 4011 Section III: Vendor Information
Project No.: 42954 Revised: 7/1/2013
12
conducted, in writing and subject to solicitation by the State and receipt from the Vendors under a precise schedule.
16. Restriction on Advertising The Vendor must receive written approval from the State before advertising or referencing the award of the contract or the services being provided. The Vendor must agree not to refer to awards in commercial advertising in such a manner as to state or imply that the firm or its services are endorsed or preferred by the State of Mississippi.
17. Rights Reserved to Use Existing Product Contracts The State reserves the right on turnkey projects to secure certain products from other existing ITS contracts if it is in its best interest to do so. If this option is exercised, then the awarded Vendor must be willing to integrate the acquisition and implementation of such products within the schedule and system under contract.
18. Additional Information to be Included In addition to answering each specification within this RFP, the Vendor must include complete product/service information, including product pictorials and technical/descriptive literature relative to any product/service offered with the proposal. Information submitted must be sufficiently detailed to substantiate that the products/services offered meet or exceed specifications.
19. Valid Contract Required to Begin Work The successful Vendor should not commence any billable work until a valid contract has been executed. Any work done by the successful Vendor prior to the execution of the contract is done at the Vendor’s sole risk. The State is under no obligation to pay for work done prior to the execution of a contract.
RFP No.: 4011 Section IV: Legal and Contractual Information
Project No.: 42954 Revised: 6/21/2017
13
SECTION IV LEGAL AND CONTRACTUAL INFORMATION
The objective of the Legal and Contractual Information section is to provide Vendors with information required to complete a contract or agreement with ITS successfully.
1. Acknowledgment Precludes Later Exception By signing the Submission Cover Sheet, the Vendor is contractually obligated to comply with all items in this RFP, including the Standard Contract in Exhibit A and the Business Associate Agreement in Exhibit B, except those specifically listed as exceptions on the Proposal Exception Summary Form. If no Proposal Exception Summary Form is included, the Vendor is indicating that he takes no exceptions. Vendors who respond to this RFP by signing the Submission Cover Sheet may not later take exception to any item in the RFP during contract negotiations. This acknowledgement also contractually obligates any and all subcontractors that may be proposed. No exceptions by subcontractors or separate terms and conditions will be entertained after the fact.
2. Failure to Respond as Prescribed Failure to respond as described in Section II: Proposal Submission Requirements to any item in the sections and exhibits of this RFP, including the Standard Contract attached as Exhibit A and the Business Associate Agreement in Exhibit B, if applicable, shall contractually obligate the Vendor to comply with that item.
3. Contract Documents ITS will be responsible for all document creation and editorial control over all contractual documentation related to each procurement project. The following documents will normally be included in all contracts between ITS and the Vendor:
3.1 The Proposal Exception Summary Form as accepted by ITS;
3.2 Contracts which have been signed by the Vendor and ITS;
3.3 ITS’ Request for Proposal, including all addenda;
3.4 Official written correspondence from ITS to the Vendor;
3.5 Official written correspondence from the Vendor to ITS when clarifying the Vendor’s proposal; and
3.6 The Vendor’s proposal response to the ITS RFP.
4. Order of Precedence When a conflict arises regarding contract intent due to conflicting statements in documents included in the contract, the order of precedence of each document is as listed above unless modification of order is negotiated and agreed upon by both ITS and the winning Vendor.
5. Additional Contract Provisions
RFP No.: 4011 Section IV: Legal and Contractual Information
Project No.: 42954 Revised: 6/21/2017
14
The contract will also include such additional provisions, which are not inconsistent or incompatible with the material terms of this RFP, as may be agreed upon by the parties. All of the foregoing shall be in such form and substance as prescribed by the State.
6. Contracting Agent by Law The Executive Director of ITS is, by law, the purchasing and contracting agent for the State of Mississippi in the negotiation and execution of all contracts for the acquisition of computer and telecommunications equipment, systems, software, and services (Section 25-53-1, et seq., of the Mississippi Code Annotated). ITS is issuing this RFP on behalf of the procuring agency or institution. ITS and the procuring agency or institution are sometimes collectively referred to within this RFP as "State."
7. Mandatory Legal Provisions
7.1 The State of Mississippi is self-insured; all requirements for the purchase of casualty or liability insurance are deleted.
7.2 Any provisions disclaiming implied warranties shall be null and void. See Mississippi Code Annotated Sections 11-7-18 and 75-2-719(4). The Vendor shall not disclaim the implied warranties of merchantability and fitness for a particular purpose.
7.3 The Vendor shall have no limitation on liability for claims related to the following items:
7.3.1 Infringement issues;
7.3.2 Bodily injury;
7.3.3 Death;
7.3.4 Physical damage to tangible personal and/or real property; and/or
7.3.5 The intentional and willful misconduct or negligent acts of the Vendor and/or Vendor’s employees or subcontractors.
7.4 All requirements that the State pay interest (other than in connection with lease-purchase contracts not exceeding five years) are deleted.
7.5 Any contract negotiated under this RFP will be governed by and construed according to the laws of the State of Mississippi. Venue for the resolution of any dispute shall be Jackson, Hinds County, Mississippi.
7.6 Any contract negotiated under this RFP is cancelable in the event the funding authority does not appropriate funds. Notice requirements to Vendor cannot exceed sixty (60) days.
7.7 The State of Mississippi does not waive its sovereign immunities or defenses as provided by law by entering into this contract with the Vendor, Vendor agents, subcontractors, or assignees.
RFP No.: 4011 Section IV: Legal and Contractual Information
Project No.: 42954 Revised: 6/21/2017
15
7.8 The State will deliver payments to the Vendor within forty-five (45) days after receipt of invoice and receipt, inspection, and approval of Vendor’s products/services. No late charges will exceed 1.5% per month on any unpaid balance from the expiration of said period until payment is delivered. See Section 31-7-305 of the Mississippi Code Annotated. Seller understands and agrees that Purchaser is exempt from the payment of taxes.
7.9 The State shall not pay any attorney's fees, prejudgment interest or the cost of legal action to or for the Vendor.
8. Approved Contract
8.1 Award of Contract - A contract is considered to be awarded to a proposer once the proposer’s offering has been approved as lowest and best proposal through:
8.1.1 Written notification made to proposers on ITS letterhead, or
8.1.2 Notification posted to the ITS website for the project, or
8.1.3 CP-1 authorization executed for the project, or
8.1.4 The ITS Board’s approval of same during an open session of the Board.
8.2 ITS statute specifies whether ITS Director approval or ITS Board approval is applicable for a given project, depending on the total lifecycle cost of the contract.
8.3 A contract is not deemed final until five (5) working days after either the award of contract or post procurement review, as stipulated in the ITS Protest Procedure and Policy. In the event of a valid protest, the State may, at its sole discretion, continue the procurement or stay the procurement in accordance with the ITS Protest Procedure and Policy. If the procurement is stayed, the contract is not deemed final until the protest is resolved.
9. Contract Validity All contracts are valid only if signed by the Executive Director of ITS.
10. Order of Contract Execution Vendors will be required to sign contracts and to initial all contract changes before the Executive Director of ITS signs.
11. Availability of Funds All contracts are subject to availability of funds of the acquiring State entity and are contingent upon receipt by the winning Vendor of a purchase order from the acquiring State entity.
12. CP-1 Requirement
RFP No.: 4011 Section IV: Legal and Contractual Information
Project No.: 42954 Revised: 6/21/2017
16
All purchase orders issued for goods and services acquired from the awarded Vendor under this RFP must be encoded by the Customer agency with a CP-1 approval number assigned by ITS. This requirement does not apply to acquisitions that by policy have been delegated to State entities.
13. Requirement for Electronic Payment and Invoicing
13.1 Payments to the awarded Vendor for all goods and services acquired under this RFP by state agencies that make payments through the Mississippi State Government’s Enterprise Resource Planning (ERP) solution (“MAGIC”) will be made electronically, via deposit to the bank account of the Vendor’s choice. The awarded Vendor must enroll and be activated in PayMode™, the State’s current vehicle for sending and receiving electronic payments, prior to receiving any payments from state agencies. There is no charge for a Vendor to enroll or receive payments via PayMode. For additional information on PayMode, including registration instructions, Vendors should visit the following website: http://portal.paymode.com/ms/. Vendors may also request assistance from the Mississippi Management and Reporting System (MMRS) Call Center regarding PayMode registration by contacting [email protected].
13.2 For state agencies that make payments through MAGIC, the awarded Vendor is required to submit electronically all invoices for goods and services acquired under this RFP, along with appropriate supporting documentation, as directed by the State.
13.3 Items 13.1 and 13.2 only apply to state agencies that make payments through MAGIC. Payments and invoices for all other entities will conform to their standard methods of payment to contractors.
14. Time For Negotiations
14.1 All contractual issues must be successfully negotiated within fifteen (15) working days from the Vendor’s initial receipt of the project contract from ITS, unless ITS consents to extend the period. Failure to complete negotiations within the stated time period constitutes grounds for rejection of the Vendor’s response to this RFP. ITS may withdraw the proposal award and begin negotiations with the next ranked Vendor immediately or pursue any other option.
14.2 Negotiations shall be limited to items to which the Vendor has noted as exceptions on their Proposal Exception Summary Form, as well as any new items that the State may require. All contract changes requested by the Vendor related to such exceptions noted in Vendor’s proposal shall be submitted three (3) working days prior to scheduled negotiations, unless ITS consents to a different period.
15. Prime Contractor The selected Vendor will be designated the prime contractor in the proposal, and as such, shall be solely responsible for all products/services offered in the proposal and for the fulfillment of the contract with the State.
RFP No.: 4011 Section IV: Legal and Contractual Information
Project No.: 42954 Revised: 6/21/2017
17
16. Sole Point of Contact ITS will consider the selected Vendor to be the sole point of contact with regard to contractual matters, including payment of any and all charges resulting from the contract.
16.1 The Vendor must acknowledge and agree that in matters of proposals, clarifications, negotiations, contracts and resolution of issues and/or disputes, the Vendor represents all contractors, third parties and/or subcontractors the Vendor has assembled for this project. The Vendor’s commitments are binding on all such parties and consequently the State is only required to negotiate with the Vendor.
16.2 Furthermore, the Vendor acknowledges and agrees to pass all rights and/or services related to all general consulting, services leasing, software licensing, warranties, hardware maintenance and/or software support to the State from any contractor, third party or subcontractor without the State having to negotiate separately or individually with any such parties for these terms or conditions.
16.3 Should a proposing Vendor wish to assign payment of any or all charges resulting from this contract to a third party, Vendor must disclose that fact in his/her proposal, along with the third party’s name, address, nature of business, and relationship to the proposing Vendor, the reason for and purpose of the assignment, and all conditions of the assignment, including but not limited to a copy of an assignment document to be executed by the State, the Vendor, and the third party. Such assignments will be accepted or rejected at the sole discretion of the State. Vendor must clearly and definitively state in his/her proposal whether the proposal is contingent upon the requested assignment of payments. Whenever any assignment of payment is requested, the proposal, contract, and assignment document must include language specifically guaranteeing that the proposing Vendor is solely and fully liable and responsible for the performance of its obligations under the subject contract. No assignment of payment will be considered at the time of purchase unless such assignment was fully disclosed in the Vendor’s proposal and subsequently accepted by the State.
17. ITS Approval of Subcontractor Required Unless provided in the contract, the Vendor shall not contract with any other party for furnishing any of the contracted work or services without the consent, guidance, and written approval of the State. ITS reserves the right of refusal and the right to request replacement of a subcontractor due to unacceptable work or conduct. This provision should not be interpreted as requiring the approval of individual contracts of employment between the Vendor and personnel assigned for services under the contract.
18. Inclusion of Subcontract Agreements Copies of any agreements to be executed between the Vendor and any subcontractors must be included in the Vendor’s proposal.
19. Negotiations with Subcontractor
RFP No.: 4011 Section IV: Legal and Contractual Information
Project No.: 42954 Revised: 6/21/2017
18
In order to protect the State’s interest, ITS reserves the right to attempt to resolve the contractual disagreements that may arise between the Vendor and its subcontractor after award of the contract.
20. References to Vendor to Include Subcontractor All references in the RFP to “Vendor” shall be construed to encompass both the Vendor and its subcontractors.
21. Outstanding Vendor Obligations
21.1 Any Vendor who presently owes the State of Mississippi money pursuant to any contract for which ITS is the contracting agent and who has received written notification from ITS regarding the monies owed, must submit, with the proposal, a certified check in the amount due and owing in order for the proposal in response to this RFP to be considered. For a Vendor currently in bankruptcy as of the RFP submission date, this requirement is met, if and only if, ITS has an active petition before the appropriate bankruptcy court for recovery of the full dollar amount presently owed to the State of Mississippi by that Vendor. If the Vendor has emerged from bankruptcy by the RFP submission date, the Vendor must pay in full any amount due and owing to the State, as directed in the court-approved reorganization plan, prior to any proposal being considered.
21.2 Any Vendor who is presently in default on existing contracts for which ITS is the contracting agent, or who otherwise is delinquent in the performance of any such contracted obligations, is in the sole judgment of the State required to make arrangement for fulfilling outstanding obligations to the satisfaction of the State in order for the proposal to be considered.
21.3 The State, at its sole discretion, may reject the proposal of a Vendor with any significant outstanding financial or other obligations to the State or who is in bankruptcy at the time of proposal submission.
22. Equipment Condition For all RFPs requiring equipment, the Vendor must furnish only new equipment in response to ITS specifications, unless an explicit requirement for used equipment is otherwise specified.
23. Delivery Intervals The Vendor’s proposal must specify, in the Cost Information Submission and in response to any specific instructions in the Technical Specifications, delivery and installation intervals after receipt of order.
24. Pricing Guarantee The Vendor must explicitly state, in the Cost Information Submission and in response to any specific instructions in the Technical Specifications, how long the proposal will remain valid. Unless stated to the contrary in the Technical Specifications, pricing must be guaranteed for a minimum of ninety (90) days.
RFP No.: 4011 Section IV: Legal and Contractual Information
Project No.: 42954 Revised: 6/21/2017
19
25. Shipping Charges For all RFPs requiring shipment of any product or component, all products must be delivered FOB destination to any location within the geographic boundaries of the State with all transportation charges prepaid and included in the RFP proposal or LOC quotation. Destination is the point of use.
26. Amortization Schedule For all RFPs requiring equipment, contracts involving the payment of interest must include an amortization schedule clearly documenting the amount of interest payable over the term of the contract.
27. Americans with Disabilities Act Compliance for Web Development and Portal Related Services All Web and Portal development work must be designed and implemented in compliance with the Electronic and Information Technology Accessibility Standards associated with Section 508 of the Rehabilitation Act and with the Web Accessibility Initiative (WAI) of the W3C.
28. Ownership of Developed Software
28.1 When specifications require the Vendor to develop software for the State, the Vendor must acknowledge and agree that the State is the sole owner of such developed software with exclusive rights to use, alter, or distribute the software without restriction. This requirement applies to source code, object code, and documentation.
28.2 The State may be willing to grant the Vendor a nonexclusive license to use the State’s software subject to devising acceptable terms and license fees. This requirement is a matter of State Law, and not negotiable.
29. Ownership of Custom Tailored Software In installations where the Vendor’s intellectual property is modified and custom-tailored to meet the needs of the State, the Vendor must offer the State an application license entitling the State to use, and/or alter the software without restriction. These requirements apply to source code, object code and documentation.
30. Terms of Software License The Vendor acknowledges and agrees that the term of all software licenses provided to the State shall be perpetual unless stated otherwise in the Vendor’s proposal.
31. The State is Licensee of Record The Vendor must not bypass the software contracting phase of a project by licensing project software intended for State use in its company name. Upon award of a project, the Vendor must ensure that the State is properly licensed for all software that is proposed for use in a project.
32. Compliance with Enterprise Security Policy Any solution proposed in response to this RFP must be in compliance with the State of Mississippi’s Enterprise Security Policy. The Enterprise Security Policy is based on industry-standard best practices, policy, and guidelines and covers the following topics:
RFP No.: 4011 Section IV: Legal and Contractual Information
Project No.: 42954 Revised: 6/21/2017
20
web servers, email, virus prevention, firewalls, data encryption, remote access, passwords, servers, physical access, traffic restrictions, wireless, laptop and mobile devices, disposal of hardware/media, and application assessment/certification. Given that information security is an evolving technology practice, the State reserves the right to introduce new policy during the term of the contract resulting from this RFP and require the Vendor to comply with same in the event the industry introduces more secure, robust solutions or practices that facilitate a more secure posture for the State of Mississippi. Vendors wanting to view the Enterprise Security Policy should contact the Technology Consultant listed on the cover page of this RFP.
33. Negotiating with Next-Ranked Vendor Should the State cease doing business with any Vendor selected via this RFP process, for any reason, the State reserves the right to initiate negotiations with the next ranked Vendor.
34. Disclosure of Proposal Information Vendors should be aware that any information in a proposal may be subject to disclosure or reproduction under the Mississippi Public Records Act of 1983, defined in Section 25-61-1 et seq. of the Mississippi Code Annotated. All disclosures of proposal information will be made in compliance with the ITS Public Records Procedures established in accordance with the Mississippi Public Records Act. The ITS Public Records Procedures are available in Section 019-010 of the ITS Procurement Handbook, on the ITS Internet site at: http://www.its.ms.gov/Procurement/Documents/ISS%20Procurement%20Manual.pdf#page=155 or from ITS upon request. As outlined in the Third Party Information section of the ITS Public Records Procedures, ITS will give written notice to any affected Vendor of a request to view or reproduce the Vendor’s proposal or portion thereof. ITS will not, however, give such notice with respect to summary information prepared in connection with the State’s review or evaluation of a Vendor’s proposal, including, but not limited to, written presentations to the ITS Board or other approving bodies, and/or similar written documentation prepared for the project file. In addition, ITS will not provide third-party notice for requests for any contract executed as a result of this RFP. Summary information and contract terms, as defined above, become the property of ITS, who has the right to reproduce or distribute this information without notification. Vendors should further be aware that requests for disclosure of proposal information are sometimes received by ITS significantly after the proposal opening date. ITS will notify the signatory “Officer in Bind of Company” provided in Section I of this RFP for Notification of Public Records Requests in the event information is requested that your company might wish to consider protecting as a trade secret or as confidential commercial or financial information. If the “Officer in Bind of Company” should not be used for notification of public records requests, Vendor should provide the alternative contact information in response to this RFP item.
RFP No.: 4011 Section IV: Legal and Contractual Information
Project No.: 42954 Revised: 6/21/2017
21
The State will assess risk factors that may initially exist within a given procurement and that may develop over the course of a procurement process as facts become known. The State, at its sole discretion, may employ the following mechanisms in mitigating these risks: proposal bonding, performance bonding, progress payment plan with retainage, inclusion of liquidated damages, and withholding payment for all portions of the products/services acquired until final acceptance. The Vendor must agree to incorporate any or all of the above terms and conditions into the customer agreement.
36. Proposal Bond The Vendor is not required to include a proposal bond with its RFP proposal.
37. Performance Bond/Irrevocable Bank Letter of Credit The Vendor is not required to include the price of a performance bond or irrevocable bank letter of credit with its RFP proposal.
38. Responsibility for Behavior of Vendor Employees/Subcontractors The Vendor will be responsible for the behavior of all its employees and subcontractors while on the premises of any State agency or institution. Any Vendor employee or subcontractor acting in a manner determined by the administration of any State agency or institution to be detrimental, abusive, or offensive to any of the staff or student body of any State agency or institution will be asked to leave the premises and can be suspended from further work on the premises.
39. Protests The Executive Director of ITS and/or the Board Members of ITS or their designees shall have the authority to resolve Vendor protests in connection with the selection for award of a contract. Copies of the protest procedures are available on the ITS Internet site - ITS Protest Procedure and Policy, Section 019-020, ITS Procurement Handbook at: http://www.its.ms.gov/Procurement/Documents/ISS%20Procurement%20Manual.pdf#page=173 or from ITS upon request.
40. Protest Bond Potential Vendors may protest any of the specifications of this RFP on the belief that the specification is unlawful, unduly restrictive, or unjustifiably restraining to competition. Any such protest must be in writing and submitted to the ITS Executive Director along with the appropriate protest bond within five (5) working days of the Official Release of the RFP, as defined in the ITS Protest Procedure and Policy. The outside of the envelope must be marked “Protest” and must specify RFP No. 4011.
As a condition precedent to filing any protest related to this procurement, the Vendor must procure, submit to the ITS Executive Director with its written protest, and maintain in effect at all times during the course of the protest or appeal thereof, a protest bond in the full amount of the total estimated project lifecycle cost or $250,000.00, whichever is less. The total estimated project lifecycle cost will be the amount used by ITS in the computation of cost points, as the low cost in the denominator of the cost evaluation formula. The bond shall be accompanied by a duly authenticated or certified document evidencing that the person executing the bond is a licensed Mississippi agent for the bonding company. This certified document shall identify the name and address of the person or entity holding the protest bond and shall identify a contact person to be notified in the event that the State
RFP No.: 4011 Section IV: Legal and Contractual Information
Project No.: 42954 Revised: 6/21/2017
22
is required to take action against the bond. The protest bond shall not be released to the protesting Vendor until the protest is finally resolved and the time for appealing said protest has expired. The protest bond shall be procured at the protesting Vendor’s expense and be payable to the Mississippi Department of Information Technology Services. Prior to approval of the protest bond, ITS reserves the right to review the protest bond and require the protesting Vendor to substitute an acceptable bond in such form as the State may reasonably require. The premiums on such bond shall be paid by the protesting Vendor. The State may claim against the protest bond as specified in Section 25-53-5 (n) of the Mississippi Code of 1972, as amended during the 1998 Mississippi legislative session, in addition to all other rights and remedies the State may have at law or in equity.
Should the written protest submitted by the Vendor fail to comply with the content requirements of ITS’ protest procedure and policy, fail to be submitted within the prescribed time limits, or fail to have the appropriate protest bond accompany it, the protest will be summarily dismissed by the ITS Executive Director.
41. Mississippi Employment Protection Act Effective July 1, 2008, Vendor acknowledges that if awarded, it will ensure its compliance
with the Mississippi Employment Protection Act, Section 71-11-1, et seq. of the Mississippi Code Annotated (Supp2008), and will register and participate in the status verification system for all newly hired employees. The term “employee” as used herein means any person that is hired to perform work within the State of Mississippi. As used herein, “status verification system” means the Illegal Immigration Reform and Immigration Responsibility Act of 1996 that is operated by the United States Department of Homeland Security, also known as the E-Verify Program, or any other successor electronic verification system replacing the E-Verify Program. Vendor will agree to maintain records of such compliance and, upon request of the State, to provide a copy of each such verification to the State.
Vendor acknowledges and certifies that any person assigned to perform services hereunder meets the employment eligibility requirements of all immigration laws of the State of Mississippi. Vendor acknowledges that violating the E-Verify Program (or successor thereto) requirements subjects Vendor to the following: (a) cancellation of any state or public contract and ineligibility for any state or public contract for up to three (3) years, with notice of such cancellation being made public, or (b) the loss of any license, permit, certification or other document granted to Vendor by an agency, department or governmental entity for the right to do business in Mississippi for up to one (1) year, or (c) both. Vendor would also be liable for any additional costs incurred by the State due to contract cancellation or loss of license or permit.
42. Equal Employment Opportunity Except as otherwise provided under 41 CFR Part 60, all contracts that meet the definition of federally assisted construction contract in 41 CFR Part 60-1.3 must include the equal opportunity clause provided under 41 CFR 60-1.4(b), in accordance with Executive Order 11246, “Equal Employment Opportunity” (30 FR 12319, 12935, 3 CFR Part, 1964-1965 Comp., p. 339), as amended by Executive Order 11375, “Amending Executive Order 11246 Relating to Equal Employment Opportunity,” and implementing regulations at 41
RFP No.: 4011 Section IV: Legal and Contractual Information
Project No.: 42954 Revised: 6/21/2017
23
CFR part 60, “Office of Federal Contract Compliance Programs, Equal Employment Opportunity, Department of Labor.” (2 CFR 200, Subpart F, Appendix II)
43. Clean Air and Federal Water Pollution Control Act Clean Air Act (42 U.S.C. 7401-7671q.) and the Federal Water Pollution Control Act (33 U.S.C. 1251-1387), as amended. Contracts and subgrants of amounts in excess of $150,000 must contain a provision that requires the non-Federal award to agree to comply with all applicable standards, orders or regulations issued pursuant to the Clean Air Act (42 U.S.C. 7401-7671q) and the Federal Water Pollution Control Act as amended (33 U.S.C. 1251-1387). Violations must be reported to the Federal awarding agency and the Regional Office of the Environmental Protection Agency (EPA). (2 CFR 200, Subpart F, Appendix II)
44. Anti-Lobbying Act This Act prohibits the recipients of Federal contracts, grants, and loans from using appropriated funds for lobbying the Executive or Legislative branches of the Federal government in connection with a specific contract, grant, or loan. As required by Section 1352, Title 31 of the U.S. Code and implemented at 2 CFR 200, Subpart F, Appendix II, for persons entering into a grant or cooperative agreement over $100,000, as defined at 31 U.S.C. 1352, the applicant certifies that:
44.1 No federal appropriated funds have been paid or will be paid, by or on behalf of the undersigned, to any person for influencing or attempting to influence an officer or employee of any agency, a member of Congress, an officer or employee of Congress, or an employee of a member of Congress in connection with the making of any federal grant, the entering into of any cooperative agreement, and the extension, continuation, renewal, amendment, or modification of any federal grant or cooperative agreement;
44.2 If any funds other than federal appropriated funds have been paid or will be paid to any person for influencing or attempting to influence an officer or employee of any agency, a member of Congress, an officer or employee of Congress, or an employee of a member of Congress in connection with this federal grantor o cooperative agreement, the undersigned shall complete and submit Standard Form – LLL, “Disclosure Form to Report Lobbying,” in accordance with its instructions;
44.3 The undersigned shall require that the language of this certification be include in the award documents for all sub-awards at all tiers (including sub-grants, contracts under grants and cooperative agreements, and subcontracts) and that all sub-recipients shall certify and disclose accordingly.
45. Americans with Disabilities Act This Act (28 CFR Part 35, Title II, Subtitle A) prohibits discrimination on the basis of disability in all services, programs, and activities provided to the public and State and local governments, except public transportation services.
46. Drug-Free Workplace Statement The Federal government implemented 41 U.S. Code § 8103, Drug-free workplace requirements for Federal grant recipients in an attempt to address the problems of drug
RFP No.: 4011 Section IV: Legal and Contractual Information
Project No.: 42954 Revised: 6/21/2017
24
abuse on the job. It is a fact that employees who use drugs have less productivity, a lower quality of work, and a higher absenteeism, and are more likely to misappropriate funds or services. From this perspective, the drug abuser may endanger other employees, the public at large, or themselves. Damage to property, whether owned by this entity or not, could result from drug abuse on the job. All these actions might undermine public confidence in the services this entity provides. Therefore, in order to remain a responsible source for government contracts, the following guidelines have been adopted:
a. The unlawful manufacture, distribution, dispensation, possession or use of a controlled substance is prohibited in the work place.
b. Violators may be terminated or requested to seek counseling from an approved rehabilitation service.
c. Employees must notify their employer of any conviction of a criminal drug statue no later than five days after such conviction.
d. Contractors of federal agencies are required to certify that they will provide drug-free workplaces for their employees.
Transactions subject to the suspension/debarment rules (covered transactions) include grants, subgrants, cooperative agreements, and prime contracts under such awards. Subcontracts are not included. Also, the dollar threshold for covered procurement contracts is $25,000. Contracts for Federally required audit services are covered regardless of dollar amount.
47. Debarment and Suspension Debarment and Suspension (Executive Orders 12549 and 12689)—A contract award (see 2 CFR 180.220) must not be made to parties listed on the government wide exclusions in the System for Award Management (SAM), in accordance with the OMB guidelines at 2 CFR 180 that implement Executive Orders 12549 (3 CFR part 1986 Comp., p. 189) and 12689 (3 CFR part 1989 Comp., p. 235), “Debarment and Suspension.” SAM Exclusions contains the names of parties debarred, suspended, or otherwise excluded by agencies, as well as parties declared ineligible under statutory or regulatory authority other than Executive Order 12549. (2 CFR 200, Subpart F, Appendix II)
48. Royalty-Free Rights to Use Software or Documentation Developed 2 CFR 200.315 Intangible property.
a. Title to intangible property (see §200.59 Intangible property) acquired under a Federal award vests upon acquisition in the non-Federal entity. The non-Federal entity must use that property for the originally-authorized purpose, and must not encumber the property without approval of the Federal awarding agency. When no longer needed for the originally authorized purpose, disposition of the intangible property must occur in accordance with the provisions in §200.313 Equipment paragraph (e).
b. The non-Federal entity may copyright any work that is subject to copyright and was developed, or for which ownership was acquired, under a Federal award. The Federal awarding agency reserves a royalty-free, nonexclusive and irrevocable right to reproduce, publish, or otherwise use the work for Federal purposes, and to authorize others to do so.
c. The non-Federal entity is subject to applicable regulations governing patents and inventions, including government wide regulations issued by the Department of
RFP No.: 4011 Section IV: Legal and Contractual Information
Project No.: 42954 Revised: 6/21/2017
25
Commerce at 37 CFR Part 401, “Rights to Inventions Made by Nonprofit Organizations and Small Business Firms Under Government Awards, Contracts and Cooperative Agreements.”
d. The Federal Government has the right to: 1. Obtain, reproduce, publish, or otherwise use the data produced under a
Federal award; and 2. Authorize others to receive, reproduce, publish, or otherwise use such data for
Federal purposes.
RFP No.: 4011 Section V: Proposal Exceptions
Project No.: 42954 Revised: 7/1/2013
26
SECTION V PROPOSAL EXCEPTIONS
Please return the Proposal Exception Summary Form at the end of this section with all exceptions to items in any Section of this RFP listed and clearly explained or state “No Exceptions Taken.” If no Proposal Exception Summary Form is included, the Vendor is indicating that he takes no exceptions to any item in this RFP document.
1. Unless specifically disallowed on any specification herein, the Vendor may take exception to any point within this RFP, including a specification denoted with ”shall” or “must,” as long as the following are true:
1.1 The specification is not a matter of State law;
1.2 The proposal still meets the intent of the RFP;
1.3 A Proposal Exception Summary Form is included with Vendor’s proposal; and
1.4 The exception is clearly explained, along with any alternative or substitution the Vendor proposes to address the intent of the specification, on the Proposal Exception Summary Form.
2. The Vendor has no liability to provide items to which an exception has been taken. ITS has no obligation to accept any exception. During the proposal evaluation and/or contract negotiation process, the Vendor and ITS will discuss each exception and take one of the following actions:
2.1 The Vendor will withdraw the exception and meet the specification in the manner prescribed;
2.2 ITS will determine that the exception neither poses significant risk to the project nor undermines the intent of the RFP and will accept the exception;
2.3 ITS and the Vendor will agree on compromise language dealing with the exception and will insert same into the contract; or
2.4 None of the above actions is possible, and ITS either disqualifies the Vendor’s proposal or withdraws the award and proceeds to the next ranked Vendor.
3. Should ITS and the Vendor reach a successful agreement, ITS will sign adjacent to each exception which is being accepted or submit a formal written response to the Proposal Exception Summary responding to each of the Vendor’s exceptions. The Proposal Exception Summary, with those exceptions approved by ITS, will become a part of any contract on acquisitions made under this RFP.
4. An exception will be accepted or rejected at the sole discretion of the State.
5. The State desires to award this RFP to a Vendor or Vendors with whom there is a high probability of establishing a mutually agreeable contract, substantially within the standard terms and conditions of the State's RFP, including the Standard Contract in Exhibit A and
RFP No.: 4011 Section V: Proposal Exceptions
Project No.: 42954 Revised: 7/1/2013
27
the Business Associate Agreement in Exhibit B, if included herein. As such, Vendors whose proposals, in the sole opinion of the State, reflect a substantial number of material exceptions to this RFP, may place themselves at a comparative disadvantage in the evaluation process or risk disqualification of their proposals.
6. For Vendors who have successfully negotiated a contract with ITS in the past, ITS requests that, prior to taking any exceptions to this RFP, the individual(s) preparing this proposal first confer with other individuals who have previously submitted proposals to ITS or participated in contract negotiations with ITS on behalf of their company, to ensure the Vendor is consistent in the items to which it takes exception.
RFP No.: 4011 Section V: Proposal Exceptions
Project No.: 42954 Revised: 7/1/2013
28
PROPOSAL EXCEPTION SUMMARY FORM List and clearly explain any exceptions, for all RFP Sections and Exhibits, in the table below.
ITS RFP Reference
Vendor Proposal Reference
Brief Explanation of Exception
ITS Acceptance (sign here only if accepted)
(Reference specific outline point to which exception is taken)
(Page, section, items in Vendor’s proposal where exception is explained)
(Short description of exception being made)
1.
2.
3.
4.
5.
6.
7.
RFP No.: 4011 Section VI: RFP Questionnaire
Project No.: 42954 Revised: 5/22/2017
29
SECTION VI RFP QUESTIONNAIRE
Please answer each question or provide the information as requested in this section.
1. Mississippi’s Accountability System for Government Information and Collaboration (MAGIC) Information for State of Mississippi Vendor File
1.1 MAGIC Vendor Code: Any Vendor who has not previously done business with the State and has not been assigned a MAGIC Vendor code should visit the following link to register:
Vendors who have previously done business with the State may obtain their MAGIC Vendor code and all Vendors may access additional Vendor information at the link below.
1.2 Vendor Self-Certification Form: The State of Mississippi, in an effort to capture participation by minority Vendors, asks that each Vendor review the State of Mississippi Minority Vendor Self Certification Form. This information is for tracking/reporting purposes only, and will not be used in determining which Vendor will be chosen for the project. Any Vendor who can claim status as a Minority Business Enterprise or a Woman Business Enterprise in accordance with the definitions on this form and who has not previously submitted a form to the State of Mississippi should submit the completed form with the proposal. A copy of the Minority Vendor Self-Certification Form can be obtained at:
Please direct any questions about minority certification in Mississippi to the Minority Business Enterprise Division of the Mississippi Development Authority by telephone at (601) 359-3448 or via email at [email protected]. If Vendor is claiming status as a Minority Business Enterprise or Woman Business Enterprise, the Vendor must include a copy of their Minority Vendor Self-Certification Form with their RFP response.
2. Certification of Authority to Sell The Vendor must certify Vendor is a seller in good standing, authorized to sell and able to deliver all items and related services proposed in the State of Mississippi in the time frame specified. Does the Vendor make these certifications? (A yes or no answer is required.)
3. Certification of No Conflict of Interest Mississippi law clearly forbids a direct or indirect conflict of interest of a company or its employees in selling to the State. The Vendor must answer and/or provide the following:
3.1 Does there exist any possible conflict of interest in the sale of items to any institution within ITS jurisdiction or to any governing authority? (A yes or no answer is required.)
3.2 If the possibility of a conflict does exist, provide a list of those institutions and the nature of the conflict on a separate page and include it in your proposal. The Vendor may be precluded from selling to those institutions where a conflict of interest may exist.
4. Pending Legal Actions
4.1 Are there any lawsuits or other legal proceedings against the Vendor that pertain to any of the software, hardware, or other materials and/or services which are a part of the Vendor’s proposal? (A yes or no answer is required.)
4.2 Are there any criminal or civil proceedings (federal or state) pending against the Vendor or its principals or employees that pertain to any public procurement within the State of Mississippi or elsewhere? (A yes or no answer is required.)
4.3 If your answer to either of the above is “yes”, provide a copy of same and state with specificity the current status of the proceedings.
4.4 The State, at its sole discretion, may reject the proposal of a Vendor who (a) has criminal or civil proceedings pending that pertain to a public procurement within Mississippi or elsewhere, or (b) has lawsuits or other legal proceedings pending that pertain to any of the products or services which are part of the Vendor’s proposal.
5. Non-Disclosure of Social Security Numbers Does the Vendor acknowledge that any information system proposed, developed, or modified under this RFP that disseminates, in any form or manner, information or material that contains the Social Security Number of an individual, has mechanisms in place to prevent the inadvertent disclosure of the individual’s Social Security Number to members of the general public or to persons other than those persons who, in the performance of their duties and responsibilities, have a lawful and legitimate need to know the individual’s Social Security Number? This acknowledgement is required by Section 25-1-111 of the Mississippi Code Annotated.
6. Order and Remit Address The Vendor must specify both an order and a remit address:
RFP No.: 4011 Section VI: RFP Questionnaire
Project No.: 42954 Revised: 5/22/2017
31
Order Address:
Remit Address (if different):
7. Taxpayer Identification Number Vendor must specify their taxpayer identification number.
8. Web Amendments As stated in Section III, ITS will use the ITS website to post amendments regarding RFPs
before the proposal opening at: http://www.its.ms.gov/Procurement/Pages/RFPS_Awaiting.aspx ITS may post clarifications until noon seven days prior to the proposal opening date listed
on the cover page of this RFP or the posted extension date, if applicable.
Vendors may list any questions or items needing clarification discovered in the week prior to the proposal opening in a written format at the beginning of the proposal binder or in the comment section for the individual offering.
Does the Vendor certify that they have reviewed a copy of the ITS amendments for RFPs as above stated? (A yes or no answer is required.)
9. Certification of Liability Insurance Vendor must provide a copy of their Certificate of Liability Insurance with their RFP response.
10. E-Verify Registration Documentation Vendor must ensure its compliance with the Mississippi Employment Protection Act, Section 71-11-1, et seq. of the Mississippi Code Annotated (Supp2008). Vendor must provide documentation of their E-Verify compliance with their RFP response. See Section IV, Item 41 for additional information.
11. System for Award Management (SAM) Registration Documentation Vendor must include a copy of their registration with the Federal Government’s System for Award Management (SAM) with their RFP response.
1.1 Beginning with Item 2.1 of this section, label and respond to each outline point in this section as it is labeled in the RFP.
1.2 The Vendor must respond with “ACKNOWLEDGED”, “WILL COMPLY”, or “AGREED” to each point in this section. In addition, Vendors must respond to each specification beginning in Section VII, Item 8 through Item 22 with a narrative description. Failure to provide the information requested will result in the Vendor receiving a lower score for that item, or, at the State’s sole discretion, being subject to disqualification. The description must include the following:
1.2.1 A description of the methodology to be followed in accomplishing each requirement, in order to demonstrate the Vendors understanding of this RFP.
1.2.2 Information about past performance results for similar work in a Long-Term Support and Services (LTSS) environment; lessons learned from those projects and how they will be applied to this project.
1.3 “ACKNOWLEDGED” should be used when no vendor response or vendor compliance is required. “ACKNOWLEDGED” simply means the vendor is confirming to the State that he read the statement. This is commonly used in the RFP sections where the agency’s current operating environment is described or where general information is being given about the project.
1.4 “WILL COMPLY” or “AGREED” are used interchangeably to indicate that the vendor will adhere to the requirement. These terms are used to respond to statements that specify that a vendor or vendor’s proposed solution must comply with a specific item or must perform a certain task.
1.5 If the Vendor cannot respond with “ACKNOWLEDGED”, “WILL COMPLY”, or “AGREED”, then the Vendor must respond with “EXCEPTION”. (See Section V, for additional instructions regarding Vendor exceptions.)
1.6 Where an outline point asks a question or requests information, the Vendor must respond with the specific answer or information requested.
1.7 In addition to the above, Vendor must provide explicit details as to the manner and degree to which the proposal meets or exceeds each specification.
2. Mandatory Provisions in Technical Requirements for this RFP
2.1 Certain items in the technical specifications of this RFP are MANDATORY. Vendors are specifically disallowed from taking exception to these mandatory requirements, and proposals that do not meet all mandatory requirements are subject to immediate disqualification.
2.2 MANDATORY: Awarded Vendor will be required to either:
2.2.1 Run in production and maintain the state’s existing system, using the source code owned by the state, in the awarded Vendor’s hosting production environment within 30 days of contract execution, or
2.2.2 Implement, run in production, and maintain the awarded Vendor’s proposed solution in the awarded Vendor’s hosted production environment within 30 days of contract execution.
2.2.3 Vendors proposing to run the state’s existing system should clearly describe whether the existing system will be used only as an interim solution, or whether the state’s existing system is proposed as the only system to meet the requirement of providing a No-Wrong-Door Information and Tracking System.
2.3 Mandatory requirements are those features classified as MANDATORY in Section VII, Item 2.2; Section VII, Item 11.1.3; Section VII, Item 19.6.2; and Section IX.
3. General Overview and Background
3.1 Glossary of Terms
Term Definitions
Access The ability or the means necessary to read, write, modify, or communicate data/information or otherwise use any system resource.
Business Day Monday through Sunday (excluding State holidays).
Handle Data Collect, store, transmit, have access to data.
Information System An interconnected set of information resources under the same direct management control that shares common functionality. A system normally includes hardware, software, information, data, applications, communications, and people.
A hosted environment used to support operations of the System, including storage, hardware, servers, networking, and communication components, and related operations, maintenance, and support services. Under IaaS, the awarded Vendor is responsible for the acquisition and operation of all hardware, software and network support related to the services being provided, and shall keep all software current. The technical and professional activities required for establishing, managing, and maintaining the environments are the responsibilities of the awarded Vendor.
Local Time Time in the Central Time zone as observed by the State of Mississippi. Unless otherwise specified, all stated times shall be Local Time, even if not expressly designated as such.
Normal State
Business Hours
Normal State business hours are 8:00 a.m. - 5:00 p.m. Central Time, Monday through Sunday except State Holidays, which can be found at: www.sos.ms.gov - keyword: State Holidays
Security Breach A security incident in which sensitive, protected, or confidential data is intentionally or unintentionally released to an untrusted environment, including copied, transmitted, viewed, stolen, or used by an individual unauthorized to do so. Data breaches may involve financial information such as credit card or bank details, personal health information (PHI), personally identifiable information (PII), trade secrets, or intellectual property.
Security Incident Attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in an information system.
Security or Security Measures
All of the administrative, physical, and technical safeguards in an information system.
Sensitive Data Any information from which an individual may be uniquely identified, including, without limitation, an individual’s name, address, telephone number, social security number, birth date, account numbers, and healthcare information. This confidential information is construed broadly to include DOM data, PHI, and PII, which shall include all data provided to DOM by the Social Security Administration (SSA).
Service Level Agreement (SLA)
The performance levels governing awarded Vendor support of the System and associated liquidated damages.
SLA Activation Date The date that steady-state services and charges commence for this RFP.
State The State of Mississippi
Subcontractor An agent, service provider, supplier, or vendor selected by the awarded Vendor to provide subcontracted services or products under the direction of the selected awarded Vendor or other Subcontractors, and including any direct or indirect Subcontractors of a Subcontractor. Subcontractors must be approved by the State prior to the Vendor delegating requirements to the subcontractor.
The System includes all the hardware, software, networking and facilities to operate the LTSS applications, which are described in detail in Section VII. In general, the LTSS System includes the following:
a. LTSS module
i. LTSS on-line application
ii. Interfaces b. EVV module
i. Integrated Voice Response (IVR)
ii. One Time Password (OTP)
iii. Voice Verification
iv. Claims file processing
v. Batch transaction processing c. Help Desk d. LTSS Code Library
System Source
Materials
1) Those materials necessary to wholly reproduce and fully operate the System in a manner equivalent to the original System including, but not limited to: a. The executable instructions in their high level, human
readable form which are in turn interpreted, parsed and or compiled to be executed as part of the computing system ("source code"). This includes source code created by the Software Development Vendor. and source code that is leveraged or extended by the Software Development Vendor for use in the project.
b. All associated rules, reports, forms, templates, scripts, data dictionaries and database functionality.
c. All associated configuration file details needed to duplicate the run time environment as deployed in the original system.
d. All associated design details, flow charts, algorithms, processes, formulas, pseudo-code, procedures, instructions, help files, programmer's notes and other documentation.
e. A complete list of third party, open source, or commercial software components and detailed configuration notes for each component necessary to reproduce the system (e.g., operating system, databases, and rules engine software).
f. All associated training materials for business users and technical staff.
Technical
Safeguards
The technology and the policy and procedures for its use that protect electronic protected health information and control access to it.
Total Evaluated
Price
The Vendor’s total proposed price for products/services proposed in response to this solicitation, included in Section VIII, Cost Information Submission, and used in the financial evaluation of Vendor Proposals.
3.2 ITS, on behalf of the State of Mississippi, Office of the Governor, Division of Medicaid (DOM), issues this request for proposals (RFP) to solicit offers from experienced Vendors to implement, maintain, administer, and host an interactive, web-based, No-Wrong-Door Information and Tracking System that coordinates care, increases access to Long-Term Services and Supports (LTSS), and incorporates Core Standardization Assessment Instruments, Conflict-free Case Management services, and Electronic Visit Verification capability.
3.3 On May 31, 2013, DOM released RFP No. 20130531 to provide an interactive, web-based, No-Wrong-Door Information and Tracking System that coordinates care, increases access to Long Term Services and Supports, and incorporates Core Standardization Assessment Instruments, Conflict-free Case Management Services, and Electronic Visit Verification. FEi.com, Inc. d/b/a FEi Systems was the awarded Vendor in that procurement. The state owns the source code for the system.
3.4 DOM wishes to contract with a single awarded Vendor to implement, host, and maintain a No-Wrong-Door Information and Tracking System. DOM requests proposals from experienced, responsive, responsible, and financially sound Vendors prepared to carry out all of the services detailed in this RFP.
3.4.1 Vendors proposing to run the state’s existing system should clearly describe whether the existing system will be used only as an interim solution and also clearly describe the proposed No-Wrong-Door Information and Tracking System to be implemented.
3.4.2 Vendors proposing to run the state’s existing system as both the interim and final solution for a No-Wrong-Door Information and Tracking System should clearly describe what, if any, differences will exist between the interim and the long-term solutions.
3.4.3 The state strongly prefers a solution that has been implemented previously. Ground-up development proposals are discouraged.
3.4.4 Alternatively, the state reserves the right to award in part, such that the award for implementation, hosting, and maintenance of the state’s existing system as an interim solution is separate from the award for implementation, hosting, and maintenance of a No-Wrong-Door Information and Tracking System.
3.5 The source code for the current LTSS System's software shall be provided to the awarded Vendor within five (5) days of contract execution.
3.5.1 Vendors wishing to view the existing source code while preparing a response to this RFP should make that request to Michelle Smith, using the contact information on the RFP cover page.
3.5.2 Source code is subject to change until August 30, 2017.
3.6 The proposed No-Wrong-Door Information and Tracking System must include the following modules with all of the existing functionality provided by the current LTSS System.
3.6.1 Electronic Visit Verification (MediKey): Enables the Mississippi Medicaid Program to monitor the delivery of in-home services to eligible Medicaid participants to ensure that services are provided according to the participant's plan of care and by an authorized service provider. Components of MediKey include a phone verification system, a backend interface with external systems, and a web interface providing access to service delivery data to authorized personnel for reporting purposes.
3.6.1.1 To access the phone verification system providers dial into a toll free number, provide their identifying information, and upon successful authorization, the service start time and end time is recorded. The phone verification system utilizes biometric and location based technologies in order to authenticate service delivery.
3.6.2 Integrated Voice Response (IVR): MediKey is capable of receiving phone calls from providers for automated service authorization. A call may be initiated from recipient's home phone landline or another phone, a One Time Password (OTP) is issued, and MediKey guides the providers to enter/speak certain identifying information. This information will be verified against provider and recipient data including plan of care records previously entered in the system. If all information is correct and complies with the plan of care, then MediKey will authorize the service.
3.6.3 One Time Password: In most cases, the phone verification system verifies the participant based on the phone number assigned to the landline where the service call is initiated. When a landline is not available, recipients are issued an OTP device. An OTP is a time-synchronized device assigned to participants and used to authenticate when a service takes place. The front of the token card displays a randomly generated number. This number changes every minute and can be traced back to a specific time, which in turn can be used to authenticate service.
3.6.4 Voice Verification: During the enrollment process, the provider speaks a name or phrase into the phone system. MediKey uses an algorithm to create a sound bite of the provider's voice and stores that sound bite for verification purposes. Each time the provider performs a service call they will have to speak the same phrase. The system will match the sound bite created during the service delivery against the sound bite created during enrollment and authorize service if matched.
3.7 The proposed No-Wrong-Door Information Tracking System must include the following functionality to meet or exceed the existing functionality provided by
the current LTSS System. The current LTSS System includes the following functionality, as described below.
3.7.1 In addition to the phone verification capability described above, MediKey interacts with the Mississippi Medical Information System (MMIS) and the other modules of the LTSS system. Interaction with MMIS serves two purposes. The first is to authenticate provider/patient eligibility through daily batch file transfers of Provider Enrollment, Recipient Eligibility, and Service Rate files. Second, the system, through the use of the EDI HIE portal, will retrieve ANSI X12N 835 Health Care Payment Advice files, and submit X12N 837 Health Care Professional Claim files for claim generation purposes.
3.7.1.1 DOM anticipates additional interfaces through the life of this contract. (e.g. the new Medicaid Enterprise Solution (MES), Medicaid Clinical Infrastructure (MCI), and Cerner).
3.7.2 Interaction with LTSS is established for verification of a recipient's plan of care and to ensure that the most recent information is valid. Finally, a front-end web interface is available to provide Case Managers, DOM employees, and service providers access to a variety of service, exception, and billing reports.
3.7.2.1 The Person Profile is a centralized location to store and utilize information related to an individual. The system ensures that all users of the system are using the same set of information, which is utilized to prepopulate forms completed throughout the process reducing redundant data entry and data entry errors.
3.7.2.2 The Personal Record is an intake and assessment process for a new or existing LTSS individual onto the Waiver Program. The personal record is multiple forms aggregated into one large package that will capture information and assessments gathered during the intake and assessment process.
3.7.2.3 The home page is a communication tool that displays recent policy changes, system enhancements, and training materials.
3.7.2.4 DOM staff utilize My Lists to identify outstanding work that needs to be completed and to manage their workloads.
3.7.2.5 The alerts section provides notification to users of specific events/actions that have occurred within the system and require action by the user or provides
notification/communication of information to that user to let them know of specific events that have occurred.
3.7.2.6 Provides the ability for the user to generate a printed version of the information being stored within the system.
3.7.2.7 Global Referrals is a centralized location where users can send out requests to other users within the system.
3.7.2.8 Progress Notes provide the capability for system users to update an individual’s record with notes that contain pertinent information about the person.
3.7.2.9 The Attachments module within LTSS allows for authorized users to upload necessary information against the person’s record so that other necessary users within the system can view information. Authorized users can upload in any common format.
3.7.3 Screening and Assessments
A screening tool has been implemented and utilized for determining what programs a person may be eligible for and assisting in the determination of identifying the level of care for a person.
3.7.3.1 InterRAI Assessment: Mississippi has implemented a standardized core assessment, the InterRAI-HC. The InterRAI Assessment tool provides an extensive questionnaire that captures information about the person and their condition and upon submission an algorithm runs that determines whether or not the person meets the necessary Level of Care criteria for the waiver.
3.7.3.2 Inventory for Client and Agency Planning (ICAP) Assessment: The fully integrated ICAP assessment is used to assess an individual’s service needs and monitor changes. The tool generates scoring information that can be used to assess individual functional deficits necessary to assess eligibility for services.
3.7.3.3 Waitlist: A backlog management system that is used by operating agencies to maintain and prioritize individuals that are interested in applying for a program that has a reserved number of slots available.
3.7.3.4 Registry: This component provides waiver registries organized by priority level and date; automates the
process of placing a client onto a provide registry once the screening forms have been completed, or has refused to complete a screening form; prioritizes the placement of a client based on the InterRAI screening algorithm; and, provides the capability to sort waiver registries based on prioritization group and completion date of the screening.
3.7.3.5 Services and Supports Monitoring: The billing module within the system will use the services and supports monitoring information to run validations to ensure the necessary information is in place for both the individual and the provider in order to successfully generate a case management claim that can be sent to MMIS for payment.
3.7.3.6 Reportable Events (RE): This component provides a summary page that lists current, pending, and recently reported significant events that impact the health, safety, and welfare of participants; provides a web-based portal for non-users of the LTSS system to complete and submit a RE form that is integrated in the participant record in the system; allows DOM staff or its designee to review submitted REs and attach it to a client record or save it without a link to an individual client record and log attempts to resolve identification and linking issues; creates email alerts for immediate attention and other follow-up based on the content of the RE; limits the ability to view and edit submitted RE forms to authorized staff; generates alerts to the appropriate DOM staff and case management agency for overdue follow-ups; and, provides referral capability based on responses in the RE form.
3.7.3.7 The LTSS System contains the records of over 65,000 persons and has over 4,000 registered users under a number of DOM defined user roles. The system experiences over 55,000 page loads per day and is expected to grow significantly over the contract’s period of performance.
3.7.4 DOM has the ability to track individuals applying for any of their Medicaid waiver programs from intake through enrollment and post enrollment services and follow-up. This functionality allows for seamless handoffs between various agencies involved in the application and enrollment process and enables the State to easily identify bottlenecks. Any of the core components of the waiver management process are customizable to fit the needs of Mississippi and target population of the waiver. The functionality
within the waiver management module is integrated for waivers and can be easily integrated with future waiver programs.
3.7.4.1 Processes within the LTSS System enable Mississippi to manage their processes for determining technical, medical, and financial eligibility of the elderly and physical disabled populations during their application for home and community based services.
3.7.4.2 The Independent Living Waiver is a home and community-based waiver that provides services to beneficiaries that, but for the provision of such services, would require the level of care found in a nursing facility.
3.7.4.3 The Traumatic Brain Injury /Spinal Cord Injury (TBI/SCI) Waiver is a home and community-based waiver that provides services to beneficiaries that, but for the provision of such services, would require the level of care found in a nursing facility.
3.7.4.4 The Intellectual Disabilities/Developmental Disabilities (ID/DD) Waiver module provides a coordinated service delivery system so that people receive appropriate services oriented toward the goal of full integration into their community. The ID/DD community-based service delivery systems includes various home and community-based services and supports provided through either a Medicaid State Plan or Waiver program or via ID/DD State funded services.
3.7.4.5 The Assisted Living (AL) Waiver is a statewide program designed to offer assistance to qualified Medicaid beneficiaries. This program allows qualified individuals to reside in a licensed Assisted Living Facility as an alternative to nursing facility care or other institutional care.
3.7.4.6 The Elderly and Disabled (E&D) Waiver is a statewide program designed to offer assistance to qualified Medicaid beneficiaries. The program allows qualified individuals to remain in a home or community based setting as an alternative to nursing facility care or other institutional care.
3.7.4.7 The application packet aggregates forms within an individual’s record into one centralized location to increase the efficiency at which an oversight agency can review those document and provide any necessary feedback.
3.7.4.8 With offline forms, the system adapts to working without connectivity to continue utilization of the system and all Waiver form workflow in areas where connectivity is questionable. Within LTSS, a permitted user will prepare the form by putting it into an offline state. Once a form is in an offline state, the LTSS Offline module will be utilized to populate and complete the associated form and complete the initial workflow.
3.7.4.9 The LTSS System provides the ability to manage a person’s plan of services and supports (PSS). It is used to capture all of the necessary information about a person. The PSS provides the ability for a case manager to develop the service plan and then submit for review.
3.7.4.10 The Financial Determination form is used to capture the final decision on financial eligibility. It provides all supporting worksheets that enables the user to perform calculations necessary for determining financial eligibility.
3.7.4.11 The Overall Decision form is used to capture the final decision for enrollment for all waivers and programs. This includes determination of initial enrollment, continued enrollment, initial denials, and disenrollment from programs.
3.7.4.12 For each waiver, letters have been developed that are used to communicate information to the person or to other agencies. These predefined letters are created by Mississippi and then programed in to the system so that when they need to generate a letter for a person, they only need to fill in the required data. Upon submission, notification can be sent out to the necessary parties and the letter is stored against the persons record within the system.
3.7.4.13 The Appeals & Dispositions component enables the State to track the reason an individual is appealing, such as an initial denial, discharge, or reduction in services. Appeals and the outcomes of those appeals can be completed at independent level (local, state, federal), if necessary.
3.7.4.14 Incident Reporting Provides multiple parties with the capability to log a reported complaint or incident on behalf of the person, which would include information related to who reported the event, when the event happened, and what the event was.
3.7.5.1 The State of Mississippi requires analytics and operations reports on an ongoing basis. These reports focus on gathering information required for CMS reporting, as well as reports to assist in making sound policy decisions related to the programs managed by the State.
3.7.6 Medicaid Management Information System (MMIS) Data Interface
3.7.6.1 The MMIS has a direct connection with the LTSS System. From MMIS, the system receives provider and person information that is downloaded and refreshed on a daily basis. This includes eligibility information and special program codes (enrollment information). The system also connects to MMIS for the process of claims information generated from the EVV module, sent to MMIS for verification and payment, and then back to the LTSS System for processing to display the claim information for authorized users.
3.8 Application Technology Stack – Table 1 below is an overview of the existing LTSS System application/capability technology stack.
Table 1
Application/Capability Technology/Details
Single Sign On Microsoft Federated Security Thinktecture Identity Server
Application Layer Microsoft asp.net MVC, C# Angularjs Knockoutjs jQuery Automapper StructureMap PostSharp
Service Layer Microsoft WebApi Agatha Request Response Service Layer C#
Application Utilities HelpDesk tickets AutoAppeals MMIS import Recertification Process ICAP Assignment Production DB backups
Transactional Data RavenDB 2.5
Operating System Microsoft Windows Server 2012
3.9 The existing LTSS system is currently hosted on a virtualized platform. Vendors proposing to run the state’s existing system, whether as an interim solution or as the only system to meet the requirement of providing a No-Wrong-Door Information and Tracking System, must outline the technical configuration of the proposed hosted environment using, at a minimum, the specificity outlined in Table 2 below.
3.9.1 The current Production environment contains 184 CPU Cores, 248.76 GB of RAM, and 3.972 TB of Disk Storage.
3.9.2 In addition to the above, the system maintains a monitoring system infrastructure, security system infrastructure, and a full High Availability (HA) capable Skype for Business infrastructure that will route incoming EVV calls and direct them to the Unified Communications Managed API (UCMA) servers.
4. Procurement Project Schedule
Task Date
First Advertisement Date for RFP 06/20/2017
Second Advertisement Date for RFP 06/27/2017
Deadline to Register for Web Conference 12:00 p.m. Central Time on 06/29/2017
Vendor Web Conference 3:00 p.m. Central Time on 06/29/2017
Deadline for Vendor’s Written Questions 3:00 p.m. Central Time on 06/30/2017
Deadline for Questions Answered and Posted to ITS Web Site
07/11/2017
Open Proposals 3:00 p.m. Central Time on 07/25/2017
Evaluation of Proposals Begins 07/25/2017
ITS Board Presentation 08/17/2017
Contract Negotiation 08/01/2017 – 08/30/2017
Project Coordination (Incumbent, DOM, and Awarded Vendor)
09/01/2017 – 09/30/2017
Day 1- Start Up 10/01/2017
5. Statement of Understanding
5.1 Vendors may attend a web conference on June 29, 2017 at 3:00 p.m. Central Time. Vendors will be allowed to ask unofficial questions during this conference.
5.1.1 To access the web conference, Vendors must contact Michelle Smith via e-mail no later than 12:00 p.m. Central Time, Thursday, June 29, 2017, to receive dial-in instructions.
5.1.2 Vendors should contact Michelle Smith via e-mail prior to the conference with any particular request of the state of material to be covered during the conference.
5.2 Vendors may request additional information or clarifications to this RFP using the following procedure:
5.2.1 Vendors must clearly identify the specified paragraph(s) and pages in the RFP that is in question. The following table should be used to format Vendor questions.
Question RFP Section
RFP Page
Vendor Question
1
2
3
5.2.2 Vendor must deliver a written document to Michelle Smith at ITS by Friday, June 30, 2017 at 3:00 p.m. Central Time. This document may be delivered by hand, mail, email, or fax. Address information is given on page one of this RFP. The fax number is (601) 713-6380. ITS WILL NOT BE RESPONSIBLE FOR DELAYS IN THE DELIVERY OF QUESTION DOCUMENTS. It is solely the responsibility of the vendor that the clarification document reaches ITS on time. Vendors may contact Michelle Smith to verify the receipt of their document. Documents received after the deadline will be rejected.
5.3 All questions will be compiled and answered, and a written document containing all questions submitted and corresponding answers will be posted on the ITS web site by close of business on Tuesday, July 11, 2017.
5.4 Awarded Vendor(s) are expected to work in coordination with any Vendor with which the State has a current Agreement.
5.4.1 End-of-Contract Transition: DOM requires Vendor to collaborate with a successor Vendor over a thirty (30) day transition period. Vendor shall provide the End-of-Contract Transition Plan within four (4) months before the end of their Agreement term to ensure a quality, smooth, efficient, and timely data transition to the DOM prior to the end of the Agreement. Near the end of the Agreement term, at a time requested by DOM, the Vendor shall support end-of-contract transition efforts with technical, business, and project support.
5.5 Vendor shall provide timely and thorough response to Corrective Action Plans (CAPs), as required by DOM, including completion of remediation tasks identified in the CAP and/or Vendor's response to the CAP, which could be initiated to remedy a contractual or Vendor performance issue or as an outcome from an IV&V or other review.
5.6 The State anticipates signing Service-Level Agreements (SLA) with the awarded Vendor. Section VII, Item 12 contains detailed SLA information. Vendor should attach samples of existing Service-Level Agreements.
6. Maintenance of Existing LTSS Application and Implementation of No-Wrong-Door Information and Tracking System
6.1.1 The Vendor must provide software, hardware, and networking technologies to provide managed hosting services for DOM's LTSS system. DOM shall provide the source code for the LTSS System's applications.
6.1.2 The Vendor must provide software, hardware, and networking technologies for the proposed No-Wrong-Door Information and Tracking System.
6.2 Operations (Fixed Price, Monthly): In addition to the managed hosting services, the Vendor must provision and manage the LTSS Help Desk, manage user credentialing, manage OTP devices, deploy LTSS System software releases, and maintain interfaces that include processing of files for claims activity, eligibility updates, provider updates, training, data imports/exports, and other interfaces as required.
6.2.1 The proposed cost must be provided for the full term of the contract as a monthly, fixed price, regardless of which system is in production (i.e., the state’s existing system as an interim solution and/or the No-Wrong-Door Information and Tracking System).
6.3 The current LTSS system technical solution is provided in Section VII, Item 3.8 and 3.9.
6.4 Start-up and Implementation Periods (Fixed Price, One-Time): The Vendor must coordinate transition activities in collaboration with DOM. Costs should include transition activities to: a) run in production and maintain the state’s existing system in the awarded Vendor’s hosted production environment, and b) implement, run in production, and maintain the awarded Vendor’s proposed solution in awarded Vendor’s hosted production environment, if using the state’s existing system only as an interim solution.
6.4.1 The Vendor must perform all necessary activities to prepare for, test, and certify the state’s existing LTSS technical solution as ready for cutover within thirty (30) days of the contract execution.
6.4.1 Awarded Vendor will be required to host and maintain the Mississippi Access to Care website. www.mississippiaccesstocare.com.
7. Operations Requirements
7.1 Vendor must perform claims file processing, as follows:
7.1.1 Approximately 500,000 claims per month that includes:
7.1.1.1 ANSI X12N file processing, including:
7.1.1.1.1 Execute, monitor, and provide reconciliation reporting on batch processes that generate claims file;
7.1.1.1.2 Send eligibility benefit inquiry (270 submission) as a real time request to MMIS to determine client eligibility during an actual service delivery or when a service activity record is being entered into the system via the MediKey web interface;
7.1.1.1.3 Retrieve and process eligibility benefit response (271) a real time request from MMIS providing a response as to whether the client is deemed eligible or ineligible for service;
7.1.1.1.4 Process service activity records and generate claim items through 837/835 process;
7.1.1.1.5 Add and edit service rates for billable in-home services as directed by the DOM within the time period established by Departmental policies;
7.1.1.1.6 Generate weekly 837P claim batch per departmental policies;
7.1.1.1.7 Submit weekly claim batch (providers and case managers) to MMIS per departmental policies;
7.1.1.1.8 Retrieve claim batch functional acknowledgement (997) from MMIS per departmental policies; and
7.1.1.1.9 Retrieve and process payment remittance advice from MMIS (835) per departmental policies.
7.1.2 Support DOM's processing of claims adjustments and dispositioning exceptions, including:
7.1.2.1 View claim item record per departmental policies;
7.1.2.2 Adjust claim based on 835 per departmental policies;
7.1.2.3 Search and list service activity records with available information;
7.1.2.4 View service activity records;
7.1.2.5 Edit service activity records;
7.1.2.6 Search and list claim item records;
7.1.2.7 View claim item record detail; and
7.1.2.8 Edit claim item record details.
7.1.3 Claims activity reconciliation (summarized daily, weekly, monthly) reporting - Vendor must provide methodology and sample reports with the submitted proposal.
7.1.4 Claims balance (summarized daily, weekly, monthly) reporting - Vendor must provide methodology and sample reports with the submitted proposal.
7.2 Vendor must process batch transactions and interface files. For batch transactions, Vendor must validate that batch processes were successfully executed. For interface files, Vendor must validate that the files were sent and received and must validate that the contents of the files were correctly processed.
7.2.1 Below is a sample of the files to be imported into the LTSS system:
7.3 Vendor must deploy software releases to the pre-production and production environments after confirming they are tested and approved for deployment by DOM. Major software releases are planned monthly and require deployment planning and coordination. Smaller software releases that do not require as much planning and coordination (such as critical and high defect fixes or high-priority software change requests) are deployed, as needed.
7.4 Vendor must provide personnel and a system for the Tier 1 Help Desk for LTSS and MediKey users that create initial Help Desk tickets, conduct triage, resolve Tier 1 tickets, and escalate to the appropriate party, when necessary (e.g. DOM and awarded Vendor). Tier 1 is defined as the initial receiver of inquiries from system users, either by telephone or by email.
7.5 Vendor must have the capability to respond to phone and email inquiries in English.
7.6 Vendor must resolve Tier 2 Help Desk for O&M tickets. Tier 2 O&M is defined as any issue involving investigation into the hardware, software, networking, operational, or other component or function under the purview of the awarded Vendor.
7.7 The awarded Vendor must assume issues relating to the custom-developed software.
7.8 Vendor must provide a Help Desk ticket system that captures, at a minimum, the following data:
7.8.1 Help Desk representative
7.8.2 Open date & time
7.8.3 Status with status change dates to show history
7.8.8 Escalation - current level and escalation path history
7.8.9 Resolution
7.8.10 Priority
7.8.10.1 High - e.g., major portions of the system and/or business are impacted, security issue, sensitive data loss, some payment and/or claims issues, system is slow, or data is unavailable.
7.8.10.2 Normal - e.g., non-critical features are not operating as specified or worker(s) or user(s) are unable to perform their tasks in the system.
7.8.10.3 Low - e.g., lower priority features that can be done manually are not operating as specified or request for service with ample lead-time.
7.9 Vendor must analyze Help Desk call records and provide recommendations to minimize or eliminate recurring problems, at least on a monthly basis.
7.10 Vendor must provide formal Help Desk quality assurance, customer satisfaction, and end user feedback/suggestions reports on a quarterly basis.
7.11 Vendor must provide monthly Help Desk reports and metrics to designated DOM resources. These reports will include, but are not limited to, metrics on previously opened tickets, new tickets, closed tickets, currently open tickets, quality assurance survey results, speed to answer, and abandon rate.
7.12 Vendor must provide credentials management and support for users of the LTSS System.
7.13 Vendor must record, troubleshoot, and resolve questions and issues for callers including passwords, login, network, or issues connecting with the LTSS System.
7.14 Vendor must provide email status updates to the caller/end-user when new tickets are entered and again when closed by the Help Desk.
7.15 Vendor must provide various modes by which callers may request assistance including:
7.15.1 Toll free telephone service (800 or similar number for domestic and an alternative number for international calls). Vendor will be required to port the existing numbers;
7.15.2 Web forms; and
7.15.3 Web-based self-help, documentation, FAQS, and e-mail.
7.16 The awarded Vendor must provide release notes and, when appropriate, training to support the awarded Vendor's knowledgebase updates to the Help Desk tool associated with a particular release.
7.17 Vendor must provide the caller with an opportunity to provide feedback for each of the help mechanisms listed in Section VII, Item 7.15 that the caller used during a particular call.
7.18 Vendor must provide redundant systems to ensure Help Desk availability including, but not limited to, the telephone system used by the awarded Vendor. Voice mail shall be accessible on a 24-hour basis.
7.19 Vendor must provide Help Desk system user credentials for DOM staff.
7.20 Vendor must provide training to DOM resources in the use of the proposed tracking/reporting system. Vendor will be required to provide a minimum of two on-site and two remote training session per year.
7.21 Vendor must, as part of its ongoing operational services, provide updates to the Help Desk scripts in accordance with LTSS System releases. Vendor will be required to submit changes ten (10) days prior to updating the scripts with DOM approval.
7.22 Vendor must, as part of its ongoing operational services, perform ongoing training of customer service representatives in the LTSS System. Vendor will be required to submit training documents ten (10) days prior to on-site/remote training with DOM approval.
7.23 Vendor must staff Help Desk to handle current inquiry volumes, as described in the following table:
8.1 Vendor must complete the Start-up Period within thirty (30) calendar days from the contract execution. During the Start-up Period, the Vendor must complete the following:
8.1.1 On-site Kick-Off Meeting must be held within five (5) business days of contract execution. The kick-off meeting materials shall cover:
8.1.1.1 Introduction of personnel from the Vendor team and DOM
8.1.1.2 Review of work plan
8.1.1.3 Discussion of assumptions, risks and issues
8.1.1.4 Logistics for communications
8.1.1.5 Additional topics as determined necessary
8.1.2 Fully staff key positions: The State defines Key Personnel as staff who fill critical project roles and who have the authority and responsibility for planning, directing, and controlling the project activities necessary for a successful project implementation. Vendor must clearly identify all Staff considered Key Personnel.
8.1.2.1 DOM must approve all Key Personnel
8.1.3 Project Management Plan (PMP) & Project Work Plan must be submitted within five (5) business days of contract execution. A Project Work Plan must be submitted for both a) transition of the state’s existing system as an interim solution, and b) implementation of a No-Wrong-Door Information and Tracking System.
8.1.3.1 The Vendor must provide a Project Management Plan that includes the following sections/sub-plans:
8.1.3.1.1 RACI Matrix depicting roles & responsibilities of the awarded Vendor and DOM,
8.1.3.1.2 Scope Management,
8.1.3.1.3 Schedule Management,
8.1.3.1.4 Procurement Management,
8.1.3.1.5 Quality Management,
8.1.3.1.6 System Change Management and Configuration Management (software versions and licensing, code libraries, etc.),
8.1.3.1.12 Vendor must submit bi-weekly updates to the Project Work Plan thereafter.
8.1.4 Transition Plan must be submitted with five (5) business days of contract execution and must include a planned approach for transitioning all contract activities within the specified thirty (30) calendar day timeframe. The plan shall include the Vendor's:
8.1.4.1 Proposed approach,
8.1.4.2 Tasks, subtasks, and schedule for activities,
8.1.4.3 Organizational Governance Chart,
8.1.4.4 Project Team Organization Chart,
8.1.4.5 Contract list of all key personnel and executives involved in the project,
8.1.4.6 A high-level timeline that encompasses all major project-related activities,
8.1.4.7 Identification of any potential risks or issues to timely implementation, and proposed mitigations, and
8.1.4.8 A detailed description of a process for review, revision, and approval of all deliverables and project artifacts to be approved by DOM.
8.1.5 Technical Operations Plan (TOP) must be submitted within fifteen (15) business days after contract execution and should support networking and integration. The Vendor shall provide a technical architecture (hardware, software, net gear, etc.) schematic of its technical infrastructure, roles and responsibilities of staff, methods and procedures for maintenance and operations of Vendor's technical infrastructure, and communications protocols. At a minimum, the Technical Operations Plan shall include:
8.1.5.11 Licensing and Warranty Tracking for Hardware and Software
8.1.5.12 Certificate Expiration Date Tracking
8.1.5.13 Other items as mutually agreed upon
8.1.5.14 Vendor must obtain DOM approval of the Technical Operations Plan, which shall include all off-site procedures, locations, and operational protocols.
8.1.6 Develop a Software Deployment Plan
8.1.7 Implement and maintain a Source Code Version Management and Configuration Control for all code, release notes, etc. so that releases can be rolled back.
8.1.8 Help Desk Operations Plan must be submitted within fifteen (15) business days of contract execution. Vendor shall include in their proposal their approach for Help Desk operations. The plan for Help Desk Operations, should include at a minimum:
8.1.8.1 Implement and test a ticketing system
8.1.8.2 Help Desk infrastructure (hardware & software)
8.1.8.3 Staffing plan
8.1.8.4 Metrics and key performance indicators (KPIs)
8.1.8.5 System response time test script execution
8.1.9 Develop a Continuity of Operations Plan (BCDR)
8.1.9.1 BCDR Plan must be submitted within twenty (20) business days of contract execution and within ten (10) days of a change or an annual update. The BCDR shall describe the Vendor's protocols, including communications with DOM, for interruptions in normal business operations. The BCDR shall include a section describing Disaster Recovery processes, methodology, resources, and key performance metrics. This section shall explain how the Vendor will mitigate downtime and ensure BCDR protocols are in place for the LTSS System and the Vendor's hosting and operations. See Section VII, Item 13 Backup / BCDR contents.
8.1.10 Design, build, test, and certify hardware and software to support the awarded Vendor’s LTSS technical solution. Resulting in cutover from Software Development Vendor to awarded Vendor.
8.1.11 Defects Tracker must be submitted within fifteen (15) business days of contract acceptance. List of known technical solution defects by tracking number, severity, brief description, disposition, and target implementation date (required for 1 - Critical and 2 - High defects, optional for 3 - Medium and 4 - Low defects).
8.1.12 Technical Infrastructure Test Master Plan must be submitted within fifteen (15) business days of contract execution. At a minimum, the Technical Infrastructure test process shall address performance (including baseline system response time), load, and stress on all impacted system components. Technical Infrastructure testing shall be executed prior to the "go live" (i.e. cutover from legacy O&M Vendor to awarded Vendor).
8.1.13 LTSS Code Library Management Plan must be submitted within fifteen (15) business days of contract execution The LTSS Code Library Management Plan describes the Vendor's approach, tools, and roll back procedures should a software deployment require reverting to a prior version of the LTSS software.
8.1.14 Hosting and Operations Cutover Readiness Meeting must be held within twenty (20) calendar days of contract execution. Vendor shall hold a meeting where the Vendor shall present its readiness for
cutover and certify that the hosting and operations cutover is ready for Go-Live.
8.1.15 Hosting and Operations Cutover must take place within thirty (30) calendar days of contract execution. Vendor shall certify that the hosting and operations cutover is completed. The LTSS system is "Live" on the Vendor's technical infrastructure and O&M tasks and responsibilities are under their purview. LTSS system shall be fully operational, including all technical components (e.g. web-based, IVR, toll-free numbers, etc.) and connectivity for interfaces and claims processing. Hosting and operations cutover requires DOM's approval prior to Vendor exiting the Start-Up Period phase.
8.1.15.1 Vendor must only commence hosting activities and associated billing upon acceptance of the Hosting and Operations Cutover deliverable.
8.1.16 Develop the End-of-Contract Transition Plan as defined in Section VII, Item 5.3.
8.2 Vendor must develop, with DOM's input, other project artifacts including:
8.2.1 Monthly Progress Reports,
8.2.2 Bi-weekly Project Work Plan updates,
8.2.3 Maintenance Schedule, and
8.2.4 Tracking tools for:
8.2.4.1 Hardware Inventory,
8.2.4.2 Hardware Maintenance Agreements,
8.2.4.3 Software Licenses,
8.2.4.4 Patches, and
8.2.4.5 Technical Infrastructure Changes.
8.3 Vendor must develop a method for diagnosing reported system issues and determining if the issue is a defect. Vendor will be responsible for resolving all defects.
8.3.1 Vendor must develop a method for deploying the current code into awarded Vendors pre-production environment and validating that the code is ready for deployment into the production environment (as documented in the Software Deployment Plan).
8.4 Vendor must ensure that secure protection, backup, and DR measures are in place and operational as a prerequisite to cutover from the current O&M Vendor to the awarded Vendor hosting and operations of the production LTSS System (i.e., for end of Start-Up Period) and for the duration of the contract. Vendor must ensure no loss of data or configuration of the environments.
9. Hosting Requirements
9.1 Hosting requirements relate to system hosting, operations, and performance required under this RFP.
9.2 Vendor must provide a primary data center located in the continental United States.
9.3 Vendor must provide a disaster recovery (DR) data center location in the continental United States that is at least twenty-five (25) miles from the primary facility. Vendor’s proposal shall describe how the DR data center location minimizes risk in the event of disaster, including service levels for recovery and minimizing data loss.
9.4 Vendor must provide network protection to prevent attacks on DOM's servers and to ensure DOM's data, information, and networks are secured to prevent unauthorized access.
9.5 Vendor must ensure the facility is compliant with SSAE16 and HIPAA standards.
9.6 Vendor must ensure it has the capacity to handle approximately 1,500,000 hits per month.
9.7 Vendor must provide all equipment required to provision, monitor, and manage the circuit to the hosting and DR facilities.
9.8 Vendor must provide dedicated services with no intermingling of data or resources with other clients other than the State of Mississippi. This includes all internet connectivity.
9.9 Vendor must provide internet connectivity with sufficient capacity to support LTSS System and future growth over the duration of the contract.
9.10 Vendor must demonstrate in the proposal its ability to increase the size of the circuit in incremental increases of ten (10) Mbps, one hundred (100) Mbps, and one (1) Gbps, should DOM require an increase in the future. Pricing must be provided in Section VIII, Cost Information Submission as an optional cost.
9.11 Vendor must provide WAN encrypted tunnel support to DOM from both the primary and the DR site.
9.12 Vendor must provide a firewall and security solution that complies with the transmission security provisions of the HIPAA, as well as all relevant federal, state, and local laws.
9.13 Vendor must provide a description of the proposed network security and the effectiveness of the proposed system protocols and measures to prevent intrusion and protect DOM's data.
9.14 Vendor must provide Security services that include the following:
9.14.1 The Security service shall provide monitoring for timely reporting of threats and intrusions.
9.14.2 The Security services shall provide security protections to prevent unauthorized access to DOM's information, software, and systems.
9.14.3 The Security services shall include a security agent to control all traffic between the primary and disaster recovery center and the outside world and protect against unauthorized access or intrusions.
9.14.4 The Security services shall allow reporting for firewall and other statistics from any Internet browser with monthly analysis and recommendations to improve security and throughput.
9.15 Vendor must ensure the security, integrity, and availability of the data to the DOM, and shall describe in its proposal the levels it will achieve and how it intends to achieve security, integrity, and availability, including DR services.
9.16 Vendor must provide system and data reliability through off-site system and data backup in accordance with the SLA.
9.17 Vendor must update this information as equipment is retired or added as part of the change control process defined in Section VII, Item 11.3.
9.18 Vendor must install and configure all hardware and software required to build out the following environments:
9.18.1 Pre-production
9.18.2 Training
9.18.3 Production
9.19 Vendor must perform recording and reporting on security incidents and breaches (both immediate reporting and summary reporting).
9.20 Vendor must perform reporting on login attempts.
9.21 Vendor must provide managed services, including: a managed firewall, system and application monitoring, performance monitoring, server startup and
shutdown support, hardware maintenance, network alerts, troubleshooting and response, operating system patch installation and minor upgrades, file system management support, failure tracking, and backup and restore of all system components and data.
9.22 Vendor must implement and support a software version control application to maintain the LTSS compiled code.
9.23 Vendor must provide Database Performance Reports upon request.
9.24 Vendor must create and update, at least once per month, the Technical Solution Performance Report.
9.25 Vendor must establish a baseline response time for the LTSS System's on-line transactions. Awarded Vendor must develop a test script that can be executed and monitored by awarded Vendor. The response time test script shall measure on-line transactions that do not change data and transactions, as well as those that do change data. The baseline response time shall be established prior to Go-live. Response time is measured on an ad hoc basis when requested by DOM.
9.26 Vendor must maintain the Technical Operations Plan, as defined in Section VII, Item 8.1.6 and provide updates annually or within 30 days of changes that impact backup, disaster recovery, or other continuity of operations activities.
10. Security Requirements
10.1 Information Security Technology
10.1.1 The Vendor and/or Subcontractor (if applicable) shall implement administrative, physical, and technical safeguards to protect State data that is no less rigorous than accepted industry standards for information security such as those listed in Item 10.2 below; and shall ensure that all such safeguards, including the manner in which State data is collected, accessed, used, stored, processed, disposed of and disclosed, comply with applicable data protection and privacy laws as well as the terms and conditions of this Agreement.
10.1.2 The Vendor and/or Subcontractor shall, at a minimum, comply with and adhere to the Mississippi Department of Information Technology Enterprise Security Policy.
10.2 Information Security Requirements
To ensure sufficient data protection safeguards are in place, the Vendor and/or Subcontractor shall at minimum implement and maintain the following at all times. The Vendor and/or Subcontractor may augment this list with additional information technology controls.
10.2.1 Establish separate pre-production, production, and training environments for systems supporting the LTSS System and ensure that production data is not replicated in any non-production environment unless it has been modified to protect the confidentiality of sensitive data elements.
10.2.2 Apply hardware and software hardening procedures as recommended by the manufacturer to reduce the LTSS System's surface of vulnerability. These procedures may include, but are not limited to, removal of unnecessary software, disabling or removing of unnecessary services, the removal of unnecessary usernames or logins, and the deactivation of unneeded features in the LTSS System configuration files.
10.2.3 Establish policies and procedures to implement and maintain mechanisms for regular internal vulnerability testing of operating system, application, and network devices supporting the LTSS System. The Vendor and/or Subcontractor shall evaluate all identified vulnerabilities for potential adverse effect on the system's security and integrity and remediate the vulnerability promptly or document why remediation action is unnecessary or unsuitable. DOM shall have the right to inspect these policies and procedures and the performance of vulnerability testing to confirm the effectiveness of these measures for the services being provided.
10.2.4 Where website hosting or Internet access is included as part of the services provided under this RFP, the Vendor shall conduct regular external vulnerability testing. External vulnerability testing is an assessment designed to examine the Vendor's security profile from the Internet without the benefit of access to internal systems and networks behind the external security perimeter. The Vendor shall evaluate all identified vulnerabilities on Internet-facing devices for potential adverse effect on the system's security and integrity and remediate the vulnerability promptly or document why remediation action is unnecessary or unsuitable. DOM shall have the right to inspect these policies and procedures and the performance of vulnerability testing to confirm the effectiveness of these measures for the services being provided.
10.2.5 Ensure that anti-virus and anti-malware software is installed and maintained on all systems supporting the LTSS System's services; that the anti-virus and anti-malware software is automatically updated; and that the software is configured to actively scan and detect threats to the system for remediation.
10.2.6 Enforce strong user authentication and password control measures over the LTSS System to minimize the opportunity for unauthorized system access through compromise of the user access controls. At a minimum, the implemented measures should be consistent with the most current DOM Information Security Policy, including specific
requirements for password length, complexity, history, and account lockout.
10.2.7 Ensure that State data is not commingled with the Vendor's other clients' data. This includes, but is not limited to, classifying data elements and controlling access to those elements based on the classification and a user's access or security level.
10.2.8 Apply data encryption to protect State data from improper disclosure or alteration. Data encryption shall be applied to State data in transit over networks, State data at rest within the system, and State data when archived for backup purposes. Encryption algorithms that are utilized for this purpose must comply with current Federal Information Processing Standards (FIPS), "Security Requirements for Cryptographic Modules", FIPS PUB 140-2.
10.2.9 Enable appropriate logging parameters on systems supporting the LTSS System to monitor user access activities, authorized and failed access attempts, system exceptions, and critical information security events as recommended by the operating system and application manufacturers.
10.2.9.1 Proposed solution must retain the logs and identify suspicious or questionable activity for investigation. Vendor must document the cause and perform any required remediation.
10.2.10 Ensure system and network environments are separate by properly configuring and updating firewalls to protect and isolate State data from unauthorized access.
10.2.11 Restrict network connections between trusted and untrusted, isolating systems supporting the LTSS System from unsolicited and unauthenticated network traffic.
10.2.12 Vendor shall adhere to DOM's Incident Response Protocol and incorporate these actions into the Vendor's processes and procedures for addressing information security.
11. Vendor Qualifications
The Vendor shall provide staffing and resources to fully supply the following services:
11.1.1 The Vendor shall maintain a physical office within the Continental United States.
11.1.2 Vendor and subcontractors shall conduct all LTSS project work within the United States and include in the proposal all locations where work is to be performed and the nature of the work at each location. Vendor shall provide an address, phone number, and a contact person for each location.
11.1.3 MANDATORY - The Vendor shall not process, transfer, or store LTSS data under the services of this RFP outside of the United States.
11.2 Testing and Implementation
11.2.1 The Vendor will be required to receive DOM sign-off on all testing and release/implementation documentation.
11.2.2 The Vendor shall be required to confirm DOM deployment approval for all software releases.
11.2.3 The Vendor shall develop a System Performance Test Plan, for software releases and equipment upgrades.
11.2.4 The Vendor shall execute deployment, actively communicating with DOM, including, but not limited to, confirmation that the software release has been deployed successfully in the pre-production and production environments.
11.2.5 The Vendor shall have rollback procedures in place. These procedures shall include communications, vetting, and approval flow with the involvement of the Vendor and DOM.
11.2.6 The Vendor shall closely monitor system performance for a period of time that is appropriate for each software release (i.e. longer for major releases).
11.2.7 Vendor will be required to deploy changes outside normal business hours.
11.3 Change Control Process
11.3.1 The Change Control Board (CCB) is a joint group with responsibility for all aspects of the LTSS System. The CCB will maintain a change control tracker.
11.3.2 The Vendor shall implement a change control tracking and reporting system that uniquely identifies the Vendor-related change control item with a tracking number, brief description, long description, disposition (e.g. pending, approved, deferred, rejected, deployed, etc.), proposed cost, estimate breakdown (i.e. hours and rate by labor category),
priority (1-critical, 2-high, 3-medium, and 4-low), rank, reported by, assigned to, key dates (e.g. identified, submitted to DOM, approved by DOM, deployed, etc.), notes/comments, and other fields as mutually agreed upon by DOM and the Vendor.
11.3.3 The Vendor shall participate in CCB meetings conducted at least once per month or at DOM's request. The CCB will include DOM's Contract Monitor, DOM Project Manager, and representatives from key stakeholder groups, as unilaterally determined by DOM. Vendor will typically be represented by the Vendor Project Manager as the required CCB member. Other Vendor personnel shall be made available, to facilitate productive execution of the CCB. If the CCB does not agree on an item's classification as either a change request, clarification of a requirement, or a defect, DOM's determination shall be final.
11.3.4 Vendor shall follow Change Control Board (CCB) process to request technical solution changes in advance. No change to the Technical Solution shall be implemented without prior DOM approval of the concept, approach, impact assessment, and schedule.
11.3.5 The Vendor shall prepare for the CCB by compiling candidate hosting and/or operations related CCB items. The list of candidate CCB items shall include enough information for the CCB to determine if the Vendor is required to formally submit a change request for an item.
11.3.6 CCB shall review proposed change requests. If approved, the Vendor shall provide a target completion date and provide updates to DOM's Project Manager on all change requests that are in process.
11.3.7 The Vendor shall provide a Change Request Summary that includes the unique tracking number, short description, cost (if applicable), date submitted, date approved, current status, approved date, completion date, and any relevant notes or comments. The Vendor shall provide a summary of the total cost and quantity of all approved/deployed change requests. "No Cost" change requests are also to be submitted for review and approval by the Vendor.
11.3.8 For all change control items that are implemented, the Vendor shall provide a twenty (20) calendar day post-launch warranty period where the change request is free of defects prior to billing for the item. Significant defects addressed during the warranty period reset the warranty period, based on the time they are fixed and implemented.
11.4 LTSS System's Code Library
11.4.1 The Vendor shall receive from the State the source code and all associated documentation (including release notes and any deployment procedures) for the LTSS applications software. Vendor
must maintain compiled code as well as any revised code in the LTSS System’s Code Library.
11.4.1.1 The Vendor is responsible for labeling all documentation and code with the appropriate release numbering.
11.4.2 The awarded Vendor shall ensure the source code, object code, documentation, and any other related artifacts are is not made available to any party other than DOM without DOM's written approval.
12. Service Level Agreements (SLA)
12.1 Vendor must provide monitoring and reporting features to clearly identify adherence to the SLA for availability of the technical solution. Vendor will also be required to report on bandwidth usage, backup frequency, and success.
12.2 SLA Effective Date (SLA Activation Date)
12.2.1 SLAs set forth herein shall be in effect beginning with the commencement of monthly services. The Vendor shall be responsible for complying with all performance measurements and ensure compliance by all subcontractors.
12.2.2 Beginning on the SLA activation date, any performance measurement not met during the monthly reporting period, the SLA credit for that individual measurement shall be applied to the monthly fees.
12.3 Failure to Meet SLA
12.3.1 Liquidated Damages and Corrective Action Plans
12.3.1.1 DOM may require corrective action in the event that any deliverable, report, SLA, or the like should indicate that the Vendor is not in compliance with any provision of this Contract. DOM may also require the modification of any policies or procedures of the Vendor relating to the fulfillment of its obligations pursuant to this Contract. DOM may issue a deficiency notice and may require a corrective action plan be filed within fifteen (15) calendar days following the date of the notice. A corrective action plan shall delineate the time and manner in which each deficiency is to be corrected. The corrective action plan shall be subject to approval by DOM, which may accept it as submitted, accept it with specified modifications, or reject it. DOM may extend or reduce the time frame for corrective action depending on the nature of the deficiency, and shall be entitled to exercise any other right or remedy available to it, whether or not it issues a deficiency notice or provides Vendor with the opportunity to take corrective action.
12.3.1.2 Because performance failures by the Vendor may cause DOM to incur additional administrative costs that are difficult to compute, DOM may assess liquidated damages against the Vendor pursuant to this section, and deduct the amount of the damages from any payments due the Vendor. DOM, at its sole discretion, may establish an installment deduction plan for the amount of any damages. The determination of the amount of damages shall be at the sole discretion of DOM, within the ranges set forth below. Self-reporting by the Vendor will be taken into consideration in determining the amount of damages to be assessed. Unless specified otherwise, DOM shall give written notice to the Vendor of the failure that might result in the assessment of damages and the proposed amount of the damages. The Vendor shall have fifteen (15) calendar days from the date of the notice in which to dispute DOM’s determination. DOM may assess damages for specific performance failures set forth below. DOM may assess higher liquidated damages amounts when the Vendor consistently fails to meet specific performance standards and the deficient performance has not been corrected.
12.3.1.3 Assessment of actual or liquidated damages does not waive any other remedies available to DOM pursuant to this contract or State and Federal law. If liquidated damages are known to be insufficient, then DOM has the right to pursue actual damages.
12.3.1.4 Failure by Vendor to develop or maintain all required electronic and data systems. ($2,500 per calendar day)
12.3.1.5 Failure by the Vendor to submit by the due date or otherwise comply with reporting, deliverable, or SLA requirements set forth in this RFP. (Unless otherwise specified in this RFP, $500 per instance, per calendar day the report, deliverable, or SLA remains late, deficient, or otherwise noncompliant with applicable requirements.)
12.3.1.6 Failure by Vendor to maintain staffing levels, including the number and qualifications of staff, and provision of key positions that are outlined in this RFP. ($2,500 per calendar day)
12.3.1.7 Failure by Vendor to respond to DOM requests by the due date or as otherwise required in this RFP. ($500 per instance, per calendar day the response remains late or deficient)
12.3.1.8 Failure of Vendor to comply with close out and turnover requirements may result in the assessment of damages of up to $25,000.00 that, if imposed, shall be deducted from the final payment to be made to Vendor.
12.3.1.9 Failure by the Vendor to resubmit rejected files with all of the required data elements in the correct format by the Vendor within fourteen (14) calendar days from the date the Vendor received the rejected file. ($500 per instance)
12.3.1.10 Failure by the Vendor to obtain approval in writing by the Division of Medicaid for material requiring DOM approval. ($1,000 per instance)
12.3.1.11 Failure to timely submit a DOM approved Corrective Action Plan (CAP), DOM may assess liquidated damages of $500 per business day until the CAP is submitted.
12.3.1.12 Failure to successfully carry out a DOM approved CAP within the time frames outlined in the CAP, DOM may assess $500 per business day until the CAP is completed.
12.3.1.13 Unauthorized utilization of the data in violation of the requirements of this RFP ($10,000 per occurrence). An occurrence means each unauthorized use, regardless of the number of beneficiaries or providers involved.
12.3.1.14 Unauthorized use of DOM’s name, brand, or likeness in violation of this contract ($1,000 per occurrence). An occurrence means each unauthorized use.
12.3.1.15 Failure to meet the requirements of Health Insurance Portability and Accountability Act (HIPAA) ($1,000 per occurrence). An occurrence means each improper use or disclosure of beneficiary information.
12.3.1.16 Failure to meet the requirements of the Business Associate Agreement (BAA) or Data Use Agreement (DUA) ($1,000 per occurrence). An occurrence means each failure to comply with the BAA or DUA requirements, regardless of the number of beneficiaries or clinicians involved.
12.3.1.17 Any other failure of Vendor that DOM determines constitutes substantial non-compliance with any material term of the contract and/or RFP not specifically enumerated herein. (between $1 and $5,000 for each failure)
12.3.1.18 The Vendor shall publish on their public website any actual or liquidated damages approved by DOM within fifteen (15) business days of notice of DOM approval and maintain the document on the site through the contract term.
12.4 Repeated Failures
12.4.1 In the event of repeated violations of a single SLA measure or multiple failures across SLA measures over two consecutive months, the State reserves the right to renegotiate SLA measures and/or escalate the applicable reductions by 50% of the stated liquidated damages after non-responsiveness. Repeated violations may be grounds for Termination for Cause.
12.4.2 If the same SLA measurement yields an SLA credit more than once, the Vendor shall conduct a root cause analysis. Such root cause analysis shall be provided within 30 days of the second breach and every breach thereafter.
12.5 The Vendor is expected to meet the following Service Levels:
12.5.1 Start-up Period SLA
Service Requirement Measurement SLA SLA Credit
LTSS System Cutover
- Over 30 calendar days
<30 calendar days LTSS System shall be cutover from the current Vendor to the awarded Vendor.
Each calendar day beyond 30 days
Up to
$10,000/day
12.5.2 Operations SLAs: Operations
Service
Requirement
Measurement SLA SLA
Credit
Problem Resolution Time - High
Resolution Time for each High Priority Problem. Problem resolution time is defined as the period of time from when the Help Desk ticket is opened to when it is properly resolved. Section VII, Item 7.8.10 defines high, normal and low priority.
98% <4
hours
$3,000
Problem Resolution Time - Normal
Resolution Time for Normal Priority Problems 98% <24 hours
Time for Help Desk to Create a Ticket for Email & Voicemail (90% goal)
90% <1
business day
$6,000
Help Desk
Operations - Backlog Email & Voicemail
Time for Help Desk to Create a Ticket for Email & Voicemail (98% goal)
98% <3
business days
$6,000
Claims Operations - Claims Payment Cycles
100% of payments cycles shall be submitted for processing on time. Provider and caseworker payment cycles are treated as separate occurrences. Payment cycles occur every other week, resulting in 4 or 6 cycles per month.
Currently, DOM's claims payment cutoff is 3:00 PM EST each Thursday, unless DOM issues guidance for a deviation to the schedule due to holiday schedule or other need.
Per occurrence
(4-6 per month)
$6,000
12.5.3 Hosting SLAs: Hosting SLA credit is applied to the Monthly Managed Hosting line of Section VIII, Cost Information Submission Form.
The LTSS System shall be available 24X7X365, unless DOM approves scheduled downtime for maintenance. All application functionality and accessibility shall be maintained at 99.75% uptime performance levels. Vendor shall minimize or eliminate unscheduled network downtime to .25% or less.
LTSS System Availability is measured from the time of the outage to either module - LTSS and/or MediKey (including IVR).
Scheduled maintenance that is pre-approved by DOM, as requiring an outage, does not count against uptime. Slowness of the LTSS System, as described in 20.4 shall be considered against uptime should the issue persist 24 hours or longer.
The SLA Credits for this Measurement are aggregated, i.e. each lower level of failure adds the stated additional percentage (for a maximum 10% credit at the lowest level). As determined through Root Cause Analysis (RCA), the following may be excluded from the SLA:
a. On-line reports b. Ad hoc reports/queries c. Defects and/or inefficient custom LTSS System
software, as confirmed by DOM d. Transactional database application design
and/or construction
Database replication- related issues (i.e. from transactional to reporting database)
<99.75%
<99.25%
98.75%
<98.25%
$6,000
+$6,000
+$9,000
+$9,000
LTSS System
Recovery
In the event of a declared disaster, the recovery time objective of the LTSS system is forty-eight (48) hours. The system should be fully operation and available.
The SLA Credits for this Measurement are aggregated,
i.e. each lower level of failure adds the stated additional
percentage (for a maximum 50% credit at the lowest
13.1 Vendor shall provide all necessary planning and activities necessary to ensure continued LTSS System operations in accordance with the SLAs set forth in Section VII, Item 12.
13.2 Vendor shall document all backup and disaster recovery procedures in a business continuity/disaster recovery plan (BCDR).
13.3 The BCDR Plan shall be updated no less than once annually and within ten (10) days of a significant change in operations that impact backups, disaster recovery, or other BCDR procedures.
13.4 Vendor shall provide the BCDR Plan in hard and soft copy to DOM and shall provide DOM with up-to-date copies within ten (10) business days whenever changes are required.
13.5 The BCDR Plan shall include:
13.5.1 Objectives of the Plan,
13.5.2 What situations and conditions are covered by the Plan,
13.5.3 Disaster declaration process,
13.5.4 Executing the BCDR Plan,
13.5.5 Technical considerations,
13.5.6 Roles and responsibilities of Vendor staff,
13.5.7 How and when to notify the Department's Contract Monitor,
13.5.8 Recovery procedures (Disaster Recovery), and
13.5.9 Data backup, to include:
13.5.9.1 The configuration of online backup procedures,
13.5.9.2 The configuration of export procedures,
13.5.9.3 The configuration of import procedures,
13.5.9.4 Maintenance of archived data,
13.5.9.5 Scheduling and performance of backups,
13.5.9.6 Monitoring of backup logs,
13.5.9.7 The recovery of databases with their required structures and objects, and
13.5.9.8 Secure off-site storage of all critical transactions and data.
13.5.10 Vendor must include procedures for deactivating the BCDR Plan.
13.5.11 Vendor shall provide in the BCDR Plan contact information for key personnel that can be contacted and reachable 365X24X7 for BCDR purposes.
13.5.12 Vendor shall provide (and describe in its proposal) a secondary site sufficient for fully supporting the LTSS System in the event the primary site is disabled, including Uninterruptable Power Source (UPS), voice, data, and telecommunications circuit provisioning.
13.5.13 Vendor shall perform backups of all servers on a regular basis according to industry standards. This shall include daily incremental backups and full weekly backups of all volumes of servers.
13.5.14 Vendor shall provide current, historical, and archived data, tables, and files in the systems shall be protected in an off-site location approved by DOM to mitigate the risk of a natural or man-made disaster.
13.5.15 Vendor shall ensure that all back-up files are encrypted. The key for encryption shall not be stored with the system backup files and data. The encryption process shall be performed and verified prior to shipping the files and data backups off-site.
13.5.16 DOM reserves the right to audit the back-up process at its discretion.
13.5.17 Vendor shall perform an annual BCDR Test, involving the loading and recovery of the data backup media and shall include, at a minimum, the verification of data integrity.
13.5.18 Vendor shall execute BCDR Test at no additional cost to DOM. DOM reserves the right to waive part or all or the demonstration. In the event Vendor's demonstration fails to meet the stated goals and objectives of the demonstration, Vendor shall continue to execute the demonstration until satisfactory to DOM, at no additional cost.
13.5.19 Vendor shall perform an annual review of the DR data center procedures for all off-site storage and validation of security procedures. A report of the DR data center review shall be submitted within fifteen (15) business days of the review.
13.5.19.1 DOM reserves the right to inspect the DR data center at any time with 24-hour notification.
13.5.20 Vendor shall provide check point/restart capabilities and other features necessary to ensure reliability and recovery, including telecommunications for voice and data circuits in the event of a disaster. These checkpoint/restart capabilities shall be documented in the BCDR Plan.
13.5.21 Vendor shall provide detailed instructions for installation and recovery of the system including operating system, applications, voice, data, and Help Desk.
13.5.22 Vendor shall include detailed instructions for the rotation to the off-site facility. Procedures shall be specified for updating off-site materials.
13.5.23 The Vendor shall not process, transfer, or store LTSS data under the services of this RFP outside of the United States.
14. Requirements for Hardware, Software, and Materials
Vendor shall provide all necessary software, hardware, and networking technologies to provide managed hosting services for DOM's LTSS system. The State does not intend to own the hardware or software licenses. The LTSS System's code shall be provided by DOM and installed by the awarded Vendor. The current LTSS system technical solution is provided in Section VII, Item 3.12 and 3.13.
15. Requirements for Technical Architecture Recommendations
Vendors must propose an architecture that best supports the existing and proposed LTSS Systems, as applicable, while allowing the Vendor to meet the service level metrics in Section VII, Item 12.
DOM is interested in suggestions from the Vendor regarding alternative architectures that would support LTSS while also achieving other objectives, such as reduced reliance on technologies that are nearing obsolescence or have a limited pool of knowledgeable resources.
16. Additional Deliverables and Reports
16.1 Deliverable Submission
16.1.1 A standard deliverable review cycle will be elaborated and agreed-upon between the State and the Vendor. This review process is entered into when the Vendor completes a deliverable.
16.1.2 Unless specified otherwise, written deliverables shall be compatible with Microsoft Office.
16.2.1 The DOM Project Manager shall review a final deliverable to determine compliance with the acceptance criteria as defined for that deliverable. The DOM Project Manager is responsible for coordinating comments and input from various team members and stakeholders. The DOM Project Manager is responsible for providing clear guidance and direction to the Vendor in the event of divergent feedback from various team members.
16.2.2 For every deliverable, the DOM Project Manager will issue to the Vendor a notice of acceptance or rejection.
16.2.3 In the event of rejection of a deliverable, the DOM Project Manager will formally communicate in writing any deliverable deficiencies or non-conformities to the Vendor, describing in those deficiencies what shall be corrected prior to acceptance of the deliverable in sufficient detail for the Vendor to address the deficiencies. The Vendor shall correct deficiencies and resubmit the corrected deliverable for acceptance within the agreed-upon time period for correction.
16.2.4 At the DOM Project Manager's discretion, subsequent project tasks may not continue until deliverable deficiencies are corrected and accepted by the DOM Project Manager or the DOM Project Manager has specifically issued, in writing, a waiver for conditional continuance of project tasks.
16.3 Minimum Deliverable Quality
16.3.1 The Vendor shall subject each deliverable to its internal quality-control process prior to submitting the deliverable to the State.
16.3.2 Each deliverable shall meet the following minimum acceptance criteria:
16.3.2.1 Be presented in a format appropriate for the subject matter and depth of discussion.
16.3.2.2 Be organized in a manner that presents a logical flow of the deliverable's content.
16.3.2.3 Represent factual information reasonably expected to have been known at the time of submittal.
16.3.2.4 In each section of the deliverable, include only information relevant to that section of the deliverable.
16.3.2.5 Contain content and presentation consistent with industry best practices in terms of deliverable completeness, clarity, and quality.
16.3.2.6 Meets the acceptance criteria applicable to that deliverable, including any State policies, functional or non-functional requirements, or industry standards.
16.3.2.7 Contains no structural errors such as poor grammar, misspellings, or incorrect punctuation.
16.3.2.8 A draft written deliverable may contain limited structural errors, such as incorrect punctuation, and shall represent a significant level of completeness toward the associated final written deliverable. The draft written deliverable shall otherwise comply with minimum deliverable quality criteria above.
16.4.1 All deliverables are to be sent via email in electronic format to the DOM Project Manager by the delivery date defined for each item. At the sole discretion of DOM, delivery dates may be adjusted to accommodate extenuating circumstances. Vendor shall provide a written request to modify a delivery due date. The DOM Project Manager will provide confirmation if acceptable. Draft deliverables may be requested by the DOM Project Manager prior to the delivery date to ensure the Vendor is on the right track in fulfilling the criteria of the deliverable.
16.4.2 The Vendor may suggest other subtasks, artifacts, or deliverables to improve the quality and success of the assigned tasks. NOTE: From time-to-time, updates beyond the initial delivery date to some deliverables may be deemed necessary and shall be performed by the Vendor at no additional cost.
16.4.3 Deliverables for Each Software Release Deployment or Technical Solution Change:
16.4.3.1 Detailed Deployment Strategy and Work Plan must be submitted within ten (10) business days prior to software release "go- live" or in an alternate timeframe as deemed necessary by DOM. Description of activities, processes, roles, responsibilities, rollback procedures, and hour-by-hour timeframes of the deployment of a "go-live" and/or major software release. Contact information of all key personnel involved in the deployment, including decision-making personnel, is mandatory.
16.4.3.2 System documentation updates must be submitted within five (5) business days prior to "go-live" updates to technical manuals and other reference material related to hosting and operations.
16.4.3.3 Help desk training and knowledgebase updates must be submitted within five (5) business days prior to "go-live". The awarded Vendor will be responsible for providing release notes and, in some cases, training to the Help Desk on each software release. The Vendor shall collaborate with FEi and implement the updates to the knowledge base, including updates scripts for the Help Desk staff.
16.4.4 Additional Deliverables:
16.4.4.1 BCDR Test must be conducted annually, at least fifteen (15) business days prior to the end of the Agreement year. The Annual BCDR Test must include, at a minimum, three components: the test plan, the execution, and the after-action report.
16.4.4.1.1 BCDR Test Plan - Shall contain information that defines tasks, roles & responsibilities, timelines, communications, verification process, and goals.
16.4.4.1.2 BCDR Test After Action Report - identifies the results of the Annual BCDR Test, including areas for improvement and recommended changes.
16.4.4.1.3 BCDR Test After Action Report must be submitted to DOM within ten (10) business days after the conclusion of the test.
16.4.4.2 End of Contract Transition Plan must be delivered within four (4) months before end of contract term. Transition plan must define tasks, roles & responsibilities, timelines, communications, and processes to transition Vendor's activities to a new Vendor, DOM, or other party identified by DOM.
16.5 Reports
16.5.1 Monthly Performance Report must be delivered by the 5th business day of the following month. Vendor shall describe in their proposal the types of information to be available for the Monthly Performance Report. Performance and operations information should be collected and made available as needed and upon request by the State. The State reserves the right to require Vendor to provide certain performance and/or operations information on a more frequent basis than monthly. Vendor shall provide a Monthly Performance Report that includes the following sections:
16.5.1.2 Technical Solution Metrics and Performance,
16.5.1.3 Claims, Batch Transaction, and Interfaces Operations (summary of the claims and interface file activity, balance reports and reconciliation reports as described in Section VII, Item 7.1),
16.5.1.4 Help Desk Operations, and
16.5.1.5 SLA compliance.
16.5.2 Monthly Progress Reports must be delivered month by the 5th business day of the following month. The Monthly Progress Reports shall include:
16.5.2.1 Updated deliverables tracking matrix,
16.5.2.2 Updated issues / risks reporting,
16.5.2.3 Project financial update, based on deliverables,
16.5.2.4 Updated staffing plan,
16.5.2.5 Project performance reporting with metrics for schedule, budget, staffing, quality, and scope, and
16.5.2.6 Other items as mutually agreed upon.
16.5.3 Monthly SLA reports must be delivered by the 5th business day of the following month. Any additional reports necessary to demonstrate meeting the SLAs set forth in Section VII, Item 12.
17. Right To Audit
17.1 The State reserves the right, at its sole discretion and at any time, to perform an audit of the Vendor's and/or Subcontractor's performance under this Agreement. In this agreement, an audit is defined as a planned and documented independent activity performed by qualified personnel to determine, by investigation, examination, or evaluation of objective evidence from data, statements, records, operations and performance practices (financial or otherwise) the Vendor's compliance with the Contract including, but not limited to, the adequacy and compliance with established procedures and internal controls over the services being performed for the State.
17.2 Upon three (3) business days' notice, the Vendor and/or any Subcontractors shall provide the State reasonable access to their records to verify conformance to the terms of this Agreement. The DOM shall be permitted to conduct these audits with any or all of its own internal resources or by securing
the services of a third party accounting/audit firm, solely at the Department's election. The Department shall have the right to copy, at its own expense, any record related to the services performed pursuant to this Agreement.
17.3 Vendor and/or Subcontractors shall cooperate with Department or Department's designated auditor and shall provide the necessary assistance for the Department or Department's designated auditor to conduct the audit.
17.4 The right to audit shall include subcontractors in which goods or services are subcontracted by Vendor and/or Subcontractors and provide essential support to the services provided to the Department under this Agreement. Vendor and/or Subcontractor shall ensure the Department has the right to audit with subcontractor(s).
18. Maintenance and Support
Vendor must describe below how it will provide maintenance and support for both the state’s existing system as an interim solution, and for the No-Wrong-Door Information and Tracking System.
18.1 Vendor must describe how it will provide support for both the interim LTSS solution and the No-Wrong-Door Information and Tracking System.
18.1.1 Vendor must provide system support for all end users technical questions associated with user registration, page usage, browser support, login, lost user id or password, etc.
18.1.2 Vendor must provide assistance and ongoing support to the state regarding problems/issues, guidance in the operation of the LTSS solution, support, and identification and correction of possible data or solution errors.
18.1.3 Vendor provided support must be described by types for both end users, and the State (e.g. telephone, email, chat, web form).
18.2 The Vendor shall provide and manage an automated process to track, monitor, and resolve reported problems/issues incorporating the concepts defined in Section VII.
18.2.1 Vendor shall describe its methodology to classify problems as to criticality and impact, including appropriate resolution procedures and escalation process for each classification of a problem.
18.2.2 Vendor must describe what automated system will be used to manage problems/issues.
18.2.3 Problems may be submitted online, phone or email and must be logged into this system at receipt.
18.3 The Vendor shall describe its notification policies and procedures.
18.3.1 Vendor must include policies and procedures of notifications to the State and end users in the event of scheduled maintenance, unscheduled maintenance, emergency maintenance, downtime, system errors, or degraded performance.
18.3.2 Vendors must provide a means to notify users of emergency maintenance or other system events.
18.4 The Vendor shall describe its methodology and processes for updating its LTSS solution for all types of releases, including:
18.4.1 System Maintenance
18.4.1.1 Security updates
18.4.1.2 Implementing required changes as a result of changes to federal and state laws and regulations
18.4.1.3 Minor modifications/change requests to modules.
18.4.1.4 Reported software and data problems/issues
18.4.1.5 Infrastructure support
18.4.1.6 System upgrades
18.4.2 Major System Enhancements (Change Orders)
18.5 The Vendor must explain how the warranty period and warranty work will be managed and handled such that it can be differentiated from the maintenance work, change requests (minor modifications), Change Order (major system enhancements).
18.6 The Vendor warrants that their product(s) is free from defects when delivered into a production environment. Vendor must correct defects at their expense for a period of six (6) months after a production release.
18.7 The Vendor shall describe its release management strategy.
18.8 The Vendor shall describe how new functions and features are released to DOM and a DOM’s ability to control which new features are implemented.
18.9 Acceptance Testing
18.9.1 A comprehensive acceptance test of the system must be provided for verification that all requirements of the delivered system are fully satisfied. Elements of acceptance must include:
18.9.1.1 Inspection of delivered equipment, certifications, documentations, etc.
18.9.1.2 Functional testing to demonstrate each of the discrete functional capabilities of the system.
18.9.1.3 Operational testing to demonstrate the full operability of all integrated components in an operational environment, to integrated components in an operational environment, and to validate associated user and maintenance documentation.
18.9.1.4 Benchmark testing to demonstrate that the system meets or exceeds performance requirements, including throughput and response time and identification accuracy.
18.9.2 A detailed Acceptance Test Plan (ATP) must be prepared and delivered for review and acceptance. The ATP must include:
18.9.2.1 An overview of acceptance testing, including specification of vendor and DPS roles and responsibilities and a description of the acceptance test team;
18.9.2.2 A specification of the facility requirements and test configurations that will be implemented to support phases of the testing;
18.9.2.3 A timeline for preparing detailed test procedures and conducting the testing; and
18.9.2.4 A plan for correction and retesting of any deviations.
18.9.3 Prior to commencement of testing, a comprehensive set of test procedures must be prepared and delivered for review. The test procedures must provide the specific steps that will be follow to perform each inspection, functional test, operational test, and benchmark test and must establish test criteria that must be achieved for each individual test procedure.
18.9.4 At the conclusion of any phase of the acceptance testing, a test report must be compiled and delivered that includes:
18.9.4.1 Completed and signed ATP checklists documenting the successful performance of each inspections or test.
18.9.4.2 A detailed schedule for discrepancy correction and retesting.
18.10.1 A comprehensive maintenance and operations support program must be provided, that includes;
18.10.1.1 Preventative maintenance
18.10.1.2 Remedial maintenance
18.10.1.3 Help desk support
18.10.2 A Maintenance and Operations and Support Conference must be conducted and a detailed Maintenance and Operations Support Plan must be prepared and delivered for review and acceptance. The Maintenance and Operations Support Plan must include:
18.10.2.1 An overview of the Maintenance and Operations Support program including objectives, roles and responsibilities and facility requirements.
18.10.2.2 A detailed preventative maintenance schedule for each system component.
18.10.2.3 A set of service level agreements outlining the requirements and plan for providing response and remediation of problems for each system component.
18.10.2.3.1 Central Site: Immediately by phone with 2 hour response and 4 hours onsite.
18.10.2.3.2 Work Stations and peripherals next day.
18.10.2.3.3 Service support shall be 24 hours a day, 7 days a week.
18.10.2.3.4 Service calls initiated by the State must be answered by a qualified technician or vendor provided Help Desk.
18.10.2.3.5 Onsite response must be within 2 hours.
18.10.2.3.6 On-site support must be itemized.
19. Vendor Requirements
19.1 Upon contract award, the Vendor must commit the key personnel named in the proposal and must specify the percentage of time each person will commit to the project. The proposed individuals should possess the necessary skills and certifications for each proposed role.
19.1.1 Vendors must propose four (4) named personnel in response to this RFP. All other planned positions shall be described generally in the Staffing Plan.
19.1.1.1 Project Manager
19.1.1.2 Help Desk Lead
19.1.1.3 Operations Lead
19.1.1.4 Senior Network Engineer
19.2 In addition to the four (4) named resources, Vendor shall demonstrate in its proposal the ability to fully support the scope of work in this RFP through other skilled resources. The Vendor shall demonstrate a team-oriented approach and be able to fully staff all required resources.
19.3 Key individuals must be available to work on the project once an award is made and a contract is signed. All Vendor’s key staff members proposed must be approved by DOM prior to the start of the project. Any replacement or substitution of proposed staff requires written approval from DOM prior to replacement or substitution.
19.4 The Vendor's proposal and references will be used to verify minimum qualifications.
19.5 Subcontractor qualifications may be used to demonstrate meeting company minimum qualifications only for those qualifications specifically marked below.
19.6 The Vendor's proposal shall demonstrate meeting the following minimum requirements:
19.6.1 Vendor shall have at least three (3) years of demonstrated experience providing web-based application hosting services to U.S. based government entities. In addition, the engagement must meet the following criteria:
19.6.1.1 The engagement must have lasted at least three (3) years;
19.6.1.2 The engagement must have included web-based applications for high-availability solutions;
19.6.1.3 At least three (3) years of an IVR component to the technical solution; and
19.6.1.4 The engagement must have ended within the last two (2) years.
19.6.2 MANDATORY - Vendor or subcontractor shall have at least two (2) engagements that demonstrate experience providing claims file processing support for one healthcare claims system that is similar in size and scope as the LTSS operations. In addition, the engagement must meet the following criteria. Vendor must describe in detail their past experience providing a LTSS solution.
19.6.3 The engagement must have lasted at least one (1) year.
19.6.3.1 The engagement must include data exchanges with external systems;
19.6.3.2 The engagement must include the support of HIPAA X12 transactions; and
19.6.3.3 The engagement must have ended within the last two (2) years.
19.6.4 Vendor or subcontractor shall have at least two (2) years of demonstrated experience providing Tier 1 Help Desk support services to government entities with at least 500 end-users. In addition, the engagement must meet the following criteria:
19.6.4.1 The Vendor must have provided at least four (4) full-time personnel;
19.6.4.2 The engagement must have lasted at least a year; and
19.6.4.3 The engagement must have ended within the last two (2) years.
19.7 Only those Vendors supplying key proposed shall be eligible for RFP proposal evaluation.
19.8 Vendor must have at least two (2) engagements that demonstrate all of the following:
19.8.1 Ability to implement, deploy, migrate code and support a technical solution similar in size and scope to the LTSS system.
19.9 Company Information – Vendor must provide a description that contains all pertinent data relating to the Vendor's organization, personnel and experience that would substantiate the qualifications and capabilities of the Vendor's company to perform the services described herein.
19.9.1.2 Organization size (i.e. number of offices, employees, customer base, etc.) and structure;
19.9.1.3 Whether the company is based locally, regionally, nationally, or internationally; and
19.9.1.4 Number of years the company has been in business (minimum of five (5) years is required).
19.9.2 Type of company ownership (public or private) and type of organization (limited partnership, non-profit, etc.).
19.9.3 Corporate information to include parent corporation, sister firms, and any subsidiaries.
19.9.4 Location of Vendor’s principal office and the number of executive and professional personnel employed at this office.
19.9.5 The location of the place of performance of this proposed contract.
19.9.6 Current products and services/lines of business and approximate percentages.
19.9.7 Disclosure of any company restructurings, mergers, and acquisitions in the past three (3) years that have impacted any products the Vendor sold, serviced, and supported.
19.9.8 Financial information as follows:
19.9.8.1 A copy of the corporation’s most recent annual report, including consolidated balance sheets and related statements of income, stockholders’ or partners’ equity, and changes in financial position for each of the three fiscal years preceding the end of the most recent fiscal year. A Certificated Public Accountant must have compiled, reviewed, and audited this information. This shall include auditing and examination by a third-party auditing firm;
19.9.8.2 Credit rating number from an industry-accepted credit rating firm; or
19.9.8.3 Report of an auditor's unqualified opinion of the financial stability of the firm.
19.9.9 Details on Vendor’s plan to overcome its financial difficulties if the Vendor’s credit rating number or financial report is unsound, or if the Vendor is currently in bankruptcy. Vendor must indicate, providing details, if Vendor has an unfavorable credit rating, has filed bankruptcy, or plans to file for bankruptcy.
19.9.10 The Vendor must provide information for each subcontractor or reseller whom the Vendor proposes to perform any of the functions under this RFP.
19.9.11 The Vendor must describe in detail their experience on at least three projects of similar scope for statewide multiagency/institute/ governmental entities.
19.9.12 The Vendor must have experience and understanding of state and local government contracting and be responsive to its unique requirements. The Vendor must describe their understanding of this process.
19.9.13 The Vendor must provide information on professional accreditations/certifications pertinent to the services provided by this RFP.
20. Training
20.1 Training (onsite and remote) – Need to define levels of training by area.
20.1.1 Comprehensive system operations and technical support training must be provided for staff and supervisors.
20.1.1.1 Number of individuals anticipated: 50
20.1.1.2 Skill level required: after training, individuals must be able to perform:
20.1.1.2.1 System and hardware troubleshooting to identify and resolve problems.
20.1.1.2.2 System/Operator functions to assist day-to-day operators with issues and questions.
20.1.2 Comprehensive training for DOM staff in the operation of all system functions.
20.1.2.1 Number of individuals anticipated: 200
20.1.2.2 Skill level required, individuals must be able to perform:
20.1.2.2.1 System/Operator functions to assist day-to-day operators with issues and questions.
20.1.3 A training conference is required that details a complete syllabus, recommended timeline, subject area objective, and evaluation standards.
21.1 Enhancements or additional services will be provided through the Change Order process, will be issued as a fixed price, and will be deliverable based. Cost must be presented by role and by deliverable.
21.2 DOM shall e-mail a Change Order Request Form to the Vendor to provide services or resources that are within the scope of this RFP. The Change Order Request will include:
21.2.1 Technical requirements and description of the service or resources needed,
21.2.2 Performance objectives and/or deliverables, as applicable,
21.2.3 Due date and time for submitting a response to the request, and
21.2.4 Required place(s) where work must be performed.
21.3 The Vendor shall e-mail a response to DOM within the specified time and include at a minimum:
21.3.1 A response that details the Vendor's understanding of the work;
21.3.1.1 Vendor must indicate whether the request falls into Operations and Maintenance, or if it will require a Change Order via an Amendment to the original Agreement.
21.3.2 An explanation of how tasks shall be completed. This description shall include proposed subcontractors and related tasks;
21.3.3 State-furnished information, work site, and/or access to equipment, facilities, or personnel; and
21.3.4 The proposed personnel resources, including any subcontractor personnel, to complete the task.
21.4 All Change Orders that require fixed price work must be reviewed and approved by DOM. DOM will submit the Amendment to ITS for final approval.
21.5 Once the Amendment has been executed, the Change Order will be approved and work may begin.
22. Cost Proposal
22.1 Vendor must provide detailed cost information for all hardware, software and service components, implementation costs, and training costs proposed in response to this RFP. All costs should be fully-loaded for any travel, lodging, and per diem related expenses.
22.2 Vendor must provide a fully loaded hourly change order rate in Section VIII, Cost Information Submission for any services that may be deemed necessary or desirable by the State.
22.2.1 The Vendor agrees that each Change Order Rate shall be a fully loaded rate that includes, but is not limited to, the cost of all materials, travel expenses, per diem, and all other expenses and incidentals incurred by the Vendor in the performance of the Change Order.
22.3 The State is asking for a fixed price contract for the implementation, hosting, operations, and maintenance for five (5) years for the solution described in the RFP. Vendors must propose a summary of all applicable project costs in Section VIII, Cost Information Submission.
22.4 Vendor must propose a fully-loaded hourly rate, including travel, for each project team member and level of expertise, to do all work on-site at DOM in Jackson, Mississippi. Team member roles are listed in Section VIII.
22.4.1 Vendor must provide a total not-to-exceed cost for Phase I in addition to the fully-loaded hourly rate(s).
22.4.2 The not-to-exceed cost for Phase I, as well as any subsequent phase(s), shall be based on this fully-loaded hourly rate submitted in response to this RFP.
22.5 Vendor must certify that proposed individual(s) have read, understand, and acknowledge the RFP requirements.
22.6 If any component(s) necessary for operation of the requested system is omitted from Vendor’s proposal, Vendor must be willing to provide the component(s) at no additional cost.
23. Additional Requirements
ITS acknowledges that the specifications within this RFP are not exhaustive. Rather, they reflect the known requirements that must be met by the proposed system. Vendors must specify, here, what additional components may be needed and are proposed in order to complete each solution: the interim solution and the No-Wrong-Door Information and Tracking System solution.
24. Scoring Methodology
24.1 An Evaluation Team composed of DOM and ITS staff will review and evaluate all proposals. All information provided by the Vendors, as well as any other information available to evaluation team, will be used to evaluate the proposals.
24.1.1 Each category included in the scoring mechanism is assigned a weight between one and 100.
24.1.2 The sum of all categories, other than Value-Add, equals 100 possible points.
24.1.3 Value-Add is defined as product(s) or service(s), exclusive of the stated functional and technical requirements and provided to the State at no additional charge, which, in the sole judgment of the State, provide both benefit and value to the State significant enough to distinguish the proposal and merit the award of additional points. A Value-Add rating between 0 and 5 may be assigned based on the assessment of the evaluation team. These points will be added to the total score.
24.1.4 For the evaluation of this RFP, the Evaluation Team will use the following categories and possible points:
Category Possible Points
Non-Cost Categories:
System Requirements 20
Vendor Requirements 20
Project Work Plan and Methodology 20
Total Non-Cost Points 60
Cost 40
Total Base Points 100
Value Add 5
Maximum Possible Points 105
24.2 The evaluation will be conducted in four stages as follows:
24.2.1 Stage 1 – Selection of Responsive/Valid Proposals – Each proposal will be reviewed to determine if it is sufficiently responsive to the RFP requirements to permit a complete evaluation. A responsive proposal must comply with the instructions stated in this RFP with regard to content, organization/format, Vendor experience, number of copies, bond requirement, timely delivery, and must be responsive to all mandatory requirements. No evaluation points will be awarded in this stage. Failure to submit a complete proposal may result in rejection of the proposal.
24.2.2.2 Proposals meeting fewer than 80% of the requirements in the non-cost categories may be eliminated from further consideration.
24.2.2.3 ITS scores the non-cost categories on a 10-point scale, with 9 points for meeting the requirement. The ‘Meets Specs’ score for each category is 90% of the total points allocated for that category. For example, the ‘Vendor Experience’ category was allocated 25 points; a proposal that fully met all requirements in that section would have scored 22.5 points. The additional 10% is used for a proposal that exceeds the requirement for an item in a way that provides additional benefits to the state.
24.3 Stage 3 – Cost Evaluation
24.3.1 Points will be assigned using the following formula:
(1-((B-A)/A))*n
Where:
A = Total lifecycle cost of lowest valid proposal
B = Total lifecycle cost of proposal being scored
n = Maximum number of points allocated to cost for acquisition
24.3.2 Cost categories and maximum point values are as follows:
Cost Category Possible Points
Fixed Price 35
Change Order Rate 5
Maximum Possible Points 40
24.3.3 On-site Demonstrations and Interviews
24.3.3.1 At the discretion of the State, evaluators may request interviews, on-site presentations, demonstrations or discussions with any and all Vendors for the purpose of system overview and/or clarification or amplification of information presented in any part of the proposal.
24.3.3.2 If requested, Vendors must be prepared to make on-site demonstrations of system functionality and/or proposal clarifications to the evaluation team and its affiliates within seven calendar days of notification. Each
presentation must be made by the project manager being proposed by the Vendor to oversee implementation of this project.
24.3.3.3 Proposed key team members must be present at the on-site demonstration. The evaluation team reserves the right to interview the proposed key team members during this onsite visit.
24.3.3.4 Although on-site demonstrations may be requested, the demonstration will not be allowed in lieu of a written proposal.
24.3.4 Site Visits
24.3.4.1 At the State’s option, Vendors that remain within a competitive range must be prepared to provide a reference site within seven calendar days of notification. If possible, the reference site should be in the Southeastern region of the United States. Vendor must list potential reference sites in the proposal.
24.4 Final Quantitative Evaluation - Following any requested presentations, demonstrations, and/or site visits, the Evaluation Team will re-evaluate any technical/functional scores as necessary. The technical/functional and cost scores will then be combined to determine the Vendor’s final score.
RFP No.: 4011 Section VIII: Cost Information Submission
Project No.: 42954 Revised: 6/20/2017
92
SECTION VIII COST INFORMATION SUBMISSION
Vendors must propose a summary of all applicable project costs in the matrix that follows. The matrix must be supplemented by a cost itemization fully detailing the basis of each cost category. The level of detail must address the following elements as applicable: item, description, quantity, retail, discount, extension, and deliverable. Any cost not listed in this section may result in the Vendor providing those products or services at no charge to the State or face disqualification.
Operations and Maintenance Monthly Fee Annual Cost
Year 1
Year 2
Year 3
Year 4
Year 5
Total:
Start-Up and Implementation Costs Total Cost
One-Time Cost (as mentioned in Section VII, Item 6.4)
Total:
Summary of Services Total Costs
Managed Hosting Services (existing LTSS) $
Managed Hosting Services (No-Wrong-Door Information and Tracking System)
$
Operations and Maintenance $
Start-Up and Implementation Costs $
Total Fixed Price for 5 Years: $
RFP No.: 4011 Section VIII: Cost Information Submission
Project No.: 42954 Revised: 6/19/2017
93
CHANGE ORDER
DOM would like the Vendor to propose all possible personnel/subject matter experts (SME’s) that may be needed for future enhancements in the table below with their fully-loaded hourly rates. The table lists possible roles but is not all inclusive and the Vendor may add additional roles. If the Vendor does not foresee a particular role being used, the Vendor must mark the hourly rate as N/A. Vendor must completely fill in the matrix listed below. The fully-loaded fixed hourly rate will remain the same for the initial term of the contract and any renewals (i.e., entire duration of the project).
Role Rate
Project Director
Program/Project Manager
Business Analyst
Business Product Lead
CQI and Policy Lead
Quality Control Specialist
Security Officer
Sr. Technical Architect
Development Lead
Application Developer
Database Administrator
Database Developer
Reports Developer
User Interface Developer
Operations Support Lead
Support Specialist
QC/Training Lead
Training Staff
Project Director
Program/Project Manager
RFP No.: 4011 Section IX: References
Project No.: 42954 Revised: 6/14/2017
94
SECTION IX REFERENCES
Please return the following Reference Forms, and if applicable, Subcontractor Reference Forms.
1. References
1.1 MANDATORY - The Vendor must provide at least three (3) references consisting of Vendor accounts that the State may contact. Required information includes customer contact name, address, telephone number, email address, and engagement starting and ending dates. Forms for providing reference information are included later in this RFP section. The Vendor must make arrangements in advance with the account references so that they may be contacted at the Project team's convenience without further clearance or Vendor intercession.
1.2 Any of the following may subject the Vendor’s proposal to being rated unfavorably relative to these criteria or removed from further consideration, at the State’s sole discretion:
1.2.1 Failure to provide reference information in the manner described;
1.2.2 Inability of the State to substantiate minimum experience or other requirements from the references provided;
1.2.3 Non-responsiveness of references to the State's attempts to contact them; or
1.2.4 Unfavorable references that raise serious concerns about material risks to the State in contracting with the Vendor for the proposed products or services.
1.3 References should be based on the following profiles and be able to substantiate the following information from both management and technical viewpoints.
1.3.1 The reference installation must be for a project similar in scope and size to the project for which this RFP is issued;
1.3.2 The reference installation must have been operational for at least six (6) months.
1.4 The State reserves the right to request information about the Vendor from any previous customer of the Vendor of whom the State is aware, including the procuring agency and/or other agencies or institutions of the State, even if that customer is not included in the Vendor’s list of references, and to utilize such information in the evaluation of the Vendor's proposal.
1.5 Unless otherwise indicated in the Scoring Methodology in Section VII, reference information available to the State will be used as follows:
RFP No.: 4011 Section IX: References
Project No.: 42954 Revised: 6/14/2017
95
1.5.1 As documentation supporting mandatory experience requirements for companies, products, and/or individuals, as required in this RFP;
1.5.2 To confirm the capabilities and quality of a Vendor, product, or individual for the proposal deemed lowest and best, prior to finalizing the award.
1.6 The State reserves the right to forego reference checking when, at the State's sole discretion, the evaluation team determines that the capabilities of the recommended Vendor are known to the State.
2. Subcontractors
The Vendor’s proposal must identify any subcontractor that will be used and include the name of the company, telephone number, contact person, type of work subcontractor will perform, number of certified employees to perform said work, and three (3) references for whom the subcontractor has performed work that the State may contact. Forms for providing subcontractor information and references are included at the end of this section.
Unless otherwise noted, the requirements found in the References section may be met through a combination of Vendor and subcontractor references and experience. Vendor's proposal should clearly indicate any mandatory experience requirements met by subcontractors. NOTE: The State reserves the right to eliminate from further consideration proposals in which the prime Vendor does not, in the State's sole opinion, provide substantive value or investment in the total solution proposed. (i.e. the State does not typically accept proposals in which the prime Vendor is only a brokering agent.)
RFP No.: 4011 Section IX: References
Project No.: 42954 Revised: 6/14/2017
96
REFERENCE FORM Complete three (3) Reference Forms. Contact Name: Company Name: Address: Phone #: E-Mail: Project Start Date: Project End Date: Size and Scope of Project: Description of product/services/project, including start and end dates:
RFP No.: 4011 Section IX: References
Project No.: 42954 Revised: 6/14/2017
97
SUBCONTRACTOR REFERENCE FORM Complete a separate form for each subcontractor proposed. Contact Name: Company name: Address: Phone #: E-Mail: Scope of services/products to be provided by subcontractor:
Complete three (3) Reference Forms for each Subcontractor. Contact Name: Company name: Address: Phone #: E-Mail: Description of product/services/project, including start and end dates:
RFP No.: 4011 Exhibit A: Standard Contract
Project No.: 42954 Revised: 6/20/2017
98
EXHIBIT A STANDARD CONTRACT
A properly executed contract is a requirement of this RFP. After an award has been made, it will be necessary for the winning Vendor to execute a contract with ITS. The inclusion of this contract does not preclude ITS from, at its sole discretion, negotiating additional terms and conditions with the selected Vendor(s) specific to the projects covered by this RFP. If Vendor cannot comply with any term or condition of this Standard Contract, Vendor must list and explain each specific exception on the Proposal Exception Summary Form included in Section V.
PROJECT NUMBER 42954 SOFTWARE TURNKEY AGREEMENT
BETWEEN VENDOR NAME
AND MISSISSIPPI DEPARTMENT OF INFORMATION TECHNOLOGY SERVICES
AS CONTRACTING AGENT FOR THE MISSISSIPPI DIVISION OF MEDICAID
This Software Turnkey Agreement (hereinafter referred to as “Agreement”) is entered into by and between INSERT VENDOR INFORMATION, a STATE OF INCORPORATION corporation having its principal place of business at VENDOR ADDRESS (hereinafter referred to as “Seller”), and Mississippi Department of Information Technology Services having its principal place of business at 3771 Eastwood Drive, Jackson, Mississippi 39211 (hereinafter referred to as “ITS”), as contracting agent for the Mississippi Division of Medicaid located at 550 High Street, Suite 1000, Jackson, Mississippi 39201 (hereinafter referred to as “Purchaser”). ITS and Purchaser are sometimes collectively referred to herein as “State.” WHEREAS, Purchaser, pursuant to Request for Proposals (“RFP”) Number 4011, requested proposals for the acquisition of certain software, installation and conversion services, training, hosting, and technical support (collectively “Turnkey Operation”) necessary for the implementation of a No-Wrong-Door Information and Tracking System; and WHEREAS, Seller was the successful proposer in an open, fair, and competitive procurement process to provide the system and services described above; NOW, THEREFORE, in consideration of the mutual understandings, promises, consideration, and agreements set forth, the parties hereto agree as follows: ARTICLE 1 PERIOD OF PERFORMANCE 1.1 This Agreement will become effective on the date it is signed by all parties and will continue in effect until all tasks required herein, including any post warranty maintenance/support specified in Exhibit A, have been completed. Seller agrees to complete all tasks required under this Agreement, with the exception of warranty service and post warranty maintenance, on or before October 1, 2017, or within such other period as may be agreed to by the parties.
RFP No.: 4011 Exhibit A: Standard Contract
Project No.: 42954 Revised: 6/20/2017
99
1.2 This Agreement will become a binding obligation on the State only upon the issuance of a valid purchase order by the Purchaser following contract execution and the issuance by ITS of the CP-1 Acquisition Approval Document. ARTICLE 2 TURNKEY OPERATION AND INSTALLATION 2.1 The Seller agrees to provide Purchaser with a turnkey system consisting of software, installation and conversion services, technical support training, and hosting necessary for the implementation of a No-Wrong-Door Information and Tracking System as specified in RFP No. 4011. Seller agrees to facilitate the integration of the hardware and software for the particular purpose set forth in RFP No. 4011. Seller further agrees that the system, as set forth in RFP No. 4011 and Seller’s Proposal in response thereto, shall operate efficiently and optimally in light of industry standards and as further specified in RFP No. 4011 and Seller’s Proposal in response thereto. RFP No. 4011 and Seller’s Proposal as accepted by the State in response thereto are incorporated herein by reference. 2.2 In matters of proposals, negotiations, contracts, and resolution of issues and/or disputes, the parties agree that: (a) Seller is solely responsible for all products and services being provided in this project; (b) Seller is responsible for the fulfillment of this project; and (c) Seller represents all contractors, third parties, and/or subcontractors Seller has assembled for this project. The Purchaser is required to negotiate only with Seller, as Seller’s commitments, as specified in this Agreement, are binding on all proposed contractors, third parties, and subcontractors. ARTICLE 3 PROCUREMENT OF SOFTWARE AND PURCHASE ORDERS Subject to the terms and conditions set forth herein, Seller agrees to provide, at the location specified by Purchaser, and Purchaser agrees to buy as needed the software and services listed in the attached Exhibit A, which is incorporated herein, and at the purchase price set forth therein. Purchaser shall submit a purchase order signed by a representative of Purchaser itemizing the items to be purchased. The purchase order shall be subject to the terms and conditions of this Agreement. The parties agree that Purchaser reserves the right to adjust the quantities of purchases based upon the availability of funding or as determined necessary by Purchaser. Seller guarantees pricing for a period of ninety (90) days from the effective date of this Agreement. In the event there is a national price decrease of the products specified in Seller’s Proposal during this time, Seller agrees to extend the new, lower pricing to Purchaser. ARTICLE 4 DELIVERY, INSTALLATION, AND RISK OF LOSS 4.1 Seller shall deliver the software to the location specified by Purchaser and pursuant to the delivery schedule set forth by Purchaser. 4.2 Seller shall complete installation of the software pursuant to the requirements set forth in RFP No. 4011 and Article 5 herein. Seller acknowledges that installation of the system shall be accomplished with minimal interruption of Purchaser’s normal day-to-day operations. 4.3 Seller shall assume and shall bear the entire risk of loss and damage to the software from any cause whatsoever while in transit and at all times throughout its possession thereof. 4.4 Seller shall be responsible for replacing, restoring, or bringing to at least original condition any damage to floors, ceilings, walls, furniture, grounds, pavements, sidewalks, and the like caused by its personnel and operations during the installation, subject to final approval of ITS.
RFP No.: 4011 Exhibit A: Standard Contract
Project No.: 42954 Revised: 6/20/2017
100
The repairs will be done only by technicians skilled in the various trades involved, using materials and workmanship to match those of the original construction in type and quality. ARTICLE 5 SCHEDULE AND ACCEPTANCE 5.1 Seller warrants that all software shall be properly delivered, installed, and integrated for acceptance testing within the scheduling deadlines set forth by Purchaser, as the site is deemed ready for installation. Seller shall provide Purchaser with an installation schedule identifying the date, time, and location within the scheduling deadlines set forth in RFP No. 4011, or as may be agreed to by the parties. 5.2 During the project initiation, Seller and Purchaser will develop a mutually agreed upon project plan including the division of responsibility between Purchaser’s staff and Seller’s staff. It is understood by the parties that the project work plan must be in place prior to any other work being performed. Once this mutually agreed upon project plan, which will identify specific time frames and deliverable target dates for this project, has been developed, it will be incorporated into and made a part of this Agreement. The dates in the project plan will define the agreed upon period of performance. The parties acknowledge that the project plan will evolve and change from time to time, upon the mutual written agreement of both parties. The parties agree that the deliverables and schedule set forth in the latest version of the project plan will take precedence over any prior plans. 5.3 Seller shall provide all documentation for the software being tested before acceptance testing will begin. Purchaser shall have ten (10) working days to review each deliverable and to either notify Seller of acceptance or to provide Seller a detailed list of deficiencies that must be remedied. In the event the Purchaser notifies the Seller of deficiencies, the Seller, at Seller’s sole expense, shall correct such deficiencies within ten (10) working days, unless the Purchaser consents in writing to a longer period of time. 5.4 Upon notification by Seller that the turnkey system has been fully implemented and is ready for final system acceptance testing, Purchaser shall have forty-five (45) calendar days to evaluate and test the system to confirm that it performs without any defects and performs pursuant to the specifications set forth in RFP No. 4011 and the Seller’s Proposal in response thereto. Seller shall participate, as agreed upon by both parties, in the acceptance testing of the system by providing technical staff at Purchaser’s location to provide assistance in demonstrating all functions of the system. The Purchaser’s official representative must sign off on each application to ensure that the applications meet the functional and technical requirements. In the event that one (1) or more applications supplied by Seller are not accepted, the Seller shall correct the deficiencies or provide, at its own expense, whatever software that may be required to meet the acceptance criteria within ten (10) working days or a mutually agreed upon time period. In the event the system fails to perform to Purchaser’s satisfaction, Purchaser shall immediately notify Seller. Seller, at Seller’s sole expense, shall correct defects identified by Purchaser within ten (10) working days, or such other period as the parties may agree upon. The forty-five (45) day testing period will be extended by system down-time. In the event Seller is unable to repair or replace the defective software, the Purchaser reserves the right to return defective software to Seller at Seller’s expense and to cancel this Agreement. ARTICLE 6 SOFTWARE LICENSE AND TERMS 6.1 Seller shall furnish the software to Purchaser, as set forth in purchase orders submitted and executed by Purchaser, and shall acquire the right to license the software to Purchaser. For
RFP No.: 4011 Exhibit A: Standard Contract
Project No.: 42954 Revised: 6/20/2017
101
purposes of this Article, the term “Purchaser” means the Mississippi Division of Medicaid, its employees, and any third party consultants or outsourcers engaged by Purchaser who have a need to know and who shall be bound by the terms and conditions of this license and Agreement. 6.2 Seller accepts sole responsibility for: (a) Purchaser’s system configuration, design, and requirements; (b) the selection of the software to achieve Purchaser’s intended results; (c) the results obtained from the software; and (d) modifications, changes, or alterations to the software provided by Seller. 6.3 Seller understands and agrees that Purchaser shall have: (a) a non-exclusive, non-transferable, enterprise-wide unlimited, and perpetual license for the software listed in Exhibit A; (b) the right to use and customize the software products and the related documentation for Purchaser’s business operations and in accordance with the terms and conditions of this Agreement; (c) unlimited use by licensed users of the software products acquired for Purchaser’s operations; (d) use of such software products with a backup platform system, should it be deemed necessary by Purchaser; (e) the right to copy such software for safekeeping, backup, and disaster recovery purposes; (f) the right to combine the software with other programs and modules, and the right to create interfaces to other programs; and (g) the right to reproduce any and all physical documentation supplied under the terms of this Agreement. 6.4 Purchaser agrees that except as noted herein, it will not otherwise copy, translate, modify, adapt, decompile, disassemble, or reverse engineer any of the software without the prior written consent of Seller. All title and proprietary rights, whether tangible or intangible, including but not limited to copyright, trademark, and trade secret rights, in and to the software are retained by the Seller or the third party software manufacturer as applicable. Purchaser agrees to reproduce and include the copyright, trademark, and other proprietary rights notices on any copies made of the software and documentation. ARTICLE 7 CONVERSION AND TRAINING Seller shall, for the fees specified in the attached Exhibit A, provide the conversion activities as well as the training specified in RFP No. 4011 and Seller’s Proposal, as accepted by Purchaser, in response thereto. Seller and Purchaser shall mutually agree on the time for the training and an outline of the training to be provided. Seller specifically understands and agrees that Purchaser will not accept the system until Seller completes the conversion and training requirements. Seller agrees to provide, upon delivery, all user documentation and technical manuals needed to fully acquaint the user with operation of the software. ARTICLE 8 CONSIDERATION AND METHOD OF PAYMENT 8.1 Upon notification from Purchaser of its final acceptance of the system, Seller shall submit an invoice for payment of the system and for services rendered at the prices set forth in Exhibit A. In no event will the total compensation to be paid hereunder for all products, services, travel, performances and expenses under this Agreement exceed the specified sum of $INSERT AMOUNT, unless prior written authorization from ITS has been obtained. Seller shall certify that the billing is true and correct. Seller shall submit invoices and supporting documentation to Purchaser electronically during the term of this Agreement using the processes and procedures identified by the State. Purchaser agrees to pay Seller in accordance with Mississippi law on “Timely Payments for Purchases by Public Bodies,” Sections 31-7-301, et seq. of the 1972 Mississippi Code Annotated, as amended, which generally provides for payment of undisputed amounts by the State within forty-five (45) days of receipt of the invoice. Seller understands and
RFP No.: 4011 Exhibit A: Standard Contract
Project No.: 42954 Revised: 6/20/2017
102
agrees that Purchaser is exempt from the payment of taxes. All payments should be made in United States currency. Payments by state agencies using Mississippi’s Accountability System for Government Information and Collaboration (MAGIC) shall be made and remittance information provided electronically as directed by the State. The payments by these agencies shall be deposited into the bank account of the Seller’s choice. No payment, including final payment, shall be construed as acceptance of defective products or incomplete work, and the Seller shall remain responsible and liable for full performance in strict compliance with the contract documents specified in the article herein titled “Entire Agreement.” 8.2 Acceptance by the Seller of the last payment from the Purchaser shall operate as a release of all claims against the State by the Seller and any subcontractors or other persons supplying labor or materials used in the performance of the work under this Agreement. ARTICLE 9 WARRANTIES 9.1 Seller represents and warrants that all software and services provided by Seller shall meet or exceed the minimum specifications set forth in RFP No. 4011 and Seller’s Proposal in response thereto. 9.2 Seller represents and warrants that Seller has the right to license the software provided under this Agreement. 9.3 Seller represents and warrants that all software furnished will be free from material defects for a period of one (1) year after final acceptance of the complete system and will provide Purchaser complete functionality necessary for the operation of the system as stated in RFP No. 4011 and the Seller’s Proposal in response thereto. This warranty shall cover all components of the system, including but not limited to all programs, screens, reports, subroutines, utilities, file structures, documentation, interfaces, or other items provided by the Seller. This warranty will apply to the base package, plus any customized programs, screens, reports, subroutines, interfaces, utilities, file structures, documentation, or other items proposed and delivered by the Seller specifically for this project. The Seller shall give immediate high priority attention to any mission critical corrections that are needed. If the software does not function accordingly, Seller shall, within five (5) working days and at no cost to Purchaser, correct the defects identified or replace the software with software that is compliant with this warranty. In the event Seller cannot repair or replace the software, Seller shall at the State’s election, either refund the fees paid for the software and for any services that directly relate to the defective software, or secure alternate software acceptable to the Purchaser which will insure functionality of the system. 9.4 Seller represents and warrants that the turnkey system is fit for the particular purpose set forth in this Agreement and RFP No. 4011, with regard to Purchaser’s foreseeable or projected needs. 9.5 Seller represents and warrants that it has and will obtain and pass through to Purchaser any and all warranties obtained or available from the licensor of software supplied to Seller. 9.6 Seller represents and warrants that all work performed hereunder, including but not limited to consulting, conversion, training, technical support, and maintenance, shall be performed by competent personnel, shall be of professional quality consistent with generally accepted industry standards for the performance of such services, and shall comply in all respects with the requirements of this Agreement. For any breach of this warranty, the Seller shall, for a period of
RFP No.: 4011 Exhibit A: Standard Contract
Project No.: 42954 Revised: 6/20/2017
103
ninety (90) days from the performance of service, perform the services again at no cost to the Purchaser, or if the Seller is unable to perform the services as warranted, the Seller shall reimburse the Purchaser the fees paid to the Seller for the unsatisfactory services. 9.7 Seller represents and warrants that there is no disabling code or a lockup program or device embedded in the software provided to Purchaser. Seller further agrees that it will not, under any circumstances, including enforcement of a valid contract right, (a) install or trigger a lockup program or device, or (b) take any step which would in any manner interfere with Purchaser’s use of the software and/or which would restrict Purchaser from accessing its data files or in any way interfere with the transaction of Purchaser’s business. For any breach of this warranty, Seller, at its expense, shall, within five (5) working days after receipt of notification of the breach, deliver Products to Purchaser that are free of such disabling code or a lockup program or device. 9.8 Seller represents and warrants that the software as delivered to Purchaser does not contain a computer virus. For any breach of this warranty, Seller, at its expense, shall, within five (5) working days after receipt of notification of the breach, deliver Products to Purchaser that are free of any virus and shall be responsible for repairing, at Seller’s expense, any and all damage done by the virus to Purchaser’s site. 9.9 Seller represents and warrants that, upon completion of the project, the Seller and all subcontractors shall convey to Purchaser copies of all interim reports, data collection forms, and any working papers that support the final acceptance of the system. 9.10 Seller represents and warrants that it presently has and will continue to maintain, at its own expense, throughout the term of this Agreement, valid licenses for all software, trademarks, service marks, patents and copyrighted material and any other proprietary information of a third party that it will deploy in support of all products Seller uses in the performance of this Agreement. Seller further represents and warrants that upon Purchaser’s request, Seller shall pass through such licenses to Purchaser at no cost to Purchaser. In the event the licenses are passed through to Purchaser, such licenses shall name the Purchaser as the license holder of record and such licenses shall be established in such a manner so as to survive the termination/expiration of this Agreement. For any breach of the preceding warranty, Seller at its own expense shall within five (5) business days after receipt of notification of the breach, secure and/or pass through, as applicable, the necessary licenses. Failure of the Seller to secure and/or pass through such licenses to Purchaser shall be considered a material breach of this Agreement and the Purchaser may, at its sole discretion, pursue its rights as set forth in the Termination Article herein and any other rights and remedies it may have at law or in equity. 9.11 If applicable under the given circumstances, Seller represents and warrants that it will ensure its compliance with the Mississippi Employment Protection Act, Section 71-11-1, et seq. of the Mississippi Code Annotated (Supp2008), and will register and participate in the status verification system for all newly hired employees. The term “employee” as used herein means any person that is hired to perform work within the State of Mississippi. As used herein, “status verification system” means the Illegal Immigration Reform and Immigration Responsibility Act of 1996 that is operated by the United States Department of Homeland Security, also known as the E-Verify Program, or any other successor electronic verification system replacing the E-Verify Program. Seller agrees to maintain records of such compliance and, upon request of the State and approval of the Social Security Administration or Department of Homeland Security where required, to provide a copy of each such verification to the State. Seller further represents and
RFP No.: 4011 Exhibit A: Standard Contract
Project No.: 42954 Revised: 6/20/2017
104
warrants that any person assigned to perform services hereunder meets the employment eligibility requirements of all immigration laws of the State of Mississippi. Seller understands and agrees that any breach of these warranties may subject Seller to the following: (a) termination of this Agreement and ineligibility for any state or public contract in Mississippi for up to three (3) years, with notice of such cancellation/termination being made public, or (b) the loss of any license, permit, certification or other document granted to Seller by an agency, department or governmental entity for the right to do business in Mississippi for up to one (1) year, or (c) both. In the event of such termination/cancellation, Seller would also be liable for any additional costs incurred by the State due to contract cancellation or loss of license or permit. 9.12 Seller represents and warrants that the system provided pursuant to this Agreement will pass both internal security audits and independent security audits. For any breach of the preceding warranty at any time during which the system is covered by warranty, maintenance and/or support, Seller shall, at its own expense and at no cost to Purchaser, remediate any defect, anomaly or security vulnerability in the system by repairing and/or replacing any and all components of the system necessary in order for the system to be secure. 9.13 Seller represents and warrants that no official or employee of Purchaser or of ITS, and no other public official of the State of Mississippi who exercises any functions or responsibilities in the review or approval of the undertaking or carrying out of the project shall, prior to the completion of said project, voluntarily acquire any personal interest, direct or indirect, in this Agreement. The Seller warrants that it has removed any material conflict of interest prior to the signing of this Agreement, and that it shall not acquire any interest, direct or indirect, which would conflict in any manner or degree with the performance of its responsibilities under this Agreement. The Seller also warrants that in the performance of this Agreement no person having any such known interests shall be employed. 9.14 The Seller represents and warrants that no elected or appointed officer or other employee of the State of Mississippi, nor any member of or delegate to Congress has or shall benefit financially or materially from this Agreement. No individual employed by the State of Mississippi shall be admitted to any share or part of the Agreement or to any benefit that may arise therefrom. The State of Mississippi may, by written notice to the Seller, terminate the right of the Seller to proceed under this Agreement if it is found, after notice and hearing by the ITS Executive Director or his/her designee, that gratuities in the form of entertainment, gifts, jobs, or otherwise were offered or given by the Seller to any officer or employee of the State of Mississippi with a view toward securing this Agreement or securing favorable treatment with respect to the award, or amending or making of any determinations with respect to the performing of such contract, provided that the existence of the facts upon which the ITS Executive Director makes such findings shall be in issue and may be reviewed in any competent court. In the event this Agreement is terminated under this article, the State of Mississippi shall be entitled to pursue the same remedies against the Seller as it would pursue in the event of a breach of contract by the Seller, including punitive damages, in addition to any other damages to which it may be entitled at law or in equity. ARTICLE 10 INFRINGEMENT INDEMNIFICATION Seller represents and warrants that neither the software, its elements, nor the use thereof violates or infringes on any copyright, patent, trademark, servicemark, trade secret, or other proprietary right of any person or entity. Seller, at its own expense, shall defend or settle any and all infringement actions filed against Seller or Purchaser which involve the software provided under
RFP No.: 4011 Exhibit A: Standard Contract
Project No.: 42954 Revised: 6/20/2017
105
this Agreement and shall pay all settlements, as well as all costs, attorney fees, damages, and judgment finally awarded against Purchaser. If the continued use of the products for the purpose intended is threatened to be enjoined or is enjoined by any court of competent jurisdiction, Seller shall, at its expense: (a) first procure for Purchaser the right to continue using such products, or upon failing to procure such right; (b) modify or replace them with non-infringing products while maintaining substantially similar software functionality or data/informational content, or upon failing to secure either such right; (c) refund to Purchaser the software license fees previously paid by Purchaser for the products Purchaser may no longer use. Said refund shall be paid within ten (10) working days of notice to Purchaser to discontinue said use. ARTICLE 11 SOFTWARE SUPPORT AND MAINTENANCE 11.1 Prior to expiration of the Warranty Period, Seller shall notify Purchaser in writing of the impending warranty expiration, and Purchaser shall in turn notify Seller of its decision to either obtain software support or to forgo software support. Upon notification of intent to obtain software support, Seller shall provide Purchaser, for the fixed annual fee stated in Exhibit A, the software support services as herein described. 11.2 As part of the software support services, Seller will maintain the software in an operable condition according to the specifications contained in the technical manuals and as outlined in RFP No. 4011 and the Seller’s Proposal in response thereto. Seller shall furnish all updates, enhancements, or new versions of the software to Purchaser as they become available and shall make available to Purchaser during each annual maintenance period at least one (1) update to the software products that will incorporate any new features or enhancements to the licensed products. Seller shall also provide e-mail, fax, direct modem support, and unlimited toll-free telephone support in the operation of the software products twenty-four (24) hours a day, seven (7) days a week. The Seller will maintain a scheduled system availability uptime level of 99.1%, 24
hours a day, seven (7) days a week, 365/366 days a year. Scheduled uptime shall mean the time the user interface, database and connectivity are available for transactions and does exclude scheduled downtime for routine maintenance. The proposed solution consists of all system functions over which the Seller has direct control, either directly or through a subcontractor’s relationship. A week begins Sunday’s start and ends on Saturday’s end. It is understood by the parties that the Purchaser and Seller must mutually agree on whether an error is classified as a Severity Level 1, 2, 3, or 4 error.
11.3 Severity Level 1 shall be defined as an urgent situation occurring when the proposed solution is partially or fully inaccessible to end users. The Seller’s technical support staff shall accept the State’s call for assistance whenever the System is down. However, if Seller’s staff is not immediately available, the Seller shall return the Purchaser’s call within one (1) hour. The Seller shall resolve Severity Level 1 problems as quickly as possible which, on average, shall not exceed one (1) business day, unless otherwise authorized in writing by the Purchaser.
11.4 Severity Level 2 is when non-critical software System component(s) have a significant outage or a failure precluding their successful operation. The System component(s) may be operating but are severely restricted (e.g., a frequently used functionality gives an incorrect response). The Seller’s technical support staff shall accept the State’s call for assistance whenever the operation is severely restricted. However, if Seller’s staff is not immediately available, the Seller shall return the Purchaser’s call within one (1) hour. The Seller shall resolve Severity Level 2 problems as quickly as possible which, on average, shall not exceed two (2) business days, unless otherwise authorized in writing by the Purchaser.
RFP No.: 4011 Exhibit A: Standard Contract
Project No.: 42954 Revised: 6/20/2017
106
11.5 Severity Level 3 is when non-critical software System component(s) have a significant outage or a failure precluding their successful operation. The System component(s) may be operating but are severely restricted (e.g., the functionality gives an incorrect response). The Seller’s technical support staff shall accept the State’s call for assistance whenever the issue exists. However, if Seller’s staff is not immediately available, the Seller shall return the Purchaser’s call within two (2) hours. The Seller shall resolve Severity Level 3 problems as quickly as possible which, on average, shall not exceed five (5) business days, unless otherwise authorized in writing by the Purchaser.
11.6 Severity Level 4 is defined as a minor problem or question that does not affect the System's function (e.g., the text of a message is worded poorly or misspelled). The Seller’s technical support staff shall accept the State’s call for assistance whenever the problem exists. However, if Seller’s staff is not immediately available, the Seller shall return the Purchaser’s call within four (4) hours. The Seller shall resolve Severity Level 4 problems as quickly as possible which, on average, shall not exceed ten (10) business days, unless otherwise authorized in writing by the Purchaser.
11.7 Sixty (60) days prior to the expiration of the initial software support period or any renewal term thereof, Seller shall notify Purchaser in writing of the impending expiration, and Purchaser shall have thirty (30) days in which to notify Seller of its intentions to either renew or cancel any further software support. In no event shall the cost for software support increase by more than five (5%) per year. ARTICLE 12 EMPLOYMENT STATUS 12.1 Seller shall, during the entire term of this Agreement, be construed to be an independent contractor. Nothing in this Agreement is intended to nor shall it be construed to create an employer-employee relationship or a joint venture relationship. 12.2 Seller represents that it is qualified to perform the duties to be performed under this Agreement and that it has or will secure, if needed, at its own expense, applicable personnel who shall be qualified to perform the duties required under this Agreement. Such personnel shall not be deemed in any way, directly or indirectly, expressly or by implication, to be employees of Purchaser. Seller shall pay, when due, all salaries and wages of its employees, and it accepts exclusive responsibility for the payment of federal income tax, state income tax, social security, unemployment compensation, and any other withholdings that may be required. Neither Seller nor employees of Seller are entitled to state retirement or leave benefits. 12.3 Any person assigned by Seller to perform the services hereunder shall be the employee of Seller, who shall have the sole right to hire and discharge its employee. Purchaser may, however, direct Seller to replace any of its employees under this Agreement. If Seller is notified within the first eight (8) hours of assignment that the person is unsatisfactory, Seller will not charge Purchaser for those hours. 12.4 It is further understood that the consideration expressed herein constitutes full and complete compensation for all services and performances hereunder and that any sum due and payable to Seller shall be paid as a gross sum with no withholdings or deductions being made by Purchaser for any purpose from said contract sum. ARTICLE 13 BEHAVIOR OF EMPLOYEES/SUBCONTRACTORS Seller will be responsible for the behavior of all its employees and subcontractors while on the premises of any Purchaser location. Any employee or subcontractor acting in a manner
RFP No.: 4011 Exhibit A: Standard Contract
Project No.: 42954 Revised: 6/20/2017
107
determined by the administration of that location to be detrimental, abusive, or offensive to any of the staff will be asked to leave the premises and may be suspended from further work on the premises. All Seller employees and subcontractors who will be working at such locations to install or repair Products shall be covered by Seller’s comprehensive general liability insurance policy. ARTICLE 14 MODIFICATION OR RENEGOTIATION This Agreement may be modified only by written agreement signed by the parties hereto, and any attempt at oral modification shall be void and of no effect. The parties agree to renegotiate the Agreement if federal and/or state revisions of any applicable laws or regulations make changes in this Agreement necessary. ARTICLE 15 AUTHORITY, ASSIGNMENT AND SUBCONTRACTS 15.1 In matters of proposals, negotiations, contracts, and resolution of issues and/or disputes, the parties agree that Seller represents all contractors, third parties, and/or subcontractors Seller has assembled for this project. The Purchaser is required to negotiate only with Seller, as Seller’s commitments are binding on all proposed contractors, third parties, and subcontractors. 15.2 Neither party may assign or otherwise transfer this Agreement or its obligations hereunder without the prior written consent of the other party, which consent shall not be unreasonably withheld. Any attempted assignment or transfer of its obligations without such consent shall be null and void. This Agreement shall be binding upon the parties’ respective successors and assigns. 15.3 Seller must obtain the written approval of Purchaser before subcontracting any portion of this Agreement. No such approval by Purchaser of any subcontract shall be deemed in any way to provide for the incurrence of any obligation of Purchaser in addition to the total fixed price agreed upon in this Agreement. All subcontracts shall incorporate the terms of this Agreement and shall be subject to the terms and conditions of this Agreement and to any conditions of approval that Purchaser may deem necessary. 15.4 Seller represents and warrants that any subcontract agreement Seller enters into shall contain a provision advising the subcontractor that the subcontractor shall have no lien and no legal right to assert control over any funds held by the Purchaser, that the subcontractor acknowledges that no privity of contract exists between the Purchaser and the subcontractor, and that the Seller is solely liable for any and all payments which may be due to the subcontractor pursuant to its subcontract agreement with the Seller. The Seller shall indemnify and hold harmless the State from and against any and all claims, demands, liabilities, suits, actions, damages, losses, costs, and expenses of every kind and nature whatsoever arising as a result of Seller’s failure to pay any and all amounts due by Seller to any subcontractor, materialman, laborer, or the like. 15.5 All subcontractors shall be bound by any negotiation, arbitration, appeal, adjudication, or settlement of any dispute between the Seller and the Purchaser, where such dispute affects the subcontract. ARTICLE 16 AVAILABILITY OF FUNDS It is expressly understood and agreed that the obligation of Purchaser to proceed under this Agreement is conditioned upon the appropriation of funds by the Mississippi State Legislature and the receipt of state and/or federal funds for the performances required under this Agreement.
RFP No.: 4011 Exhibit A: Standard Contract
Project No.: 42954 Revised: 6/20/2017
108
If the funds anticipated for the fulfillment of this Agreement are not forthcoming or are insufficient, either through the failure of the federal government to provide funds or of the State of Mississippi to appropriate funds, or if there is a discontinuance or material alteration of the program under which funds were available to Purchaser for the payments or performance due under this Agreement, Purchaser shall have the right to immediately terminate this Agreement without damage, penalty, cost, or expense to Purchaser of any kind whatsoever. The effective date of termination shall be as specified in the notice of termination. Purchaser shall have the sole right to determine whether funds are available for the payments or performances due under this Agreement. ARTICLE 17 TERMINATION Notwithstanding any other provision of this Agreement to the contrary, this Agreement may be terminated, in whole or in part, as follows: (a) upon the mutual, written agreement of the parties; (b) by Purchaser, without the assessment of any penalties, upon thirty (30) days written notice to Seller, if Seller becomes the subject of bankruptcy, reorganization, liquidation, or receivership proceedings, whether voluntary or involuntary; (c) by Purchaser, without the assessment of any penalties, for any reason after giving thirty (30) days written notice specifying the effective date thereof to Seller; or (d) by either party in the event of a breach of a material term or provision of this Agreement where such breach continues for thirty (30) days after the breaching party receives written notice from the other party. Upon termination, Purchaser will be entitled to a refund of applicable unexpended prorated annual software support fees/charges, if any. In the event of termination, Seller shall be paid for satisfactory work completed or services rendered by Seller in connection with this Agreement and accepted by Purchaser as of the date of receipt of notification of termination. In no case shall said compensation exceed the total contract price. The provisions of this Article do not limit either party’s right to pursue any other remedy available at law or in equity. ARTICLE 18 GOVERNING LAW This Agreement shall be construed and governed in accordance with the laws of the State of Mississippi, and venue for the resolution of any dispute shall be Jackson, Hinds County, Mississippi. Seller expressly agrees that under no circumstances shall Purchaser or ITS be obligated to pay an attorney’s fee, prejudgment interest, or the cost of legal action to Seller. Further, nothing in this Agreement shall affect any statutory rights Purchaser may have that cannot be waived or limited by contract. ARTICLE 19 WAIVER Failure of either party hereto to insist upon strict compliance with any of the terms, covenants, and conditions hereof shall not be deemed a waiver or relinquishment of any similar right or power hereunder at any subsequent time or of any other provision hereof, nor shall it be construed to be a modification of the terms of this Agreement. A waiver by the State, to be effective, must be in writing, must set out the specifics of what is being waived, and must be signed by an authorized representative of the State. ARTICLE 20 SEVERABILITY If any term or provision of this Agreement is prohibited by the laws of the State of Mississippi or declared invalid or void by a court of competent jurisdiction, the remainder of this Agreement shall be valid and enforceable to the fullest extent permitted by law, provided that the State’s purpose for entering into this Agreement can be fully achieved by the remaining portions of the Agreement that have not been severed.
RFP No.: 4011 Exhibit A: Standard Contract
Project No.: 42954 Revised: 6/20/2017
109
ARTICLE 21 CAPTIONS The captions or headings in this Agreement are for convenience only and in no way define, limit, or describe the scope or intent of any provision or section of this Agreement. ARTICLE 22 HOLD HARMLESS To the fullest extent allowed by law, Seller shall indemnify, defend, save and hold harmless, protect, and exonerate Purchaser, ITS and the State, its Board Members, officers, employees, agents, and representatives from and against any and all claims, demands, liabilities, suits, actions, damages, losses, costs, and expenses of every kind and nature whatsoever, including, without limitation, court costs, investigative fees and expenses, attorney fees, and claims for damages arising out of or caused by Seller and/or its partners, principals, agents, employees, or subcontractors in the performance of or failure to perform this Agreement. ARTICLE 23 THIRD PARTY ACTION NOTIFICATION Seller shall notify Purchaser in writing within five (5) business days of Seller filing bankruptcy, reorganization, liquidation or receivership proceedings or within five (5) business days of its receipt of notification of any action or suit being filed or any claim being made against Seller or Purchaser by any entity that may result in litigation related in any way to this Agreement and/or which may affect the Seller’s performance under this Agreement. Failure of the Seller to provide such written notice to Purchaser shall be considered a material breach of this Agreement and the Purchaser may, at its sole discretion, pursue its rights as set forth in the Termination Article herein and any other rights and remedies it may have at law or in equity. ARTICLE 24 AUTHORITY TO CONTRACT Seller warrants that it is a validly organized business with valid authority to enter into this Agreement, that entry into and performance under this Agreement is not restricted or prohibited by any loan, security, financing, contractual, or other agreement of any kind, and notwithstanding any other provision of this Agreement to the contrary, that there are no existing legal proceedings or prospective legal proceedings, either voluntary or otherwise, which may adversely affect its ability to perform its obligations under this Agreement. ARTICLE 25 NOTICE Any notice required or permitted to be given under this Agreement shall be in writing and personally delivered or sent by electronic means, provided that the original of such notice is sent by certified United States mail, postage prepaid, return receipt requested, or overnight courier with signed receipt, to the party to whom the notice should be given at their business address listed herein. ITS’ address for notice is: Craig P. Orgeron, Ph.D., Executive Director, Mississippi Department of Information Technology Services, 3771 Eastwood Drive, Jackson, Mississippi 39211. Purchaser’s address for notice is: Mr. David Dzielak, Ph.D., Executive Director, Mississippi Division of Medicaid, 550 High Street, Suite 1000, Jackson, Mississippi 39201. The Seller’s address for notice is: VENDOR NOTICE INFORMATION. Notice shall be deemed given when actually received or when refused. The parties agree to promptly notify each other in writing of any change of address. ARTICLE 26 RECORD RETENTION AND ACCESS TO RECORDS Seller shall establish and maintain financial records, supporting documents, statistical records and such other records as may be necessary to reflect its performance of the provisions of this Agreement. The Purchaser, ITS, any state or federal agency authorized to audit Purchaser,
RFP No.: 4011 Exhibit A: Standard Contract
Project No.: 42954 Revised: 6/20/2017
110
and/or any of their duly authorized representatives, shall have unimpeded, prompt access to this Agreement and to any of the Seller’s proposals, books, documents, papers and/or records that are pertinent to this Agreement to make audits, copies, examinations, excerpts and transcriptions at the State’s or Seller’s office as applicable where such records are kept during normal business hours. All records relating to this Agreement shall be retained by the Seller for three (3) years from the date of receipt of final payment under this Agreement. However, if any litigation or other legal action, by or for the state or federal government has begun that is not completed at the end of the three (3) year period, or if an audit finding, litigation or other legal action has not been resolved at the end of the three (3) year period, the records shall be retained until resolution. ARTICLE 27 INSURANCE Seller represents that it will maintain workers’ compensation insurance as prescribed by law, which shall inure to the benefit of Seller’s personnel, as well as comprehensive general liability and employee fidelity bond insurance. Seller will, upon request, furnish Purchaser with a certificate of conformity providing the aforesaid coverage. ARTICLE 28 DISPUTES Any dispute concerning a question of fact under this Agreement, which is not disposed of by agreement of the Seller and Purchaser, shall be decided by the Executive Director of ITS or his/her designee. This decision shall be reduced to writing and a copy thereof mailed or furnished to the parties. Disagreement with such decision by either party shall not constitute a breach under the terms of this Agreement. Such disagreeing party shall be entitled to seek such other rights and remedies it may have at law or in equity. ARTICLE 29 COMPLIANCE WITH LAWS 29.1 Seller shall comply with and all activities under this Agreement shall be subject to all Purchaser policies and procedures and all applicable federal, state, and local laws, regulations, policies, and procedures as now existing and as may be amended or modified. Specifically, but not limited to, Seller shall not discriminate against any employee nor shall any party be subject to discrimination in the performance of this Agreement because of race, creed, color, sex, age, national origin, or disability. Further, if applicable, Seller shall comply with the provisions of the Davis-Bacon Act including, but not limited to, the wages, recordkeeping, reporting and notice requirements set forth therein. 29.2 Seller represents and warrants that it will comply with the state’s data breach notification laws codified at Section 75-24-29 of the Mississippi Code Annotated (Supp. 2012). Further, to the extent applicable, Seller represents and warrants that it will comply with the applicable provisions of the HIPAA Privacy Rule and Security Regulations (45 CFR Parts 160, 162 and 164) (“Privacy Rule” and “Security Regulations”, individually; or “Privacy and Security Regulations”, collectively); and the provisions of the Health Information Technology for Economic and Clinical Health Act, Title XIII of the American Recovery and Reinvestment Act of 2009, Pub. L. No. 111-5 (the “HITECH Act”). ARTICLE 30 CONFLICT OF INTEREST Seller shall notify Purchaser of any potential conflict of interest resulting from the representation of or service to other clients. If such conflict cannot be resolved to Purchaser's satisfaction, Purchaser reserves the right to terminate this Agreement. ARTICLE 31 SOVEREIGN IMMUNITY
RFP No.: 4011 Exhibit A: Standard Contract
Project No.: 42954 Revised: 6/20/2017
111
By entering into this Agreement with Seller, the State of Mississippi does in no way waive its sovereign immunities or defenses as provided by law. ARTICLE 32 CONFIDENTIAL INFORMATION 32.1 Seller shall treat all Purchaser data and information to which it has access by its performance under this Agreement as confidential and shall not disclose such data or information to a third party without specific written consent of Purchaser. In the event that Seller receives notice that a third party requests divulgence of confidential or otherwise protected information and/or has served upon it a subpoena or other validly issued administrative or judicial process ordering divulgence of such information, Seller shall promptly inform Purchaser and thereafter respond in conformity with such subpoena to the extent mandated by state and/or federal laws, rules, and regulations. This Article shall survive the termination or completion of this Agreement, shall continue in full force and effect, and shall be binding upon the Seller and its agents, employees, successors, assigns, subcontractors, or any party or entity claiming an interest in this Agreement on behalf of or under the rights of the Seller, following any termination or completion of this Agreement. 32.2 With the exception of any attached exhibits which are labeled as "confidential", the parties understand and agree that this Agreement, including any amendments and/or change orders thereto, does not constitute confidential information, and may be reproduced and distributed by the State without notification to Seller. ITS will provide third party notice to Seller of any requests received by ITS for any such confidential exhibits so as to allow Seller the opportunity to protect the information by court order as outlined in ITS Public Records Procedures. 32.3 The parties understand and agree that pursuant to §25-61-9(7) of the Mississippi Code of 1972, as amended, the contract provisions specifying the commodities purchased or the services provided; the price to be paid; and the term of this Agreement shall not be deemed confidential information. ARTICLE 33 EFFECT OF SIGNATURE Each person signing this Agreement represents that he or she has read the Agreement in its entirety, understands its terms, is duly authorized to execute this Agreement on behalf of the parties, and agrees to be bound by the terms contained herein. Accordingly, this Agreement shall not be construed or interpreted in favor of or against the State or the Seller on the basis of draftsmanship or preparation hereof. ARTICLE 34 OWNERSHIP OF DOCUMENTS AND WORK PRODUCTS All data, electronic or otherwise, collected by Seller and all documents, notes, programs, databases (and all applications thereof), files, reports, studies, and/or other material collected and prepared by Seller in connection with this Agreement, whether completed or in progress, shall be the property of Purchaser upon completion of this Agreement or upon termination of this Agreement. Purchaser hereby reserves all rights to the databases and all applications thereof and to any and all information and/or materials prepared in connection with this Agreement. Seller is prohibited from use of the above described information and/or materials without the express written approval of Purchaser. ARTICLE 35 NON-SOLICITATION OF EMPLOYEES Seller agrees not to employ or to solicit for employment, directly or indirectly, any of the Purchaser’s employees until at least one (1) year after the expiration/termination of this
RFP No.: 4011 Exhibit A: Standard Contract
Project No.: 42954 Revised: 6/20/2017
112
Agreement, unless mutually agreed to the contrary in writing by the Purchaser and the Seller, and provided that such an agreement between these two entities is not a violation of the laws of the State of Mississippi or the federal government. ARTICLE 36 ENTIRE AGREEMENT 36.1 This Agreement constitutes the entire agreement of the parties with respect to the subject matter contained herein and supersedes and replaces any and all prior negotiations, understandings, and agreements, written or oral, between the parties relating hereto, including all terms of any unsigned or “shrink-wrap” license included in any package, media, or electronic version of Seller-furnished software, or any “click-wrap” or “browse-wrap” license presented in connection with a purchase via the Internet. The RFP No. 4011 and Seller’s Proposal in response to RFP No. 4011 are hereby incorporated into and made a part of this Agreement. 36.2 The Agreement made by and between the parties hereto shall consist of and precedence is hereby established by the order of the following: A. This Agreement signed by both parties; B. Any exhibits attached to this Agreement; C. RFP No. 4011 and written addenda; and D. Seller’s Proposal, as accepted by Purchaser, in response to RFP No. 4011. 36.3 The intent of the above listed documents is to include all items necessary for the proper execution and completion of the services by the Seller. The documents are complementary, and what is required by one shall be binding as if required by all. A higher order document shall supersede a lower order document to the extent necessary to resolve any conflict or inconsistency arising under the various provisions thereof, provided, however, that in the event an issue is addressed in one of the above mentioned documents but is not addressed in another of such documents, no conflict or inconsistency shall be deemed to occur by reason thereof. The documents listed above are shown in descending order of priority, that is, the highest document begins with the first listed document (“A. This Agreement”) and the lowest document is listed last (“D. Seller’s Proposal”). ARTICLE 37 STATE PROPERTY AND LOCATION OF WORK 37.1 Seller shall be responsible for the proper custody of any Purchaser-owned property furnished for Seller’s use in connection with work performed pursuant to this Agreement. Seller shall reimburse the Purchaser for any loss or damage, normal wear and tear excepted. 37.2 All work provided in connection with this contract will be required to be performed on-site in the Purchaser’s offices in Jackson, Mississippi, unless written approval is received from the State. Seller accepts full responsibility for all problems arising out of a decision to perform off-site work. ARTICLE 38 SURVIVAL Articles 6, 9, 10, 11, 18, 26, 31, 32, 34, 35, and all other articles, which by their express terms so survive or which should so reasonably survive, shall survive any termination or expiration of this Agreement. ARTICLE 39 DEBARMENT AND SUSPENSION CERTIFICATION
RFP No.: 4011 Exhibit A: Standard Contract
Project No.: 42954 Revised: 6/20/2017
113
Seller certifies that neither it nor its principals: (a) are presently debarred, suspended, proposed for debarment, declared ineligible, or voluntarily excluded from covered transactions by any federal department or agency; (b) have, within a three (3) year period preceding this Agreement, been convicted of or had a civil judgment rendered against them for commission of fraud or a criminal offense in connection with obtaining, attempting to obtain, or performing a public (federal, state, or local) transaction or contract under a public transaction; violation of federal or state anti-trust statutes or commission of embezzlement, theft, forgery, bribery, falsification or destruction of records, making false statements, or receiving stolen property; (c) are presently indicted of or otherwise criminally or civilly charged by a governmental entity with the commission of fraud or a criminal offense in connection with obtaining, attempting to obtain, or performing a public (federal, state, or local) transaction or contract under a public transaction; violation of federal or state anti-trust statutes or commission of embezzlement, theft, forgery, bribery, falsification or destruction of records, making false statements, or receiving stolen property; and (d) have, within a three (3) year period preceding this Agreement, had one or more public transactions (federal, state, or local) terminated for cause or default. ARTICLE 40 COMPLIANCE WITH ENTERPRISE SECURITY POLICY Seller and Purchaser understand and agree that all products and services provided by Seller under this Agreement must be and remain in compliance with the State of Mississippi’s Enterprise Security Policy. The parties understand and agree that the State’s Enterprise Security Policy is based on industry-standard best practices, policy, and guidelines at the time of contract execution. The State reserves the right to introduce a new policy during the term of this Agreement and require the Seller to comply with same in the event the industry introduces more secure, robust solutions or practices that facilitate a more secure posture for the State of Mississippi. ARTICLE 41 STATUTORY AUTHORITY By virtue of Section 25-53-21 of the Mississippi Code Annotated, as amended, the Executive Director of ITS is the purchasing and contracting agent for the State of Mississippi in the negotiation and execution of all contracts for the acquisition of information technology equipment, software, and services. The parties understand and agree that ITS as contracting agent is not responsible or liable for the performance or non-performance of any of Purchaser’s or Seller’s contractual obligations, financial or otherwise, contained within this Agreement. The parties further acknowledge that ITS is not responsible for ensuring compliance with any guidelines, conditions, or requirements mandated by Purchaser’s funding source. ARTICLE 42 TRANSPARENCY In accordance with the Mississippi Accountability and Transparency Act of 2008, §27-104-151, et seq., of the Mississippi Code of 1972, as Amended, the American Accountability and Transparency Act of 2009 (P.L. 111-5), where applicable, and §31-7-13 of the Mississippi Code of 1972, as amended, where applicable, a fully executed copy of this Agreement and any subsequent amendments and change orders shall be posted to the State of Mississippi’s accountability website at: https://www.transparency.mississippi.gov. Prior to ITS posting the Agreement and any subsequent amendments and change orders to the website, any attached exhibits which contain trade secrets or other proprietary information and are labeled as “confidential” will be redacted by ITS. Notwithstanding the preceding, however, it is understood and agreed that pursuant to §25-61-9(7) of the Mississippi Code of 1972, as amended, the contract provisions specifying the commodities purchased or the services provided; the price to be paid; and the term of this Agreement shall not be deemed a trade secret or confidential commercial or financial information and shall thus not be redacted.
RFP No.: 4011 Exhibit A: Standard Contract
Project No.: 42954 Revised: 6/20/2017
114
ARTICLE 43 HOSTING SERVICES 43.1 Contractor shall be responsible for the following: A. Ensuring that all Deliverables are complete and accepted by Purchaser pursuant to the mutually agreed upon project work plan; B. Ensuring that the host site complies with PriorityOne of the World Wide Web Consortium’s (W3C’s) Web Accessibility Initiative and guidelines in Section 508 of the Rehabilitation Act that are not covered in W3C Priority; C. Ensuring that the site is accessible through Purchaser’s published universal resource locator (“URL”) rather than through Seller’s site address; D. Reviewing with Purchaser the Content a minimum of once a quarter to ensure that the Content remains timely and accurate and reaching an agreement with Purchaser as to reasonable timelines for implementing Content updates delivered to the Seller that will be posted on the site. As used herein, Content means any data provided by or through active users of the System; E. Tracking date sensitive items to ensure timely updates; F. All Content provided by the Purchaser and collected by the Software shall remain the sole and exclusive property of the Purchaser. Upon the termination or expiration of this Agreement, Seller shall, at no cost to Purchaser, provide such Content in its possession to the Purchaser in a format agreeable to Purchaser and pursuant to a mutually agreed upon release schedule; G. Working with Purchaser to achieve access rates that meet Purchaser’s needs; H. Providing security for the host site that is agreeable to Purchaser with Seller responsible for all necessary equipment and software related to security; I. Completing daily backups of the site; J. Notifying Purchaser at least three (3) business days prior to any anticipated service interruption, with said notice containing a general description of the reason for the service interruption; K. Proposing and adhering to a disaster recovery plan and providing access to such plan to the State, all at Seller’s expense; L. Participating with Purchaser in disaster recovery planning and testing based on a mutually agreed upon schedule; M. Maintaining the confidentiality of the data entered; N. Providing access to all of the technical information concerning operation of the site, including but not limited to, server specifications, Internet connection information, personnel requirements and software implementations, on an as-needed basis; O. Identifying any commercially available software, by vendor and version number, integrated into the products and describing the particular functionality of any software that is proprietary to the Seller; P. Providing 24x7x365 support of the web site, including sub-domain support; Q. Providing redundant internet connections; R. Providing Transport Layer Security (“TLS”) secure server support; S. Providing monthly reports containing line utilization, site availability statistics, network usage, security user access reports and system performance data to Purchaser; T. Maintaining sufficient bandwidth and server capacity to meet Purchaser and active users’ demand as it may fluctuate and increase during the term of this Agreement; U. Ensuring that all Purchaser data remains within the continental United States; V. Partitioning Purchaser’s data from other customer data so Purchaser’s access is not impaired due to e-discovery, seizure, or the like, and
RFP No.: 4011 Exhibit A: Standard Contract
Project No.: 42954 Revised: 6/20/2017
115
W. Ensuring that upon termination or expiration of this Agreement that transition of the site from the Seller to Purchaser or to a successor host will be accomplished at no expense to Purchaser, and with minimal interruption of the site’s accessibility and insignificant changes in the site’s appearance and functionality. 43.2 Seller shall provide the Purchaser with its standard managed firewall service, which shall enable secure delivery of Seller’s Services using fully redundant hardware-based firewalls. Seller’s managed firewall service will be available twenty-four (24) hours a day, seven (7) days a week. ARTICLE 44 DATA SECURITY 44.1 As part of the Services, Seller shall provide administrative, physical, and technical safeguards for protection of the security, confidentiality and integrity of Purchaser’s Content. Seller agrees to comply with all applicable privacy or data protection statutes, rules, or regulations governing the respective activities of the parties under this Agreement. 44.2 Prior to initiation of the Services under this Agreement and on an ongoing basis thereafter, Purchaser agrees to provide notice to Seller of any extraordinary privacy or data protection statutes, rules, or regulations which are or become applicable to Purchaser’s industry and which could be imposed on Seller as a result of provision of the Services. Purchaser will ensure that: (a) the transfer to Seller and storage of any protected health information (PHI) or personally identifiable information (PII) by Seller is permitted under applicable data protection laws and regulations; and, (b) Purchaser will obtain consents from individuals for such transfer and storage to the extent required under applicable laws and regulations. 44.3 Seller shall maintain a hosting environment that undergoes examinations from an independent auditor in accordance with the American Institute of Certified Public Accounts SSAE 16 (i.e. SOC 1) and the AICPA Trust Services Principles Section 100a, Trust Services for Security, Availability, Processing Integrity, Confidentiality and Privacy (i.e. SOC 2). Seller’s private cloud shall be evaluated for the principles of Security, Availability and Confidentiality by the independent auditor. The data center in which Seller’s private cloud is located shall undergo pertinent security examinations. Management access to Seller’s private cloud shall be limited to Seller’s authorized support staff and Purchaser’s authorized staff. The applications shall provide Purchaser with the ability to configure application security and logical access per Purchaser’s business processes. In the event Purchaser identifies a security issue, Purchaser will notify Seller. 44.4 At a minimum, Seller’s safeguards for the protection of PHI and PII shall include: (i) limiting access of PHI and PII to authorized employees; (ii) securing business facilities, data centers, paper files, servers, back-up systems and computing equipment, including, but not limited to, all mobile devices and other equipment with information storage capability; (iii) implementing network, device application, database and platform security; (iv) securing information transmission, storage and disposal; (v) implementing authentication and access controls within media, applications, operating systems and equipment; (vi) encrypting PII and PHI stored on any mobile media; (vii) encrypting PII and PHI transmitted over public or wireless networks; (viii) strictly segregating PII and PHI from information of Seller or its other customers so that PII and PHI is not commingled with any other types of information; (ix) implementing appropriate personnel security and integrity procedures and practices, including, but not limited to, conducting background checks consistent with applicable law; and (x) providing appropriate privacy and information security training to Seller’s employees. Any and all subcontractor’s shall adhere to the
RFP No.: 4011 Exhibit A: Standard Contract
Project No.: 42954 Revised: 6/20/2017
116
aforementioned protection and encryption (in transit and at rest) of PHI and PII, as well as follow the stated breach policy. 44.5 Seller will comply with all applicable federal and state laws to resolve security breaches, and, to the extent Seller is responsible for such security breaches, will cover the cost of remedial measures as required by such laws and otherwise consistent with this Agreement. Purchaser may seek equitable relief including a restraining order, injunctive relief, specific performance, and such other relief that may be available from a court in addition to any other remedy to which Purchaser may be entitled at law or in equity. Such remedies shall not be deemed to be exclusive but shall be in addition to all other remedies available at law or in equity. 44.6 At any time during the term of this Agreement at Purchaser’s request or upon the termination or expiration of this Agreement for any reason, Seller shall promptly return to Purchaser all copies, whether in written, electronic or other form or media, of PHI and PII in its possession, or securely dispose of all such copies, and certify in writing to Purchaser that such has been returned to Purchaser or disposed of securely. Seller shall comply with all reasonable directions provided by Purchaser with respect to the return or disposal of PHI and PII. 44.7 Upon Purchaser’s request, to confirm Seller’s compliance with this Agreement, as well as any applicable laws, regulations and industry standards, Seller grants or, upon Purchaser’s election, a third party on Purchaser’s behalf, permission to perform an assessment, audit, examination or review of all controls in Seller’s physical and/or technical environment in relation to all PHI or PII being handled and/or services being provided to Purchaser pursuant to this Agreement. Seller shall fully cooperate with such assessment by providing access to knowledgeable personnel, physical premises, Documentation, infrastructure and application software that processes, stores or transports PHI or PII for pursuant to this Agreement. 44.8 It is understood and agreed that at least once per year, Seller shall conduct site audits of the information technology and information security controls for all facilities used in complying with its obligations under this Agreement, including but not limited to, obtaining a network-level vulnerability assessment performed by a recognized third-party audit firm based on the recognized industry best practices. Seller shall make the reports available to Purchaser for review. Any exceptions noted on the Statement on Standards for Attestation Engagements (SSAE) report or other audit reports will be promptly addressed with the development and implementation of a corrective action plan by Seller’s management and resolved, at Seller’s sole expense, within thirty (30) calendar days of the audit. ARTICLE 45 ESCROW OF SOURCE CODE 45.1 With the execution of this Agreement, the Seller shall sign on to the MS ITS/NCC Group Three Party Escrow Agreement and maintain a current copy of the data dictionary, Documentation, object code, and source code in escrow. The escrow agreement shall authorize the NCC Group to release, at no cost to Purchaser, the data dictionary, Documentation, object code, and source code to Purchaser if and when Purchaser is deemed to have a right under this article. Purchaser shall pay all costs of providing and maintaining the escrow agreement, including the fees of the NCC Group. The copy of the source code placed in escrow shall be reproduced and maintained on by utilizing the secure online deposit update portal or disk using a commonly accepted data recording protocol. Program documentation sufficient to allow a competent programmer to use and maintain the source code programs must accompany the source code. When a change is made to the object code or source code by or on behalf of the Seller during the
RFP No.: 4011 Exhibit A: Standard Contract
Project No.: 42954 Revised: 6/20/2017
117
term of the escrow agreement, the revised code, including the change, shall be delivered to the NCC Group not later than thirty (30) calendar days after the change is effected by or on behalf of the Seller. 45.2 Provided that Purchaser is not then in substantial default under this Agreement, the Seller shall provide to Purchaser, at no cost and within ten (10) calendar days after receipt of Purchaser’s written request for it, one (1) complete copy of the data dictionary, Documentation, object code, and source code used in the preparation of the Software and custom modifications to the source code and object code as a result of this Agreement, brought up to date as of the date of delivery of such source code to Purchaser, upon the occurrence of any of the following events: (a) Seller’s cessation, for any reason, to do business; (b) Bankruptcy, receivership, insolvency, reorganization, dissolution, liquidation or other similar proceedings are instituted by or against Seller; (c) A general assignment for the benefit of creditors by Seller; (d) Seller discontinues providing maintenance of the software in accordance with its obligations pursuant to the Agreement; (e) Seller has breached (and if subject to a cure period, has not cured such breach within such period) a material term or condition of this Agreement or the Escrow Agreement; (f) Seller refused or fails to renew its maintenance and support obligations under this Agreement after Purchaser has requested such renewal; or (g) any or all material parts of the source code or object code are generally made available, with or without additional cost, to other users of comparable software. 45.3 Upon Purchaser’s written request, NCC Group shall promptly conduct, at Purchaser’s expense, a Verification of the deposit materials in accordance with Purchaser’s requirements and with the requirements herein stated. “Verification” as used herein, means a procedure or process to determine the accuracy, completeness, sufficiency and quality of the deposit materials at a level of detail reasonably requested by Purchaser. Verification may include, as required by Purchaser (or by a third party on behalf of Purchaser), file listing, compilation, size comparison, function comparison and on-line comparison services. A copy of the verification results shall be immediately provided by NCC Group to the State. 45.4 Purchaser (or a third party on behalf of Purchaser) reserves the right from time to time and at any time to cause Verification of the deposit materials and to examine the deposit materials to verify conformance to the requirements of RFP No. 4011, the Seller’s Proposal, as accepted by Purchaser, in response thereto, and this Agreement, all at Purchaser’s expense. Except as otherwise required by Purchaser (or by a third party on behalf of Purchaser and reasonably approved by Seller), all Verification tasks shall be performed solely by employees of NCC Group and, at Purchaser’s option, of Purchaser or a third party engaged by Purchaser (subject to Seller’s reasonable approval of Purchaser), without interference from Seller; provided, however, that if and to the extent requested by Purchaser (or by a third party on behalf of Purchaser), Seller shall at Seller’s expense provide to NCC Group and/or Purchaser all reasonably necessary assistance and cooperation in connection with the performance of any Verification. Any Technical Verification performed by NCC Group or a third party engaged by the escrow agent (and acceptable to Purchaser) shall be performed in a good, workmanlike, timely and professional manner by qualified persons fully familiar with the requirements, materials and technology involved in performing such Verifications. 45.5 Seller shall, at its expense, implement a procedure whereby the NCC Group shall notify Purchaser of all deposits to the software escrow based on software release updates. It is understood and agreed that updates shall occur at least on a quarterly basis.
RFP No.: 4011 Exhibit A: Standard Contract
Project No.: 42954 Revised: 6/20/2017
118
For the faithful performance of the terms of this Agreement, the parties have caused this Agreement to be executed by their undersigned representatives.
State of Mississippi, Department of Information Technology Services, on behalf of Mississippi Division of Medicaid
RFP No.: 4011 Exhibit B : DOM Business Associate Agreement
Project No.: 42954 Revised: 6/20/2017
120
EXHIBIT B DOM BUSINESS ASSOCIATE AGREEMENT
THE DIVISION OF MEDICAID
OFFICE OF THE GOVERNOR
STATE OF MISSISSIPPI
BUSINESS ASSOCIATE AGREEMENT
THIS BUSINESS ASSOCIATE AGREEMENT (“Agreement”) is entered into by and
between the DIVISION OF MEDICAID IN THE OFFICE OF THE GOVERNOR, an
administrative agency of the STATE OF MISSISSIPPI (hereinafter “DOM”), and
(hereinafter “Business Associate”),
hereinafter collectively referred to as the Parties, and modifies any other prior existing agreement
or contract for this purpose. In consideration of the mutual promises below and the exchange of
information pursuant to this Agreement and in order to comply with all legal requirements for the
protection of this information, the Parties therefore agree as follows:
I. RECITALS
a. DOM is a state agency that acts both as an employer and as a Health Plan for public benefit
with a principal place of business at 550 High Street, Suite 1000, Jackson, MS 39201.
b. Business Associate is a corporation qualified to do business in Mississippi that will act to
perform consulting services for DOM with a principal place of business at
.
c. Pursuant to the Health Insurance Portability and Accountability Act (“HIPAA”) of 1996 (as
amended by the Genetic Information Nondiscrimination Act (“GINA”) of 2008 and the Health
Information Technology for Economic and Clinical Health Act (“HITECH Act”), Title XIII of
Division A, and Title IV of Division B of the American Recovery and Reinvestment Act
(“ARRA”) of 2009) and its implementing regulations, including 45 C.F.R. Parts 160 and 164,
Subparts A and E (“Privacy Rule”), and Subparts A and C (“Security Rule”):
i. DOM, as a Covered Entity is required to enter into this Agreement to obtain satisfactory
assurances that Business Associate will comply with and appropriately safeguard all
Protected Health Information (“PHI”) used, disclosed, created, or received by Business
Associate for or on behalf of DOM, and
ii. Certain provisions of HIPAA and its implementing regulations apply to Business Associate
in the same manner as they apply to DOM and such provisions must be incorporated into
this Agreement.
d. DOM desires to engage Business Associate to perform certain functions for, or on behalf of,
DOM involving the Disclosure of PHI by DOM to Business Associate, or the creation or use
of PHI by Business Associate for or on behalf of DOM, and Business Associate desires to
perform such functions, as set forth in the Service Agreements which involve the exchange of
information, and wholly incorporated herein.
RFP No.: 4011 Exhibit B : DOM Business Associate Agreement
Project No.: 42954 Revised: 6/20/2017
121
II. DEFINITIONS
a. “Breach” shall mean the acquisition, access, use or disclosure of PHI in a manner not permitted
by the Privacy Rule which compromises the security or privacy of the PHI, and subject to the
exceptions set forth in 45 C.F.R. § 164.402.
b. “Business Associate” shall mean , including all
workforce members, representatives, agents, successors, heirs, and permitted assigns.
c. “Confidential Information” is construed broadly to mean all DOM information and data of any kind, including, but not limited to:
i. All data that is collected, stored, processed, or generated by or on behalf of DOM; ii. Any information from which an individual may be uniquely identified, including,
without limitation, an individual’s name, address, telephone number, social security
number, birth date, account numbers, and healthcare information;
iii. Protected Health Information (PHI) as defined by 45 C.F.R. § 160.103;
iv. Personally Identifiable Information (PII) which is defined by the United States
Government Accountability Office (GAO) as, “any information about an individual
maintained by an agency, including, any information that can be used to distinguish or
trace an individual’s identity, such as name, social security number, date and place of
birth, mother’s maiden name, or biometric records; and, any other information that is
linked or linkable to an individual, such as a medical, education, financial, and
employment information”;
v. All data provided to DOM by the Social Security Administration (SSA);
vi. All data and information provided to DOM by a Contractor, including data and
information the Contractor originally received from a subcontractor;
vii. Any reference to the identity, physical location, and financial information of a DOM
employee and any other personal information protected by federal and Mississippi law;
viii. Any reference to the identity, physical location, financial information, and medical
services of a DOM provider and any other DOM provider information protected by
federal and Mississippi law;
ix. All non-public DOM information, including financial statements, projections, business
customer lists, supplier agreements, partnership or joint venture agreements, service
agreements and contracts, sales and marketing plans, employee lists, policies and
procedures, information relating to processes, techniques, technologies, software
programs, source codes, schematics, designs, server and network configurations; and,
x. Any or all other sensitive, confidential, or proprietary information that has been
classified, marked, or announced as sensitive, confidential, or proprietary, or which,
because of the circumstances of disclosure or the nature of the information itself, would
be reasonably understood to be sensitive, confidential, or proprietary.
d. “Covered Entity” shall mean the Division of Medicaid in the Office of the Governor, an
administrative agency of the State of Mississippi.
e. “Data Aggregation” shall have the same meaning as the term “Data aggregation” in 45 C.F.R.
§ 164.501.
f. “Designated Record Set” shall have the same meaning as the term “Designated record set” in
45 C.F.R. § 164.501.
RFP No.: 4011 Exhibit B : DOM Business Associate Agreement
Project No.: 42954 Revised: 6/20/2017
122
g. “Disclosure” shall have the same meaning as the term “Disclosure” in 45 C.F.R. § 160.103.
h. “DOM” shall mean the Division of Medicaid in the Office of the Governor, an administrative
agency of the State of Mississippi.
i. “Health Plan” shall have the same meaning as the term “Health plan” in 45 C.F.R. § 160.103.
j. “Individual” shall have the same meaning as the term “Individual” in 45 C.F.R. § 160.103 and
shall include a person who qualifies as a personal representative in accordance with 45 C.F.R.
§ 164.502(g).
k. “Privacy Rule” shall mean the Standards for Privacy of Individually Identifiable Health
Information at 45 C.F.R. Parts 160 and 164, Subparts A and E.
l. “Protected Health Information” shall have the same meaning as the term “Protected health
information” in 45 C.F.R. § 160.103, limited to the information created or received by Business
Associate from or for or on behalf of DOM.
m. “Required by Law” shall have the same meaning as the term “Required by law” in 45 C.F.R.
§ 164.103.
n. “Secretary” shall mean the Secretary of the Department of Health and Human Services or
his/her designee.
o. “Security Incident” shall have the same meaning as the term “Security incident” in 45 C.F.R.
§ 164.304.
p. “Security Rule” shall mean the Security Standards for the Protection of Electronic Protected
Health Information at 45 C.F.R. Parts 160 and 164, Subparts A and C.
q. “Service Agreements” shall mean any applicable Memorandum of Understanding (“MOU”),
agreement, contract, or any other similar device, and any proposal or Request for Proposal
(“RFP”) related thereto and agreed upon between the Parties, entered into between DOM and
Business Associate.
r. “Standard” shall have the same meaning as the term “Standard” in 45 C.F.R. § 160.103.
s. “Unsecured Protected Health Information” shall have the same meaning as the term
“Unsecured protected health information” in 45 C.F.R. § 164.402.
t. “Use” shall have the same meaning as the term “use” in 45 C.F.R. § 160.103.
u. “Violation” or “Violate” shall have the same meaning as the terms “Violation” or “violate” in
45 C.F.R. § 160.103.
All other terms not defined herein shall have the meanings assigned in HIPAA and its
implementing regulations.
III. OBLIGATIONS AND ACTIVITIES OF BUSINESS ASSOCIATE
a. Business Associate agrees to not use or disclose PHI or other Confidential Information other
than as permitted or required by this Agreement or as Required by Law.
b. Business Associate agrees to use appropriate safeguards and comply, where applicable, with
the Security Rule, to prevent use or disclosure of PHI other than as provided for by this
Agreement.
c. Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is
known to Business Associate of a use or disclosure of PHI or other Confidential Information
by Business Associate in Violation of the requirements of this Agreement.
RFP No.: 4011 Exhibit B : DOM Business Associate Agreement
Project No.: 42954 Revised: 6/20/2017
123
d. Business Associate agrees to notify DOM without unreasonable delay, and no later than
seventy-two (72) hours after discovery of any actual or suspected Breach of Unsecured PHI,
all in accordance with 45 C.F.R. § 164.410. The notification shall include, to the extent possible
and subsequently as the information becomes available, the identification of all Individuals
whose Unsecured PHI is reasonably believed by Business Associate to have been Breached
along with any other available information that is required to be included in the notification to
the Individual, HHS, and/or the media, all in accordance with the data Breach notification
requirements set forth in 42 U.S.C. § 17932 and 45 C.F.R. Parts 160 and 164, Subparts A, D,
and E.
e. Once an actual or suspected Breach is reported to DOM, Business Associate agrees to provide
a written assessment to determine whether the incident is reportable within ten (10) working
days. An impermissible use or disclosure of protected health information is presumed to be a
Breach unless the Covered Entity or Business Associate, as applicable, demonstrates there is a
low probability the PHI has been compromised or one of the exceptions to the definition of
Breach applies, all in accordance with 45 C.F.R. §164.410.
f. Business Associate agrees to notify DOM without unreasonable delay, and no later than
seventy-two (72) hours after discovery, any use or disclosure of PHI not provided for by this
Agreement of which it becomes aware, and any Security Incident of which it becomes aware.
g. Business Associate agrees to ensure that any subcontractors that create, receive, maintain, or
transmit PHI or Confidential Information on behalf of the Business Associate agree to the same
restrictions and conditions that apply to the Business Associate with respect to such
information, in accordance with 45 C.F.R. §§ 164.308 and 164.502.
h. Business Associate agrees to ensure that any subcontractors that create, receive, maintain, or
transmit electronic PHI on behalf of Business Associate agree to comply with the applicable
requirements of the Security Rule and Privacy Rule by entering into a Business Associate
Agreement, in accordance with 45 C.F.R. §§ 164.308, 164.314, 164.502, and 164.504, and
Business Associate shall provide DOM with a copy of all such executed agreements between
Business Associate and Business Associate’s subcontractors. Business Associate understands
that submission of their subcontractors’ Business Associate Agreement(s) to DOM does not
constitute DOM approval of any kind, including of the use of such subcontractors or of the
adequacy of such agreements.
i. Business Associate agrees to provide access, at the request of DOM, and in the time and
manner designated by DOM, to PHI in a Designated Record Set, to DOM or, as directed by
DOM, to an Individual in order to meet the requirements under 45 CFR § 164.524.
j. Business Associate agrees to make any amendment(s) to PHI in a Designated Record Set that
DOM directs or agrees to pursuant to 45 CFR § 164.526 at the request of DOM or an
Individual, and in the time and manner designated by DOM.
k. Business Associate agrees to document such Disclosures of PHI and information related to
such Disclosures as would be required for DOM to respond to a request by an Individual for
an accounting of Disclosures of PHI in accordance with 45 CFR § 164.528. Business Associate
agrees to retain such documentation for at least six (6) years after the date of disclosure; the
provisions of this section shall survive termination of this Agreement for any reason.
l. Business Associate agrees to provide to DOM or an Individual, in a time and manner
designated by DOM, information collected in accordance with section (III)(j) of this
RFP No.: 4011 Exhibit B : DOM Business Associate Agreement
Project No.: 42954 Revised: 6/20/2017
124
Agreement, to permit DOM to respond to a request by an Individual for an accounting of
Disclosures of PHI in accordance with 45 CFR § 164.528.
m. Business Associate agrees that it shall only use or disclose the minimum PHI necessary to perform functions, activities, or services for, or on behalf of, DOM as specified in the Service Agreements. Business Associate agrees to comply with any guidance issued by the Secretary on what constitutes “minimum necessary” for purposes of the Privacy Rule, and any minimum necessary policies and procedures communicated to Business Associate by DOM.
n. Business Associate agrees that to the extent that Business Associate carries out DOM’s
obligations under the Privacy Rule, Business Associate will comply with the requirements of
the Privacy Rule that apply to DOM in the performance of such obligation.
o. Business Associate agrees to make internal practices, books, and records, including policies
and procedures and PHI, relating to the use and disclosure of PHI received from, created, or
received by Business Associate on behalf of DOM available to the Secretary for purposes of
determining DOM's compliance with the Privacy Rule.
p. Business Associate agrees that nothing in this Agreement shall permit Business Associate to
access, store, share, maintain, transmit or use or disclose PHI in any form via any medium with
any third party, including Business Associate’s subcontractors, beyond the boundaries and
jurisdiction of the United States without express written authorization from DOM.
q. Business Associate agrees that all DOM data shall not be co-mingled with other trading
partner’s data, and shall be easily identifiable and exportable. DOM Data shall be stored in an
individual structure in accordance with the following: Business Associate shall create an
instance (single-tenant) of the particular database software utilized by Business Associate, and
only DOM data shall reside in that instance of the database. The intent of this section is not to
require separate procurement of hardware specific to DOM, however DOM data must not
reside in a database that contains other entities’ data.
r. Business Associate agrees that all DOM data will be encrypted using industry standard
algorithms Triple DESDESK, AES or SSL/TLS.
s. Business Associate agrees to comply with the State of Mississippi ITS Enterprise Security
Policy, which will be provided upon request.
t. The provisions of the HITECH Act that apply to Business Associate and are required to be
incorporated by reference in a business associate agreement are hereby incorporated into this
Agreement, including, without limitation, 42 U.S.C. §§ 17935(b), (c), (d) and (e), and 17936(a)
and (b), and their implementing regulations.
u. Without limitation of the foregoing:
i. Pursuant to 42 U.S.C. § 17931(a), the following sections of the Security Rule shall apply
to Business Associate in the same manner as they apply to DOM: 45 C.F.R. §§ 164.308
Safeguards); and 164.316 (Policies and procedures and documentation requirements).
ii. 42 U.S.C. §§ 17931(b) and 17934(c), and their implementing regulations, each apply to
Business Associate with respect to its status as a business associate to the extent set forth
in each such section.
IV. PERMITTED USES AND DISCLOSURES BY BUSINESS ASSOCIATE
RFP No.: 4011 Exhibit B : DOM Business Associate Agreement
Project No.: 42954 Revised: 6/20/2017
125
a. General Use and Disclosure Provisions: Subject to the terms of this Agreement, Business
Associate may Use or Disclose PHI to perform functions, activities, or services for, or on behalf
of, DOM as specified in the Service Agreements, provided that such Use or Disclosure would
not violate what is required by Law or the Privacy Rule if done by DOM, except for the specific
Uses and Disclosures set forth below, for the purpose of performing the Service Agreements.
b. Specific Use and Disclosure Provisions:
i. Business Associate may use PHI, if necessary, for the proper management and
administration of the Business Associate or to carry out the legal responsibilities of the
Business Associate under the Service Agreements entered into between DOM and Business
Associate.
ii. Business Associate may disclose PHI for the proper management and administration of the
Business Associate or to carry out the legal responsibilities of the Business Associate,
provided that Disclosures are Required by Law, or Business Associate obtains reasonable
assurances from the person to whom the information is disclosed that it will remain
confidential and used or further disclosed only as Required by Law or for the purpose for
which it was disclosed to the person, and the person notifies the Business Associate of any
instances of which it is aware in which the confidentiality of the information has been
Breached.
iii. If Business Associate must disclose PHI pursuant to law or legal process, Business Associate shall notify DOM without unreasonable delay and at least five (5) days in advance of any disclosure so that DOM may take appropriate steps to address the disclosure, if needed.
iv. Business Associate may use PHI to provide Data Aggregation services exclusively to DOM
as permitted by 42 C.F.R. § 164.504(e)(2)(i)(B).
V. OBLIGATIONS OF DOM
a. DOM shall provide Business Associate with the Notice of Privacy Practices that DOM
produces in accordance with 45 C.F.R. § 164.520, attached hereto as Attachment “A” and
wholly incorporated herein, as well as any changes to such Notice of Privacy Practices.
b. DOM shall notify Business Associate of any limitation(s) in its Notice of Privacy Practices to
the extent that such limitation may affect Business Associate's use or disclosure of PHI.
c. DOM shall notify Business Associate of any changes in, or revocation of, permission by an
Individual to use or disclose PHI, to the extent that such changes may affect Business
Associate's use or disclosure of PHI.
d. DOM shall notify Business Associate of any restriction to the use or disclosure of PHI that
DOM has agreed to in accordance with 45 C.F.R. § 164.522, to the extent that such restriction
may affect Business Associate's use or disclosure of PHI.
e. Permissible Requests by DOM: DOM shall not request Business Associate to use or disclose
PHI in any manner that would not be permissible under the Privacy Rule if done by DOM,
except as provided for in section (IV)(b) of this Agreement.
VI. TERM AND TERMINATION
RFP No.: 4011 Exhibit B : DOM Business Associate Agreement
Project No.: 42954 Revised: 6/20/2017
126
a. Term. For all new Service Agreements entered into between DOM and Business Associate,
the effective date of this Agreement is the effective date of the Service Agreements entered
into between DOM and Business Associate. For any ongoing Service Agreements entered into
between DOM and Business Associate, the effective date of this Agreement is the date first
herein written. This Agreement shall terminate when all of the PHI provided by DOM to
Business Associate, or created or received by Business Associate on behalf of DOM, is
destroyed or returned to DOM, or, if it is infeasible to return or destroy PHI, protections are
extended to such information, in accordance with the termination provisions in this section.
Termination of this Agreement shall automatically terminate the Service Agreements.
b. Termination for Cause. Upon DOM's knowledge of a material Breach or Violation by Business
Associate, DOM shall, at its discretion, either:
i. provide an opportunity for Business Associate to cure the Breach or end the Violation and
terminate this Agreement and the associated Service Agreements, if Business Associate
does not cure the Breach or end the Violation within the time specified by DOM, or
ii. immediately terminate this Agreement and the associated Service Agreements if Business
Associate has Breached a material term of this Agreement and cure is not possible.
c. Effect of Termination.
i. Upon termination of this Agreement, for any reason, Business Associate shall return or
destroy all PHI received from, or created or received by Business Associate on behalf of,
DOM in accordance with State and Federal retention guidelines. This provision shall apply
to PHI that is in the possession of subcontractors or agents of Business Associate. Business
Associate shall retain no copies of the PHI.
ii. In the event that Business Associate determines that returning or destroying the PHI is
infeasible, Business Associate shall provide to DOM notification of the conditions that
make return or destruction infeasible. Upon notification in writing that return or destruction
of PHI is infeasible, Business Associate shall extend the protections of this Agreement to
such PHI and limit further Uses and Disclosures to those purposes that make the return or
destruction infeasible, for so long as Business Associate maintains such PHI.
VII. MISCELLANEOUS
a. Statutory and Regulatory References. A reference in this Agreement to a section in HIPAA,
its implementing regulations, or other applicable law means the section as in effect or as
amended, and for which compliance is required.
b. Amendments/Changes in Law.
i. General. Modifications or amendments to this Agreement may be made upon mutual
agreement of the Parties, in writing signed by the Parties hereto and approved as required
by law. No oral statement of any person shall modify or otherwise affect the terms,
conditions, or specifications stated in this Agreement. Such modifications or amendments
signed by the Parties shall be attached to and become part of this Agreement.
RFP No.: 4011 Exhibit B : DOM Business Associate Agreement
Project No.: 42954 Revised: 6/20/2017
127
ii. Amendments as a Result of Changes in the Law. The Parties agree to take such action as
is necessary to amend this Agreement as is necessary to effectively comply with any
subsequent changes or clarifications of statutes, regulations, or rules related to this
Agreement. The Parties further agree to take such action as is necessary to comply with
the requirements of HIPAA, its implementing regulations, and other applicable law relating
to the security and privacy of PHI.
iii. Procedure for Implementing Amendments as a Result of Changes in Law. In the event that
there are subsequent changes or clarifications of statutes, regulations or rules relating to
this Agreement, or the Parties’ compliance with the laws referenced in section (VII)(c)(ii)
of this Agreement necessitates an amendment, the requesting party shall notify the other
party of any actions it reasonably deems are necessary to comply with such changes or to
ensure compliance, and the Parties promptly shall take such actions. In the event that there
shall be a change in the federal or state laws, rules or regulations, or any interpretation of
any such law, rule, regulation, or general instructions which may render any of the material
terms of this Agreement unlawful or unenforceable, or materially affects the financial
arrangement contained in this Agreement, the Parties may, by providing advanced written
notice, propose an amendment to this Agreement addressing such issues.
c. Survival. The respective rights and obligations of Business Associate provided for in sections
(III)(j) and (VI)(c) of this Agreement shall survive the termination of this Agreement.
d. Interpretation. Any ambiguity in this Agreement shall be resolved to permit DOM to comply
with HIPAA, its implementing regulations, and other applicable law relating to the security
and privacy of PHI.
e. Indemnification. To the fullest extent allowed by law, Business Associate shall indemnify,
defend, save and hold harmless, protect, and exonerate DOM, its employees, agents, and
representatives, and the State of Mississippi from and against all claims, demands, liabilities,
suits, actions, damages, losses, and costs of every kind and nature whatsoever including,
without limitation, court costs, investigative fees and expenses, and attorney’s fees, arising out
of or caused by Business Associate and/or its partners, principals, agents, and employees in
the performance of or failure to perform this Agreement. In DOM’s sole discretion, Business
Associate may be allowed to control the defense of any such claim, suit, etc. In the event
Business Associate defends said claim, suit, etc., Business Associate shall use legal counsel
acceptable to DOM. Business Associate shall be solely responsible for all costs and/or
expenses associated with such defense, and DOM shall be entitled to participate in said
defense. Business Associate shall not settle any claim, suit, etc. without DOM’s concurrence,
which DOM shall not unreasonably withhold.
DOM’s liability, as an entity of the State of Mississippi, is determined and controlled in
accordance with Mississippi Code Annotated § 11-46-1 et seq., including all defenses and
exceptions contained therein. Nothing in this Agreement shall have the effect of changing or
altering the liability or of eliminating any defense available to the State under statute.
f. Disclaimer. DOM makes no warranty or representation that compliance by Business Associate
with this Agreement, HIPAA, its implementing regulations, or other applicable law will be
adequate or satisfactory for Business Associate’s own purposes or that any information in
RFP No.: 4011 Exhibit B : DOM Business Associate Agreement
Project No.: 42954 Revised: 6/20/2017
128
Business Associate’s possession or control, or transmitted or received by Business Associate,
is or will be secure from unauthorized Use or Disclosure. Business Associate is solely
responsible for all decisions made by Business Associate regarding the safeguarding of PHI.
g. Notices. Any notice from one party to the other under this Agreement shall be in writing and
may be either personally delivered, emailed, or sent by registered or certified mail in the United
States Postal Service, Return Receipt Requested, postage prepaid, addressed to each party at
the addresses which follow or to such other addresses provided for in this Agreement or as the
Parties may hereinafter designate in writing:
DOM: Privacy Officer
Office of the Governor
Division of Medicaid
550 High Street, Suite 1000
Jackson, MS 39201
Business Associate: (Business Associate’s designated
Contact for notification and
mailing address- Typed or Printed)
Any such notice shall be deemed to have been given as of the date transmitted.
h. Severability. It is understood and agreed by the Parties hereto that if any part, term, or provision
of this Agreement is by the courts or other judicial body held to be illegal or in conflict with
any law of the State of Mississippi or any federal law, the validity of the remaining portions or
provisions shall not be affected and the obligations of the parties shall be construed in full force
as if the Agreement did not contain that particular part, term, or provision held to be invalid.
i. Applicable Law. This Agreement shall be construed broadly to implement and comply with the requirements relating to HIPAA and its implementing regulations. All other aspects of this Agreement shall be governed by and construed in accordance with the laws of the State of Mississippi, excluding its conflicts of laws provisions, and any litigation with respect thereto shall be brought in the courts of the State. Business Associate shall comply with applicable federal, state, and local laws, regulations, policies, and procedures as now existing and as may be amended or modified. Where provisions of this Agreement differ from those mandated by such laws and regulations, but are nonetheless permitted by such laws and regulations, the provisions of this Agreement shall control.
j. Non-Assignment and Subcontracting. Business Associate shall not assign, subcontract, or
otherwise transfer this Agreement, in whole or in part, without the prior written consent of
DOM. Any attempted assignment or transfer of its obligations without such consent shall be
null and void. No such approval by DOM of any subcontract shall be deemed in any way to
provide for the incurrence of any obligation of DOM in addition to the total compensation
agreed upon in this Agreement. Subcontracts shall be subject to the terms and conditions of
this Agreement and to any conditions of approval that DOM may deem necessary. Subject to
the foregoing, this Agreement shall be binding upon the respective successors and assigns of
RFP No.: 4011 Exhibit B : DOM Business Associate Agreement
Project No.: 42954 Revised: 6/20/2017
129
the parties. DOM may assign its rights and obligations under this Agreement to any successor
or affiliated entity.
k. Entire Agreement. This Agreement contains the entire agreement between the Parties and
supersedes all prior discussions, instructions, directions, understandings, negotiations,
agreements, and services for like services.
l. No Third Party Beneficiaries. Nothing express or implied in this Agreement is intended to
confer, nor shall anything herein confer, upon any person other than the Parties and their
respective successors, heirs, or permitted assigns, any rights, remedies, obligations, or
liabilities whatsoever.
m. Assistance in Litigation or Administrative Proceedings. Business Associate shall make itself
and any workforce members, contractors, subcontractors, representatives, agents, affiliates, or
subsidiaries assisting Business Associate in the fulfillment of its obligations under this
Agreement, available to DOM, at no cost to DOM, to testify as witnesses, or otherwise, in the
event of litigation or administrative proceedings being commenced against DOM, its directors,
officers, or any other workforce member based upon claimed Violation of HIPAA, its
implementing regulations, or other applicable law, except where Business Associate or its
workforce members, contractors, subcontractors, representatives, agents, affiliates, or
subsidiaries are a named adverse party.
IN WITNESS WHEREOF, the Parties hereto have duly executed this Business Associate
Agreement to be effective on the date provided for in section (VI)(a) of this Agreement.
For Business Associate:
By:
(Name of Business Associate Representative – Typed or Printed)
