ATTACHMENT 1 Government... · Web viewATTACHMENT 1 List of Military Treatment Facilities 47. ATTACHMENT 2 Consolidated Servers 49 . PERFORMANCE WORK STATEMENT (PWS) THIRD PARTY

PERFORMANCE WORK STATEMENT

for

AFMS

Military Treatment Facility Third Party Collection Program

Contract Number TBD

3 October 2019

Solicitation Number / Contract Number TBDInsert Date, Mod #

TABLE OF CONTENTS

Page1.0 DESCRIPTION OF SERVICES 4

1.1 Background 41.2 Scope 41.3 Implementation 4

2.0 GENERAL INFORMATION 42.1 Contractor Identification 42.2 Contractor Training 52.3 Contractor and Government Communication 62.4 Place of Performance 62.5 Travel Requirements 62.6 Mission and Emergency Essential 62.7 Duty Hours 62.8 Federal Holidays 62.9 Conduct of Contractor Personnel 62.10 Health Requirements 62.11Access to the GBS 6

3.0 CONTRACT REQUIREMENTS 83.1 Third Party Collections 83.2 Security Requirements 143.3 Contractor Manpower Reporting Requirements Application 173.4 Quality Control Plan 173.5 Post-Award and Initial Contract Performance Meeting 183.6 Invoices 18 3.7 Business Process 18 3.8 Human Resource Management Plan 183.9 Transition Plan 183.10 Medical Expense and Performance Reporting System 19 3.11Customer Satisfaction 193.12Contractor Qualifications 193.13Continuity of Services 213.14 Additional Administrative Considerations 213.15PII and PHI 22

4.0 PERFORMANCE OBJECTIVE 234.1 Services Summary 234.2 Services Summary Table 23

5.0 GOVERNMENT FURNISHED PROPERTY 24

6.0 DELIVERABLES 25

7.0 APPENDICES APPENDIX A Acronyms 27APPENDIX B Business Associate Agreement 29

2


APPENDIX C Non-Disclosure Agreement 36APPENDIX D Publications and Forms 38APPENDIX E Health Insurance Portability and Accountability Act 41APPENDIX F Contractor Full-Time Equivalent Reporting Addendum 46

8.0 ATTACHMENT 1 List of Military Treatment Facilities 47ATTACHMENT 2 Consolidated Servers 49

3


PERFORMANCE WORK STATEMENT (PWS)THIRD PARTY COLLECTION PROGRAM

1. DESCRIPTION OF SERVICES

1.1. Background. In accordance with U.S. Code 1095 and 1079b, the Code of Federal Regulations, and Department of Defense (DoD) directives, the Government is authorized to recover the cost of providing health care services to covered DoD beneficiaries from third party payers under the Third Party Collection Program (TPCP). Under this program, the Government bills for medical services provided in DoD/Defense Health Agency (DHA) military treatment facilities (MTFs) and professional services rendered by MTF providers at civilian facilities. The Government also bills third party payers for care provided to non-beneficiaries who are authorized care in the facility, foreign nationals, and civilian emergency patients who carry Other Health Insurance (OHI). All patients, excluding active duty, are required to provide information regarding OHI coverage annually or upon a change in coverage status.

1.2. Scope. The purpose of this contract is to perform OHI billing and collection activities for the DHA MTFs, using a Government-provided medical billing program (herein referred to as the Government Billing Solution or “GBS”). Billing and collection activities shall include: identification and verification of OHI provided on the paper or electronic DD 2569, as well as update of collected OHI information in the GBS, direct billing of third party payers, ongoing follow-up actions for unpaid claims to include denials management processes, posting payments, conducting valid write-offs and referral of delinquent claims. This contract will not include first party billing to beneficiaries, interagency billing, billing for Elective Cosmetic Surgery procedures, copying charges, or incidental charges (family member rate) for inpatient stays. The contractor shall be required to conduct balance billing for non-beneficiaries only. The successful Offeror shall:

1.2.1. Adhere to all applicable U.S. Codes, the Code of Federal Regulations, DoD Guidance, Air Force Instructions (AFI) and Manuals (AFMAN), Centers for Medicare and Medicaid Services guidance, and DHA Policy regarding billing and collection activities (those in effect at the time of contract award and any changes made throughout the contract period of performance).

1.2.2. Adhere to all DoD and DHA published guidance and regulations regarding financial reporting.

1.3. Implementation: This contract shall include all MTFs identified in Attachment 1 – List of Military Treatment Facilities (MTFs).

2. GENERAL INFORMATION

2.1. Contractor Identification. Within 10 calendar days following notification of contract award, the Contractor shall provide, in writing to the Contracting Officer (CO) and the Contracting Officer’s Representative (COR), the name of the Contractor Representative responsible for coordination and implementation of contract services. Additionally, the representative shall be available telephonically to the CO/COR during normal duty hours to discuss any problem that may arise concerning contractual matters relating to daily operation of the contract.

4


2.1.1. The Contractor shall notify the CO/COR at least five calendar days in advance of any change or replacement actions concerning the individual selected to be the Contractor Representative after the contract period of performance begins. Such notification shall be in writing and shall state the name and telephone number of the new Contractor Representative.

2.1.2. The Contractor Representative shall advise the CO/COR 30 calendar days in advance of any foreseeable event that could affect performance of these contract requirements. Personnel changes, to include scheduled and unscheduled absences of contract personnel shall be reported to the COR as soon as possible. The Contractor Representative shall also provide a written plan for continued support until the departing Contractor employee is replaced.

2.2. Contractor Training. The contractor is required to complete any Government required Contractor training listed below:

2.2.1. Basic Life Support Certification. At a minimum, any Contractor personnel working within an MTF must maintain either current certification in the American Heart Association Basic Life Support (BLS) (Course C) or the American Red Cross CPR/BLS (Heart Saver) Course. Initial training must be obtained in the community at no cost to the Government so that Contractor employees arrive in the position fully qualified. The Government may offer refresher training for contract workers on a space available basis. If training is received within the facility, the time will not be billable to the Government. The Government will not pay for recertification training obtained outside the MTF.

2.2.2. Privacy Act and HIPAA Training. The Contractor shall ensure that all staff, including sub-contractors and consultants, comply with the training requirements of the Privacy Act of 1974 (5 U.S.C. 552a) and Health Insurance Portability and Accountability Act of 1996 (Pub. L. 104-191). The training requirements are mandated by Office of the Secretary of Defense (OSD) Memorandum 15041-07, “Safeguarding Against and Responding to the Breach of Personally Identifiable Information”: DoD 6025.18-R, “DoD Health Information Privacy Regulation”, January 24, 2003; and the TMA Workforce Training Policy Memorandum, dated May 28, 2008, on the subject, “Workforce Training Policy Pursuant to the Department of Defense Privacy Act Regulations and the Department of Defense Health Insurance Portability and Accountability Act Privacy and Security Regulations”.

2.2.3. The Contractor shall ensure that the annual Privacy Act and HIPAA Privacy and Security training is completed by all staff assigned to or performing on this contract, including sub-contractors and consultants. All required Privacy Act and HIPAA training will be conducted online through Joint Knowledge Online (JKO) at https://jkodirect.jten.mil or the current MHS/DHA learning management system in place to deliver training to meet the above requirements. The Contractor shall ensure all employees and sub-contractors supply a certificate of Privacy Act and HIPAA training completion to the COR within 30 days of being assigned to the contract and on an annual basis based on the trainee’s birth month thereafter.

2.2.4. Records Management. When creating and maintaining official Government records, the Contractor shall comply with all federal requirements established by 44 USC, 41 USC, 36 CFR, DoD Administrative Instruction No. 15 (DoD AI-15), “Records Management, Administrative Procedures and Records Disposition Schedules,” and Chapter 2 of the TRICARE Operations Manual.

5

https://jkodirect.jten.mil/


2.3. Contractor/Government Communication. The Contractor shall designate a Focal Point to be the single point of contact for all Contractor and Government correspondence. The Focal Point shall provide clear and consistent written and verbal response to Government within 12 business hours of Government initiated communication (e.g., return phone calls, emails or other communication).

2.4. Place of Performance. The Contractor shall determine the appropriate staffing and placement of contractor staff necessary to carry out the services under this contract in coordination with the COR.

2.5. Travel Requirements. Travel may be required during the performance period of this contract at the request of the Government and within the Continental United States (CONUS) and Outside Continental United States (OCONUS). Dates and destinations are not available at this time.

2.6. Mission/Emergency Essential. None of the services listed in this PWS are mission/emergency essential.

2.7. Duty Hours. Normal duty hours are 7:30 am to 4:30 pm, Monday through Friday (excluding Federal Holidays) and Family/Down Days when published.

2.8. Federal Holidays. Federal offices are closed on New Year’s Day, Dr. Martin Luther King, Jr. Birthday, Presidents Day, Memorial Day, Independence Day, Labor Day, Columbus Day, Veteran’s Day, Thanksgiving Day, and Christmas Day.

2.9. Conduct of Contractor Personnel. The CO may require the Contractor to remove from the job site Contractor personnel working under this contract. Removal from the job site or dismissal from the premises shall not relieve the Contractor of the contract requirements.

2.9.1. The Contractor shall not employ individuals who are potential threats to health, safety, security, general well-being, or the operational mission of the DoD and its population. This shall include individuals who are a potential threat because of prior felony convictions (reference Automated Information Systems (AIS) III Security Requirements, section 3.2 below). The Government reserves the right to refuse access to Government facilities and/or operations under this contract to any Contractor employee, or prospective employee, who is identified as a potential threat to the health, safety, security, general well-being, or operational mission of the AF and its population.

2.9.2. The Contractor shall ensure all government-issued identification badges, keys, and equipment (as appropriate) are returned to the COR or MTF Security Manager when an individual leaves employment under this contract and/or upon expiration of this contract.

2.9.3. English Language Requirement: Contractor employees shall read, understand, speak, and write English fluently.

2.9.4. Contractor personnel shall be required to observe Government facility parking, safety and traffic regulations that apply to all facility employees.

6


2.9.5. Alcoholic beverages on the job are prohibited.

2.9.6. There shall be no loud, profane or abusive language used on the job.

2.9.7. Contractor personnel shall present a neat well-groomed appearance. Neat, clean, casual business attire clothing shall be worn.

2.10. Health Requirements:

2.10.1. In accordance with AFI 48-105, all Contractor employees shall follow the methods for controlling and preventing disease as described in the American Public Health Association publication, Control of Communicable Diseases Manual, and the Centers for Disease Control and Prevention (CDC) publication, Morbidity and Mortality Weekly Report (MMWR), and its supplements. Where applicable, the most recent guidelines from these publications are utilized as the standard.

2.10.2. Prior to start of work, Contractor employees working in MTFs shall provide proof of immunization for the following diseases according to CDC guidelines: Hepatitis B, measles, mumps, rubella, varicella, and influenza, and proof of a negative tuberculosis skin test completed within the past 12 months (if positive, proof of negative chest X-ray within the past 12 months is required). After start of work, the Government will provide post blood borne exposure protocols according to applicable regulations.

2.10.3. In those areas where there is a higher risk of transmission of tuberculosis, Contractor employees may be tested as frequently as directed by the MTF policy. This test will be provided by the MTF at no cost to the Contractor.

2.10.4. Immunization information will be tracked in DoD computer systems for all Contractor employees providing services within the MTF under this contract.

2.10.5. No medical tests, procedures, or immunizations required by the contract will be performed by the MTF (with the exception of tuberculosis testing after start of work and in the event of exposure). Expenses for all required tests and/or procedures shall be borne by the Contractor, not the Government.

2.10.6. Contractor employees working in an MTF are strongly encouraged to be immunized annually with the influenza vaccine. This vaccine will not be provided by the Government to Contractor employees. If the vaccine is obtained at other facilities, the cost will be borne by the Contractor, not the Government.

2.10.7. The Contractor shall immediately inform the Government when Contractor employees working in the MTF become pregnant. The Government will notify the Contractor Representative of any work hazards. For the safety of the Contractor’s employee, if work hazards exist, it will be the Government’s decision whether the worker can continue work in the environment.

2.10.8. Proof of subsequent immunizations, required for continued employment at the MTF, must

7


be provided on the anniversary of the employee’s hire date or when the option year is executed, whichever comes first.

2.11. Access to the GBS. Access to the GBS will be available to the Contractor remotely (at Government-approved locations) with the use of a Government-issued Common Access Card (CAC). The Government does not require third party billing and collection services be performed in an MTF. However, to facilitate billing and collection services that require access to the GBS the Government will provide available space in the MTFs in accordance with Attachment 1 – List of Military Treatment Facilities (MTFs). Access to the GBS database for Outside the Continental United States (OCONUS) MTFs will be provided to Contractor employees assigned to Continental United States (CONUS) or other OCONUS MTFs (access to OCONUS GBS databases can typically be provided from any CONUS or OCONUS MTF location). In general, the data within a given GBS database is specific to the MTF location; however, the servers at the bases listed in Attachment 2 – Consolidated Servers, support multiple MTFs.

2.11.1. The Contractor shall only access the GBS from Government-approved locations. At no time will the Contractor or any contract employee perform services under this contract from their personal residence or other public locations without specific written authorization from the COR. The Contractor’s proposal shall include all locations where they intend to perform services under this contract. The locations must be approved by the Government prior to the contract start date to ensure access to the GBS is authorized for the proposed locations. Following contract start, any changes to the locations shall be mutually agreed upon by the CO, COR and the Contractor.

2.11.2. The Contractor is not required to staff the available spaces on a daily basis; however when staffed, it must be within normal hours of operation. MTFs showing more than one space available within Attachment 1 (i.e. those with inpatient services) have historically had a higher volume of billable encounters.

2.11.3. If Contract employees are assigned to work within an MTF or any other Government-provided space, those employees shall only perform services directly supporting the Government requirements under this contract. If contract employees are assigned to work within an MTF, the employees shall comply with all requirements listed in this Performance Work Statement.

2.11.4. In all cases, the Contractor shall maintain segregation of duties between the employee who generates bills, and the employee who posts the payment for that bill (i.e., the same person that generates the bill cannot be the person to post payment/write- offs).

3. CONTRACT REQUIREMENTS

3.1. Third Party Collection Services. The Contractor shall be paid a negotiated percentage of each dollar collected from third party payers and from the balance-billing of non-beneficiaries that is posted prior to the 121st calendar day after the date of delinquency. A debt becomes delinquent on the 31st day after the date billed; reference paragraph 3.1.2 for more information. Regardless of the location where billing is performed, all data transmission fees, outside of Government locations and established communication lines, will remain the sole responsibility of the contractor (i.e., any services in support of this requirement performed outside of an MTF).

3.1.1 The Contractor will be required to ensure all services billable to third party payers are

8


identified, billed, and collected or appropriately written off in accordance with Contracting Officer’s Representative (COR) guidance. A listing of DHA-approved reasons for write offs will be provided by the COR. The Contractor shall provide the MTF with all written documentation received on claims by scanning all hard-copy documents into Portable Document Format (PDF) format and uploading those documents to the GBS. The required documentation includes, but is not limited to copies of checks, verification of electronic payments, explanations of benefits (EOBs), demand letters, non-payment documentation, legal determinations, proof of preauthorization, pre-certifications, notes of phone conversations with insurance company personnel (including the name of the insurance representative, date/time of the phone call, and a brief summary of the discussion), and any other relevant information. The Contractor shall be responsible for shredding all hard copy documents in accordance with AFI 33-332, The Air Force Privacy and Civil Liberties Program, after the documents are scanned and verified to be successfully uploaded in the GBS. Most billing data will automatically flow from other DoD automated information systems to the GBS. The contractor will contact the MTF to seek correct billing codes from civilian, military or contracted employees (coding is performed under a separate contract) for all encounter data that does not automatically flow to the GBS. The billing contractor is not responsible for coding encounters. The Contractor shall collect all required data that did not automatically flow into GBS. For newly identified OHI, the Contractor will back-bill encounters, to the extent allowable and specified in each insurance contract or according to the Centers for Medicare and Medicaid Services (CMS) guidelines, within 30 calendar days of OHI discovery. The Contractor will be expected to request authorizations, after the fact, for care provided before back billing is performed.

3.1.2 The Contractor shall cease collection activity on claims that are more than 120 days delinquent and no response from insurance companies, EOB, or payment has been received. The Contractor shall abide by COR guidelines pertaining to delinquent debt balances, including writing off all unpaid balances due by 120 days delinquent for beneficiary OHI billings. If requested by the COR, contractor will provide all correspondence between the Contractor and insurance companies that reflects the Contractor’s efforts to obtain payment. If payment on the delinquent amount is received prior to the 121st day of delinquency, the Contractor shall be compensated the negotiated rate per the contract. However, the Contractor shall not be compensated for any payment received after 10 business days from the time the debt was transferred back to the government for debt collection. This stipulation is necessary to ensure the DHA maintains full compliance with laws and regulations pertaining to delinquent debt.

3.1.3 To facilitate and support the TPCP, the Contractor shall provide all personnel, supervision, training, and services necessary to perform all duties described below:

3.1.3.1 Claim Generation and Submission:

3.1.3.1.1 The Contractor shall collect all data necessary to manually bill.

3.1.3.1.2 The Contractor shall correct insurance data for encounters that error out of the GBS.

3.1.3.1.3 The Contractor shall perform billing services in accordance with the Defense Health Agency-Procedures Manual 6015.01, Military Treatment Facility (MTF) Uniform Business Office (UBO) Operations, (hereafter referred to as “the UBO

9


Manual”), in its entirety to include future revisions (unless otherwise directed by the COR).

3.1.3.1.4 The Contractor shall prepare and send inpatient claims to the third-party payer within 10 business days following completion of the medical record and coding, measured from the date the encounter enters the GBS.

3.1.3.1.5 The Contractor shall prepare and transmit/send outpatient claims within ten (10) business days following completion of the medical record and coding, measured from the date the encounter enters the GBS.

3.1.3.1.6 For OHI policies discovered after care was rendered, the Contractor shall back bill the insurance companies within 30 calendar days of OHI discovery for all billable encounters that fall within the coverage timeframe.

3.1.3.1.7 Review additional reports and system notifications in the GBS to stay abreast of any necessary billing/collection actions.

3.1.3.2 Insurance Verification:

3.1.3.2.1 Manage the paper and electronic versions of the DD Form 2569, Third Party Collection Program - Record of Other Health Insurance (DD 2569). Update the GBS to reflect the collected OHI (to include updating OHI fields, scanning, and uploading any/all versions of the DD 2569) and update GBS OHI data elements. Entries may include, but not be limited to, updates to family members covered, annual deductibles, copayments, plan restrictions, plan type, medical versus pharmacy or dental carrier, and claim submission instructions.

3.1.3.2.2 The Contractor shall perform OHI discovery using any means necessary or available to identify any information required to bill a third-party payer that was not captured on the DD 2569.

3.1.3.2.3 When new OHI is found via receipt of an updated DD 2569 or other means of OHI discovery, this coverage shall be validated as active and billable by the Contractor (to include contacting the insurance company and determining which family members are included in the coverage) and all required data shall be entered into the GBS within five business days of discovery. The Contractor shall retrieve the necessary encounter data, ensure encounters are reviewed by a certified coder employed by the Government as a civilian, military or contracted employee (coding is performed under a separate contract), and submit these documents for back billing. All OHI shall be verified annually before the anniversary of when it was first found (even if a new DD 2569 was not completed by the patient).

3.1.3.3 Preauthorization and Advance Notification:

3.1.3.3.1 Preauthorization for care, as required by insurance companies, shall be identified and requested by the Contractor. The Contractor shall request the assistance of a Government employed civilian, military, or contract nurse assigned to the MTF,

10


when required, to provide diagnosis and treatment information. If care was provided on a non-duty day, the Contractor shall be required to request authorization, after the fact, to include sending copies of treatment notes to the insurance company. To perform reauthorizations, the Contractor may require access to GBS or legacy systems.

3.1.3.3.2 Although the Contractor may not receive advance notification when a high-dollar drug (or a drug requiring precertification) is initially dispensed, they are required to request authorization for all refills dispensed. The billing and denial of the initial dispensing will be considered a valid write-off but all subsequent claims denied for lack of a preauthorization will not be considered valid write-offs.

3.1.3.4 Encounter Coding/Data Review:

3.1.3.4.1 Ensure all encounters billable to OHI are reviewed by a certified coder employed by the Government as a civilian, military or contracted employee (coding is performed under a separate contract) prior to sending the bill to the payer. The Contractor shall review coding for encounters rejected due to errors or outpatient visits using the CPT-4 (or later versions, as applicable) for procedures and ICD-10 (or later versions, as applicable) for diagnoses and Evaluation & Management (E&M) codes for the office portion during the normal course of billing. The Contractor shall contact the MTF certified coder to correct the errors and either resubmit or cancel the bill, as appropriate.

3.1.3.4.2 The Contractor shall collect all data required for billing that does not automatically flow into the GBS. This shall include, but is not limited to, creating bills for inpatient professional charges associated with External Resource Sharing hospital care and the examples listed in paragraph 3.1.1. All billing, to include outpatient visits and ancillary services, inpatient admissions, trauma care and civilian emergencies, shall be accomplished in the GBS.

3.1.3.4.3 The Contractor shall ensure both Defense Medical Information System Identification (DMIS ID) and Medical Expense and Performance Reporting System (MEPRS) codes are correct on every claim billed. DMIS IDs and MEPRS codes are vital data elements for the DHA. DMIS IDs represent a specific facility and the MEPRS codes represent the location and type of care within a facility. Questions on this data shall be referred to the COR.

3.1.3.4.4 Per the UBO Manual, the Contractor shall actively monitor the report of discharged OHI patients for the coding status of their medical record. The Contractor shall coordinate with the Medical Records section at the MTF to ensure that records are complete and coded within 45 calendar days of the patient’s discharge from the MTF or, in the case of long-term care according to COR guidance. The Contractor shall report to the COR any MTF that is noncompliant with the 45 day requirement.

3.1.3.5 Payment Adjudication Monitoring:

3.1.3.5.1 Claims previously billed for patients and subsequently found to have no valid OHI shall be cancelled within three business days of receipt of notification in order to remove the accounts receivable data from the GBS. The Contractor shall immediately

11


contact the insurance company to determine if payments received for service provided after the cancellation date need to be refunded. If a draft refund is required, the Contractor shall process the draft refund within 30 days of notification of cancelled coverage or receipt of the refund request in accordance with COR guidance. Processing refunds includes, but is not limited to, the preparation of all documentation required by the Defense Finance and Accounting Services (DFAS) and the subsequent submission of that documentation to the MTF for review and validation; however, only Government personnel (military or civilian) will transmit the documentation to DFAS. If a refund is not required, the Contractor shall add a note to each claim in the GBS to indicate a payment was received after the cancellation date but a refund was not required.

3.1.3.5.2 Balance Billing. The Contractor shall not balance bill eligible DoD beneficiaries. For non-beneficiaries with OHI, the Contractor shall pursue all payments due from third party payers and the patient up to 120 calendar days after the date of delinquency.

3.1.3.6 Follow-Up/Denials Management:

3.1.3.6.1 The Contractor shall perform active and aggressive follow-up actions for all unpaid or underpaid claims at least every 30 calendar days. The Contractor shall annotate all follow-up efforts within the GBS including the name of the insurance representative contacted, date/time of the phone call, and a brief summary of the discussion. The annotations shall be clear and convey the cause for delay in payment. The Contractor shall maintain documentation of correspondence with insurance companies (or any other party) to include copies of all demand letters by scanning the documentation into PDF format and uploading all documents into the GBS. This data will be forwarded to the MTF and included with the delinquent claims sent to Judge Advocate General (JAG).

3.1.3.6.2 The Contractor shall perform denials management for all claims, regardless of amount, to ensure compliance with the timelines referenced in this PWS. To effectively manage this process, the Contractor shall utilize industry best practices in denials management by trending and reporting performance metrics to the COR on monthly basis. The Contractor shall identify industry ratios/indicators they intend to utilize for this contract beyond those outlined within this PWS and shall include this information in their proposal.

3.1.3.7 Payment Posting and Refund Management:

3.1.3.7.1 The Contractor shall post TPC program payments and valid write-offs in the GBS.

3.1.3.7.2 All forms of payment shall only be handled by MTF Government personnel. Typically, all payments and EOBs will be received by Government personnel; however, the Contractor shall retrieve all EOBs that are not mailed to the MTF and any missing EOBs. Government personnel will provide a copy of all checks and EOBs received to the Contractor. The Contractor shall then discern the account information associated with the EOB, annotate that account information or patient identification information on the EOB, and post payments and/or valid write- offs in the GBS within 48 hours of receipt or

12


by close of business (COB) the next business day. When the posting of a batch is started, it must be completed the same business day. The Contractor shall reconcile with insurance companies those payments for which no claim could be found within the GBS. The Contractor shall dispute invalid denials with the insurance company to arrive at a resolution. Partial or reduced payments shall be posted in the GBS and the Contractor shall continue collection efforts to recover the full amount due in accordance with insurance policy coverage. Any remaining balances shall be turned over to the Government in accordance with paragraph 3.1.2.

3.1.3.7.3 Payments that are posted electronically (i.e., Electronic Remittance Advice) shall be verified to ensure claims were paid properly.

3.1.3.7.4 MTF Government personnel will maintain the responsibility and accountability for the deposit of collections received. Payments will be deposited as soon as possible after postings are verified, usually by the next business day.

3.1.3.7.5 The Contractor shall verify refund requests are valid and process the draft refund transaction in the GBS within 30 days of notification of cancelled coverage or receipt of the refund request.

3.1.3.7.6 Unless otherwise directed by the COR, after the refund is processed in the GBS, electronically transmit all pertinent documents that support the refund and contain the information necessary to disburse the refund (such as payee, amount, reason for refund, EOB, etc.) to DHA MTFs personnel via the GBS for processing through the DFAS.

3.1.3.8 Program Support:

3.1.3.8.1 Market the Third Party Collection (TPC) program to patients and train MTF staff annually on their responsibilities in support of the TPC program; contractor must provide to COR, a POP summary report on the contractor’s requirement to train TPC program responsibilities to appropriate MTF staff IAW Services Summary (SS) #4.

3.1.3.8.2 In recognition of the upcoming changes in Federal laws and policy pertaining to the healthcare industry, many of which have not been finalized, should there be a need for the Contractor to develop or utilize external databases or software to support any governmental billing services, these additional methods shall first be approved by the COR. The Contractor shall understand that approval is not guaranteed, but if their request is approved by the COR, any database or software utilized by the Contractor shall comply with DoD directed communications and computer systems security requirements in accordance with DoD policies and procedures at Appendix 2 and shall be solely at the expense of the Contractor. The Contractor shall not attempt to replace any function or process available in the GBS with a Contractor-developed (“in-house/home grown”) system.

3.1.4 All billing and collection information shall remain the property of the U.S. Government. The Government shall retain unlimited use and ownership of all billing information, data, and data/technical rights for any upgrades and/or modifications to government

13


systems, upon completion and/or termination of this contract. All tools developed by the Contractor in support of this requirement, (i.e. GBS ad hoc reports, Microsoft Word, Access, Excel, PowerPoint, or other software developed databases) shall become and remain the property of the Government and shall have no affect or impact on monies owed to the Contractor by the Government. Access to the GBS will be available to the Contractor with the use of a Government-issued CAC– reference paragraph 2.11. The Contractor shall collaborate with the COR and any other required personnel (i.e., MTF Systems and Security Officers) to obtain access to the GBS and any other Government applications (such as required existing legacy systems still in place during the period of performance) as required to execute this contract.

3.1.4.1 The Government shall have the right to audit any data produced, or any function performed by the Contractor at any time and shall have access to any Contractor owned, managed, or otherwise operated facilities where services are performed under this contract without advance notice.

3.1.4.2 Contractor may be asked to participate in meetings to facilitate discussions providing input as billing and collection subject matter experts on behalf of the Air Force.

3.2. Security Requirements and Automated Information Systems (AIS) III: Contractor personnel will have access to and/or process information requiring protection under the Privacy Act of 1974 on unclassified AIS under this contract. Because of this required access, contractor personnel are in non-sensitive public trust positions designated as Automated Information Systems III (formally ADP) positions IAW DoD Directive 5200.2-R. In compliance with DoD Directive 5200.2-R and AFI 31-501, a National Agency Check with Inquiries (NACI) is required for all AIS III positions. The Contractor shall fully adhere to the provisions in these referenced publications by having all contractor personnel who are performing under this contract submit the appropriate forms and have a favorable outcome from the NACI investigation. All contractor personnel will schedule an appointment with the appropriate Government Unit Security Manager at the installation where services are provided or through the Contractor Human Resource Manager and DHA/AFMS Security Manager. The Contractor shall ensure no employee has access to the information or systems required under this contract without meeting the requirements outlined in this contract and the referenced directives, regulations, and instructions. Contractor personnel shall handle and safeguard any unclassified but sensitive information in accordance with appropriate DoD security regulations. Any security violation shall be reported immediately to the COR. No foreign nationals shall be employed under this contract without prior approval of the Government.

3.2.1 The Contractor shall appoint a Security Officer to be the sole point of contact for NACI/clearance processing with the COR. The Security Officer shall ensure the following forms reach the appropriate Government Security Manager, prior to the employee’s start date for services under this contract:

3.2.1.1 SF-85P, Questionnaire for Public Trust Positions. An electronic SF-85P form can be accessed and submitted through the U.S. Office of Personnel Management web site at http://www.opm.gov/e-qip/. The Contractor Management Staff is required to provide the Government Unit Security Manager with two printed and signed (original signatures) hardcopies of the SF-85P. To eliminate possible re-submission of the security information, it is highly recommended that contractor personnel maintain a copy of the completed hardcopy of the SF-85P document.

14

http://www.opm.gov/e-qip/


3.2.2 Two (2) sets of FD-258, FBI Fingerprint Cards for each contract employee. In some cases, contractor personnel may also be required to submit a Birth or Naturalization Certificate to the appropriate Security Manager.

3.2.3 The Contractor shall advise contractor personnel that a positive (favorable) NACI report is needed as a condition of employment under this contract. Contractor shall make the appropriate staffing adjustments and plan accordingly for the approval process. While the Government will make every effort to expedite investigations, typical approval from the time all paperwork is received by the Government from a contract employee ranges from 30 to 60 days and may last as long as 180 days.

3.2.4 At the start of the contract and each option year:

3.2.4.1 The COR or MTF UBO Managers shall provide the names and phone number of the MTF’s Primary Security Manager and Alternate.

3.2.4.2 The Contractor’s Security Officer shall be responsible for coordinating the initiation of the background investigation for all contract employees prior to performance. They will inform both the COR and the MTF or DHA/AFMS Security Manager of the new hire.

3.2.4.3 The Contractor’s Security Officer will be required to submit a copy of the contract and a Visit Authorization Letter (VAL) on the Contractor’s letterhead to the COR and the MTF or DHA/AFMS Security Manager. A VAL shall be submitted to the COR for contractor personnel located at approved non-governmental facilities. VAL letters will also be required no later than 30 calendar days prior to the start of each option year of the contract for all contractor personnel.

3.2.4.4 Authorization for renewal CAC cards shall be obtained through the MTF Security Manager for contractor personnel performing services in the MTF and through the COR and DHA/AFMS Security Manager for all other contractor personnel. All CAC cards shall be issued at local Real-Time Automated Personnel Identification System (RAPIDS) sites; the Contractor’s Security Officer is responsible for identifying the nearest RAPIDS location for personnel not assigned to an MTF. All costs associated with travel to and from the RAPIDS site shall be borne by the Contractor, not the Government.

3.2.4.5 The Contractor Representative will provide the COR with a list of current contract employees, to include last name, first name, SSN, DOB, work location, date favorable NACI was granted, and date data was submitted for new personnel. An updated list will be provided at the start of the contract, at the start of each option year, and every time there is a change in personnel.

3.2.4.6 The Contractor will provide proof of required annual training for all contract employees working outside an MTF. The required annual training will include training on the protection of Government information systems and confidential patient information. Current requirements for training will be provided at contract award and updated as necessary (i.e. upon contractor personnel turnover).

15


3.2.4.7 The Contractor shall identify all contractor employees who require access to the GBS (from within an MTF only) and submit proof the contractor employee has a valid CAC and has completed all required system and security training to the COR. The COR will submit a request to add the contractor employee to the Defense Health Information Management System Field Services list. When the contractor employee is added, the Contractor’s Representative should request a GBS account from the DHA, Service, or MTF GBS administrators, as appropriate. The COR shall provide the names of appropriate GBS administrators.

3.2.5 DoD and Air Force medical information systems are identified for the purposes of privacy system notices. These medical information systems may be accessed by contractor personnel to execute services as stated in this PWS.

3.2.6 List of Contractor Personnel: The Contractor shall maintain a current listing of Contractor personnel. The list shall include Contractor personnel’s name, social security number, and level of security clearance. The list shall be validated and signed by the company Facility Security Officer (FSO) and provided to the CO and Information Security Program Manager (ISPM) at each performance site 30 calendar days prior to the service start date. Updated listings shall be provided when Contractor personnel’s status or information changes. A Visit Request for all Contractor personnel with security clearances is required to be sent through the Joint Personnel Adjudication System (JPAS), and must be updated at least annually. The Contractor shall notify the (ISPM) at each operating location 30 calendar days before on-base performance of the service. The notification shall include:

3.2.6.1 Name, address, and telephone number of the company key management representatives.3.2.6.2 The contract number and contracting agency.3.2.6.3 The highest level of classified information to which employees require access.3.2.6.4 The location(s) of service performance and future performance, if known.3.2.6.5 The date service performance begins.3.2.6.6 Any change to information previously provided under this paragraph.

3.2.7 Local Area Network (LAN). All Contractor employees requiring access to the Government unclassified computer network shall have a valid Tier 1 investigation verified through JPAS. No Contractor employee will be provided access to unclassified computer network or its inherent capabilities (i.e., internet access, electronic mail, file and print services) without a valid Tier 1 investigation. The Contractor shall be aware of and abide by all Government regulations concerning the authorized use of the Government’s computer network including the restriction against using the network to recruit Government personnel or advertise job openings.

3.2.8 Disclosure of Information. In the performance of this contract, the Contractor may have access to data and information proprietary to a Government agency or to another Government Contractor, or of such nature that its dissemination or use, other than as specified in this contract, would be illegal or otherwise adverse to the interests of the Government or others. The Contractor and its personnel shall not divulge or release data or information developed or obtained under performance of this contract, except to authorized Government personnel or upon written approval of the CO. The Contractor and its Contractor personnel shall not use,

16


disclose, or reproduce proprietary information bearing a restrictive legend, other than as specified in the contract.

3.3 Contractor Manpower Reporting Requirements Application (CMRA). The Contractor shall report ALL contractor labor hours (including subcontracted labor hours) required for performance of services provided under this contract for the Air Force and Army via a secure data collection site. The Contractor is required to completely fill in all required data fields at http://www.ecmra.mil. Reporting inputs will be for the labor executed during the period of performance for each Government fiscal year (FY), which runs 1 October through 30 September. While inputs may be reported at any time during the FY, all data shall be reported no later than 31 October of each calendar year. Contractors may direct questions to the CMRA help desk.

3.3.1 Uses and Safeguarding of Information. Information from the secure web site is considered to be proprietary in nature when the contract number and contractor identity are associated with the direct labor hours and direct labor dollars. At no time will any data be released to the public with the Contractor name and contract number associated with the data.

3.3.2 User Manuals. Data for Air Force service requirements must be input at the Air Force CMRA link. However, user manuals for Government personnel and Contractors are available at the Army CMRA link http://www.ecmra.mil.

3.4 Quality Control Plan (QCP): The Contractor shall establish and maintain a complete Quality Control Plan. The COR shall review the Quality Control Plan annually. The plan shall include procedures to implement all requirements of the contract to include the in-processing submittals for all contract personnel and the following:

233.9

3.4.1 A compliance plan for third party collections in accordance with DHA Uniform Business Office guidelines.

3.4.2 An inspection system covering all the services required under this contract. The Contractor shall specify the areas to be inspected on either a scheduled or unscheduled basis, how often inspection shall be accomplished and documented, and identify the title of the individual(s) who shall perform the inspection. The Contractor shall maintain a record of all inspections conducted by the Contractor and corrective actions taken. This documentation shall be made available to the Contracting Officer (CO)/COR upon request during the term of the contract. The methods of identifying and preventing defects in the quality of services performed before the level of performance becomes unacceptable.

3.4.3 Written standards (developed by the Contractor) for documentation and fraud prevention for third party collections.

3.4.4 The policy and procedures to ensure all contractor personnel have the required TPC skills and training initially and annually. The plan should also identify the individual(s) performing the assessment.

17

http://www.ecmra.mil/



3.4.5 The Contractor shall establish and maintain an internal policy and procedures checklist for conducting TPC quality control checks to ensure work is free of grammatical, typographical, punctuation, and spelling errors and is properly formatted prior to delivery of products.

3.5 Post-Award and Initial Contract Performance Meeting. The Government will host a post-award meeting with the Contractor within 10 business days after contract award. The CO shall contact the PM/COR and the Contractor to schedule this meeting. Telecon/teleconference is permissible for the post-award meeting. The purpose of the post-award meeting is to introduce the Contractor to the Government representatives (PM/COR) and go over the contract. Take-aways from the meeting should be an exchange of contact information; a timeline of when direct support will start, if not yet started; and an understanding by all parties of all the requirements to be performed by the Contractor and the support the Government will provide the Contractor to perform the requirements, safely and efficiently.

3.6 Invoices. A monthly invoice listing the total collections, by line of business and by MTF, and the amount due the Contractor, shall be submitted on a Microsoft Excel spreadsheet on fifth business day the following month (editable version). The invoice will be processed for payment after billed amounts are verified by the COR or other Government UBO personnel - reference paragraph 6.4 for additional information.

3.7 Business Process. The Contractor shall provide their Business Process with their proposal to include an organizational management structure and specific business approach to the requirements listed throughout this PWS. The proposal shall clearly define roles, responsibilities, subcontractors and/or business partners to ensure effective and efficient TPC services. In addition, the Contractor shall demonstrate a comprehensive process for revenue cycle management that specifically details their approach to the medical claims processing continuum. The Contractor shall notify the COR of any significant changes to their business process during the course of the contract. All contractor instruction given to MTFs that change level of effort required of MTF staff to facilitate execution of the requirements of this PWS shall go through COR for process review.

3.8 Human Resource Management Plan. The Contractor shall have in place a Human Resource Management Plan to ensure qualified candidates are identified, screened, placed, monitored, trained, and retained to fulfill service requirements and minimize personnel turnover under this contract. The Contractor shall accomplish the assigned work by employing and utilizing qualified personnel with appropriate combinations of education experience, knowledge, training, abilities and skills. The plan shall include quality assurance and productivity measurements that demonstrate internal controls for workload management that directly support attainment of acceptable output standards and the efficient allocation of resources for performance in accordance with this PWS. These systems and controls for recording and monitoring workload shall be capable of providing historical and in- process workload data.

3.9 Transition Plan.

3.9.1 Phase-in Plan: The Contractor shall include a Phase-in Plan as part of their proposal that describes in detail, what actions the Contractor will take to ensure their employees are prepared to begin performance for all services required under this PWS and the process to minimize disruption in services throughout the transition. The Contractor shall attend a post-

18


award orientation meeting within 10 business days after contract award to review requirements and implementation of the Contractor’s transition plan.

3.9.2 Transition Phase-out Plan: The Contractor shall include a Phase- out Plan as part of their proposal that describes in detail, what actions the Contractor will take to ensure a smooth and successful transition of operations between this contract and the next contract provider. Assistance shall include but is not limited to detailing current requirements, suggesting milestones and suggesting necessary actions for the last 30 business days of the contract; this may include formal coordination with Government staff or contractor successor staff as needed. The plan should illustrate a process that would allow the Contractor to “turn over government claims data” within 30 calendar days (in a mutually agreed upon format) whereby the Government could continue uninterrupted billing and collections services. It shall also include providing any information pertinent to the daily activities as outlined in the PWS such as duties, responsibilities, data, metrics, or requirements that are critical for ensuring continued operations.

233.4

3.9.3 Contingency Plan. The Contractor shall maintain a contingency plan to ensure continuity of operations for all services required under this PWS. In the event of staffing shortages, equipment or communication failures, or other delays associated with the performance of Third Party Collection services under this contract, on the part of the Contractor, a contingency plan shall be implemented to continue collection and billing services at the MTF. It shall describe how the Contractor will continue to meet production standards during the repair or replacement of faulty equipment. If the contingency plan fails during an actual failure of operations, the Government will require the contractor to modify the plan within five (5) business days, in addition to any other re-performance associated with the failure of the plan.

3.10 Medical Expense and Performance Reporting System (MEPRS). MEPRS is the DoD accounting system for financial, personnel, and workload data within MTFs. The Defense Medical Human Resources System-internet (DMHRSi) is the interface used to report hours worked in the MTF. Per DHA-PM 6010.13, Medical Expense and Performance Reporting System for Fixed Military Medical and Dental Treatment Facilities, when working within an MTF, the Contractor is required to submit hours worked bi-weekly through DMHRSi to their assigned MTF for entry into the system by the Air Force.

3.11 Customer Satisfaction. The Contractor shall have a customer satisfaction system outlining internal controls and procedures to measure Air Force customer satisfaction. The process shall outline methods and frequency of customer interactions, reporting processes, and problem resolution procedures. A satisfaction measurement of patient satisfaction is not required or authorized.

3.12 Contractor Qualifications:

3.12.1 Experience and Requirements. The Contractor shall have a demonstrated, in-depth knowledge of best practices associated with Government healthcare and the health insurance industry as they relate to the performance of all services described in this PWS at multiple medical treatment facilities in a government or commercial setting. The Contractor shall have experience performing revenue cycle back-end functions for claims submissions, insurance

19


identification and verification, accounts receivables management, denials and appeals management, and collections follow-up within the healthcare industry. In addition, the Contractor shall:

3.12.1.1 Have a working knowledge of Ambulatory Procedure Groupings (APGs), Diagnosis Related Groupings (DRGs), International Classification of Diseases-Version 10(ICD-10) Current Procedural Terminology- Version 4 (CPT-4) coding, and electronic billing and collection procedures (to include future versions as appropriate);

3.12.1.2 Have legal assistance, a Registered Nurse, and Registered Information Health Care Administrators on staff or immediately available to facilitate and expedite collection processes.

3.12.2 Personnel Qualifications. The Contractor shall employ a staff able to read and interpret medical documentation, and understand medical terminology to correctly bill both outpatient and inpatient services. In addition, the Contractor shall:

3.12.2.1 Employ a staff with at least two years of experience in the operation of personal computers and familiarity with common office software to include, but not limited to, Microsoft Excel, Microsoft Word, Microsoft PowerPoint, Microsoft Access, and electronic mail systems;

3.12.3 At a minimum, at any location where services are performed under this contract (MTF and/or external location), there shall be one or more contractor employees who possess either two years of experience in medical billing and collections or have completed a medical biller certification program. The Government considers experience acceptable if it was performed within the DoD or in a commercial healthcare organization; however, it must be specific to medical billing and collection services. At a minimum, the Contractor’s management team shall include the following key personnel who meet the requisite experience requirements as identified below:

3.12.3.1 Contractor Representative – The Contractor Representative shall have a minimum of five (5) years’ experience performing all services described in this PWS at multiple medical treatment facilities in a government or commercial setting.

3.12.3.2 Billing and Collection Manager – The Billing and Collection Manager shall have a minimum of five years’ experience supervising medical billers and support staff at multiple locations. This individual shall also have a minimum of five years’ experience simultaneously dealing with medical insurance companies across multiple markets and the practical application of laws and regulations governing medical billing and collection practices nationwide.

3.12.3.3 Human Resource Manager – The Human Resource Manager shall possess a Senior Professional in Human Resources (SPHR) or similar certification and have a minimum of five years’ experience managing medical administrative personnel.

3.12.3.4 Training Manager – The Training Manager shall have a minimum of five years’ experience training medical administrative personnel engaged in billing and collections

20


operations.

3.12.4 The Contractor must provide a signed certification statement that certifies personnel performing under this PWS meet the requirements within paragraphs 3.12.3. The signed certification statement is required within ten calendar days following contract award. Monthly staff rosters shall highlight those employees who possess the qualifications listed under paragraphs 3.12.3.

3.12.5 Government Furnished Training: The Government will provide initial training to the Contractors’ education and training department (no more than two persons) for subsequent Contractor training (“train the trainer”) to their employees on all Government furnished software applications systems to include, but not limited to, the GBS and required legacy systems. The Contractors shall be responsible for all future training necessary to perform the work as defined in this PWS. Training shall not hamper the quantity, quality, or timeliness of daily work requirements.

3.12.6 Continuing Training: Training of new Contractor employees will be the Contractor’s responsibility. Training shall not hamper the quantity, quality or timeliness of daily work requirements. Contractors are authorized and encouraged to participate in UBO training provided by the DHA at no cost to the Contractor.

3.12.7 Identification of Contractor Employees: The Contractor shall require Contractor employees to identify themselves as Contractor personnel by introducing themselves or being introduced as Contractor personnel and displaying distinguishing badges or other visible identification for meetings with Government personnel. In addition, the Contractor shall require

Contractor personnel to appropriately identify themselves as Contractor employees in telephone conversations and in formal and informal written correspondence.

3.13 Continuity of Services:

3.13.1 Contractors shall ensure continuity of operations, without lapse, throughout the term of this contract. The Contractor shall coordinate with the CO/COR any anticipated changes in operations which might affect the performance of this contract.

3.13.2 The Government will not preclude Contractors from subcontracting or partnering for specific services in support of this PWS. If the Contractor elects to subcontract or partner with another company, the Contractor shall provide the names of subcontracted/partnering companies and employees who directly support this effort. In addition, subcontract or partnering company employees shall meet and comply with the same requirements (described above) as the primary Contractor.

3.13.3 The Contractor shall adhere to DoDI 8582.01, Security of Unclassified DoD Information on Non-DoD Information Systems, for all DoD information that interface with the Contractor’s (or subcontractor’s) servers in support of this contract.

3.14 Additional Administrative Considerations

21


3.14.1Contract Management: Management of this contract will be performed through the COR. The Contractor is responsible for coordinating all contract related matters with the COR. This includes ensuring requirements specified in this contract are available when needed, and identifying any problems that may affect TPC services.

3.14.2 Inspection and Acceptance: The COR will manage PWS tasks and deliverables to ensure that all PWS requirements are completed. The COR shall have seven business days to review deliverables and make comments. The Contractor shall have five business days to make corrections. Upon receipt of all final deliverables, the COR shall have five business days to either accept or reject the corrected deliverable.

3.14.3 Requests for Documentation and Meeting: The Contractor shall accommodate the need for timely cooperation in the overall project and understand that time is of the essence, particularly regarding requests for documentation and informational meetings. The Contractor shall coordinate actively and responsively with Government personnel. The Contractor shall coordinate and be cooperative with other contractors. Failure to coordinate precludes effective performance under this PWS.

10

3.15 Personally Identifiable Information (PII) and Protected Health Information (PHI)

3.15.1 The Contractor shall establish appropriate administrative, technical, and physical safeguards to protect any and all Government data. The Contractor shall also ensure the confidentiality, integrity, and availability of Government data in compliance with all applicable laws and regulations, including data breach reporting and response requirements, in accordance with DFAR Subpart 224.1 (Protection of Individual Privacy), which incorporates by reference DoD 5400.11, “DoD Privacy Program,” May 8, 2007, and DoD 5400.11-R, “DoD Privacy Program,” May 14, 2007. The Contractor shall also comply with federal laws relating to freedom of information and records management.

3.15.2 Health Insurance Portability and Accountability Act of 1996 (HIPAA): The Contractor shall comply with all requirements of the HIPAA (Pub. L. 104-191) and all subsequent revisions, as implemented by the HIPAA Privacy and Security Rules codified at 45 C.F.R. Parts 160 and 164, and as further implemented within the Military Health System (MHS) by DoD 6025.18-R, "DoD Health Information Privacy Regulation," January 24, 2003, and DoD 8580.02-R, "DoD Health Information Security Regulation,” July 12, 2007. The Contractor shall also comply with all applicable HIPAA-related rules and regulations as they are published and as further defined by later-occurring Government requirements and DoD guidance, including current and forthcoming DoD guidance implementing applicable amendments under the American Recovery and Reinvestment Act of 2009 (ARRA). If HIPPA violation occurs, contractor will contact COR immediately after initial notification of report of violation.

3.15.3Breach Response:

3.15.3.1 See Appendix E Business Associate Agreement.

22


3.15.3.2 The Contractor shall adhere to the reporting and response requirements set forth in the Office of the Secretary of Defense (OSD) Memorandum 1504-07, “Safeguarding Against and Responding to the Breach of Personally Identifiable Information,” June 5, 2009; DoD 5400.11-R, and applicable TMA Privacy Office guidance, including current and forthcoming DoD guidance on ARRA breach notification requirements, available at: h ttps://health.mil/military-health-topics/privacy-and-civil-liberties/breaches-of-PII-and-PHI .

4. PERFORMANCE OBJECTIVES:

4.1. Services Summary (SS): The Contractor services requirements are summarized into performance objectives that relate directly to mission essential items. The performance threshold briefly describes the minimum acceptable levels of service for each requirement. These thresholds are critical to mission success.

4.2. Monthly status reports are due to the COR and the MTFs by the 15th calendar day of the following month. For each performance objective, MTFs shall receive reports specific to their operations whereas the COR will receive a report that includes Government totals and the MTF breakdown. The format and method of delivery shall be mutually agreed upon by the COR and the Contractor.

TABLE 1 - Services Summary

Performance ObjectivesPWS

ParagraphPerformance Threshold

Revenue Cycle Operations

# 1 Payment Posting and Refund ManagementThe Contractor shall:

Post payments in the GBS within 48 hours of receipt (or by COB of the second business day)

Verify draft refund requests and process the refund transaction in the GBS within 30 days of receipt

3.1.3.7.23.13.7.5

95% of actions accomplished

within the specified timeframe for each

MTF

23

https://health.mil/military-health-topics/privacy-and-civil-liberties/breaches-of-PII-and-PHI


#2 Unpaid Claims TransferredThe Contractor shall:

Complete and close all valid bills prior to the 121st day of delinquency, at which time, unpaid claims will be written off. Contractor will provide a report showing unpaid claims to the Government of which the insurance payer is unresponsive or provides invalid denials.

3.1.2

95% of all valid bills completed and closed by the 120thday of delinquency for each MTF

100% of claims will be written off by the 121st day of delinquency

#3 OHI VerificationWithin five business days of the electronic discovery of new OHI, the Contractor shall:

Enter the OHI data into the GBS as appropriate

The contractor shall re-verify OHI annually before the anniversary of when it was first discovered

3.1.3.2.1

3.1.3.2.3

95% of new insurance will be updated into the GBS within five business days for each MTF

95% of OHI will be verified on anniversary of when it was first found for each MTF

#4 Training RequirementThe Contractor shall train MTF staff annually on their responsibilities in support of the TPC Program and supply individual MTFs with a roster that includes the names of individuals trained

3.1.3.8.1

95% of applicable MTF staff shall be trained at all times for each MTF

#5 Write-Off TPC account balances

The Contractor shall write-off unpaid balances for TPC program claims for Dependents and Retirees, upon receipt of the final EOB or final payment.

3.1.3.7.2

95% of TPC bills shall be written off within 48hrs of receipt of final EOB.

95% of TPC account balances shall be written off by the 121st day of delinquency.

5. GOVERNMENT FURNISHED PROPERTY AND SERVICES:

5.1. General: Only contractor personnel assigned and physically located within the MTF(s) shall be provided the following property and services. Additionally, only those contractor personnel physically located at the MTFs will be authorized to use all areas of the MTF available to active duty and civilian personnel of like position. This shall include, but is not limited to, conference rooms and break rooms.

24


5.1.1. Equipment: Only contractor employees physically located at the MTF(s) shall have joint use of all equipment and furniture necessary for performing services required by this contract. The MTF will provide furnished office space sufficient to provide a working environment conducive to effective performance of the tasks required under this contract. The space provided within an MTF shall be at the sole direction of the MTF commander.

5.1.2. Inventory: Joint inventory of all Government-furnished equipment at the MTF shall be performed within 10 business days of contract start, and as required. Both the Contractor employee and Government will be responsible for taking inventory.

5.1.3. Supplies: The Contractor shall establish procedures with the COR and respective MTFs for requests of all required Government forms (exception: Contractor shall purchase billing forms such as the UB-04, HCFA 1500, etc.) and documents used in the performance of TPC services as specified in this PWS. All records, files, documents, and work papers provided by the Government remain Government property.

5.1.4. Administrative Support: The Government shall provide personal computers, class-A telephone lines and defense switching network (DSN) lines, access to copying machines, fax machines, medical library, as well as Government computer systems, and office space to contractors working in an MTF. These support items shall be used only for official Government business in performance of TPC requirements under this contract.

5.1.5. Housekeeping: The Contractor shall comply with and not interfere with Government provided routine housekeeping at the MTF.

5.1.6. MTF’s Facility Orientation (Safety Material): The Contractor shall ensure that all Facility Orientation Safety Material and post-tests that the government provides for contractor personnel at the MTF are completed and ensure that contractor employees physically located at MTFs comply with the identified material prior to performance.

5.2. File Server Maintenance: The GBS will not be available for billing during backup operations. The COR shall notify the Contractor’s Representative of any automatic uploads. The GBS vendor will work with the COR to coordinate downtime of servers related to software updates, equipment replacement, and communications security requirements. The COR shall relay the downtime of the GBS to the TPC Contractor. The Contractor shall continue to perform and take advantage of downtime to accomplish other requirements in this PWS.

5.3. Reporting Equipment Failure: During normal hours of operation (7:30 a.m. to 4:30p.m. local time), the Contractor shall notify the COR of any equipment failures.

6. DELIVERABLES

6.1. Closed Claims. The Contractor shall provide a monthly report to the Government of all Contractor-billed claims in which there has been no payment, EOB, or communication from the payer by the 120th day of delinquency.

6.2. Aging of Accounts Receivable. In accordance with the FMR Vol 4, Chapter 3, accounts are considered “current” until they reach the due date. The “due date” is the 30th day following the date

25


billed. If payment has not been made by the due date, the debt will be reported as delinquent beginning the first calendar day after the due date. Delinquent accounts will be aged and reported according to the following categories: Current, 1-30 days, 31- 60 days, 61- 90 days, 91-180 days, 181-365 days, 1-2 years, 2-6 years, 6-10 years, and greater than 10 years. A summary aging schedule will be provided in the notes of the Government financial statements and reconciled to the general ledger. For example, the aging of receivables schedule will be reconciled with the designated accounts receivable general ledger account. Specific guidance on aging accounts receivable is found in FMR Volume 6B, Chapter 10, “Notes to the Financial Statements” or FMR Vol 4 Chapter 3

6.2.1 Aging Activity Report (A/R). The Contractor shall conduct monthly analysis of the aging A/R according to the aging categories listed in paragraph 6.2. The contractor shall provide justification for any barriers/issues regarding collection activities and provide a corrective action plan to close all accounts prior to the 120th day of delinquency deadline. The Contractor shall exhaust all internal options and make every attempt to collect and properly close all accounts before the 120th day of the delinquency deadline.

6.3. DD 2570 Report. The Contractor shall provide a DD 2570, Third Party Collections Program - Report on Program Results for TPC inpatient and outpatient collections only on a quarterly basis. The DD 2570 report shall be generated from the GBS and provided to the COR and individual MTFs. These reports are due to the COR and the MTFs by the 5th calendar day following the end of the fiscal year quarter.

6.4. Monthly Invoice. Monthly invoices will be submitted (in a format specified by the COR) to the COR by the 5th business day following the end of each month. Upon verification, the COR will instruct the Contractor to submit the 2-in-1 invoice through Wide Area Work Flow. The invoice will be accepted and processed for payment as soon as possible.

26


Appendix A

ACRONYMS

Acronyms and DefinitionsACRONYM DEFINITIONSAFI Air Force InstructionAFMS Air Force Medical ServiceAIS Automated Information SystemAPG Ambulatory Procedure VisitAPV Ambulatory Procedure Visit: An outpatient surgery procedure. A/R Activity ReportARRA American Recovery and Reinvestment Act of 2009BLS Basic Life SupportCAC Common Access CardCCE Coding and Compliance Editor – Back-end automated coding edit toolCDC Centers for Disease Control and PreventionCHCS Composite Health Care System: DoD Legacy patient management system and databaseCMRA Contractor Manpower Reporting Requirements ApplicationCMS Centers for Medicare and Medicaid Services: Formerly known as HCFACOB Close of BusinessCONUS Continental United States CO Contracting Officer: Appointed officer with authority obligate on behalf of the gov’tCOR Contracting Officer Representative: CPT Current Procedural Terminology: Used for coding medical/surgical servicesDHA Defense Health AgencyDFAS Defense Finance and Accounting ServicesDMHRSi Defense Medical Human Resources System-internetDMIS ID Defense Medical Information System IdentificationDOB Date of BirthDoD Department of DefenseDRG Diagnosis Related GroupE&M Evaluation & ManagementEOB Explanation of BenefitsFSO Facility Security OfficerFTE Full Time BenefitsGBS Government Billing Solution: Program used for medical billing/collection activitiesGUI Graphic User InterfaceHCPCS Health Care Financing AdministrationHIPAA Health Insurance Portability and Accountability Act of 1996IAW In Accordance WithICD International Classification of Diseases. ISPM Information Security Program Manager

27


JAG Judge Advocate General JCAHO Joint Commission on Accreditation of Health Care OrganizationsJKO Joint Knowledge OnlineLFC Local Files CheckLOE Level of EffortMAJCOM Major CommandMEPRS Medical Expense and Performance Reporting SystemMDG Medical GroupMSA Medical Services Account MSA Civ ER Medical Service Account – Civilian Emergency TraumaMTF Military Treatment Facility: Refers to a military medical treatment facilityNACI National Agency Check with InquiriesNDC National Drug Code: Used for coding drug classificationsOASD (HA) Office of the Assistance Secretary of Defense for Health AffairsOBS Observation OCONUS Outside the Continental United StatesOCWP Occupational Workman’s Compensation ProgramOHI Other Health InsuranceOSHA Occupational Safety and Health AdministrationOIB Outpatient Itemized BillingPDF Portable Document FormatPOP Period of PerformancePWS Performance Work StatementPOC Point of ContactQA Quality Assurance: QCP Quality Control Plan: Gov’t actions taken to assure services meet PWS requirementsRAPIDS Real-Time Automated Personnel Identification SystemSJA Staff Judge AdvocateSPHR Senior Professional in Human ResourcesSS Services SummarySSN Social Security NumberTMA TRICARE Management ActivityTPC Third Party CollectionsUBO Uniform Business OfficeUBC National Uniform Billing CommitteeUS CERT US Computer Emergency Readiness TeamVAL Visit Authorization Letter

28


APPENDIX B

BUSINESS ASSOCIATE AGREEMENT This BAA can serve as a separate standalone agreement or may be used for new or existing contracts between the MTF

and the business associate.

Business Associate Agreement

[USE FOR STANDALONE BAA ONLY] This Business Associate Agreement (this "Agreement") is entered into this ___ day of ________, _____ (the “Effective Date”) between [NAME OF MHS COVERED ENTITY] ("Covered Entity") and [NAME OF BUSINESS ASSOCIATE], a [type of business entity] ("Business Associate").

Introduction

In accordance with 45 CFR 164.502(e)(2) and 164.504(e) and paragraph C.3.4.1.3 of DoD 6025.18-R, “DoD Health Information Privacy Regulation,” January 24, 2003, this document serves as a business associate agreement (BAA) between the signatory parties for purposes of the Health Insurance Portability and Accountability Act (HIPAA) and the “HITECH Act” amendments thereof, as implemented by the HIPAA Rules and DoD HIPAA Issuances (both defined below). The parties are a DoD Military Health System (MHS) component, acting as a HIPAA covered entity, and a DoD contractor, acting as a HIPAA business associate. The HIPAA Rules require BAAs between covered entities and business associates. Implementing this BAA requirement, the applicable DoD HIPAA Issuance (DoD 6025.18-R, paragraph C3.4.1.3) provides that requirements applicable to business associates must be incorporated (or incorporated by reference) into the contract or agreement between the parties.

(a) Catchall Definition. Except as provided otherwise in this BAA, the following terms used in this BAA shall have the same meaning as those terms in the DoD HIPAA Rules: Data Aggregation, Designated Record Set, Disclosure, Health Care Operations, Individual, Minimum Necessary, Notice of Privacy Practices (NoPP), Protected Health Information (PHI), Required By Law, Secretary, Security Incident, Subcontractor, Unsecured Protected Health Information, and Use.

Breach means actual or possible loss of control, unauthorized disclosure of or unauthorized access to PHI or other Personally Identifiable Information (PII) (which may include, but is not limited to PHI), where persons other than authorized users gain access or potential access to such information for any purpose other than authorized purposes, where one or more individuals will be adversely affected. The foregoing definition is based on the definition of breach in DoD Privacy Act Issuances as defined herein.

Business Associate shall generally have the same meaning as the term “business associate” in the DoD HIPAA Issuances, and in reference to this BAA, shall mean [INSERT NAME OF BUSINESS ASSOCIATE].

Agreement means this BAA together with the documents and/or other arrangements under which the Business Associate signatory performs services involving access to PHI on behalf of the MHS component signatory to this BAA.

Covered Entity shall generally have the same meaning as the term “covered entity” in the DoD HIPAA Issuances, and in reference to this BAA, shall mean [INSERT NAME OF MTF COMPONENT].

DHA Privacy Office means the DHA Privacy and Civil Liberties Office. The DHA Privacy Office Director is the HIPAA Privacy and Security Officer for DHA, including the National Capital Region Medical Directorate (NCRMD).

DoD HIPAA Issuances means the DoD issuances implementing the HIPAA Rules in the DoD Military Health System (MHS). These issuances are DoD 6025.18-R (2003), DoDI 6025.18 (2009), and DoD 8580.02-R (2007).

DoD Privacy Act Issuances means the DoD issuances implementing the Privacy Act, which are DoDD 5400.11 (2007) and DoD 5400.11-R (2007).

HHS Breach means a breach that satisfies the HIPAA Breach Rule definition of breach in 45 CFR 164.402.

29


HIPAA Rules means, collectively, the HIPAA Privacy, Security, Breach and Enforcement Rules, issued by the U.S. Department of Health and Human Services (HHS) and codified at 45 CFR Part 160 and Part 164, Subpart E (Privacy), Subpart C (Security), Subpart D (Breach) and Part 160, Subparts C-D (Enforcement), as amended by the 2013 modifications to those Rules, implementing the “HITECH Act” provisions of Pub. L. 111-5. See 78 FR 5566-5702 (Jan. 25, 2013) (with corrections at 78 FR 32464 (June 7, 2013)). Additional HIPAA rules regarding electronic transactions and code sets (45 CFR Part 162) are not addressed in this BAA and are not included in the term HIPAA Rules.

Service-Level Privacy Office means one or more offices within the military services (Army, Navy, or Air Force) with oversight authority over Privacy Act and/or HIPAA privacy compliance.

I. Obligations and Activities of Business Associate

(a) The Business Associate shall not use or disclose Personal Health Information (PHI) other than as permitted or required by this Agreement or as required by law.

(b) The Business Associate shall use appropriate safeguards, and comply with the DoD HIPAA Rules with respect to electronic PHI, to prevent use or disclosure of PHI other than as provided for by this Agreement.

(c) The Business Associate shall report to Covered Entity any Breach of which it becomes aware, and shall proceed with breach response steps as required by Part V of this BAA. With respect to electronic PHI, the Business Associate shall also respond to any security incident of which it becomes aware in accordance with any Information Assurance provisions of this Agreement. If at any point the Business Associate becomes aware that a security incident involves a Breach, the Business Associate shall immediately initiate breach response as required by part V of this BAA.

(d) In accordance with 45 CFR 164.502(e)(1)(ii)) and 164.308(b)(2), respectively, and corresponding DoD HIPAA Issuances, as applicable, the Business Associate shall ensure that any subcontractors that create, receive, maintain, or transmit PHI on behalf of the Business Associate agree to the same restrictions, conditions, and requirements that apply to the Business Associate with respect to such PHI.

(e) The Business Associate shall make available PHI in a Designated Record Set, to the Covered Entity or, as directed by the Covered Entity, to an Individual, as necessary to satisfy the Covered Entity obligations under 45 CFR 164.524 and corresponding DoD HIPAA Issuances.

(f) The Business Associate shall make any amendment(s) to PHI in a Designated Record Set as directed or agreed to by the Covered Entity pursuant to 45 CFR 164.526, or take other measures as necessary to satisfy Covered Entity’s obligations under 45 CFR 164.526, and corresponding DoD HIPAA Issuances.

(g) The Business Associate shall maintain and make available the information required to provide an accounting of disclosures to the Covered Entity or an individual as necessary to satisfy the Covered Entity’s obligations under 45 CFR 164.528 and corresponding DoD HIPAA Issuances.

(h) To the extent the Business Associate is to carry out one or more of Covered Entity's obligation(s) under the HIPAA Privacy Rule, the Business Associate shall comply with the requirements of the HIPAA Privacy Rule that apply to the Covered Entity in the performance of such obligation(s); and

(i) The Business Associate shall make its internal practices, books, and records available to the Secretary for purposes of determining compliance with the HIPAA Rules.

II. Permitted Uses and Disclosures by Business Associate

(a) The Business Associate may only use or disclose PHI as necessary to perform the services set forth in this Agreement or as required by law. The Business Associate is not permitted to de-identify PHI under DoD HIPAA issuances or the corresponding 45 CFR 164.514(a)-(c), nor is it permitted to use or disclose de-identified PHI, except as provided by this Agreement or directed by the Covered Entity [MODIFY THIS SECTION IF THE PURPOSE OF THE AGREEMENT/CONTRACT IS FOR THE BA TO DEIDENTIFY PHI FOR THE CE].

30


(b) The Business Associate agrees to use, disclose and request PHI only in accordance with the HIPAA Privacy Rule “minimum necessary” standard and corresponding DHA policies and procedures as stated in the DoD HIPAA Issuances.

(c) The Business Associate shall not use or disclose PHI in a manner that would violate the DoD HIPAA Issuances or HIPAA Privacy Rules if done by the Covered Entity, except uses and disclosures for the Business Associate’s own management and administration and legal responsibilities or for data aggregation services as set forth in the following three paragraphs.

(d) Except as otherwise limited in this Agreement, the Business Associate may use PHI for the proper management and administration of the Business Associate or to carry out the legal responsibilities of the Business Associate. The foregoing authority to use PHI does not apply to disclosure of PHI, which is covered in the next paragraph.

(e) Except as otherwise limited in this Agreement, the Business Associate may disclose PHI for the proper management and administration of the Business Associate or to carry out the legal responsibilities of the Business Associate, provided that disclosures are required by law, or the Business Associate obtains reasonable assurances from the person to whom the PHI is disclosed that it will remain confidential and used or further disclosed only as required by law or for the purposes for which it was disclosed to the person, and the person notifies the Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.

(f) Except as otherwise limited in this Agreement, the Business Associate may use PHI to provide Data Aggregation services relating to the Covered Entity’s health care operations.

III. Provisions for Covered Entity to Inform Business Associate of Privacy Practices and Restrictions

(a) The Covered Entity shall notify the Business Associate of any limitation(s) in the notice of privacy practices of the Covered Entity under 45 CFR 164.520 and the corresponding provision of the DoD HIPAA Issuances, to the extent that such limitation may affect Business Associate’s use or disclosure of PHI.

(b) The Covered Entity shall notify the Business Associate of any changes in, or revocation of, the permission by an Individual to use or disclose his or her PHI, to the extent that such changes affect the Business Associate’s use or disclosure of PHI.

(c) The Covered Entity shall notify the Business Associate of any restriction on the use or disclosure of PHI that the Covered Entity has agreed to or is required to abide by under 45 CFR 164.522 and the corresponding DoD HIPAA Issuances, to the extent that such changes may affect the Business Associate’s use or disclosure of PHI.

IV. Permissible Requests by Covered Entity

The Covered Entity shall not request the Business Associate to use or disclose PHI in any manner that would not be permissible under the HIPAA Privacy Rule or any applicable Government regulations (including without limitation, DoD HIPAA Issuances) if done by the Covered Entity, except for providing Data Aggregation services to the Covered Entity and for management and administrative activities of the Business Associate as otherwise permitted by this BAA.

V. Breach Response

(a) In general.

(1) In the event of a breach of PII/PHI held by the Business Associate, the Business Associate shall report the breach to the Covered Entity in accordance with Section VII, assess the breach incident, take mitigation actions as applicable, and notify affected individuals, as directed by the Covered Entity.

(2) The Business Associate shall coordinate all investigation actions with the Covered Entity, and at a minimum, follow the breach response requirements set forth in this Part V, which is designed to satisfy both the Privacy Act and HIPAA as applicable. If a breach involves PII without PHI, then the Business Associate shall comply with DoD Privacy Act Issuance breach response requirements only; if a breach involves PHI (a subset of PII), then the Business Associate shall comply with both Privacy Act and HIPAA breach response requirements. A breach involving PHI may or may not constitute an HHS Breach. If a breach is not an HHS Breach, then the Business Associate has no HIPAA

31


breach response obligations. In such cases, the Business Associate must still comply with breach response requirements under the DoD Privacy Act Issuances.

(3) The Business Associate shall, at no cost to the government, bear any costs associated with a breach of PII/PHI that the Business Associate has caused or is otherwise responsible for addressing.

(b) Government Reporting Provisions

(1) If the Covered Entity determines that a breach is an HHS Breach, then the Business Associate shall comply with both the HIPAA Breach Rule and DoD Privacy Act Issuances, as directed by the Covered Entity, regardless of where the breach occurs. If the Covered Entity determines that the breach does not constitute an HHS Breach, then the Business Associate shall comply with DoD Privacy Act Issuances, as directed by the applicable Service-Level Privacy Office.

(2) This Part V is designed to satisfy the DoD Privacy Act Issuances and the HIPAA Breach Rule as implemented by the DoD HIPAA Issuances. In general, for breach response, the Business Associate shall report the breach to the Covered Entity, assess the breach incident, notify affected individuals, and take mitigation actions as applicable. Because DoD defines “breach” to include possible (suspected) as well as actual (confirmed) breaches, the Business Associate shall implement these breach response requirements immediately upon the Business Associate’s discovery of a possible breach.

(3) The following provisions of Part V set forth the Business Associate’s Privacy Act and HIPAA breach response requirements for all breaches, including but not limited to HHS breaches.

(i) The Business Associate shall report the breach within one hour of discovery to the US Computer Emergency Readiness Team (US CERT), and, within 24 hours of discovery, to the Covered Entity, and to other parties as deemed appropriate by the Covered Entity. The Business Associate is deemed to have discovered a breach as of the time a breach (suspected or confirmed) is known, or by exercising reasonable diligence would have been known, to any person (other than the person committing it) who is an employee, officer or other agent of the Business Associate.

(ii) The Business Associate shall submit the US-CERT report using the online form at https://forms.us-cert.gov/report/. Before submission to US-CERT, the Business Associate shall save a copy of the on-line report. After submission, the Business Associate shall record the US-CERT Reporting Number. Although only limited information about the breach may be available as of the one hour deadline for submission, the Business Associate shall submit the US-CERT report by the deadline. The Business Associate shall e-mail updated information as it is obtained, following the instructions at http://www.us-cert.gov/pgp/email.html. The Business Associate shall provide a copy of the initial or updated US-CERT report to the Installation Privacy Act Officer, MTF HIPAA Privacy Officer, and the Contracting Officer (if applicable), if requested. Business Associate questions about US-CERT reporting shall be directed to the Installation Privacy Act Officer or MTF HIPAA Privacy Officer, not the US-CERT office.

(iii) The Business Associate shall comply with the Breach Timeline and Notification Flow Chart processes attached to this Agreement, to include the timelines established for completing the DD Form 2959 and the HIPAA Privacy Incident Report.

(4) If multiple beneficiaries are affected by a single event or related set of events, then a single reportable breach may be deemed to have occurred, depending on the circumstances. The Business Associate shall inform the Covered Entity as soon as possible if it believes that “single event” breach response is appropriate; the Covered Entity will determine how the Business Associate shall proceed and, if appropriate, consolidate separately reported breaches for purposes of Business Associate report updates, beneficiary notification, and mitigation.

(i) When a Breach Report Form initially submitted is incomplete or incorrect due to unavailable information, or when significant developments require an update, the Business Associate shall submit a revised form or forms, stating the updated status and previous report date(s) and showing any revisions or additions in red text. Examples of updated information the Business Associate shall report include, but are not limited to: confirmation on the exact data elements involved, the root cause of the incident, and any mitigation actions to include, sanctions, training, incident containment, and follow-up. The Business Associate shall submit these report updates within three (3) business days after the new information becomes available. Prompt reporting of updates is required to allow the Covered Entity to make timely final determinations on any subsequent notifications or reports. The Business Associate shall provide updates to the

32


same parties as required for the initial Breach Reporting Form. The Business Associate is responsible for reporting all information needed by the Covered Entity to make timely and accurate determinations on reports to HHS as required by the HHS Breach Rule and reports to the Defense Privacy and Civil Liberties Office as required by DoD Privacy Act Issuances.

(ii) In the event the Business Associate is uncertain on how to apply the above requirements, the Business Associate shall consult with the Covered Entity and Contracting Officer (if applicable) when determinations on applying the above requirements are needed.

(c) Individual Notification Provisions

(i) If the Covered Entity determines that individual notification is required, the Business Associate shall provide written notification to individuals affected by the breach as soon as possible, but no later than 10 working days after the breach is discovered and the identities of the individuals are ascertained. The 10 day period begins when the Business Associate is able to determine the identities (including addresses) of the individuals whose records were impacted.

(ii) The Business Associate’s proposed notification to be issued to the affected individuals shall be submitted to the parties to which reports are submitted under paragraph VII for their review, and for approval by the [REMOVE CO REFERENCES FOR STAND-ALONE AGMT] Contracting Officer, in consultation with the Covered Entity. Upon request, the Business Associate shall provide the Contracting officer and Covered Entity with the final text of the notification letter sent to the affected individuals. If different groups of affected individuals receive different notification letters, then the Business Associate shall provide the text of the letter for each group (PII shall not be included with the text of the letter(s) provided). Copies of further correspondence with affected individuals need not be provided unless requested by the Contracting Office or Covered Entity. The Business Associate’s notification to the individuals, at a minimum, shall include the following:

(A) The individual(s) must be advised of what specific data was involved. It is insufficient to simply state that PII has been lost. Where names, Social Security Numbers (SSNs) or truncated SSNs, and Dates of Birth (DOBs) are involved, it is critical to advise the individual that these data elements potentially have been breached.

(B) The individual(s) must be informed of the facts and circumstances surrounding the breach. The description should be sufficiently detailed so the individual clearly understands how the breach occurred.

(C) The individual(s) must be informed of what protective actions the Business Associate is taking or the individual can take to mitigate against potential future harm. The notice must refer the individual to the current Federal Trade Commission (FTC) web site pages on identity theft and the FTC’s Identity Theft Hotline, toll-free: 1-877-ID-THEFT (438-4338); TTY: 1-866-653-4261.

(D) A brief description of what the covered entity involved is doing to investigate the breach, to mitigate harm to individuals, and to protect against any further breaches; and

(E) Contact procedures for individuals to ask questions or learn additional information, which shall include a toll-free telephone number, an e-mail address, Web site, or postal address

(F) The individual(s) must also be informed of any mitigation support services (e.g., one year of free credit monitoring, identification of fraud expense coverage for affected individuals, provision of credit freezes, etc.) the Business Associate may offer affected individuals, the process to follow to obtain those services and the period of time the services will be made available, and contact information (including a phone number, either direct or toll-free, e-mail address and postal address) for obtaining more information. The [REMOVE CO REFERENCES FOR STAND-ALONE AGMT] Contracting Officer, in consultation with the Covered Entity will determine the appropriate level of support services.

(iii) Business Associates shall ensure any envelope containing written notifications to affected individuals are clearly labeled to alert the recipient to the importance of its contents, e.g., “Important information – do not destroy,” and the envelope is marked with the identity of the Business Associate and/or subcontractor organization that suffered the breach. The letter must also include contact information for a designated POC to include, phone number, e-mail address, and postal address.

33


(iv) If the Business Associate determines that it cannot readily identify, or will be unable to reach, some affected individuals within the 10 day period after discovering the breach, the Business Associate shall so indicate in the initial or updated Breach Report Form. Within the 10 day period, the Business Associate shall provide the approved notification to those individuals who can be reached. Other individuals must be notified within 10 days after their identities and addresses are ascertained. The Business Associate shall consult with the Covered Entity, which will determine which media notice is most likely to reach the population not otherwise identified or reached. The Business Associate shall issue a generalized media notice(s) to that population in accordance with the Covered Entity approval.

(d) Breaches are not to be confused with security incidents (often referred to as cyber security incidents when electronic information is involved), which may or may not involve a breach of PII/PHI. In the event of a security incident not involving a PII/PHI breach, the Business Associate shall follow applicable DoD Information Assurance requirements under its Agreement. If at any point the Business Associate finds that a cybersecurity incident involves a PII/PHI breach (suspected or confirmed), the Business Associate shall immediately initiate the breach response procedures set forth here. The Business Associate shall also continue to follow any required cyber security incident response procedures to the extent needed to address security issues, as determined by DoD/DHA.

VI. Termination

(a) Termination. Noncompliance by the Business Associate (or any of its staff, agents, or subcontractors) with any requirement in this BAA may subject the Business Associate to termination under any applicable default or other termination provision of the underlying Contract [FOR STANDALONE INSERT, REPLACE WITH “this Agreement”].

(b) Effect of Termination.

(1) If this Agreement has records management requirements, the Business Associate shall handle such records in accordance with the records management requirements. If this Agreement does not have records management requirements, the records should be handled in accordance with paragraphs VI (2) and (3) below. If this Agreement has provisions for transfer of records and PII/PHI to a successor Business Associate, or if the Covered Entity gives directions for such transfer, the Business Associate shall handle such records and information in accordance with such Agreement provisions or the Covered Entity’s direction.

(2) If this Agreement does not have records management requirements, except as provided in the following paragraph (3), upon termination of this Agreement, for any reason, the Business Associate shall return or destroy all PHI received from the Covered Entity, or created or received by the Business Associate on behalf of the Covered Entity that the Business Associate still maintains in any form. This provision shall apply to PHI that is in the possession of subcontractors or agents of the Business Associate. The Business Associate shall retain no copies of the PHI.

(3) If this Agreement does not have records management provisions and the Business Associate determines that returning or destroying the PHI is infeasible, the Business Associate shall provide to the Covered Entity notification of the conditions that make return or destruction infeasible. Upon mutual agreement of the Covered Entity and the Business Associate that return or destruction of PHI is infeasible, the Business Associate shall extend the protections of this Agreement to such PHI and limit further uses and disclosures of such PHI to those purposes that make the return or destruction infeasible, for so long as the Business Associate maintains such PHI.

VII. Notices. Any notices to be given hereunder will be made in the most expedient manner, via e-mail, facsimile, U.S. Mail, or express courier to such party’s address given below.

If to the Business Associate: If to the Covered Entity:

Attn: Attn:Title: Title: MTF HIPAA Privacy OfficerCompany: Unit:Address: Address:

34


Phone: Phone:Fax: Fax:E-mail: E-mail:

With a copy to:

Name: Name:Company: Title: Contracting OfficerAddress: Address:

Phone: Phone:Fax: Fax:Email: Email:

Each party named above may change its address and that of its representative for notice by the giving of notice thereof in the manner provided in this subsection.

VIII. Miscellaneous

(a) Survival. The obligations of Business Associate under the “Effect of Termination” provision of this BAA shall survive the termination of this Agreement.

(b) Interpretation. Any ambiguity in this Agreement shall be resolved in favor of a meaning that permits the Covered Entity and the Business Associate to comply with the HIPAA Rules and the DoD HIPAA

[USE FOR STANDALONE BAA ONLY] (c) Counterparts; Facsimiles. This Agreement may be executed in any number of counterparts, each of which shall be deemed an original. The parties acknowledge and agree that faxed and/or electronically affixed signatures shall act as original signatures that bind each faxing, or electronically affixing, signatory to the terms and provisions of this Agreement. Delivery of an executed counterpart of this Agreement by facsimile or electronic mail shall be equally effective as delivery of a manually executed counterpart.

[USE FOR STANDALONE BAA ONLY] (d) Entire Agreement; Amendment. This Agreement embodies the entire understanding between the parties pertaining to the subject matter contained in it; supersedes any and all prior negotiations, correspondence, understandings, or agreements of the parties with respect to its subject matter; and may be waived, altered, amended, modified, revised or repealed, in whole or in part, only on the written consent of the parties to this Agreement.

[USE FOR STANDALONE BAA ONLY] IN WITNESS WHEREOF, the parties have executed this Agreement as of the Effective Date.

[USE FOR STANDALONE BAA ONLY] BUSINESS ASSOCIATE: COVERED ENTITY:

Signature: Signature:

Print name: Print name:

Title: Title:

Date: Date:

35


APPENDIX C HQ USAF/SG NON-DISCLOSURE AGREEMENT

REVISED: 30 AUG 2007

Purpose: The purpose of this Non-Disclosure Agreement (NDA) is to confirm in writing that the undersigned understands his/her responsibilities regarding protection of information and/or material that he/she may come in contact with in the course of work performed under this agreement. This NDA covers all forms of information made available as Government Furnished Information or information/material developed under this agreement, whether in the form of working materials or as deliverable product. This NDA applies to unclassified Government information/material, proprietary information/material supplied by other vendors for use by the Government, and classified Government information/material and is intended to supplement, not replace, the DD Form 254. All information/material released to the contractor remains the property of the US Government and may be withdrawn at any time.

Responsibility: As a condition of acceptability for work under this agreement with Air Force Material Command 773 ESS/PK on behalf of AF/SG, individuals are required to complete the attached NDA:

36


NON-DISCLOSURE AGREEMENTFOR

CONTRACTOR/SUBCONTRACTOR EMPLOYEES, SENIOR MANAGERS ORCORPORATE OFFICERS

I, ___________________________________________________________ (clearly print or type name), an employee, senior manager, or corporate officer of either _________________________ or a subcontractor to _____________________ under Prime Contract number ______________________; Task Order _____________________ awarded to ______________________ by the AF/SG office (Customer) agree not to disclose to any third party or anyone who is not performing work for the Customer and who does not have a need to know such information, any proprietary, source selection sensitive information, programmatic, or budgetary information (Information) contained in or accessible through the AF/SG programs and activities. Proprietary, programmatic, budgetary and source selection sensitive information and data will be handled in accordance with Government direction under the AF/SG program and applicable Government laws and regulations, including Federal Acquisition Regulation (FAR) Sections 3.104 and 9.5.

I understand that Information I may receive or possess, as a result of my assignment to work on AF/SG activities under this Contract may be considered proprietary, source selection sensitive information, and/or For Official Use Only. The responsibilities of my employer for the proper use and protection from unauthorized disclosure of proprietary or source selection sensitive information are described in FAR 3.104. Pursuant to FAR 3.104, I agree that I shall not appropriate such information for my own use or release or discuss such information with third parties unless specifically authorized by the procedures set forth in FAR 3.104.

This Agreement shall continue for a term of five (5) years from the date upon which I last have access to such information. Upon expiration of this Agreement, I have a continuing obligation not to disclose proprietary, programmatic, budgetary or source selection sensitive information to any person or legal entity unless that person or legal entity is authorized by the Government to receive such Information. I understand that any violation of my duty to protect proprietary or source selection sensitive information I was exposed to while working as an employee of _______________________ company working under the Prime Contract, subcontract, or task order as referenced above may subject me, and/or my employer, to administrative, civil and criminal sanctions.

I understand that the United States Government may seek any remedy available to it to enforce this Agreement, including, but not limited to, application for a court order prohibiting disclosure of information in breach of this agreement. Court costs and reasonable attorney fees incurred by the United States Government may be assessed against me if I lose such action. I understand that another company might file a separate claim against me if I have misused its proprietary information.

In the event that I seek other employment, I will reveal to any prospective employer the continuing obligation in this agreement prior to accepting any employment offer.

If signing as a corporate officer of either the Prime or Subcontractor, I certify that I am a duly authorized representative with legal authority to bind the Company.

Agreed and Accepted:

________________________________________________ _____________________(Signature of Employee) (Date)

________________________________________________ _____________________(Printed Name/Position) (Telephone Number)

________________________________________________ _____________________(Signature of Employer Sr. Mgr/Officer) (Date)________________________________________________ _____________________(Printed Name/Position) (Telephone Number)

37


APPENDIX D

APPLICABLE PUBLICATIONS AND FORMS

1. APPLICABLE PUBLICATIONS. Publications applicable to the PWS, include, but are not limited to, those listed below. The Contractor is obligated to follow all applicable publications. These publications are available online and are maintained by the Government. Supplements or amendments to listed publications from any organizational level may be issued during the life of the contract. The Contractor shall immediately implement those changes in publications which result in a decrease or no change in the price and notify the CO in writing of such change. Prior to implementing any change that will result in an increase; the Contractor shall submit to the CO a price proposal within 30 calendar days of receipt of the change by the Contractor. The CO and the Contractor shall negotiate the change into the contract under the provisions of the contract clause entitled "Changes". Failure of the Contractor to submit a price proposal within 30 calendar days from receipt of the change shall entitle the Government to performance in accordance with such change at no increase in price.

1.1. Important URL for researching Uniformed Business Office information and material: https://health.mil/Military-Health-Topics/Business-Support/Uniform-Business-Office

1.2. DoD Publications

1.3. DHA Publications

1.4. Service Publications

1.5. MTF Rules and Regulations

1.6. Publications and forms are available electronically through the internet.

1.7. DoD Directives can be found at http://www.dtic.mil/whs/directives/. Regulations are followed by a “-R” (e.g., DoD 6025.18-R) and can be located on the website by clicking on “Publications” instead of “Directives.

38

http://www.dtic.mil/whs/directives/

https://health.mil/Military-Health-Topics/Business-Support/Uniform-Business-Office


DEPARTMENT OF DEFENSE (DoD) REGULATIONS/MANUALS INSTRUCTIONS/DIRECTIVES

PUB NO. TITLE DATE CHANGEDoDD 5200.2 Personnel Security Program Apr 99DoD 5400.11-R DoD Privacy Program May 07DoDD 5500.7 Standards of Conduct Nov 07DoDI 6000.11 Patient Movement May 12DHA-PM 6010.13 Medical Expense and Performance

Reporting System for Fixed Military Medical and Dental Treatment

Sep-18

DHA-PM 6015.01 MTF Uniform Business Office (UBO) Manual

Oct 17DoDI 6015.23 Delivery of Healthcare at Military Treatment Oct 02

Facilities: Foreign Service Care; Third Party Collection; Beneficiary Counseling and Assistance Coordinators (BCACs)

DoD 6025.18R DoD Health Information Privacy Regulation Jan 03DoDI 6025.8 Ambulatory Procedure Visit (APV) Sep 96DoDD 6040.41 Medical Records Retention and Coding at

Military Treatment FacilitiesApr 04

DoDI 6040.42 Medical Encounter and Coding at Military Treatment Facilities

Jun 04

DoDI 6040.43 Custody and Control of Outpatient Medical Records

Jun 04

DOD 7000.14R DoD Financial Management Regulations, all volumes

various

DoDD 8500.1E Information Assurance Oct 02DOD 8580.02-R DoD Health Information Security Jul 07DoDI 8582.01 Security of Unclassified DoD

Information on Non-DoD Information Jun 12

The Air Force’s E-Publishing site (http://www.e-publishing.af.mil) will be used to obtain Air Force Instructions.

39


AIR FORCE INSTRUCTIONS/MANUALS

PUB NO. TITLE DATE

AFPD 41-2 Medical Support May-18AFI 31-204 Air Force Motor Vehicle Traffic

Supervision, Chapter 3Jul-00

AFI 31-501 Personal Security Program Management Jan-05

AFI 33-102 Communications and Information Specialized Publications

Oct-11

AFI 33-116 LONG-HAUL TELECOMMUNICATIONS

Apr-02

AFI 33-119 Air Force Messaging Jan-05AFI 33-129 Web Management and Internet Use Feb-05AFI 33-322 Records Management Program Oct-03ARMS Automated Records Management SystemAFI 33-332 Privacy Act Program Jan-04AFI 34-242 Mortuary Affairs Program Apr-08AFI 40-102 Tobacco Use in the USAF Jun-02AFMAN 41-120 Medical Resource Management Operations Nov-14AFI 41-210 TRICARE Operations and Patient

Administration FunctionsJun-12

AFI 41-200 Health Insurance Portability and Accountability Act (HIPAA)

Jul-17

AFI 44-102 Medical Care Management Mar-15AFI 44-119 Medical Quality Operations Aug-11AFI 48-105 Surveillance, Prevention, and Control of

Disease and Conditions of Public Health or Military Significance

Jul-14

AFI 48-123 Medical Examinations and Standards Nov-13

40


APPENDIX E

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) OFDecember 2002

HIPAA is comprised of several different sections, each to be implemented by the Dept. of Health and Human Services. The medical facilities of the military services and the DoD health plans are specifically listed as covered by HIPAA. Currently, HIPAA Privacy and Security Rules, as set forth in the Code of Federal Regulations, are in effect for all MTFs. The specific implementation of HIPAA Privacy for DoD medical facilities is set forth in DoD 6025.18-R, and for HIPAA Security, the requirements for AF MTFs are contained in DoD 8580.02-R and AFI 41-217, which also contains additional Information Assurance requirements for all AF MTFs. DoD 6025.18-R, DoD 8580.02-R and AFI 41-200 are incorporated herein by reference. MTFs are responsible to insure overall compliance with HIPAA requirements, which includes incorporation of certain requirements in contracts entered or amended after the respective implementation dates.

IAW these regulations, the Contractor and its employees meet the definition of Business Associates. Therefore, a Business Associate Agreement is required by law to comply with both the HIPAA Privacy and Security regulations. This clause serves as that agreement for each MTF, whereby the Contractor and its employees agree to abide by all HIPAA Privacy and Security requirements regarding health information as defined in this clause, DoD 6025-18-R, DoD 8520.02-R and AFI 41-217. Additional HIPAA requirements will be addressed when implemented.

Introduction

(a)Definitions. As used in this clause generally refer to the Code of Federal Regulations (CFR) definition unless a more specific provision exists in DoD 6025.18-R, DoD 8520.02-R or AFI 41-217.

Individual has the same meaning as the term “individual” in 45 CFR 164.50 1 and 164.103 and shall include a person who qualifies as a personal representative in accordance with 45 CFR 164.502(g).

Privacy Rule means the Standards for Privacy of Individually Identifiable Health Information at 45 CFR part 160 and part 164, subparts A and E.

Protected Health Information has the same meaning as the term “protected health information” in 45 CFR 164.501, limited to the information created or received by The Contractor from or on behalf of the Government.

Electronic Protected Health Information has the same meaning as the term “electronic protected health information” in 45 CFR 160.103.

41


Required by Law has the same meaning as the term “required by law” in 45 CFR 164.501 and 164.103.

Secretary means the Secretary of the Department of Health and Human Services or his/her designee.

Security Rule means the Health Insurance Reform: Security Standards at 45 CFR part 160,162 and part 164, subpart C.

Terms used, but not otherwise defined, in this Agreement shall have the same meaning as those terms in 45 CFR 160.103, 160.502, 164.103, 164.304 and 164.501.

(b)The Contractor agrees to not use or further disclose Protected Health Information other than as permitted or required by the Contract or as Required by Law.

(c)The Contractor agrees to use appropriate safeguards to prevent use or disclosure of the Protected Health Information other than as provided for by this Contract.

(d)The Contractor agrees to use administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the electronic protected health information that it creates, receives, maintains, or transmits in the execution of this Contract.

(e)The Contractor agrees to mitigate, to the extent practicable, any harmful effect that is known to the Contractor of a use or disclosure of Protected Health Information by the Contractor in violation of the requirements of this Contract.

(f)The Contractor agrees to report to the Government any security incident involving protected health information of which it becomes aware.

(g)The Contractor agrees to report to the Government any use or disclosure of the Protected Health Information not provided for by this Contract of which the Contractor becomes aware of.

(h)The Contractor agrees to ensure that any agent, including a subcontractor, to whom it provides Protected Health Information received from, or created or received by the Contractor on behalf of the Government agrees to the same restrictions and conditions that apply through this Contract to the Contractor with respect to such information.

(i)The Contractor agrees to ensure that any agent, including a subcontractor, to whom it provides electronic Protected Health Information, agrees to implement reasonable

42


and appropriate safeguards to protect it.

(j)The Contractor agrees to provide access, at the request of the Government, and in the time and manner designated by the Government to Protected Health Information in a Designated Record Set, to the Government or, as directed by the Government, to an Individual in order to meet the requirements under 45 CFR 164.524.

(k) The Contractor agrees to make any amendment(s) to Protected Health Information in a Designated Record Set that the Government directs or agrees to pursuant to 45 CFR 164.526 at the request of the Government or an Individual, and in the time and manner designated by the Government.

(1)The Contractor agrees to make internal practices, books, and records relating to the use and disclosure of Protected Health Information received from, or created or received by the Contractor on behalf of, the Government, available to the Government, or at the request of the Government to the Secretary, in a time and manner designated by the 'Government or the Secretary, for purposes of the Secretary determining the Government's compliance with the Privacy Rule.

(m)The Contractor agrees to document such disclosures of Protected Health Information and information related to such disclosures as would be required for the Government to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR 164.528.

(n)The Contractor agrees to provide to the Government or an Individual, in time and manner designated by the Government, information collected in accordance with this Clause of the Contract, to permit the Government to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR 164.528.

General Use and Disclosure Provisions

Except as otherwise limited in this Agreement, the Contractor may use or disclose Protected Health Information on behalf of, or to provide services to, the Government for treatment, payment, or healthcare operations purposes, in accordance with the specific use and disclosure provisions below, if such use or disclosure of Protected Health Information would not violate the HIPAA Privacy Rule, DoD 6025.18-R, the HIPAA Security Rule, or DoD 8580.02-R if done by the Government.

Specific Use and Disclosure Provisions

(a)Except as otherwise limited in this Agreement, the Contractor may use Protected Health Information for the proper management and administration of the Contractor or to carry out the legal responsibilities of the Contractor.

43


(b) Except as otherwise limited in this Agreement, the Contractor may disclose Protected Health Information for the proper management and administration of the Contractor, provided that disclosures are required by law, or the Contractor obtains reasonable assurances from the person to whom the information is disclosed that it will remain confidential and used or further disclosed only as required by law or for the purpose for which it was disclosed to the person, and the person notifies the Contractor of any instances of which it is aware in which the confidentiality of the information has been breached.

(c)Except as otherwise limited in this Agreement, the Contractor may use Protected Health Information to provide Data Aggregation services to the Government as permitted by 45 CFR 164.504(e)(2)(i)(B).

(d)Contractor may use Protected Health Information to report violations of law to appropriate Federal and State authorities, consistent with 45 CFR 164.502(j)(1).

Obligations of the Government

Provisions for the Government to Inform the Contractor of Privacy Practices and Restrictions

(a)Upon request the Government shall provide the Contractor with the notice of privacy practices that the Government produces in accordance with 45 CFR 164.520, as well as any changes to such notice.

(b)The Government shall provide the Contractor with any changes in, or revocation of, permission by Individual to use or disclose Protected Health Information, if such changes affect the Contractor's permitted or required uses and disclosures.

(c)The Government shall notify the Contractor of any restriction to the use or disclosure of Protected Health Information that the Government has agreed to in accordance with 45 CFR 164.522.

Permissible Requests by the Government

The Government shall not request the Contractor to use or disclose Protected Health Information in any manner that would not be permissible under the HIPAA Privacy Rule, DoD 6025.18R, the HIPAA Security Rule, or DoD 8580.02-R, if done by the Government, except for providing Data Aggregation services to the Government and for management and administrative activities of the Contractor as otherwise permitted by this clause.

Termination

(a) Termination. A breach by the Contractor of this clause, may subject the Contractor to termination under any applicable default or termination provision of this Contract.

(b) Effect of Termination.

44


(1) If this contract has records management requirements, the records subject to the Clause should be handled in accordance with the records management requirements. If this contract does not have records management requirements, the records should be handled in accordance with paragraphs (2) and (3) below.

(2) If this contract does not have records management requirements, except as provided in paragraph (3) of this section, upon termination of this Contract, for any reason, the Contractor shall return or destroy all Protected Health Information received from the Government, or created or received by the Contractor on behalf of the Government. This provision shall apply to Protected Health Information that is in the possession of subcontractors or agents of the Contractor. The Contractor shall retain no copies of the Protected Health Information.

(3) If this contract does not have records management provisions and the Contractor determines that returning or destroying the Protected Health Information is infeasible, the Contractor shall provide to the Government notification of the conditions that make return or destruction infeasible. Upon mutual agreement of the Government and the Contractor that return or destruction of Protected Health Information is infeasible, the Contractor shall extend the protections of this Contract to such Protected Health Information and limit further uses and disclosures of such Protected Health Information to those purposes that make the return or destruction infeasible, for so long as the Contractor maintains such Protected Health Information.

Miscellaneous

(a) Regulatory References. A reference in this Clause to a section in DoD 6025.18-R, HIPAA Privacy Regulation or DoD 6025.18-R, HIPAA Security Regulation, or any CFR or AFI provision means the section as currently in effect or as amended, and for which compliance is required.

(b) Survival. The respective rights and obligations of Business Associate under the "Effect of Termination" provision of this Clause shall survive the termination of this Contract.

(c) Interpretation. Any ambiguity in this Clause shall be resolved in favor of a meaning that permits the Government to comply with DoD 6025.18-R, the CFR HIPAA Privacy Rule, DoD 8520.02-R, the CFR HIPAA Security Rule and AFI 41-217.

45


APPENDIX F

CONTRACTOR FULL-TIME EQUIVALENT REPORTING ADDENDUM(CONTRACTOR MANPOWER REPORTING APPLICATION (CMRA))

In accordance with Section 2330a of Title 10, United States Code (10 USC 2330a), the contractor shall report all contractor labor hours (including subcontractor labor hours) required for performance of services provided under this contract for the third party collections and billing via a secure data collection site. The contractor is required to completely fill in all required data fields at http://www.ecmra.mil.

*Reporting Period: Reporting inputs will be for the labor executed during the period of performance for each Government fiscal year (FY), which runs 1 October through 30 September. While inputs may be reported any time during the FY, contractors are required to input complete data by 31 October of each year. Contractors may direct questions to the CMRA help desk.

Uses and Safeguarding of Information: Information from the secure web site is considered proprietary in nature when the contract number and contractor identity are associated with the direct labor hours and direct labor dollars. At no time will any data be released to the public with the contractor name and contract number associated with the data.

User Manuals: Data for Air Force service requirements must be input at the Air Force CMRA link. However, user manuals for Government personnel and contractors are available at the Army CMRA link at http://www.ecmara.mil.

46

http://www.ecmara.mil/



ATTACHMENT 1 – LIST OF MILITARY TREATMENT FACILITIES (MTFs)

Spaces Available Base Facility Name Comman

d1 Air Force Academy, CO 10th MEDICAL GROUP USAFA1 Altus AFB, OK 97th MEDICAL GROUP AETC1 Andersen, Guam 36th MEDICAL GROUP PACAF2 Andrews AFB, MD 779th MEDICAL GROUP AFDW1 Aviano AB, Italy 31st MEDICAL GROUP USAFE1 Barksdale AFB, LA 2nd MEDICAL GROUP GSC1 Beale AFB, CA 9th MEDICAL GROUP ACC0 Bolling AFB, MD 579th MEDICAL GROUP AFDW2 Buckley AFB, CO 460th MEDICAL GROUP AFSPC1 Cannon AFB, NM 27th SPECIAL OPERATIONS MEDICAL GROUP AFSOC1 Charleston AFB, SC 628th MEDICAL GROUP AMC2 Columbus AFB, MS 14th MEDICAL GROUP AETC1 Davis Monthan AFB, AZ 355th MEDICAL GROUP ACC2 Dover AFB, DE 436th MEDICAL GROUP AMC1 Dyess AFB, TX 7th MEDICAL GROUP ACC1 Edwards AFB, CA 95th MEDICAL GROUP AFMC2 Eglin AFB, FL 96th MEDICAL GROUP AFMC0 Eielson AFB, AK 354th MEDICAL GROUP PACAF1 Ellsworth AFB, SD 28th MEDICAL GROUP ACC3 Elmendorf AFB, AK 673rd MEDICAL GROUP PACAF1 Fairchild AFB, WA 92nd MEDICAL GROUP AMC1 FE Warren AFB, WY 90th MEDICAL GROUP GSC1 Goodfellow AFB, TX 17th MEDICAL GROUP AETC1 Grand Forks AFB, ND 319th MEDICAL GROUP AMC1 Hanscom AFB, MA 66th MEDICAL GROUP AFMC1 Hickam AFB, HI 15th MEDICAL GROUP PACAF1 Hill AFB, UT 75th MEDICAL GROUP AFMC1 Holloman AFB, NM 49th MEDICAL GROUP ACC1 Hurlburt AFB, FL 1st SPECIAL OPERATIONS MEDICAL GROUP AFSOC1 Incirlik AB, Turkey 39th MEDICAL GROUP USAFE1 Kadena, Japan 18th MEDICAL GROUP PACAF3 Keesler AFB, MS 81st MEDICAL GROUP AETC1 Kirtland AFB, NM 377th MEDICAL GROUP AFMC0 Kunsan, Korea 8th MEDICAL GROUP PACAF3 Lackland AFB, TX 59th MEDICAL WING AETC1 Lakenheath AB, England 48th MEDICAL GROUP USAFE2 Langley AFB, VA 633rd MEDICAL GROUP ACC1 Laughlin AFB, TX 47th MEDICAL GROUP AETC1 Little Rock AFB, AR 19th MEDICAL GROUP AMC

47


ATTACHMENT 1 – LIST OF MILITARY TREATMENT FACILITIES (MTFs) ContinuedSpaces

Available Base Facility Name Command1 Los Angeles AFB, CA 61st MEDICAL GROUP AFSPC1 Luke AFB, AZ 56th MEDICAL GROUP AETC3 MacDill AFB, FL 6th MEDICAL GROUP AMC1 Malmstrom AFB, MT 341st MEDICAL GROUP AFGSC2 Maxwell AFB, AL 42nd MEDICAL GROUP AETC1 McConnell AFB, KS 22nd MEDICAL GROUP AMC1 McGuire AFB, NJ 87th MEDICAL GROUP AMC1 Minot AFB, ND 5th MEDICAL GROUP GSC1 Misawa, Japan 35th MEDICAL GROUP PACAF1 Moody AFB, GA 23rd MEDICAL GROUP ACC1 Mt Home AFB, ID 366th MEDICAL GROUP ACC2 Nellis AFB, NV 99th MEDICAL GROUP ACC1 Offutt AFB, NE 55th MEDICAL GROUP ACC1 Osan, Korea 51st MEDICAL GROUP PACAF2 Patrick AFB, FL 45th MEDICAL GROUP AFSPC1 Peterson AFB, CO 21st MEDICAL GROUP AFSPC1 Ramstein AB, Germany 86th MEDICAL GROUP USAFE1 Randolph AFB, TX 359th MEDICAL GROUP AETC1 Robins AFB, GA 78th MEDICAL GROUP AFMC2 Scott AFB, IL 375th MEDICAL GROUP AMC1 Seymour Johnson AFB,

NC4th MEDICAL GROUP ACC

1 Shaw AFB, SC 20th MEDICAL GROUP ACC1 Sheppard AFB, TX 82nd MEDICAL GROUP AETC0 Spangdahlem AB,

Germany52nd MEDICAL GROUP USAFE

1 Tinker AFB, OK 72nd MEDICAL GROUP AFMC3 Travis AFB, CA 60th MEDICAL GROUP AMC1 Tyndall AFB, FL 325th MEDICAL GROUP AETC1 Vance AFB, OK 71st MEDICAL GROUP AETC1 Vandenberg AFB, CA 30th MEDICAL GROUP AFSPC1 Whiteman AFB, MO 509th MEDICAL GROUP GSC3 Wright-Patterson AFB,

OH88th MEDICAL GROUP AFMC

1 Yokota, Japan 374th MEDICAL GROUP PACAF

48


ATTACHMENT 2 – CONSOLIDATED SERVERS

Base Bases Supported From This MTFAndrews Andrews, BollingEglin Eglin, Hurlburt FieldTravis Travis, BealeOsan Osan, KunsanRamstein Ramstein, Geilenkirchen, SpangdahlemLakenheath Lakenheath, Menwith Hill, RAF CroughtonLackland Lackland, Randolph

49


ATTACHMENT 3 – REGIONAL DISTRIBUTION

Region 1Andrews AFB, MD Incirlik AB, Turkey Ramstein AB, GermanyAviano AB, Italy Lakenheath AB, England Scott AFB, ILBolling AFB, MD Langley AFB, VA Seymour Johnson AFB, NCDover AFB, DE McConnell AFB, KS Spangdahlem AB, GermanyEllsworth AFB, SD McGuire AFB, NJ Whiteman AFB, MOGrand Forks AFB, ND Minot AFB, ND Wright-Patterson AFB, OHHanscom AFB, MA Offutt AFB, NE

Region 2Air Force Academy, CO FE Warren AFB, WY Misawa, JapanAndersen, Guam Hickam AFB, HI Mt Home AFB, IDBeale AFB, CA Hill AFB, UT Nellis AFB, NVBuckley AFB, CO Holloman AFB, NM Osan, KoreaCannon AFB, NM Kadena, Japan Peterson AFB, CODavis Monthan AFB, AZ Kirtland AFB, NM Travis AFB, CAEdwards AFB, CA Kunsan, Korea Vandenberg AFB, CAEielson AFB, AK Los Angeles AFB, CA Yokota, JapanElmendorf AFB, AK Luke AFB, AZFairchild AFB, WA Malmstrom AFB, MT

Region 3Altus AFB, OK Keesler AFB, MS Randolph AFB, TXBarksdale AFB, LA Lackland AFB, TX Robins AFB, GACharleston AFB, SC Laughlin AFB, TX Shaw AFB, SCColumbus AFB, MS Little Rock AFB, AR Sheppard AFB, TXDyess AFB, TX MacDill AFB, FL Tinker AFB, OKEglin AFB, FL Maxwell AFB, AL Tyndall AFB, FLGoodfellow AFB, TX Moody AFB, GA Vance AFB, OKHurlburt AFB, FL Patrick AFB, FL

50

Documents

ATTACHMENT 1 Government... · Web viewATTACHMENT 1 List of Military Treatment Facilities 47. ATTACHMENT 2 Consolidated Servers 49 . PERFORMANCE WORK STATEMENT (PWS) THIRD PARTY