CITY OF DALLAS FIRE-RESCUE DEPARTMENT
SPECIFICATIONS for
Electronic Patient Care Reporting & Data Collection Software RFCSP BHZ1503
Date: 9/18/14
Electronic Patient Care Reporting (ePCR) & Data Collection Software - Page 1
BACKGROUND The City of Dallas, Fire Department (“City”) seeks electronic patient care reporting & data collection software that is able to meet both current and projected future needs of the Fire Department. The software must be able to adapt quickly to complex healthcare reporting requirements as they occur. The City of Dallas is the ninth largest city in the United States. It has a population of approximately 1.2 million. The Dallas Fire Department has a municipally-operated Emergency Medical Services (“EMS”) system providing service to the entire population. In fiscal year 2013, first responders answered calls to over 190,000 EMS incidents. There are currently forty (40) front-line, three (3) peak-demand, five Special Event units, and up to twelve (12) reserve ambulances in operation. Additionally, all fifty-five DFR fire engines are ALS capable and are assigned the appropriate EMS computer and EPCR software. The City seeks electronic patient care reporting software that is fully compliant with existing federal, state and local government regulations and will readily interface with existing hardware and software including, but not limited to, Computer Aided Dispatch (CAD) and billing software as well as providing useful data to allow management decisions. Additionally, DFR has instituted a Mobile Community Healthcare Program (MCHP) (Community Paramedic Program). The successful bidder should have software modules available for the MCHP or be in the process of developing such software that will properly interface with and enhance the capability of this program.
CONFIDENTIALITY In accordance with state law, proposals shall be opened so as to avoid disclosure of contents to competing proposers and shall be kept secret and confidential during the negotiation process. It is the responsibility of the proposers to clearly mark and identify all portions of the proposal that contain trade secrets, confidential information and other proprietary information. Any information deemed confidential, shall be clearly noted as such on each page or pages. Efforts will be made to keep the marked information confidential; however, the City cannot guarantee it will not be compelled to disclose all or part of any public record under the Texas Open Record Act. PRICING Pricing provided in responses will be considered firm for the term of this contract from the date of the award.
Proposal All proposals shall be submitted in a sealed envelope clearly marked with BHZ1503 Electronic Patient Care Reporting & Data Collection Software
All proposals shall be received at the address below no later than 2:00 p.m. on the due date, October 8th, 2014. Electronic Patient Care Reporting (ePCR) & Data Collection Software - Page 2
All Proposals shall be addressed to: RFCSP# BHZ1503 Electronic Patient Care Reporting & Data Collection Software
Attn: Judy Levin-Simmons 1500 Marilla St., Suite 3FN Dallas, TX 75201 Any proposals received after 2:00 p.m. on the due date will be considered late and nonresponsive and returned to the applicant unopened. The City reserves the right to reject any and/or all proposals or waive irregularities. All submittals shall include one complete, original proposal marked “ORIGINAL”, seven complete original copies of the original proposal, four electronic copy on a flash drive with the proposal number and the submitting firm’s name, and other related documentation required by this RFCSP If the proposer does not ask questions or clarify any assumptions, the City will assume proposer(s) understand(s) the City’s requirements and that the proposer’s offering will meet those needs at the price stated. A. Proposal Format: Each Proposal should be typewritten, single spaced and submitted on 8 ½” x 11” white paper with original placed inside a three ring binder and each copy to be securely bound in a more economical fashion (i.e. – heat bond, spiral bond, etc.) The use of recycled paper and materials is encouraged. Unnecessarily elaborate brochures, artwork, bindings, visual aids, expensive paper or other materials beyond that sufficient to present a complete and effective submission are not required. Font type and size shall be no less than 12-point in Times New Roman type. All pages shall be numbered and printed two-sided. Margins shall be no less than 1” around the perimeter of each page. A Proposal response for RFCSP Attachments A-I may not exceed 50 pages length. Electronic files, websites, or URLs shall not be submitted in lieu of the printed Proposal. Each Proposal should include the sections and attachments in the sequence listed in the RFCSP Section VII, Proposal Requirements, and each section and attachment should be indexed and divided by tabs and indexed in a Table of Contents page. Failure to meet the above conditions may result in disqualification of the Proposal or may negatively affect scoring. B. Respondents who submit Proposals to this RFCSP shall correctly state the true and correct name of the individual, proprietorship, corporation, and /or partnership (clearly identifying the responsible general partner and all other partners who would be associated with the contract, if any). No nicknames, abbreviations (unless part of the legal title), shortened or short-hand, or local "handles" will be accepted in lieu of the full, true and correct legal name of the entity. These names shall comport exactly with the corporate and franchise records of the Texas Secretary of State and Texas Comptroller of Public Accounts. Individuals and proprietorships, if operating under other than an individual name, shall match with exact Assumed Name filings. Corporate Respondents and limited liability company Respondents shall include the 11-digit Comptroller's Taxpayer Number on the General Information form found in this RFCSP as Attachment A. If an entity is found to have incorrectly or incompletely stated its name or failed to fully reveal its identity on the General Information form, the Chief of the Fire-Rescue Department Electronic Patient Care Reporting (ePCR) & Data Collection Software - Page 3
shall have the discretion, at any point in the contracting process, to suspend consideration of the Proposal. D. All provisions in Respondent’s Proposal, including any estimated or projected costs, shall remain valid for one hundred twenty (120) days following the deadline date for submissions or, if a Proposal is accepted, throughout the entire term of the contract. E. All Proposals become the property of the City upon receipt and will not be returned. Any information deemed to be confidential by Respondent should be clearly noted on the page(s) where confidential information is contained; however, the City cannot guarantee that it will not be compelled to disclose all or part of any public record under the Texas Public Information Act, since information deemed to be confidential by Respondent may not be considered confidential under Texas law, or pursuant to a Court order. F. Any cost or expense incurred by the Respondent that is associated with the preparation of the Proposal, the Pre-Proposal conference, if any, or during any phase of the selection process, shall be borne solely by Respondent.
RFCSP Inquiries Prior to the pre-proposal conference and after the pre-proposal conference, all inquiries and requests for information regarding this RFCSP shall be submitted in writing to:
[email protected] All requests for information shall be submitted prior to the established RFCSP cutoff date and time. The cut off time for questions is Wednesday October 1st. Requests for information will not be honored beyond the established timeframe to allow sufficient time for distribution of the requested information to proposers. Responses provided will be written and will be issued via Addendum. Addenda will be made available electronically on the City’s procurement website: www.bids.dallascityhall.org. No proposal negotiations, decisions or actions initiated by any proposers as a result of any verbal discussion with any City employee shall be binding upon the City of Dallas. Only proposers will be notified of any communications after the proposal closing. All inquiries shall be directed to the buyer assigned to this procurement. Inquiries are not to be directed to any consultant of the City or City staff member. Such action may disqualify proposers from further consideration of this RFCSP. During the initial review of the RFCSP and preparation of proposals, proposer(s) may discover certain errors, omissions or ambiguities. If this is the case, or if the meaning of any part of this RFCSP is unclear, proposer(s) shall submit written questions to the buyer in time to allow the City to answer the questions and distribute written responses to all proposers before the RFCSP due date and time. The Business Development and Procurement Services Department will make all necessary arrangements for direct contact with other City departments, if required.
Electronic Patient Care Reporting (ePCR) & Data Collection Software - Page 4
Pre-Proposal Meeting The City will hold a pre-proposal meeting for interested proposers concerning the specifications of this solicitation. The Pre-proposal conference will be at 9:00 A.M. on September 29th, 2014. The conference will be held in Conference room A located on L1FN at City Hall, 1500 Marilla Street, Dallas, Texas, 75201. Do not rely on oral instructions for clarifications, verbal agreements or representations are not binding on the City. The Office of Business Development and Procurement Services will issue the City of Dallas’ official position in writing. Proposers are encouraged to attend the pre-proposal meeting to discuss any questions with the user department’s representative(s). This will be the only contact between the proposer and the department during the bidding process. After the pre-proposal meeting, all correspondence shall go through the buyer. Opening of Proposals Proposals will be opened by the City at 2:00 p.m. the day following the due date so as to avoid disclosure of contents to competing proposers. Proposer names will be publicly read. It is the responsibility of the proposer to clearly mark and identify all portions of the proposal, which, in the proposer’s opinion, contain trade secrets, confidential information and other proprietary information. All proposals are subject to the Texas Open Records Act process. Selection of Best Qualified Proposals An evaluation committee will review the proposals submitted by all proposers. On the basis of the evaluation criteria, the City will determine which proposal(s) are best qualified for the award of the contract. The City may at any time, investigate a proposer's ability to perform work. The City may ask for additional information about a company and its work on previous contracts. Proposers may choose not to submit such information in response to City of Dallas' request; however, if failure to submit such information does not clarify the City's questions concerning the ability to perform, the City may discontinue further consideration of a particular proposal. Please be aware that the City of Dallas may use sources of information not supplied by the proposer concerning the abilities to perform this work. Such sources may include current or past customers of the organization; current or past suppliers; articles from industry newsletters or other publications or from non-published sources made available to the City of Dallas. The City of Dallas or its representative reserves the right to cancel this agreement anytime if the services are deemed unsatisfactory. Discussion with Reasonably Qualified Proposals The City reserves the right to engage in discussions or conduct interviews, either oral or written, with the respondents determined by the evaluation criteria to be reasonably viable to being selected for award. If discussions or interviews are held, the buyer may request best and final offers. The request for best and final offers may include: Notice that this is the opportunity to submit written best and final offers. Electronic Patient Care Reporting (ePCR) & Data Collection Software - Page 5
Notice of the date and time for submission of the best and final offer.
Notice that if any modification is submitted, it shall be received by the date and time specified or it may not be considered.
Following evaluation of the best and final offers, purchasing may select for negotiations the offer that is most advantageous to the Communication & Information Service Department, considering price or cost and the evaluation factors in the RFCSP. After the most advantageous proposer(s) has been identified, contract negotiations may commence. If at any time contract negotiation activities are judged to be ineffective, Purchasing will cease all activities with the respondent and begin contract negotiations with the next highest ranked respondent. This process may continue until either both the respondent and Business Development and Procurement Services executes a completed contract or Business Development and Procurement Services determines that no acceptable alternative proposal exists. The City reserves the right to reject any or all proposals received or to award, without discussions or clarifications. Therefore, each proposal should contain the Respondent’s best terms from a price and technical standpoint. Rejection or Acceptance of Proposals This RFCSP does not commit the City to award any contract. The City reserves the right to reject any or all proposals, to waive technicalities or irregularities, and to accept any proposal it deems to be in the best interest of the City. The City shall not be liable for any costs incurred by any company responding to this RFCSP. The City will require the recommended proposer to sign the necessary contract documents prepared by the City Attorney's Office. A sample contract is included as an attachment. Late & Withdrawn Proposals Proposals offered to the City after the time and date will not be accepted. Any proposal may be withdrawn prior to the scheduled due date. Confidentiality Respondents are advised that materials contained in proposals are subject to open records after the contract award, and may be viewed and copied by any member of the public, including news outlets and competitors. The Attorney General may make the final determination as to whether documents are releasable. Disqualification of Proposers Proposers may be disqualified for any of the following reasons, but not limited to: Reason to believe collusion exists among the proposers.
Electronic Patient Care Reporting (ePCR) & Data Collection Software - Page 6
The proposer is involved in any litigation against the City of Dallas.
The proposer is in arrears on an existing contract or has failed to perform on a previous contract with the City of Dallas within the past five years.
Method of Award The City reserves the right to award by the method deemed most advantageous to the City. The City will require the selected proposers(s) to execute a contract in substantially the same form as the sample attachment. The agreement will commence with the signing of contracts by the successful proposers and the City of Dallas. City staff may elect to request the awarded vendor provide a live demonstration of the system to ensure the desired end result is obtained.
No work shall commence until the contract document(s) are signed; and proposer has provided necessary evidence of insurance as required.
In the event the parties cannot negotiate and execute a contract within the time specified, the City reserves the right to terminate negotiations with the selected proposers and commence negotiations with another proposer.
If selected to provide the services, responses to the proposal will be considered as part of the firm's contractual responsibilities.
Misrepresentation of the proposers’ ability to perform as stated in the proposal may result in cancellation of the contract award.
The City of Dallas reserves the right to withdraw or reduce the amount of an award, or to cancel the contract resulting from this procurement if adequate funding is not available.
The City of Dallas will require the Contractor to sign the necessary contract documents prepared by the City Attorney’s Office. Contract documents are not binding on City until approved by the City Attorney and executed by the City Manager or appointee.
Contract award will be subject to approval by the Dallas City Council. The City of Dallas will require the awarded vendor Contractor to sign the necessary contract documents prepared by the City Attorney’s Office prior to going to Council.
Proposers understands and agrees that if selected, it and persons designated by it to provide services in connection with a contract(s), is and shall be deemed to be an independent contractor Electronic Patient Care Reporting (ePCR) & Data Collection Software - Page 7
of the City, responsible for its respective acts or omissions; and the City shall in no way be responsible for proposers actions. CITY’S RESPONSIBILITY For services performed, the City shall pay the successful proposers an amount not to exceed the successful proposal amount. CONTRACTOR’S RESPONSIBILITY A. In order for a proposal to be considered for funding, proposers must comply with the requirements as specified, and provide requested information and attachments. B. Contractor will assume complete responsibility for all tasks detailed in the "Scope of Services." C. Any task not specifically detailed in the specified work program as the responsibility of the City will be the responsibility of the contractor. TERM OF CONTRACT The Contract shall be in effect for a period of 36 months with two one-year extensions, at the sole discretion of the City, subject to appropriations by City Council. EVALUATION CRITERIA The City will conduct a comprehensive and impartial evaluation of all proposals received in response to the RFCSP. The City reserves the right to use any and all reasonable and relevant criteria in making its decision as to the best proposer. The City reserves the right to determine the overall qualifications under the RFCSP. A committee established for this purpose will evaluate all proposals. At the City’s option, proposers may be contacted and invited to an oral presentation before the evaluation committee during the proposal evaluation process. The evaluation committee will determine the responsiveness and acceptability of each proposal according to established criteria. The criteria for evaluation are: Cost
30%
Experience & Capability
30%
Functional / Technical Competency
25%
Business Inclusion and Development
15%
TOTAL
100%
.
The evaluation is based upon the following criteria: Electronic Patient Care Reporting (ePCR) & Data Collection Software - Page 8
1. Cost Actual cost of services as identified in the proposal 2. Experience and Capabillity 2.1 Satisfactory company background and references as well as qualifications and experience. 2.2 Demonstrated successful experience on similar type of projects in organizations the size and complexity of the City of Dallas. 3. Functional / Technical Competency 4. Business Inclusion and Development
Business Inclusion and Development The City encourages Proposers to consider utilization of subcontractors and to provide Minority Business Enterprise and Women Business Enterprise (MBE/WBE) subcontractors with a full and fair opportunity to submit proposals to participate on this contract. Proposers are encouraged to use the suggested voluntary outreach efforts by contacting the Buyer to obtain the necessary forms and instructions. All proposers will complete and submit the Business Inclusion and Development (BID) forms attached to this RFCSP. The BID packet also include an overview of the City's program and participation goals established by the Dallas City Council. Help in preparing the forms may be obtained by contacting a member of the ResourceLink team:
Richard Carrizales 214-671-5010
[email protected]
Contract The successful vendor will be required to execute the form contract prepared and tailored for this particular program by the City Attorney's Office, which is attached and substantially represents the contract to be entered into. Unless and otherwise stated, the information requested concerning present or proposed operation is for evaluation purposes only and will not adversely impact proposals unless such information is omitted or differs materially from the specifications. The contract, by the City, may be terminated upon, not less than, 30 days’ notice to the successful vendor for convenience and for failure to satisfactorily perform the function for which the proposal is intended. Any contract award is not transferable or assignable without prior written approval by the City of Dallas. Insurance Requirements The awarded vendor must provide a certificate of insurance evidencing proof of insurance coverage listed in Attachment Insurance within 15 days of award. The City of Dallas will be provided a Waiver of Subrogation waiving Rights of Recovery against City of Dallas on the Workers’ Compensation/Employers Liability policy. The City will be shown as the certificate holder. This insurance must stay in force for the duration of the contract.
Electronic Patient Care Reporting (ePCR) & Data Collection Software - Page 9
ERROR AND OMISSION Proposers shall not be allowed to take advantage of any error or omission in these specifications. The vendor is required to review these specifications carefully and notify the City Business Development & Procurement Services Department if errors are found. SUPPLEMENTAL INFORMATION The City reserves the right to request additional information from individual proposers, or to request all proposers to submit supplemental materials in fulfillment of the content requirements of this RFCSP, or to meet additional information needs of the City. MINIMUM QUALFICATIONS The successful responsive/responsible Proposer shall have been engaged in electronic patient care reporting & data collection software, specific to Emergency Medical Services (EMS), to include preparing for audits related to such a program for a minimum of 5 years. The successful responsive/responsible Proposer will provide a list of current customers in environments comparable in size, complexity and demographics to the City of Dallas. Experience and Capability Vendors should provide with their proposal, the following information to determine qualifying experience and suitability required to meet the specifications contained herein:
Brief description and history of the firm
Financial stability, as verified by certified, audited financial statements for the last two years. Such statements must include a Balance Sheet (Statement of Financial Position), Income Statement (Statement of Operations) and a Statement of Changes in Financial Position
Examples of successful payment rates in conjunction with Medicaid EMS accounts, accurately determining the actual cost to provide EMS ambulance service, and developing and implementing an emergency medical services cost report that is compliant with CMS regulations and OMB A-87 in environments comparable in size, complexity and demographics to the City of Dallas that support the Proposal collection performance rate.
Current operational/volume capacity
Legislative and legal resource support and knowledge
Resumes of key staff assigned to this project
A detailed organization chart identifying key positions and subordinate reporting levels Electronic Patient Care Reporting (ePCR) & Data Collection Software - Page 10
Appropriateness of staffing and resources committed to project
Technical computerized skills and experience of staff, as verified by resumes and references
A listing of all clients served during the last 24 month period with a name, address and phone number for each contact person
Statement on Standards for Attestation Engagement, Type I and Type II No. 16 (SSAE-16) reports for the last three years.
I.
PROPOSAL REQUIREMENTS
Respondent’s Proposal should include the following items in the following sequence, tabbed and noted with the appropriate heading as indicated below. TABLE OF CONTENTS TAB 1 - EXECUTIVE SUMMARY: The summary shall include a statement of the work to be accomplished, how Respondent proposes to accomplish and perform each specific and unique problems perceived by Respondent and Respondent’s solutions. TAB 2 – GENERAL INFORMATION & REFERENCES FORM: (Use the Form provided) TAB 3 – EXPERIENCE, BACKGROUND & QUALIFICATIONS: (Use the Form provided) TAB 4 – PROPOSED PLAN (See format) TAB 5 –LITIGATION DISCLOSURE FORM: Complete and submit the Litigation Disclosure Form, found in this RFP as Attachment F. If Respondent is proposing as a team or joint venture, then all persons or entities who will be parties to the contract (if awarded) shall complete and return this form. TAB 6 – INSURABILITY AFFIDAVIT: Successful Vendor’s carrier will complete the affidavit evidencing insurability. The successful Vendor will be required to purchase and maintain, during the term of the contract, and agrees to the indemnification agreement therein. Respondent is expected to examine this RFP carefully, understand the terms and conditions for providing the services listed herein and respond completely. FAILURE TO COMPLETE AND PROVIDE ANY OF THESE PROPOSAL REQUIREMENTS MAY RESULT IN THE RESPONDENT’S PROPOSAL BEING DEEMED NON-RESPONSIVE AND THEREFORE DISQUALIFIED FROM CONSIDERATION.
Electronic Patient Care Reporting (ePCR) & Data Collection Software - Page 11
II.
SCOPE OF SERVICES
1.0 Components 1.01 EMS Reporting Software System developed on one platform system. 1.02 Fully compliant National Highway Traffic Safety Administration (NHTSA) National EMS Information System (NEMSIS) dataset and updates as necessary to maintain requirements, compliance and compatibility. 1.03 Web-based Data Collection/Administration. 1.04 Centralized database management. 1.05 Single architectural platform for all system function modules. 1.06 Attachable photos, scanned documents, and other file formats.
2.0 IT Infrastructure 2.01 2.02 2.03 2.04 2.05 2.06 2.07
Support XML standards for integration. Latest Technology including Microsoft .NET Platform and Macromedia J2EE. Support Standard Transmission Control Protocol/Internet Protocol (TCPIP) communication protocol. Support Standard Windows/Intel latest version of Windows operating system, currently Windows 7 Easy deployment. Easy upgrade. Based on open technology and SQL-based and written in standard Microsoft languages.
3.0 Integrations 3.01 3.02 3.03 3.04
3.05
EKG device data interface/capability designed for Physio Control EKG monitors. CAD integration (Tritech). Billing Software integration (Must be all listed that is able to be integrated with). Local Government (State, County, DSHS of Texas, North Central Trauma Texas Trauma Regional Advisory Council (NCTTRAC), etc.) data submission interface. Other integrations as may be needed, including, but not limit to, the MCHP as described in Section I, Background.
Electronic Patient Care Reporting (ePCR) & Data Collection Software - Page 12
GROUP A - SOFTWARE 4.0 Field Software Desired Capabilities 4.01 4.02 4.03
4.04 4.05 4.06 4.07 4.08 4.09 4.10 4.11 4.12
4.13 4.14 4.15 4.16 4.17 4.18 4.19 4.20 4.21 4.22 4.23 4.24 4.25 4.26
Mobile Application and data collection that is NEMSIS Gold Compliant as set by NEMSIS for systems currently in the market. Field level application designed for ease of use and ease of learning. Be capable of supporting online transmission of the EMS pre-hospital patient care report to the receiving hospital, via an established relationship between DFR and a Health Information Exchange. Have existing capability to integrate seamlessly with the TriTech CAD system currently in use by DFR (the “bridge” should already be built). Accurate capture of loaded mileage, either through in-system capability or outside software. Call times documented (CAD verification). Allows for thorough documentation of patient past medical history, medications, and allergies Able to collect all BLS, ALS, and critical care patient data. Ability to import patient demographic information from government issued ID card swipe reader. Have the ability to collect patient insurance information within the PCR either through direct entry or via card swipe technology EKG device data importing including the display of all EKG wave forms from Physio Control EKG devices (LifePak 15). Synchronized data records and histories of repeat patients including, but not limited to: pertinent medical history, patient medications, known allergies and billing information making data available in all field units. Graphic or diagrammatic medical, trauma, and burn assessments representation. Auto calculation of Glascow coma score including age parameters. Adult and pediatric medication dosage reference based on DFR treatment guidelines Integrated adult/child/infant rule of 9’s, pediatric chart and protocols. Automatic conversion of weight and temperature from imperial to metric. Rapid selection of assessment values (i.e.: PQRST, Vitals, GCS, etc.) Easy addition of detail to assessment values. “Electronic paper” for quick note taking. Perpetual time code display (Clock) with timer alarms. Time and date fields can be quickly populated by simply tapping the clock. Standard Medicare questionnaire for billing. Easy addition of multiple patients for a single incident with forward data population. Chronological display of all activities. Filtering of activity details (by medications, procedures, vitals, etc.) into a timeline summary of events
Electronic Patient Care Reporting (ePCR) & Data Collection Software - Page 13
4.27 Ability to navigate to any data field (entry or drop-down) within two clicks via data entry. 4.28 Drill down technology for rapid lookups (destinations, locations, meds., procedures, etc.) 4.29 Ability to download and integrate DFR treatment guidelines into the PCR 4.30 Quick display of selected data points to eliminate need to open each and every data entry field. 4.31 Easy display of validity score based on service definable data element score. 4.32 Rapid look up, display and navigation to any missing required data elements. 4.33 Auto generation and editing of multiple, service definable narratives. 4.34 Easy shift setup. 4.35 Configurable client-based mobile application and web-based design ensuring every data field is editable. 4.36 Service definable medication dosages and routes. 4.37 Service definable and tractable questions. 4.38 Ability to interface/link into the City of Dallas master address file. 4.39 Application must provide for an electronic receipt and acknowledgment of the City’s Notice of Privacy Practices (NPP) along with the ability to easily run a report for all individuals who did not receive an electronic NPP. 4.40 Auto logout at shift change (0700) 4.41 Ability to change medics when on a run so that primary medic is identified 4.42 User friendly “How to” or “Help” in software 4.43 Inventory Control measures incorporated into the EPCR 4.44 Multiple physical assessment pages to document changing patient conditions 4.45 Narrative Help for Templates; Active spell check; Medical abbreviation recognition 4.46 Signature Coordination – one patient signature with multiple purposes 4.47 ECG files are automatically attached to the EPCR 4.48 The EPCR highlights Medicare/Medicaid mandatory fields 4.49 Ability to update software in-house without creating problems in the software program 4.50 User-friendly and searchable database 4.51 User-friendly ability to create and export customized reports along with the ability to set reports to automatically generate route via email to appropriate individuals. 4.52 Drug search/database with description of uses and search by medical problems 4.53 Access to the internet. Additional Security requirements conforming to HIPAA technical safeguards listed in the Security section of this proposal. End user access must be able to be limited by EMS administrator Electronic Patient Care Reporting (ePCR) & Data Collection Software - Page 14
4.54 4.55 4.56 4.57
4.58
Problem-Solving Tutorial for common problems Printers at hospitals with service and technical support Ability to import treatments from LifePaks, i.e. blood pressure, pulse, pulse oximetry, medications, times, etc. Track-able via GPS, RFID, or other proven system in the event that the unit is lost or stolen and provide an exact location of the unit May need software other than Computrace to accomplish this (not the closest intersection). The selected vendor must work with EMS administration to determine which ports on the selected hardware unit will be functional for field operations GROUP B - HARDWARE
5.0 Field Hardware Desired Capability 5.01 5.02 5.03 5.04 5.05 5.06 5.07 5.08 5.09 5.10 5.11
5.12 5.13 5.14 5.15 5.16 5.17 5.18 5.19 5.20 5.21 5.22 5.23
Required MIL STD 810G, Optional MILSTD461F and IP65 Minimum Windows 7 Professional, Must be Windows *8 upgradable Minimum Intel Core i7 Minimum 8 GB Ram 128GB solid state hard drive with a 256GB solid state hard drive option Minimum 10” LED Backlit Touchscreen, no larger than 12.2” Must be sunlight readable 800 NIT minimum Must have a screen protector with the option to purchase spares Minimum 4G LTE wireless capability, Multi carrier Standard QWRTY keyboard with pressure sensitive touchpad, and be backlit Multi-level hardware security comprising: embedded CompuTrace or equivalent solution with similar capabilities within Bios; hardware level TPM minimum 1.2 version. CompuTrace its equivalent must update its current location at 15 minute intervals and be continuously monitored from a central location. Unit must be able to be “wiped” remotely in the event that the unit is lost or stolen within the shortest time frame possible. Minimum five-year, no-fault warranty Maximum weight six pounds Must have bar-code scanner capability, either built-in or added on. Must have the ability to import the bar-code information into the PCR. Must have Optical Character Recognition (OCR) Must have magnetic card reader capability, either built-in or added on. Must have the ability to import the card data into the selected PCR. Lithium ion battery – minimum battery life of 8 hours Must be able to hot swap batteries without being plugged in or docked Must include option to purchase spare batteries Ability to take and upload pictures into the selected PCR, from front or rear option; Resolution of a minimum of 3.0 MP and Flash Must have a minimum 3.0MP front facing webcam Must have a minimum 3.0MP rear facing webcam with flash Must include 25 additional AC power adaptors for hospitals Electronic Patient Care Reporting (ePCR) & Data Collection Software - Page 15
5.24 5.25 5.26 5.28 5.29 5.30 5.31 5.32
Extra battery with charger at fire station locations Must meet 802.11 ac wireless standard Must be able to operate in temperatures of up to 130 degrees Fahrenheit Must have True GPS and Cellular triangulation Must have Bluetooth 4.0 Must have USB 3.0 Computer must be able to dock with a powered docking station Must provide one (1) docking station for each computer
6.0 Data Collection/Administration: 6.01 6.02
6.03 6.04 6.05 6.06 6.07 6.08 6.09
6.10 6.11
6.12 6.13 6.14 6.15
6.16
Web based, centralized database management application. Centralized management of service information, service defined fields and data elements for all field applications (i.e. make a change in one location and all field units receive the change upon their next post/synchronization.) Locally customizable field data elements and values. Selected DFR personnel allowed the ability to lock or unlock runs from editing is definable by time, security level, etc. Report generation based on DFR shift schedule rather than 24-hour day (0700 to 0700 rather than midnight to midnight). Web-based direct patient record entry. System architectural design and hosting to Dallas Fire-Rescue Department standards Patient record review with multiple, basic and advanced filters. Easily configurable validation rules and scoring for required field data elements (validation score as opposed to not being able to close an EPCR without filling in required fields) promoting good data collection. QA/QI review and secure messaging within the application and external email capabilities. Central document maintenance (policies and procedures, SOG’s, protocols, patient history lookup and national standards so that they are available for field use by paramedics). Locally editable legal verbiage for signatures. Numerous standard reports including QA/QI, statistical analysis, employee performance and key performance indicators. Favorite reports available on demand or by automatically scheduled generation and distribution. Standard and custom report writer which allows reporting on any data field collected. Reports should be available in multiple formats (i.e. Excel, PDF, Word, etc.) and provide for ease of use. Provide a means to possibly import relevant information for a National Fire Incident Reporting System (NFIRS) Incident Report, LifePak downloads, and if necessary from third party vendors such as Firehouse, or possible others. Electronic Patient Care Reporting (ePCR) & Data Collection Software - Page 16
6.17 6.18 6.19 6.20
Provide a visible indicator to the user if an incident response time is over an administrator defined time limit. Auto generation of multiple printed reports. Audit trail tracking in support of HIPAA breach identification. Interface with the City’s billing agency for the Motor Vehicle Accident Cleanup Fee
7.0 SECURITY o Meets State and Federal requirements including HIPAA and State of Texas Department of Health Services data privacy requirements. o Forgotten password help through Secured email process. o Application parameters of access determined by user profile and activated at login. o Levels/areas of access can be set by accessing user profiles in the Administrative interface. o Vendor personnel have completed HIPAA training and complete training at least every two years thereafter. Evidence of training to be provided to the City. o Vendor must be able to provide: - Privacy and security (HIPAA and HITECH) related policies and procedures - Data backup plan - Emergency Mode of Operations plan
Section 7.0
Information Security Security And Regulatory Requirements For ePCR Software Processing ePHI, PHI, And PII Information
HIPAA Technical Safeguards § 164.304 Requirements As required by the “Security standards: General rules”4 section of the HIPAA Security Rule, each covered entity must: Ensure the confidentiality, integrity, and availability of EPHI that it creates, receives, maintains, or transmits; Protect against any reasonably anticipated threats and hazards to the security or integrity of EPHI; and Protect against reasonably anticipated uses or disclosures of such information that are not permitted by the Privacy Rule. In complying with this section of the Security Rule, covered entities must be aware of the definitions provided for confidentiality, integrity, and availability as given by § 164.304: Confidentiality is “the property that data or information is not made available or disclosed to unauthorized persons or processes.” Integrity is “the property that data or information have not been altered or destroyed in an unauthorized manner.” Availability is “the property that data or information is accessible and useable upon demand Electronic Patient Care Reporting (ePCR) & Data Collection Software - Page 17
by an authorized person.” 4 See
7.10
45 C.F.R. § 164.306(a).
HIPAA Information Security Standards HIPAA Security Standard Group Technical Safeguards
The Security Rule defines access in § 164.304 as “the ability or the means necessary to read, write, modify, or communicate data/information or otherwise use any system resource. (This definition applies to “access” as used in this subpart, not as used in subpart E of this part [the HIPAA Privacy Rule]).” /techsafeguards.pdf The Access Control standard requires a covered entity to: “Implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have been granted access rights as specified in § 164.308(a)(4)[Information Access Management].”
City Requirements Required – R Addressable – A ( Compensating Controls – C )
Vendor Response Meet Requirement Yes No Compensating Control – C
City Q/A Test Results ( Security Requirement Conformance )
See appendix for document links
7.20
Access Control - § 164.312(a)(1)
The Security Rule defines access in § 164.304 as “the ability or the means necessary to read, write, modify, or communicate data/information or otherwise use any system resource. (This definition applies to “access” as used in this subpart, not as used in subpart E of this part [the HIPAA Privacy Rule]).”
Unique User Identification (Required) ePCR system/solution enforces UNIQUE identity assignment for each credentials accessing the system. Every system or device accessing the ePCR system SHALL be assigned a Unique Identity for accessing the system Each System Administrator is assigned a unique identity distinct from their regular operational credential used in administering the system Each administrator assigned lower privileged roles to access the system ePCR system/solution enforces Security Authentication for various identities prior to access to the system being granted ePCR system/solution SHALL ensure that only predefined, authenticated users and system components are allowed access to the processing environment.
R R
R R R
R
Electronic Patient Care Reporting (ePCR) & Data Collection Software - Page 18
ePCR system/solution SHALL ensure that the authentication method used applies to all endpoints, including but not limited to applications, people, processes, and systems, to ensure the appropriate level of access is granted. ePCR system/solution SHALL use a centralized directory services for storage and management of identities and security credentials. City standard is Microsoft Active Directory ePCR system/solution SHALL enforce LEAST PRIVILEGE ACCESS method for accessing the systems. ePCR system/solution SHALL ENFORCE mechanism for Enrolling uniquely defined identity for each endpoint components where applicable. ePCR system/solution SHALL employ mechanisms for REVOKING / DENYING accesses timely. ePCR system/solution SHALL employ complex passwords for approved credentials to access the system. ePCR system/solution SHALL maintain mechanisms for terminating various endpoint components accesses timely. ePCR system SHALL enforce Lockout / Logoff of each session due to inactivity within a period of 15 minutes. ePCR system SHALL enforce use of security credentials to access the host system at all times. ePCR system SHALL enforce use of credentials to establish sessions between the host system and the ePCR solution at all times. ePCR system SHALL enforce complexity based password meeting the following password criteria:
R
R
R
R R R
R
R R R R
Password Length: 8
R
Enforce Dictionary Rule: Yes
R
Password Composition: Alpha-Numeric
R
Password Composition: 1 or more control characters
R
Password Lifecycle: 90 Days
R
Unique Password History Stored: 3
R
Electronic Patient Care Reporting (ePCR) & Data Collection Software - Page 19
7.30
Emergency Access Procedure (Required) – § 164.312(a)(2)(ii)
ePCR system SHALL maintain other access mechanisms to be used to access the system in the event of an emergency or failure to access the system with normal access mechanisms. ePCR System administrators SHALL maintain elevated credentials that should be used solely to configure the system ePCR System administrators SHALL maintain elevated credentials and use such credential, solely, for out-of-bound emergency system operations, including making global access changes to ePCR data. ePCR system vendor SHALL maintain procedure relating to emergency access operations ePCR system vendor SHALL maintain incident response plans procedure relating to emergency access operations
7.40
R
A, C
A, C
R R
Automatic Logoff (Addressable)
ePCR system SHALL ENFORCE automatic Logoff / Logout of sessions that remain inactive for a period of XX minutes. ePCR system SHALL ENFORCE the use of identity and credentials to RESUME logoff / logout sessions. ePCR system SHALL Log access failures to its audit facilities at all times. ePCR system SHALL Log access successes to its audit facilities at all times. Identity attempting to access the system SHALL have such credential Locked for a period of 30 minutes after THREE unsuccessful Logon/Login attempts.
7.50
Establish (and implement as needed) procedures for obtaining necessary electronic protected health information during an emergency.”
A, C A, C A, C A, C A, C
Encryption and Decryption (Addressable)
ePCR Logon / Login credentials SHALL be encrypted at all times
R
Electronic Patient Care Reporting (ePCR) & Data Collection Software - Page 20
ePCR system SHALL utilize encryption mechanisms to secure ePHI and PII data at their origin(s) prior to transmission over public internet network and during transmission over public internet network ePCR system SHALL maintain logs of successful and failed transmission of secured data each time ePHI and PII data are transmitted over public internet network
7.60
R
A, C
Administrative Safeguards
Security Management Process – § 164.308(a)(1) ePCR vendor SHALL have formal policies and procedures for imposing appropriate sanctions (e.g., reprimand, termination) for noncompliance with the organization’s security policies.
7.70
A, C
Host System Processing Environment – City Standard
All processing systems are located on secure internal networks that are isolated from any untrusted and outof-scope networks. Vendor SHALL ensure that only trusted communications are permitted in and out of the ePCR processing and remote system environment. ePCR host processing components SHALL enforce strong cryptography and security protocols to safeguard ePHI and PII information when stored and at rest ePCR host processing components SHALL enforce strong cryptography and security protocols to safeguard ePHI and PII information during transmission over public internet networks. Vendor enforces strong physical access controls and authentication measures for ePCR hosting environments in accordance with SAS 70 and its successor SSAE - 16 requirements Vendor implements logging and alerting of the ePCR hosting environments as appropriate to ensure reduced risk environment Vendor SHALL implement effective monitoring of hosting environments, including other end points and POI environments.
R
R
C
R
R
C
C
Electronic Patient Care Reporting (ePCR) & Data Collection Software - Page 21
Accurate and up-to-date asset inventory of all ePCR processing system SHALL be maintained by the vendor ePCR system SHALL not interface with removable consumer storage media to store, process and manage ePHI and PII data Vendor SHALL document architecture of end-points that interact with patient data ePCR system SHALL not host ePHI and PII data on consumer storage media or portable media storage devices ePCR systems SHALL have most current AntiVirus, and Anti-Malware software installed in the host processing systems. ePCR systems SHALL be applied the most current Anti-Virus and Anti-Malware signature files or such other threat avoidance mechanism in the host processing systems.
7.80
C
C C R
R
R
Physical Safeguards
Facility Access Controls – § 164.310(a)(1) Contingency Operations ePCR vendor SHALL maintain Contingency Operations plan for emergency operations ePCR vendor SHALL maintain Facility Security Plan for operations activity ePCR vendor SHALL maintain Security procedures governing Access Control and Validation for identities accessing the ePCR system ePCR vendor SHALL maintain electronic records for all maintenance to the ePCR subsystems
7.90
A, C A, C A, C A, C
Access Control for Mobile Devices – City Standard
ePCR system SHALL employ restricted SANDBOX in a MANAGED mobile device environment, to host its modules that do NOT process ePHI and PII information.
R
Electronic Patient Care Reporting (ePCR) & Data Collection Software - Page 22
ePCR system SHALL NOT host, store, process ePHI and PII information outside restricted SANDBOX in a MANAGED mobile device environment ePCR system SHALL NOT store, process or transmit ePHI and PII data in a NON- MANAGED mobile device environment ePCR system SHALL be used only on Approved Mobile Devices in a MANAGED mobile device environment ePCR system SHALL restrict the activities of copying, transfer, and transmitting ePHI and PII data from MANAGED mobile devices to NONMANAGED mobile device environments and vice versa where applicable Any MANAGED mobile device that interacts with the ePCR system shall employ native host, authentication mechanisms prior to access being granted to such device. ePCR vendor SHALL maintain accurate and updated MANAGED, mobile device asset, granted access to the ePCR system. ePCR system SHALL RESTRICT access to only MANAGED mobile devices listed in the asset inventory
7.10
Public Point-To-Point Encryption City Standard
TSP SHALL implement, use and host secured cryptographic devices, or SCDs, for the encryption and decryption of ePHI and PII data, at origin and during transport of ePHI and PII data elements. TSP SHALL implement, use and host secure cryptographic devices, or SCDs, for the storage and management of cryptographic keys related to ePHI and PII data elements. TSP SHALL use Industry standards cryptographic techniques and key management, to protect ePHI and PII data elements. TSP SHALL prevent use of decryption keys by unauthorized persons, systems and applications.
R
R
R
R
R
C
R
TSP – Transport Service Provider
R
R
R R
TSP SHALL secure all decryption systems and devices in accordance with approved standards.
R
TSP SHALL secure cryptographic keys in a secure manner in accordance with approved
R
Electronic Patient Care Reporting (ePCR) & Data Collection Software - Page 23
TSP SHALL use one of the following encryption protocols at all times in processing ePHI and PII data through a public internet network Symmetric Block Cipher – Minimum AES 128 Bit
Asymmetric Block Cipher – Minimum RSA 2048 Bit The successful responsive/responsible ePCR Vendor SHALL ensure that processing equipment are physically secured in location(s) where only authorized users are allowed physical entry The successful responsive/responsible ePCR Vendor SHALL provide adequate Security awareness to employees and others interacting with the ePCR system The successful responsive/responsible ePCR Vendor SHALL provide adequate Security training to employees and others interacting with the ePCR system The successful responsive/responsible ePCR Vendor SHALL maintain breach notification policies and procedures The successful responsive/responsible ePCR Vendor SHALL provide updated breach notification policies and procedure to the City when required ePCR vendor SHALL maintain Security Policy and Procedure.
7.11
R R R
C
C
C
C
C C
General Security / Operations City Standard
TSP SHALL NOT communicate ePHI and PII data elements or other confidential information via open messaging systems. TSP SHALL communicate ePHI and PII data elements or other confidential information using Encrypted Methods with the City systems. All RSA SSL encryption, where appropriate, SHALL use a minimum key length of 2048 Bits for encryption of sensitive information between the Vendor and the City. All Symetric block encryption, where appropriate, SHALL use AES 128 Bit minimum cipher block for encryption of sensitive information between the Vendor and the City
R
R
R
R
Electronic Patient Care Reporting (ePCR) & Data Collection Software - Page 24
Vendor SHALL provide the City proof of periodic review of background information of personnel interacting with CDE All Columnar data with patient diagnosis SHALL be protected while at rest using standard based encryption Vendor SHALL have a risk management program sufficient to reduce risks and vulnerabilities within the host processing system and the ePCR Vendor SHALL have breach management policies and procedures
C
R
R R
Vendor SHALL have a formal contingency plan to address operational risks and vulnerabilities
R
Vendor SHALL have a formal contingency plan to address operational risks and vulnerabilities
R
Vendor SHALL have a formal communications plan to communicate policies and procedures to employees Vendor SHALL have formal policies and procedures for imposing appropriate sanctions (e.g., reprimand, termination) for noncompliance with the organization’s security policies. Vendor SHALL provide breach notification training to employees and others interacting with the system ePCR system SHALL enforce Concurrent Session Control of user identity by allowing ONE identity per session. ePCR WEB component system(s) SHALL be isolated from the other system components, where applicable ePCR WEB component system(s) SHALL be protected from the public internet traffic through industry standard Firewalls ePCR vendor SHALL maintain Security Training Records for users interacting with the ePCR system
7.12
Sanction Policy (R) – § 64.308(A)(1)(Ii)(C)
ePCR vendor SHALL implement Security policies and procedures governing user interactions with ePHI and PII information. ePCR vendor policies and procedures governing users interactions with ePHI and PII information SHALL include sanctions outcomes for violations of ePHI and PII information
A, C
R
C R
A, C
R C
Apply appropriate sanctions against workforce members who fail to comply with the security policies and procedures of the covered entity.” A, C
R
Electronic Patient Care Reporting (ePCR) & Data Collection Software - Page 25
ePCR vendor SHALL implement regular Security awareness training for users that interact with ePHI and PII systems and information ePCR vendor SHALL implement regular Security training for users that interact with ePHI and PII systems and information
7.13
A, C
A, C
Information Systems Activity Reviews
Vendor SHALL Implement procedures to regularly review records of information system activity, such as audit logs, access reports, and security incident tracking reports. Vendor SHALL perform annual Security assessment of ePCR system components.
R
A, C
Vendor SHALL maintain an incident communication log
A, C
Vendor SHALL maintains an incident Contact List
A, C
Remote systems accessing components of ePCR SHALL implement approved Anti-Virus / AntiMalware to prevent most attacks, particularly malware Remote systems accessing components of ePCR SHALL implement personal firewalls and popup blocking, to prevent most attacks Remote systems accessing components of ePCR SHALL implement approved Antispyware software, to prevent most attacks Remote systems accessing components of ePCR SHALL implement approved spam and Web content filtering, and popup blocking, to prevent most attacks Ensure that updates and patches are regularly applied to the operating system and primary applications, such as Web browsers and security software. Maintain the remote computer security on an ongoing basis, including changing passwords regularly and checking the status of security software periodically. Vendor SHALL perform regular asset inventory of ALL fixed asset devices accessing the ePCR system Vendor SHALL perform regular asset inventory of ALL Mobile device assets accessing the ePCR system
R
R
R
R
R R A, C A, C
Electronic Patient Care Reporting (ePCR) & Data Collection Software - Page 26
7.14 Audit Controls - § 164.312(b) ePCR SHALL implement automatic logging for various system events including but not limited to those listed below
A, C
Identity Logon / Login Sessions
A, C
Identity Logout / Logoff Sessions
A, C
Deletion of ePHI data elements
A, C
Elevated Identity / Credentials used to access the ePCR system
A, C
Identity Lockout due to invalid credentials
A, C
Access sessions for MANAGED mobile Devices
A, C
Access sessions for UN-MANAGED mobile Devices
A, C
Other Security Events native to ePCR
A, C
Physical Access to ePCR host storage and processing systems ePCR vendor SHALL maintain an electronic log of all Changes with their associated Change Control data elements to the production system
7.15
A, C A, C
Integrity Controls - § 164.312(c)(1)
ePCR system SHALL enforce use of authentication mechanisms prior to access been granted to the system ePCR system SHALL enforce use of encryption mechanisms to protect transmission of ePHI and PII data over public internet network. All physical access to ePCR hosting environments SHALL be monitored continuously Modifications to ePCR components that process ePHI and PII information SHALL be logged and reviewed regularly ePCR system SHALL be backed up regularly
R
R A, C A, C A, C
Electronic Patient Care Reporting (ePCR) & Data Collection Software - Page 27
Vendor hosting ePCR system SHALL demonstrate successful recovery of ePCR information at least once annually ePCR system SHALL restrict storage of ePHI and PII data elements to internally configured host storage devices ePCR system SHALL DENY storage of ePHI and PII data elements onto consumer host storage devices ePCR vendor SHALL maintain Asset Inventory for all computer devices used to host, process and manage ePHI and PII information. ePCR vendor SHALL maintain and practice industry approved, formalized, Change Control process governing code changes to the ePCR system
7.16
A, C
A, C A, C A, C
A, C
Transmission Security – § 164.312(e)(1)
ePCR system SHALL enforce use of secured communications to transmit ePHI and PII information. ePCR system SHALL enforce use of authentication controls to access secured transmitted ePHI and PII information ePCR system SHALL log transmission of ePHI and PII data over public internet networks
A, C
A, C A, C
Access to the ePCR system through REMOTE Sessions SHALL be logged at all times
A, C
Transmission from MANAGED Mobile Devices SHALL be secured with encryption mechanism
A, C
7.17
Change Control
ePCR system vendor SHALL build and implement Development environment where ALL development activities shall occur prior to transition to production use. ePCR system vendor SHALL incorporate and use City’s Change control processes, methodologies and procedures related to any changes to the production environment ePCR system vendor SHALL implement ALL tests of product updates in a dedicated Quality Assurance, QA, environment, jointly with City staff prior to, and
R
A, C
A, C
Electronic Patient Care Reporting (ePCR) & Data Collection Software - Page 28
approved by City prior to transition to production For ALL updates to the base products and its successive updates, regardless of requester, ePCR system vendor SHALL implement ALL tests of such product updates in a dedicated Quality Assurance, QA, environment, jointly with City staff prior to, and approved by City prior to transition to production
7.18
R
Base Product Extensions
ePCR system vendor SHALL extend to the City, all new base product Extensions, interfaces and updates developed on the base system for City reviews, test and implementation. ePCR system vendor SHALL extend to the City, all new base product Extensions, feature changes and other such base product updates developed on the base system for City reviews, test and implementation For ALL Extensions, updates to the base products and its successive updates, regardless of requester, ePCR system vendor SHALL implement ALL tests of such product updates in a Quality Assurance, QA, environment, jointly with City staff prior to, and approved by City prior to transition to production
A, C
A, C
R
8.0 IMPLEMENTATION/TRAINING 8.01 8.02 8.03 8.04 8.05 8.06 8.07 8.08 8.09 8.10 8.11 8.12 8.13
Full support for field implementation. Works with service specific considerations. Experienced deployment team. References from successful implementations. Experience with legacy data integration. Verifiable expertise with third-party integrations. Onsite train-the-trainer available on a yearly or as needed basis. Online tutorial offered for life of said Contract. Live online (webinar) training/refresher available for life of said Contract. Online user manuals for said program and for implementation of basic third-party integrations. Supply documentation instructions for upgrade. Integrates local procedural considerations. Product go-live by January 15th, 2015. Please submit a timeline of said implementation steps.
Electronic Patient Care Reporting (ePCR) & Data Collection Software - Page 29
9.0 SUPPORT 9.01 9.02 9.03
9.04 9.05 9.06
9.07
9.08
9.09
24X7 self-service online support center (FAQs, Log Incident, etc.) 24X7 email support. Telephone support that is supported by no less than IT Tech II service 24X7 with incidents logged and corresponded by email to Dallas Fire-Rescue Department (DFR) designee. Note that the telephone IT Tech II support specialist should be on-site at vendor’s site. Upgrades and New Version releases included in support agreement. Must not exceed three per year, and has to be only released to DFR under direct supervision of the DFR designee. System Documentation. Detailed descriptions of product maintenance, support, and customer service offerings. Include descriptions of: problem tracking procedures, methods of customer notification, support response times, and problem resolution procedures. Said vendor (Contractor) will provide support of software and memory of any said item associated with program on their own server. (Server details will need to be sent in along with redundancy of those said servers along with their housing.) Said vendor should be able to support department’s selected hardware
Acquisition Cost Breakdown For Procurement Maintenance, Support And Development
ePCR COMPONENTS ePCR HARDWARE AND PERIPHERALS ePCR Base Hardware Configuration ePCR Additional Accessories ePCR Additional Configurations Activities ePCR SOFTWARE ePCR Base Product ePCR Configuration Activities Other ePCR Management software ePCR DEVELOPMENT EFFORTS ePCR Base Product Interface Development And Configuration Activities ePCR Third Party Extension Development And Configuration Activities Other ePCR developement Activities ePCR TRAINING ePCR System Software Training Activities ePCR Administrative Training Activities
QUANTITY 200
200
300 Hours
Electronic Patient Care Reporting (ePCR) & Data Collection Software - Page 30
AQCUISITION COST
Other ePCR Training Activities ePCR BASE HARDWARE WARRANTY, SUPPORT AND MAINTENANCE SERVICES Annualized GOLD Maintenance and Support Service for ePCR Software, Hardware and peripherals Year 1 Year 2 Year 3 ePCR REFRESH HARDWARE WARRANTY, SUPPORT AND MAINTENANCE SERVICES Year 1 Year 2 Year 3 TOTAL
III.
Specification *NEMSIS Gold Compliance Patient and Treatment Data Sharing Access to Data
Initial Data Collection Tools Pediatric Data Performance Improvement Escrowed System Source Code Application Maintenance Plan Warranty Texas State Compliance
NEMSIS
SPECIFICATIONS
Description NEMSIS Gold Compliant level as set by NEMSIS for systems currently available in the market Common patient and treatment information should be automatically transferred between the applications proposed to meet the requirements, to eliminate data rekeying. Users should have access to their own data, with the ability to assign permissions to specific groups such as the EMS Medical Director. Users should be able to generate benchmark reports. Provide data collection tools for EMS with more “up front” validations to eliminate poor quality datum from being accepted into the system. Allow for specialized populations such as pediatrics and their unique data elements. Provide system performance improvement tools at the EMS level. Vendor should place a copy of the system source code in escrow to ensure uninterrupted usability in the event the vendor goes out of business in the future, to ensure the system can be kept operational. List Strategy description and estimated costs for application maintenance spanning a four year period, with a maximum escalation percentage for maintenance based upon the total cost of the software. Provide examples of warranty provisions and Service Level Agreements (SLA). Integration with the current or future State of Texas Department of State Health Services EMS/Trauma Registry is required. http://www.dshs.state.tx.us/injury/default.shtm Compliance with the latest federal requirements related to data set Electronic Patient Care Reporting (ePCR) & Data Collection Software - Page 31
Compliance EMS Data Dictionary Compliance Data submission to NEMSIS Disconnected Mode Operation EMS Specific Hardware Data Transfer CAD Interface State Standards and Policies compliance Ambulance Inventory Tracking Web Based Transition Plan
collections as set by NEMSIS http://www.nemsis.org/v3/becomingCompliant/compliancePolicy.html Compliance with the latest federal requirements related to data set collections as defined by the EMS Data Dictionary http://www.nemsis.org A mechanism for electronic submission of data to NEMSIS A smart-client with the ability to capture, store and analyze data in disconnected mode. Equipment utilized by emergency medical services field personnel will utilize ruggedized tablet devices that are drop resistant, chemical resistant and submersible. Patient Record transfers between ambulance services so the patient care continuum is preserved, via wireless/Bluetooth or similar technology Interface with existing DFR CAD (Computer Aided Dispatch) system To automatically enter advanced procedures performed in the patient care report into a continuing medical education system accessible at the EMS Provider and Medical Director level. (Optional) Inventory tracking component for the EMS Service, compatible with existing inventory tracking system(s) utilized by DFR. Browser based with the ability to capture and analyze data on a desktop computer. Vendor must be willing to work with existing EPCR vendor to minimize service interruption to end users and also with ambulance billing company to ensure a smooth transition.
*NEMSIS - stands for the National Emergency Medical Services Information System. NEMSIS is the national repository that will be used to potentially store EMS data from every state in the nation. Since the 1970s, the need for EMS information systems and databases has been well established, and many statewide data systems have been created. However, these EMS systems vary in their ability to collect patient and systems data and allow analysis at a local, state, and national level. For this reason, the NEMSIS project was developed to help states collect more standardized elements and eventually submit the data to a national EMS database.
Electronic Patient Care Reporting (ePCR) & Data Collection Software - Page 32
RFP ATTACHMENTS
THE FOLLOWING DOCUMENTS ARE FORMS THAT SHOULD BE COMPLETED BY RESPONDENT AND INCLUDED WITH RESPONDENT’S PROPOSAL. ATTACH THESE DOCUMENTS TO YOUR PROPOSAL IN THE ORDER INDICATED IN RFP SECTION VII, WHICH IS ENTITLED “PROPOSAL REQUIREMENTS”
Electronic Patient Care Reporting (ePCR) & Data Collection Software - Page 33
RFP ATTACHMENT A, PART ONE REFERENCES Provide three (3) verifiable municipality references, that Respondent has provided similar services to within the past three (3) years. The contact person named should be familiar with the day-to-day management of the contract and be willing to respond to questions regarding the type, level, and quality of service provided. Reference No. 1: Firm/Company Name: Contact Name: ____________________________________ Title: _____________________ Address: City:
State:
Zip Code:
Telephone No. _____________________ Email: __________________________________ Date and Type of Service(s) Provided: _________________________________________ ___________________________________________________________________________ Reference No. 2: Firm/Company Name: Contact Name: ____________________________________ Title: _____________________ Address: City:
State:
Zip Code:
Telephone No. _____________________ Email: __________________________________ Date and Type of Service(s) Provided: __________________________________________ ___________________________________________________________________________ Reference No. 3: Firm/Company Name: Contact Name: ____________________________________ Title: _____________________ Address: City:
State:
Zip Code:
Telephone No. _____________________ Email: __________________________________ Date and Type of Service(s) Provided: __________________________________________ ___________________________________________________________________________
Electronic Patient Care Reporting (ePCR) & Data Collection Software - Page 34
RFP ATTACHMENT B, PART TWO EXPERIENCE, BACKGROUND, QUALIFICATIONS To be submitted with Respondent’s Proposal as TAB 2 Prepare and submit narrative responses to address the following items. 1. Describe Respondent’s experience relevant to the Scope of Services requested by this RFP. List and describe relevant projects of similar size and scope performed over the past four years. Identify associated results or impacts of the project/work performed. 2. Describe Respondent’s specific experience with public entities clients, especially large municipalities. If Respondent has provided services for the City in the past, identify the name of the project and the department for which Respondent provided those services. 3. List other resources, including total number of employees, number and location of offices, number and types of equipment available to support this project. 4. If Respondent is proposing as a team or joint venture or has included sub-contractors, describe the rationale for selecting the team and the extent to which the team, joint ventures and/or sub-contractors have worked together in the past. 6. Identify the number and professional qualifications (to include licenses, certifications, associations) of staff to be assigned to the project and relevant experience on projects of similar size and scope. 7. State the primary work assignment and the percentage of time key personnel will devote to the project if awarded the contract. 8. Additional Information. Identify any additional skills, experiences, qualifications, and/or other relevant information about the Respondent’s qualifications.
Electronic Patient Care Reporting (ePCR) & Data Collection Software - Page 35
RFP ATTACHMENT C, PART THREE PROPOSED PLAN To be submitted with Respondent’s Proposal as TAB 3 Prepare and submit the following items.
1. Operating Plan – Describe the proposed plan to gain State and Federal approvals for Medicaid Supplemental Payment, specific tasks, staff assigned and schedule of events and process timeline for State and Federal approvals. 2. Additional Information. Provide any additional plans and/or relevant information about Respondent’s approach to providing the required services.
Electronic Patient Care Reporting (ePCR) & Data Collection Software - Page 36
LITIGATION DISCLOSURE Respond to each of the questions below by checking the appropriate box. Failure to fully and truthfully disclose the information required by this Litigation Disclosure form may result in the disqualification of your Proposal from consideration or termination of the contract, once awarded.
1. Have you or any member of your Firm or Team to be assigned to this engagement ever been indicted or convicted of a felony or misdemeanor greater than a Class C in the last five (5) years?
Yes
No
2. Have you or any member of your Firm or Team to be assigned to this engagement been terminated (for cause or otherwise) from any work being performed for the City of Dallas or any other Federal, State or Local Government, or Private Entity?
Yes
No
3. Have you or any member of your Firm or Team to be assigned to this engagement been involved in any claim or litigation with the City of Dallas or any other Federal, State or Local Government, or Private Entity during the last ten (10) years?
Yes
No
If you have answered “Yes” to any of the above questions, please indicate the name(s) of the person(s), the nature, and the status and/or outcome of the information, indictment, conviction, termination, claim or litigation, as applicable. Any such information should be provided on a separate page, attached to this form and submitted with your Proposal.
Electronic Patient Care Reporting (ePCR) & Data Collection Software - Page 37
****************************************************************************** FOR CITY USE Plan Reviewed By: Recommendation:
Approval
Denial
Action Taken:
Approved
Denied
Assistant Director, Financial Services, Dallas Fire-Rescue
Electronic Patient Care Reporting (ePCR) & Data Collection Software - Page 38
