BACKGROUND The VA Portland Healthcare System (VHAPORHCS) Pathology & Laboratory Medicine Service Department performs kidney transplants for the Western Region. Donor-derived cell-free DNA (dd-cfDNA) is a blood tests that is non-invasive for kidney transplant surveillance. The importance of the surveillance is to monitor for rejections. Rejection can lead to damage and injury to the transplanted kidney. Other benefits of the blood tests include decreasing the necessity for invasive biopsy of the transplanted kidney and subsequent turn-around-time (TAT) of the biopsy results. The blood test can be drawn at any phlebotomy site without the necessity to schedule for Interventional Radiology to perform the procedure. This full-service Reference Laboratory contract will provide services required for specimen acquisition, specimen testing and interpretation, testing supplies, and customer service. This requirement will ensure accurate and timely test results are made available to healthcare providers which will ensure high quality healthcare is provided to the Veterans at the VA Portland Health Care System. SCOPE The Reference Laboratory shall provide in accordance with all applicable federal, state, and local regulations, laws, and ordinances, and in accordance with the specifications outlined for accreditation certification if applicable, patient specimen testing for the specific range of referral testing within their capability. The Reference Laboratory shall provide laboratory testing to guide health decisions by the ordering providers. Laboratory test requirements are as follows: The Reference Laboratory shall perform testing available at their site as requested by VA Portland Health Care System (VAPHCS). The specimen will be logged into the system within 24 hours of receipt. A final report will be issued on the same day the test is complete and no later than 24 hours after testing is completed. VAPHCS will be notified if specimens are sub-optimal for testing within 24 hours of receipt at their facility. Services shall include the performance of analytical testing as defined by the Laboratory's reference test manual, the reporting of analytical test results and consultative services as required assimilating the full scope of its laboratory operations to Portland VA Laboratory Services. The cost per test shall include specimen collection kit, labor, management, supplies, equipment, instrumentations necessary to perform the Donor derived cell-free DNA Testing. SPECIFIC TASKS Reference Laboratory shall provide laboratory services to include: pre-analytic processing as defined in Reference Laboratory published user s manual; analysis, reporting of analytic results and interpretation of analytic clinical results. The number of tests requested under this contract will change throughout the life of the contract. The volumes or amounts shown in the solicitation are estimates only and impose no obligation on the VA. Donor-derived cell-free DNA (dd-cfDNA) test will be performed by the reference laboratory for kidney transplant patients. Please see Attachment A to this Statement of Work (SOW) for the test and quantities required by VAPORHCS. The Reference Laboratory shall also provide the following support services: supplies, customer service, reporting services, and verification of certification. Provide all necessary supplies as defined in the laboratory user manual, to include, but not limited to the following: Requisition forms or agreed computer ordering system Specimen containers & collection kits Specimen requirements for specimen collection & specimen processing Methodologies and reference ranges Expected turn-around times All forms, including authorization of consent for genetic testing, informed consent, and chain of custody. Average turn-around time shall be 6 days from date of collection, or 3 days or 72 hours from receipt of the specific collection kit. The Reference Laboratory shall be able to directly send and/or directly receive collection kits from various VA medical facilities (including the states of Alaska and Hawaii) and to the patient. Return shipping capability is highly desirable. Due to the vast geographic region and number of patients cover by VHAPORHCS Kidney Transplant team, the Reference Laboratory shall offer and provide mobile phlebotomy for blood specimen acquisition. The VAPORHCS requires that the Reference laboratory provide technical and consultative support as it relates to any results provided by the vendor. The vendor shall identify on Attachment A, whether the testing is performed in-house or sent out/referred to an alternate lab, not owned by the vendor. Electronic Interface: Not applicable. OTHER PERTINENT INFORMATION OR SPECIAL CONSIDERATIONS Identification of Possible Follow-on Work: None Identification of Potential Conflicts of Interest (COI): None Identification of Non-Disclosure Requirements: This medical center provides specific privacy to patients as part of its normal protocols. Packaging, Packing and Shipping Instructions: Specimens will be packaged and shipped in accordance with Department of Transportation regulations for the shipment of biologic substances. Inspection and Acceptance Criteria: Reference Laboratory shall notify the VAPHCS Department of Pathology and Laboratory Medicine of any specimens that do not meet the requirements for acceptance. RISK CONTROL: None. PLACE OF PERFORMANCE: Reference Laboratory defined at award PERIOD OF PERFORMANCE: Estimated Contract Period of Performance is to be: Base Year: 8-1-25 to 7-31-26 OY 1: 8-1-26 to 7-31-27 OY 2: 8-1-27 to 7-31-28 OY 3: 8-1-29 to 7-31-29 OY 4: 8-1-29 to 7-31-30 TESTING METHODOLOGY, REFERENCE AND TURN AROUND TIME Routine test results shall be reported within the specified turnaround time (TAT) which is defined from time of specimen pickup to when results are available. TAT is established by the VA facility. If testing is not within TAT, notify the VA Facilities of the new estimated TAT within 24 hours. Testing methodology and reference ranges for a test must be defined in the Reference Laboratory user manual and/or website. Reference Laboratory shall advise facility of any changes in methodology, procedure, reference ranges and any new tests introduced 30 days in advance. Reference Laboratory agrees to maintain the minimum acceptable service, reporting systems and quality control. Exception handling: Reference Laboratory will notify VA Facilities Laboratory Service within 24 hours of any problems with specimens received. The VA Facilities will provide laboratory specimens prepared according to the Reference Laboratory's user s manual, identified, and labeled for testing. Critical Value test results are not applicable. The Reference Laboratory shall provide in accordance with all applicable federal, state, and local regulations, laws, and ordinances, and in accordance with the specifications outlined for accreditation certification if applicable, patient specimen testing for the test listed in Attachment A. All requirements and provisions defined in the specification of this solicitation will apply to any laboratory, i.e. branch, division, sub-contractor, etc. performing reference testing on behalf of the Reference Laboratory. The above is an estimated list of testing services needed, but not limited to. Based on the nature of patient care, there may be times in which a test is needed that is not found within the corresponding test list. The reason may be due to changing methodology, creating a new or different test(s), discovery of new antigens or antibodies or gene and/or urgent patient care needs. The included test list is an estimated and projection of use and is not all-inclusive. Specimen type. Vendor must be able to process blood. In the event new products or testing services are required, Contracting Office will determine if the new products or testing services are within scope, and if they are within scope, a modification to the contract will be required to add the new products or testing services prior to beginning any of the new testing services or processes. CUSTOMER SERVICE The Reference Laboratory will provide VA Laboratory with a means of communication to permit immediate inquiry regarding the status of pending tests or specimen problem, 24 hours per day, 7 days per week. The Reference Laboratory shall provide names and telephone numbers of technical Directors and Pathologists available to provide information. DELIVERY AND REPORTING Billing summaries shall begin the first day of the month and include the last day of the month. Tests referred to another laboratory shall be at no additional transfer charge or confirmation charge to the government. Deliveries must be accompanied by a delivery ticker or sales slip that contains the following information as a minimum: Vendor Name Date of Purchase Date of Shipment Description of item Quantity of each item Unit price and extended (quantity x unit price) price for each item The Reference Laboratory shall provide an end of year report showing sample issues, facility usage, and cost savings generated during the reporting period. The report will be due 45 days after the close of the calendar year. Invoicing: An itemized invoice shall accompany each service order from the Contractor. This invoice must show item number, description, quantity, unit, unit price, and totals for each design (advanced and basic) used. All invoices shall include contract number, purchase/delivery order number and detail of services provided. Invoicing: Invoices will be electronically submitted to the Tungsten website at http://www.tungstennetwork.com/uk/en/ Tungsten direct vendor support number is 877-489-6135 for VA contracts. The VA-FSC pays all associated transaction fees for VA orders. During Implementation (technical set-up) Tungsten will confirm your Tax Payer ID Number with the VA-FSC. This process can take up to 5 business days to complete to ensure your invoice is automatically routed to your Certifying Official for approval and payment. In order to successfully submit an invoice to VA-FSC please review How to Create an Invoice within the how to guides. All invoices submitted through Tungsten to the VA-FSC should mirror your current submission of Invoice, with the following items required. Clarification of additional requirements should be confirmed with your Certifying Official (your CO or buyer). The VA-FSC requires specific information in compliance with the Prompt Pay Act and Business Requirements: 1.) Your firm s Tax Payer ID number (TIN) Your firm s Remit Address information 3.) The VA Purchase Order (PO) number 4.) Your firm s contact information: (Personal Name, Email, and Phone) 5.) Your VA point of contact information: (Personal Name, Email, and Phone) 6.) The Period of Performance dates (Beginning and Ending) 7.) All discount information if applicable (Percent and Date Terms) For additional information, please contact: Tungsten Support Phone: 1-877-489-6135 Website: http://www.tungsten-network.com/uk/en/ Department of Veterans Affairs Financial Service Center Phone: 1-877-353-9791 Email: vafscched@va.gov Invoices shall be submitted monthly with the following information: 1.) Contract number and purchase order number 2.) Station ID (648) 3.) Date services were requested 4.) Patient name and test 5.) Invoice will be billed as individual line items as they are listed in the price schedule. Monthly invoice(s) will contain only those item numbers used for that month. Invoices not received in proper format will be returned PERFORMANCE MONITORING At the time of contract award the Contracting Officer will appoint a Contracting Officer Representative (COR) to assist with the contract monitoring requirements. The COR or designee will monitor such items as quality of service, contractor's ability to meet TAT's, correct billing, customer service, and review of the contractor's proficiency program. Contractor shall provide to the COR or designee no later than Ninety (90) days prior to the end of each contract period a proficiency report. The COR or designee shall review the proficiency results. The contractor shall maintain a minimum of 95% success rate for proficiency testing to be considered successful. Failure to achieve 95% success rate two periods in a row could be grounds for Termination for Cause. The COR or designee will ensure that services performed are in accordance with all terms and conditions of the contract. The delegated COR or designee will notify the Contracting Officer of any non-compliance immediately upon his/her gaining knowledge of any such situation or incident. After such communication, the COR or designee will provide a written statement to the contracting officer along with any supporting documentation regarding the performance failure noted. Upon receipt of a proper invoice, the COR or designee shall certify that the services identified have been performed. Once certification has been made, the invoice will be forward through the proper billing channels and payment shall be made to the Contractor. It is the intention of both parties to conduct joint reviews prior to the expiration date of the contract to determine and evaluate if services being provided are in accordance with the contract terms, payments and billings are being properly handled and to jointly determine if this agreement is satisfactory to both parties in terms of services provided and consideration being received. This review may include. but not be limited to: analyze all billings, payments, costs, administrative issues, patient satisfaction, quality of care and other related documentation that identities that services have been received. Upon conclusion of the initial contract period, and in coordination with the Contracting Officer, the using service shall provide a statement to the Contracting Officer providing a summary of contractor actions and a statement that all requirements of the contract were fulfilled as agreed. This information shall be forwarded by the COR or designee to the Contracting Officer prior to exercising any extension of this agreement (at least 60 days prior to contract expiration). LICENSING AND ACCREDITATION Reference Laboratory Contractor shall provide copies of all licenses, permits, accreditation and certificates required by law (please see b. and c. below). The Laboratory Director shall be a licensed American Board of Pathology certified pathologist. All medical facilities providing laboratory services under the contract must possess a valid state license and meet CLIA and CMS requirements including CLIA certificate of compliance, and accredited by the College of American Pathologists (CAP) or equivalent accreditation agency. PERSONNEL The Reference Laboratory shall make sure employees have current and valid professional certifications before starting work under this contract. The Reference Laboratory staff shall meet personnel qualifications required by Clinical Laboratory Improvement Act (CLIA) '88 Guidelines. The Government s reserves the right to request information or certification from the contractor verifying they comply with this contract requirement. If discovered the contractor is not in compliance with this requirement the contract shall be terminated for cause in accordance with clause 52.212-4. HOURS OF OPERATION The Portland VA is open 24 hours a day, 7 days a week, 12 months of the year and may require services during those times. PATIENT INFORMATION SAFETY VAPORHCS will provide Protected Health Information (PHI) with each submitted specimen to the Reference Laboratory which includes full name, medical record number, social security number, date of birth, ordering provider s name, laboratory accession number, specimen type, and specimen collection date and time. The Reference Laboratory shall use appropriate safeguards to prevent use or disclosure of the PHI other than is provided for by this agreement. The Reference Laboratory shall report immediately any breach of safeguards and mitigate any harmful effects related to the use or disclosure of PHI by the Reference Laboratory or any of its agents, including sub-contractors. SECURITY REQUIREMENTS The Reference Laboratory shall be responsible for adhering to the following statements as they relate to the contract. VA Portland Health Care System in coordination with the COR shall monitor the work performed by contractor personnel, including sub-contractors, on a periodic basis to make sure contractor personnel are following the stated security requirements. Quality Assurance Surveillance Program SOW Task# Quality Monitor Format Calendar Days After CO Start Acceptability Level 1 Licensures/Certificates Copies At initial award, and when renewed 100% Received 2 Quarterly Test Summary One electronic copy Quarterly 100% Received 3 Contact Phone List One electronic copy At initial award, and when changes occur 100% Received 4 Laboratory User Manual Electronic copy and one hard copy At initial award 100% Received 5 Turn Around Time One electronic copy Quarterly 95% meets established limits BACKGROUND INVESTIGATIONS AND SPECIAL AGREEMENT CHECKS All Reference Laboratory employees are subject to the same level of investigation as VA employees who have access to VA sensitive information. The level of background investigation commensurate with the level of access needed to perform the work is: Low Risk. This requirement is applicable to all subcontractor personnel requiring the same access. The Reference Laboratory shall bear the expense of obtaining background investigations. If the investigation is conducted by the Office of Personnel Management (OPM) through the VA, the Reference Laboratory shall reimburse the VA within 30 days. VA INFORMATION SECURITY LANGUAGE General Contractors, contractor personnel, subcontractors, and subcontractor personnel shall be subject to the same Federal laws, regulations, standards and VA Directives and Handbooks as VA and VA personnel regarding information and information system security. Access to VA Information and VA Information Systems A contractor/subcontractor shall request logical (technical) or physical access to VA information and VA information systems for their employees, subcontractors, and affiliates only to the extent necessary to perform the services specified in the contract, agreement or task order. All contractors, subcontractors, and third-party servicers and associates working with VA information are subject to the same investigative requirements as those of VA appointees or employees who have access to the same types of information. The level and process of background security investigations for contractors must be in accordance with VA Directive and Handbook 0710, Personnel Suitability and Security Program. The Office for Operations, Security, and Preparedness is responsible for these policies and procedures. Contract personnel who require access to national security programs must have a valid security clearance. National Industrial Security Program (NISP) was established by executive Order 12829 to ensure that cleared US defense industry contract personnel safeguard the classified information in their possession while performing work on contracts, programs, bids, or research and development efforts. The Department of Veteran Affairs does not have a Memorandum of Agreement with Defense Security Services (DSS). Verification of a Security Clearance must be processed through the Special Security Officer located in the Planning and National Security Service within the Office of Operations, Security, and Preparedness. Custom software development and outsourced operations must be located in the US to the maximum extent practical. If such services are proposed to be performed abroad and are not disallowed by other VA policy or mandates, the contractor/subcontractor must state where all non-US services are provided and detail a security plan, deemed to be acceptable to VA, specifically to address mitigation of the resulting problems of communication, control, data protection, and so forth. Location within the US may be an evaluation factor. The contractor or subcontractor must notify the Contracting Officer immediately when an employee working on a VA system or with access to VA information is reassigned or leaves the contractor or subcontractor's employ. The Contracting Officer must also be notified immediately by the contractor or subcontractor prior to an unfriendly termination. Custody of VA Information Information made available to the contractor or subcontractor by VA for the performance or administration of the contract shall be used only for the purposes and shall not be used in any other way without the written agreement of the VA. This clause expressly limits the contractor/subcontractor's rights to use data as described in Rights of Data General, FAR 52.227-14(d) (1). VA information should not be co-mingled, if possible, with any other data on the contractor/subcontractor's information systems or media storage systems in order to ensure VA requirements related to data protection and media sanitization can be met. If co-mingling must be allowed to meet the requirements of the business need, the contractor must ensure that VA's information is returned to the VA or destroyed in accordance with VA's sanitization requirements. VA reserves the right to conduct onsite inspections of contractor and subcontractor IT resources to ensure data security controls, separation of data and job duties, and destruction/media sanitization procedures are in compliance with VA directive requirements. Prior to termination or completion of this contract, contractor/subcontractor must not destroy information received from VA, or gathered / created by the contractor in the course of performing the contract without prior written approval by the VA. Any data destruction done on behalf of VA by a contractor/subcontractor must be done in accordance with VA Directive 6300, Records and Information Management and its Handbook 6300.1, Electronic Media Sanitization. Self0-certification by the contractor that the data destruction requirements above have been met must be sent to the VA Contracting Officer within 30 days of termination of the contract. The contractor/subcontractor must receive, gather, store, back up, maintain, use, disclose and dispose of VA information only in compliance with the terms of the contract and applicable Federal and VA information confidentiality and security laws, regulations and policies. If Federal or VA information confidentiality and security laws, regulations and policies become applicable to the VA information or information systems after execution of the contract, or if NIST issues or updates applicable to FIPS or Special Publications (SP) after execution of this contract, the parties agree to negotiate in good faith to implement the information confidentiality and security laws, regulations and policies in this contract. The contractor/subcontractor shall not make copies of VA information except as authorized and necessary to perform the terms of the agreement or to preserve electronic information stored on contractor/subcontractor electronic storage media for restoration in case any electronic equipment or date used by the contractor/subcontractor needs to be restored in an operating state. If copies are made for restoration purposes, after the restoration is complete, the copies must be appropriately destroyed. If VA determines that the contractor has violated any of the information confidentiality, privacy, and security provisions of the contract, it shall be sufficient grounds for VA to withhold payment to the contractor or third party or terminate the contract for default or terminate for cause under FAR Part 12. In accordance with VHA DIR 1605.05, A Business Associate Agreement is not required for this contract as it falls under the treatment exemption of the HIPAA Privacy Rule. The contractor/subcontractor must store, transport, or transmit VA sensitive information in an encrypted form, using VA-approved encryption tools that are, at a minimum, FIPS 140-2 validated. The contractor/subcontractor's firewall and Web services security controls, if applicable, shall meet or exceed VA's minimum requirements. VA Configuration Guidelines are available upon request. Except for uses and disclosures of VA information authorized by this contract for performance of the contract, the contractor/subcontractor may use and disclose VA information only in two other situations: (i) in response to a qualifying order of a court of competent jurisdiction, or (ii) with VA's prior written approval. The contractor/subcontractor must refer all requests for, demands for production of, or inquiries about, VA information and information systems to the VA contracting officer for response. Notwithstanding the provision above, the contractor/subcontractor shall not release VA records protected by Title 38 U.S.C. 5705, confidentiality of medical quality assurance records and/or Title 38 U.S.C. 7332, confidentiality of certain health records pertaining to drug addiction, sickle cell anemia, alcoholism, or alcohol abuse, or infection with human immunodeficiency virus. If the contractor/subcontractor is in receipt of a court order or other requests for the above-mentioned information, the contractor/subcontractor shall immediately refer such court orders or other requests to the VA Contracting Officer for response. For service that involves the storage, generating, transmitting, or exchanging of VA sensitive information but does not require C&A or an MOU-ISA for system interconnection, the contractor/subcontractor must complete a Contractor Security Control Assessment (CSCA) on a yearly basis and provide it to the COTR. Security Incident Investigation The term "security incident" means an event that has, or could have, resulted in unauthorized access to, loss or damage to VA assets, or sensitive information, or an action that breaches VA security procedures. The contractor/subcontractor shall immediately notify the Contracting Officer and the COTR and simultaneously, the designated ISO and Privacy Officer for the contract of any known or suspected security/privacy incidents, or any unauthorized disclosure of sensitive information, including that contained in system(s) to which the contractor/subcontractor has access. To the extent known by the contractor/subcontractor, the notice to VA shall identify the information involved, the circumstances surrounding the incident (including to whom, how, when, and where the VA information or assets were placed at risk or compromised), and any other information that the contractor/subcontractor considers relevant. With respect to unsecured protected health information, the business associate is deemed to have discovered a date breach when the business associate knew or should have known of a breach of such information. Upon discovery, the business associate must notify the covered entity of the breach. Notifications need to be made in accordance with the executed business associate agreement. In instances of theft, break-in, or other criminal activity, the contractor/subcontractor must concurrently report the incident to the appropriate law enforcement entity (or entities) of jurisdiction, including the VA OIG and Security and Law Enforcement. The Contractor, its employees, and its subcontractors and their employees shall cooperate with VA and any law enforcement authority responsible for the investigation and prosecution of any possible criminal law violation(s) associated with any incident. The contractor/subcontractor shall cooperate with VA in any civil litigation to recover VA information, obtain monetary or other compensation from a third party for damages arising from any incident, or obtain injunctive relief against any third party arising from, or related to, the incident. Liquidated Damages for Data Breach a. Consistent with the requirements of 38U.S.C. 5725, a contract may require access to sensitive personal information. If so, the contractor is liable to VA for liquidated damages in the event of a data breach or privacy incident involving any SPI the contractor/subcontractor processes or maintains under the contract. b. The contractor/subcontractor shall provide notice to VA of a "security incident" as set forth in the Security Incident Investigation section above. Upon such notification, VA must secure from a non-Department entity of the VA Office of Inspector General an independent risk analysis of the data breach to determine the level of risk associated with the date breach for the potential misuse of any sensitive personal information involved in the data breach. The term "data breach" means the loss, theft, or other unauthorized access, or any access other than that incidental to the scope of employment, to data containing sensitive personal information, in electronic or printed form, that results in the potential compromise of the confidentiality or integrity of the data. Contractor shall fully cooperate with the entity performing the risk analysis. Failure to cooperate may be deemed a material breach and grounds for contract termination. c. Each risk analysis shall address all relevant information concerning the data breach, including the following: 1. Nature of event (loss, theft, unauthorized access); 2. Description of the event, including: a. Date of occurrence b. Date elements involved, including any PII, such as full name, social security number, date of birth, home address, account number, disability code: 3. Number of individuals affected or potentially affected. 4. Names of individuals or groups affected or potentially affected; 5. Ease of logical date access to the lost, stolen, or improperly accessed data in light of the degree of protection for the data, e.g. unencrypted, plain text; 6. Amount of time the data has been out of VA control; 7. The likelihood that the sensitive personal information will or has been compromised (made accessible to and usable by unauthorized persons); 8. Known misuses of date containing sensitive personal information, if any; 9. Assessment of the potential harm to the affected individuals; 10. Data breach analysis as outlined in 6500.2 Handbook, Management of Security and Privacy Incidents, as appropriate; and 11. Whether credit protection services may assist record subjects in avoiding or mitigating the results of identity theft based on the sensitive personal information that may have been compromised. d. Based on the determinations of the independent risk analysis, the contractor shall be responsible for paying to the VA liquidated damages of $37.50 per affected individual to cover the cost of providing credit protection services to affected individuals consisting of the following: 1. Notification; 2. One year of credit report monitoring services consisting of automatic daily monitoring of at least 3 relevant credit bureau reports; 3. Data breach analysis; 4. Fraud resolution services, including writing dispute letters, initiating fraud alerts and credit freezes, to assist affected individuals to bring matters to resolution; 5. One year of identity theft insurance with $20,000 coverage at $0 deductible; and 6. Necessary legal expenses the subjects may incur to repair falsified or damaged credit records, histories, or financial affairs. Security Controls Compliance Testing On a periodic basis, VA, including the Office of Inspector General, reserves the right to evaluate any or all of the security controls and privacy practices implemented by the contractor under the clauses contained within the contract. Within 10 working day notice, at the request of the government, the contractor must fully cooperate and assist in a government sponsored security controls assessment at each location wherein VA information is processed or stored, or information systems are developed operated, maintained, or used on behalf of VA, including those initiated by the Office of Inspector General. The government may conduct a security control assessment on shorter notice (to include unannounced assessments) as determined by VA in the event of a security incident or at any other time. VA RECORDS MANAGEMENT OBLIGATIONS LANGUAGE A.  Applicability This clause applies to all Contractors whose employees create, work with, or otherwise handle Federal records, as defined in Section B, regardless of the medium in which the record exists.  B.  Definitions Federal record as defined in 44 U.S.C. § 3301, includes all recorded information, regardless of form or characteristics, made or received by a Federal agency under Federal law or in connection with the transaction of public business and preserved or appropriate for preservation by that agency or its legitimate successor as evidence of the organization, functions, policies, decisions, procedures, operations, or other activities of the United States Government or because of the informational value of data in them.  The term Federal record: includes VA Portland Health Care System records. does not include personal materials. applies to records created, received, or maintained by Contractors pursuant to their VA contract. may include deliverables and documentation associated with deliverables. C.  Requirements Contractor shall comply with all applicable records management laws and regulations, as well as National Archives and Records Administration (NARA) records policies, including but not limited to the Federal Records Act (44 U.S.C. chs. 21, 29, 31, 33), NARA regulations at 36 CFR Chapter XII Subchapter B, and those policies associated with the safeguarding of records covered by the Privacy Act of 1974 (5 U.S.C. 552a). These policies include the preservation of all records, regardless of form or characteristics, mode of transmission, or state of completion. In accordance with 36 CFR 1222.32, all data created for Government use and delivered to, or falling under the legal control of, the Government are Federal records subject to the provisions of 44 U.S.C. chapters 21, 29, 31, and 33, the Freedom of Information Act (FOIA) (5 U.S.C. 552), as amended, and the Privacy Act of 1974 (5 U.S.C. 552a), as amended and must be managed and scheduled for disposition only as permitted by statute or regulation. In accordance with 36 CFR 1222.32, Contractor shall maintain all records created for Government use or created in the course of performing the contract and/or delivered to, or under the legal control of the Government and must be managed in accordance with Federal law. Electronic records and associated metadata must be accompanied by sufficient technical documentation to permit understanding and use of the records and data. The Reference Laboratory and its contractors are responsible for preventing the alienation or unauthorized destruction of records, including all forms of mutilation. Records may not be removed from the legal custody of the Reference Laboratory or destroyed except for in accordance with the provisions of the agency records schedules and with the written concurrence of the Head of the Contracting Activity. Willful and unlawful destruction, damage or alienation of Federal records is subject to the fines and penalties imposed by 18 U.S.C. 2701. In the event of  any unlawful or accidental removal, defacing, alteration, or destruction of records, Contractor must report to VA COR. The VA must report promptly to NARA in accordance with 36 CFR 1230. The Contractor shall immediately notify the appropriate Contracting Officer upon discovery of any inadvertent or unauthorized disclosures of information, data, documentary materials, records or equipment. Disclosure of non-public information is limited to authorized personnel with a need-to-know as described in the SOW. The Contractor shall ensure that the appropriate personnel, administrative, technical, and physical safeguards are established to ensure the security and confidentiality of this information, data, documentary material, records and/or equipment is properly protected. The Contractor shall not remove material from Government facilities or systems, or facilities or systems operated or maintained on the Government s behalf, without the express written permission of the Head of the Contracting Activity. When information, data, documentary material, records and/or equipment is no longer required, it shall be returned to VA control, or the Contractor must hold it until otherwise directed. Items returned to the Government shall be hand carried, mailed, emailed, or securely electronically transmitted to the Contracting Officer or address prescribed in the SOW. Destruction of records is EXPRESSLY PROHIBITED unless in accordance with Paragraph (4). The Contractor is required to obtain the Contracting Officer's approval prior to engaging in any contractual relationship (sub-contractor) in support of this contract requiring the disclosure of information, documentary material and/or records generated under, or relating to, contracts. The Contractor (and any sub-contractor) is required to abide by Government and VA guidance for protecting sensitive, proprietary information, classified, and controlled unclassified information. The Contractor shall only use Government IT equipment for purposes specifically tied to or authorized by the contract and in accordance with VA policy. The Contractor shall not create or maintain any records containing any non-public VA information that are not specifically tied to or authorized by the contract. The Contractor shall not retain, use, sell, or disseminate copies of any deliverable that contains information covered by the Privacy Act of 1974 or that which is generally protected from public disclosure by an exemption to the Freedom of Information Act. The VA owns the rights to all data and records produced as part of this contract. All deliverables under the contract are the property of the U.S. Government for which VA shall have unlimited rights to use, dispose of, or disclose such data contained therein as it determines to be in the public interest. Any Contractor rights in the data or deliverables must be identified as required by FAR 52.227-11 through FAR 52.227-20. Attachment A: An estimated list of testing services needed, but not limited to (Based on the nature of patient care, there may be times in which a test is needed that is not found within this list): Test Code Test Name Estimated Annual Utilization VA Price Estimated Annual Cost Location of Testing: In-house or Referred-Out Donor-derived cell-free DNA (dd-cfDNA) 80
