Professional Documents
Culture Documents
Refer to attachment.
Refer to attachment.
Details of the process or procedure to be followed in selecting the vendor to ensure maximum fair and open competition as
practicable:
Refer to attachment.
I
Submit in Duplicate REQUEST F4[)R EXEMPTION FROM CHAPTER 103D, HRS (Conl)
A description of the agency's internal controls and approval requirements for the exempted procmement
The contract will be neglotiated with FourThought Group, Inc. b the DHS
HIPAA Project Director i:tl consultation with the Med-QUEST Div ion. The
contract will be reviewed and signed by the DHS Director. The HIPAA Projec
Director, with supervisi,on by the DHS Deputy Director, will h e responsib i
for working directly with the contractor to ensure the scope 0 work is
performed.
A list of agency personnel, by position title, who will be involved in the approval process and adminis n of the contract:
Lillian B. Koller, Esq., Director (approve and sign contract)
Henry Oliva, Deputy Director (will supervise the HIPAA Projec Director to
monitor the contract)
Andrea J. Armitage, HIPAA Project Director (will serve as pri ry contact
for the contractor and will negotiate and monitor the cont act)
Steven Kawada, Med-QUEST Division Assistant Administrator and andy Chau,
Med-QUEST Division Systems Officer (will consult with HIP Project
Director on the budgeting and scope of the contract).
This exemption should be considered for list of exemptions attachedto Chapter 3-1 ;?O,HAR: No U
I CERTIFY THAT THE INFORMATION PROVIDED ABOVE IS, TO THE BEST OF MY WLEDGE,
TRUE AND CORRECT.
JUN 0 4 200,
Date
cc: Adminis1rator,
State Procurement Office I
The HIP AA SecurityRule will greatly affect how medical information will be rec ived,
used,shared,storedand destroyed. This affects information systems,processes
proceduresand potentially, facility layouts. Most organizationsneedthe assistan f
expertsto examine,assess,and remediateits operations. The DHS is no different
The contractwould be performed in two parts over a two year period. In the flfSt rt the
consultantwould review the IllP AA SecurityRisk Assessmentthat was previousl
completed,and then usethat infonnation to assistthe DHS to completethe Securi
Analysis and Risk ManagementPlan, and a ContingencyPlan. The consultantw uld
give the DHS recommendationsfor appropriate,cost-effectiveremediationand a 'ce on
how to maximize the federal matclting funds allowable. The consultantwould al assist
the DHS to draft justifications for ;anyaddressableimplementationspecifications ot
complied with. [The Rule statesthat implementationspecificationsare either req ired or
addressable~ if the entity doesnot l:omply with an addressablespecificationthen i must
documentits justification for the noncompliance.] The first part would also inclu e
assistingthe DHS SecurityTeamto draft policies and proceduresandto provide ecurity
policy awarenesstraining for DHS:staff as required by the Rule. In the secondp the
consultantwould conduct an audit of the implementationdone in the flfst part, an would
assistthe DHS with creatingand i1mplementing proceduresfor on-going auditing f
SecurityRule compliance,given t]tteconstantchangesto the DHS network infra cture,
network threats,and availablesoftware/hardware.The consultantwould further sist the
DHS with corrective measuresbas:edon the results of those audits. The consult t would
give the DHS the tools necessary1:0conducton-going training updatesand rernin ers as
requiredby the Rule. The secondpart of the contractwould also requirethe con ltant to
developa protocol for a StandardizedEnterpriseArchitecture for the DHS' info ation
technology systems.
---
I
I
I
2
stateand federal programs. There are interfaceswith the DepartmentofH lth
(DOH), Departmentof Education (DOE), andthe Departmentof Public S ety
(PSD). The Medicaid programreimbursesfor servicesrenderedby variou
divisions within the DOH and soonthe DOE. The DHS processesclaims or
PSD.lntemally, the DHS must assessand makedecisionson interfacesbe een
MQD, SSD,Vocational Rehabilitation Division (VRD) and the Benefit,
Employment and Support ~;ervicesDivision (BESSD). Expertisewith pu lic
programsand specific kno,vledgeof Medicaid paymentsis requiredto un erstand
how to apply IllP AA regulations. Finally, knowledge of the Medicaid pr am is
essentialto assistingthe DHS in maximizing federal reimbursementfor stem
and proceduralchanges.
. AHCCCS and DHS OQera1~ - While both programsare Medicaid pro ams
and are similar, there are dilfferencesand it is critical for the consultantto
understandthe similarities and differences. HP:MMIS is jointly sharedby awaii
and Arizona. Any policy changesaffecting the HP:MMIS information sys em
must be consistentwith b01thstates,asthesepolicies arewritten to protect he
information in the samesy:~tem.Consistencywill minimize systemmodi cations
and reducecosts. AHCCCS utilized the expertiseofFourThought for its
Transactionsand Code SetsandPrivacy Rules implementations.
. DHS OQerations- After having worked with the DHS from June2002 tough
January2004 on the DHS' Transactionsand CodesSets,Privacy and Sec rity
Rules implementations,FourThought is familiar with the businessproces esthat
are unique to the DHS, aswell aswith respectto its relationshipswith ot er state
agenciesand AHCCCS. ]n January2004, FourThought completeda det led and
complex administrativeandtechnical SecurityRisk Assessmentof the D S'
current statuswith the Se<;urityRule requirements. They also made
recommendationsto the DHS on how to proceedwith SecurityRule co iance
-
efforts. It is essentialthat this proposedcontractbe a continuationof the e lier
contract, addingPhasesFour andFive of the SecurityRule compliancee rts.
This would provide continulityof our current strategy. Other consultants ould
be at a severedisadvantage,asthey would not know the intricacies of the HS'
businessprocesses,nor wh:~tHIP AA implementationsefforts the DHS h
conductedto date.This wolllld clearly cost further time and money.
- ~--
Submit in Duplicate
STATE OF HAWAII
NOTICE OF EXEMPTION FROM CHAPTER lO3D, H]~S
The Chief ProcurementOfficer is in the processof reviewingthe requestfrom the Departmentof Hum~n Services-
Med-Ouest Division for exemptionfrom ChapterlO3D, HRS, for the following goods,services,or onstruction:
Vendor: FourThought
Group,In!:.
Address: 112 North CentralAvenue,Suite 700
Phoenix,AZ 85004
... ... ... ..' ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ...
Date Posted: une 10-L 2004
A copy of this notice of exemption from Chap1er lO3D, HRS, shall be posted by the Chief Procurement pfficer and the
purchasing agency in an area accessible to the public, at least seven (7) calendar days prior to any appro al action.
Submit written objections to this notice to issue an exemption from Chapter lO3D, HRS, within seven (7 calendar days from
the date posted to:
Chief Procurement Officer
Office/Agency~tate Procurement Office
Address 1151 Punchbowl Street. Room 416
I-ionolulu. Hawaii 96813
- -