Information Header
SUPPLEMENTAL
INFORMATION
HEADER
The following pages contain supplemental information for this competitive document. The supplemental information is contained between this header and a trailer page. If you receive the trailer page, all supplemental information has been received.
If you do not receive the trailer page of this supplement, use the inquiry process described in the document to notify the Procurement Representative.
Note: portions of the supplemental information provided may or may not contain page numbers. The total number of pages indicated on the cover page does not include the pages contained in this supplement.
SUPPLEMENT 1
W-9 FORM
SUPPLEMENT 2
Vendor Information Guide
Ohio Department of Medicaid
VENDOR INVOICE GUIDE
8.20.13 update
In order to avoid any delays in payment, please follow these important steps when submitting your invoices:
Your invoice should include:
•The valid Purchase Order (PO) number(s)
•The date(s) of service
•An invoice date
•The unique invoice number
•The contract number, if applicable Be sure to verify:
•The “remit to” address on the invoice must be in OAKS and on file with Ohio Shared Services
•The invoice service dates are within the state fiscal year (July 1st – June 30th) and/or within service dates of the PO
•The invoice description matches the PO description and/or contract deliverables. It is extremely important to use the same language from the PO on the invoice Other Tips:
•Print invoices on standard letter-size white or lightly-colored paper for clear imaging
•Remove any heavily shaded areas from invoices
•Do not staple multiple page invoices
•When sending invoices by email to OSS:
•Individual attached invoice (single scanned file) may include the supporting documentation.
•Each email can include up to 99 different attached invoices (but only ONE invoice per scanned file).
•An individual attachment (single scanned file) with multiple invoices will be rejected.
Vendor invoices for the Ohio Department of Medicaid should be sent to the Ohio Shared Services email address or location below.
Email: (the preferred file type for email attachments is .pdf. The only other acceptable invoice formats for submission are .tif, .txt, or .jpg)
Mail: / Ohio Shared ServicesP.O. Box 182880
Columbus, Ohio 43218-2880
Fax: / 614.485.1039
Questions about the status of an invoice should be directed to Ohio Shared Services at:
Telephone: 1.877.OHIO.SS1 (1.877.644.6771) or 1.614.338.4781
Email:
AllVendor Information updates (e.g. correspondence, statements, etc) should be sent to:
Mail: Ohio Shared Services
ATTN: OSS-Vendor Maintenance
4310 E. 5th Avenue
Columbus, Ohio 43219
Fax:614.485.1039
Email:
The recently passed FY 2014-15 state budget includes a number of provisions that may impact Ohio Medicaid’s vendor community. One particular item that may be of interest to your operations is an unprecedented small business tax cut. Introduced by Governor John R. Kasich, the provision provides virtually all of Ohio’s small businesses with a 50 percent tax cut on the first $250,000 of net business income.
To learn more on how you and your business may benefit from the plan, please visit or .
SUPPLEMENT 3
Service Level Requirements
Service Level Requirement (SLRs).
The Contractor must consistently meet or exceed the following performance specifications for the Service Level Requirements (SLRS) to be established between the Contractor and the Ohio Department of Medicaid (ODM). The attachment contains the expectations related to service level commitments and the implications of meeting versus failing to meet the service level requirements and objectives, as applicable. The following are minimum service levels required for the duration of the Contract period.
Both the State and the Contractor recognize and agree that new categories of Service Levels and performance standards may be added or adjusted during the term of the Contract as business objectives, organizational objectives and technological changes permit or require.
The Contractor will not be liable for any failed Service Level caused by circumstances beyond its control, and that could not be avoided or mitigated through the exercise of prudence and ordinary care, provided that the Contractor immediately notifies the State in writing and takes all steps necessary to minimize the effect of such circumstances and resumes its performance of the Services in accordance with the SLRs as soon as possible.
Implementation Deadline. The Contractor must ensure that the EVV system is implemented by the time stated in the Proposal. If the Contractor fails to meet the required date, the State may assess liquidated damages as follows:
- $2,500.00 per calendar day, or any part thereof, for each of the first ten calendar days;
- $5,000.00 per calendar day, or any part thereof, for each of the next 30 calendar days; and
- $7,500.00 per calendar day, or any part thereof, for each additional day.
Service Level Commitments.
The Contractor will meet the Service Level commitment for each Service Level set forth in the charts below (All times referenced are in Columbus, Ohio local time – Eastern Time Zone):
Service Level / RequirementsSupport Hours / Response / Resolution/Remedy / Liquidated Damages
System and Equipment Availability. The EVV system and any other support technologies required must maintain an uptime of 98.5% in a day. / 24 Hours / 7 Days a Week / Notification upon unavailability. / If a lengthy failure occurs, the Contractor must provide staff to complete any backlogged work. / In accordance to the Issue Priority Definitions.
System Backup. The Contractor must provide a complete backup system to ensure that if a Contractor-provided device or server fails, production will not be affected. / 24 Hours / 7 Days a Week / Immediate notice to ODM of missed or failed backup. / If a failure of the Contractor’s equipment or software results in more than two downtime periods exceeding 6 consecutive hours each within 5 consecutive calendar days, the equipment must be replaced with new equipment at no cost to the State. / $1,000 per incident (daily)
Device Failure in Individual’s Home. The Contractor will ensure that repair and/or replacement of devices occurs as necessary within 24 hours of receiving notification of the need for repair/replacement. / 24 Hours / 7 Days a Week / Immediate notice to ODM of device failure. / Repair and/or replacement must be completed. / $100 per device
Unexpected Failure to Provide Real Time Validation. Visit verification must be handled in real-time. / 24 Hours / 7 Days a Week / Reporting of any unexpected delays in verification must be sent to ODM within 4 hours of discovery. / Contractor must confirm and report on incident, including any justification, actions taken and resolution. / $100 per incident.
Unexpected Failure to Provide Real Time Data Aggregation. The Contractor must accept information from and return information to approved alternate data collection systems (in accordance with program policy) in near real time to effectively complete visit verifications and to ensure late and missed visit notices are sent in a timely manner. / 24 Hours/7 Days a Week / Notification upon unavailability in accordance with the Issue Management procedures outlined in the contract / The Contractor must work with all impacted entities using alternate data collection systems to capture data affected by the failure and to ensure a complete data set within the EVV system. / $250 per incident
Failure to Timely Test and Approve/Dis-Approve Alternate Data Collection Systems
The Contractor must work with provider and managed care plan’s promptly to test and approve/dis-approve proposed alternate data collection systems. Approval /dis-approval notice must be issued in writing with 5 business days / Monday through Friday, 8:00 a.m. to 5:00 p.m. (Columbus, Ohio local time – Eastern Time Zone) / Notification of failure to timely issue approval/dis-approval within 24 hours of missed deadline / The Contractor must work with the impacted entity or entities to issue a written notice of approval/dis-approval as soon as possible / $1,000 per incident initially;
An additional $250 for every 24 hours in excess of 5 business days until the written notice of approval/dis-approval is issued
Failure to return information to MITS in real time for individual claim inquiry / 24 Hours/7 Days a Week / Notification of failure within Issue Management procedures outlined in the contract / The Contractor must establish and maintain communication with ODM and/or its designee in accordance with the Issue Management process outlined in the contract until the issue is resolved / $100 per incident
Failure to return information to MITS in near real time for batch inquiries / 24 Hours/7 Days a Week / Notification of failure within Issue Management procedures outlined in the contract / The Contractor must establish and maintain communication with ODM and/or its designee in accordance with the Issue Management process outlined in the contract until the issue is resolved / $1,000 per incident
Phone support availability for Individuals receiving services, Direct Care Workers and Medicaid Providers / 24 Hours/7 Days a Week / Notification of failure within Issue Management procedures outlined in the contract / Contractor must confirm support reestablished and provide detailed summary via email within 24 hours. / $100 per incident/hourly
Online support availability for Individuals receiving services, Direct Care Workers and Medicaid Providers / 24 Hours/7 Days a Week / Notification of failure within Issue Management procedures outlined in the contract / Contractor must confirm support reestablished and provide detailed summary via email within 24 hours. / $100 per incident/hourly
Phone and Online Support Availability for Operations / 24 Hours/7 Days a Week / Notification of failure within Issue Management procedures outlined in the contract / Contractor must confirm support reestablished and provide detailed summary via email within 24 hours. / $100 per incident/hourly
Critical Business Impact Incident. Contractor must provide ongoing support and service to users of the EVV system.
/ 24 Hours / 7 Days a Week / Notification of failure within Issue Management procedures outlined in the contract / Resolution detailed and categorized via email within 24 hours. / $1000 per incident/hourlyMajor Business Impact Incident. Contractor must provide ongoing support and service to users of the EVV system.
/ 24 Hours / 7 Days a Week / Contractor acknowledge response within 10 minutes. / Resolution detailed and categorized via email within 24 hours. / $750 per incident/dayModerate Business Impact Incident. Contractor must provide ongoing support and service to users of the EVV system.
/ 24 Hours / 7 Days a Week / Contractor acknowledge response within 60 minutes. / Resolution detailed and categorized via email within 24 hours. / $500 per dayMinimal Business Impact Incident. Contractor must provide ongoing support and service to users of the EVV system. / 24 Hours / 7 Days a Week / Contractor acknowledge response within 60 minutes. / Resolution detailed and categorized via email within 24 hours. / $250 per week
Missing Report. Reports must be scheduled for delivery as agreed upon and defined in the Contract. / Per report schedule as defined in the Contract. / Missed/Failed reports must be sent to ODM within 4 hours of notice. / Contractor must confirm and report on incident, including any justification, actions taken and resolution, within 24 hours. / $100 per incident.
Abandonment Rate of Calls. Must be less than or equal to 5% a month. / 24 Hours / 7 Days a Week / Contractor must provide a report on abandonment rate and staffing levels. / Contractor must provide plan to reduce abandoned calls through increased availability. / $100 per hour.
Call Answer Time. Calls must be answered in less than or equal to 120 seconds. / 24 Hours / 7 Days a Week / Contractor must provide a report on call answer times and staffing levels. / Contractor must provide plan to reduce call answer time through increased availability. / $100 per hour.
Missed Visit Alert Notice. Any visit past the established tolerance level must be recorded as missed or late. / 24 Hours / 7 Days a Week / Contractor reports incident within an hour. / Contractor must confirm and report on incident, including any justification, actions taken and resolution, within 24 hours. / $100 per incident.
Installation Appointment Missed / 24 Hours / 7 Days a Week / Contractor must reschedule within hour (as available to the Individual) of missed appointment. / Device must be installed. / $100 per day that goes beyond initial appointment.
Installation Wait Times for New Individual. Device must be installed for a new Individual within forty-eight hours of notification. / 24 Hours / 7 Days a Week / Contractor must immediately notify ODM of pending schedule of installations. / Device must be installed. / $100 per day that goes beyond initial forty-eight hours.
Installation Wait Times for a Change in Residence. Device must be installed in new residence within forty-eight hours of notification. / 24 Hours / 7 Days a Week / Contractor must immediately notify ODM of pending schedule of installations. / Device must be installed. / $100 per day that goes beyond initial forty-eight hours.
Installation Wait Times for New Program or Service. Devices must be installed no later than 14 days prior to implementation of the new service or program. / 24 Hours / 7 Days a Week / Contractor must immediately notify ODM of pending schedule of installations. / Device must be installed. / $100 per day that goes beyond initial allowance.
Issue Priority Definitions
Priority Level
/Description
/Liquidated Damages
Critical Business Impact
/ The Incident has caused, or has the potential to cause, the entire system to go down or be unavailable. A complete and immediate work stoppage, affecting a Critical Function or Critical Infrastructure component such that a primary business process or a broad group of Users such as an entire department, floor, branch, line of business, or external customer is affected. No workaround available. / $100,000 per day.Major Business Impact
/ The issue/problem directly affects the public, or a large number of stakeholders are prevented from using the system. High-priority problems include those that render a site unable to function, or key functions of the application are inoperable. Slow processing of data; severely impacts multiple stakeholders. Leads to federal penalties, misdirected payments or corrupt data. / $10,000 per day.Moderate Business Impact
/ Medium priority problems include those errors that render minor or non-critical functions of the system to be inoperable or unstable. Incidents that prevent stakeholders or administrators from performing some of their tasks. / $1,000per day.Minimal Business Impact
/All Service requests and other problems that prevent a stakeholder from performing some tasks, but in situations a workaround is available.
/$100 per day.
Mean Time to Repair/Resolve: Mean time to repair will be measured from the time an Issue is reported to the Contractor‘s Help Desk to the point in time when the Issue is resolved or a workaround is in place and the Contractor submits the repair to the State for confirmation of resolution.
SUPPLEMENT 4
State Security and Privacy Requirements
State IT Computing Policy Requirements
State Data Handling Requirements
Contents
State Security and Privacy Requirements
State IT Computing Policy Requirements
State Data Handling Requirements
1.Overview and Scope
2.General State Security and Information Privacy Standards and Requirements
2.1.State Provided Elements: Contractor Responsibility Considerations
2.2.Periodic Security and Privacy Audits
2.3.Annual Security Plan: State and Contractor Obligations
2.4.State Network Access (VPN)
2.5.Security and Data Protection.
2.6.State Information Technology Policies
3.State and Federal Data Privacy Requirements
3.1.Protection of State Data
3.2.Handling the State’s Data
3.3.Contractor Access to State Networks Systems and Data
3.4.Portable Devices, Data Transfer and Media
3.5.Limited Use; Survival of Obligations.
3.6.Disposal of PII/SSI.
3.7.Remedies
3.8.Prohibition on Off-Shore and Unapproved Access
3.9.Background Check of Contractor Personnel
4.Contractor Responsibilities Related to Reporting of Concerns, Issues and Security/Privacy Issues
4.1.General
4.2.Actual or Attempted Access or Disclosure
4.3.Unapproved Disclosures and Intrusions: Contractor Responsibilities
4.4.Security Breach Reporting and Indemnification Requirements
5.Security Review Services
5.1.Hardware and Software Assets
5.2.Security Standards by Device and Access Type
5.3.Boundary Defenses
5.4.Audit Log Reviews
5.5.Application Software Security
5.6.System Administrator Access
5.7.Account Access Privileges
5.8.Additional Controls and Responsibilities
- Overview and Scope
This Supplement shall apply to any and all Work, Services, Locations and Computing Elements that the Contractor will perform, provide, occupy or utilize in conjunction with the delivery of work to the State and any access of State resources in conjunction with delivery of work.
This scope shall specifically apply to:
- Major and Minor Projects, Upgrades, Updates, Fixes, Patches and other Software and Systems inclusive of all State elements or elements under the Contractor’s responsibility utilized by the State;
- Any systems development, integration, operations and maintenance activities performed by the Contractor;
- Any authorized Change Orders, Change Requests, Statements of Work, extensions or Amendments to this agreement;
- Contractor locations, equipment and personnel that access State systems, networks or data directly or indirectly; and
- Any Contractor personnel, or sub-Contracted personnel that have access to State confidential, personal, financial, infrastructure details or sensitive data.
The terms in this Supplement are additive to the Standard State Terms and Conditions contained elsewhere in this agreement. In the event of a conflict for whatever reason, the highest standard contained in this agreement shall prevail.
- General State Security and Information Privacy Standards and Requirements
The Contractor will be responsible for maintaining information security in environments under the Contractor’s management and in accordance with State IT Security Policies. The Contractor will implement an information security policy and security capability as set forth in this agreement.