CSP - BidNet



CSP15-10863

For

Call Center Support Services

Background:

The MetroHealth System is one of the largest, most comprehensive health care providers in Northeast Ohio, serving the medical needs of the Greater Cleveland community for 175 years. More than 500 primary care and specialty care physicians practice within The MetroHealth System. Affiliated since 1914 with Case Western Reserve University School of Medicine, MetroHealth is a center for medical research and education, with all active staff physicians holding Case faculty appointments.

The MetroHealth System is composed of a major medical center, a rehabilitation hospital, two long-term care/skilled nursing centers, an outpatient surgery center, and a network of community-based health care centers.

MetroHealth Medical Center, located on the near west side of Cleveland, is a leader in trauma, emergency and critical care; women’s and children’s services, including high-risk obstetrical care and neonatal intensive care; comprehensive medical and surgical subspecialties; heart and vascular care; cancer care; senior health; stroke and rehabilitative health care services. MetroHealth Medical Center offers the most advanced techniques in treating complex medical problems.

MetroHealth Medical Center provides care to nearly 28,000 inpatients, including more than 3,400 newborns annually. More than 700,000 visits are recorded each year in the medical center’s outpatient centers. Patient visits to the emergency department exceed 100,000.

CSP Specifications:

Include pricing to be firm for a term of 3-year(s) “Initial Period” with an option to extend for 2 additional 1-year(s) under the exact pricing, terms and conditions as agreed upon in this agreement and correlating addendums or attachments if applicable.

Engagement:

See below.

Request for Proposal

Call Center Support Services

Issued August 18, 2015

BACKGROUND

Introduction | The MetroHealth System is one of the largest, most comprehensive health care providers in Northeast Ohio, serving the medical needs of the Greater Cleveland community for 175 years. We are committed to responding to community needs, improving the health status of our region, and controlling health care costs. We hold as a core value the provision of services to any resident of Cuyahoga County, regardless of ability to pay. More than 500 primary care and specialty care physicians practice within The MetroHealth System. Affiliated since 1914 with Case Western Reserve University School of Medicine, MetroHealth is a center for medical research and education, with all active staff physicians holding Case faculty appointments. For more information on MetroHealth, please visit our website at

RFP Background & Scope | The MetroHealth System is seeking proposals with quotes from vendors and other service providers who offer call center support services within the health care arena. MetroHealth is requesting services ranging from patient portal support services and answering telephone to scheduling requests. In addition, the vendor must be able to work in collaboration with MetroHealth’s current call center staff to meet daily demands. Also, the vendor must be able to offer flexible and scalable operations as the business requirements evolve and change.

a. Business Requirements

The bidder must have prior experience supporting Epic’s Cadence Module, as well as Epic’s MyChart Patient Portal

• The bidder must have the capability to manage inbound/outbound calls, schedule appointments using Epic’s Cadence Module, manage phone calls regarding directions, refill/renewal requests, and general questions

All patient data interaction and storage must be compliant with HIPPA guidelines

• The bidder must have the capability to support multi-lingual communications with patients

• The bidder shall provide high-quality customer service, focusing on the accuracy of information provided, the completeness of information, adherence to privacy laws, and overall professional customer service

• The bidder shall ensure low queue times, abandonment rates less than 3%

• The bidder shall have the ability to add or divert trained staff to handle increasing and decreasing call volume during peak and off-periods in in order to comply with performance standards

• The bidder must follow MetroHealth’s call back guidelines and processes outlined in the Outbound Process Document, as well as follow all of MetroHealth’s auditing processes

• The bidder must include documentation processes, reporting capabilities, as well as a brief description regarding the level of service support offered by the vendor

• Implementation timeline and training processes must be included

• The bidder is required to respond to all questions listed throughout the document

b. Responsibilities and Requirements

• Please confirm that your staff can provide the services below. Also, provide additional details about each service as you see fit.

o Provide a dedicated team to manage the business requirements for MetroHealth

o Capability to offer 24/7 call center support services

o Ability to provide the following call center services, including but not limited to inbound and outbound communication via live operator or through Epic’s MyChart Patient Portal-

▪ Scheduling same day and routine appointments within Epic

▪ Answering general questions as it relates to scheduling

▪ Rescheduling cancelled appointments using Epic

▪ Confirming patient appointment dates and times

▪ Opening and completing refill requests, as well as internal referrals

▪ Answering calls regarding test results and completing the appropriate documentation process for clinical staff to review in Epic

▪ Responding to patient question via phone, or patient portal (MyChart)

▪ Appropriately documenting encounters via Epic

▪ Support patient portal services

• Describe your experience with supporting Epic’s MyChart patient portal programs which include the following -

o Ability to offer 24/7 call center support services for Epic’s Mychart Patient Portal

o Validating requests for Personal Identification Numbers submitted via email

o Issuing new PINs for patients in response to a phone call regarding MyChart setup

o Completing password resets in response to a patient phone call, e-mail or MyChart message

o Guiding patients though the MyChart navigation

o Trouble shooting technical problems

o Outbound messaging including responding to patient questions via the Epic’s MyChart

o Experience with scheduling appointments via MyChart

o Processing refill requests in Epic

o Addressing Customer Relationship Management patient issues and concerns

o Entering internal referral requests in Epic

o Messaging providers regarding clinical questions/concerns and test results

c. Operational Support

• Please answer the following questions:

o Do you provide statistical reporting on call volumes per member and call length?

o Do you provide the ability to record all calls for quality monitoring?

o Do you provide the ability to track interactions by call type?

o How are escalations managed?

o Please provide a brief description of the level of service support available

o Do you have the capability to provide real time reporting for voice and data?

d. Past Experiences

• List and number of current Epic customers

• How long have you been in the call center market?

• Size of largest healthcare client (annual call volume)

• Reference (x3) – Name, Industry, Annual Call Volume, Customer Since, Contact Name, Number and E-mail

e. Overriding Proposal Requirements

• All business requirements detailed above will need to be incorporated into any / all proposal responses

• Proposal will need to identify all software and hardware required to support the platform, and include all specifications

• Proposal must include the bidder’s current infrastructure

• Proposal will need to include detailed maintenance agreement options along with 1, 2, and 3-year pricing options

• Proposal should include any one-time fees or out-of-pocket expenses

• Proposal should include detailed documentation on the implementation approach including sample / estimated project timelines and durations and resource estimates

• Proposal should specify if implementation services pricing includes travel expenses

• Proposal should reference if there are any additional and or optional services that need to be included along with corresponding associated costs

• Detailed documented support model recommendation which includes:

o Support processes for resolving problems and restoring service

o References to roles and responsibilities that will be assumed by the vendor and the customer

o Options for how to access system support resources via phone, online (web, e-mail, searchable knowledge base), and onsite

o Options for support availability including 24/7 support and all alternate levels of available assistance

o Details on upgrades that are included per the maintenance agreement versus what may not be covered under normal circumstances

INSTRUCTIONS

1. Intent to Respond | Please indicate your intent to respond via email to mwboylan@ by close of business on August 26, 2015. Include the name and contact information for a single point of contact for this RFP below.

2. Questions | Please submit any additional needs and/or questions regarding this RFP via e-mail to MHbids@. Questions and answers will be consolidated and provided to all respondents.

3. Proposal Format | Please provide complete answers in the questionnaire section. Do not deviate from the order or format of the questions. Do not send other attachments, unless used as a response to a question and noted in this document - all other information will be not be reviewed.

a. Please use Microsoft Office Word and Excel only (MetroHealth cannot accept Zip or PDF files).

b. Please limit your proposal to 30 pages. Attachments do not count in the 30-page limit. All attachments must clearly reference the question they are in relation to.

c. Quote break out – list out the cost for hardware, software, installation, configuration, training, travel and support agreement.

4. Proposal Submission | Responses are due by 1pm on September 1, 2015. Please submit one electronic copy* and two hard copies to:

Bid #CSP15-10863

Supply Chain

4229 Pearl Road

Cleveland, Ohio 44109

* MetroHealth cannot accept Zip or PDF files

Proposal Timeline | Please adhere to following dates for submission of your proposal:

|EVENT |DATE |

|RFP Issued |August 18, 2015 |

|Intent to Respond Due |August 26, 2015 |

|RFP Proposal Due |September 1, 2015 |

Disqualification | A response may be disqualified from further consideration if the supplier:

4 Fails to answer the questions in this document adequately

5 Provides false or misleading information

6 Fails to meet the given deadlines

TERMS AND CONDITIONS

Cost of Proposal | Any and all expenses and costs of any kind whatsoever incurred directly or indirectly by a respondent in connection with responding to this RFP are the sole responsibility of the respondent.

Right to Reject | In its sole discretion, MetroHealth reserves the right to withdraw this RFP and/or modify or cancel its’ plans to issue a Request for Proposal.

1. Confidentiality | All information provided by MetroHealth in connection with this RFP, including subsequent discussions and additional materials, is considered confidential. Respondents will protect all such confidential information, and will not disclose or make available directly or indirectly to third persons for any purpose unrelated to the business objectives of MetroHealth without prior, written, authorization.

2. Validity of Response | The proposal will remain valid for 120 days after the date of submission. The terms of this proposal and any attachments shall be incorporated into any contract with the association. Any ambiguities, discrepancies, inconsistencies, or conflicts between this RFP and the responses must be resolved to the mutual satisfaction of both parties prior to the final award. After the award, it should be understood and agreed by both parties that, in each instance in which the bidder presents alternative approaches to the proposal, the acceptable option, or alternative shall be at the sole discretion and interpretation of The MetroHealth System.

Business Associate Risk Assessment Data Gathering Form

This form is used to initiate the risk assessment process for MHS business associates. Diagrams or other supporting documents may be attached if relevant to this process. Information provided will be reviewed by the MHS Risk Department, Compliance Department and/or IS Security Department. All responses and supplemental information shall be treated as confidential by MHS and the business associate. MHS relies on the representations contained in the responses to this questionnaire when determining which entities to engage as business associates. Should there be any questions regarding the answers or documents provided, follow up will be requested.

Please provide responses for all items under the Company and Service Information sections.

|Company Information |Response |

|Company Name | |

|Headquarters Business Address | |

|Local Address (if different from above) | |

|Website | |

|Contact Person | |

|Phone | |

|Email address | |

|Name of Primary contact at MHS | |

|Is there a signed Business Associate Agreement on file with MHS? | Yes No |

|Service Information |Response |

|Describe the service(s) that your company provides to The | |

|MetroHealth System (MHS) | |

|Are these services provided from your facility or a MHS facility? | |

|(Identify the facility) | |

|Does your company create, receive, maintain, or transmit Protected| Yes No |

|Health Information (PHI) or Personal Identity Information (PII)? | |

If the answer to the above question is “No”, please identify who completed this form

Completed By (Name): _________________________________________________ Date___/___/___

Signature: _______________________________________________

and STOP.

Reviewed By (IS Security Name): _________________________________________ Date___/___/___

Signature: _______________________________________________

|Service Detail (for PHI or PII relationships) |Response |

|Identify which actions your company performs and provide a data | |

|map showing the entire flow of protected data) | |

|What protected data does your company create, receive, maintain or| |

|transmit? (If data is in a MHS application, identify the MHS | |

|application) | |

|How does your company access this data? (examples: SSLVPN, VPN | |

|Tunnel, web application, hosted application or other, please | |

|describe) | |

|Do you share any data that originates with MHS with other business| |

|partners? (If Yes, please explain this relationship and what data | |

|is shared) | |

|General Controls |Response |

|Do you conduct a risk assessment? | Yes No |

|Do you have privacy policies? | Yes No |

|Do you have security policies? | Yes No |

|Do you perform background checks as part of your hiring process? | Yes No |

|Are your employees required to take annual privacy and security training? | Yes No |

|Do you have facility access controls in place? | Yes No |

|Do you have endpoint malware protection? | Yes No |

|Do you have a security incident response program? | Yes No |

|Do you have a process to identify and remediate security vulnerabilities? | Yes No |

|Do you have a disaster recovery plan? | Yes No |

|Do you have a business continuity (emergency mode of operation) plan? | Yes No |

|Do you have a process for testing and applying patches or updates to your systems and applications? | Yes No |

|Do you engage in any marketing or research activities in which protected data is used or disclosed? | Yes No |

|Do you have a Compliance officer or department? | Yes No |

|User Authentication Controls |Response |

|Does each user have a unique login or identifier? | Yes No |

|Are users automatically logged off after some period of time? | Yes No |

|What is the automatic log off time period? (# of minutes) | |

|Does the application require users to change their password? | Yes No |

|How often must users change their password? (# of days) | |

|What is the minimum password length? (# of characters) | |

|Are upper/lower case, numbers and special characters supported in passwords? | Yes No |

|Are passwords encrypted while stored? | Yes No |

|Are passwords encrypted when transmitted? | Yes No |

|User Access Controls |Response |

|Is user access reviewed and authorized before being granted? | Yes No |

|Is user access based upon the principle of ‘least privilege’? | Yes No |

|Are role based user profiles defined and used? | Yes No |

|Is separation of duties addressed when user access is granted? | Yes No |

|Is user access reviewed periodically to ensure that access is appropriate? | Yes No |

|Is there a process for removing access for terminated employees? | Yes No |

|User Access Monitoring |Response |

|Are user log on (successful and failed) attempts logged? | Yes No |

|Are user transactions (application activities) logged? | Yes No |

|Is log/audit trail data protected (files cannot be deleted or modified)? | Yes No |

|How long is log/audit trail data retained? (# of months) | |

|Is log/audit trail data reviewed periodically to detect anomalies? | Yes No |

|What is the frequency for log/audit trail review? (# of times per week) | |

|If an anomaly is detected, is an incident response process in place to investigate? | Yes No |

|Data Protection Controls |Response |

|Do you classify your data? | Yes No |

|For data that has been classified as protected, is data encrypted while stored? | Yes No |

|For data that has been classified as protected, is data encrypted while transmitted? | Yes No |

|Do you backup data on a regular basis? | Yes No |

|Is protected data stored or accessed from portable media? | Yes No |

|Do you have a process in place to destroy portable media that may have stored protected data? | Yes No |

|Do you allow personally owned devices to access protected data? | Yes No |

|Do you have processes in place to destroy protected data that may be printed? | Yes No |

This section is to be completed only if the business associate will be serving as a hosting facility for MHS protected data

|Hosting Controls |Response |

|Will MHS data be isolated from other customer data? | Yes No |

|Is your application coded in accordance with secure coding practices (for example in accordance with OWASP)? | Yes No |

|Do you periodically subject your application to web application scanning (testing)? | Yes No |

|Do you take action to address vulnerabilities that have been detected in your application? | Yes No |

|Has your hosting solution (application and data centers) been audited for compliance with industry best practices? | Yes No |

|(examples SSAE16, ISO27002) | |

|Can you share the results of your most recent such audit with MHS? | Yes No |

|Does your contract with MHS include service level availability? | Yes No |

This section is to be completed only if MHS equipment or media that contains PHI or other protected information will be transferred to the business associate and such equipment or media will NOT be encrypted.

|Transport Controls |Response |

|Will you accept responsibility for equipment/media at time that said equipment/media is released by MHS? | Yes No |

|Will equipment/media be insured during transport? | Yes No |

|Will equipment/media be transported using indestructible, secured/locked container(s)? | Yes No |

|Will equipment/media be in possession of your employee(s) at all times? If NO, please answer the following three | Yes No |

|questions. | |

| Will a courier service be utilized to transport the equipment/media? | Yes No |

| Do you have an agreement in place with the courier? | Yes No |

| Have you conducted a risk assessment of the courier’s transport processes and identified any risks? | Yes No |

|When the equipment/media is at your location, will it be stored in a secured/locked area? | Yes No |

|Do you maintain an inventory of client equipment/media? | Yes No |

|Will the equipment/media be used in a secured/locked area? | Yes No |

|Will access to the equipment/media be restricted to only those who need to have access to the equipment/media? | Yes No |

|Do you monitor who accesses client equipment/media? | Yes No |

|Does your Incident Response program/process address client equipment/media? | Yes No |

 

Completed By (Name): _________________________________________________ Date___/___/___

Signature: _______________________________________________

=====================================================================================================

Reviewed By (IS Security Name): _________________________________________ Date___/___/___

Signature: _______________________________________________

Appendix

Assumptions & Exceptions | Document all assumptions and exceptions that apply to your response. Assumptions and exceptions outlined elsewhere in your response will not be recognized, so please state them in this section.

Deliverables Checklist | Use the chart below to mark the status of necessary deliverables / attachments to include with your RFP response:

|RFP Deliverables |Status |

|Intent to Respond | |

|Questions about the RFP | |

|RFP Response | |

|Pricing Details for the Complete Engagement, including: | |

|Product Costs | |

|Implementation Costs | |

|Consulting Services Costs | |

|Any Additional Pricing Details | |

|Business Associate Risk Assessment Data Gathering Form | |

-----------------------

The MetroHealth System | 2500 MetroHealth Drive, Cleveland, OH 44109

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download