MINNESOTA DEPARTMENT OF HEALTH

REQUEST FOR PROPOSALS FORDATA AGGREGATION VENDOR FOR THE MINNESOTA HEALTH CARE CLAIMS AND REPORTING

SYSTEMMinnesota’s Commitment to Diversity and Inclusion

The State of Minnesota is committed to diversity and inclusion in its public procurement process. The goal is to ensure that those providing goods and services to the State are representative of

our Minnesota communities and include businesses owned by minorities, women, veterans, and those with substantial physical disabilities. Creating broader opportunities for historically under-represented groups provides for additional options and greater competition in the marketplace, creates stronger relationships and engagement within our communities, and fosters economic

development and equality.

To further this commitment, the Department of Administration operates a program for Minnesota-based small businesses owned by minorities, women, veterans, and those with

substantial physical disabilities. For additional information on this program, or to determine eligibility, please call 651-296-2600 or go to the Office of Equity in Procurement website

(https://mn.gov/admin/business/vendor-info/oep/)

Table of ContentsI. Introduction and Background..................................................................................................1

A. Statutory Authority and Purpose of this Request..............................................................1B. History of the MN APCD.................................................................................................1C. Current Data Model and Uses...........................................................................................5D. Current MN APCD Vendor in Relation to this RFP.........................................................6

II. Minimum Qualifications..........................................................................................................7III. Scope of Work.........................................................................................................................8

A. Overview...........................................................................................................................8B. Required Tasks..................................................................................................................9C. Responder Proposed Tasks.............................................................................................16

IV. Schedule of RFP Activities....................................................................................................25A. Questions Regarding this RFP........................................................................................25B. Schedule of RFP Activities.............................................................................................25

V. Submission Instructions.........................................................................................................26A. Technical Proposal Contents...........................................................................................26B. Cost Proposal Contents...................................................................................................28C. Proposal Instructions.......................................................................................................29D. Proposal Evaluation........................................................................................................30E. General Requirements.....................................................................................................31

Sample Professional and Technical Services Contract..................................................................39Vendor Security and Compliance Questionnaire..........................................................................46Affidavit of Non-Collusion............................................................................................................54Certification Regarding Lobbying.................................................................................................55Workforce Certification Information.............................................................................................56Equal Pay Certificate.....................................................................................................................57Veteran-Owned Preference Form..................................................................................................58Resident Vendor Form...................................................................................................................59

Minnesota Department of Health

I. Introduction and Background

A. Statutory Authority and Purpose of this RequestThe Minnesota Department of Health (MDH), pursuant to its authority under Minn. Stat. §15.061 and §62U.04, is seeking proposals from qualified and cost-effective firms to provide services related to data collection, enhancement, and delivery for the Minnesota Health Care Claims and Reporting System. These services include but are not limited to: managing the annual registration process; migrating all existing data to the proposed data management platform (if applicable); secure and uninterrupted data collection and aggregation; performing reliable and transparent claims editing; and furnishing fully-processed and enhanced data extracts optimized to support MDH’s research and analytic goals.

The contract term will begin on approximately January 1, 2019 and continue for two years through December 31, 2020, with the option to extend an additional 3 years in increments determined by the State.

MDH intends to award a single contract as a result of this Request for Proposals (RFP). Responders, either directly or through their subcontractor(s), must be able to provide all products and services, and meet all minimum requirements outlined in this RFP. The successful responder (the Contractor) shall be responsible for all contract performance, regardless of subcontractor participation in the work.

B. History of the MN APCDThe Minnesota All Payer Claims Database (MN APCD), which was developed under requirements of the Minnesota Health Care Claims and Reporting System (MHCCRS), is a large-scale database that systematically collects and aggregates medical claims, pharmacy claims, and enrollment information from commercial health plans, third-party administrators, pharmacy benefits managers, Medicare and Medicaid. These data, which are de-identified consistent with federal regulations, represent the single most comprehensive view of health care in Minnesota – containing claims for approximately 89% of residents with health insurance coverage.

The MN APCD emerged as an essential component of the health care reform package enacted in 2008 by a bi-partisan Minnesota State Legislature and signed into law by then Governor Pawlenty. The reform package made investments into public health, expanded access to insurance coverage, authorized the establishment of health care homes, and set the stage for payment reform and price and quality transparency. Among other things, the reforms included the Provider Peer Grouping (PPG) initiative which was created to enable comparisons among providers on aspects of quality and costs of care. The MN APCD was built to provide the data needed to support these health care reform goals.

1

In 2014, and once more in 2015, the Minnesota Legislature modified the purpose of the MN APCD, by suspending the PPG initiative and authorizing in its place the use of the data to support the following goals:

1. Evaluate the performance of the state’s health care home program and the State Innovation Model initiative;

2. Study hospital readmission trends and rates in collaboration with the reducing avoidable readmissions effectively (RARE) campaign;

3. Analyze variations in health care costs, quality, utilization, and illness burden based on geographical areas or populations;

4. Compile one or more public use files of summary data or tables, and5. Perform an analysis of disease attributable spending for a number of select chronic

conditions and smoking exposure.

Data submission to the MN APCD began in mid-2009 and included de-identified enrollment and claims data for dates of service beginning on January 1, 2008. Since that time, the State has made significant investments in building the MN APCD data system and infrastructure, developing risk adjustment and outlier methodologies, and constructing provider directories. MDH has also established analytic expertise to promote data uses.

The Minnesota Administrative Rules relating to the MN APCD (Minnesota Administrative Rules, Chapter 4653) outline the annual registration requirement, establish the timeline and requirements for data submission, and provide detailed instructions on the content and file structure of data submissions (included by reference as the Data Submission Guide).

B.1 Annual Registration, Mandatory Data Submitters, and Size of Database

The annual registration requirement is outlined in the Rules.a All health plan companies, third party administrators (TPAs), and pharmacy benefit managers (PBMs) that provide insurance coverage to Minnesota residents must register by April 1 of every year with the MN APCD. The registration form includes information about the company subject to reporting, such as number of Minnesota covered lives, total claim volume, and total claim value for medical coverage and pharmacy coverage. Additionally, the annual registration form identifies whether the company uses a TPA, PBM, or mental health carve-out payer, and what the preferred data submission schedule to the MN APCD would be.b This annual registration process is centralized and managed by the current MN APCD vendor. A copy of the current annual registration form will be provided to the Contractor upon contract start, to ensure a seamless transition.

While all health plan companies, PBMs, and TPAs serving Minnesota residents must complete the annual registration, not all are required to submit data to the MN APCD. The following entities must submit enrollment data, pharmacy claims, and encounter and pricing information for institutional and professional health care claims, to the database. These organizations must submit data at least every six months, although it is highly recommended that they submit data monthly (see Exhibit 1 for data collection schedule):

Any health plan or TPA that paid at least $3 million in health care claims for covered Minnesota residents in the previous calendar year; and

a http://www.health.state.mn.us/healthreform/encounterdata/MHCCRSAppendices_final.pdfb The Administrative Rules allow for semi-annual reporting, but MDH strongly encourages monthly (preferred) or quarterly (second choice) reporting instead.

2

Any PBMs that paid at least $300,000 in claims for covered Minnesota residents in the previous calendar year.

Based on this definition, the MN APCD received 268 annual registrations in 2018 resulting in 51 active data submitters using 64 submitter codes. These active data submitters included the Minnesota Department of Human Services, which submits data on Medicaid enrollees, and MDH itself, which submits Medicare data received from the Centers for Medicare and Medicaid Services (CMS).

As of July 2018, the size of the MN APCD is as follows:

Stored by Data Vendor (sent by submitters)

Stored by MDH (received from Data Vendor)

Years of Data Included 1/1/2008 – 6/30/2018 1/1/2008 – 6/30/2018Medical Claims Received Each Year ~270 million ~200 millionRx Claims Received Each Year ~115 million ~85 millionTotal Number of Claims in Database ~3.5 billion ~2.4 billionUnique Covered Lives in Database 4.8 – 5.4 million/year 4.8 – 5.4 million/yearDatabase Size 6.5 TB 2.5 TB

The MN APCD is expected to continue to grow over time.

B.2 De-Identified Files and the Master Patient Index

Per the enabling legislation, all data submitted to the MN APCD must conform to the HIPAA Privacy Rule (Code of Federal Regulations, title 45, section 164.514). This means that the data cannot contain any direct patient identifiers such as name, date of birth, or any person-specific contract number that could identify an individual and the services he/she received.

To ensure that all data submitted to the MN APCD conforms to this de-identification requirement, the current MN APCD vendor provides data submitters with a pre-submission “hashing” tool which executes the SHA-512 hashing algorithm. This tool allows data submitters to process identifiable enrollment and claims data files locally, prior to submission to the MN APCD, and replaces all direct member identifiers contained in the Data Submission Guide with an unrecognizable but consistent hashed 128-character field. The table below identifies the Data Submission Guide fields which are currently hashed prior to submission; each of these fields generates its own hashed 128-character value.

3

Providing pre-transmission hashing software to all data submitters ensures that all direct member identifiers contained within the Data Submission Guide are hashed consistently and without exception. This process also allows data submitters to verify that all identifiers have been removed prior to submission to the MN APCD.

Once the hashed data is submitted to the MN APCD, the current MN APCD vendor uses the hashed values to create a unique member identifier which is added to every record. Combined, these unique member identifiers are known as the Master Patient Index (MPI). The unique member identifiers allow MDH to identify services received by the same (unidentified) individual over time and across payers.

The unique member identifier is created by looking across various hashed fields to account for different or “incorrect” hashed values that may result from misspelled names, transposed numbers, etc. While effective, the current MPI is imperfect and results in some individuals not being properly identified and matched. A competitive bid will improve upon the percentage of MN APCD members that continue to be tracked over time and across submitters. Some drop-off is inevitable; a result of individuals who lose coverage or are no longer enrolled with a MN APCD data submitter. Some of the member drop-off is due to the MPI methodology. Given that an efficient MPI is integral to the usefulness of MN APCD data, MDH would like to improve the current MPI method as much as possible.

B.3 Master Provider Directory

In addition to creating a MPI, the current MN APCD vendor is also responsible for developing and maintaining a Master Provider Directory. The Master Provider Directory consists of an unduplicated list of all healthcare providers and facilities that have associated claims in the MN APCD. For this, the current MN APCD vendor uses the provider data elements submitted in the MN APCD data files (none of which are hashed),c in combination with data from the National Plan and Provider Enumeration System (NPPES) and data provided by MDH directly (i.e. provider registry data and certification and licensing data). Although all provider data elements are un-hashed, provider “mastering” has proven difficult due to a lack of uniformity in how provider data is collected and reported and other data quality issues. In fact, on average, only about 72% of providers included in submitted MN APCD data are matched to an entry in the existing Master Provider Directory. Going forward, MDH would also like to improve this statistic as much as possible.

B.4 Impact of Recent Supreme Court Decisions on MN APCD Requirements

On March 1, 2016 the Supreme Court of the United States issued its decision in Gobeille v. Liberty Mutual Insurance Co,d holding that the state of Vermont could not require self-insured employers to submit health care claims data for use in the state’s APCD because they are preempted under the Employee Retirement Income Security Act.

While Minnesota’s statute differs significantly from Vermont’s in that it does not impose reporting requirements on ERISA governed self-insured employers (but rather on health plan companies, TPAs and PBMs), MDH provided guidance in the wake of the Gobeille decision to assist data submitters.e This guidance spells out a process by which reporting entities can comply with state law, while meeting

c MN does not collect a separate stand-alone provider file as part of the MN APCD submissiond Gobeille v. Liberty Mutual Insurance Company, No.14-181, 577 U.S. (2016)e Minnesota Department of Health, “Minnesota All Payer Claims Database Submission Requirements and Variance Management,” Fact Sheet; http://www.health.state.mn.us/healthreform/allpayer/apcdsubmissionrequirements.pdf

4

the preferences of certain employers regarding submission of their data to the MN APCD without conflicting with the Supreme Court’s ruling. Concurrently, MDH is working with self-funded employers to encourage them to continue to submit their data on a voluntary basis in order to maintain the integrity of the MN APCD.

C. Current Data Model and UsesThe current MN APCD vendor is responsible for collecting, aggregating, and enhancing the data received from data submitters, and subsequently, sending fully cleaned and processed data extracts to MDH.

Currently, these data extracts are delivered at irregular intervals to MDH in complete replacement files (i.e. each data extract includes all data received to date). The data is sent in several linkable data tables, totaling approximately 2.5 TB, in a text delimited format. MDH then makes two copies of the received data. One copy of the data is converted into SAS datasets. The second copy is loaded into an Amazon Redshift data warehouse and data marts are created as part of an ETL process. MDH staff access the MN APCD data via a suite of SAS analytic tools, BI tools, and a SQL client for Amazon Redshift. In the future, MDH hopes to reduce the reliance on SAS datasets and analytic tools, and primarily work in the Redshift data warehouse and data marts.

MDH uses the MN APCD data to develop timely, relevant, and empirically-based reports for policy-makers in the areas of access to care, quality of care, cost of care, and patterns of utilization (including treatment of chronic diseases). As part of this work, MDH attempts to answer questions about differences in health care use, opportunities regarding system delivery reform, the drivers of health care spending, and best practices in health care. MDH leverages its interdisciplinary staff and sometimes partners with analytic vendors to perform these analyses.

Recent MDH publications using MN APCD data include Patterns of Opioid Prescribing,f Commercial Case Price Variation among High Volume Inpatient Treatments,g and Treated Chronic Disease Costs in Minnesota.h MN APCD data uses are further outlined in a document published in October 2017 entitled “Current Uses of the MN APCD”.i

In March 2016, MDH issued the first MN APCD Public Use File and intends to publish additional ones at least annually. Public Use Files allow MDH to disseminate aggregated data in a way that protects sensitive information while giving data users meaningful data. MDH is also currently summarizing feedback it received in response to a Request for Information regarding how the MN APCD data should be used in the future. MDH hopes that this feedback will guide additional future uses of the data, such as the development of dashboards with information for a range of data users.

D.Current MN APCD Vendor in Relation to this RFPIn March 2014, MDH awarded a contract to Onpoint Health Data to serve as the MN APCD vendor. The contract term with Onpoint (the current MN APCD vendor) is expected to last

f http://www.health.state.mn.us/divs/hpsc/hep/publications/opioidbrief20185.pdf g http://www.health.state.mn.us/healthreform/allpayer/pricevariation.pdf h http://www.health.state.mn.us/divs/hpsc/hep/chronicdisease.pdf i See also http://www.health.state.mn.us/healthreform/allpayer/use_of_apcd_fact_sheet.pdf

5

through February 28, 2019, allowing for a 1-2 month overlap with any new Contractor.

If a new Contractor is selected, MDH is seeking to ensure a seamless transition between vendors, with minimal disruption to data collection and analytic efforts. The 1-2 month overlap period is meant to support that goal.

6

II. Minimum Qualifications

To be eligible for award, Responders must provide proof that they meet the following minimum qualifications:

1. At least five (5) years of experience collecting claims information from multiple health insurers in a prescribed data submission format;

2. At least five (5) years of experience in claims validation and at least five (5) years of experience in quality assurance;

3. At least five (5) years of experience in the secure management, storage, and transmission of HIPAA protected data that is compliant with federal rules and regulations;

4. At least five (5) years of experience designing and delivering data extracts that support analytic or research projects;

5. At least five (5) years of experience in medical claims analytics.

7

III. Scope of Work

A. OverviewMDH seeks to obtain the services of a data vendor with the capacity and technical expertise to perform all MN APCD data collection, aggregation, enhancement, quality assurance, and data delivery functions in a cost-efficient manner. To meet these objectives, the Contractor shall work collaboratively with MDH, its partners and stakeholders, as appropriate, on the following required tasks.

Task 1: Planning and Transition Task 2: Project Management and Documentation Task 3: Data Collection and Data Submitter Engagement Task 4: Data Quality Assurance Task 5: Data Enhancement Task 6: Data Storage Task 7: Data Delivery and Support Task 8: Ad Hoc Analyses

Responders must respond to all required tasks and are encouraged to propose enhancements to the required components of each task.

In addition, MDH is interested in Responder-proposed tasks outside of those listed above that can offer new analytic capabilities, functionalities or insights while adhering to MDH’s allowable uses of the data. Responders will have the opportunity to describe any proposed additional tasks, and the associated price, in their RFP response. Responders are not required to propose any additional tasks; this is purely optional.

This RFP does not obligate the state to award a contract or complete the project, and the state reserves the right to cancel the solicitation if it is considered to be in its best interest.

8

B. Required TasksAll tasks outlined below must conform to the Data Collection and Delivery Schedule found in Exhibit 1 and the Contract Milestones found in Exhibit 2. The Contractor will also need to comply with the Service Level Requirements found in Exhibit 3.

Task 1: Planning and Transition

The Contractor shall quickly and efficiently assume responsibility for all MN APCD data collection and aggregation in order to meet the deadlines set forth in this RFP. Importantly, the Contractor shall mitigate the data continuity risks associated with migrating MN APCD data to a new proposed data management platform.

Contractor shall:

1.1 Kick-Off and Project Plan: Facilitate a kick-off meeting with MDH to present a detailed Project Plan within ten business days of contract start. The Project Plan shall include all activities necessary to fulfill the requirements outlined in this RFP by the dates specified in this RFP. Contractor shall make changes to the Project Plan within five business days of MDH feedback. MDH shall approve the final Project Plan within five business days of receipt of a revised version. At a minimum, the Project Plan shall include:

i. Comprehensive transition-in plan which includes the following:a. Regular project team meetings;b. Steps to become familiar with all aspects of MN APCD

data collection and aggregation, including statutory and rule requirements and existing processes;

c. Development of a secure data exchange mechanism with the current MN APCD vendor to receive the following:

i Contact information and summary data for all current and previously registered health plans and MN APCD data submitters;

ii Copies of all quality audit reports previously sent to data submitters and MDH;

iii Copies of all “raw” un-processed historic data, as provided by data submitters, dating back to 2008;

iv A copy of the fully-processed MN APCD database with all value-added components (including the unique member identifiers and the Master Provider Directory) created and stored by the current MN APCD vendor;

v Copies of all data extracts sent to MDH, dating back to 2009, including a data dictionary which includes a description of all fields and how they were derived.

d. A method and timeline for migrating all historic MN APCD data to the Contractor’s proposed systems, including migrating both the “raw” unprocessed data as it was received from data submitters and migrating and retaining all fully-processed data;

9

e. A method and timeline for testing and implementing all processes necessary to begin registering health plans and receiving de-identified data no later than by the end of the current MN APCD vendor’s contract.

ii. Method and timeline for testing and implementing all other processes outlined in this RFP.

iii. Plan to work closely with MDH to understand their analytic needs so that extracts can be built and delivered at a frequency and in a way that best supports those needs.

1.2Transition-In: Execute all activities outlined in the transition-in plan [Task 1.1 (i)].

1.3Re-Process Historic Data: Re-process all historic “raw” MN APCD data (as received from data submitters) using the new approved business rules (Task B.2).

1.4Demonstration of Proposed Solution: Provide MDH with a live demonstration of the proposed solution for annual registration (Task III.1), data de-identification (Task III.2), variance request management (Task III.3), data collection (Task III.4), and data quality reports to submitters and MDH (Task 4.3), at least two weeks prior to the go-live dates. Contractor can use mock data, if necessary, to demonstrate these processes and shall be able to make changes based on MDH feedback prior to the go-live dates. Contractor will need to receive approval from MDH before beginning to communicate directly with data submitters.

Task 2: Project Management and Documentation

Contractor shall provide dedicated project management and detailed documentation of all data quality, data processing, and data security provisions so that MDH may review, understand, and communicate these items to stakeholders as needed.

Contractor shall:

B.1 Project Management: Provide expert, dedicated project management throughout the contract term to ensure deliverables are on time. Contractor shall meet with MDH regularly to communicate project status and risks. Contractor shall also be responsible for managing all members of the project team and any subcontractors, including communicating with subcontractors on behalf of MDH.

B.2 Business Rules Document: Develop and deliver a comprehensive, public-facing Business Rules document which is updated at least annuallyj. Contractor shall be able to make changes to

j MDH will make the Business Rules Document available to all users of the MN APCD data. Towards that end, MDH is particularly interested in transparent approaches to data aggregation, data quality, and data processing. MDH is not looking for a “black box” approach where all methods are considered proprietary and cannot be

10

the document and logic based on MDH review and feedback. The Business Rules document shall include the following:

i. Complete list and description of all data quality checks performed on submitted data, from initial data validation through full data processing;

ii. Description of how the de-identification solution will be used to develop unique member identifiers which allow MDH to track members longitudinally across payers and years of data. See Task III.2: De-Identification Solution and Task 5.1: Master Patient Index.

iii. Detailed explanation of the methodology used for enhancing the data, including the dependencies and limitations of the enhancements. See Task 5.3: Value-Added Components.

B.3Data Security Plan: Provide a comprehensive Data Security Plan, updated annually, that outlines how the Contractor shall ensure that MN APCD Data are kept secure in motion and at rest, in accordance with the Service Level Requirements found in Exhibit 3. Contractor shall provide evidence that the Data Security Plan has been implemented and shall be able to make changes to the Data Security Plan based on MDH review and feedback. The Data Security Plan shall include the following:

i. A description of the physical environment that will be used to store MN APCD data;

ii. A method for how data files will be encrypted end-to-end, from when they are sent to the Contractor to when they are transmitted to MDH;

iii. A method to limit data access to minimally necessary staff, including a list of those individuals with access to the data;

iv. A method to backup all MN APCD data;v. A strategy for disaster recovery/restoration in the event of a serious

incident;vi. A method for disposing of MN APCD data at the end of the contract, in

the case of defective hardware, or at MDH’s direction;vii. Procedures to notify MDH in the event of an unauthorized release or

system break;viii. Periodic updates to data security and encryption processes.

Task 3: Data Collection and Data Submitter Engagement

Contractor shall be responsible for annual registration and all front-end data collection and aggregation, including working directly with MN APCD data submitters.

Contractor shall:

III.1 Annual Registration: Implement and oversee a process by which health plans, TPA’s, and PBM’s can continue to register with the MN APCD with minimal disruption to the current process (see Section I.B1Annual Registration, Mandatory Data Submitters, and Size of Database). A copy of the current annual registration form will be provided to the Contractor immediately after contract start to ensure a seamless transition and retention of currently collected

disclosed.

11

information. MDH prefers that the annual registration process be web-based and accessible to MDH staff so that they can monitor the status of registrations. Annual registration information shall also be included in the MN APCD data extracts that are delivered to MDH so that MDH can include this information in downstream reports.

III.2 De-Identification Solution: Continue to provide all data submitters with a pre-submission hashing tool which executes the SHA-512 hashing algorithm and conforms to the statutory requirement of collecting only de-identified data. Contractor may propose improvements (or parallel processes) to the existing de-identification solution in order to develop more reliable unique member identifiers and/or propose a solution which would allow data submitters to retain a copy of their “pre-hashed” data for downstream troubleshooting.

III.3 Variance Request Management: Create and manage a process by which data submitters can request a variance from Data Submission Guide criteria (e.g. deadlines, thresholds, etc.). MDH strongly prefers that this process occur via an interactive, web-based interface through which data submitters may request, and monitor the status of, variance requests, with access for MDH staff to review, approve and track requests. Decisions to approve or deny requests will be made by MDH, but the Contractor shall perform the following:

i. Amend the current Variance Request Form to align with Contractor’s proposed methods and brand standards, retaining all existing collected information and adding additional fields such as requested by MDH. A copy of the current form can be found in Exhibit 4;

ii. Provide the Variance Request Form, as needed, to data submitters;iii. Track variance requests and notify data submitters at least 60 days prior

to their variance requests expiring;iv. Work closely with data submitters to confirm variance requests and

investigate whether workaround solutions can be found;v. Provide MDH with a recommendation of whether to approve/deny each

request and any downstream impact of the decision;vi. Maintain documentation of approved variance requests to inform

downstream data user guides so that data users can understand the limitations of the data;

vii. Include a well-organized report of all approved variance requests, as part of the MN APCD data extracts that are delivered to MDH so that MDH can include this information in downstream reports.

III.4 Data Collection: Implement a secure and flexible data collection process that allows for the encryption and transmission of de-identified data to the MN APCD. The data collection process shall include the following functionality:

i. Include a secure web portal that allows approximately 100 data submitters (each with multiple file types) to upload, transmit, and monitor data submissions to the MN APCD;

12

ii. Allow for monthly, quarterly, or semi-annual data submissions (based on the data submitters’ preferences);k

iii. Accommodate test data submission from new data submitters;iv. Accommodate re-submissions of data at any point in time;v. Permit changes to file content and structure based on changes to the

Data Submission Guide or approved variance requests;vi. Perform initial data quality checks to make sure that submitted data conforms to

the Data Submission Guide criteria prior to being accepted and loaded;vii. Provide feedback on initial data quality checks, including summary

statistics, back to data submitters within ten business days;viii. The ability to build-out and expand the intake of data in the future,

including the possible collection of non-claims data feeds; ix. Allow MDH to monitor the status of submissions and re-submissions.

III.5 Data Submission Management: Administer all rules, policies, and procedures related to the collection of data by the MN APCD. As part of this requirement, Contractor shall:

i. Retain the current MN APCD Data Submission Guide and reformat it as necessary to reflect the Contractor’s processes, contact information, and protocols and conform to the Contractor’s branding standards;

ii. Maintain documentation of data submissions, including requests for, responses to, and resubmissions;

iii. Provide MDH with monthly status reports on each data submitter with detailed disaggregation and dashboards;

iv. Make recommendations to MDH on appropriate updates or changes to the Data Submission Guide, on an annual basis;

v. Make updates to the Data Submission Guide based on MDH feedback.

III.6 Data Submitter Technical Assistance: Provide technical support to maximize data submitters’ ability to provide complete and accurate data that complies with Data Submission Guide criteria. As part of this requirement, Contractor shall:

i. Assist data submitters with implementing the data de-identification solution (Task III.2), completing variance requests (Task III.3) and submitting their data (Task III.4);

ii. Provide orientation and onboarding support to new data submitters, including assisting new submitters in mapping their in-house data to the established Data Submission Guide format;

iii. Facilitate at least four data submitter webinars each year during which project updates, FAQs, and milestones are communicated;

iv. Collaborate with data submitters to resolve data quality issues and determine whether resubmission is required;

k While the MHCCRS Rule allows for semi-annual reporting, MDH requests that all data submitters make every effort to follow a monthly reporting schedule to enable more timely use of the data. If submitters cannot submit data monthly, they are asked to submit data quarterly. Semi-annual reporting is the least preferable and the one least frequently followed. Contractor will need to build a flexible system capable of taking in data on different submission schedules.

13

v. Work in partnership with data submitters to establish a process for providing ad-hoc technical assistance.

Task 4: Data Quality Assurance

The quality of MN APCD-derived reports and analyses is only as good as the quality of the underlying data. Contractor shall implement a comprehensive and transparent data quality strategy that ensures that all data collected and provided to MDH is as complete and accurate as possible, that limitations are fully understood, and that deficiencies are communicated to both data submitters and MDH.

Contractor shall:

4.1Data Quality Checks: Implement a comprehensive and multi-tiered data quality plan that identifies data quality issues in submitted and processed data. All data quality checks shall be detailed in the Business Rules Document (Task B.2) and shall be listed, and signed off on, as part of the Data Extract Documentation (Task 7.2). The Contractor shall be able to make changes to their data quality checks based on MDH review and feedback.

4.2Data Quality Resolution: Triage, track, and follow-up on all identified data quality issues to deliver a fix within seven calendar days or two calendar weeks, for Major and Minor Issues/Errors, respectively. See Exhibit 3, Section 3: Data Quality and Error Response, Service Level Requirements.

4.3Data Quality Reports: Communicate data quality issues, to both MDH and data submitters, in an easy to understand format. Contractor shall be able to make changes and additions to the Data Quality Reports based on MDH feedback. As part of this requirement, at a minimum, Contractor shall:

i. Provide initial data quality checks back to data submitters within ten business days of receiving each file (Task III.4);

ii. Provide an easy-to-understand, annual data quality report to MDH (by payer and line of business) and each individual submitter, within 75 calendar days of years’ end, which includes the following:

a. A cover page with identified data quality issues, data limitations, and active/approved variance requests;

b. Demographic summary data (e.g. member counts, percent male);c. Summary utilization and cost data for medical and pharmacy claims (e.g.

total costs, number of users, number of scripts, PMPM, number of births, lists of MDCs for hospital visits, number of ED visits);

d. Financial variable diagnostics (e.g. rolling dollar amounts for paid services in each month);

e. Master Patient Index survival analysis (Task 5.1) and Master Provider Directory report (Task 5.2).

Task 5: Data Enhancement

14

Contractor shall employ industry standard tools and methodologies to enhance and consolidate the data received from data submitters to support MDH’s goals and allowable use cases. Responders are welcome to propose additional data enhancements as part of the required components below.

Contractor shall:

5.1Master Patient Index: Develop reliable and unduplicated unique member identifiers, specific to the MN APCD, which can be used to track members longitudinally across payers and years. Monitor and document effectiveness of the MPI via “survival analyses” which are delivered to MDH as part of the annual data quality report (Task 4.3).

5.2Master Provider Directory: Develop an improved, unduplicated list of all healthcare providers and facilities that have associated claims in the MN APCD. For this, Contractor will receive the existing Master Provider Directory and other data from MDH such as the statewide provider registry data, and certification and licensing data. Contractor shall monitor and document the extent to which providers in the MN APCD data can be “mastered”/clustered to an existing record in the Master Provider Directory, and include this summary as part of the annual data quality report (see Task 4.3).

5.3Value-Added Components: Enhance the data in the following ways and provide full documentation in the Business Rules Document (Task B.2);l

i. Identify claims that may be adjudicated multiple times to ensure that the fully-processed data sent to MDH reflects the most current adjudication for each claim, based on submitters’ specific claim versioning processes. This process is also known as claims versioning;

ii. Accurately link professional, institutional, and pharmacy claims data to identify distinct episodes of care;

iii. Assign all institutional claims with a code as generated by the following grouper software products:

a. Medicare Severity DRG Grouper (MS-DRG)b. 3M’s All Patient Refined Diagnostic Related Group (APR

DRG)c. Ambulatory Payment Classification (APC)

iv. Assign identifiers that allow for rolling up of records into a single inpatient stay;v. Attribute patients to primary care providers. This involves leveraging the Master

Provider Directory and linking it to member and claims records, using a proposed attribution methodology.

Task 6: Data Storage

Contractor shall:

l Aside from the software that MDH has already invested in (i.e. Task 5.3 iii), MDH prefers open-source methodologies for which full documentation can be provided

15

1.1Data Storage Solution: Provide a secure and scalable data storage solution that complies with the approved Data Security Plan (Task B.3) and provides the following minimum functionality:

i. Allows the storage of all years of MN APCD data (2008–current) including the “raw” data as received from data submitters, the historic fully-processed data as provided by the current MN APCD vendor, and the re-processed data (Task 1.3);

ii. Allows the storage of all data submitter correspondences, including annual registrations, variance requests, data validation reports, phone call logs, etc.;

iii. Provides storage that is physically and virtually segregated from the Contractor’s other activities, projects, and researchers;

iv. Can archive data, as directed by MDH.

Task 7: Data Delivery and Support

Contractor shall:

7.1Quarterly Full MN APCD Extract(s): Up to four times a year, deliver fully-processed, enhanced, and unduplicated claims extracts to MDH no later than 30 calendar days after collection of the data from submitters (see Exhibit 1: Data Collection and Delivery Schedule). These extracts shall reflect the most current version of all enrollment and claims data and be delivered in a way that supports MDH’s analytic needs and allowable uses. Contractor shall be able to make changes to the extract layout, format, and contents based on MDH feedback.

7.2Data Extract Documentation: Provide a Data Quality Checklist and Data Dictionary along with each extract. The Data Quality Checklist should include a signed off on list of all validations performed on the data, any notable findings, and trends across time. The Data Dictionary should include a full description of each data element in the extract and how it was derived.

7.3Technical Assistance to MDH: Provide technical support to MDH staff to understand the content and structure of extracts and ensure that extracts are compatible with MDH’s data model, data warehouse platform, and analytic software. See Section I.C: Current Data Model and Uses. At a minimum this shall include:

i. Regular training sessions for MDH staff to provide training on data collection, data structure, and data use;

ii. Ongoing technical assistance and troubleshooting, with knowledge of the software, language, and code sets used as part of the MN APCD, such as SAS EG, SAS VA, Redshift, SQL, Redbook, CPT codes, HCPCS, NPPES, etc.

Task 8: Ad-Hoc Analyses

16

MDH may ask the Contractor to conduct additional analyses or produce additional data sets or reports to support future research and analytic goals. These ad-hoc activities will be agreed to in writing, by both MDH and the Contractor, before any work begins. If ad-hoc analytic support is requested, the Contractor will be expected to use the hourly rates provided in the associated section of the Cost Proposal to price out the work.

C. Responder Proposed TasksResponders may choose to propose additional tasks that improve upon the existing MN APCD processes or offer new analytic capabilities, functionalities or insights while adhering to MDH’s allowable uses of the data. Responders are not required to propose any additional tasks; this is purely optional. Two examples of other tasks which responders may propose, follow:

Example #1: Medicare Data Custodian

Serve as the CMS-approved Medicare Custodian for data sets obtained through the State Agency Request Program. Currently, MDH receives the data directly and acts as a data submitter (e.g. de-identifies the data locally and submits it to the current MN APCD vendor). As part of this requirement, Contractor would be required to perform the following:

i. Receive the data directly from CMS and meet the CMS requirements to obtain and store protected health information;

ii. De-identify the CMS data using the solution outlined in Task III.2;iii. Encrypt and store all direct identifiers received from CMS in a location

separate from the rest of the MN APCD data;iv. Integrate the CMS de-identified data with the rest of the MN APCD data,

according to the same requirements in Tasks 4, 5, 6, and 7.v. Assist MDH in preparing and submitting requests for newly available

Medicare data.

Example #2: Data Hosting

Implement and manage a solution which enables MDH to access the fully-processed and enhanced MN APCD data in an environment hosted by the Contractor (e.g. an “enclave”, “cloud”, or another hosted environment).

.

17

Exhibit 1: Data Collection and Delivery Schedule

MDH requests that all data submitters make every effort to follow a monthly reporting schedule to enable more timely use of the data. If submitters cannot submit data monthly, they are asked to submit data quarterly. Semi-annual reporting is the least preferable and the one least frequently followed. Contractor will need to build a flexible system capable of taking in data on different submission schedules.

Reporting Period±

Monthly Submission Deadline

Quarterly Submission Deadline

Semi-Annual Reporting Deadline

Fully-Processed and Enhanced Data Extract Sent to MDH (w/ Data Dictionary)

Annual Data Quality Report*

October 11/30 4Q by 1/31 October – March by 6/30

No later than 3/1

No later than 3/15 for the previous years’ data

November 12/31December 1/31January 2/28 1Q by 4/30 No later than 6/1February 3/31March 4/30April 5/31 2Q by 7/31 April – September by

12/31 No later than 9/1

May 6/30June 7/31July 8/31 3Q by 10/31 No later than 12/1August 9/30September 10/31

±Reporting content includes all claims adjudicated during that month* Initial data quality reports are due back to data submitters within ten business days of receiving each file and the annual data quality report is due to submitters/MDH within 75 calendar days of years’ end. Responders may also propose additional data quality reports and checks.

18

Exhibit 2: Contract Milestones

RFP Task Task/Deliverable DeadlineAnticipated Contract Start January 1, 2019

1.1 Kick-Off and Project Plan Contract start + 2 weeks2.2 Business Rules Document Contract start + 4 weeks2.3 Data Security Plan Contract start + 4 weeks1.2 Transition-In Completed Contract start + 7 weeks1.4 Demonstration of Annual Registration,

De-Identification, Variance Request, and Data Collection Processes

Contract start + 7 weeks

3.1 – 3.4 Annual Registration go-liveData De-Identification go-liveVariance Request Management go-liveData Submission Portal go-live

Contract start + 9 weeks

1.3 Re-Process Historic Data Contract start + 4 months7.1 – 7.2 First Fully-Processed and Enhanced Data

Delivered to MDH, with Data DictionaryContract start + 6.5 months

19

Exhibit 3: Service Level Requirements

Contractor shall comply with the following Minimum Service Level Requirements:

I. General Requirements

i Location. Any server storing or hosting MN APCD data or providing services to MN APCD must be located in the United States. MDH is also comfortable with a cloud data storage solution.

ii Privacy and Security Breach Notification. Contractor shall adhere to all applicable federal, state and local laws and regulations regarding privacy and information security. Contractor shall notify MDH immediately, but in no case in more than twenty-four (24) hours, upon becoming aware of any actual or reasonably suspected unauthorized access to or disclosure of MN APCD data or a major security incident affecting any MN APCD component or supporting infrastructure.

iii Availability of Data Collection Portal:i Availability. The MN APCD Data Collection portal shall be available no less

than 99 percent of the time, 24 hours per day, 7 days per week, 365 days per year, less Excluded Downtime.

ii Excluded Downtime. All regularly scheduled maintenance must be performed during the hours of 12:00AM (Central) on Saturday to 11:59PM (Central) on Sunday. Additional maintenance may be performed outside of this window if reasonably deemed necessary; Contractor must provide advance notice of such additional maintenance as soon as reasonably practicable.

iii Unplanned Downtime. Downtime of more than 1 percent in any given month will result in credits to MDH as set forth in Table 1 below.

iv System Failure Recovery. Contractor shall provide for a recovery from system failure (information technology, telecommunications, or related or comparable failure) in the shortest possible time with minimal loss of data, or a maximum of ten calendar days, whichever is shortest.

v System Backup: Contractor shall perform system backups of all data collected, compiled, analyzed, formatted and stored for delivery or transmittal to MDH.

i Contractor shall perform daily incremental backups and full weekly and monthly backups of all volumes of servers.

ii Daily backups shall be retained for one month, weekly backups shall be retained for one year, and monthly backups shall be retained for the duration of the contract.

iii Backups shall be stored in a location that is separate or distinct and discrete from the main operational and technical systems that the Contractor relies on for regular operations.

vi System Failover Capacity. Contractor shall ensure that, in the event of a failure (information technology, telecommunications, or related or comparable failure) of any operational and technical MN APCD components, Contractor has arranged for failover/contingency capabilities that ensure minimal disruption to operations.

20

II. Contractor’s Responsibilities. Contractor shall:

i Escalation Response. Respond to any request from MDH regarding escalation relative to the services in the Contractor’s scope of work as promptly as possible, but in no event later than eight business hours from delivery of the request by MDH.

ii Deliverable Deadlines. Deliver all deliverables to MDH by the deadlines specified in this RFP (Exhibit 1 and Exhibit 2). If the Contractor anticipates issues with meeting deadlines, the Contractor shall report to MDH the reasons why the deadline cannot be met, the revised timeline for delivery, and proposed mitigation strategies to prevent future delays. The Contractor shall deliver this report to MDH at least five (5) business days prior to the scheduled deliverable deadline. Based on this report, MDH may choose to grant an extension for the deliverable.

i Acceptance Criteria. MDH will notify the Contractor if deliverables have been accepted, or have failed to meet expected standards, within fifteen (15) business days of receiving the deliverable (MDH will make every effort to meet this timeframe, however if MDH does not send feedback within fifteen business days, delivery schedules will be adjusted accordingly). The Contractor shall revise and re-send the deliverable within ten (10) business days of receiving feedback. If the revised deliverable is still not acceptable to MDH, the Contractor shall be subject to Service Level Requirement (SLR) credits as described in Table 1 for each deliverable that is deemed unacceptable.

iii Telephone Support. Ensure availability of knowledgeable staff members to provide telephone support to MDH and data submitters between the hours of 9am and 5pm Central Time, Monday through Friday, for the entire Contract term. Maintain one or more telephone numbers operable 24 hours a day, 7 days a week for use by MDH for providing notice of errors or otherwise requesting support under the Contract.

iv Maintenance and Support. Provide maintenance and support services to MDH for the MN APCD as follows:

i The testing and monitoring of the features and functionality of the MN APCD interfaces (Annual Registration portal, data submission portal, de-identification method) and data quality and integrity, reporting any anomalies or errors to MDH immediately;

ii Notify MDH of any changes to the MN APCD data that could alter the analyses performed by MDH

iii Notify MDH of any data breach iv Reports on data submissions by payer, year, etc.v Reports of mergers, closing of payer plans and which plans members migrate to

(if available)

III. Data Quality and Error Response. Immediately upon identifying a data quality issue or error or receiving notice from MDH of a data quality issue or error, Contractor shall respond to the data quality issue or error according to the timeline below. When reporting an issue or error to Contractor, MDH shall identify the issue/error as a Major Issue/Error or a Minor Issue/Error. If Contractor identifies an issue/error, Contractor shall immediately notify MDH and identify the issue/error as a Major Issue/Error or a Minor Issue/Error based on Contractor’s initial evaluation.

i In the event of a Major Issue/Error, Contractor shall either respond to the MDH’s notice of such error or notify MDH of its identification of a Major Issue/Error, in

21

no less than 4 hours. Contractor shall immediately initiate work on developing a workable solution to MDH’s satisfaction. Contractor shall deliver a work-around solution for the Major Error and install such work-around in accordance with the Agreement, within forty-eight (48) hours of report of the issue/error. Contractor shall use reasonable efforts to deliver a fix for the Major Error and install such fix within seven calendar days of report of the issue/error. If Contractor is unable to deliver a fix within seven days, Contractor shall deliver a good faith estimate of the time necessary to resolve the error.

ii In the event of a Minor Issue/Error, Contractor shall either respond to MDH’s notice of such error or notify MDH of its identification of the Minor Issue/Error, in no less than 72 hours. Contractor shall provide a fix to the Minor Issue/Error, to MDH’s satisfaction, as soon as reasonably possible, but in no event later than two calendar weeks after report of the issue/error.

IV. Service Level Credits. Service Level Credits are applied in instances in which Contractor fails to meet the Service Level Requirements. Beginning with the Contract start date, performance against established Service Level Requirements will be credited according to Table 1, using the same frequency as invoicing. Service credit percentages are related to the total invoice amount. For example, an invoice for $50,000 to which a 5% credit was applied, would be reduced by $2,500. MDH may apply Service Level Credits to the Contractor’s submitted invoice, or accumulate such factors across a calendar year, at its sole discretion.

Table 1: Service Level Credits Service Level Requirement

Standard Method of Calculation of Credit

Data Submission Portal Uptime

>99% less Scheduled Downtime

Uptime related credits will be calculated according to Uptime ranges as follows (based on monthly Uptime measurement):

<98.0% = 5% credit98.0% ≤ x < 99.5% = 1% credit

Uptime percentage will be calculated to the first decimal point only for purposes of applying credits.

Data Documentation (Project Plan, Data Security Plan, Business Rules Document, Data Dictionary, Data Quality Report)

Delivery by date specified in Exhibit 1 and 2 and updated annually

Delays in annual documentation deliverables = 5% credit per week late.

Deliverable deemed unacceptable by MDH = 2% credit per deliverable. If deliverables are not re-submitted within 5 business days of MDH feedback, credits for late delivery will apply.

Data Collection/ Processing/ Transmission of Data Extracts

Delivery by date specified in Exhibit 1 and 2

Delays in data collection/processing/transmission of data extracts = 2% credit per day late.

Deliverable deemed unacceptable by MDH = 2% credit per deliverable. If deliverables are not re-submitted within 5 business days of MDH feedback, credits for late delivery will apply.

22

Exhibit 4: Current Variance Request Form

Minnesota Health Care Claims Reporting SystemMinnesota Rules Chapter 4653

VARIANCE PROCEDURESMinnesota Rules 4653 establishes the Minnesota Health Care Claims Reporting System and identifies the entities that must submit data, the data to be submitted, and the submission procedures. Minnesota Rule 4653.0500 provides for two types of variances for data submitters: (1) a rule variance for submission of specific data elements or submission specifications and (2) a threshold variance for meeting a specified threshold.

1.) Rule Variance Petition

THE PETITION FOR A RULE VARIANCE REQUEST MUST INCLUDE THE FOLLOWING:

a. The name, address, telephone number, and email address of the person or entity for whom a variance is being requested

b. A description of and citation to the specific portion of the rule for which a variance is requested;c. The variance requested, including the scope and duration of the varianceD. The reasons that the petitioner believes justify a variance, including a signed statement attesting

to the accuracy of the facts asserted in the petition E. ALL OF THE FOLLOWING CRITERIA MUST BE DEMONSTRATED:

Failure to grant the variance would result in hardship or injustice to the data submitter (Note: A showing that compliance with the rules requires expenditure of resources does not, by itself, constitute a demonstration of hardship or injustice);

The rule variance would be consistent with the public interest (Note: Public interest is presumed to be served by obtaining data that is as complete as possible); and

The variance would not prejudice the substantial legal or economic rights of any person or entity. (Note: The fact that a data submitter is close to the cut-off for health plan companies and third-party administrators or the cut-off for pharmacy benefit managers does not, by itself, constitute evidence satisfying any of the criteria.)

f. A history of the agency’s action relative to the petitioner, as relates to the variance requestg. Mail to: Diane Rydrych, Director, Division of Health Policy | Minnesota Department of Health |

P.O. Box 64882 | St. Paul, MN 55164-0882

2.) Threshold Variance Request

TO BE GRANTED A VARIANCE FOR A THRESHOLD REQUIREMENT, A DATA SUBMITTER MUST DEMONSTRATE THAT IT MEETS EACH OF THE FOLLOWING CRITERIA:

a. A good faith reason that it is unable to meet the standard threshold;b. The proposed alternative threshold; andc. The basis for the proposed alternative threshold.

Threshold variance requests should be submitted on the attached form to: mn-support@onpointhealthdata.org

23

THRESHOLD VARIANCE REQUEST

Date: _______________

Submitter Number: ________________

Company Name: _______________________________________________

Contact Person: _______________________________________________

Mailing Address: ________________________________________________

Email Address: __________________ _______________________________

Telephone Number: _________________________________________________

USE THE TABLE BELOW TO LIST EACH DATA ELEMENT FOR WHICH A THRESHOLD VARIANCE IS REQUESTED IN THE CORRESPONDING COLUMNS.

1. Indicate the data element number and the data element name. 2. Enter the proposed threshold percentage. 3. List the data period for which the variance is requested. Do not enter the

dates you intend to submit the data; instead enter the covered data periods (e.g., 4/1/15 – 5/31/15).

4. Describe why your company is unable to meet the standard threshold and how you determined the proposed threshold. Include in your description details regarding plans on improving data submission for this element.

Data element # / Data element name

Proposedthreshold

Variance dataPeriod requested

Reason unable to meet standard threshold and a plan on how to improve capturing the data element in the future

Submission of this request is an attestation that all facts asserted on this form are accurate.

24

IV. Schedule of RFP Activities

A. Questions Regarding this RFPQuestions regarding this RFP should be emailed to Health.APCD@state.mn.us. All questions received by the deadline outlined in B.3: RFP Task Timeline will be de-identified, answered, and compiled into a Question & Answer Document. The Question & Answer Document will be published on the date outlined in B.3: RFP Task Timeline on the MDH website.

Other personnel are NOT authorized to discuss this RFP. Contact regarding this RFP with any other personnel could result in disqualification.

B. Schedule of RFP Activities

B.1 Conference Call with Prospective Responders

To assist in the preparation of responses, a conference call will be held on the date specified in Section IV. B.3: B.3 RFP Task Timeline. This conference call will serve as an opportunity for MDH to provide an overview of the RFP and may include answers to RFP questions previously submitted in writing. The conference time and call-in information will be posted to the MDH website. The conference call will be recorded and hosted on the MDH website for responders who are unable to attend.

B.2 Onsite Demonstrations

After a review of proposal responses, MDH may invite top-scoring vendors to demonstrate their services, tools, and capabilities, as well as to introduce key personnel to the RFP Evaluation Committee, onsite in Saint Paul, MN. If scheduled, these demonstrations will take place on approximately the dates specified in Section IV:B.3: B.3 RFP Task Timeline.

B.3 RFP Task Timeline

This timeline outlines the tentative schedule for this RFP:

RFP Release Date October 1, 2018Due Date for Questions October 8, 2018Conference Call with Prospective Responders October 15, 2018Question & Answer Document Posted October 17, 2018Proposal Deadline November 5, 2018Anticipated Onsite Demonstrations November 26 – November 30,

2018Notice of Intent to Contract December 7, 2018Contract Start Date January 1, 2019

25

V. Submission Instructions

A. Technical Proposal ContentsResponders must submit the following as part of their Technical Proposal. Technical proposals must adhere to the page limitations outlined below and be typed in single-spaced 12-point font.

1. Project Overview (2-page limit). A clear and concise summary of the Responder’s understanding of MDH's needs and intended results, including a description of the value that the Responder brings to the project.

2. Minimum Qualifications (2-page limit). A description of how the Responder meets the minimum qualifications outlined in Section II: Minimum Qualifications.

3. Approach to Required Tasks (15-page limit): A description of the proposed strategy and/or methodology to implement the required tasks, including a description of any proposed enhancements. Responders should address each task one by one, making sure to specifically address the following for each task:

a. Task One: How Responder proposes to mitigate the data continuity risks associated with assuming responsibility for MN APCD data functions, including transition activities which demonstrate an understanding of the steps necessary to begin data collection.

b. Task Two: A discussion of the project management plan, including who will serve as the primary point of contact for MDH, how they will oversee all project activities, and the plan for communicating with MDH. The Responder should also discuss in detail their proposed data security provisions to ensure that MN APCD data are kept secure at motion and at rest.

c. Task Three: The proposed solution for annual registration, de-identification, variance request management, and data collection, including the role (if any) that the Responder expects MDH to play in these processes.

d. Task Four: A discussion of what data quality checks the Responder proposes to implement (initial data intake checks are a requirement), the frequency of these checks, and when in the data processing cycle the checks will occur;

i. Discussion of how the Responder proposes to collaborate with MDH to effectively manage and resolve data quality issues;

ii. Discussion of who will serve as the front-line data quality staff and when and to whom the issue will be escalated and communicated;

iii. Limitations of proposed data quality checks and how they will be refined over time;

iv. Description of system that will be used to track and prompt follow-up on all data quality questions, from initial communication to issue resolution;

v. Proposed format and content of annual data quality reports to MDH and data submitters.

e. Task Five: How Responder proposes to create a better Master Patient index leveraging the de-identification solution, and a

26

description of the methods that the Responder will employ to provide all value-added enhancements.

f. Task Six: A description of the proposed data storage solution.g. Task Seven: A proposed format and structure for data extracts

delivered to MDH that is optimized for MDH’s data warehouse and preferred analytic software, including:

i. How many files/tables will be delivered as part of each extract and in what format;

ii. How quickly extracts can be delivered after data collection (30 days or faster);

iii. Whether MDH will be able to change the format and/or content of extracts, what type of changes would be permissible, and how much lead-time would be necessary to make the changes;

iv. Whether the extracts would be a complete replacement of all data to date (the current model) or whether extracts would be incremental. If incremental, Responder should address in what increments and how MDH would need to update existing data stores to accommodate the change.

h. Task Eight: Statement that Responder would be available for ad-hoc analyses, if needed.

4. Response to Responder-Proposed Tasks (2 pages per Task): Responders may choose to propose additional tasks that offer new analytic capabilities, functionalities or insights while adhering to MDH’s allowable uses of the data. Responders are not required to propose any additional tasks; this is purely optional.

5. Work Plan (no limit). Responders shall include a detailed work plan that identifies the timeline for the major tasks and deliverables. The work plan should be depicted in a table or by some other graphical means and must align with the dates outlined in Exhibit 1 and Exhibit 2.

6. Organizational Background and Experience (6-page limit plus references). An outline of the Responder's organizational structure and background and experience with similar work. This section should include the following:

a. A description of the Responder’s organization;b. A description of any experience with the Qualified Entity Certification Program,

supporting a Qualified Entity, or including Medicare data in reports;m

c. A description of the Responder’s experience with software, language, and code sets used as part of the MN APCD, such as SAS Enterprise Guide, SAS Visual Analytics, Amazon Redshift, SQL, Medi-Span/First Data Bank/Red Book, CPT, ICD, HCPCS, NPPES, etc.

d. Three client references, with contact information, which can attest to the Responder’s ability to provide services similar to those requested in this RFP;

e. If a subcontractor is proposed to complete the required tasks, Responders should describe their relationship with the proposed subcontractor, with examples of prior collaborations and a strong justification for choosing them. If a subcontractor is proposed, a fourth reference for the subcontractor’s work should be provided;

m MDH has completed Phase 1 of the QECP process, however, has decided to put the application process on hold. In the future, MDH may revisit the Phase 2 requirements and decide to pursue the certification.

27

f. A statement regarding any staff or organizational, actual or perceived, conflict of interest.

7. Staffing Plan (3 pages plus resumes). A description of the personnel (including any subcontractors) proposed to carry out the project, including:

a. Their proposed project role/title:b. Their percent effort on the project (%FTE), including any differences in their

percent effort during start-up and then ongoing day-to-day operations;c. Their relevant work experience;

In addition to the narrative description, Responder should provide resumes for each key staff member. Resumes or other information about project personnel should not, if possible, contain personal telephone numbers, home addresses or home email addresses. If it is necessary to include personal contact information, please clearly indicate in the proposal that personal contact information is being provided.

8. Response to Sample Technical and Professional Services Contract (no limit). Responders should review the standard contract terms and conditions provided in the Sample Technical and Professional Services Contract found at the end of this RFP and respond in the following ways:

a. Transition-Out Plan: Propose transition assistance services that the Responder will perform upon termination or expiration of the contract, to transition the MN APCD to the State or a third party designated by the State with minimal disruption to necessary processes. These transition assistance services may include developing a work plan for the transition of services; delivering data to the State or a third-party; meeting regularly with the State or a third-party for a specified period of time to ensure a smooth transition; and/or providing ad-hoc resources or consulting services for a specified period of time. The proposed Transition-Out Plan will be evaluated, negotiated, and included in the resultant contract.

b. Provide a written statement that if awarded a contract, the Responder will accept the standard contract terms and conditions without exception; or provide a red-lined version of the Sample Technical and Professional Services Contract that clearly shows each proposed exception/modification. Only those exceptions indicated in the RFP response will be available for discussion or negotiation.

9. Accessibility. A completed Policy Driven Adoption Assessment (PDAA) worksheet. A copy of this PDAA worksheet (Excel) can be found here: https://mn.gov/mnit/about-mnit/accessibility/it-procurement.jsp. Responders should complete the tabs entitled “organization” and “assessment”, and then include both sheets as part of their response.

10. Additional Forms: Submit the following forms:A. IT Vendor Security Compliance QuestionnaireB. Affidavit of Non-CollusionC. Certificate Regarding Lobbying D. Workforce Certification E. Equal Pay Certificate Form F. Veterans Preference Form (if applicable)G. Resident Vendor Form (if applicable)

28

B. Cost Proposal Contents1. Cost Proposal. Responders should indicate their proposed cost for each required and

optional task, by year, using the provided excel template entitled “Cost Proposal Template”. Responders should complete each of the following three tabs in the cost template and then copy and paste each tab/worksheet into the cost proposal document:

a. Task 1-7 Requiredb. Task 8 Rate Cardc. Responder-Proposed Tasks (if applicable)

The hourly rates provided in the “Task 8 Rate Card” will be used to price out any ad-hoc analyses authorized under Task 8.

2. Cost Description. Responders should describe the costs in their cost proposal, including assumptions underlying the cost estimates and a justification for expenditures.

MDH has estimated that the cost of this contract should not exceed $800,000/year for Tasks 1-7 over a two-year term (i.e. not including ad-hoc analyses or other, responder-proposed tasks).

C. Proposal Instructions1. In one envelope:

A. Submit one (1) original paper copy of the technical proposal, including the following additional forms:

Relevant sections of PDAA worksheet IT Vendor Security Compliance Questionnaire Affidavit of Non-Collusion Certificate Regarding Lobbying Workforce Certification Equal Pay Certificate Form Veteran-owned Preference Form (if applicable) Resident Vendor Form (if applicable)

B. Submit four (4) paper copies of the technical proposal only (not the additional forms)

C. Include one (1) flash drive with a copy of the technical proposal and additional forms, in both MS Word format (where applicable) and in PDF format.

D. Label the envelope with the firm’s name and “Technical Proposal – Data Aggregation Vendor for the MN Health Care Claims and Reporting System”.

2. In a second envelope: Submit one (1) paper copy of the Cost Proposal and one (1) flash drive with a copy of the cost proposal, in a separately sealed envelope clearly labeled on the outside with the firm’s name and “Cost Proposal – Data Aggregation Vendor for the MN Health Care Claims and Reporting System”.

29

3. All proposals must be mailed or delivered to:

FedEx/UPS to deliver to:Golden Rule BuildingMinnesota Dept. of Health85 East 7th Place, Suite 220Saint Paul, MN 55101Attn: Karl Fernstrom, HEP, 3rd Floor

Regular Post Office delivery to:Golden Rule BuildingMinnesota Dept. of HealthPO Box 64882Saint Paul, MN 55164-0882Attn: Karl Fernstrom, HEP, 3rd Floor

All proposals must be received no later than 2:00 p.m., Central Time on the date specified in Section IV:B.3: RFP Task Timeline

Late proposals will not be considered.

All costs incurred in responding to this RFP will be borne by the responder.Fax and email responses will not be accepted or considered.

D.Proposal EvaluationAll responses received by the deadline will be evaluated by representatives of MDH. Proposals will first be reviewed for responsiveness to determine if the Mandatory Requirements (see below) have been met. Proposals that fail to meet Mandatory Requirements will not advance to the next phase of the evaluation. The State reserves the right, based on the scores of the proposals, to create a short-listing of vendors who have received the highest scores to interview, or conduct demonstrations/presentations. The state reserves the right to seek best and final offers from one or more responders. A 100-point scale will be used to create the final evaluation recommendation.

Mandatory Requirements (Scored as Pass/Fail)

The following will be considered on a pass/fail basis in order to advance to the next phase of evaluation:

1. Proposals must be received on or before the due date and time specified in this solicitation;

2. At least five (5) years of experience collecting claims information from multiple health insurers in a prescribed data submission format;

3. At least five (5) years of experience in claims validation and a least five (5) years of experience in quality assurance;

30

4. At least five (5) years of experience in the secure management, storage, and transmission of HIPAA protected data that is compliant with federal rules and regulations;

5. At least five (5) years of experience designing and delivering data extracts that support analytic or research projects;

6. At least five (5) years of experience in medical claims analytics.

Evaluation Factors (Scored based on percentage or points as indicated)

The factors and weighting on which proposals will be judged are:

1. Project Overview 5%2. Approach to Tasks, PDAA Worksheet, Work Plan, and Transition-Out Plan 35%

3. Organizational Background, Experience, and Staffing Plan 30%4. Cost proposal 30%

Cost proposals will be evaluated as follows:

The proposal with the lowest cost will receive the total amount of available points (30 points). Other cost proposals will be scored proportionately utilizing the following formula:

Price of lowest cost proposal / Price of proposal being evaluated X 30 available points

Example: If the lowest cost proposal is $500,000 and the cost of the proposal being evaluated is $535,000 then the score of the proposal being evaluated is:

500,000 / 535,000 = 0.9346 X 30 available points = 28

E. General Requirements

Affidavit of NoncollusionEach responder must complete the attached Affidavit of Noncollusion and include it with the response.

Conflicts of InterestResponder must provide a list of all entities with which it has relationships that create, or appear to create, a conflict of interest with the work that is contemplated in this request for proposals. The list should indicate the name of the entity, the relationship, and a discussion of the conflict.

Proposal ContentsBy submission of a proposal, Responder warrants that the information provided is true, correct and reliable for purposes of evaluation for potential contract award. The submission of inaccurate or misleading information may be grounds for disqualification from the award as well as subject the responder to suspension or debarment proceedings as well as other remedies available by law.

31

Disposition of ResponsesAll materials submitted in response to this RFP will become property of the State and will become public record in accordance with Minnesota Statutes, section 13.591, after the evaluation process is completed. Pursuant to the statute, completion of the evaluation process occurs when the government entity has completed negotiating the contract with the selected vendor. If the Responder submits information in response to this RFP that it believes to be trade secret materials, as defined by the Minnesota Government Data Practices Act, Minnesota Statute § 13.37, the Responder must:

clearly mark all trade secret materials in its response at the time the response is submitted, include a statement with its response justifying the trade secret designation for each item, and defend any action seeking release of the materials it believes to be trade secret, and indemnify

and hold harmless the State, its agents and employees, from any judgments or damages awarded against the State in favor of the party requesting the materials, and any and all costs connected with that defense. This indemnification survives the State’s award of a contract. In submitting a response to this RFP, the Responder agrees that this indemnification survives as long as the trade secret materials are in possession of the State.

The State will not consider the prices submitted by the Responder to be proprietary or trade secret materials.

Notwithstanding the above, if the State contracting party is part of the judicial branch, the release of data shall be in accordance with the Rules of Public Access to Records of the Judicial Branch promulgated by the Minnesota Supreme Court as the same may be amended from time to time.

Contingency Fees ProhibitedPursuant to Minnesota Statutes Section 10A.06, no person may act as or employ a lobbyist for compensation that is dependent upon the result or outcome of any legislation or administrative action.

Sample ContractYou should be aware of the State’s standard contract terms and conditions in preparing your response. A sample State of Minnesota Professional/Technical Services Contract is attached for your reference. Much of the language reflected in the contract is required by statute. If you take exception to any of the terms, conditions or language in the contract, you must indicate those exceptions in your response to the RFP; certain exceptions may result in your proposal being disqualified from further review and evaluation. Only those exceptions indicated in your response to the RFP will be available for discussion or negotiation.

ReimbursementsReimbursement for travel and subsistence expenses actually and necessarily incurred by the contractor as a result of the contract will be in no greater amount than provided in the current "Commissioner’s Plan” promulgated by the commissioner of Employee Relations. Reimbursements will not be made for travel and subsistence expenses incurred outside Minnesota unless it has received the State’s prior written approval for out of state travel. Minnesota will be considered the home state for determining whether travel is out of state.

Organizational Conflicts of InterestThe responder warrants that, to the best of its knowledge and belief, and except as otherwise disclosed, there are no relevant facts or circumstances which could give rise to organizational conflicts of interest. An organizational conflict of interest exists when, because of existing or planned

32

activities or because of relationships with other persons, a vendor is unable or potentially unable to render impartial assistance or advice to the State, or the vendor’s objectivity in performing the contract work is or might be otherwise impaired, or the vendor has an unfair competitive advantage. The responder agrees that, if after award, an organizational conflict of interest is discovered, an immediate and full disclosure in writing must be made to the Assistant Director of the Department of Administration’s Office of Equity in Procurement (“OSP”) which must include a description of the action which the contractor has taken or proposes to take to avoid or mitigate such conflicts. If an organization conflict of interest is determined to exist, the State may, at its discretion, cancel the contract. In the event the responder was aware of an organizational conflict of interest prior to the award of the contract and did not disclose the conflict to OSP, the State may terminate the contract for default. The provisions of this clause must be included in all subcontracts for work to be performed similar to the service provided by the prime contractor, and the terms “contract,” “contractor,” and “contracting officer” modified appropriately to preserve the State’s rights.

Preference to Targeted Group and Economically Disadvantaged Business and IndividualsIn accordance with Minnesota Rules, part 1230.1810, subpart B and Minnesota Rules, part 1230.1830, certified Targeted Group (TG) businesses and individuals submitting proposals as prime contractors will receive a six percent preference in the evaluation of their proposal, and certified Economically Disadvantaged (ED) businesses and individuals submitting proposals as prime contractors will receive a six percent preference in the evaluation of their proposal. Eligible TG businesses and ED businesses must be currently certified by the Office of Equity in Procurement (OEP) prior to the solicitation opening date and time. For information regarding certification, contact OEP at 651-201-2402 or procurement.equity@state.mn.us. For TTY/TDD communications, contact the Helpline through the Minnesota Relay Services at 1.800.627.3529.

Veteran-Owned Small Business Preference  Unless a greater preference is applicable and allowed by law, in accordance with Minn. Stat. § 16C.16, subd. 6a, the Commissioner of Administration will award a 6% preference in the amount bid on state procurement to certified small businesses that are majority owned and operated by veterans.

A small business qualifies for the veteran-owned preference when it meets one of the following requirements. 1) The business has been certified by the Office of Equity in Procurement as being a veteran-owned or service-disabled veteran-owned small business. 2) The principal place of business is in Minnesota AND the United States Department of Veterans Affairs verifies the business as being a veteran-owned or service-disabled veteran-owned small business under Public Law 109-461 and Code of Federal Regulations, title 38, part 74 (Supported By Documentation).  See Minn. Stat. § 16C.19(d).

Submit the appropriate documentation with the solicitation response to claim the veteran-owned preference. Statutory requirements and documentation must be met by the solicitation response due date and time to be awarded the preference.

Foreign Outsourcing of Work ProhibitedAll services under this contract shall be performed within the borders of the United States. All storage and processing of information shall be performed within the borders of the United States. This provision also applies to work performed by subcontractors at all tiers.

Work Force CertificationFor all contracts estimated to be in excess of $100,000, responders are required to complete the attached Affirmative Action Data page and return it with the response. As required by Minnesota Rule 5000.3600, “It is hereby agreed between the parties that Minnesota Statute § 363A.36 and Minnesota

33

Rule 5000.3400 - 5000.3600 are incorporated into any contract between these parties based upon this specification or any modification of it. A copy of Minnesota Statute § 363A.36 and Minnesota Rule 5000.3400 - 5000.3600 are available upon request from the contracting agency.”

Equal Pay CertificationIf the Response to this solicitation could be in excess of $500,000, the Responder must obtain an Equal Pay Certificate from the Minnesota Department of Human Rights (MDHR) or claim an exemption prior to contract execution. A responder is exempt if it has not employed more than 40 full-time employees on any single working day in one state during the previous 12 months. Please contact MDHR with questions at: 651-539-1095 (metro), 1-800-657-3704 (toll free), 711 or 1-800-627-3529 (MN Relay) or at compliance.MDHR@state.mn.us.

Certification Regarding LobbyingFederal money will be used or may potentially be used to pay for all or part of the work under the contract, therefore the Proposer must complete the attached Certification Regarding Lobbying and submit it as part of its proposal.

Certification Regarding Debarment, Suspension, Ineligibility, and Voluntary Exclusion Federal money will be used or may potentially be used to pay for all or part of the work under the contract, therefore the Proposer must certify the following, as required by the regulations implementing Executive Order 12549.

Certification Regarding Debarment, Suspension, Ineligibility and Voluntary Exclusion -- Lower Tier Covered TransactionsInstructions for Certification:

1. By signing and submitting this proposal, the prospective lower tier participant is providing the certification set out below.

2. The certification in this clause is a material representation of fact upon which reliance was placed when this transaction was entered into. If it is later determined that the prospective lower tier participant knowingly rendered an erroneous certification, in addition to other remedies available to the Federal Government, the department or agency with which this transaction originated may pursue available remedies, including suspension and/or debarment.

3. The prospective lower tier participant shall provide immediate written notice to the person to which this proposal is submitted if at any time the prospective lower tier participant learns that its certification was erroneous when submitted or had become erroneous by reason of changed circumstances.

4. The terms covered transaction, debarred, suspended, ineligible, lower tier covered transaction, participant, person, primary covered transaction, principal, proposal, and voluntarily excluded, as used in this clause, have the meaning set out in the Definitions and Coverages sections of rules implementing Executive Order 12549. You may contact the person to which this proposal is submitted for assistance in obtaining a copy of those regulations.

5. The prospective lower tier participant agrees by submitting this response that, should the proposed covered transaction be entered into, it shall not knowingly enter into any lower tier covered transaction with a person who is proposed for debarment under 48 CFR part 9, subpart 9.4, debarred, suspended, declared ineligible, or voluntarily excluded from participation in this covered transaction, unless authorized by the department or agency with which this transaction originated.

6. The prospective lower tier participant further agrees by submitting this proposal that it will

34

include this clause titled “Certification Regarding Debarment, Suspension, Ineligibility and Voluntary Exclusion--Lower Tier Covered Transaction,” without modification, in all lower tier covered transactions and in all solicitations for lower tier covered transactions.

7. A participant in a covered transaction may rely upon a certification of a prospective participant in a lower tier covered transaction that it is not proposed for debarment under 48 CFR part 9, subpart 9.4, debarred, suspended, ineligible, or voluntarily excluded from covered transactions, unless it knows that the certification is erroneous. A participant may decide the method and frequency by which it determines the eligibility of its principals. Each participant may, but is not required to, check the List of Parties Excluded from Federal Procurement and Nonprocurement Programs

8. Nothing contained in the foregoing shall be construed to require establishment of a system of records in order to render in good faith the certification required by this clause. The knowledge and information of a participant is not required to exceed that which is normally possessed by a prudent person in the ordinary course of business dealings.

9. Except for transactions authorized under paragraph 5 of these instructions, if a participant in a covered transaction knowingly enters into a lower tier covered transaction with a person who is proposed for debarment under 48 C.F.R. 9, subpart 9.4, suspended, debarred, ineligible, or voluntarily excluded from participation in this transaction, in addition to other remedies available to the federal government, the department or agency with which this transaction originated may pursue available remedies, including suspension and/or debarment.

Certification Regarding Debarment, Suspension, Ineligibility and Voluntary Exclusion - Lower Tier Covered Transactions

1. The prospective lower tier participant certifies, by submission of this proposal, that neither it nor its principals is presently debarred, suspended, proposed for debarment, declared ineligible, or voluntarily excluded from participation in this transaction by any Federal department or agency.

2. Where the prospective lower tier participant is unable to certify to any of the statements in this certification, such prospective participant shall attach an explanation to this proposal.

Insurance RequirementsA. Contractor shall not commence work under the contract until they have obtained all the insurance

described below and the State of Minnesota has approved such insurance. Contractor shall maintain such insurance in force and effect throughout the term of the contract.

B. Contractor is required to maintain and furnish satisfactory evidence of the following insurance policies:

1. Workers’ Compensation Insurance: Except as provided below, Contractor must provide Workers’ Compensation insurance for all its employees and, in case any work is subcontracted, Contractor will require the subcontractor to provide Workers’ Compensation insurance in accordance with the statutory requirements of the State of Minnesota, including Coverage B, Employer’s Liability. Insurance minimum limits are as follows:

$100,000 – Bodily Injury by Disease per employee$500,000 – Bodily Injury by Disease aggregate$100,000 – Bodily Injury by Accident

If Minnesota Statute 176.041 exempts Contractor from Workers’ Compensation insurance or if the Contractor has no employees in the State of Minnesota, Contractor must provide a

35

written statement, signed by an authorized representative, indicating the qualifying exemption that excludes Contractor from the Minnesota Workers’ Compensation requirements.

If during the course of the contract the Contractor becomes eligible for Workers’ Compensation, the Contractor must comply with the Workers’ Compensation Insurance requirements herein and provide the State of Minnesota with a certificate of insurance.

2. Commercial General Liability Insurance: Contractor is required to maintain insurance protecting it from claims for damages for bodily injury, including sickness or disease, death, and for care and loss of services as well as from claims for property damage, including loss of use which may arise from operations under the Contract whether the operations are by the Contractor or by a subcontractor or by anyone directly or indirectly employed by the Contractor under the contract. Insurance minimum limits are as follows:

$2,000,000 – per occurrence$2,000,000 – annual aggregate$2,000,000 – annual aggregate – Products/Completed Operations

The following coverages shall be included:

Premises and Operations Bodily Injury and Property DamagePersonal and Advertising InjuryBlanket Contractual LiabilityProducts and Completed Operations LiabilityOther; if applicable, please list__________________________________State of Minnesota named as an Additional Insured, to the extent permitted by law

3. Commercial Automobile Liability Insurance: Contractor is required to maintain insurance protecting it from claims for damages for bodily injury as well as from claims for property damage resulting from the ownership, operation, maintenance or use of all owned, hired, and non-owned autos which may arise from operations under this contract, and in case any work is subcontracted the contractor will require the subcontractor to maintain Commercial Automobile Liability insurance. Insurance minimum limits are as follows:

$2,000,000 – per occurrence Combined Single limit for Bodily Injury and Property Damage

In addition, the following coverages should be included:

Owned, Hired, and Non-owned Automobile

4. Professional/Technical, Errors and Omissions, and/or Miscellaneous Liability Insurance

This policy will provide coverage for all claims the contractor may become legally obligated to pay resulting from any actual or alleged negligent act, error, or omission related to Contractor’s professional services required under the contract.

Contractor is required to carry the following minimum limits:

$2,000,000 – per claim or event$2,000,000 – annual aggregate

36

Any deductible will be the sole responsibility of the Contractor and may not exceed $50,000 without the written approval of the State. If the Contractor desires authority from the State to have a deductible in a higher amount, the Contractor shall so request in writing, specifying the amount of the desired deductible and providing financial documentation by submitting the most current audited financial statements so that the State can ascertain the ability of the Contractor to cover the deductible from its own resources.

The retroactive or prior acts date of such coverage shall not be after the effective date of this Contract and Contractor shall maintain such insurance for a period of at least three (3) years, following completion of the work. If such insurance is discontinued, extended reporting period coverage must be obtained by Contractor to fulfill this requirement.

C. Additional Insurance Conditions:

Contractor’s policy(ies) shall be primary insurance to any other valid and collectible insurance available to the State of Minnesota with respect to any claim arising out of Contractor’s performance under this contract;

If Contractor receives a cancellation notice from an insurance carrier affording coverage herein, Contractor agrees to notify the State of Minnesota within five (5) business days with a copy of the cancellation notice, unless Contractor’s policy(ies) contain a provision that coverage afforded under the policy(ies) will not be cancelled without at least thirty (30) days advance written notice to the State of Minnesota;

Contractor is responsible for payment of Contract related insurance premiums and deductibles;

If Contractor is self-insured, a Certificate of Self-Insurance must be attached;

Contractor’s policy(ies) shall include legal defense fees in addition to its liability policy limits, with the exception of B.4 above;

Contractor shall obtain insurance policy(ies) from insurance company(ies) having an “AM BEST” rating of A- (minus); Financial Size Category (FSC) VII or better, and authorized to do business in the State of Minnesota; and

An Umbrella or Excess Liability insurance policy may be used to supplement the Contractor’s policy limits to satisfy the full policy limits required by the Contract.

D. The State reserves the right to immediately terminate the contract if the contractor is not in compliance with the insurance requirements and retains all rights to pursue any legal remedies against the contractor. All insurance policies must be open to inspection by the State, and copies of policies must be submitted to the State’s authorized representative upon written request.

E. The successful responder is required to submit Certificates of Insurance acceptable to the State of MN as evidence of insurance coverage requirements prior to commencing work under the contract.

37

E-Verify Certification (In accordance with Minn. Stat. §16C.075)By submission of a proposal for services in excess of $50,000, Contractor certifies that as of the date of services performed on behalf of the State, Contractor and all its subcontractors will have implemented or be in the process of implementing the federal E-Verify program for all newly hired employees in the United States who will perform work on behalf of the State. In the event of contract award, Contractor shall be responsible for collecting all subcontractor certifications and may do so utilizing the E-Verify Subcontractor Certification Form (http://www.mmd.admin.state.mn.us/doc/EverifySubCertForm.doc). All subcontractor certifications must be kept on file with Contractor and made available to the State upon request.

Certification of Nondiscrimination (In accordance with Minn. Stat. § 16C.053)The following term applies to any contract for which the value, including all extensions, is $50,000 or more: Contractor certifies it does not engage in and has no present plans to engage in discrimination against Israel, or against persons or entities doing business in Israel, when making decisions related to the operation of the vendor's business. For purposes of this section, "discrimination" includes but is not limited to engaging in refusals to deal, terminating business activities, or other actions that are intended to limit commercial relations with Israel, or persons or entities doing business in Israel, when such actions are taken in a manner that in any way discriminates on the basis of nationality or national origin and is not based on a valid business reason.

38

Sample Professional and Technical Services Contract

State of Minnesota

SWIFT Contract No.:

This Contract is between the State of Minnesota, acting through its _________________________________ (“State”) and ________________________________________________ (“Contractor”).

Recitals1. Under Minn. Stat. § 15.061 the State is empowered to engage such assistance as deemed necessary.2. The State is in need of ______________________________________________________________________.3. The Contractor represents that it is duly qualified and agrees to perform all services described in this Contract to the

satisfaction of the State.

Contract1. Term of Contract

1.1 Effective date: ___________________________, or the date the State obtains all required signatures under Minn. Stat. § 16C.05, subd. 2, whichever is later. The Contractor must not begin work under this Contract until this Contract is fully executed and the Contractor has been notified by the State’s Authorized Representative to begin the work.

1.2 Expiration date: ___________________________, or until all obligations have been satisfactorily fulfilled, whichever occurs first.

1.3 Survival of terms: The following clauses survive the expiration or cancellation of this Contract: 8. Indemnification; 9. State audits; 10. Government data practices and intellectual property; 14. Publicity and endorsement; 15. Governing law, jurisdiction, and venue; and 16. Data disclosure.

2. Contractor’s dutiesThe Contractor, who is not a State employee, will: [ Will Include RFP Proposal Response Activities and/or Scope of Work]________________________________________________________________________________________ ________________________________________________________________________________________

3. TimeThe Contractor must comply with all the time requirements described in this Contract. In the performance of this Contract, time is of the essence.

4. Consideration and payment4.1 Consideration. The State will pay for all services performed by the Contractor under this Contract as follows:

(a) Compensation. The Contractor will be paid $_____________.(b) Travel expenses. Reimbursement for travel and subsistence expenses actually and necessarily incurred by

the Contractor as a result of this Contract will not exceed $______________; provided that the Contractor will be reimbursed for travel and subsistence expenses in the same manner and in no greater amount than provided in the current "Commissioner’s Plan” established by the Commissioner of Minnesota Management and Budget which is incorporated in to this Contract by reference. The Contractor will not be reimbursed for travel and subsistence expenses incurred outside Minnesota unless it has received the State’s prior written approval for out-of-state travel. Minnesota will be considered the home state for determining whether travel is out of state.

(c) Total obligation. The total obligation of the State for all compensation and reimbursements to the Contractor under this Contract will not exceed $ _______________.

4.2 Payment.(a) Invoices. The State will promptly pay the Contractor after the Contractor presents an itemized invoice for the

services actually performed and the State's Authorized Representative accepts the invoiced services.

Invoices must be submitted timely and according to the following schedule:___________________________________________________________________________________ ___________________________________________________________________________________

(b) Retainage. Under Minn. Stat. § 16C.08, subd. 2(10), no more than 90 percent of the amount due under this Contract may be paid until the final product of this Contract has been reviewed by the State’s agency head. The balance due will be paid when the State’s agency head determines that the Contractor has satisfactorily fulfilled all the terms of this Contract.

(c) Federal funds. (Where applicable, if blank this section does not apply.) Payments under this Contract will be made from federal funds obtained by the State through ____________________________________. The Contractor is responsible for compliance with all federal requirements imposed on these funds and accepts full financial responsibility for any requirements imposed by the Contractor’s failure to comply with federal requirements.

5. Conditions of paymentAll services provided by the Contractor under this Contract must be performed to the State’s satisfaction, as determined at the sole discretion of the State’s Authorized Representative and in accordance with all applicable federal, state, and local laws, ordinances, rules, and regulations including business registration requirements of the Office of the Secretary of State. The Contractor will not receive payment for work found by the State to be unsatisfactory or performed in violation of federal, state, or local law.

6. Authorized RepresentativeThe State's Authorized Representative is __________________________________________________, or his/her successor, and has the responsibility to monitor the Contractor’s performance and the authority to accept the services provided under this Contract. If the services are satisfactory, the State's Authorized Representative will certify acceptance on each invoice submitted for payment.

The Contractor's Authorized Representative is ______________________________________________, or his/her successor. If the Contractor’s Authorized Representative changes at any time during this Contract, the Contractor must immediately notify the State.

7. Assignment, amendments, variance, and contract complete7.1 Assignment. The Contractor may neither assign nor transfer any rights or obligations under this Contract without

the prior consent of the State and a fully executed assignment agreement, executed and approved by the same parties who executed and approved this Contract, or their successors in office.

7.2 Amendments. Any amendment to this Contract must be in writing and will not be effective until it has been executed and approved by the same parties who executed and approved the original Contract, or their successors in office.

7.3 Variance. If the State fails to enforce any provision of this Contract, that failure does not waive the provision or its right to enforce it.

7.4 Contract complete. This Contract contains all negotiations and agreements between the State and the Contractor. No other understanding regarding this Contract, whether written or oral, may be used to bind either party.

8. IndemnificationIn the performance of this Contract by Contractor, or Contractor’s agents or employees, the Contractor must indemnify, save, and hold harmless the State, its agents, and employees, from any claims or causes of action, including attorney’s fees incurred by the State, to the extent caused by Contractor’s:

a) Intentional, willful, or negligent acts or omissions; orb) Actions that give rise to strict liability; orc) Breach of contract or warranty.

The indemnification obligations of this section do not apply in the event the claim or cause of action is the result of the State’s sole negligence. This clause will not be construed to bar any legal remedies the Contractor may have for the State’s failure to fulfill its obligation under this Contract.

9. State auditsUnder Minn. Stat. § 16C.05, subd. 5, the Contractor’s books, records, documents, and accounting procedures and practices relevant to this Contract are subject to examination by the State and/or the State Auditor or Legislative Auditor, as appropriate, for a minimum of six years from the end of this Contract.

10. Government data practices and intellectual property10.1 Government data practices. The Contractor and State must comply with the Minnesota Government Data

Practices Act, Minn. Stat. ch. 13, (or, if the State contracting party is part of the Judicial Branch, with the Rules of

Public Access to Records of the Judicial Branch promulgated by the Minnesota Supreme Court as the same may be amended from time to time) as it applies to all data provided by the State under this Contract, and as it applies to all data created, collected, received, stored, used, maintained, or disseminated by the Contractor under this Contract. The civil remedies of Minn. Stat. § 13.08 apply to the release of the data governed by the Minnesota Government Practices Act, Minn. Stat. ch. 13, by either the Contractor or the State.

If the Contractor receives a request to release the data referred to in this clause, the Contractor must immediately notify and consult with the State’s Authorized Representative as to how the Contractor should respond to the request. The Contractor’s response to the request shall comply with applicable law.

10.2 Intellectual property rights.(a) Intellectual property rights. The State owns all rights, title, and interest in all of the intellectual property rights,

including copyrights, patents, trade secrets, trademarks, trade names, service marks, and similar rights in the works and documents created and paid for under this Contract. The “works” means all inventions, improvements, modifications, developments, customizations, configurations, processes, discoveries (whether or not patentable), databases, computer programs, reports, notes, studies, photographs, negatives, designs, drawings, specifications, materials, tapes, and disks conceived, reduced to practice, created or originated by the Contractor, its employees, agents, and subcontractors, either individually or jointly with others in the performance of this Contract. “Works” includes documents. The “documents” are the originals of any databases, computer programs, reports, notes, studies, photographs, negatives, designs, drawings, specifications, data, materials, tapes, disks, or other materials, whether in tangible or electronic forms, prepared by the Contractor, its employees, agents, or subcontractors, in the performance of this Contract. The documents will be the exclusive property of the State and all such documents must be immediately returned to the State by the Contractor upon completion or cancellation of this Contract. To the extent possible, those works eligible for copyright protection under the United States Copyright Act will be deemed to be “works made for hire.” The Contractor assigns all right, title, and interest it may have in the works and the documents to the State. The Contractor must, at the request of the State, execute all papers and perform all other acts necessary to transfer or record the State’s ownership interest in the works and documents. Without limiting the foregoing, the State has the right, without further cost, obligation, compensation or benefit to Contractor, to adapt or otherwise change some or all of the works as the State (or the State’s agents or designees) may in its sole discretion determine or desire. Contractor hereby irrevocably waives all moral rights and all similar rights that Contractor has or may have in or to the works.

(b) Obligations(1) Notification. Whenever any invention, improvement, or discovery (whether or not patentable) is made or

conceived for the first time or actually or constructively reduced to practice by the Contractor, including its employees and subcontractors, in the performance of this Contract, the Contractor will immediately give the State’s Authorized Representative written notice thereof, and must promptly furnish the State’s Authorized Representative with complete information and/or disclosure thereon.

(2) Representation. The Contractor must perform all acts, and take all steps necessary to ensure that all intellectual property rights in the works and documents are the sole property of the State, and that neither Contractor nor its employees, agents, or subcontractors retain any interest in and to the works and documents. The Contractor represents and warrants that the works and documents do not and will not infringe upon any intellectual property rights of other persons or entities. Notwithstanding Clause 8, the Contractor will indemnify; defend, to the extent permitted by the Attorney General; and hold harmless the State, at the Contractor’s expense, from any action or claim brought against the State to the extent that it is based on a claim that all or part of the works or documents infringe upon the intellectual property rights of others. The Contractor will be responsible for payment of any and all such claims, demands, obligations, liabilities, costs, and damages, including but not limited to, attorney fees. If such a claim or action arises, or in the Contractor’s or the State’s opinion is likely to arise, the Contractor must, at the State’s discretion, either procure for the State the right or license to use the intellectual property rights at issue or replace or modify the allegedly infringing works or documents as necessary and appropriate to obviate the infringement claim. This remedy of the State will be in addition to and not exclusive of other remedies provided by law.

(c) Ownership of Pre-existing Intellectual Property.As between the Parties and subject to the terms of this Contract, the Contractor shall exclusively own all right, title and interest in and to the Contractor’s Pre-existing Intellectual Property. As between the Parties and subject to the terms of this Contract, the State shall exclusively own all right, title and interest in and to the State’s Pre-existing Intellectual Property. During the Term any Renewal Term and Transition Period, to the extent the Contractor Intellectual Property is incorporated in the Minnesota Health Care Claims Reporting System (MHCCRS), Contractor hereby grants to the State an irrevocable, nonexclusive, world-wide license to such Contractor Pre-existing Intellectual Property contained in the MHCCRS to permit the State to complete the development, installation, deployment, operation, ongoing use, transfer and maintenance of the

MHCCRS as contemplated hereby. To the extent that any third-party intellectual property is included in the MHCCRS and is not commercial off-the-shelf software, Contractor shall be responsible for securing for the State an irrevocable, nonexclusive, world-wide, sublicensable license to such intellectual property in order to permit the State to complete the development, installation, deployment, operation, ongoing use, transfer, and maintenance of the MHCCRS as contemplated hereby. This provision survives termination of this Contract.

(d) Ownership of Data.Notwithstanding any other term of this Contract, the State shall own and retain all rights, title and interest in and to any and all data provided to Contractor in Contractor’s performance under this Contract (the “Data”). Upon the State’s request at any time during the Term of this Contract and upon termination of the Contract, the Contractor shall return all Data to the State within a reasonable timeframe as requested by the State.

11. Workers’ compensation and other insuranceContractor certifies that it is in compliance with all insurance requirements specified in the solicitation document relevant to this Contract. Contractor shall not commence work under the Contract until they have obtained all the insurance specified in the solicitation document. Contractor shall maintain such insurance in force and effect throughout the term of the Contract.

Further, the Contractor certifies that it is in compliance with Minn. Stat. § 176.181, subd. 2, pertaining to workers’ compensation insurance coverage. The Contractor’s employees and agents will not be considered State employees. Any claims that may arise under the Minnesota Workers’ Compensation Act on behalf of these employees or agents and any claims made by any third party as a consequence of any act or omission on the part of these employees or agents are in no way the State’s obligation or responsibility.

12. Debarment by State, its departments, commissions, agencies, or political subdivisionsContractor certifies that neither it nor its principals is presently debarred or suspended by the State, or any of its departments, commissions, agencies, or political subdivisions. Contractor’s certification is a material representation upon which the Contract award was based. Contractor shall provide immediate written notice to the State’s Authorized Representative if at any time it learns that this certification was erroneous when submitted or becomes erroneous by reason of changed circumstances.

13. Certification regarding debarment, suspension, ineligibility, and voluntary exclusion Federal money will be used or may potentially be used to pay for all or part of the work under the Contract, therefore Contractor certifies that it is in compliance with federal requirements on debarment, suspension, ineligibility and voluntary exclusion specified in the solicitation document implementing Executive Order 12549. Contractor’s certification is a material representation upon which the Contract award was based.

14. Publicity and endorsement 14.1 Publicity. Any publicity regarding the subject matter of this Contract must identify the State as the sponsoring

agency and must not be released without prior written approval from the State’s Authorized Representative. For purposes of this provision, publicity includes notices, informational pamphlets, press releases, research, reports, signs, and similar public notices prepared by or for the Contractor individually or jointly with others, or any subcontractors, with respect to the program, publications, or services provided resulting from this Contract.

14.2 Endorsement. The Contractor must not claim that the State endorses its products or services.

15. Governing law, jurisdiction, and venueMinnesota law, without regard to its choice-of-law provisions, governs this Contract. Venue for all legal proceedings out of this Contract, or its breach, must be in the appropriate state or federal court with competent jurisdiction in Ramsey County, Minnesota.

16. Data disclosureUnder Minn. Stat. § 270C.65, subd. 3 and other applicable law, the Contractor consents to disclosure of its social security number, federal employer tax identification number, and/or Minnesota tax identification number, already provided to the State, to federal and state agencies, and state personnel involved in the payment of state obligations. These identification numbers may be used in the enforcement of federal and state laws which could result in action requiring the Contractor to file state tax returns, pay delinquent state tax liabilities, if any, or pay other state liabilities.

17. Payment to subcontractors(If applicable) As required by Minn. Stat. § 16A.1245, the prime Contractor must pay all subcontractors, less any retainage, within 10 calendar days of the prime Contractor's receipt of payment from the State for undisputed services provided by the subcontractor(s) and must pay interest at the rate of one and one-half percent per month or any part of a month to the subcontractor(s) on any undisputed amount not paid on time to the subcontractor(s).

18. Termination18.1 Termination by the State. The State or Commissioner of Administration may cancel this Contract at any time,

with or without cause, upon 30 days’ written notice to the Contractor. Upon termination, the Contractor will be entitled to payment, determined on a pro rata basis, for services satisfactorily performed.

18.2 Termination for insufficient funding. The State may immediately terminate this Contract if it does not obtain funding from the Minnesota Legislature, or other funding source; or if funding cannot be continued at a level sufficient to allow for the payment of the services covered here. Termination must be by written or fax notice to the Contractor. The State is not obligated to pay for any services that are provided after notice and effective date of termination. However, the Contractor will be entitled to payment, determined on a pro rata basis, for services satisfactorily performed to the extent that funds are available. The State will not be assessed any penalty if the Contract is terminated because of the decision of the Minnesota Legislature, or other funding source, not to appropriate funds. The State must provide the Contractor notice of the lack of funding within a reasonable time of the State’s receiving that notice.

18.3 Transition Rights Upon Expiration or Termination(a) Transition-Out Plan. Services means all efforts to be expended by Contractor as set forth in this Contract

including but not limited to installation, configuration, implementation, support, warranty, maintenance and support and transition of the MHCCRS, and any services set forth in a fully executed contract amendment. Contractor understands and agrees that the State’s business operations are dependent on the Services, and that the State’s inability to receive the Services would result in irreparable damages to the State. Therefore, upon the expiration of this Agreement or its termination by either Party for any reason, including the breach of this Contract by the other Party, Transition Assistance Services, as defined below, shall be provided by the Contractor. If a Transition Plan has been agreed to, then the rights of the MHCCRS upon any expiration or termination of the Agreement shall be as set for in the most recent approved Transition plan. If no Transition Plan has been agreed to by the Parties at the time of any termination of this Agreement, then Contractor shall provide the Transition Assistance Services as set forth herein.

(b) Transition Assistance Services. Transition Assistance Services means all services reasonably necessary to transition the MHCCRS to the State or a third party designated by the State upon termination or expiration of this Contract for any reason. The Transition Assistance Services shall include, [Transition-Out Plan as proposed in the RFP response and agreed to by Contractor and the State].

(c) Contractor and the State acknowledge and agree that their mutual cooperation is important to an effective transition of the Services provided by Contractor to State. Contractor shall not withhold or limit any of the Services (including the Transition Assistance Services) on the basis of any alleged breach of this Contract by the State, other than a failure by the State to timely pay the undisputed amounts due for the Services (including Transition Assistance Services). If Contractor is providing any Services hereunder at the time of such transition utilizing any software or software license from a third party vendor, the responsibility for obtaining and paying for the transfer of such licenses shall be the responsibility of the Contractor. Notwithstanding anything in this Contract to the contrary, the State shall be entitled to increase and/or decrease the scope of the Services and Transition Assistance Services in its sole discretion during any Transition Period. In the event Transition Assistance Services are being provided by Contractor due to the expiration of the Contract, Contractor shall be compensated on a time and material basis or fixed basis (as agreed by the Parties) for all Transition Assistance Services by payment by the State, with respect to time and material charges, in accordance with the rates set forth in this Contract or, if applicable rates for time and material charges are not contained in this Contract, and for all fixed fee charges, at commercially reasonable rates, and determined in advance.

(d) Transition Period. The Contractor shall provide Transition Assistance Services to the State upon the request of the State. Such Transition Assistance Services shall begin and be consummated in accordance with the timeframe established by the State in the Transition Assistance Services; provided, that the timeframe may extend beyond termination or expiration of this Agreement by no more than eighteen (18) months (the “Transition Period”).

(e) Rights to Intellectual Property. The State shall have the same rights to Intellectual Property during the Transition Period as it does during the Term.

(f) Confidential Information. Contractor shall return or destroy the Confidential Information in its possession upon the request of the State. Confidential Information means any information or material, whether in written, oral, magnetic, photographic, optical, matter or other form, which has been, or after the date hereof will be, furnished or disclosed by a Party, and which has been designated as being confidential or proprietary, or which is otherwise disclosed in such a manner or is of such a character as would put a reasonable person on notice as to the confidential and proprietary nature of such information or material, including, but not limited to, all information and material surrounding the Contract, any information and material pertaining to or regarding the business, financial condition, sales, pricing, strategies, plans, customers, suppliers, properties or operations of such Party (including such information visually available to the Receiving Party at the Disclosing Party’s premises), and including without limitation all technical and non-technical information and material of any nature whatsoever and all inventions, trade secrets, know-how, derivative works, derivatives,

methodologies, concepts, technology, techniques, discoveries, Software, software functionality and any related source codes or Source Code, processes, drawings, designs, research, plans or specifications relating thereto.

19. Non-discrimination (In accordance with Minn. Stat. § 181.59)The Contractor will comply with the provisions of Minn. Stat. § 181.59 which require:

“Every contract for or on behalf of the state of Minnesota, or any county, city, town, township, school, school district, or any other district in the state, for materials, supplies, or construction shall contain provisions by which the contractor agrees:

(1) that, in the hiring of common or skilled labor for the performance of any work under any contract, or any subcontract, no contractor, material supplier, or vendor, shall, by reason of race, creed, or color, discriminate against the person or persons who are citizens of the United States or resident aliens who are qualified and available to perform the work to which the employment relates;

(2) that no contractor, material supplier, or vendor, shall, in any manner, discriminate against, or intimidate, or prevent the employment of any person or persons identified in clause (1) of this section, or on being hired, prevent, or conspire to prevent, the person or persons from the performance of work under any contract on account of race, creed, or color;

(3) that a violation of this section is a misdemeanor; and(4) that this contract may be canceled or terminated by the state, county, city, town, school board, or

any other person authorized to grant the contracts for employment, and all money due, or to become due under the contract, may be forfeited for a second or any subsequent violation of the terms or conditions of this contract.”

20. Affirmative action requirements for contracts in excess of $100,000 and if the Contractor has more than 40 full-time employees in Minnesota or its principal place of businessThe State intends to carry out its responsibility for requiring affirmative action by its contractors. 20.1 Covered contracts and contractors. If the Contract exceeds $100,000 and the Contractor employed more than

40 full-time employees on a single working day during the previous 12 months in Minnesota or in the state where it has its principle place of business, then the Contractor must comply with the requirements of Minn. Stat. § 363A. 36 and Minn. R. 5000.3400-5000.3600. A contractor covered by Minn. Stat. § 363A.36 because it employed more than 40 full-time employees in another state and does not have a certificate of compliance, must certify that it is in compliance with federal affirmative action requirements.

20.2 Minn. Stat. § 363A.36. Minn. Stat. § 363A.36 requires the Contractor to have an affirmative action plan for the employment of minority persons, women, and qualified disabled individuals approved by the Minnesota Commissioner of Human Rights (“Commissioner”) as indicated by a certificate of compliance. The law addresses suspension or revocation of a certificate of compliance and contract consequences in that event. A contract awarded without a certificate of compliance may be voided.

20.3 Minn. R. 5000.3400-5000.3600. (a) General. Minn. R. 5000.3400-5000.3600 implements Minn. Stat. § 363A.36. These rules include, but are not

limited to, criteria for contents, approval, and implementation of affirmative action plans; procedures for issuing certificates of compliance and criteria for determining a contractor’s compliance status; procedures for addressing deficiencies, sanctions, and notice and hearing; annual compliance reports; procedures for compliance review; and contract consequences for non-compliance. The specific criteria for approval or rejection of an affirmative action plan are contained in various provisions of Minn. R. 5000.3400-5000.3600 including, but not limited to, Minn. R. 5000.3420-5000.3500 and 5000.3552-5000.3559.

(b) Disabled Workers. The Contractor must comply with the following affirmative action requirements for disabled workers.(1) The Contractor must not discriminate against any employee or applicant for employment because of

physical or mental disability in regard to any position for which the employee or applicant for employment is qualified. The Contractor agrees to take affirmative action to employ, advance in employment, and otherwise treat qualified disabled persons without discrimination based upon their physical or mental disability in all employment practices such as the following: employment, upgrading, demotion or transfer, recruitment, advertising, layoff or termination, rates of pay or other forms of compensation, and selection for training, including apprenticeship.

(2) The Contractor agrees to comply with the rules and relevant orders of the Minnesota Department of Human Rights issued pursuant to the Minnesota Human Rights Act.

(3) In the event of the Contractor's noncompliance with the requirements of this clause, actions for noncompliance may be taken in accordance with Minn. Stat. § 363A.36, and the rules and relevant orders of the Minnesota Department of Human Rights issued pursuant to the Minnesota Human Rights Act.

(4) The Contractor agrees to post in conspicuous places, available to employees and applicants for employment, notices in a form to be prescribed by the Commissioner. Such notices must state the

Contractor's obligation under the law to take affirmative action to employ and advance in employment qualified disabled employees and applicants for employment, and the rights of applicants and employees.

(5) The Contractor must notify each labor union or representative of workers with which it has a collective bargaining agreement or other contract understanding, that the Contractor is bound by the terms of Minn. Stat. § 363A.36, of the Minnesota Human Rights Act and is committed to take affirmative action to employ and advance in employment physically and mentally disabled persons.

(c) Consequences. The consequences for the Contractor’s failure to implement its affirmative action plan or make a good faith effort to do so include, but are not limited to, suspension or revocation of a certificate of compliance by the Commissioner, refusal by the Commissioner to approve subsequent plans, and termination of all or part of this Contract by the Commissioner or the State.

(d) Certification. The Contractor hereby certifies that it is in compliance with the requirements of Minn. Stat. § 363A.36 and Minn. R. 5000.3400-5000.3600 and is aware of the consequences for noncompliance.

21. E-Verify certification (In accordance with Minn. Stat. § 16C.075)For services valued in excess of $50,000, Contractor certifies that as of the date of services performed on behalf of the State, Contractor and all its subcontractors will have implemented or be in the process of implementing the federal E-Verify Program for all newly hired employees in the United States who will perform work on behalf of the State. Contractor is responsible for collecting all subcontractor certifications and may do so utilizing the E-Verify Subcontractor Certification Form (http://www.mmd.admin.state.mn.us/doc/EverifySubCertForm.doc). All subcontractor certifications must be kept on file with Contractor and made available to the State upon request.

22. Certification of Nondiscrimination (In accordance with Minn. Stat. § 16C.053)The following term applies to any contract for which the value, including all extensions, is $50,000 or more: Contractor certifies it does not engage in and has no present plans to engage in discrimination against Israel, or against persons or entities doing business in Israel, when making decisions related to the operation of the vendor's business. For purposes of this section, "discrimination" includes but is not limited to engaging in refusals to deal, terminating business activities, or other actions that are intended to limit commercial relations with Israel, or persons or entities doing business in Israel, when such actions are taken in a manner that in any way discriminates on the basis of nationality or national origin and is not based on a valid business reason.

[Signatures as required by the State.]

MINNESOTA IT SERVICES Vendor Security & Compliance Questionnaire - Outsource

Minnesota IT Services

Vendor Security and Compliance Questionnaire

Vendor Security & Compliance Questionnaire

- OutsourceVersion 1.0

Not Public Security Data 46

Company Information Name of Company: Click here to enter text.

Company Website: Click here to enter text.

Contact Person Completing the Questionnaire: Click here to enter text.

Email Address: Click here to enter text.

Phone Number: Click here to enter text.

Date of Completed Questionnaire: Click here to enter text.

Questionnaire Completion Instructions1. Select the appropriate answer in each Response section.2. Provide additional details in the “Describe” column to support every answer. 3. Include attachments as necessary to support the given information.

Question Requirement Response Describe

1.An individual has been designated as being responsible for security within the organization.

Yes ☒No ☒n/a ☐

Click here to enter text.

2.

An information security policy, based on industry acceptable standards and frameworks, is in place, has been approved by management and has been communicated to employees, contractors and individuals working on behalf of the organization.

Yes ☒No ☒n/a ☐

Click here to enter text.

3. Security roles and responsibilities of employees, contractors and individuals working on behalf of the organization are defined and documented in accordance with

Yes ☒No ☒n/a ☐

Click here to enter text.

INSTRUCTIONS

Provide Information

Question Requirement Response Describe

the organization’s information security policy.

4.

An information security awareness and training program has been established and provides general awareness and role specific (e.g., secure coding, CJIS, etc.) security training to all employees.

Yes ☒No ☒n/a ☐

Click here to enter text.      

5.

Background screenings of employees, contractors and individuals working on behalf of the organization are performed to include criminal, credit, professional / academic, references and drug screenings.

Yes ☒No ☒n/a ☐

Click here to enter text.      

6.

The organization will: (1) locate all production and disaster recovery data centers that store, process or transmit State of Minnesota data only in the continental United States, (2) store, process and transmit State of Minnesota data only in the continental United States, and (3) locate all monitoring and support of all the cloud computing or hosting services only in the continental U.S.

Yes ☒No ☒n/a ☐

Click here to enter text.    

7.

The system/solution/service provides password protection and security controls to prevent unauthorized access to or use of the system, data, and images. Proposed system solutions will ensure Industry best practices for security architecture & design.

Yes ☒No ☒n/a ☐

Click here to enter text.   

8.

The system/solution/service has capability to integrate with the State of Minnesota’s Identity and Access Management (IAM) system.

Yes ☒No ☒n/a ☐

Click here to enter text.    

9. No data of any kind shall be transmitted, exchanged or otherwise passed to or accessed by other vendors or interested parties except

Yes ☒No ☒n/a ☐

Click here to enter text.     

Question Requirement Response Describe

on a case-by-case basis as specifically agreed to in writing by the State of Minnesota.

10.

The system/solution/service will encrypt sensitive data in transit and at rest using industry standard encryption protocols; encryption keys will be managed at least in part by the State of Minnesota.

Yes ☒No ☒n/a ☐

Click here to enter text.    

11.

All data will be stored, processed, and maintained solely on designated servers and that no data at any time will be processed on or transferred to any portable or laptop computing device or any portable storage medium, unless that storage medium is in use as part of the organization’s designated backup and recovery processes.

Yes ☒No ☒n/a ☐

Click here to enter text.      

12.All Information systems will be configured to industry security best practices (e.g., CIS, NIST, etc.).

Yes ☒No ☒n/a ☐

Click here to enter text.      

13.Anti-Malware software will be installed, running and maintained on all systems.

Yes ☒No ☒n/a ☐

Click here to enter text.      

14.All physical access to information systems will be controlled and restricted to only those with a need to physically access these systems.

Yes ☒No ☒n/a ☐

Click here to enter text.      

15.The system/solution/service will be developed according to secure software development best practices (e.g., OWASP, etc.).

Yes ☒No ☒n/a ☐

Click here to enter text.      

16.

Automated and manual software assurance assessment, testing and remediation processes are in place to detect security flaws in the underlying application code that could pose security risks.

Yes ☒No ☒n/a ☐

Click here to enter text.      

17. The system/solution/service has capability to Yes ☒ Click here to enter text.      

Question Requirement Response Describe

integrate with the State of Minnesota’s Security Incident Event Management (SIEM) system.

No ☒n/a ☐

18.

The system/solution/service’s storage processes, backup storage processes, and security procedures being implemented ensure that there is no loss of data or unauthorized access to the data.

Yes ☒No ☒n/a ☐

Click here to enter text.      

19.Firewalls are in place at the network perimeter and between the internal network segment and any DMZ.

Yes ☒No ☒n/a ☐

Click here to enter text.    

20.

Systems and applications are patched in a timely manner to ensure critical security and operational patches and fixes are in place to ensure the confidentiality, integrity and availability of the information system.

Yes ☒No ☒n/a ☐

Click here to enter text.

21.Vulnerability tests (internal/external) are performed on all applications and platforms.

Yes ☒No ☒n/a ☐

Click here to enter text.     

22.

Online transactions must conform to reasonable commercial security standards and measures. Temporary files for all secure online transactions must be securely and permanently deleted when said transaction is complete

Yes ☒No ☒n/a ☐

Click here to enter text.     

23.

The system/solution/service will comply with the National Institute of Standards and Technology (NIST) Recommended Security Controls for Federal Information Systems and Organizations, Special Publication 800-53 revision 4, for Moderate systems.

Yes ☒No ☒n/a ☐

Click here to enter text.

Question Requirement Response Describe

24.

Independent Security audits of the system/solution/service, processes and data centers used to provide the services/solution are conducted at least annually. Audits are performed in accordance to SSAE16 SOC 2 or equivalent (e.g. FedRAMP) industry security standards. Contracted vendor will provide the most recent independent physical and logical audit results to the State of Minnesota.

Yes ☒No ☒n/a ☐

Click here to enter text.

25.

The organization will coordinate disaster recovery and business continuity processes and plans with the State of Minnesota and will provide the State of Minnesota with a detailed disaster recovery continuity of operations plan as part of their response.

Yes ☒No ☒n/a ☐

Click here to enter text.      

26.The vendor must provide a detailed explanation of the security features that are built into the proposed system/solution/service.

Yes ☒No ☒n/a ☐

Click here to enter text.     

27.

The vendor and system/solution/product/ service/proposal will comply with the requirements of the Minnesota Government Data Practices Act/Minnesota Statutes chapter 13 and applicable federal laws/regulations (e.g., HIPAA, FERPA, IRS Publication 1075, FBI/CJIS)?

Yes ☒No ☒n/a ☐

Click here to enter text.     

28.

If Federal, state or industry compliance requirements pertain to the data (e.g. CJI, IRS 1075, PHI (HIPAA), SSA, PCI, Etc.) the system/solution/service will comply with the said security policy and industry best practice.

Yes ☒No ☒n/a ☐

Click here to enter text.     

29. If CJI is in scope, organization staff (including employees, contractors and individuals

Yes ☒No ☒

Click here to enter text.

Question Requirement Response Describe

working on behalf of the organization) that come in contact with CJI will pass an FBI fingerprinted background check and sign the FBI/CJIS Security Addendum/ Certification agreement

n/a ☐

30.

All data received from the State of Minnesota or created, collected or otherwise obtained as part of this agreement will be owned solely by the State of Minnesota and all access, use and disclosure of the data shall be restricted to only that which is required to perform the organization’s duties under this agreement.

Yes ☒No ☒n/a ☐

Click here to enter text.

31.

Processes will be in place to securely destroy or delete State of Minnesota data according to the standards enumerated in D.O.D. 5015.2 from systems or media no longer being used to fulfill the terms of this agreement or upon request from the State of Minnesota.

Yes ☒No ☒n/a ☐

Click here to enter text.

32.

In the event of termination of the agreement, the organization shall implement an orderly return of State of Minnesota assets and the subsequent secure disposal of State of Minnesota assets.

During any period of suspension, the organization will not take any action to intentionally erase any State of Minnesota Data.

Yes ☒No ☒n/a ☐

Click here to enter text.   

33. An incident response plan is in place which includes notifying the State of Minnesota immediately of a known or suspected security or privacy incident involving State of

Yes ☒No ☒n/a ☐

Click here to enter text.     

Question Requirement Response Describe

Minnesota data.

STATE OF MINNESOTA

Affidavit of Non-Collusion

I swear (or affirm) under the penalty of perjury:

1. That I am the Responder (if the Responder is an individual), a partner in the company (if the Responder is a partnership), or an officer or employee of the responding corporation having authority to sign on its behalf (if the Responder is a corporation);

2. That the attached proposal submitted in response to the ________________________ Request for Proposals has been arrived at by the Responder independently and has been submitted without collusion with and without any agreement, understanding or planned common course of action with, any other Responder of materials, supplies, equipment or services described in the Request for Proposal, designed to limit fair and open competition;

3. That the contents of the proposal have not been communicated by the Responder or its employees or agents to any person not an employee or agent of the Responder and will not be communicated to any such persons prior to the official opening of the proposals; and

4. That I am fully informed regarding the accuracy of the statements made in this affidavit.

Responder’s Firm Name:___________________________________________

Authorized Representative (Please Print) ______________________________

Authorized Signature: _____________________________________________

Date: __________________

Subscribed and sworn to me this ________ day of ___________

Notary Public Signature: ________________________________

My commission expires: ________

Certification Regarding LobbyingFor State of Minnesota Contracts and Grants over $100,000

The undersigned certifies, to the best of his or her knowledge and belief that:

(1) No Federal appropriated funds have been paid or will be paid, by or on behalf of the undersigned, to any person for influencing or attempting to influence an officer or employee of any agency, a member of Congress, an officer or employee of Congress, or an employee of a Member of Congress in connection with the awarding of any Federal contract, the making of any Federal grant, the making of any Federal loan, the entering into of any cooperative agreement, and the extension, continuation, renewal, amendment, or modification of any Federal contract, grant, loan, or cooperative agreement.

(2) If any funds other than Federal appropriated funds have been paid or will be paid to any person for influencing or attempting to influence an officer or employee of any agency, A Member of Congress, an officer or employee of Congress, or an employee of a Member of Congress in connection with this Federal contract, grant, loan, or cooperative agreement, the undersigned shall complete and submit Standard Form-LLL, Disclosure Form to Report Lobbying in accordance with its instructions.

(3) The undersigned shall require that the language of this certification be included in the award documents for all subawards at all tiers (including subcontracts, subgrants, and contracts under grants, loans and cooperative agreements) and that all subrecipients shall certify and disclose accordingly.

This certification is a material representation of fact upon which reliance was placed when this transaction was made or entered into. Submission of this certification is a prerequisite for making or entering into this transaction imposed by 31 U.S.C. 1352. Any person who fails to file the required certification shall be subject to a civil penalty of not less than $10,000 and not more than $100,000 for each such failure.

__________________________________________Organization Name

__________________________________________Name and Title of Official Signing for Organization

By:_______________________________________Signature of Official

_____________________________________Date

STATE OF MINNESOTA

Workforce Certification InformationComplete this form and return it with your bid or proposal. The State of Minnesota is under no obligation to delay proceeding with a contract until a company becomes compliant with the Workforce Certification requirements in Minn. Stat. §363A.36.

BOX A – MINNESOTA COMPANIES that have employed more than 40 full-time employees within this state on any single working day during the previous 12 months, check one option below:

☐ Attached is our current Workforce Certificate issued by the Minnesota Department of Human Rights (MDHR).

☐ Attached is confirmation that MDHR received our application for a Minnesota Workforce Certificate on (date).

BOX B – NON-MINNESOTA COMPANIES that have employed more than 40 full-time employees on a single working day during the previous 12 months in the state where it has its primary place of business, check one option below:

☐ Attached is our current Workforce Certificate issued by MDHR.

☐ We certify we are in compliance with federal affirmative action requirements. Upon notification of contract award, you must send your federal or municipal certificate to MDHR at compliance.MDHR@state.mn.us. If you are unable to send either certificate, MDHR may contact you to request evidence of federal compliance. The inability to provide sufficient documentation may prohibit contract execution.

BOX C – EXEMPT COMPANIES that have not employed more than 40 full-time employees on a single working day in any state during the previous 12 months, check option below if applicable:

☐ We attest we are exempt. If our company is awarded a contract, we will submit to MDHR within 5 business days after the contract is fully signed, the names of our employees during the previous 12 months, the date of separation, if applicable, and the state in which the persons were employed. Send to compliance.MDHR@state.mn.us.

By signing this statement, you certify that the information provided is accurate and that you are authorized to sign on behalf of your company.

Name of Company: Date

Authorized Signature: Telephone number:

Printed Name: Title:

For assistance with this form, contact:Minnesota Department of Human Rights, Compliance ServicesWeb: mn.gov/mdhr/ TC Metro: 651-539-1095 Toll Free: 800-657-3704Email: compliance.mdhr@state.mn.us TTY: 651-296-1283

State of Minnesota

Equal Pay CertificateIf your response could be in excess of $500,000, please complete and submit this form with your submission. It is your sole responsibility to provide the information requested and when necessary to obtain an Equal Pay Certificate (Equal Pay Certificate) from the Minnesota Department of Human Rights (MDHR) prior to contract execution. You must supply this document with your submission. Please contact MDHR with questions at: 651-539-1095 (metro), 1-800-657-3704 (toll free), 711 or 1-800-627-3529 (MN Relay) or at compliance.MDHR@state.mn.us.

Option A – If you have employed 40 or more full-time employees on any single working day during the previous 12 months in Minnesota or the state where you have your primary place of business, please check the applicable box below:

Attached is our current MDHR Equal Pay Certificate.

Attached is MDHR’s confirmation of our Equal Pay Certificate application.

Option B – If you have not employed 40 or more full-time employees on any single working day during the previous 12 months in Minnesota or the state where you have your primary place of business, please check the box below.

We are exempt. We agree that if we are selected we will submit to MDHR within five (5) business days of final contract execution, the names of our employees during the previous 12 months, date of separation if applicable, and the state in which the persons were employed. Documentation should be sent to compliance.MDHR@state.mn.us.

The State of Minnesota reserves the right to request additional information from you. If you are unable to check any of the preceding boxes, please contact MDHR to avoid a determination that a contract with your organization cannot be executed.

Your signature certifies that you are authorized to make the representations, the information provided is accurate, the State of Minnesota can rely upon the information provided, and the State of Minnesota may take action to suspend or revoke any agreement with you for any false information provided.

Authorized Signature Printed Name Title

Organization MN/FED Tax ID# Date

Issuing Entity Project # or Lease Address

STATE OF MINNESOTA

Veteran-Owned Preference Form

Unless a greater preference is applicable and allowed by law, in accordance with Minn. Stat. §16C.16, subd. 6a, the state will award a 6% preference on state procurement to certified small businesses that are majority owned and operated by veterans.

Veteran-Owned Preference Requirements - See Minn. Stat. § 16C.19(d):

1) The business has been certified by the Office of Equity in Procurement as being a veteran-owned or service-disabled veteran-owned small business.

or

2) The principal place of business is in Minnesota AND the United States Department of Veterans Affairs verifies the business as being a veteran-owned or service-disabled veteran-owned small business under Public Law 109-461 and Code of Federal Regulations, title 38, part 74 (Supported By Documentation).

Statutory requirements and appropriate documentation must be met by the solicitation response due date and time to be awarded the veteran-owned preference.

Claim the Preference

By signing below I confirm that:

My company is claiming the veteran-owned preference afforded by Minn. Stat. § 16C.16, subd. 6a. By making this claim, I verify that:

The business has been certified by the Office of Equity in Procurement as being a veteran-owned or service-disabled veteran-owned small business.or

My company’s principal place of business is in Minnesota and the United States Department of Veteran’s Affairs verifies my company as being a veteran-owned or service-disabled veteran-owned small business (Supported By Attached Documentation)

Name of Company: _____________________________ Date: __________________________

Authorized Signature: _____________________________ Telephone: __________________________

Printed Name: _____________________________ Title: __________________________

Attach documentation, sign, and return this form with your solicitation response to claim the veteran-owned preference.

STATE OF MINNESOTA

Resident Vendor FormIn accordance with Laws of Minnesota 2013, Chapter 142, Article 3, Section 16, amending Minn. Stat. § 16C.02, subd. 13, a “Resident Vendor” means a person, firm, or corporation that:

(1) is authorized to conduct business in the state of Minnesota on the date a solicitation for a contract is first advertised or announced. It includes a foreign corporation duly authorized to engage in business in Minnesota;

(2) has paid unemployment taxes or income taxes in this state during the 12 calendar months immediately preceding submission of the bid or proposal for which any preference is sought;

(3) has a business address in the state; and(4) has affirmatively claimed that status in the bid or proposal submission.

To receive recognition as a Minnesota Resident Vendor (“Resident Vendor”), your company must meet each element of the statutory definition above by the solicitation opening date and time. If you wish to affirmatively claim Resident Vendor status, you should do so by submitting this form with your bid or proposal.

Resident Vendor status may be considered for purposes of resolving tied low bids or the application of a reciprocal preference.

I HEREBY CERTIFY THAT THE COMPANY LISTED BELOW:

1. Is authorized to conduct business in the State of Minnesota on the date a solicitation for a contract is first advertised or announced. (This includes a foreign corporation duly authorized to engage in business in Minnesota.)___Yes ___No (must check yes or no)

2. Has paid unemployment taxes or income taxes in the State of Minnesota during the 12 calendar months immediately preceding submission of the bid or proposal for which any preference is sought.___Yes ___No (must check yes or no)

3. Has a business address in the State of Minnesota.___Yes ___No (must check yes or no)

4. Agrees to submit documentation, if requested, as part of the bid or proposal process, to verify compliance with the above statutory requirements. ___Yes ___No (must check yes or no)

BY SIGNING BELOW, you are certifying your compliance with the requirements set forth herein and claiming Resident Vendor status in your bid or proposal submission.

Name of Company: __________________________________________ Date: _____________________________

Authorized Signature: __________________________________________ Telephone: _____________________________

Printed Name: __________________________________________ Title: _____________________________

IF YOU ARE CLAIMING RESIDENT VENDOR STATUS, SIGN AND RETURN THIS FORM WITH YOUR BID OR PROPOSAL SUBMISSION.

ADM2-07a • 7/6/12 Page 59 of 61