DRAFT Request for Proposals (RFP) Production Hosting

Transcription

1 DRAFT Request for Proposals (RFP) Production Hosting Maryland Health Benefit Exchange (Exchange) SOLICITATION NO: MDM Issue Date: DATE Minority Business Enterprises are Encouraged to Respond to this Solicitation NOTICE Prospective Offerors who have received this document from the Exchange s web site or emarylandmarketplace.com, or who have received this document from a source other than the Procurement Officer, and who wish to assure receipt of any changes or additional materials related to this RFP, should immediately contact the Procurement Officer and provide their name and mailing address so that addenda to the RFP or other communications can be sent to them. 1

2 STATE OF MARYLAND HEALTH BENEFIT EXCHANGE KEY INFORMATION SUMMARY SHEET Proposal Name: Production Hosting Solicitation Number: Issue Date: RFP Issuing Office: Procurement Officer: Contract Monitor: DATE Maryland Health Benefit Exchange Roger Lewis Office Phone: Kevin Yang Office Phone: Proposals are to be sent to: Maryland Health Benefit Exchange 750 E. Pratt St. 16 th Floor Baltimore, Maryland Attention: Leslie Lyles Smith, Procurement Officer Closing Date and Time: DATE MBE Subcontracting Goal: 10 % 2

3 TABLE OF CONTENTS SECTION 1 GENERAL INFORMATION SUMMARY STATEMENT Overview Phases of the HIX Implementation Production Systems Environment ABBREVIATIONS AND DEFINITIONS CONTRACT TYPE CONTRACT DURATION PROCUREMENT OFFICER CONTRACT MONITOR PRE-PROPOSAL CONFERENCE EMARYLAND MARKETPLACE QUESTIONS PROPOSALS DUE - DATE AND TIME DURATION OF OFFER REVISIONS TO THE RFP CANCELLATIONS & DISCUSSIONS ORAL PRESENTATION INCURRED EXPENSES ECONOMY OF PREPARATION PROTESTS DISPUTES MULTIPLE OR ALTERNATE PROPOSALS PUBLIC INFORMATION ACT NOTICE OFFEROR RESPONSIBILITIES STANDARD CONTRACT PROPOSAL AFFIDAVIT CONTRACT AFFIDAVIT MINORITY BUSINESS ENTERPRISES ARREARAGES PROCUREMENT METHOD VERIFICATION OF REGISTRATION AND TAX PAYMENT PAYMENTS BY ELECTRONIC FUNDS TRANSFER LIMITATION OF LIABILITY LIQUIDATED DAMAGES FAILURE TO MEET PERFORMANCE REQUIREMENTS Liquidated Damages Failure to Meet Project Deliverable Schedule Criteria Liquidated Damages Failure to Meet Project Deliverable Schedule Criteria Liquidated Damages Transition In and Transition Out Timelines Liquidated Damages Service Levels Liquidated Damages Key Personnel Liquidated Damages Disaster Recovery LIVING WAGE REQUIREMENTS PROMPT PAYMENT POLICY FEDERAL FUNDING ACKNOWLEDGEMENT AND CERTIFICATIONS

4 1.35 CONFLICT OF INTEREST AFFIDAVIT AND DISCLOSURE NON-VISUAL ACCESS COTS SOFTWARE WITHDRAWALS SUBSTITUTION OF PERSONNEL TAX EXEMPTIONS COMPLIANCE WITH FEDERAL HIPAA AND STATE CONFIDENTIALITY LAW PERFORMANCE BOND SECTION 2 SCOPE OF WORK HOSTING Data Center Requirements Disaster Recovery, Back Up and Restoration Problem Management Project Management Transition In Transition Out x7 Infrastructure Support Services Software Licenses Continuous Improvement Planning Evaluation and Testing Technical Refresh and Software Currency Security Common Services Services for Application and Utility Servers Application and Utility Servers Web/Non-Mainframe Hosting Requirements DELIVERABLES Draft Deliverables Final Deliverables Project Deliverable Delivery Schedule Offeror s Staffing Model and Specific Skills Offeror Qualifications Change Orders SERVICE LEVEL METRICS System Availability SLA Processing Performance SLA Real-Time Transaction Performance SLA Business Continuity SLA HIPAA Compliance SLA Statutory Penalties PROJECT POLICIES, GUIDELINES, AND STANDARDS Oversight Physical Security Criminal Background Check INVOICING AND PAYMENT TYPE Invoice Requirements INSURANCE REQUIREMENT

5 SECTION 3 PROPOSAL FORMAT TWO PART SUBMISSION PROPOSALS DELIVERY VOLUME I TECHNICAL PROPOSAL Format of Technical Proposal Additional Required Technical Submissions Technical Proposal Order VOLUME II - FINANCIAL PROPOSAL SECTION 4 EVALUATION CRITERIA AND SELECTION PROCEDURE EVALUATION CRITERIA Technical Criteria Financial Criteria Offeror Minimum Qualifications EVALUATION PROCESS General Selection Process Sequence Award Determination SECTION 5 ATTACHMENTS ATTACHMENT A STANDARD CONTRACT ATTACHMENT B BID/PROPOSAL AFFIDAVIT ATTACHMENT C CONTRACT AFFIDAVIT ATTACHMENT D - MINORITY BUSINESS ENTERPRISE GOAL AND FORMS ATTACHMENT E PRE-PROPOSAL CONFERENCE RESPONSE FORM ATTACHMENT F - FINANCIAL PROPOSAL FORM ATTACHMENT G LIVING WAGE REQUIREMENTS FOR SERVICE CONTRACTS ATTACHMENT G-1 MARYLAND LIVING WAGE AFFIDAVIT OF AGREEMENT ATTACHMENT H FEDERAL FUNDS REQUIREMENTS AND CERTIFICATIONS ATTACHMENT I CONFLICT OF INTEREST AFFIDAVIT AND DISCLOSURE ATTACHMENT J BUSINESS ASSOCIATE AGREEMENT ATTACHMENT J-1 BREACH OF UNSECURED PROTECTED HEALTH INFORMATION ATTACHMENT K NON-DISCLOSURE AGREEMENT (AWARD) ATTACHMENT L HARDWARE SPECIFICATION

6 SECTION 1 GENERAL INFORMATION 1.1 SUMMARY STATEMENT The Maryland Health Benefit Exchange (MHBE) intends to contract with a qualified offeror to provide a data center hosting facility and related services for MHBE s Health Insurance Exchange (HIX) solution. The scope of work includes providing production hosting services within the continental United States as well as system monitoring and support, security, backup and recovery procedures and definenment and execution of disaster recovery, continuity of operations processes. The MHBE is not seeking software application development and maintenance services under this solicitation. The data center Offeror will be required to work closely with the current IT Systems Integrator and the to-be-determined maintenance and operations vendor. Please note that this a draft RFP. MHBE Intends to release this RFP in final form by February 15 th pending approval from CMS. MHBE may modify this RFP based on direction from CMS or due to comments received from potential offerors. All pertinent dates related to this solicitation will be provided upon RFP finalization. Please submit all questions to hix.procurement@maryland.gov. MHBE will track all comments and changes to the RFP and include a summary of changes with the final RFP. MHBE reserves the right to cancel or delay this RFP at its discretion OVERVIEW Signed into law by President Obama on March 23, 2010, the ACA requires States to begin operating a Health Insurance Exchange by January 1, 2014 or to allow the federal government to operate an Exchange on their behalf. In legislation adopted April 12, 2011, the State of Maryland is in the process of establishing its own Exchange. The Exchange will provide Maryland s residents and small businesses with the opportunity to compare rates, benefits, and quality among insurance plans and enroll in products that best suit their needs. It also will be the entity that evaluates eligibility for Medicaid, advance premium tax credits and other affordability programs designed to make coverage more affordable for individuals below 400 percent of the federal poverty level (FPL). The State of Maryland is currently in design, development, and implementation of its Health Insurance Exchange Solution (HIX) and has awarded a systems integrator contract to Noridian to fulfill these services. The State of Maryland has elected to establish a single IT infrastructure to evaluate eligibility for Exchange plans, Medicaid, Maryland Children s Health Program (MCHP), and advance premium tax credits and costsharing reductions. The State of Maryland will eventually integrate eligibility determinations for other human services programs into the HIX and therefore requires that the services procured under this RFP are scalable in nature to meet current and future demand. To comply with federal requirements, Maryland must successfully develop and test its new eligibility and enrollment system by no later than the Spring of While MHBE coverage will not be effective until January 1, 2014, the HIX hosting environment must be prepared to begin pre-enrolling people by October 1, In light of this aggressive timeline and the expansive scope of the work required, Maryland will implement its new system in phases, beginning with core HIX and Medicaid functions. The HIX application, currently residing in the development / testing environment located in Fargo, North Dakota, will be transitioned into the production hosting environment no later than July 2013, in order for testing of the production application to commence. The offeror awarded this contract will work directly with Noridian, the system interator, to ensure the HIX application is successfully transitioned to the production hosting environment. 6

7 This solicitation seeks to procure secure data center hosting facilities, and hosting services described within this RFP including hardware, operating systems administration, monitoring, disaster recovery and back up services from qualified offerors. Maryland procured the hardware and software necessary to establish development / testing and staging environemnts. A listing of the hardware / software currently in place to support the development / testing and staging environemnts is included in Attachment L as a guide for Offerors to leverage while compiling their hardware / software estimates. The State reserves the right to issue an optional task order, to the selected Offeror, for the procurement of additional hardware / software as required based on detailed capacity planning and assessments to ensure the hosting environment meets the requirements of the State. Given the aggressive timelines and current environment, qualified Offerors will be responsible for working with the existing system integrator and future HIX application maintenance vendors to ensure the HIX is adequately supported and the hosting environment is stood up in time to meet proposed and required go-live dates. This solicitation does not seek application maintenance, bug-fixes, or similar services. The detailed requirements associated with this procurement can be found in Section 2.0 Scope of Work. There are multiple stakeholder organizations that the Data Center Offeror will interact with in the performance of its duties. The Data Center Hosting Contract Monitor will be the principal contact for the hosting service provider and the recipient of all hosting status reports and other deliverables. Additionally, the Data Center Offeror will have access to the following stakeholder organizations whose leadership and staff will be available to provide detailed information on their roles on the project as well as any information pertinent to the set-up and operations of the Production Data Center: The Department of Health and Mental Hygiene (business and technical leadership of the State s Medicaid Program) The Department of Human Resources (business and technical leadership of the State s processes for determining eligibility for social services programs, including Medicaid) The Maryland Health Benefit Exchange (business and technical leadership of Maryland s Individual and SHOP Exchanges) The HIX Project Management Office (overall program management and technical implementation coordination) The HIX Systems Integrator (prime Offeror for the development of the HIX system and liaison to COTS product vendors for eligibility and enrollment, plan management, etc.) The prime Offeror for the HIX DDI is Noridian Administrative Services, LLC (NAS). The primary COTS vendors are IBM Curam for health insurance eligbility and enrollment, and Connecture for QHP plan management, presentment, and selection. Additionally, a key component of the solution is the Exact service orchestration platform, which provides integration and messaging between the COTS solution and other technical services (e.g. document management, business intelligence, identity access management, etc.) Figure 1 below provides a high level architectural representation of the HIX solution. Other software components not pictured in this diagram may need to be hosted in the production data environment or integrated with the HIX solution. An example would be customer relationship management (CRM) software. The state is currently determining whether an integrated CRM solution will be premise based or hosted in a secure government cloud. The HIX solution will be part of a larger eco-system of solutions whose purpose will be to support end-toend eligibility determinations and enrollment into affordable health coverage and in the future other social services. As such, there will be dozens of systems that will be integrated with the HIX from the federal data hub to state eligibility sources, to Medicaid and commercial insurance enrollment and claims processing 7

8 systems. In essence, the HIX will be a sales channel and a transaction clearing house with up to tens of thousands of daily transactions. Additionally, there will be thousands of case workers and other types of customer assistors who will need secure access to account management functionality with remote access into the HIX firewall. Further, there will be tens of thousands of registered users who will access the HIX to register for health insurance subsidies and to shop for an enroll in health insurance coverage. The application maintenance and operations vendor (not included as part of the scope of this RFP) will have responsibility for ensuring that the HIX will be able to support these data interfaces and user access requirements by providing specifications for hardware and software configurations, processors, storage, COTS licenses, etc., and will require access to the hosting environment to perform these duties. Figure 1 High Level HIX Systems Architecture PHASES OF THE HIX IMPLEMENTATION To ensure it can meet ACA requirements, the Exchange plans to implement the HIX in three phases. The first phase is focused on ensuring that Maryland meets the federally- mandated deadline for creating an operational Exchange by January 1, In future phases, the State may establish a fully integrated system for determining eligibility for social services programs. These phases are included below to give bidders an understanding of the full scope of Maryland s implementation efforts. The production hosting environment must be scalable to accommodate subsequent phases of the HIX implementation. Phase 1: Core Exchange Functions and MAGI Medicaid Eligibility Determinations. The purpose of Phase 1 is to provide individuals and small businesses with tools to compare qualified health plans, obtain information about those plans, and enroll in an insurance product, as well as to establish eligibility for, and enroll in, all applicable State health subsidy programs, as the term is 8

9 defined in 1413 of the ACA. Most, but not all, of the functionality required to implement Phase 1 was procured through the IT SI Vendor contract award: o Phase 1a: Selected Exchange Functions and MAGI Eligibility Determinations: Phase 1a encompasses creating the capacity for the HIX to provide individuals with tools to compare qualified health plans, obtain information about those plans, enroll in an insurance product, be evaluated for eligibility for all applicable State health subsidy programs and have net cost calculated after the subsidy is applied (Calculator). Phase 1b: SHOP, Maintenance, Hosting, Operations and Other Selected Services: Phase 1B includes some additional business functionality such as the SHOP Exchange and technology required to support premium billing and collections. The MHBE has made the decision to issue a competitive RFP for hosting services. Other decisions on optional task orders are pending. Phase 2: Integrating Non-MAGI Medicaid Eligibility Determinations. In Phase 2, the State will upgrade the HIX to incorporate non-modified Adjusted Gross Income (non-magi) Medicaid eligibility determinations into the system. As a result, seniors, people with disabilities, and individuals needing long-term care services would also have their eligibility for Medicaid determined through the HIX. Phase 3: Integrating Social Services Programs. In Phase 3, the State will add the capacity to conduct eligibility determinations for other social services programs, such as the Supplemental Nutrition Assistance Program (SNAP) and Temporary Assistance for Needy Families (TANF). The full integration of health and human services programs into the same eligibility system may simplify the process for low- and moderate-income families to enroll in the full array of programs for which they might qualify. The State has made the decision to combine Phases 2 and 3 into a single implementation effort. The scheduled completion date for this implementation is the end of The following diagram provides a high-level HIX design, development, and implementation schedule in the context of CMS/CCIIO s Exchange Life Cycle (ELC) and Investment Life Cycle (ILC) milestone gate reviews for Phase 1. As an early innovator state, Maryland developed its schedule and subsequent IT Vendor RFP within the context of the ILC. In subsequent guidance, CCIIO introduced the ELC methodology. Maryland has cross-walked the deliverables and gate reviews from the ILC to the ELC and intends to conform to both methodologies. 9

10 Figure 2 High Level Development Timeline Note that the effort to deploy the HIX solution to the production environment is scheduled for Q3 of Assuming that the contract start date for the production Offeror is April 1, 2013, the State has allotted three months for the successful Offeror to set up and configure the production environment and transition the requisite hardware and software to that environment. This time will also be used to set up any required network (Maryland Statewide Government Intranet (SwGI)) and internet connectivity as well as the processes, monitoring, reporting, and other administrative functions specified in this RFP PRODUCTION SYSTEMS ENVIRONMENT This section outlines the proposed landscape which the Offeror s services will support. The subsections and descriptions may be issued via additional procurements, optional task orders to existing agreements, or optional task orders to this procurement. The intent of this section is to provide additional insight into the overall enterpirse. The production systems environment will include multiple related software, hardware, and services contracts. The following diagram provides a high level representation of the production system development and operations landscape. While many of the functions represented below will be stand-alone and discrete activities that will require their own contracts with the State, ther State recognizes that there are opportunities to combine some of these functions into a single vendor contract to achieve administrative efficiency and to reduce the complexity of having multiple vendors managing related or integrated functions. 10

11 Figure 3 Production Systems Development and Operations Landscape Production Hosting and Operations Through this RFP, MHBE seeks the services of a vendor to provide a production hosting facility and associated operations support. The specific scope and functions for the hosting vendor are described in Section 2.0. Generally, the offeror will perform systems operations support for the hardware and network infrastructure including performance monitoring, back-ups, restores, security planning and implementation, capacity planning, hardware/os patches and upgrades, etc. The following information about the production systems landscape is provided to inform offerors of the applications for which they will provide the underlying infrastructure as well as organizations that they will collaborate with on a daily basis. COTS and HIX Application Maintenance (not a component of this procurement): The State has software contracts with multiple COTS vendors or possesses licenses for hosted applications that provide the core functionality for the HIX solution. It will be the responsibility of the HIX Application Maintenance vendor to work with the HIX COTS vendors to plan the incorporation of new COTS releases, patches and upgrades into the core HIX solution. Additionally, the application maintenance vendor will maintain and enhance any custom code or interfaces included as part of the HIX solution. The application maintenance vendor will have its own development, test, and staging environments in its own facility where it will perform its development and integration functions. These environments may be transitioned to the hosting facility over time, however, the intent of this RFP is for the Offeror to provide 11

12 hosting for the production environment. The application maintenance vendor will have responsibility for working with the Offeror to migrate new releases of the complete HIX system to the production hosting environment. As such the Offeror must understand and plan for logical and physical access for application maintenance staff as well as other parties authorized by the State to access the production environment. The application maintenance vendor will have responsibility for providing the hardware, software, and connectivity specifications to the Offeror. The Offeror will be responsible for procuring the hardware and software that will be installed into the production hosting facility with guidance from the State and application vendors (Reference Attachment L for guidance). The Offeror will have responsibility for maintaining the infrastructure once installed and then have ongoing responsibility for hardware /OS technical upgrades and refreshes. These functions are defined in further detail in Section 2. Please note that the State does not have an Application Maintenance vendor in place at the time of this RFP. As referenced above Noridian Administrative Services is the State s Primary Systems Integrator. Noridian s contract end date is January, As a result, where the RFP references the Application maintenance vendor, Noridian will perform those functions until an application maintenance vendor is on board or until the end of the Noridian Contract date, whichever comes first. Applications Operations (not a component of this procurement): Beyond application maintenance, the State is in the process of formulating a strategy for IT application operations, which will include functions such as software configuration management, database management, systems administration, tier 2 technical support, partner operations support and other functions that do not require code changes. MHBE will begin production systems operations in 2013 with significant transactional activity starting in July in the form of QHP data exchanges and other partner integration supporting open enrollment in October. This volume will increase dramatically once the open enrollment period begins and will include tens of thousands of daily transactions involving employers, employees, and individuals enrolling into affordable health care coverage. To ensure that production systems operations meet the high quality and service expectations of the MHBE and its stakeholders, the MHBE must have the appropriate technical resources, policies and procedures to ensure that ongoing applications operations are managed appropriately. The applications operations functions, once Exchange systems are live, will include the following activities: Software Configuration Management: Comprehensive oversight of the technical environments upon which the HIX systems are maintained, enhanced, and operated. Application Operations functions within the software configuration and environment management space include: Develop and maintain the policies and procedures related to the number and purpose of technical environments. Such environments include development, testing, integration, staging, production, and failover/ disaster recovery. Maintain the schedule for migration of new software patches and releases into each environment taking into consideration critical business operations. For example, the timing of a new release or patch should not occur during a heavy transaction period. Map bug fixes and enhancements to planned releases. Communicate the timing of scheduled releases to all stakeholders. 12

13 Facilitate go / no-go decision meetings regarding the promotion of code to the production environment, securing proper authorization from senior managers. Coordinate production deployments with IT vendors. Develop back-out and restoration plans, in conjunction with the applpication maintenance vendor, if newly promoted code needs to be backed out of production environments. Given that Maryland HIX systems will be newly implemented and that there will be numerous interfaces with partner and state systems, we anticipate a large volume of bug fixes and enhancements that will need to be tested and deployed to the production environment. Due to the volume of these types of software changes in year one, additional environmental management support will be required to coordinate and communicate code migrations. Application Administration: Configuration and maintenance of HIX business rules and table-driven administrative data that are applied without software coding changes. These are primarily data that drive system behavior or provide context to users (e.g. drop down selection lists) when performing system actions. Examples of systems administration actions include: Maintaining business rules for HIX COTS components including Exact, Curam, and Connecture Maintaining property and configuration files that the HIX solution relies upon to process information, send notifications, and produce reports Review log files and other automated metrics and reports to ensure that automated updates of HIX admin data sourced from other systems are loaded and updated properly. Examples include: o Provider network information from CRISP o Certified navigator and broker data from the MHBE connector / navigator / broker / assister management system Manually update and maintain administrative data through online system administration screens / functions provided by COTS vendors Year one will include the initial set-up and population of code tables including setting up accounts for thousands of internal system users (e.g. case workers), registering and populating thousands of brokers, producers, navigators, and TPAs into reference tables and correcting issues with settings and configurations. Additional business and technical policies and procedures for updating and maintaining this information will need to be developed. Tier 2 Customer Support and Help Desk Services: Maintenance of the processes and tools to track IT- related issues and problems. This function includes the operation and maintenance of a help disk ticket system. These IT operational resources will have responsibility for managing the priority of tickets and working with the IT vendor to make sure that they are addressed appropriately. Additionally, these resources will provide the next level of customer technical support after Tier 1 call center support. Specifically, the following types of Tier 2 technical support will be provided: Basic customer technical support such as password resets and unlocking accounts 13

14 Logging and reviewing help desk tickets submitted by CSRs Liaison with HIX applications maintenance staff to report issues and track their resolution. Communication back to CSRs on status of help desk tickets Communication with the IT Hosting vendor, who will provide Tier 3 technical support involving hardware, connectivity, and other instrastructure related issues In year one of production operations, we anticipate there will be a heavy workload on Tier 2 customer support staff as bugs and issues are uncovered with the production systems. The logging of issues and responding to technical inquiries as well as working with maintenance staff to address will require additional resources beyond the long term tier 2 / help desk staff compliment. The hosting vendor need to be available to the tier 2 technical support team to provide critical application support as needed. Partner Operational Technical Support: Management of partner data Exchanges and other transactions with responsibility for job scheduling, proactive business activity monitoring, and issue resolution are key functions of the partner operational technical support team. Operational technical support will work with the following partners to ensure that data exchanges and reports are scheduled appropriately, run, and completed successfully. Carriers (QHP plan information, enrollment files, payment files) Federal Government (data exchanges through the federal data hub) NAIC (QHP data exchanges, navigator and producer information) CRISP (provider network information) CARES/MMIS (enrollment files) MHCC (QHP quality data) MIA (producer data files) In the carrier space alone, we anticipate working with over 20 carriers to exchange plan data, group and individual enrollment data, payment data, provider network files, broker affiliations, and quality information. Additional Offeror staff will be required to support year one partner technical operations and address issues with failed data exchanges, resubmission of files, and other forms of trouble-shooting and remediation. Security Monitoring and Assessment Support: A critical success factor for the MHBE will be to create and maintain an adequate and appropriate IT security posture. The Maryland HIX systems will be fully tested to ensure that they inherently have the functionality to support IT security compliance in accordance with all relevant federal and state guidelines; however, the operations of the HIX systems including the maintenance of strong production controls and the development of supporting policies and procedures are equally important. Maryland anticipates requiring specialized Offeror support with the IT security credentials and background to build these policies and procedures, controls, and assessment routines. The security team under application operations will be required to test security protocols and support the resolution of any software-related or operational security threats or concerns. Aditionally, they will be required to develop training materials and data to ensure that MHBE can adequately track systems and data access and be prepared for IT security audits. 14

15 The Applications Operations team will also need appropriate secure access to the production environment in order to perform the critical functions described above. Further details associated with the Application Operations optional task order are included in Attachement XX. As an Early Innovator state and a recognized leader in the design and implementation of HIX systems capabilities, Maryland is committed to leveraging our knowledge, experience, and technology in support of other states HIX implementation efforts. As such, Maryland has developed a reuse strategy whereby Maryland may in the future provide shared services or hosted solutions to other States. The offeror should anticipate that expansion of infrastructure may be required to support these shared services and hosting arrangements. 1.2 ABBREVIATIONS AND DEFINITIONS For purposes of this RFP, the following abbreviations or terms have the meanings indicated below: Term ACA BAFO Best of Breed BRD CARES CCIIO CD CFDA CHIP CIO Cloud CM CMMI CMS COMAR Contract COTS CRM Definition Affordable Care Act, which consists of The Patient Protection and Affordable Care Act, as amended by the federal Health Care and Education Reconciliation Act of Best and Final Offers The best product of its type Business Requirements Document Client Automated Resource and Eligibility System Center for Consumer Information and Insurance Oversight Compact Disc Catalog of Federal Domestic Assistance Children s Health Insurance Program (Federal) Chief Information Officer The use of computing resources (hardware and software) that are delivered as a service over a network. Contract Monitor - The State representative for this project who is primarily responsible for contract administration functions, including issuing written direction, monitoring this project to ensure compliance with the terms and conditions of the contract, and ensuring on budget/on time/on target (e.g., within scope) completion of the project. Capability Maturity Model Integration Centers for Medicare and Medicaid Services Code of Maryland Regulations available on-line at The Contract awarded to the successful Offeror pursuant to this RFP. Commercial-off-the-Shelf Customer Relationship Management 15

16 Term CSR DDI DDR DGS DHMH DHR DLLR DR DoIT EDI EFT emm EPA ephi ESB EVMS Exchange FFP FIPS FISMA FOA FPL FRD GUI HHS HIE HIPAA HITECH HIX Hosting ILC Definition Customer Service Requests Design, Development, Implementation Detailed Design Review Maryland Department of General Services Maryland Department of Health and Mental Hygiene Maryland Department of Human Resources Maryland Department of Labor, Licensing and Regulation Disaster Recovery Department of Information Technology Electronic Data Interchange Electronic Funds Transfer emaryland Marketplace Environmental Protection Agency electronic Protected Health Information Enterprise Service Bus Earned Value Management System Maryland Health Benefit Exchange Firm Fixed Price Federal Information Processing Standard Federal Information Security Management Act Funding Opportunity Announcement Federal Poverty Level Functional Requirements Document Graphical User Interface Department of Health and Human Services Health Information Exchange Health Insurance Portability and Accountability Act Health Information Technology for Economic and Clinical Health Act Health Insurance Exchange Solution The physical location of the server and application environment for the HIX solution. Investment Life Cycle 16

17 IO IRS IT IVR IV&V JAD LAN LDAP Term Local Time MAGI Maryland Health Assistance Programs MBE MCHP MD MDOT MDM MDI MDT MHBE MIA MITA MMIS NAICS NHIN NIEM NIST No Wrong Door Information Operations Internal Revenue Service Information Technology Interactive Voice Recognition System Independent Validation and Verification Joint Application Development Local Area Network Lightweight Directory Access Protocol Definition Time in the Eastern Time Zone as observed by the State of Maryland Modified Adjusted Gross Income This term refers to: Advanced Premium Tax Credits, cost sharing reductions, Medicaid and MCHP A Minority Business Enterprise certified by the Maryland Department of Transportation under COMAR Maryland Children s Health Program Maryland Maryland Department of Transportation Master Data Management Master Data Index Maximum Down Time Maryland Health Benefit Exchange Maryland Insurance Administration Medicaid Information Technology Architecture Medicaid Management Information System North American Industry Classification System National Health Information Network National Information Exchange Model National Institution of Standards & Technology The concept of allowing people to apply for multiple affordability programs using a single, unified process that does not require them to know in advance the program for which they are likely to qualify. 17

18 Term Normal State Business Hours NSA NTP Offeror OLAP OSC OSHA OTHS PKI PM PMP PPM PPP Procurement Officer QHP RFP SDD SDLC SHOP SI SLA SNAP SOW SSCD State SwGI TANF Definition Normal State business hours are 8:00 a.m. 5:00 p.m. Monday through Friday except State Holidays, which can be found at: - keyword State Holidays. National Security Agency Notice to Proceed: Letter from Contract Monitor to Offeror stating the date the Offeror can begin work subject to the conditions of the contract. An entity that submits a proposal in response to this RFP Online Analytical Processing Office of the State Comptroller Occupational Safety and Health Administration Office of Technology for Human Services Public Key Infrastructure Program Manager Project Management Plan Project Portfolio Management Procurement Policies and Procedures The Exchange representative for the resulting Contract. The Procurement Officer is responsible for the Contract and is the only individual who can authorize changes to the Contract. Exchange may change the Procurement Officer at any time by written notice to the Offeror. Qualified Health Plan Request for Proposals System Design Document Software Development Life Cycle Small Business Health Options Program System Integrator Service Level Agreement Supplemental Nutrition Assistance Program Statement of Work System Security Consensus Document The State of Maryland Statewide Government Intranet Temporary Assistance for Needy Families 18

19 Term Tier I Tier II Tier III UAT UI UML WAN XML WBS WCAG Definition Tier I Data Center Single path for power and cooling distribution with no redundant components % availability. A Tier I data center is susceptible to disruptions from both planned and unplanned activities. Data center disruptions are caused by operation errors or spontaneous failures of site infrastructure components. Tier I data centers should be shut down at least once per year for repairs and maintenance. Tier II Data Center Single path for power and cooling distribution with redundant components % availability. Because of its redundant components, there is less risk of disruptions from scheduled and unpredictable activity compared to Tier I data centers. Tier II data centers are designed with a single-threaded distribution path throughout. This translates into a Need plus One capacity (N+1). If and when critical power paths and other site infrastructure require maintenance, Tier II data centers must also be shut down. Tier III Data Center - Multiple power and cooling distribution paths. These data centers only have one active path with redundant components. They are also concurrently maintainable % availability. Planned site maintenance can be performed on Tier III data centers without causing any disruptions. Thus, preventative maintenance, testing and repair can be scheduled and carried out without shutting down the infrastructure. Similar to Tier II data centers, Tier III data centers do have N+1 capacity design. However, due to their multiple paths for power and cooling, annual IT downtime is significantly lower. Unplanned activities like errors in operation and chance failures of infrastructure components can and will result in loss of uptime. User Acceptance Testing User Interface Unified Modeling Language Wide Area Network Extensible Markup Language Work Breakdown Structure Web Content Accessibility Guidelines 1.3 CONTRACT TYPE The contract resulting from this solicitation shall be a Firm-Fixed-Price (FFP) contract. 1.4 CONTRACT DURATION The Contract resulting from this RFP shall be for a period of five (5) years beginning on or about DATE and ending on DATE. At the sole option of the MHBE, the contract period may be extended for up to XX additional years. The Exchange reserves the right to issue additional option years to the initial contract as outlined in Section XX. 19

20 1.5 PROCUREMENT OFFICER The sole point of contact for the MHBE for purposes of this RFP prior to the award of any Contract is the Procurement Officer at the address listed below: Roger Lewis Maryland Health Benefit Exchange 750 E. Pratt St. 16 th Floor Baltimore, Maryland Phone: MHBE may change the Procurement Officer at any time by written notice. 1.6 CONTRACT MONITOR The Contract Monitor for this contract after it is awarded is: Kevin Yang Maryland Health Benefit Exchange 750 E. Pratt St. 16 th Floor Baltimore, Maryland Phone: MHBE may change the Contract Monitor at any time by written notice. 1.7 PRE-PROPOSAL CONFERENCE A Pre-Proposal Conference will be held on DATE beginning at TIME Local Time, at LOCATION. Attendance at the Pre-Proposal Conference is not mandatory, but all interested Offerors are encouraged to attend in order to facilitate better preparation of their proposals. As promptly as is feasible, subsequent to the conference, a summary of it and all questions and answers known at that time will be distributed to all prospective Offerors known to have received a copy of this RFP. This summary will also be posted on emaryland Marketplace (emm). In order to assure adequate seating and other accommodations at the Pre-Proposal Conference, please mail or the Pre-Proposal Conference Response Form to the attention of the Procurement Officer (see section 1.5) no later than DATE at TIME Local Time. The Pre-Proposal Conference Response Form is included as Attachment E to this RFP. In addition, if there is a need for a sign language interpretation and/or other special accommodations for individuals with disabilities, please call the Procurement Officer no later than DATE at TIME Local Time. MHBE will make a reasonable effort to provide such special accommodations. 1.8 EMARYLAND MARKETPLACE Each Offeror must indicate its emm vendor number in the Transmittal Letter (cover letter) submitted at the time of their Technical Proposal submission to this RFP. emm is an electronic commerce portal administered by the Maryland Department of General Services (DGS). In addition to using the MHBE stakeholder website and possibly other means of transmission, the RFP, associated materials, summary of the Pre-Proposal Conference, Offeror questions and Exchange 20