Professional Documents
Culture Documents
Proponent Section: A person authorized to sign on behalf of the Proponent, and to bind the Proponent to statements made in response
to this Request for Proposal, must complete and return this Proponent Section by mail/courier/hand delivered, leaving the rest otherwise
unaltered, and return one original with the first copy of the proposal.
The undersigned agrees that enclosed proposal is submitted in response to the above-referenced Request for Proposal, including any
addenda. Through submission of this proposal we agree to all of the terms and conditions of the Request for Proposal and agree that any
inconsistent provisions in our proposal will be as if not written and do not exist. We have carefully read and examined the Request for
Proposal, and have conducted such other investigations as were prudent and reasonable in preparing the proposal. We agree to be
bound by statements and representations made in our proposal.
Title:
Date: Email:
The Vancouver Island Health Authority (VIHA) is one of six health authorities in the province of British
Columbia, Canada. Through a network of hospitals, clinics, centres, health units, and residential
facilities, VIHA provides health care to more than 752,000 people on Vancouver Island, on the islands of
the Georgia Strait, and in mainland communities north of Powell River, and South of Rivers Inlet. Our
health care services include hospital, community and home care. VIHA also provides environmental and
public health services, including education and prevention.
VIHA is governed by a board of directors, appointed by the provincial government. An executive team
leads the delivery of health service within the health authority.
VIHA is publicly funded, and accountable to the provincial government and the public for resources used
in delivering health care and services.
This Request for Proposal (RFP) is issued on behalf of the Risk Management and Human Resources
Departments within VIHA in a joint effort to procure a system that will support VIHA’s allowing
employees and the public to confidentially report perceived violations of policy, ethical practice and law.
2. S UMMARY OF R EQUIREMENTS
Large organizations across Canada and the United States have procured confidential reporting services to
allow employees and the public to confidentially report perceived violations of policy, ethical practice
and law. Examples of organizations include Canada Post, Transportation Safety Board of Canada, Telus
2 of 45
RFP Template >$75,000 – May, 2010
and NASA. VIHA is committed to achieving best practices in these areas of transparency and
accountability, and as such is seeking to procure a Confidential Reporting Services.
The Confidential Reporting Service will be a third party confidential service accessible to the public and
all VIHA employees, physicians and volunteers to report perceived wrong doing. The system will be
free of charge to the end-user; and easy to use. It will also provide tools to allow VIHA to efficiently
receive anonymous reports and respond appropriately.
The term of this engagement is expected to be at least five years, with an option to renew for an additional
5 years. The successful proponent will design, implement and manage the Confidential Reporting Service
for VIHA and provide ongoing related services.
1. Enable anonymous and confidential reporting from members of the public, employees, volunteers
and physicians (the “end user”) and route anonymous information to designated VIHA staff for
follow-up.
2. Receive reports by phone or electronically (web) 24 hours a day, 365 days per year subject to the
availability of Internet and utilities.
3. Be multi-lingual with instructions that are easily understood by the average person.
4. Discourage end users from providing personally identifiable information, unless they consent to
do so.
5. Advise end users about how to protect their privacy when reporting and how to correct personal
information if provided.
6. Provide confirmation of report receipt to the end user.
7. Advise end users of options available to resolve concerns, if the user if comfortable with a non-
anonymous process.
8. Classify complaints according to a prescribed VIHA framework that may change over time.
Examples include:
• Theft
• Fraud
• Non-complaint activities
• Client Abuse
• Inappropriate/non approved use of online resources as set out in VIHA policy
• Conflict of interest
9. Provide access to designated VIHA staff for web-based reporting to track complaints from intake
to closure during reasonable business hours.
10. Track the progress of investigations and case management of the issues.
11. Include summary management reporting with metrics such as volume by defined time period, by
classification and length of time to resolve an issue.
VIHA may also structure its contractual relationship with the successful Proponent in a manner
that would allow VIHA to extend the offering to other health authorities in the Province.
• Be capable of receiving reports 24 hours a day, 365 days per year via phone or web.
• Provide confirmation of receipt to the end user, full disclosure of how their information will be
used, and how their information can be corrected if consent to provide personal information is
given.
• Route reports maintaining anonymity of the end user to designated VIHA staff to review and
determine action.
• Provide web based reporting capability for designated VIHA users with tracking ability from
initial intake to closure. The reporting tools will be available Monday to Friday 8:00 am to 8:00
pm.
• Host and manage data external to VIHA in a secure environment that meets the laws of Canada,
province of British Columbia and VIHA privacy requirements as defined herein.
• Maintain backup systems within acceptable response times and “up times” as required for
delivery of the services.
Also, see section 3.5 for Technical, Privacy and Security requirements
1. Planning:
a. Vendor assessment of local environment
b. Shared Vendor and VIHA design of VIHA processes for responding to
complaints
c. Shared Vendor and VIHA pilot testing with sample stakeholders for intake, of
VIHA internal processes including reporting requirements
d. VIHA review of vendor technology, privacy and security policies and practices
e. Shared Vendor and VIHA change management and communications planning
2. Implementation:
a. Vendor enables all User access
b. Vendor and VIHA implement Change Management and Communications
3. Review:
a. Shared review on a quarterly basis during year one of operation to include all key
components of the services
4. Sustainability:
a. Finalize ongoing review and administrative requirements for remainder of
contract term
b. Finalize Service Level Agreement for remainder of contract
In December 2007, the BC Health Authorities announced the creation of a BC Health Authority Shared
Services Organization (“SSO”) to examine opportunities for Health Authorities to improve cost
effectiveness by working collaboratively on common services such as Supply Chain (common products
procurement), Payroll and Information Technology. For more information, please visit their website:
https://www.bchealthsso.ca/default.htm.
Without limiting this Section 3.4, if, at any time during this RFP process and prior to VIHA entering into
a Contract, the SSO decides to issue a provincial RFP for services similar to the Services, VIHA may
cancel this RFP process and participate in the provincial initiative.
If a Proponent submits a Proposal which does not satisfy every VIHA request or requirement as described
in this RFP, VIHA may, in its discretion, waive such deficiency, seek clarification or additional
information from the Proponent, and consider and treat the Proposal as compliant with the requirements
of this RFP.
All Proponents should exercise extreme care when completing their Proposals as failure to comply with
the requirements of this RFP may cause a Proposal to be rejected.
A Proponent is deemed to have accepted and be bound by the Terms and Conditions of this RFP by the
submission of a Proposal in response to this RFP.
Once successful Proponents have been selected, each successful Proponent Representative will be
notified in writing of its selection as a successful Proponent (the "Selection Notice").
The Selection Notice will constitute the only valid notice of a Proponent’s selection as a successful
Proponent, and will not constitute in any way confirmation of an award of a contract to the successful
Proponent. VIHA will not be obligated in any manner to any Proponent until appropriate written
Agreements have been duly executed relating to an approved Proposal. Upon receipt of the Selection
Notice, the successful Proponent and VIHA will proceed into the Negotiation Phase.
Negotiations may then be held with each successful Proponent regarding the terms of any agreements,
prior to the execution of any such agreements.
VIHA may also, in its sole discretion, negotiate with the successful Proponent on whatever other matters
VIHA may deem necessary.
The successful proponent must meet VIHA’s IM/IT technical, privacy and security requirements as
outlined in Schedule D and E of this RFP.
4. EVALUATION
Proposals not clearly demonstrating that they meet the following mandatory criteria will be
excluded from further consideration during the evaluation process.
Criteria
a) The proposal must be received at the closing location by the specified closing
date and time.
b) The proposal must be in English and must be sent by mail/courier.
c) An unaltered, completed RFP cover page including proponent section must be
submitted with the proposal by mail/courier/hand delivered.
Proposals meeting all of the mandatory criteria will be further assessed against
desirable criteria.
Criterion Weight
30%
Solution
Extent to which solution meets the VIHA needs
30%
Qualifications
Qualifications, experience, and expertise to provide serves
One or more of the leading proponents may be requested to provide a product demonstration and
should be available for product demonstration approximately 2 - 4 weeks after the RFP closing
date (at a location to be determined by VIHA and at the vendor’s expense). The product
demonstration will be used to further evaluate the Functional Requirements in workflow
scenarios. The scenarios will be provided by VIHA. Evaluation scores from Step 4.2 (100
maximum ponts) will be added to the Evaluation score (100 maximum points) as the
demonstrations provide further clarity to the solution’s capabilities.
VIHA may contact the proponents’ current customers to request site visits to view the
application in an operational environment.
5. P ROPOSAL F ORMAT
A. An unaltered, completed and signed RFP cover page including Proponent Section.
B. The following must be addressed in the body of the “Proponent Response”:
5.1 S OLUTION
5.2 QUALIFICATIONS
• It is expected that price will include costing rationale to provide the service
(include HST as a separate cost, if applicable)
• Quotes will indicate pricing structure options
Proposal must indicate the vendor has reviewed VIHA’s IM/IT General Technical
Requirements (Appendix C) and policies with respect to the privacy and security of
information (Appendix D) and acknowledge how they will comply with these
policies.
13. Proposal Validity: Proposals will be open for acceptance for at least 90 days
after the closing date.
To receive any further information about this Request for Proposal Proponents should return this
form by April 20, 2011 to:
Company
Street address:
City/Province: Postal Code:
Mailing address if different:
By submission of a proposal, the Proponent agrees that should its proposal be successful the Proponent will
enter into a Contract with the VIHA in accordance with the terms of the VIHA’s Service Contract; a copy of
which is attached:
BETWEEN
Telephone: (250)
Fax: (250) 370-8713 Fax: (250)
WHEREAS:
A. The VIHA is responsible for establishing regional health care priorities, specifying regional
service standards and monitoring the performance of service providers for the provision of
health care in the Vancouver Island health region.
B. In connection with the fulfillment of its responsibilities, the VIHA has agreed to engage the
Contractor, and the Contractor has agreed to accept such engagement, in each case, to
provide to the VIHA the services described in Schedule A to this Agreement (the “Services”)
on the terms and conditions set out in this Agreement.
Engagement:
2. Upon the request of the VIHA, the Contractor shall conduct a criminal records check against
the Contractor, its employees and sub-contractors (as the VIHA may direct) under the
Criminal Records Review Act (British Columbia). If the VIHA does not receive an
acceptable criminal records check against the Contractor, its employees and sub-contractors
(as the VIHA may direct) prior to the commencement of the Term, this Agreement shall be
of no force or effect without further obligation of either party to the other.
Term:
3. The Contractor will provide the Services during the period commencing upon
_____________________, 201_ and ending, subject to earlier termination as herein
provided, on____________________, 201_ (the “Term”). The Contractor hereby represents
and warrants that all Services provided prior to the date of execution of this Agreement, if
any, were provided in accordance with the terms and conditions of this Agreement.
Independent Contractor:
4. The Contractor will be an independent contractor and not the employee, agent, partner or
joint venturer of the VIHA, and the Contractor will not hold itself out to the public as such.
The Contractor agrees that neither the Contractor nor any person employed by or associated
with the Contractor in the performance of the Services or otherwise is an employee of, or has
an employment relationship of any kind with, the VIHA.
5. The VIHA will have no liability or responsibility for the withholding, collection or payment
of income taxes, unemployment insurance, statutory or other taxes or payments of any other
nature on behalf of, or for the benefit of, the Contractor or any other persons.
6. The Contractor will not in any manner whatsoever commit or purport to commit the VIHA to
the payment or receipt of any money or other consideration, or the acceptance or provision of
any goods or services, except as expressly authorized by this Agreement.
7. The Contractor will provide and pay for all labour, materials, tools or approvals necessary to
provide the Services.
Standard of Care:
8. The Contractor will perform the Services to a standard of care, skill, and diligence exercised
by persons providing, on a commercial basis, services similar to the Services.
9. The Contractor will ensure that all persons who perform the Services are competent to
perform the Services and are properly trained, instructed, and supervised. The Contractor
will be solely responsible for the acts and omissions of the Contractor’s employees and
agents in performing the Services.
11. Where by virtue of this Agreement or of any law or governing body having jurisdiction with
respect to the same, the Services are required to be provided by a duly qualified or licensed
practitioner, professional, or a person with a specified qualification, level of training, or
competence and experience, the Contractor will, upon request of the VIHA from time to
time, provide evidence satisfactory to the VIHA that the Contractor and all persons engaged
by the Contractor to deliver the Services has the requisite qualification, level of training,
competence or experience, holds or has been issued all required licenses, certificates and
memberships and that such licenses, certificates and memberships are in good standing.
Intellectual Property:
12. Subject to section 13, VIHA acknowledges and agrees that all right, title and interest in
anything conceived, developed or made by the Contractor in connection with the delivery
of the Services, including all intellectual property rights associated thereto, will be for the
benefit of the Contractor and will be the property of the Contractor.
13. Notwithstanding section 12, the Contractor will not own any of the data that is entered,
exchanged, stored or manipulated in connection with the Services (the “VIHA Data”).
The Contractor acknowledges that VIHA Data contains Confidential Information that is
protected by section 15.
Confidentiality:
15. The Contractor will treat as confidential and will not, without the prior written consent of the
VIHA, publish, release, or disclose or permit to be published, released or disclosed either
before or after the termination of this Agreement, any Confidential Information (as defined
below) nor will the Contractor use or exploit, directly or indirectly, any Confidential
Information for any purpose other than for the fulfillment of obligations under this
Agreement. Notwithstanding the foregoing, the Contractor will be entitled to disclose
Confidential Information if required by law including the Freedom of Information and
Protection of Privacy Act (British Columbia), provided that the Contractor will promptly
notify, consult with, and cooperate with the VIHA, prior to any disclosure, in any attempt to
resist or narrow such disclosure or to obtain an order or other assurance so that such
information will be accorded confidential treatment.
16. “Confidential Information” for the purpose of this Agreement means any and all information
supplied to, obtained by or which comes to the knowledge of the Contractor as a result of this
Agreement with respect to the VIHA including, without limitation, all patient and client
information (including patient names, addresses, telephone numbers and medical history), all
17. The Contractor acknowledges and agrees that its compliance with the Act and this
Agreement in respect of Data shall supercede and have paramountcy over any compliance
with privacy laws of general application in the private sector having application to the
Contractor.
Further Agreements:
18. The Contractor agrees that no person will provide any Services (directly or indirectly)
hereunder either as an employee, contractor, sub-contractor or agent unless such person first
agrees, in writing, to be bound by the terms of Sections 12 to 17 as if such person had
contracted with the VIHA directly.
19. The Contractor will indemnify and save harmless the VIHA, its governors, directors, officers,
employees and agents, from and against any and all losses, claims, damages, actions, causes
of action, costs and expenses the VIHA may sustain or incur, at any time, either before or
after the expiration or termination of this Agreement, which are based upon, arise out of or
occur, directly or indirectly, by reason of, any act or omission by the Contractor or of any
agents, employees, officers, directors or subcontractors in providing the service except, with
respect to the extent any such claim arises solely from the negligence of the VIHA.
20. The aggregate liability of the VIHA to the Contractor for any matters or claims of
whatsoever nature and kind under or in connection with this Agreement will be limited to the
“Maximum Amount” specified in Schedule B.
21. The Contractor will maintain and pay for insurance on the terms, including form, amounts,
and deductibles, outlined in Schedule E, and on such other terms, as may from time to time
be directed by the VIHA.
22. The Contractor will comply with the Workers' Compensation Act of the Province of British
Columbia and in particular will obtain and maintain during the Term the necessary coverage
as specified in Schedule G.
24. The Contractor will perform its obligations under this Agreement either itself or through the
independent contractors listed in Schedule D, if any. The Contractor will not sub-contract
any obligation under this Agreement other than to persons listed in Schedule D, if any,
without the prior written consent of the VIHA.
25. The Contractor shall be fully responsible to the VIHA for acts and omissions of sub-
contractors and of persons directly and indirectly employed by them. No sub-contract,
whether consented to or not, relieves the Contractor from any of its obligations under this
Agreement.
Conflict of Interest:
26. The Contractor will not perform a service for or provide advice to any person, firm or
corporation where the performance of the service or the provision of the advice may or does,
in the reasonable opinion of the VIHA, give rise to a conflict of interest between the
obligations of the Contractor to the VIHA under this Agreement and the obligations of the
Contractor to such other person, firm or corporation.
Payment:
27. In consideration of the Contractor providing Services, VIHA will pay the Contractor fees
described in Schedule B.
28. The VIHA will reimburse the Contractor for expenses, if any, described in Schedule B
provided such expenses are supported, where applicable, by proper receipts and, in the
opinion of the VIHA, such expenses were reasonably and necessarily incurred by the
Contractor in providing the Services.
29. In no circumstances will the aggregate amount required to be paid by VIHA to the Contractor
on account of fees and expenses exceed the "Maximum Amount" specified in Schedule B.
The Contractor is not entitled to any other amounts or benefits other than the fees and
expenses set out in Schedule B.
30. The VIHA may treat amounts owing by it under this Agreement as fully paid and satisfied by
way of set-off against amounts owing by the Contractor to the VIHA, including in amounts
owing by the Contractor under Section 19.
31. The Contractor will invoice the VIHA with respect to the amounts in Sections 27 and 28 of
this Agreement in accordance with Schedule B. If the VIHA agrees with the amount and
form of the invoice, the VIHA will pay such invoice within 60 days of receipt.
Termination:
33. Notwithstanding the termination of this Agreement (for any reason other than pursuant to
Section 32(a)), the VIHA will remain obligated to pay the Contractor all of the fees for, and
disbursements incurred in connection with, the Services rendered prior to such termination.
Payment of such invoice will discharge the VIHA from all liability to the Contractor under
this Agreement.
34. Upon termination of this Agreement, the Contractor will release to the VIHA all property of
the VIHA which is in the control of the Contractor pursuant to this Agreement.
Notice:
35. Any notice contemplated by this Agreement, to be effective, must be in writing and be:
(a) faxed to the addressee's fax number specified in this Agreement,
(b) delivered by hand to the addressee's address specified in this Agreement, or
(c) mailed by prepaid registered mail to the addressee's address specified in this Agreement.
36. Any notice issued in accordance with Section 35 is deemed to be received 96 hours after
mailing if mailed, on receipt if delivered by hand, or on the next business day if sent by
facsimile. Either of the parties may give notice to the other of a substitute address or fax
number from time to time.
General:
37. Each provision of this Agreement is several. If any provision of this Agreement is or
becomes illegal, invalid or unenforceable in any jurisdiction, the illegality, invalidity or
unenforceability of that provision will not affect: the legality, validity or enforceability of the
remaining provisions of this Agreement or the legality, validity or enforceability of that
provision in any other jurisdiction.
39. The schedules attached to this Agreement, will, for all purposes, form an integral part of the
Agreement.
40. This Agreement enures to the benefit of and binds the Parties and their respective successors,
heirs, executors, administrators, personal and legal representatives and permitted assigns.
41. All disputes arising out of or in connection with this Agreement must, unless the parties
otherwise agree, be submitted to arbitration under the Commercial Arbitration Act (British
Columbia). The award of the arbitrator will be final and binding on the parties.
43. Any party may deliver an executed copy of this Agreement by fax but that party will
immediately dispatch by delivery in person to the other parties an originally executed copy of
this Agreement. This Agreement and all documents contemplated by or delivered under or in
connection with this Agreement may be executed and delivered in any number of counterparts
with the same effect as if all parties had signed and delivered the same document and all
counterparts will be construed together to be an original and will constitute one and the same
agreement.
45. This Agreement and all documents contemplated by or delivered under or in connection with
this Agreement, constitute the entire agreement between the parties with respect to the subject
matter of this Agreement and supercede all prior agreements, negotiations, discussions,
undertakings, representations, warranties and understandings, whether written or oral, express or
implied, statutory or otherwise.
46. All provisions of this Agreement which are expressly or by implication to come into or
continue in force and effect after the expiration or termination of this Agreement will remain
in effect and be enforceable following expiration or termination, including without limiting
the generality of the foregoing, Sections 12 to 17 inclusive, 19 and 20.
47. This Agreement is governed by and is to be construed in accordance with the laws of British
Columbia and the federal laws of Canada applicable therein.
48. If there is a conflict between a Schedule to this Agreement and any other provision of this
Agreement, the Agreement shall govern to the extent of the conflict.
49. The Contractor will execute such further assurances and other documents and instruments
and do such further and other things as may be necessary to implement and carry out the
intent of this Agreement.
SCHEDULE A
SERVICES
To be negotiated
SCHEDULE B
To be negotiated
SCHEDULE C
REPORTING ACCOUNTABILITIES
The Contractor will keep full and detailed records dealing with all aspects of the Services
performed by it hereunder, including without limitation, time records, invoices, receipts, and
vouchers of all expenses incurred and shall provide the VIHA with access thereto at all
reasonable times and maintain the same in a form and content satisfactory to the VIHA, in
accordance with good records management practices and, to the extent applicable, in accordance
with Schedule F – Privacy (in accordance with the Freedom of Information and Protection of
Privacy Act).
Upon the request of the VIHA, the Contractor will provide the VIHA with a report of all work
done by the Contractor or a sub-contractor in connection with the Services.
In addition to the VIHA’s rights under Section 12 to 17 of this Agreement, during the Term, the
Contractor will permit the VIHA at all reasonable times to inspect and copy all material that has
been produced or received by the Contractor or any sub-contractor as a result of or in connection
with this Agreement or the performance of the Services, including, without limitation, all
findings, software, data, specifications, drawings, case files, reports, and documents, whether
complete or not (collectively, the "Material").
Performance Management:
To be negotiated
SCHEDULE D
APPROVED SUB-CONTRACTOR(S)
The approved sub-contractor(s) to whom the Contractor may sub-contract under this Agreement
include:
SCHEDULE E
INSURANCE (S)
1. The Contractor shall, without limiting its obligations or liabilities herein and at its own
expense, provide and maintain the following insurances with insurers licensed in British
Columbia and in forms and amounts acceptable to the VIHA:
1.1 Automobile Liability on all vehicles owned, operated or licensed in the name of the
Contractor, in an amount not less than $2,000,000.
1.2 Comprehensive General Liability in an amount not less than $5,000,000 (for a
different amount of General Liability Limit contact the Manager, Contract Policy &
Development) inclusive per occurrence, insuring against bodily injury, personal injury
and property damage. The VIHA is to be added as an additional insured under this
policy. Such insurance shall include, but not be limited to:
1.3 Professional Liability in an amount not less than $5,000,000 insuring the Contractor's
liability for errors and omissions in the performance of professional services under this
Agreement. (If lower professional liability coverage is being considered, contact the
Manager, Contract Policy & Development).
2. The Contractor shall have their insurance agent or broker complete the Certificate of
Insurance form verifying the Contractor’s insurance coverage. The Certificate of Insurance
form is found on the following page of this Schedule. This form shall be completed on an
annual basis, during the term of this contract, and provided to the VIHA.
CONTRACTOR NAME
CONTRACTOR ADDRESS
And certifies that policies of insurance as herein described have been issued to the insured(s) named below and are in full force and effect as
of the effective date of the agreement.
NAME
INSURED
ADDRESS
PROVIDE DETAILS
OPERATIONS
INSURED
LIMITS $ ____________________
UMBRELLA LIABILITY EXCESS OF $ ____________________
These policies comply with the insurance requirements of the governing contract, permit or license with the Health Region / Health Council /
Community Health Services Society or other stand alone entity. It is understood and agreed that where required by the governing
contract/permit or license, the Health Region / Health Council / Community Health Services Society or other stand alone entity has been
added as an additional insured and that thirty (30) days' notice of any material change or cancellation of any of the policies listed herein, either
in part or in whole will be given by the insurers to the holder of this certificate.
SIGNED BY THE CONTRACTOR/PERMITTEE/LICENSEE DATE SIGNED
Y M D
SCHEDULE F (H)
PRIVACY
Custody and Control of Data
1. Purpose
The purpose of this Schedule is to: (a) enable the Customer to comply with its statutory
obligations under the Act with respect to personal information; and (b) ensure that the Service
Provider is aware of and complies with its statutory obligations under the Act with respect to
personal information.
2. Definitions
“Act” means the Freedom of Information and Protection of Privacy Act (British Columbia),
as amended from time to time.
“Associate” has the meaning specified in the Act.
“Authorized Site” means Service Provider’s head office in British Columbia or at such other
location in Canada as may be approved in writing by the Customer.
“Agreement” means the Agreement to which the Schedule is appended.
“Commissioner” means the BC Information and Privacy Commissioner appointed under the
Act.
“Conflicting Foreign Order” means any order, subpoena, directive, ruling, judgement,
injunction, award or decree, decision, request or other requirement issued from a foreign
court, agency of a foreign state or other authority outside Canada or any foreign legislation
the compliance with which would likely render the Customer or its employees in non-
compliance with the Act.
“Contact Information” means information to enable an individual at a place of business to
be contacted and includes the name, position name or title, business telephone number,
business address, business email or business fax number of the individual.
“Customer” means Vancouver Island Health Authority.
“Foreign Access Conditions” means:
(i) the Service Provider must ensure that such access is limited to temporary access and
storage for the minimum time necessary for the Permitted Purpose; and
(ii) if such access is for the Permitted Purpose of data recovery, the Service Provider
must ensure such access is limited to access and storage only after the system failure
has occurred.
“Permitted Purpose” means access to Records containing Personal Information that is
necessary for:
3. Interpretation
In this Schedule, references to sections by number are to sections of this Schedule unless
otherwise specified in this Schedule.
Where applicable to the Services provided by the Service Provider pursuant to the
Agreement, the Service Provider shall make every reasonable effort to ensure the accuracy
and completeness of any Personal Information that comes into their custody pursuant to this
Agreement and which may be used by the Service Provider or the Customer to make a
decision that directly affects the individual the information is about.
If a request is received under the Act for access to, or correction of, Records that are in the
custody of the Service Provider but under the control of the Customer, the Service Provider
must promptly advise the person to make the request to the Customer and if the Customer has
advised the Service Provider of the name or title and contact information of an official of the
Customer to whom such requests are to be made, the Service Provider must also promptly
provide that official’s name or title and contact information to the person making the request.
The Service Provider must provide the Records to the Customer for management by the
Customer’s Information and Privacy Officer. This shall occur within a reasonable time
frame to enable the Customer to comply with the Act. If a request is permitted by the Act,
the Service Provider shall be responsible for providing the Records at the Service provider’s
expense to the Customer. If the Service Provider is expressly authorized by the Agreement
to manage the request for correction of records, the Service Provider shall do so in
accordance with Section 8 of this schedule.
The Service Provider may only correct Personal Information f expressly authorized by the
Agreement. Where authorized to do so, and unless the Agreement otherwise specifies or the
Customer otherwise directs in writing:
(a) Within 5 business days of receiving a written direction from the Customer to correct or
annotate any Personal Information, the Service Provider must annotate or correct the
information in accordance with the direction.
All right, title and interest in, and control and custody of, all Records shall remain with the
Customer. No interest or any right respecting the Record, other than as expressly set out
herein, is granted to the Service Provider under this Schedule, by implication or otherwise. If
Personal Information is collected by the Service Provider and transmitted to the Customer,
such Personal Information is deemed to be under the control of the Customer.
Except as specifically permitted by the Customer in writing, the Service Provider shall not
disclose and shall not allow any Personnel to disclose in any manner whatsoever any
Personal Information to any person, firm or corporation without the prior written consent of
the Customer. The Service Provider agrees that such consent shall only be provided if such
disclosure is permitted under the Act and the third party agrees, in writing, to be bound by
the Act. If the Service Provider or anyone to whom the Service Provider transmits Personal
Information pursuant to a Permitted Purpose, becomes legally compelled or otherwise
receives a demand to disclose Personal Information other than as permitted by the Act,
including without limitation pursuant to any Conflicting Foreign Order, the Service Provider
will not do so unless: (a) the Customer has been notified; (b) the parties have appeared
If required by the Customer, immediately upon execution of the Agreement the Service
Provider shall appoint a representative to be responsible for the Service Provider’s
compliance with this Schedule and the Act (the “Privacy Representative”). The Service
Provider shall grant its Privacy Representative sufficient authority to communicate and
execute documents on behalf of the Service Provider as may be required from time to time
for this purpose. The Service Provider shall promptly provide the Customer with the name of
its Privacy Representative and shall promptly notify the Customer of any change of its
Privacy Representative.
16. Subcontractors
Any reference to the Service Provider in this Schedule includes any subcontractor or agent
retained by the Service Provider to perform obligations under the Agreement and the Service
Provider must ensure that any such subcontractors and agents comply with this Schedule.
In addition to any other rights of inspection the Customer may have under the Agreement or
under statute, the Service Provider shall permit the Customer and/or its representatives and
agents to conduct periodic audits of Records related to performance by the Service Provider
and the Personnel and permitted subcontractors, if any, of the Service Provider’s obligations
under this Schedule. The Customer may, at any reasonable time and on reasonable notice to
the Service Provider, enter on the Service Provider’s premises to inspect any Personal
Information in the possession of the Service Provider or any of the Service Provider’s
information management policies or practices relevant to its management of Personal
Information or its compliance with this Schedule and the Service Provider must permit, and
provide reasonable assistance to, any such inspection.
18. Default
19. Termination
(a) Upon the expiration or earlier termination of the Agreement, the Service Provider shall
promptly return to the Customer or destroy promptly, according to the Customer’s
instructions, all Records in the Service Provider’s possession pursuant to the Agreement,
whether created by the Service Provider or by others, constituting or based upon Personal
Information and shall confirm that delivery or destruction to the Customer in writing.
(b) In the event of a change to the Act or any other applicable privacy legislation or the
issuance of a directive or policy by the government of the Province of British Columbia
or a finding or report by the Commissioner, such that the Customer reasonably considers
that the terms and conditions of the Agreement for the protection of Personal Information
are deficient, the Customer and the Service Provider will enter into good faith
negotiations in an effort to cure any deficiency and agree to new or amended terms of the
Agreement such that it is no longer deficient. Should such negotiations fail, the Customer
may terminate all or any portion of the Agreement in accordance with the termination
requirements in the Agreement, upon provision of written notice to the Service Provider
or upon such other future date as the Customer may specify in writing in such notice.
20. No Withholding
The Service Provider shall not be entitled to, and hereby waives any and all right to, withhold
any Personal Information from the Customer to enforce any alleged payment obligation or in
connection with any dispute relating to the terms of the Agreement or any other matter
between the Customer and the Service Provider.
21. Investigation
The Service Provider shall co-operate with any Customer investigation of a complaint that
the Customer’s Personal Information has been used contrary to the Act or this Schedule.
The Service Provider shall take reasonable steps to ensure that all Personal Information is
securely segregated from any information owned by the Service Provider or third parties,
including access barriers, physical segregation, password authorization and public key
encryption systems. The Service Provider must store Personal Information on agreed-upon
media using techniques enabling access only by authorized persons, including encryption and
compression of Personal Information.
The Service Provider must protect Personal Information by making reasonable security
arrangements against such risks as unauthorized access, collection, use, disclosure or
disposal, including any expressly set out in the Agreement.
25. Paramountcy
(a) The Service Provider must comply with the provisions of this Schedule despite any
conflicting provision of this Agreement or, subject to section 25 (b), the law of any
jurisdiction outside Canada or any conflicting Foreign Order.
(b) Nothing in this Schedule requires the Service Provider to contravene the law of any
jurisdiction outside Canada unless such contravention is required to comply with the Act.
(c) The Service Provider acknowledges that the Customer is subject to the Act.
(d) The Service Provider shall immediately inform the Customer if the Service Provider or
any of the Personnel receive any Conflicting Foreign Order.
26. Survival
The obligations of the Service Provider in this Schedule will survive the termination of the
agreement.
27. Amendment
Upon enactment of any British Columbia law or regulation or amendment to such law or
regulation affecting the use or disclosure of Personal Information, or the publication of any
28. Inconsistency
If a provision of the Agreement (including any direction given by the Customer under this
Schedule) conflicts with a requirement of the Act or an applicable order of the Commissioner
under the Act, the conflicting provision of the Agreement (or direction) will be inoperative to
the extent of the conflict. Where in the Customer’s reasonable opinion, there is ambiguity
regarding whether a provision conflicts, the conflicting provision will be inoperative to the
extent determined by the Customer. The Service Provider must comply with the provisions
of this Schedule despite any conflicting provision of this Agreement or the law of any
jurisdiction outside Canada.
The Contractor will comply with the Workers' Compensation Act of the Province of British Columbia
and in particular will obtain and maintain during the Term the necessary coverage for the Contractor and
the Contractor's employees, and will, provide particulars of such coverage.
This is a living document, refreshed biannually. The most recently published version will be found at
https://intranet.viha.ca/departments/imit/Pages/standards_guidelines.aspx.
This document should only be presented along with the VIHA policies numbered under 16.4.2.
C LIENT D EVICES
1.1.4 DESKTOPS
• Standardized, organization wide HP desktops & Laptops
• Images custom designed for individual HP hardware configurations
1.1.8 SERVERS:
• Preference for Virtualized Servers running on VMware ESX 4.1
• Where physical server is required, standardized HP Servers;
o Legacy Cluster with two AlphaServer ES47’s running OpenVMS 7.3-2 with the
following add-on products:
Diskeeper for automated disk defragmentation
Hitman for automated system monitoring (ie low disk alerts)
ECP for performance monitoring
ABS for system backups
Multinet for TCP/IP networking
• Serviceguard clustering
• MirrorDisk/UX
• HP GlancePlus/UX
• Netbackup
• All systems are fibre connected via HP Director class SAN switches to HP and EMC SAN
storage:
• Tier 2 Storage (standard for clusters) on EVA 5000 @ 2Gbps or EVA 6000 @ 2
Gbps providing FC storage
• Tier 2 Storage (standard for clusters) on NS480 @ 4Gbps providing both FC and
NAS storage
• Tier 1 Storage (mission critical, high I/O) on XP24000 @ 4Gbps
IM/IT S ERVICES
1.1.11 PRINTERS
• Business (and some clinical) application printing for Windows is available to a variety of
HP laser printers via server-based print queues hosted on a Windows 2008 R2 Active-
Passive print cluster.
• Cerner-based clinical application printing for Windows is available to a variety of HP laser
printers via server-based print queues hosted on a Windows 2003 R2 Active-Passive print
cluster.
• HPUX printing to certain devices is available through managed HPUX server print queues
used for printing clinical data direct from HPUX applications.
• The list of currently supported HP print and MFP devices is as follows:
o HP LaserJet P3015x
o HP LaserJet P4015x
o HP LaserJet 9050dn
o HP Color LaserJet CP3525x
o HP Color LaserJet CP4525dn
o HP Color LaserJet CP6015x
o HP LaserJet M3035xs mfp
o HP LaserJet M5035xs mfp
o HP LaserJet M4345x mfp
o HP LaserJet M4345xs mfp
o HP LaserJet M9050mfp
o HP Color LaserJet CM3530fs mfp
o HP Color LaserJet CM4730fsk mfp
o HP Color LaserJet CM6040f mfp
• HPUX printing available through managed HPUX server print queues pointing to certain
printers (not all printers have been set up with queues in HPUX ) used for printing clinical
data direct from HPUX applications.
1.1.12 NETWORK
• There are approximately 175 sites connected to the VIHA network.
• The medium to larger sites are typically connected via Telus Metro WAN services at
bandwidths of either 1.5, 10, 100 or 1000 Mbps.
• The smaller sites are typically connected via hardware VPN services using broadband ISP
services.
• The LAN infrastructure is typically configured with either 1 or 10 Gbps backbones and
10/100 Mbps access ports.