Confidential Reporting Service Request For Proposal

Request for Proposal
Confidential Reporting Service

Vancouver Island Health Authority (VIHA) RFP Number: O5A-RFP-423
Issue date: April 8, 2011
VIHA Contact Person Closing time and location

All enquiries related to this Request for Proposal are to be directed, in Proposals must be sent by mail/courier/hand delivered. Proposals
writing, to the following person. Information obtained from any other should be clearly marked with the name and address of the Proponent,
source is not official and should not be relied upon. Enquiries and any the Request for Proposal number, and the project or program title.
responses will be recorded and may be distributed to all Proponents at
the VIHA’s option. Two (2) complete copies of the proposal as well as one
electronic version on a compact disk should be provided
and the proposal must be received no later than 2:00 PM
Attention: Pacific Time on: May 6th, 2011, to the following
Mr. Jim Dempsey address:
Manager, Contract Policy & Standards
Vancouver Island Health Authority Mail/Courier/Hand Delivered
jim.dempsey@viha.ca
Phone - 250-755-7691 ext. 54098 Attention:
Fax - (250) 740-2619 Mr. Jim Dempsey
Vancouver Island Health Authority
Nanaimo General Hospital Receiving
1200 Dufferin Crescent
Nanaimo, V9S 2B7
Phone - 250-755-7691 ext. 54098
Fax - (250) 740-2619
Proponent Section: A person authorized to sign on behalf of the Proponent, and to bind the Proponent to statements made in response
to this Request for Proposal, must complete and return this Proponent Section by mail/courier/hand delivered, leaving the rest otherwise
unaltered, and return one original with the first copy of the proposal.
The undersigned agrees that enclosed proposal is submitted in response to the above-referenced Request for Proposal, including any
addenda. Through submission of this proposal we agree to all of the terms and conditions of the Request for Proposal and agree that any
inconsistent provisions in our proposal will be as if not written and do not exist. We have carefully read and examined the Request for
Proposal, and have conducted such other investigations as were prudent and reasonable in preparing the proposal. We agree to be
bound by statements and representations made in our proposal.
Legal Name of Proponent, and Doing Business As Name If

Signature: Applicable:
Printed Name: Address:
Title:
Date: Email:
RFP Template >$75,000 – May, 2010

Table of Contents
A. REQUIREMENTS AND RESPONSE 2
B. DEFINITIONS AND ADMINISTRATIVE REQUIREMENTS 7
APPENDIX A RECEIPT CONFIRMATION FORM 8
APPENDIX B CONTRACT FORM 9
A. REQUIREMENTS AND RESPONSE
1. VIHA S ITUATION /O VERVIEW
The Vancouver Island Health Authority (VIHA) is one of six health authorities in the province of British
Columbia, Canada. Through a network of hospitals, clinics, centres, health units, and residential
facilities, VIHA provides health care to more than 752,000 people on Vancouver Island, on the islands of
the Georgia Strait, and in mainland communities north of Powell River, and South of Rivers Inlet. Our
health care services include hospital, community and home care. VIHA also provides environmental and
public health services, including education and prevention.
Facts & Figures:

Description Figures
Annual Operating Budget $1.6 Billion
Client Population 752,365
Employees 17,000
Staff Unions 14
Physicians 1,700
Facilities 138
Acute Care & Rehabilitation Beds 1,500
Residential Care Beds & Assisted Living Units 5,700
VIHA is governed by a board of directors, appointed by the provincial government. An executive team
leads the delivery of health service within the health authority.
VIHA is publicly funded, and accountable to the provincial government and the public for resources used
in delivering health care and services.
This Request for Proposal (RFP) is issued on behalf of the Risk Management and Human Resources
Departments within VIHA in a joint effort to procure a system that will support VIHA’s allowing
employees and the public to confidentially report perceived violations of policy, ethical practice and law.
2. S UMMARY OF R EQUIREMENTS
Large organizations across Canada and the United States have procured confidential reporting services to
allow employees and the public to confidentially report perceived violations of policy, ethical practice
and law. Examples of organizations include Canada Post, Transportation Safety Board of Canada, Telus
2 of 45
RFP Template >$75,000 – May, 2010
and NASA. VIHA is committed to achieving best practices in these areas of transparency and
accountability, and as such is seeking to procure a Confidential Reporting Services.
The Confidential Reporting Service will be a third party confidential service accessible to the public and
all VIHA employees, physicians and volunteers to report perceived wrong doing. The system will be
free of charge to the end-user; and easy to use. It will also provide tools to allow VIHA to efficiently
receive anonymous reports and respond appropriately.
The term of this engagement is expected to be at least five years, with an option to renew for an additional
5 years. The successful proponent will design, implement and manage the Confidential Reporting Service
for VIHA and provide ongoing related services.
The Confidential Reporting Service will:
1. Enable anonymous and confidential reporting from members of the public, employees, volunteers
and physicians (the “end user”) and route anonymous information to designated VIHA staff for
follow-up.
2. Receive reports by phone or electronically (web) 24 hours a day, 365 days per year subject to the
availability of Internet and utilities.
3. Be multi-lingual with instructions that are easily understood by the average person.
4. Discourage end users from providing personally identifiable information, unless they consent to
do so.
5. Advise end users about how to protect their privacy when reporting and how to correct personal
information if provided.
6. Provide confirmation of report receipt to the end user.
7. Advise end users of options available to resolve concerns, if the user if comfortable with a non-
anonymous process.
8. Classify complaints according to a prescribed VIHA framework that may change over time.
Examples include:
• Theft
• Fraud
• Non-complaint activities
• Client Abuse
• Inappropriate/non approved use of online resources as set out in VIHA policy
• Conflict of interest
9. Provide access to designated VIHA staff for web-based reporting to track complaints from intake
to closure during reasonable business hours.
10. Track the progress of investigations and case management of the issues.
11. Include summary management reporting with metrics such as volume by defined time period, by
classification and length of time to resolve an issue.
VIHA may also structure its contractual relationship with the successful Proponent in a manner
that would allow VIHA to extend the offering to other health authorities in the Province.
3. P ROJECT S COPE AND R EQUIREMENTS
3.1 OVERVIEW OF REQUIREMENTS
CP&S Consulting/Professional Services – Long Form – September 28, 2010 3 of 45

The initial scope of reporting is related to code of conduct expected of VIHA staff, volunteers, contractors
and physicians. This scope may be expanded during the term of engagement.
The successful proponent will:

• Host and manage a solution as described in the summary requirements.
• Have the qualifications and systems security measures to effectively manage confidential
personal and business information in accordance with the laws of Canada and the province of
British Columbia.
• Have internal quality control processes to demonstrate compliance with privacy and security
laws.
• Have a demonstrated track record providing such a service to other publicly operated
organizations in Canada.
• Have expertise in system operation to assess VIHA’s needs and advise VIHA of internal process
options and ongoing resources required to support the system.
• Have expertise in implementation planning to advise VIHA of change management activities
required to ensure a successful project and operations.
• Have the ability to respond to any service problems identified by VIHA within reasonable time
standards.
The technical solution must:
• Be capable of receiving reports 24 hours a day, 365 days per year via phone or web.
• Provide confirmation of receipt to the end user, full disclosure of how their information will be
used, and how their information can be corrected if consent to provide personal information is
given.
• Route reports maintaining anonymity of the end user to designated VIHA staff to review and
determine action.
• Provide web based reporting capability for designated VIHA users with tracking ability from
initial intake to closure. The reporting tools will be available Monday to Friday 8:00 am to 8:00
pm.
• Host and manage data external to VIHA in a secure environment that meets the laws of Canada,
province of British Columbia and VIHA privacy requirements as defined herein.
• Maintain backup systems within acceptable response times and “up times” as required for
delivery of the services.
Also, see section 3.5 for Technical, Privacy and Security requirements
3.2 W ORK B REAKDOWN
1. Planning:
a. Vendor assessment of local environment
b. Shared Vendor and VIHA design of VIHA processes for responding to
complaints
c. Shared Vendor and VIHA pilot testing with sample stakeholders for intake, of
VIHA internal processes including reporting requirements
d. VIHA review of vendor technology, privacy and security policies and practices
e. Shared Vendor and VIHA change management and communications planning
2. Implementation:
a. Vendor enables all User access
b. Vendor and VIHA implement Change Management and Communications

c. First year service level agreement finalized
3. Review:
a. Shared review on a quarterly basis during year one of operation to include all key
components of the services
4. Sustainability:
a. Finalize ongoing review and administrative requirements for remainder of
contract term
b. Finalize Service Level Agreement for remainder of contract
3.3 BC S HARED S ERVICE O RGANIZATION
In December 2007, the BC Health Authorities announced the creation of a BC Health Authority Shared
Services Organization (“SSO”) to examine opportunities for Health Authorities to improve cost
effectiveness by working collaboratively on common services such as Supply Chain (common products
procurement), Payroll and Information Technology. For more information, please visit their website:
https://www.bchealthsso.ca/default.htm.
Without limiting this Section 3.4, if, at any time during this RFP process and prior to VIHA entering into
a Contract, the SSO decides to issue a provincial RFP for services similar to the Services, VIHA may
cancel this RFP process and participate in the provincial initiative.
3.4 R ELATED C ONSIDERATIONS
If a Proponent submits a Proposal which does not satisfy every VIHA request or requirement as described
in this RFP, VIHA may, in its discretion, waive such deficiency, seek clarification or additional
information from the Proponent, and consider and treat the Proposal as compliant with the requirements
of this RFP.
All Proponents should exercise extreme care when completing their Proposals as failure to comply with
the requirements of this RFP may cause a Proposal to be rejected.
A Proponent is deemed to have accepted and be bound by the Terms and Conditions of this RFP by the
submission of a Proposal in response to this RFP.
Once successful Proponents have been selected, each successful Proponent Representative will be
notified in writing of its selection as a successful Proponent (the "Selection Notice").
The Selection Notice will constitute the only valid notice of a Proponent’s selection as a successful
Proponent, and will not constitute in any way confirmation of an award of a contract to the successful
Proponent. VIHA will not be obligated in any manner to any Proponent until appropriate written
Agreements have been duly executed relating to an approved Proposal. Upon receipt of the Selection
Notice, the successful Proponent and VIHA will proceed into the Negotiation Phase.
Negotiations may then be held with each successful Proponent regarding the terms of any agreements,
prior to the execution of any such agreements.

VIHA may agree, in its sole discretion and as part of such negotiations, to modify the terms of any
agreement and/or negotiate whatever terms of any other agreements as may be required as VIHA, in its
sole discretion, may deem necessary.
VIHA may also, in its sole discretion, negotiate with the successful Proponent on whatever other matters
VIHA may deem necessary.
3.5 O THER R EQUIREMENTS
The successful proponent must meet VIHA’s IM/IT technical, privacy and security requirements as
outlined in Schedule D and E of this RFP.
4. EVALUATION
4.1 M ANDATORY C RITERIA
Proposals not clearly demonstrating that they meet the following mandatory criteria will be
excluded from further consideration during the evaluation process.
Criteria
a) The proposal must be received at the closing location by the specified closing
date and time.
b) The proposal must be in English and must be sent by mail/courier.
c) An unaltered, completed RFP cover page including proponent section must be
submitted with the proposal by mail/courier/hand delivered.
4.2 D ESIRABLE C RITERIA
Proposals meeting all of the mandatory criteria will be further assessed against
desirable criteria.
Criterion Weight
30%
Solution
Extent to which solution meets the VIHA needs
30%
Qualifications
Qualifications, experience, and expertise to provide serves

40%
Price
4.3 P RODUCT D EMONSTRATION
One or more of the leading proponents may be requested to provide a product demonstration and
should be available for product demonstration approximately 2 - 4 weeks after the RFP closing
date (at a location to be determined by VIHA and at the vendor’s expense). The product
demonstration will be used to further evaluate the Functional Requirements in workflow
scenarios. The scenarios will be provided by VIHA. Evaluation scores from Step 4.2 (100
maximum ponts) will be added to the Evaluation score (100 maximum points) as the
demonstrations provide further clarity to the solution’s capabilities.
4.4 S ITE V ISITS
VIHA may contact the proponents’ current customers to request site visits to view the
application in an operational environment.
5. P ROPOSAL F ORMAT
The following format, sequence, and instructions should be followed in order to

provide consistency in Proponent response and ensure each proposal receives full
consideration. All pages should be consecutively numbered.
A. An unaltered, completed and signed RFP cover page including Proponent Section.
B. The following must be addressed in the body of the “Proponent Response”:
5.1 S OLUTION
The solution must be documented according to the following outline:

i. System Design and Technical Components; including how the solution
meets VIHA’s technical and policy requirements; and how ethical
considerations are built into the solutions
ii. Description of the user interface and its functionality
iii. Description of how VIHA reports status of investigation and resolution
iv. Implementation Planning and Testing
v. Implementation
vi. Performance Review
vii. Sustainability and Ongoing Services
5.2 QUALIFICATIONS

i. Provide a profile of your organization and your qualifications and experience
for providing this service including ethical principles and practices and legal
and regulatory requirements that underpin the product design and
implementation.
ii. Qualifications and experience providing the required service in comparable
organizations.
iii. Provide detail on your organizations Technical Capacity and Capability
iv. Personnel or sub-contractor qualifications
v. Proponent References – (with e-mail addresses) Minimum of 3 and Maximum
of 5
5.3 PRICING QUOTE
• It is expected that price will include costing rationale to provide the service
(include HST as a separate cost, if applicable)
• Quotes will indicate pricing structure options
5.4 ADDITIONAL REQUIREMENTS
Proposal must indicate the vendor has reviewed VIHA’s IM/IT General Technical
Requirements (Appendix C) and policies with respect to the privacy and security of
information (Appendix D) and acknowledge how they will comply with these
policies.

B. DEFINITIONS AND ADMINISTRATIVE REQUIREMENTS
1. Definitions: Throughout this Request for Proposal, the following definitions apply: 14. Firm Pricing. Prices will be firm for the entire Contract period unless this
a )“Contract” means the written agreement resulting from this Request for Proposal Request for Proposal specifically states otherwise.
executed by the VIHA and the Contractor;
b) “Contractor” means the successful Proponent to this Request for Proposal who 15. Currency and Taxes. Prices quoted are to be:
enters into a written Contract with the VIHA;
a) in Canadian dollars;
c) “VIHA” means Vancouver Island Health Authority
b) inclusive of duty, where applicable; FOB destination, delivery charges included
d) “must”, or “mandatory” means a requirement that must be met in order for a
where applicable; and
proposal to receive consideration;
c) exclusive of Goods and Services Tax and Provincial Sales Tax.
e) “Proponent” means an individual or a company that submits, or intends to submit,
a proposal in response to this Request for Proposal; 16. Completeness of Proposal: By submission of a proposal the Proponent warrants
f) “should” or “desirable” means a requirement having a significant degree of that, if this Request for Proposal is to design, create or provide a system or manage a
importance to the objectives of the Request for Proposal. program, all components required to run the system or manage the program have been
identified in the proposal or will be provided by the Contractor at no charge.
2. Terms and Conditions: The following terms and conditions will apply to this
Request for Proposal process. Submission of a proposal in response to this Request 17. Sub-Contracting
for Proposal indicates acceptance of all the terms that follow and that are included in
any addenda issued by the VIHA, as well as the VIHA contract attached. Provisions a) Using a sub-contractor (who should be clearly identified in the proposal) is
in proposals that contradict any of the terms of this Request for Proposal will be as if acceptable. This includes a joint submission by two Proponents having no formal
not written and do not exist. corporate links. However, in this case, one of these Proponents must be prepared to
take overall responsibility for successful performance of the Contract and this should
3. Receipt Confirmation Form: Proponents are advised to fill out and return the be clearly defined in the proposal.
attached Receipt Confirmation Form as specified. All subsequent information b) Sub-contracting to any firm or individual whose current or past corporate or other
regarding this Request for Proposal, including changes made to this Request for interests may, in the VIHA’s opinion, give rise to a conflict of interest in connection
Proposal, will be directed only to those Proponents who return the form and will be with the project or program described in this Request for Proposal will not be
distributed by the method authorized on the form. permitted. This includes, but is not limited to, any firm or individual involved in the
preparation of this Request for Proposal. If a Proponent is in doubt as to whether a
4. Late Proposals: Late proposals will not be accepted and will be returned to the
proposed subcontractor gives rise to a conflict of interest, the Proponent should consult
Proponent at the proponents expense.
with the VIHA Contact Person listed on page 1 prior to submitting a proposal.
5. Eligibility: c) Where applicable, the names of approved sub-contractors listed in the proposal will
a) Proposals will not be evaluated if the Proponent’s current or past corporate or other be included in the Contract. No additional subcontractors will be added, nor other
interests may, in the VIHA’s opinion, give rise to a conflict of interest in connection changes made, to this list in the Contract without the written consent of the VIHA.
with the project described in this Request for Proposal. This includes, but is not
18. Acceptance of Proposals
limited to, involvement by a Proponent in the preparation of this Request for
Proposal. If a Proponent is in doubt as to whether there might be a conflict of a) This Request for Proposal should not be construed as an agreement to purchase
interest, the Proponent should consult with the VIHA Contact Person listed on page 1 goods or services. The VIHA is not bound to enter into a Contract with the Proponent
prior to submitting a proposal. who submits the lowest priced proposal or with any Proponent. Proposals will be
b) Proposals from not-for-profit agencies will be evaluated against the same criteria assessed in light of the evaluation criteria. The VIHA will be under no obligation to
as those received from any other Proponents. receive further information, whether written or oral, from any Proponent.
b) Neither acceptance of a proposal nor execution of a Contract will constitute
6. Evaluation: Evaluation of proposals will be by a committee designated by the
approval of any activity or development contemplated in any proposal that requires
VIHA and may include employees and contractors of the VIHA in its sole discretion.
any approval, permit or license pursuant to any federal, provincial, regional district or
The VIHA’s intent is to enter into a Contract with the Proponent who has the highest
municipal statute, regulation or by-law.
overall ranking.
19. Definition of Contract. Notice in writing to a Proponent that it has been
7. Negotiation Delay: If a written Contract cannot be negotiated within thirty days of
identified as the successful Proponent and the subsequent full execution of a written
notification of the successful Proponent, the VIHA may, at its sole discretion at any
Contract will constitute a Contract for the goods or services, and no Proponent will
time thereafter, terminate negotiations with that Proponent and either negotiate a
acquire any legal or equitable rights or privileges relative to the goods or services until
Contract with the next qualified Proponent or choose to terminate the Request for
the occurrence of both such events.
Proposal process and not enter into a Contract with any of the Proponents.
20. Contract: By submission of a proposal, the Proponent agrees that should its
8. Debriefing: At the conclusion of the Request for Proposal process, all Proponents
proposal be successful the Proponent will enter into a Contract with the VIHA on the
will be notified. Unsuccessful Proponents may request a debriefing meeting with the
terms set out in Appendix B.
VIHA.
21. Liability for Errors: While the VIHA has used considerable efforts to ensure
9. Alternative Solutions: If alternative solutions are offered, please submit the
information in this Request for Proposal is accurate, the information contained in this
information in the same format, as a separate proposal.
Request for Proposal is supplied solely as a guideline for Proponents. The information
10. Changes to Proposals: By submission of a clear and detailed written notice, the is not guaranteed or warranted to be accurate by the VIHA, nor is it necessarily
Proponent may amend or withdraw its proposal prior to the closing date and time. comprehensive or exhaustive. Nothing in this Request for Proposal is intended to
Upon closing time, all proposals become irrevocable. The Proponent will not change relieve Proponents from forming their own opinions and conclusions with respect to
the wording of its proposal after closing and no words or comments will be added to the matters addressed in this Request for Proposal.
the proposal unless requested by the VIHA for purposes of clarification.
22. Modification of Terms: The VIHA reserves the right to modify the terms of this
11. Proponents’ Expenses: Proponents are solely responsible for their own expenses Request for Proposal at any time in it sole discretion. This includes the right to cancel
in preparing a proposal and for subsequent negotiations with the VIHA, if any. If the this Request for Proposal at any time prior to entering into a Contract with the
VIHA elects to reject all proposals, the VIHA will not be liable to any Proponent for successful Proponent.
any claims, whether for costs or damages incurred by the Proponent in preparing the
23. Ownership of Proposals: All proposals submitted to the VIHA become the
proposal, loss of anticipated profit in connection with any final Contract, or any other
property of the VIHA. They will be received and held in confidence by the VIHA,
matter whatsoever.
subject to the provisions of the Freedom of Information and Protection of Privacy Act
12. Limitation of Damages: Further to the preceding paragraph, the Proponent, by and this Request for Proposal.
submitting a proposal, agrees that it will not claim damages, for whatever reason, 24. Use of Request for Proposal: Any portion of this document, or any information
relating to the Contract or in respect of the competitive process, in excess of an supplied by the VIHA in relation to this Request for Proposal may not be used or
amount equivalent to the reasonable costs incurred by the Proponent in preparing its disclosed, for any purpose other than for the submission of proposals.
proposal and the Proponent, by submitting a proposal, waives any claim for loss of
profits if no Contract is made with the Proponent.
13. Proposal Validity: Proposals will be open for acceptance for at least 90 days
after the closing date.

Appendix A Receipt Confirmation Form
Confidential Reporting Service

Request for Proposal #: O5A-RFP-423
To receive any further information about this Request for Proposal Proponents should return this
form by April 20, 2011 to:
Mr. Jim Dempsey

jim.dempsey@viha.ca
Phone - 250-755-7691 ext. 54098
Fax - (250) 740-2619
Company
Street address:
City/Province: Postal Code:
Mailing address if different:
Phone number: Facsimile number:

Contact person: Title:
e-mail: ________________

Appendix B Contract Form
By submission of a proposal, the Proponent agrees that should its proposal be successful the Proponent will
enter into a Contract with the VIHA in accordance with the terms of the VIHA’s Service Contract; a copy of
which is attached:
STANDARD AGREEMENT PROFESSIONAL SERVICES
BETWEEN
Vancouver Island Health Authority (Enter Contractor’s Name)

AND
Department/Program: ________________
(the “VIHA”) (the “Contractor”)
At the following address: At the following address:

1952 Bay Street
Victoria, BC V8R 1J8
Telephone: (250)
Fax: (250) 370-8713 Fax: (250)
WHEREAS:
A. The VIHA is responsible for establishing regional health care priorities, specifying regional
service standards and monitoring the performance of service providers for the provision of
health care in the Vancouver Island health region.
B. In connection with the fulfillment of its responsibilities, the VIHA has agreed to engage the
Contractor, and the Contractor has agreed to accept such engagement, in each case, to
provide to the VIHA the services described in Schedule A to this Agreement (the “Services”)
on the terms and conditions set out in this Agreement.
IN CONSIDERATION of the mutual covenants hereinafter appearing, the parties agree as

follows:
Engagement:

1. Subject to Section 3 below, the VIHA hereby engages the Contractor and the Contractor
hereby accepts such engagement, in each case, to provide the Services in accordance with the
specifications, if any, and by the times specified in this Agreement.
2. Upon the request of the VIHA, the Contractor shall conduct a criminal records check against
the Contractor, its employees and sub-contractors (as the VIHA may direct) under the
Criminal Records Review Act (British Columbia). If the VIHA does not receive an
acceptable criminal records check against the Contractor, its employees and sub-contractors
(as the VIHA may direct) prior to the commencement of the Term, this Agreement shall be
of no force or effect without further obligation of either party to the other.
Term:
3. The Contractor will provide the Services during the period commencing upon
_____________________, 201_ and ending, subject to earlier termination as herein
provided, on____________________, 201_ (the “Term”). The Contractor hereby represents
and warrants that all Services provided prior to the date of execution of this Agreement, if
any, were provided in accordance with the terms and conditions of this Agreement.
Independent Contractor:
4. The Contractor will be an independent contractor and not the employee, agent, partner or
joint venturer of the VIHA, and the Contractor will not hold itself out to the public as such.
The Contractor agrees that neither the Contractor nor any person employed by or associated
with the Contractor in the performance of the Services or otherwise is an employee of, or has
an employment relationship of any kind with, the VIHA.
5. The VIHA will have no liability or responsibility for the withholding, collection or payment
of income taxes, unemployment insurance, statutory or other taxes or payments of any other
nature on behalf of, or for the benefit of, the Contractor or any other persons.
6. The Contractor will not in any manner whatsoever commit or purport to commit the VIHA to
the payment or receipt of any money or other consideration, or the acceptance or provision of
any goods or services, except as expressly authorized by this Agreement.
7. The Contractor will provide and pay for all labour, materials, tools or approvals necessary to
provide the Services.
Standard of Care:
8. The Contractor will perform the Services to a standard of care, skill, and diligence exercised
by persons providing, on a commercial basis, services similar to the Services.
9. The Contractor will ensure that all persons who perform the Services are competent to
perform the Services and are properly trained, instructed, and supervised. The Contractor
will be solely responsible for the acts and omissions of the Contractor’s employees and
agents in performing the Services.

10. The Contractor will perform the Services in accordance with: (a) all applicable laws; (b) the
provisions of this Agreement including the decisions of arbitrators pursuant to this
Agreement; (c) any instructions or directions that may be given by the VIHA to the
Contractor from time to time with respect to the provision of the Services; (d) all policies,
guidelines and directives established from time to time by the VIHA (including in particular,
any policies of VIHA regarding confidentiality); and (e) all required permits and licenses.
11. Where by virtue of this Agreement or of any law or governing body having jurisdiction with
respect to the same, the Services are required to be provided by a duly qualified or licensed
practitioner, professional, or a person with a specified qualification, level of training, or
competence and experience, the Contractor will, upon request of the VIHA from time to
time, provide evidence satisfactory to the VIHA that the Contractor and all persons engaged
by the Contractor to deliver the Services has the requisite qualification, level of training,
competence or experience, holds or has been issued all required licenses, certificates and
memberships and that such licenses, certificates and memberships are in good standing.
Intellectual Property:
12. Subject to section 13, VIHA acknowledges and agrees that all right, title and interest in
anything conceived, developed or made by the Contractor in connection with the delivery
of the Services, including all intellectual property rights associated thereto, will be for the
benefit of the Contractor and will be the property of the Contractor.
13. Notwithstanding section 12, the Contractor will not own any of the data that is entered,
exchanged, stored or manipulated in connection with the Services (the “VIHA Data”).
The Contractor acknowledges that VIHA Data contains Confidential Information that is
protected by section 15.
14. Intentionally Deleted
Confidentiality:
15. The Contractor will treat as confidential and will not, without the prior written consent of the
VIHA, publish, release, or disclose or permit to be published, released or disclosed either
before or after the termination of this Agreement, any Confidential Information (as defined
below) nor will the Contractor use or exploit, directly or indirectly, any Confidential
Information for any purpose other than for the fulfillment of obligations under this
Agreement. Notwithstanding the foregoing, the Contractor will be entitled to disclose
Confidential Information if required by law including the Freedom of Information and
Protection of Privacy Act (British Columbia), provided that the Contractor will promptly
notify, consult with, and cooperate with the VIHA, prior to any disclosure, in any attempt to
resist or narrow such disclosure or to obtain an order or other assurance so that such
information will be accorded confidential treatment.
16. “Confidential Information” for the purpose of this Agreement means any and all information
supplied to, obtained by or which comes to the knowledge of the Contractor as a result of this
Agreement with respect to the VIHA including, without limitation, all patient and client
information (including patient names, addresses, telephone numbers and medical history), all

trade secrets, know-how, processes, formulas, standards, product specifications, marketing
plans and techniques, cost figures, access or security codes, all systems software applications,
all software/systems source and object codes, data, documentation, program files, flow
charts, drawings and all operational procedures except that Confidential Information does not
include information which the Contractor can prove is information which is in the public
domain at the date of disclosure by VIHA to the Contractor, is received by the Contractor
without obligation of confidence from a third party who is in lawful possession of such
information free of any obligation of confidence and is not otherwise prohibited from
transmitting such information to the Contractor by a contractual, legal or fiduciary obligation.
17. The Contractor acknowledges and agrees that its compliance with the Act and this
Agreement in respect of Data shall supercede and have paramountcy over any compliance
with privacy laws of general application in the private sector having application to the
Contractor.
Further Agreements:
18. The Contractor agrees that no person will provide any Services (directly or indirectly)
hereunder either as an employee, contractor, sub-contractor or agent unless such person first
agrees, in writing, to be bound by the terms of Sections 12 to 17 as if such person had
contracted with the VIHA directly.
Indemnity, Insurance and Liability:
19. The Contractor will indemnify and save harmless the VIHA, its governors, directors, officers,
employees and agents, from and against any and all losses, claims, damages, actions, causes
of action, costs and expenses the VIHA may sustain or incur, at any time, either before or
after the expiration or termination of this Agreement, which are based upon, arise out of or
occur, directly or indirectly, by reason of, any act or omission by the Contractor or of any
agents, employees, officers, directors or subcontractors in providing the service except, with
respect to the extent any such claim arises solely from the negligence of the VIHA.
20. The aggregate liability of the VIHA to the Contractor for any matters or claims of
whatsoever nature and kind under or in connection with this Agreement will be limited to the
“Maximum Amount” specified in Schedule B.
21. The Contractor will maintain and pay for insurance on the terms, including form, amounts,
and deductibles, outlined in Schedule E, and on such other terms, as may from time to time
be directed by the VIHA.
22. The Contractor will comply with the Workers' Compensation Act of the Province of British
Columbia and in particular will obtain and maintain during the Term the necessary coverage
as specified in Schedule G.
Assignment and Sub-contracting:

23. The Contractor may not assign its rights under this Agreement without prior written consent
by the VIHA. Any attempt to assign any of the rights, duties or obligations of this
Agreement without such written consent is void.
24. The Contractor will perform its obligations under this Agreement either itself or through the
independent contractors listed in Schedule D, if any. The Contractor will not sub-contract
any obligation under this Agreement other than to persons listed in Schedule D, if any,
without the prior written consent of the VIHA.
25. The Contractor shall be fully responsible to the VIHA for acts and omissions of sub-
contractors and of persons directly and indirectly employed by them. No sub-contract,
whether consented to or not, relieves the Contractor from any of its obligations under this
Agreement.
Conflict of Interest:
26. The Contractor will not perform a service for or provide advice to any person, firm or
corporation where the performance of the service or the provision of the advice may or does,
in the reasonable opinion of the VIHA, give rise to a conflict of interest between the
obligations of the Contractor to the VIHA under this Agreement and the obligations of the
Contractor to such other person, firm or corporation.
Payment:
27. In consideration of the Contractor providing Services, VIHA will pay the Contractor fees
described in Schedule B.
28. The VIHA will reimburse the Contractor for expenses, if any, described in Schedule B
provided such expenses are supported, where applicable, by proper receipts and, in the
opinion of the VIHA, such expenses were reasonably and necessarily incurred by the
Contractor in providing the Services.
29. In no circumstances will the aggregate amount required to be paid by VIHA to the Contractor
on account of fees and expenses exceed the "Maximum Amount" specified in Schedule B.
The Contractor is not entitled to any other amounts or benefits other than the fees and
expenses set out in Schedule B.
30. The VIHA may treat amounts owing by it under this Agreement as fully paid and satisfied by
way of set-off against amounts owing by the Contractor to the VIHA, including in amounts
owing by the Contractor under Section 19.
31. The Contractor will invoice the VIHA with respect to the amounts in Sections 27 and 28 of
this Agreement in accordance with Schedule B. If the VIHA agrees with the amount and
form of the invoice, the VIHA will pay such invoice within 60 days of receipt.
Termination:
32. The VIHA may terminate this Agreement:

(a) immediately, if the Contractor is in default of any of its obligations under this Agreement
and if in the reasonable opinion of the VIHA such breach is material;
(b) upon 10 days' written notice to the Contractor, for any reason; or
(c) immediately, if the Contractor is in default of any obligations under this Agreement
(which default, in the reasonable opinion of VIHA is not material) and fails to cure such
default within a period of not less than 30 days after notice of such default from VIHA.
33. Notwithstanding the termination of this Agreement (for any reason other than pursuant to
Section 32(a)), the VIHA will remain obligated to pay the Contractor all of the fees for, and
disbursements incurred in connection with, the Services rendered prior to such termination.
Payment of such invoice will discharge the VIHA from all liability to the Contractor under
this Agreement.
34. Upon termination of this Agreement, the Contractor will release to the VIHA all property of
the VIHA which is in the control of the Contractor pursuant to this Agreement.
Notice:
35. Any notice contemplated by this Agreement, to be effective, must be in writing and be:
(a) faxed to the addressee's fax number specified in this Agreement,
(b) delivered by hand to the addressee's address specified in this Agreement, or
(c) mailed by prepaid registered mail to the addressee's address specified in this Agreement.
36. Any notice issued in accordance with Section 35 is deemed to be received 96 hours after
mailing if mailed, on receipt if delivered by hand, or on the next business day if sent by
facsimile. Either of the parties may give notice to the other of a substitute address or fax
number from time to time.
General:
37. Each provision of this Agreement is several. If any provision of this Agreement is or
becomes illegal, invalid or unenforceable in any jurisdiction, the illegality, invalidity or
unenforceability of that provision will not affect: the legality, validity or enforceability of the
remaining provisions of this Agreement or the legality, validity or enforceability of that
provision in any other jurisdiction.
38. Time is of the essence in this Agreement.
39. The schedules attached to this Agreement, will, for all purposes, form an integral part of the
Agreement.
40. This Agreement enures to the benefit of and binds the Parties and their respective successors,
heirs, executors, administrators, personal and legal representatives and permitted assigns.
41. All disputes arising out of or in connection with this Agreement must, unless the parties
otherwise agree, be submitted to arbitration under the Commercial Arbitration Act (British
Columbia). The award of the arbitrator will be final and binding on the parties.

42. No failure to exercise, and no delay in exercising, any right or remedy under this Agreement
will be deemed to be a waiver of that right or remedy. No waiver of any breach of any
provision of this Agreement will be deemed to be a waiver of any subsequent breach of that
provision or of any similar provision.
43. Any party may deliver an executed copy of this Agreement by fax but that party will
immediately dispatch by delivery in person to the other parties an originally executed copy of
this Agreement. This Agreement and all documents contemplated by or delivered under or in
connection with this Agreement may be executed and delivered in any number of counterparts
with the same effect as if all parties had signed and delivered the same document and all
counterparts will be construed together to be an original and will constitute one and the same
agreement.
44. No amendment, supplement, restatement or termination of any provision of this Agreement is

binding unless it is in writing and signed by each person that is a party to this Agreement at the
time of the amendment, supplement, restatement or termination.
45. This Agreement and all documents contemplated by or delivered under or in connection with
this Agreement, constitute the entire agreement between the parties with respect to the subject
matter of this Agreement and supercede all prior agreements, negotiations, discussions,
undertakings, representations, warranties and understandings, whether written or oral, express or
implied, statutory or otherwise.
46. All provisions of this Agreement which are expressly or by implication to come into or
continue in force and effect after the expiration or termination of this Agreement will remain
in effect and be enforceable following expiration or termination, including without limiting
the generality of the foregoing, Sections 12 to 17 inclusive, 19 and 20.
47. This Agreement is governed by and is to be construed in accordance with the laws of British
Columbia and the federal laws of Canada applicable therein.
48. If there is a conflict between a Schedule to this Agreement and any other provision of this
Agreement, the Agreement shall govern to the extent of the conflict.
49. The Contractor will execute such further assurances and other documents and instruments
and do such further and other things as may be necessary to implement and carry out the
intent of this Agreement.

THE PARTIES have duly executed this Agreement the ____ day of ______________, 20___.
SIGNED AND DELIVERED on behalf of SIGNED AND DELIVERED by or on behalf

the Vancouver Island Health Authority by of the Contractor (or by an authorized
an authorized representative of the VIHA: signatory of the Contractor if a corporation):
Authorized Representative: (signature) Contractor or Authorized Signatory:

(signature)
Authorized Representative: (print name) Contractor or Authorized Signatory:

(print name)
Authorized Representative: (print title) Contractor or Authorized Signatory:

(print title)
Department:__________________________

Contractor: Contract No.:
Term:
SCHEDULE A
SERVICES
To be negotiated

Term:
SCHEDULE B
FEES AND EXPENSES
To be negotiated

Term:
SCHEDULE C
REPORTING ACCOUNTABILITIES
The Contractor will keep full and detailed records dealing with all aspects of the Services
performed by it hereunder, including without limitation, time records, invoices, receipts, and
vouchers of all expenses incurred and shall provide the VIHA with access thereto at all
reasonable times and maintain the same in a form and content satisfactory to the VIHA, in
accordance with good records management practices and, to the extent applicable, in accordance
with Schedule F – Privacy (in accordance with the Freedom of Information and Protection of
Privacy Act).
Upon the request of the VIHA, the Contractor will provide the VIHA with a report of all work
done by the Contractor or a sub-contractor in connection with the Services.
In addition to the VIHA’s rights under Section 12 to 17 of this Agreement, during the Term, the
Contractor will permit the VIHA at all reasonable times to inspect and copy all material that has
been produced or received by the Contractor or any sub-contractor as a result of or in connection
with this Agreement or the performance of the Services, including, without limitation, all
findings, software, data, specifications, drawings, case files, reports, and documents, whether
complete or not (collectively, the "Material").
Performance Management:
To be negotiated

Term:
SCHEDULE D
APPROVED SUB-CONTRACTOR(S)
The approved sub-contractor(s) to whom the Contractor may sub-contract under this Agreement
include:
Name of Sub-contractor Type of Service

Term:
SCHEDULE E
INSURANCE (S)
1. The Contractor shall, without limiting its obligations or liabilities herein and at its own
expense, provide and maintain the following insurances with insurers licensed in British
Columbia and in forms and amounts acceptable to the VIHA:
1.1 Automobile Liability on all vehicles owned, operated or licensed in the name of the
Contractor, in an amount not less than $2,000,000.
1.2 Comprehensive General Liability in an amount not less than $5,000,000 (for a
different amount of General Liability Limit contact the Manager, Contract Policy &
Development) inclusive per occurrence, insuring against bodily injury, personal injury
and property damage. The VIHA is to be added as an additional insured under this
policy. Such insurance shall include, but not be limited to:
1. Products and Completed Operations Liability;

2. Owner's and Contractor's Protective Liability;
3. Blanket Written Contractual Liability;
4. Contingent Employer's Liability;
5. Personal Injury Liability;
6. Non-Owned Automobile Liability;
7. Cross Liability;
8. Employees as Additional Insureds;
9. Broad Form Property Damage; and
10. if applicable, Tenant's Legal Liability in an amount adequate to cover a loss to
premises of the VIHA occupied by the Contractor.
1.3 Professional Liability in an amount not less than $5,000,000 insuring the Contractor's
liability for errors and omissions in the performance of professional services under this
Agreement. (If lower professional liability coverage is being considered, contact the
Manager, Contract Policy & Development).
2. The Contractor shall have their insurance agent or broker complete the Certificate of
Insurance form verifying the Contractor’s insurance coverage. The Certificate of Insurance
form is found on the following page of this Schedule. This form shall be completed on an
annual basis, during the term of this contract, and provided to the VIHA.

CERTIFICATE OF Freedom of Information and Protection of Privacy Act The
personal information requested on this form is collected under
INSURANCE the authority of and used for the purposes of contract review.
To be completed by Agent or Broker

CERTIFICATE IS ISSUED TO:
CONTRACTOR NAME
CONTRACTOR ADDRESS
And certifies that policies of insurance as herein described have been issued to the insured(s) named below and are in full force and effect as
of the effective date of the agreement.
NAME
INSURED
ADDRESS
PROVIDE DETAILS
OPERATIONS
INSURED
TYPE OF INSURANCE COMPANY NAME AND EXPIRY LIMIT OF LIABILITY/AMOUNT

POLICY NO. DATE
Y M D
INCLUSIVE LIMITS
COMPRHENSIVE/
COMMERCIAL GENERAL $ ___________________________
LIABILITY
AUTOMOBILE LIABILITY PRIMARY $ _____________________

(OWNED OR LEASED
VEHICLES) EXCESS $ _____________________
LIMITS $ ____________________
UMBRELLA LIABILITY EXCESS OF $ ____________________
PROFESSIONAL LIABILITY LIMITS $ _______________________
PROPERTY DETAILS $_______________________

$_______________________
OTHER DETAILS $ ______________________

$ _______________________
These policies comply with the insurance requirements of the governing contract, permit or license with the Health Region / Health Council /
Community Health Services Society or other stand alone entity. It is understood and agreed that where required by the governing
contract/permit or license, the Health Region / Health Council / Community Health Services Society or other stand alone entity has been
added as an additional insured and that thirty (30) days' notice of any material change or cancellation of any of the policies listed herein, either
in part or in whole will be given by the insurers to the holder of this certificate.
SIGNED BY THE CONTRACTOR/PERMITTEE/LICENSEE DATE SIGNED
Y M D
SIGNED ON BEHALF OF THE CONTRACTOR'S/PERMITTEE'S/LICENSEE'S DATE SIGNED

INSURERS Y M D
TO BE REPLACED WITH ORIGINAL ‘CERTIFICATE OF INSURANCE

Term:
SCHEDULE F (H)
PRIVACY
Custody and Control of Data
1. Purpose
The purpose of this Schedule is to: (a) enable the Customer to comply with its statutory
obligations under the Act with respect to personal information; and (b) ensure that the Service
Provider is aware of and complies with its statutory obligations under the Act with respect to
personal information.
2. Definitions
“Act” means the Freedom of Information and Protection of Privacy Act (British Columbia),
as amended from time to time.
“Associate” has the meaning specified in the Act.
“Authorized Site” means Service Provider’s head office in British Columbia or at such other
location in Canada as may be approved in writing by the Customer.
“Agreement” means the Agreement to which the Schedule is appended.
“Commissioner” means the BC Information and Privacy Commissioner appointed under the
Act.
“Conflicting Foreign Order” means any order, subpoena, directive, ruling, judgement,
injunction, award or decree, decision, request or other requirement issued from a foreign
court, agency of a foreign state or other authority outside Canada or any foreign legislation
the compliance with which would likely render the Customer or its employees in non-
compliance with the Act.
“Contact Information” means information to enable an individual at a place of business to
be contacted and includes the name, position name or title, business telephone number,
business address, business email or business fax number of the individual.
“Customer” means Vancouver Island Health Authority.
“Foreign Access Conditions” means:
(i) the Service Provider must ensure that such access is limited to temporary access and
storage for the minimum time necessary for the Permitted Purpose; and
(ii) if such access is for the Permitted Purpose of data recovery, the Service Provider
must ensure such access is limited to access and storage only after the system failure
has occurred.
“Permitted Purpose” means access to Records containing Personal Information that is
necessary for:

(i) installing, implementing, maintaining, repairing, trouble-shooting or upgrading an
electronic system used by the Customer or by the Service Provider to provide services
to the Customer pursuant to the Agreement, or any equipment that includes an
electronic system used by the Customer or by the Service Provider to provide services
to the Customer or by the Service Provider to provide services to the Customer
pursuant to the Agreement; or
(ii) recovery of data (including Personal Information) undertaken following the failure of
an electronic system used by the Customer or by the Service Provider to provide
services to the Customer.
“Personal Information” means recorded information about an identifiable individual, other
than contact information, collected or created by the Service Provider or otherwise held on
behalf of the Service Provider as a result of the Agreement or any previous agreement
between the Customer and the Service Provider dealing with the same subject matter as the
Agreement but excluding any such information that, if this Schedule did not apply to it,
would not be under the “control of a public body” within the meaning of the Act.
“Personnel” means any employees, agents, representatives or Associates of the Service
Provider who provide the Services or to whom access is made available to Personal
Information for the purposes of fulfilling the Service Provider’s obligations under the
Agreement.
“Access Agreement” means an agreement between Personnel and the Service Provider
requiring the security of Personal Information.
“Record” includes books, documents, maps, drawings, photographs, letters, vouchers, papers
and any other thing on which information, including Personal Information, is recorded or
stored by graphic, electronic, mechanical or other means, but does not include a computer
program or any other mechanism that produces records.
“Service Provider” has the meaning set out on page one of this Agreement.
“Schedule” means this Privacy Schedule, as may be amended from time to time.
3. Interpretation
In this Schedule, references to sections by number are to sections of this Schedule unless
otherwise specified in this Schedule.
4. Service Provider Subject to the Act

(a) The Service Provider must in relation to Personal Information comply with: (a) the
requirements of the Act applicable to the Service Provider, including any applicable order
of the Commissioner under the Act; and (b) any direction given by the Customer under
this Schedule. If the Customer learns of a Commissioner order applicable to the Service
Provider’s services, it will notify the Service Provider.
(b) The Service Provider acknowledges that it is familiar with the requirements of the Act
governing Personal Information that are applicable to it as a service provider.
5. Collection of Personal Information

(a) Unless the Agreement otherwise specifies or the Customer otherwise directs in writing,
the Service Provider may only collect, create or hold, on behalf of the Customer, Personal
Information that is necessary for the performance of the Service Provider’s obligations,
or the exercise of the Service Provider’s rights, under the Agreement.
(b) The Service Provider may only collect Personal Information if expressly authorized by
the Agreement. Where authorized to do so, and unless the Agreement otherwise specifies
or the Customer otherwise directs in writing, the Service Provider shall: (i) collect
Personal Information directly from the individual the information is about; and (ii) tell an
individual from whom the Service Provider collects Personal Information the purpose for
collecting it; the legal authority for collecting it; and the title, business address and
business telephone number of the person designated by the Customer to answer questions
about the Service Provider’s collection of Personal Information.
6. Accuracy of Personal Information
Where applicable to the Services provided by the Service Provider pursuant to the
Agreement, the Service Provider shall make every reasonable effort to ensure the accuracy
and completeness of any Personal Information that comes into their custody pursuant to this
Agreement and which may be used by the Service Provider or the Customer to make a
decision that directly affects the individual the information is about.
7. Receiving Requests for Access or Correction to Personal Information
If a request is received under the Act for access to, or correction of, Records that are in the
custody of the Service Provider but under the control of the Customer, the Service Provider
must promptly advise the person to make the request to the Customer and if the Customer has
advised the Service Provider of the name or title and contact information of an official of the
Customer to whom such requests are to be made, the Service Provider must also promptly
provide that official’s name or title and contact information to the person making the request.
The Service Provider must provide the Records to the Customer for management by the
Customer’s Information and Privacy Officer. This shall occur within a reasonable time
frame to enable the Customer to comply with the Act. If a request is permitted by the Act,
the Service Provider shall be responsible for providing the Records at the Service provider’s
expense to the Customer. If the Service Provider is expressly authorized by the Agreement
to manage the request for correction of records, the Service Provider shall do so in
accordance with Section 8 of this schedule.
8. Correction of Personal Information
The Service Provider may only correct Personal Information f expressly authorized by the
Agreement. Where authorized to do so, and unless the Agreement otherwise specifies or the
Customer otherwise directs in writing:
(a) Within 5 business days of receiving a written direction from the Customer to correct or
annotate any Personal Information, the Service Provider must annotate or correct the
information in accordance with the direction.

(b) When issuing a written direction under paragraph (a), the Customer must advise the
Service Provider of the date the correction request to which the direction relates was
received by the Customer in order that the Service Provider may comply.
(c) Within 5 business days of correcting or annotating any Personal Information, the Service
Provider must provide the corrected or annotated information to any party to whom,
within one year prior to the date the correction request was made to the Customer, the
Service Provider disclosed the information being corrected or annotated.
9. Control or and Rights in the Record
All right, title and interest in, and control and custody of, all Records shall remain with the
Customer. No interest or any right respecting the Record, other than as expressly set out
herein, is granted to the Service Provider under this Schedule, by implication or otherwise. If
Personal Information is collected by the Service Provider and transmitted to the Customer,
such Personal Information is deemed to be under the control of the Customer.
10. Access to and Use of Personal Information

(a) The Service Provider is hereby granted temporary access to Personal Information
pursuant to the terms and conditions of this Schedule, for the sole and express purpose of
fulfilling its obligations under the Agreement and for no other use or purpose except as
required to comply with any Canadian statutory or other legal requirement, including an
Order of a Canadian Court, although any disclosure of Personal Information remains
subject to Section 12 of this Schedule. The Service Provider shall not copy or reproduce
any written materials containing Personal Information without the Customer’s prior
written consent as defined in the Terms and Conditions. Notwithstanding the foregoing,
the Service Provider may access Records containing Personal Information for a Permitted
Purpose. However, if Records containing Personal Information are disclosed outside of
Canada or accessed from outside of Canada, the Service Provider must comply with the
Foreign Access Conditions.
(b) The Service Provider shall not take any action to obtain access of any kind to any
Personal Information from any location outside of Canada except for a Permitted Purpose
or as permitted by the Act and then only subject to the Foreign Access Conditions and
such other processes and access controls as may be imposed by the Customer.
(c) Except as otherwise permitted under this Schedule, the Service Provider shall not
remove, physically, electronically or in other manner whatsoever from the authorized
premises of the Customer, any Personal Information, without the Customer’s prior
written consent. Except as otherwise permitted under this Schedule, the Service Provider
shall not store any Personal Information or permitted back-up copies of the Personal
Information off-site unless expressly authorized by Customer. Where authorized, Service
Provider must store back-up records off-site in Canada under conditions that are the same
as or better than on-site storage conditions for original Records.
(d) The Service Provider will ensure that only Personnel who have entered into an Access
Agreement may access the Personal Information. Unless approved by the Customer, the

Service Provider may not enter into any form of a Personal Information sharing
relationship with any other party.
11. Return or Destruction of the Record Upon Request

(a) Unless the Agreement otherwise specifies, the Service provider must retain Personal
Information until directed by the Customer in writing to dispose of it or deliver it as
specified in the direction. Upon the request of the Customer for any reason whatsoever,
and unless required to do otherwise in order to comply with any Canadian statutory or
other legal requirement, including an Order of a Canadian Court, although any disclosure
of Personal Information remains subject to Section 12 of this Schedule, the Service
Provider shall deliver to the Customer or destroy promptly, according to the Customer’s
instructions, all documents or other Records in any form or format whatsoever in the
Service Provider’s possession constituting or based upon Personal Information and shall
confirm that delivery or destruction to the Customer in writing. If, for any reason, the
Service Provider fails to return or destroy any Record in accordance with this Section 11,
the Service Provider’s obligations pursuant to this Schedule will continue in full force
and effect.
(b) In the event of destruction of electronic Personal Information by the Service Provider, the
following instructions shall be adhered to:
(i) Personal Information erasure may be accomplished by software erasure (where
feasible) or by physical destruction of the media;
(ii) Software erasure must be at a minimum to US DoD standard 5220.22-M (this
standard is achievable through a number of products such as Norton WipeInfo);
(iii) Physical destruction of paper media can be done by burning, by crosscut shredding,
or by pulping;
(iv) Physical destruction of disc media can be done by use of tools such as hammers, band
saws, or drills in order to render the device no longer useable; and
(v) Some media such as diskettes can be run through a degausser in order to render them
no longer readable.
12. Disclosure to Third Parties
Except as specifically permitted by the Customer in writing, the Service Provider shall not
disclose and shall not allow any Personnel to disclose in any manner whatsoever any
Personal Information to any person, firm or corporation without the prior written consent of
the Customer. The Service Provider agrees that such consent shall only be provided if such
disclosure is permitted under the Act and the third party agrees, in writing, to be bound by
the Act. If the Service Provider or anyone to whom the Service Provider transmits Personal
Information pursuant to a Permitted Purpose, becomes legally compelled or otherwise
receives a demand to disclose Personal Information other than as permitted by the Act,
including without limitation pursuant to any Conflicting Foreign Order, the Service Provider
will not do so unless: (a) the Customer has been notified; (b) the parties have appeared

before a Canadian Court; and (c) the Court has ordered the disclosure. Unauthorized
disclosure is subject to penalties under the Act.
13. Privacy Representative
If required by the Customer, immediately upon execution of the Agreement the Service
Provider shall appoint a representative to be responsible for the Service Provider’s
compliance with this Schedule and the Act (the “Privacy Representative”). The Service
Provider shall grant its Privacy Representative sufficient authority to communicate and
execute documents on behalf of the Service Provider as may be required from time to time
for this purpose. The Service Provider shall promptly provide the Customer with the name of
its Privacy Representative and shall promptly notify the Customer of any change of its
Privacy Representative.
14. Notice of Breach

(a) If for any reason the Service Provider does not comply, or anticipates that it will be
unable to comply, with a provision in this Schedule in any respect, the Service Provider
must promptly notify the Customer of the particulars of the non-compliance or
anticipated non-compliance and what steps it proposes to take to address, or prevent
recurrence of the non-compliance or anticipated non-compliance.
(b) The Service Provider shall notify the Customer immediately of the disclosure of Personal
Information to any person or entity not authorized by the Agreement to have such
Personal Information, including full details of such disclosure. The Service Provider
shall co-operate with the Customer in preventing the recurrence of such disclosure and to
the extent feasible, in recovering the disclosed Personal Information, including any
copies thereof.
15. Personnel Bound by the Act

(a) The Service Provider and the Customer hereby further acknowledge and agree that in
order to fulfill its obligations under the Agreement or in connection with a Permitted
Purpose it may be necessary for the Service Provider to grant to Personnel access to
Personal Information. The Service Provider hereby agrees that:
(i) it shall only make Personal Information available to Personnel to the extent it is
necessary for the purpose of fulfilling the Service Provider’s obligations under the
Agreement and for a Permitted Purpose;
(ii) it shall not make Personal Information available to any Personnel while any such
persons are physically located outside of Canada, except for a Permitted Purpose
under the Foreign Access Conditions or as permitted by the Act;
(iii) if and whenever requested by the Customer, the Service Provider shall cause each of
the Personnel providing services on behalf of the Service Provider under the
Agreement to enter into an Access Agreement, in a form and substance acceptable to
the Customer wherein the Personnel agree, among other things, to comply with the
requirements of all applicable laws including in particular the requirements of the Act
as if that person were originally bound by the Act; and

(iv) the customer is granted the right to demand that the Personnel who breached the
obligation be removed from the provision of services pursuant to the Agreement.
The Service Provider shall be required to renew and refresh any or all such agreements
from time to time at the reasonable request of the Customer.
(b) The Service Provider shall properly advise each of the Personnel providing services
under the Agreement of the requirements of the Service Provider under this Schedule and
the Act. If requested by the Customer, the Service Provider shall provide and conduct
specific ongoing training for all such individuals in form and substance reasonably
satisfactory to the Customer. The Service Provider acknowledges its obligations and, to
the extent legally permissible, will address any non-compliance with this Agreement, by
their staff, at their discretion.
(c) Notwithstanding the foregoing, the Service Provider specifically assumes all
responsibility for the Personnel and for the breach by any of them of any provision of the
Act or this Schedule. The Service Provider hereby agrees to defend, indemnify and hold
harmless the Customer, and its directors and officers from and against any and all loss,
cost, liability or expense suffered or incurred by the Customer, and its directors, officers,
employees or representatives or any of them with respect to any breach or alleged breach
by the Service Provider of any of its covenants or obligations under this Schedule, or its
non-compliance with the provisions of the Act.
(d) The Service Provider shall, upon request by Customer, provide a copy of the access
agreement, the process for executing the agreements and the list of staff associated with
the client’s project or initiative who have signed the agreement within the last 12 months.
16. Subcontractors
Any reference to the Service Provider in this Schedule includes any subcontractor or agent
retained by the Service Provider to perform obligations under the Agreement and the Service
Provider must ensure that any such subcontractors and agents comply with this Schedule.
17. Audit and Inspection
In addition to any other rights of inspection the Customer may have under the Agreement or
under statute, the Service Provider shall permit the Customer and/or its representatives and
agents to conduct periodic audits of Records related to performance by the Service Provider
and the Personnel and permitted subcontractors, if any, of the Service Provider’s obligations
under this Schedule. The Customer may, at any reasonable time and on reasonable notice to
the Service Provider, enter on the Service Provider’s premises to inspect any Personal
Information in the possession of the Service Provider or any of the Service Provider’s
information management policies or practices relevant to its management of Personal
Information or its compliance with this Schedule and the Service Provider must permit, and
provide reasonable assistance to, any such inspection.
18. Default

(a) In addition to any other rights of termination which the Customer may have under the
Agreement or otherwise at law, the Customer may, subject to any provisions in the
Agreement establishing mandatory cure periods for defaults by the Service Provider,
terminate the Agreement by giving written notice of such termination to the Service
Provider, upon any failure of the Service Provider to comply with this Schedule in a
material respect.
(b) Without limiting the generality of the foregoing, the Service Provider agrees that in
addition to any other rights or remedies the Customer may have for material breach of
this Schedule, the Customer has the right to an injunction or other equitable relief in any
court of competent jurisdiction enjoining a threatened or actual material breach of this
Schedule by the Service Provider.
19. Termination
(a) Upon the expiration or earlier termination of the Agreement, the Service Provider shall
promptly return to the Customer or destroy promptly, according to the Customer’s
instructions, all Records in the Service Provider’s possession pursuant to the Agreement,
whether created by the Service Provider or by others, constituting or based upon Personal
Information and shall confirm that delivery or destruction to the Customer in writing.
(b) In the event of a change to the Act or any other applicable privacy legislation or the
issuance of a directive or policy by the government of the Province of British Columbia
or a finding or report by the Commissioner, such that the Customer reasonably considers
that the terms and conditions of the Agreement for the protection of Personal Information
are deficient, the Customer and the Service Provider will enter into good faith
negotiations in an effort to cure any deficiency and agree to new or amended terms of the
Agreement such that it is no longer deficient. Should such negotiations fail, the Customer
may terminate all or any portion of the Agreement in accordance with the termination
requirements in the Agreement, upon provision of written notice to the Service Provider
or upon such other future date as the Customer may specify in writing in such notice.
20. No Withholding
The Service Provider shall not be entitled to, and hereby waives any and all right to, withhold
any Personal Information from the Customer to enforce any alleged payment obligation or in
connection with any dispute relating to the terms of the Agreement or any other matter
between the Customer and the Service Provider.
21. Investigation
The Service Provider shall co-operate with any Customer investigation of a complaint that
the Customer’s Personal Information has been used contrary to the Act or this Schedule.
22. Storage and Access to Personal Information

The Service Provider shall maintain Personal Information only at an Authorized Site. Except
in relation to a Permitted Purpose under Foreign Access Conditions, no services that require
access to Personal Information shall be provided or performed by the Service Provider in any
location outside Canada and no Personal Information may be stored, transmitted or otherwise
made available in any manner or accessed from outside Canada and no person outside
Canada shall have access in any manner to Personal Information except as expressly
approved by the Customer in writing. The Service Provider will notify the Customer prior to
changing the Authorized Site.
23. Segregation of Data
The Service Provider shall take reasonable steps to ensure that all Personal Information is
securely segregated from any information owned by the Service Provider or third parties,
including access barriers, physical segregation, password authorization and public key
encryption systems. The Service Provider must store Personal Information on agreed-upon
media using techniques enabling access only by authorized persons, including encryption and
compression of Personal Information.
24. Protection of Personal Information
The Service Provider must protect Personal Information by making reasonable security
arrangements against such risks as unauthorized access, collection, use, disclosure or
disposal, including any expressly set out in the Agreement.
25. Paramountcy
(a) The Service Provider must comply with the provisions of this Schedule despite any
conflicting provision of this Agreement or, subject to section 25 (b), the law of any
jurisdiction outside Canada or any conflicting Foreign Order.
(b) Nothing in this Schedule requires the Service Provider to contravene the law of any
jurisdiction outside Canada unless such contravention is required to comply with the Act.
(c) The Service Provider acknowledges that the Customer is subject to the Act.
(d) The Service Provider shall immediately inform the Customer if the Service Provider or
any of the Personnel receive any Conflicting Foreign Order.
26. Survival
The obligations of the Service Provider in this Schedule will survive the termination of the
agreement.
27. Amendment
Upon enactment of any British Columbia law or regulation or amendment to such law or
regulation affecting the use or disclosure of Personal Information, or the publication of any

decision of a British Columbia court relating to such law or regulation, or the publication of
any interpretive policy or opinion of any government agency charged with the enforcement
of any such law or regulation, the Customer, by written notice to the Service Provider, may
specify the amendment of this Schedule in such manner as the Customer reasonably
determines necessary to comply with such law or regulation to the extent such law or
regulation is directly applicable and enforceable against the Service Provider. This provision
is additional to any rights of the Customer to terminate pursuant to Section 19(b) of this
Schedule.
28. Inconsistency
If a provision of the Agreement (including any direction given by the Customer under this
Schedule) conflicts with a requirement of the Act or an applicable order of the Commissioner
under the Act, the conflicting provision of the Agreement (or direction) will be inoperative to
the extent of the conflict. Where in the Customer’s reasonable opinion, there is ambiguity
regarding whether a provision conflicts, the conflicting provision will be inoperative to the
extent determined by the Customer. The Service Provider must comply with the provisions
of this Schedule despite any conflicting provision of this Agreement or the law of any
jurisdiction outside Canada.
29. Specific Covenants – Personal Information Handling
The Service Provider shall:

(a) take a physical inventory, at least annually, of all Personal Information, to identify any
losses;
(b) ensure that access systems require individual user identification to be unique and re-
authenticated each time access is made to the Personal Information ;
(c) implement appropriate controls for the issue, change, cancellation, and audit-process of
user identifications and authentication mechanisms;
(d) ensure authentication codes and passwords are confidential, are pseudo-random in nature
or vetted through a verification technique designed to counter triviality and repetition, are
no fewer than 6 characters in length, are one-way encrypted, are excluded from automatic
log-in procedures and are changed irregularly and at least semi-annually;
(e) maintain and implement formal procedures for terminated employees, agents,
representatives and Associates who have had access to Personal Information; and
(f) design and implement an automated, always-on auditing system which can be accessed
by the Customer to monitor access to and use of Personal Information, which system
creates an audit trail that automatically records the identity of anyone who accesses
Personal Information, recording the date and time of access, and which flags access or
access attempts that fall outside set criteria (e.g. access outside regular business hours).
30. Excluded Records

This Schedule does not apply to any information, documents or records that:

(a) do not contain Personal Information;
(b) relate solely to the Service Provider’s internal administration, finances or
management, unless they contain Personal Information about an individual other than
the Service Provider’s own employees, officers, directors, agents, service providers,
suppliers or contractors;
(c) relate solely to the Service Provider’s internal labour and employment matters, unless
they contain Personal Information about an individual other than the Service
Provider’s own employees, officers, directors, agents, service providers, suppliers or
contractors; or
d) the Customer and the Service Provider have expressly agreed in writing fall outside
the scope of this Schedule.

SCHEDULE G
WCB INSURANCE (M)
The Contractor will comply with the Workers' Compensation Act of the Province of British Columbia
and in particular will obtain and maintain during the Term the necessary coverage for the Contractor and
the Contractor's employees, and will, provide particulars of such coverage.
The following information is required for this contractor:
The Contractor’s WorksafeBC registration number is _____________________.

Appendix C: VIHA’s Current Standard Supported IM/IT Environment
INTENT OF THIS DOCUMENT

This document describes the standard technologies supported by VIHA IM/IT. The text may be used for
reference in Requests for Proposal (RFPs). The document should be maintained as a whole if inserted
into another document.
This is a living document, refreshed biannually. The most recently published version will be found at
https://intranet.viha.ca/departments/imit/Pages/standards_guidelines.aspx.
This document should only be presented along with the VIHA policies numbered under 16.4.2.
Validity: The statements in this document are valid as of January 1, 2011.

Expiry: This document should be considered obsolete after December 31, 2011.
A UTHENTICATION , A CCESS AND P RIVACY
1.1.1 AUTHENTICATION & ACCESS

• Microsoft Active Directory (Core Domain) Win 2003 Native Mode
• Microsoft ADAM, or LDAP (as required by application); Secure LDAP required for
authentication
• Microsoft Identity Integration Server (MIIS) (limited support)
• Microsoft Internet Security & Acceleration Server (ISA) 2006
• Single Sign-On using Citrix Password Manager
• RDP and Citrix Client through Web Interface for remote access
• SSL-VPN client (VIHA-owned laptops & tablets only)
• Remote access to desktops or laptops not permitted/supported
• Preference for SPMLv2 – compliant applications
1.1.2 CERTIFICATE SERVICES

• PKI through MS Certificate Authority (Windows Server 2003 R2) using custom v2
certificate templates
1.1.3 PRIVACY AND SECURITY STANDARDS

• See the policy documents under section 16.4.2 appended to this document
C LIENT D EVICES
1.1.4 DESKTOPS
• Standardized, organization wide HP desktops & Laptops
• Images custom designed for individual HP hardware configurations

o Configurations are reviewed and updated on a regular basis
o Screen standard of 1024 x 768
o Preferences for all local devices is USB – serial not always natively available
1.1.5 STANDARDIZED WORKSTATION SOFTWARE ENVIRONMENT (DESKTOP & LAPTOP/TABLET)

• Windows XP SP3
• Microsoft Office 2007
• IE 7
• Citrix Client 11
• RDP Client 6.0
• Cisco VPN client (tablets only)
• Adobe Reader 9.1.2
• Pathworks VT320
• Macromedia Flash Player 10.1
• Macromedia Shockwave 10
• Windows short-date format: DD-MMM-YYYY
• PointSec Hardware Encryption on laptops and tablets
• McAfee VirusScan Enterprise Version: 8.7.0i
• Group-policy managed desktop settings
1.1.6 MOBILE DEVICES

• Mobile devices must adhere to policy 16.4.2.5
• Blackberry OS 4.1 and higher
• All new devices must be pre-approved prior to being added to the Enterprise servers
1.1.7 DEPLOYMENT & SUPPORT TOOLS
1.1.7.1 Microsoft Systems Center Configuration Manager:

• Microsoft Updates deployment and management
• Core Software updates and large scale software package distributions
• Support Desk remote support
• Device Inventory
1.1.7.2 Altiris Deployment Solution:

• Standardized Operating system image and post configuration deployment for
workstations, Notebooks and servers.
• Software deployment at initial workstation and server deployment.

S ERVERS AND S TORAGE
1.1.8 SERVERS:
• Preference for Virtualized Servers running on VMware ESX 4.1
• Where physical server is required, standardized HP Servers;
• Standard O/S software and utilities;

o Windows 2008 R2 Standard or Enterprise Server (x64 preferred)
o Windows 2008 Standard or Enterprise Server (x64 preferred)
o Windows 2003 R2 Standard or Enterprise Server (x64 preferred) only to support
legacy applications
o NetBackup 7.0
o McAfee 4.5 EPO
o McAfee Antivirus Agent 8.7
o Diskeeper v2010
o VMware ESX Virtualization (VI 4.1)
o MS SCOM 2007 R2
o Console support via ILO, Terminal Services and Citrix
• All servers must be supportable in a lights-out facility
1.1.9 ENTERPRISE SYSTEMS

• VIHA back end systems consist of HP servers of a variety of models and operating systems.
For example, we currently have in production:
o Legacy Cluster with two AlphaServer ES47’s running OpenVMS 7.3-2 with the
following add-on products:
 Diskeeper for automated disk defragmentation
 Hitman for automated system monitoring (ie low disk alerts)
 ECP for performance monitoring
 ABS for system backups
 Multinet for TCP/IP networking

o Integrated Clinicals (ICS) consisting of HP Service Guard Clusters running HP-UX
on HP Integrity servers. In production there will be two HP AlphaServer rx8640’s
running HP-UX 11.31 with the following add-on products:
• Serviceguard clustering
• MirrorDisk/UX
• HP GlancePlus/UX
• Netbackup
• All systems are fibre connected via HP Director class SAN switches to HP and EMC SAN
storage:
• Tier 2 Storage (standard for clusters) on EVA 5000 @ 2Gbps or EVA 6000 @ 2
Gbps providing FC storage
• Tier 2 Storage (standard for clusters) on NS480 @ 4Gbps providing both FC and
NAS storage
• Tier 1 Storage (mission critical, high I/O) on XP24000 @ 4Gbps
1.1.9.1 Enterprise Server Models

• HP Integrity rx8640 Server * 4
• AlphaServer GS1280 * 2 (retired)
• AlphaServer GS160 * 2 (retired)
• AlphaServer ES47 * 2
• AlphaServer ES40 * 2
• AlphaServer DS20E * 2
1.1.9.2 Enterprise Storage

• HP StorageWorks XP24000 Disk Array * 2
• HP StorageWorks EVA6000 Disk Array * 2
• HP StorageWorks EVA5000 Disk Array * 3
• HP StorageWorks 4/256 SAN Director Switch * 4
• HP MSL6062 4 Drive LTO-4 Ultrium 1840 Tape Library * 4
• HP MSL6000 2 Drive SDLT2 Tape Library * 1
• HP MLS5052 2 Drive SDLT Tape Library * 2
IM/IT S ERVICES
1.1.10 COLLABORATION AND WEB SERVICES

• WS28R2 64-bit OS only
• IIS 7.5 running 32-bit application pools standard, 64-bit pools supported; Integrated Mode
pools only (no Classic)
• .NET 2.0, 3.0, 3.5, 4.0 and ASP are supported
• Application delivery is through a combination of Cisco ACE load balancing, Microsoft
Application Request Routing, and load-balanced web farm.
• No vendor access to web servers

• Web apps are hosted under apps.viha.ca URL but don’t necessarily have to reside on the
same farm
• SSL is required; Port 80 connections are not supported
• NTLM authentication is standard; forms-based authentication under special circumstances;
• Basic and Digest authentication not supported
• Native support of MS SQL
1.1.11 PRINTERS
• Business (and some clinical) application printing for Windows is available to a variety of
HP laser printers via server-based print queues hosted on a Windows 2008 R2 Active-
Passive print cluster.
• Cerner-based clinical application printing for Windows is available to a variety of HP laser
printers via server-based print queues hosted on a Windows 2003 R2 Active-Passive print
cluster.
• HPUX printing to certain devices is available through managed HPUX server print queues
used for printing clinical data direct from HPUX applications.
• The list of currently supported HP print and MFP devices is as follows:
o HP LaserJet P3015x
o HP LaserJet P4015x
o HP LaserJet 9050dn
o HP Color LaserJet CP3525x
o HP Color LaserJet CP4525dn
o HP Color LaserJet CP6015x
o HP LaserJet M3035xs mfp
o HP LaserJet M4345x mfp
o HP LaserJet M9050mfp
o HP Color LaserJet CM3530fs mfp
o HP Color LaserJet CM4730fsk mfp
o HP Color LaserJet CM6040f mfp
• HPUX printing available through managed HPUX server print queues pointing to certain
printers (not all printers have been set up with queues in HPUX ) used for printing clinical
data direct from HPUX applications.
1.1.12 NETWORK
• There are approximately 175 sites connected to the VIHA network.
• The medium to larger sites are typically connected via Telus Metro WAN services at
bandwidths of either 1.5, 10, 100 or 1000 Mbps.
• The smaller sites are typically connected via hardware VPN services using broadband ISP
services.
• The LAN infrastructure is typically configured with either 1 or 10 Gbps backbones and
10/100 Mbps access ports.

• A wireless LAN infrastructure has been deployed at some of the largest acute care sites,
supporting the 802.11a/b/g protocols.
• Approximately 15,000 devices are connected to the VIHA network. Connected devices
include desktops, laptops, printers, MFPs, auto-analyzers, CTs, MRIs, videoconferencing
systems, VoIP phones and related infrastructure, voicemail systems, card access systems,
building management systems, various alarms systems and a variety of others.
• The network infrastructure is constructed using a variety of Cisco products, including Cisco
switches, routers, firewalls, VPN concentrators, VoIP Call Managers, WLAN controllers,
wireless access points, network authentication servers, etc.
• The network infrastructure is QoS (Quality of Service) aware, with marking and queuing
based on pre-defined types of application traffic.
• The network is configured with multiple VLANs, with assignment of specific devices or
applications to certain VLANs based on either QoS or security considerations.
• The network infrastructure supports only one device (MAC address) per access port
• The network infrastructure provides for routed TCP/IP communications between devices.
• The VIHA network has connectivity to the other BC Health Authority networks via an eNG
(eHealth Network Gateway) service.
1.1.13 WIRELESS LAN

• The VIHA wireless LAN infrastructure has been deployed at a number of acute care
facilities and some smaller sites.
• Wireless deployment is intended for in-building coverage only.
• Not all areas within the buildings of sites having wireless are covered (such as mechanical
or electrical spaces, elevators and stairwells).
• The WLAN infrastructure uses Cisco WLCs (Wireless LAN Controllers), LWAPs
(Lightweight Access Points) and WCS (Wireless Control System).
• The WLAN supports all of the 802.11 a/b/g protocols.
• The infrastructure is configured with multiple WLANS used to support a variety of
computing and communications devices.
1.1.14 COLLABORATION AND WEB SERVICES

• WS28R2 64-bit OS only
• IIS 7.5 running 32-bit application pools standard, 64-bit pools supported; Integrated Mode
pools only (no Classic)
• .NET 2.0, 3.0, 3.5, 4.0 and ASP are supported
• Application delivery is through a combination of Cisco ACE load balancing, Microsoft
Application Request Routing, and load-balanced web farm.
• No vendor access to web servers
• Web apps are hosted under apps.viha.ca URL but don’t necessarily have to reside on the
same farm
• SSL is required; Port 80 connections are not supported
• NTLM authentication is standard; forms-based authentication under special circumstances;
• Basic and Digest authentication not supported
• Native support of MS SQL

A PPLICATION M ANAGEMENT S ERVICE S UPPORTED C ONFIGURATIONS
1.1.15 INTEGRATION AND INTERFACES

• Interface Engines Supported:
o Cloverleaf Interface
o Sybase eBiz
o Mirth
o Cerner OpenPort
• Messaging Standards Supported:
o HL7 v. 2.2 to 2.5
 ADT
 Orders
 Results
• Transport Protocols Supported:
o FTP internally, secure FTP externally
o TCP/IP
o HTTPS
• Integration Standards Supported:
o CCOW (note: VIHA does not have a CCOW server)
o SALM
1.1.16 DATABASE ENVIRONMENTS

• Oracle Version 10g
• Microsoft SQL Server 2005 SP1, 2008, 2008 R2
1.1.17 REPORTING TOOLS

• Microsoft Reporting Services (SQL) 2005, 2008, 2008 R2
• Crystal Reports Version XI
• Cognos Version 8.
1.1.18 MAIN APPLICATION ENVIRONMENTS

• Clinical – Cerner Millenium (Cerner Corporation) and PARIS Community Care System
(In4Tek Corp)
• Business – MediTech (Medical Information Technology, Inc.), ESP (Kronos Corporation)
1.1.19 DEVELOPMENT LANGUAGES SUPPORTED:

• Microsoft .Net
• Perl
• Java
1.1.20 SERVICE LEVELS

• Platinum Service – 100% business hours uptime 7X24 support including service request
facilitation

o Fully redundant production environment with no single points of failure in the
architecture and/or downtime/failover capabilities allowing for continued
automation of workflows with minimal manual intervention required to recover the
system and system data.
o Platinum service not available where solution architecture/technology prevents
achievement of 100% uptime target.
o Separate production, test and development environments
• Gold Service – 99.94% business hours uptime target, 7X24 break/fix support, client
business hour service request facilitation
o Architecture appropriate to uptime target (4 hours of planned downtime per month
for 7X24 systems)
o Separate test environment that duplicates core production architecture
o Separate development environment if VIHA responsible for development
• Silver Service – 99.94% client business hours uptime target, client business hours break/fix
support, IMIT business hours service request facilitation (6am to 6pm M-F)
o Architecture appropriate to uptime target
• Bronze Service – 99.94% regular business hours uptime target (M-F 8am-5pm), regular
business hour break/fix and service request support
General Standards in Scope for all Solutions:

• Application Services – runnable under OS system account
• Monitoring – all production components hardware/software monitored and alerted on.
Response appropriate to Service level.
• Security – systems must have the capability to capture/audit end user interaction with the
system.
• Systems need to have multi-factor authentication consisting of a minimum a username and
strong password as per the VIHA strong password guidelines.
• Privacy – access to system information needs to be configurable/lockable such that end user
access/views of the information comply with VIHA privacy regulations.
• Security and Privacy – Foreign systems receiving/processing information originating from
the VIHA enterprise systems must support the same level of information security and
privacy as applied to the information in the source system.
• Web, 3 tier, service oriented architectures are desirable for ease of deployment and
management. Ability to run under Citrix is preferred.
• Documentation – architecture is fully documented

Appendix D
Relevant IM-IT Security Policies under policy # 6.2
16.4.2.1P Security of Electronic Information

16.4.2.2P Security of Health Records N/A
16.4.2.3P Acceptable Use of Assets and Resources
16.4.2.4P Remote Access
16.4.2.5P Mobile Computing
16.4.2.6 Remote Assistance and Session Sharing for Support Purposes
Policies attached as separate documents to this RFP.

Confidential Reporting Service Request For Proposal

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Confidential Reporting Service Request For Proposal

Uploaded by

Copyright:

Available Formats

Request for Proposal

Confidential Reporting Service

VIHA Contact Person Closing time and location

Legal Name of Proponent, and Doing Business As Name If

Printed Name: Address:

RFP Template >$75,000 – May, 2010

A. REQUIREMENTS AND RESPONSE 2

B. DEFINITIONS AND ADMINISTRATIVE REQUIREMENTS 7

APPENDIX A RECEIPT CONFIRMATION FORM 8

APPENDIX B CONTRACT FORM 9

A. REQUIREMENTS AND RESPONSE

1. VIHA S ITUATION /O VERVIEW

Facts & Figures:

The Confidential Reporting Service will:

3. P ROJECT S COPE AND R EQUIREMENTS

3.1 OVERVIEW OF REQUIREMENTS

CP&S Consulting/Professional Services – Long Form – September 28, 2010 3 of 45

The successful proponent will:

The technical solution must:

3.2 W ORK B REAKDOWN

CP&S Consulting/Professional Services – Long Form – September 28, 2010 4 of 45

3.3 BC S HARED S ERVICE O RGANIZATION

3.4 R ELATED C ONSIDERATIONS

CP&S Consulting/Professional Services – Long Form – September 28, 2010 5 of 45

3.5 O THER R EQUIREMENTS

4.1 M ANDATORY C RITERIA

4.2 D ESIRABLE C RITERIA

CP&S Consulting/Professional Services – Long Form – September 28, 2010 6 of 45

4.3 P RODUCT D EMONSTRATION

4.4 S ITE V ISITS

The following format, sequence, and instructions should be followed in order to

The solution must be documented according to the following outline:

CP&S Consulting/Professional Services – Long Form – September 28, 2010 7 of 45

5.3 PRICING QUOTE

5.4 ADDITIONAL REQUIREMENTS

CP&S Consulting/Professional Services – Long Form – September 28, 2010 8 of 45

CP&S Consulting/Professional Services – Long Form – September 28, 2010 9 of 45

Confidential Reporting Service

Mr. Jim Dempsey

Phone number: Facsimile number:

CP&S Consulting/Professional Services – Long Form – September 28, 2010 10 of 45

STANDARD AGREEMENT PROFESSIONAL SERVICES

Vancouver Island Health Authority (Enter Contractor’s Name)

(the “VIHA”) (the “Contractor”)

At the following address: At the following address:

IN CONSIDERATION of the mutual covenants hereinafter appearing, the parties agree as

CP&S Consulting/Professional Services – Long Form – September 28, 2010 11 of 45

CP&S Consulting/Professional Services – Long Form – September 28, 2010 12 of 45

14. Intentionally Deleted

CP&S Consulting/Professional Services – Long Form – September 28, 2010 13 of 45

Indemnity, Insurance and Liability:

Assignment and Sub-contracting:

CP&S Consulting/Professional Services – Long Form – September 28, 2010 14 of 45

32. The VIHA may terminate this Agreement:

CP&S Consulting/Professional Services – Long Form – September 28, 2010 15 of 45

38. Time is of the essence in this Agreement.

CP&S Consulting/Professional Services – Long Form – September 28, 2010 16 of 45

44. No amendment, supplement, restatement or termination of any provision of this Agreement is

CP&S Consulting/Professional Services – Long Form – September 28, 2010 17 of 45

SIGNED AND DELIVERED on behalf of SIGNED AND DELIVERED by or on behalf

Authorized Representative: (signature) Contractor or Authorized Signatory:

Authorized Representative: (print name) Contractor or Authorized Signatory:

Authorized Representative: (print title) Contractor or Authorized Signatory: