(1) Vendor needs to provide asset verification services and solution.
- A software solution, support, and maintenance of a Medicaid Asset Verification System to identify assets held at various Financial Institutions by Medicaid applicants and beneficiaries.
- Establishment of a comprehensive network of Financial Institutions (FIs).
- Implementation and operation of an electronic Asset Verification System (AVS).
- Tracking and reporting of verification activity.
- Manuals and training on system use with a Train-the-Trainer framework.
- Deliverables and milestones
1. Vendor Asset Verification Requests
- Implementation of electronic asset verification requests. The format for these requests must, at minimum, include the cross-platform XML data exchange format.
- A single web service request will potentially contain multiple requests for verification for distinct individuals (bundling or batching).
- Transactions with the web service between agency and the Contractor will be conducted using secure SSL encryption technology to ensure protection of sensitive data; and
2. Contractor to FI Communication
a. The technologies and processes selected for communication between the Contractor and the various should be selected and implemented with the following factors in mind:
- Compliance with federal, state, and local regulations related to the financial industry and consumer information.
-. Implementation of secure technologies and processes to protect the sensitive financial information being exchanged; and
- Asset Verification Responses:
- Upon aggregation of the asset information from the various FI's, the Contractor must send a response file to agency containing the requested information and documentation that the search was conducted but no assets held or managed by the FI.
- The Contractor shall ensure that designated users from agency may only access the system.
- The Contractor shall ensure that any sensitive information made available in any format shall be used only for the purpose of carrying out the provisions of this contract.
- The Contractor shall provide adequate internal controls through separation of duties.
- The Contractor shall provide backup procedures to allow agency access when the Contractor's computer, system or communications are not operational.
- The Contractor shall move to a backup system within thirty (30) minutes of system disruption.
- The Contractor shall maintain adequate documentation of system operating procedures, and requirements.
- The Contractor shall provide agency a security features user guide to describe the security features provided by the system, how to use them and how they interact with one (1) another.
- The Contractor shall ensure that the application that enforces access controls is continuously protected against tampering and/or unauthorized changes.
- System shall support secure data exchange between multiple clients as defined by agency Security as referenced in Standard IT Requirements and Compliance with NIST 800-53 v5 (or subsequent versions) and at the Moderate level at a minimum.
(2) All questions must be submitted no later than June 28, 2023.
(3) The contract period will be for one year.
↧